Tageszusammenfassung - Dienstag 13-06-2017

End-of-Shift report

Timeframe: Montag 12-06-2017 18:00 − Dienstag 13-06-2017 18:00 Handler: Robert Waldner Co-Handler: n/a

Security Bulletins posted

Adobe has published security bulletins for Adobe Flash Player (APSB17-17), Adobe Shockwave Player (APSB17-18), Adobe Captivate (APSB17-19) and Adobe Digital Editions (APSB17-20). Adobe recommends users update their product installations to the latest versions...

https://blogs.adobe.com/psirt/?p=1469

---

SAP Security Patch Day - June2017

On 13th of June 2017, SAP Security Patch Day saw the release of 18 security notes. Additionally, there were 3 updates to previously released security notes.

https://blogs.sap.com/2017/06/13/sap-security-patch-day-june2017/

---

Analyzing Xavier: An Information-Stealing Ad Library on Android

We have recently discovered a Trojan Android ad library called Xavier that steals and leaks a user's information silently. Xavier's impact has been widespread, with more than 800 applications embedding the ad library's SDK having been downloaded millions of times from Google Play.

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Vlm6uUCaCKU/

---

[2017-06-13] Access Restriction Bypass in Atlassian Confluence

An attacker can manually subscribe to pages of Atlassian Confluence which he is not able to view and he then receive any further comments made on the restricted page.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170613-0_Atlassian_Confluence_Access_Restriction_Bypass_v10.txt

---

FIN7 Hitting Restaurants with Fileless Malware

A campaign attributed to the FIN7 attackers targets restaurants with phishing emails and infected RTF Word documents that carry out fileless malware attacks.

http://threatpost.com/fin7-hitting-restaurants-with-fileless-malware/126213/

---

More Bypassing of Malware Anti-Analysis Techniques

For last few articles, we have seen how malware employs some anti-analysis techniques and how we can bypass those techniques. Now, let's raise the bar a bit more and look out for more advanced anti-analysis techniques. In this article, we will look at how we can reach the Original Entry Point of a packed Exe ...

http://resources.infosecinstitute.com/bypassing-malware-anti-analysis-techniques/

---

Learning Pentesting with Metasploitable3 - Part 2

Introduction: This is the second part in this series of articles on Learning Pentesting with Metasploitable3. We have prepared our lab setup in our previous article. This article shows the Information Gathering techniques that are typically used during Penetration Testing by using Metasploitable3 VM. This phase is crucial during a penetration test as we will ...

http://resources.infosecinstitute.com/learning-pentesting-metasploitable3-part-2/

---

Multiple (0day) vulnerabilities in Schneider Electric U.motion Builder

http://www.zerodayinitiative.com/advisories/ZDI-17-383/ http://www.zerodayinitiative.com/advisories/ZDI-17-384/ http://www.zerodayinitiative.com/advisories/ZDI-17-385/ http://www.zerodayinitiative.com/advisories/ZDI-17-386/ http://www.zerodayinitiative.com/advisories/ZDI-17-387/ http://www.zerodayinitiative.com/advisories/ZDI-17-388/ http://www.zerodayinitiative.com/advisories/ZDI-17-389/ http://www.zerodayinitiative.com/advisories/ZDI-17-390/

---

IBM Security Bulletins

IBM Security Bulletin: IBM API Connect is affected by an information disclosure vulnerability (CVE-2017-1379).

http://www.ibm.com/support/docview.wss?uid=swg22004714

---

IBM Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2017-2619)

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010155

---

IBM Security Bulletin: Weak default password lockout policy in IBM BigFix Compliance Analytics (CVE-2017-1197)

http://www-01.ibm.com/support/docview.wss?uid=swg22004170

---

IBM Security Bulletin: IBM Spectrum Scale Object Protocols functionality is affected by security vulnerabilities in OpenStack (CVE-2015-1852 and CVE-2015-7546)

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010157

---

IBM Security Bulletin: A Cross-site scripting vulnerability in IBM Websphere Application Server, affects IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-8934)

http://www-01.ibm.com/support/docview.wss?uid=swg21996989

---

IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Cloud Orchestrator (CVE-2016-5986)

http://www.ibm.com/support/docview.wss?uid=swg2C1000200