End-of-Shift report
Timeframe: Mittwoch 03-05-2017 18:00 − Donnerstag 04-05-2017 18:00
Handler: Olaf Schwarz
Co-Handler: Petr Sikuta
Co-Handler: Robert Waldner
Researcher: "Baseless Assumptions" Exist About Intel AMT Vulnerability
Embedi, which is behind the Intel AMT vulnerability revealed Monday, seeks to clarify "baseless assumptions" being made about the flaw.
http://threatpost.com/researcher-baseless-assumptions-exist-about-intel-amt-vulnerability/125390/
Intel-ME-Sicherheitslücke: Erste Produktliste, noch keine Updates
Zu der am 1. Mai von Intel gemeldeten Sicherheitslücke in der Management Engine (ME) gibt es einige neue Informationen, aber noch keine Updates.
https://heise.de/-3703356
WordPress 4.6 Unauthenticated Remote Code Execution (RCE) PoC Exploit
This advisory reveals details of exploitation of the PHPMailer
vulnerability (CVE-2016-10033) in WordPress Core which (contrary to what
was believed and announced by WordPress security team) was affected by the
vulnerability.
https://cxsecurity.com/issue/WLB-2017050014
Kazuar: Multiplatform Espionage Backdoor with API Access
Unit 42 researchers have uncovered Kazuar, a backdoor Trojan used in an espionage campaign.The post Kazuar: Multiplatform Espionage Backdoor with API Access appeared first on Palo Alto Networks Blog.
http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/
A set of tutorials about code injection for Windows.
Injectopi is a set of tutorials that Ive decided to write down in order to learn about various injection techniques in the Windows environment.
https://github.com/peperunas/injectopi
Master-Fingerabdruck: Forscher können fast alle Smartphones entsperren
Mithilfe von Maschinenlernen Trefferquote von 65 Prozent erreicht - Aktuelle Scanner zu niedrig aufgelöst
http://derstandard.at/2000056971421
Checker ATM Security: Sicherheitslücke ermöglicht Übernahme von Geldautomaten
Eine Sicherheitslücke in einer Sicherheitslösung für Geldautomaten konnte von Angreifern ausgenutzt werden, um illegal Geld auszuzahlen. Der Hersteller beschwichtigt und hat einen Patch bereitgestellt.
https://www.golem.de/news/checker-atm-security-sicherheitsluecke-ermoeglicht-uebernahme-von-geldautomaten-1705-127638-rss.html
DFN-CERT-2017-0775/">LibTIFF: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes
Mehrere Schwachstellen in LibTIFF ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes, die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe und das Ausspähen von Informationen mit Hilfe speziell präparierter Bilddateien.
Betroffene Plattformen
Debian Linux 8.7 Jessie
Debian Linux 9.0 Stretch
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0775/
USB-Sticks: IBM liefert Installationsmedien mit Malware aus
Vom USB-Stick auf das Betriebssystem: Eine Schadsoftware verteilt sich von IBM-Produkten selbstständig. Betroffen sind die mitgelieferten Sticks mehrerer Storwize-Geräte. IBM rät, den USB-Stick zu formatieren oder gleich zu zerstören.
https://www.golem.de/news/usb-sticks-ibm-liefert-installationsmedien-mit-malware-aus-1705-127644-rss.html
Cisco Security Advisories
Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1
Cisco IOS XR Software Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ios-xr
Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme
Cisco Wide Area Application Services SMART-SSL Accelerator Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas
Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ftd
Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce
Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w2
Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cuc
Cisco TelePresence ICMP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp
Cisco CallManager Express Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme1
IBM Security Bulletins
IBM Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM QRadar Network Security XGS 7100 appliance (CVE-2016-8106)
http://www-01.ibm.com/support/docview.wss?uid=swg22002624
IBM Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM Security Network Protection XGS 7100 appliance (CVE-2016-8106)
http://www-01.ibm.com/support/docview.wss?uid=swg22002507
IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2017-5638)
http://www-01.ibm.com/support/docview.wss?uid=swg22001731
IBM Security Bulletin: Potential security vulnerability in WebSphere Application Server Administrative Console (CVE-2017-1137)
http://www-01.ibm.com/support/docview.wss?uid=swg21998469
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications
http://www.ibm.com/support/docview.wss?uid=swg22002517
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Network Controller (CVE-2016-7055)
http://www-01.ibm.com/support/docview.wss?uid=swg22002309
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Network Active Bypass (CVE-2016-7055)
http://www-01.ibm.com/support/docview.wss?uid=swg22002310
IBM Security Bulletin: Vulnerabilities in OpenSource ICU4C may affect IBM Streams (CVE-2016-6293, CVE-2016-7415)
http://www-01.ibm.com/support/docview.wss?uid=swg22002225
IBM Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-6153 )
http://www-01.ibm.com/support/docview.wss?uid=swg21996590
IBM Security Bulletin: Vulnerabilities in OpenSSL affect the BigFix Platform (CVE-2016-2177 CVE-2016-6304 CVE-2016-6305 CVE-2016-2182 CVE-2016-6306 CVE-2016-2183)
http://www-01.ibm.com/support/docview.wss?uid=swg22002870