Tageszusammenfassung - Donnerstag 4-05-2017

End-of-Shift report

Timeframe: Mittwoch 03-05-2017 18:00 − Donnerstag 04-05-2017 18:00 Handler: Olaf Schwarz Co-Handler: Petr Sikuta Co-Handler: Robert Waldner

Researcher: "Baseless Assumptions" Exist About Intel AMT Vulnerability

Embedi, which is behind the Intel AMT vulnerability revealed Monday, seeks to clarify "baseless assumptions" being made about the flaw.

http://threatpost.com/researcher-baseless-assumptions-exist-about-intel-amt-vulnerability/125390/

---

Intel-ME-Sicherheitslücke: Erste Produktliste, noch keine Updates

Zu der am 1. Mai von Intel gemeldeten Sicherheitslücke in der Management Engine (ME) gibt es einige neue Informationen, aber noch keine Updates.

https://heise.de/-3703356

---

WordPress 4.6 Unauthenticated Remote Code Execution (RCE) PoC Exploit

This advisory reveals details of exploitation of the PHPMailer vulnerability (CVE-2016-10033) in WordPress Core which (contrary to what was believed and announced by WordPress security team) was affected by the vulnerability.

https://cxsecurity.com/issue/WLB-2017050014

---

Kazuar: Multiplatform Espionage Backdoor with API Access

Unit 42 researchers have uncovered Kazuar, a backdoor Trojan used in an espionage campaign.The post Kazuar: Multiplatform Espionage Backdoor with API Access appeared first on Palo Alto Networks Blog.

http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/

---

A set of tutorials about code injection for Windows.

Injectopi is a set of tutorials that Ive decided to write down in order to learn about various injection techniques in the Windows environment.

https://github.com/peperunas/injectopi

---

Master-Fingerabdruck: Forscher können fast alle Smartphones entsperren

Mithilfe von Maschinenlernen Trefferquote von 65 Prozent erreicht - Aktuelle Scanner zu niedrig aufgelöst

http://derstandard.at/2000056971421

---

Checker ATM Security: Sicherheitslücke ermöglicht Übernahme von Geldautomaten

Eine Sicherheitslücke in einer Sicherheitslösung für Geldautomaten konnte von Angreifern ausgenutzt werden, um illegal Geld auszuzahlen. Der Hersteller beschwichtigt und hat einen Patch bereitgestellt.

https://www.golem.de/news/checker-atm-security-sicherheitsluecke-ermoeglicht-uebernahme-von-geldautomaten-1705-127638-rss.html

---

DFN-CERT-2017-0775/">LibTIFF: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes

Mehrere Schwachstellen in LibTIFF ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes, die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe und das Ausspähen von Informationen mit Hilfe speziell präparierter Bilddateien. Betroffene Plattformen Debian Linux 8.7 Jessie Debian Linux 9.0 Stretch

https://portal.cert.dfn.de/adv/DFN-CERT-2017-0775/

---

USB-Sticks: IBM liefert Installationsmedien mit Malware aus

Vom USB-Stick auf das Betriebssystem: Eine Schadsoftware verteilt sich von IBM-Produkten selbstständig. Betroffen sind die mitgelieferten Sticks mehrerer Storwize-Geräte. IBM rät, den USB-Stick zu formatieren oder gleich zu zerstören.

https://www.golem.de/news/usb-sticks-ibm-liefert-installationsmedien-mit-malware-aus-1705-127644-rss.html

---

Cisco Security Advisories

Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1

---

Cisco IOS XR Software Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ios-xr

---

Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme

---

Cisco Wide Area Application Services SMART-SSL Accelerator Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas

---

Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ftd

---

Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce

---

Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w2

---

Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cuc

---

Cisco TelePresence ICMP Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp

---

Cisco CallManager Express Unauthorized Access Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme1

---

IBM Security Bulletins

IBM Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM QRadar Network Security XGS 7100 appliance (CVE-2016-8106)

http://www-01.ibm.com/support/docview.wss?uid=swg22002624

---

IBM Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM Security Network Protection XGS 7100 appliance (CVE-2016-8106)

http://www-01.ibm.com/support/docview.wss?uid=swg22002507

---

IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2017-5638)

http://www-01.ibm.com/support/docview.wss?uid=swg22001731

---

IBM Security Bulletin: Potential security vulnerability in WebSphere Application Server Administrative Console (CVE-2017-1137)

http://www-01.ibm.com/support/docview.wss?uid=swg21998469

---

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications

http://www.ibm.com/support/docview.wss?uid=swg22002517

---

IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Network Controller (CVE-2016-7055)

http://www-01.ibm.com/support/docview.wss?uid=swg22002309

---

IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Network Active Bypass (CVE-2016-7055)

http://www-01.ibm.com/support/docview.wss?uid=swg22002310

---

IBM Security Bulletin: Vulnerabilities in OpenSource ICU4C may affect IBM Streams (CVE-2016-6293, CVE-2016-7415)

http://www-01.ibm.com/support/docview.wss?uid=swg22002225

---

IBM Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-6153 )

http://www-01.ibm.com/support/docview.wss?uid=swg21996590

---

IBM Security Bulletin: Vulnerabilities in OpenSSL affect the BigFix Platform (CVE-2016-2177 CVE-2016-6304 CVE-2016-6305 CVE-2016-2182 CVE-2016-6306 CVE-2016-2183)

http://www-01.ibm.com/support/docview.wss?uid=swg22002870