End-of-Shift report
Timeframe: Mittwoch 19-04-2017 18:00 − Donnerstag 20-04-2017 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
DFN-CERT-2017-0683/">GnuTLS: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0683/
Cisco Security Advisories
Cisco ASA Software DNS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns
Cisco Unified Communications Manager Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm
Cisco Prime Network Registrar DNS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-prime-dns
Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp
Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort
Cisco FindIT Network Probe Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-findit
Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise
Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cpi
Cisco Integrated Management Controller Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3
Cisco Integrated Management Controller User Session Hijacking Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1
Cisco Integrated Management Controller Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc
Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth
Cisco ASA Software SSL/TLS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls
Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-norm
Cisco ASA Software IPsec Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec
Bereiten Sie sich schon 2017 auf die Datenschutz-Grundverordnung vor: Wichtige Fragen
Die neue Datenschutz-Grundverordnung wird in diesem Jahr in vielen Branchen bei Entscheidungen zu Sicherheitslösungen eine wichtige Rolle spielen. Die Höhe der möglichen Geldbußen ..
https://securingtomorrow.mcafee.com/languages/german/bereiten-sie-sich-schon-2017-auf-die-datenschutz-grundverordnung-vor-wichtige-fragen/
Drupal Core - Critical - Access Bypass - SA-CORE-2017-002
https://www.drupal.org/SA-CORE-2017-002
Organizations are not effectively dealing with open source security threats
Black Duck conducts hundreds of open source code audits annually, primarily related to Merger & Acquisition transactions. Its Center for Open Source Research & Innovation ..
https://www.helpnetsecurity.com/2017/04/20/open-source-security-threats/
DNS Query Length... Because Size Does Matter, (Thu, Apr 20th)
In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass securitycontrols. DNS tunnelling is a common way to establish ..
https://isc.sans.edu/diary.html?storyid=22326
Malware: Schadsoftware bei 1.200 Holiday-Inn- und Crown-Plaza-Hotels
Wer im vergangenen Jahr auf Geschäftsreise oder im Urlaub in den USA gewesen ist, sollte seine Kreditkartenabrechnungen prüfen: Zahlungsterminals zahlreicher ..
https://www.golem.de/news/malware-schadsoftware-bei-1-200-holiday-inn-und-crown-plaza-hotels-1704-127391.html
Spyware Disguised as System Update Survived on Play Store for Almost Three Years
An Android app named "System Update" that secretly contained a spyware family named SMSVova, survived on the official ..
https://www.bleepingcomputer.com/news/security/spyware-disguised-as-system-update-survived-on-play-store-for-almost-three-years/
[R2] Tenable Appliance 4.5.0 Fixes Multiple Vulnerabilities
On 2017-04-18, security researcher "agix" published an exploit for the remote command execution flaw (VulnDB 153135). As such, customers are more strongly encouraged to upgrade immediately.
https://www.tenable.com/security/tns-2017-07
Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)
In the last few months, I have been testing several Trend Micro products with Steven Seeley (@steventseeley). Together, we have found more than 200+ RCE (Remote Code Execution) vulnerabilities ..
http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html
Stealing sensitive browser data with the W3C Ambient Light Sensor API
In this post we describe and demonstrate a neat trick to exfiltrate sensitive information from your //
https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
Combating a spate of Java malware with machine learning in real-time
In recent weeks, we have seen a surge in emails carrying fresh malicious Java (.jar) malware that use new techniques to evade antivirus protection. But with our research team’s automated expert ..
https://blogs.technet.microsoft.com/mmpc/2017/04/20/combating-a-wave-of-java-malware-with-machine-learning-in-real-time/
Browser-Updates für Chrome und Firefox stopfen kritische Lücken
Sowohl Google als auch Mozilla haben kritische Sicherheitslücken in ihren Web-Browsern gestopft. Diese können von Angreifern für Drive-By-Attacken missbraucht werden.
https://heise.de/-3689571
Abusing NVIDIAs node.js to bypass application whitelisting
Application WhitelistingApplication whitelisting is an important security concept which can be found in many environments during penetration testing. The basic idea is to create a ..
http://blog.sec-consult.com/2017/04/application-whitelisting-application.html
DNSSEC: ISC läutet Schlüsseltausch für BIND9 ein
Das Update ist für alle BIND9-Betreiber wichtig, die die Software zum Validieren von signierten DNS-Antworten einsetzen, aber kein automatisches Schlüssel-Update eingerichtet haben.
https://heise.de/-3689170