Tageszusammenfassung - Donnerstag 22-06-2017

End-of-Shift report

Timeframe: Mittwoch 21-06-2017 18:00 − Donnerstag 22-06-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an ..

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack ..

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc

Kritischer Bug in Kompressions-Bibliothek RAR gefährdet AV-Software

Fehler beim Auspacken von Archiven sind kritisch, weil sie sich besonders einfach ausnutzen lassen – etwa wenn die Antiviren-Software nach Schadcode sucht. Umso bitterer ist es, wenn die sich fünf Jahre nach ihrer Entdeckung noch ausnutzen lassen.

https://heise.de/-3751528

Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003

https://www.drupal.org/SA-CORE-2017-003

TeslaWare Plays Russian Roulette with your Files

I was told about a new ransomware called TeslaWare that is being promoted on a black hat criminal site. After a quick search, I was able to find a sample that was compiled yesterday ..

https://www.bleepingcomputer.com/news/security/teslaware-plays-russian-roulette-with-your-files/

Locky Ransomware Returns, but Targets Only Windows XP & Vista

The Locky ransomware is back, spreading via a massive wave of spam emails distributed by the Necurs botnet, but the campaign appears to be a half-baked effort because the ransomware is not able to encrypt files on modern Windows OS versions, locking ..

https://www.bleepingcomputer.com/news/security/locky-ransomware-returns-but-targets-only-windows-xp-and-vista/

NSA-Backed OpenC2.org Aims to Defend Systems at Machine Speed

Security experts, vendors, business and the NSA are developing a standardized language that rather than autonomously understands threats, acts on them.

http://threatpost.com/nsa-backed-openc2-org-aims-to-defend-systems-at-machine-speed/126454/

Web Application Pentest Guide Part-I

In this article, we are going to pentest a web application which was developed by HP for scanner evaluation purpose. We will be demonstrating the complete process ..

http://resources.infosecinstitute.com/web-application-pentest-guide-part/

Windows-Trojaner nutzt NSA-Hintertür um verdeckt Kryptowährungen zu schürfen

Die DOUBLEPULSAR-Hintertür der NSA wird momentan missbraucht, um ungeschützte Windows-Rechner mit einem Trojaner zu infizieren, der heimlich die Kryptowährung Monero (XMR) schürft.

https://heise.de/-3751247

[2017-06-22] Multiple vulnerabilities in Cisco Prime Infrastructure

Multiple security vulnerabilities in Cisco Prime Infrastructure < 3.1.6 could allow local low-privileged user to read arbitrary files such as wireless access point configurations, read the hashed passwords of all the users including the administrator from database and infect other users with JavaScript trojan.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170622-0_Cisco_Prime_Infrastructure_XXE_SQLi_XSS_v10.txt

Understanding the true size of “Fireball”

... when recent reports of the “Fireball” cybersecurity threat operation were presented as a new discovery, our teams knew ..

https://blogs.technet.microsoft.com/mmpc/2017/06/22/understanding-the-true-size-of-fireball/

IBM Security Bulletin: Multiple vulnerabilities in EBICS client in IBM Sterling B2B Integrator (CVE-2017-1132, CVE-2017-1347, CVE-2017-1348)

http://www-01.ibm.com/support/docview.wss?uid=swg22004199

IBM Security Bulletin: HTTP verb tampering vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1131)

http://www-01.ibm.com/support/docview.wss?uid=swg22004270

Why So Many Top Hackers Hail from Russia

Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information ..

https://krebsonsecurity.com/2017/06/why-so-many-top-hackers-hail-from-russia/

DSA-3892 tomcat7 - security update

Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet andJSP engine, static error pages used the original requests HTTP methodto serve content, instead of systematically using ..

https://www.debian.org/security/2017/dsa-3892

DSA-3891 tomcat8 - security update

Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet andJSP engine, static error pages used the original requests HTTP methodto serve content, instead of systematically ..

https://www.debian.org/security/2017/dsa-3891