[CERT-daily] Tageszusammenfassung - Montag 2-11-2015

Daily end-of-shift report team at cert.at
Mon Nov 2 18:16:07 CET 2015 

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 30-10-2015 18:00 − Montag 02-11-2015 18:00
Handler:     Robert Waldner
Co-Handler:  n/a



*** CoinVault and Bitcryptor Ransomware Victims Can Now Recover Their Files For Free ***
---------------------------------------------
itwbennett writes: Researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained the last set of encryption keys from command-and-control servers that were used by CoinVault and Bitcryptor, writes Lucian Constantin. Those keys have been uploaded to Kasperskys ransomware decrypt or service that was originally set up in April with a set of around 750 keys recovered from servers hosted in the Netherlands.
---------------------------------------------
http://yro.slashdot.org/story/15/10/30/2341230/coinvault-and-bitcryptor-ransomware-victims-can-now-recover-their-files-for-free




*** Disaster Recovery Starts with a Plan, (Mon, Nov 2nd) ***
---------------------------------------------
One of the security questions being asked of security professionals, by business executives these days, from both internal and external entities, is What is the status of our Disaster Recovery plan? The driving force behind the question varies, from compliance and our business partners are asking to I read an article about an earthquake. A disaster recovery plan is one of those things that you dont want to define the requirements as you go, this is one that is truly about the *plan*.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20325&rss




*** About Lenovo System Update Vulnerabilities and CVE-2015-6971 ***
---------------------------------------------
Over the past seven months, a number of vulnerabilities in Lenovo System Update software have come to light. Lenovo patched the first of a batch of these vulnerabilities in spring of this year. I decided to take a deeper look...
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/About-Lenovo-System-Update-Vulnerabilities-and-CVE-2015-6971/




*** Useful tools for malware analysis ***
---------------------------------------------
In early October, the international project 'Cyber Security in the Danube Region' organized training for security teams operating within the region. As sharing of information and knowledge are essential in the field of security, I decided to write a post ...
---------------------------------------------
http://en.blog.nic.cz/2015/10/30/useful-tools-for-malware-analysis/




*** Debian: elasticsearch end-of-life (DSA 3389-1) ***
---------------------------------------------
Security support for elasticsearch in jessie is hereby discontinued. The project no longer releases information on fixed security issues which allow backporting them to released versions of Debian and actively discourages from doing so. elasticsearch will also be removed from Debian stretch (the next stable Debian release), but will continue to remain in unstable and available in jessie-backports.
---------------------------------------------
https://lists.debian.org/debian-security-announce/2015/msg00290.html




*** PageFair: Halloween Security Breach ***
---------------------------------------------
I want to take some time here to describe exactly what happened, how it may have affected some of your visitors, and what we are doing to prevent this from ever happening again.
---------------------------------------------
http://blog.pagefair.com/2015/halloween-security-breach/




*** RWSPS: WPA/2 Cracking Using HashCat ***
---------------------------------------------
We will cover the following topics: WPA/2 Cracking with Dictionary attack using Hashcat. WPA/2 Cracking with Mask attack using Hashcat. WPA/2 Cracking with Hybrid attack using Hashcat. WPA/2 Cracking Pause/resume in Hashcat (One of the best features) WPA/2 Cracking save sessions and restore.
---------------------------------------------
http://www.rootsh3ll.com/2015/10/rwsps-wpa2-cracking-using-hashcat-cloud-ch5pt2/




*** Protecting Windows Networks - Local administrative accounts management ***
---------------------------------------------
There is a common problem in all environments with local administrative accounts, such as local Administrator account, root accounts or any kind of application specific built-in admin accounts set to a common password, shared across all systems.
---------------------------------------------
https://dfirblog.wordpress.com/2015/11/01/protecting-windows-networks-local-administrative-accounts-management/




*** new Windows 10 cumulative update (3105210) ***
---------------------------------------------
Bulletin revised to announce the release of a new Windows 10 cumulative update (3105210) to address an additional vulnerability, CVE-2015-6045, which has been added to this bulletin. Only customers running Windows 10 systems need to install this new update. Earlier operating systems are either not affected or have received the fix in the original updates of October 13, 2015.
---------------------------------------------
https://technet.microsoft.com/library/security/ms15-106




*** 5 signs your Web application has been hacked ***
---------------------------------------------
When customers interact with your business, they most likely go through a Web application first. It's your company's public face -- and by virtue of that exposure, an obvious point of vulnerability.Most attacks against Web applications are stealthy and hard to spot.
---------------------------------------------
http://www.csoonline.com/article/3000315/application-security/5-signs-your-web-application-has-been-hacked.html#tk.rss_applicationsecurity




*** How Much is a Zero-Day Exploit for an SCADA/ICS System? ***
---------------------------------------------
Current scenario How much is a zero-day for an industrial control system? Where is it possible to buy them and who are the main buyers of these commodities? I can tell you that there isn't a unique answer to the above questions, but first all let us try to understand the current scenario ...
---------------------------------------------
http://resources.infosecinstitute.com/how-much-is-a-zero-day-exploit-for-an-scadaics-system/




*** Cisco Security Advisories ***
---------------------------------------------
*** Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
---------------------------------------------
*** Cisco Unified Communications Domain Manager URI Enumeration Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-ucd
---------------------------------------------
*** Cisco FireSIGHT Management Center HTML Injection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc2
---------------------------------------------
*** Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc1
---------------------------------------------
*** Cisco ASR 5500 SAE Gateway BGP Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-asr
---------------------------------------------
*** Cisco Prime Service Catalog SQL Injection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-psc
---------------------------------------------
*** Cisco ASA CX Context-Aware Security Web GUI Unauthorized Access Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-cas
---------------------------------------------
*** Cisco Unified Border Element Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151026-cube
---------------------------------------------
*** Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1
---------------------------------------------
*** Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1
---------------------------------------------
*** Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac
---------------------------------------------
*** Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss
---------------------------------------------
*** Cisco Secure Access Control Server SQL Injection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs
---------------------------------------------
*** Cisco Wireless LAN Controller Client Disconnection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-wlc
---------------------------------------------

More information about the Daily mailing list