[CERT-daily] Tageszusammenfassung - Montag 16-11-2015

Daily end-of-shift report team at cert.at
Mon Nov 16 18:15:09 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 13-11-2015 18:00 − Montag 16-11-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** BitLocker encryption can be defeated with trivial Windows authentication bypass ***
---------------------------------------------
Companies relying on Microsoft BitLocker to encrypt the drives of their employees computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk.Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the attack Friday at the Black Hat Europe security conference in Amsterdam. The issue affects Windows computers that are part...
---------------------------------------------
http://www.cio.com/article/3005178/bitlocker-encryption-can-be-defeated-with-trivial-windows-authentication-bypass.html#tk.rss_security




*** The November 2015 issue of our SWITCH Security Report is available! ***
---------------------------------------------
Dear Reader! A new issue of our monthly SWITCH Security Report has just been released. The topics covered in this report are: No safe harbour in the Land of the Free - EU Court of Justice restricts data transfer to...
---------------------------------------------
http://securityblog.switch.ch/2015/11/13/the-november-2015-issue-of-our-switch-security-report-is-available/




*** Websicherheit: Datenleck durch dynamische Skripte ***
---------------------------------------------
Moderne Webseiten erstellen häufig dynamischen Javascript-Code. Wenn darin private Daten enthalten sind, können fremde Webseiten diese auslesen. Bei einer Untersuchung von Sicherheitsforschern war ein Drittel der untersuchten Webseiten von diesem Problem betroffen.
---------------------------------------------
http://www.golem.de/news/websicherheit-datenleck-durch-dynamische-skripte-1511-117456-rss.html




*** Op-ed: (How) did they break Diffie-Hellman? ***
---------------------------------------------
Relax - its not true that researchers have broken the Diffie-Hellman key exchange protocol.
---------------------------------------------
http://arstechnica.com/security/2015/11/op-ed-how-did-they-break-diffie-hellman/




*** More POS malware, just in time for Christmas ***
---------------------------------------------
VXers stuff evidence-purging malware in retailer stockings. Threat researchers are warning of two pieces of point of sales malware that have gone largely undetected during years of retail wrecking and now appear likely to earn VXers a haul over the coming festive break.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/11/16/more_pos_malware_just_in_time_for_christmas/




*** Black Hat Europe 2015 slides ***
---------------------------------------------
briefings - november 12-13
---------------------------------------------
https://www.blackhat.com/eu-15/briefings.html




*** Choosing the Right Cryptography Library for your PHP Project: A Guide ***
---------------------------------------------
... conventional wisdom states that you almost certainly should not try to design your own cryptography. Instead, you should use an existing cryptography library. Okay, great. So which PHP cryptography library should I use? That depends on your exact requirements. Lets look at some good choices. (We wont cover any terrible choices.)
---------------------------------------------
https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-your-php-project-guide




*** Apple OS X authentication issue when recovering from sleep mode ***
---------------------------------------------
When Apple Remote Desktop is used in full screen mode and the remote connection is alive upon entering sleep mode, the text entered in the dialog box upon recovering from sleep mode is sent to the remotely connected host instead of the local host. This may result in command execution at the remote host.
---------------------------------------------
http://jvn.jp/en/jp/JVN56210048/index.html




*** Programmbibliothek libpng verlangt nach Sicherheitsupdates ***
---------------------------------------------
Eine Schwachstelle in libpng kann als Einfallstor für Angreifer dienen, um Anwendungen zum Absturz zu bringen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Programmbibliothek-libpng-verlangt-nach-Sicherheitsupdates-2922089.html?wt_mc=rss.ho.beitrag.rdf




*** Container: CoreOS gibt CVE-Service als Open Source frei ***
---------------------------------------------
Der Linux-Distributor CoreOS hat sein Container-Security-Werkzeug Clair als Open-Source-Software freigegeben. Das Tool ist in der Lage, jede einzelne Containerschicht nach Schwachstellen zu durchforsten und im Falle eines Fundes eine Meldung über die Art der Bedrohung zu übermitteln. Hierfür greift Clair auf die CVE-Datenbank (Common Vulnerabilities and Exposures) und ähnliche Ressourcen von Red Hat, Ubuntu, und Debian zurück. Clair hilft allerdings nicht, die...
---------------------------------------------
http://www.heise.de/newsticker/meldung/Container-CoreOS-gibt-CVE-Service-als-Open-Source-frei-2921963.html




*** LiME - Linux Memory Extractor ***
---------------------------------------------
Features Full Android memory acquisition Acquisition over network interface Minimal process footprint
---------------------------------------------
http://www.kitploit.com/2015/11/lime-linux-memory-extractor.html




*** DD4BC / Armada Collective: Erpressung mittels DDoS ***
---------------------------------------------
DD4BC / Armada Collective: Erpressung mittels DDoS16. November 2015Das ist mal wieder nichts wirklich Neues. Distributed Denial of Service Angriffe gibt es schon lange, das mag mit Turf-Fights in der Rotlicht-Szene angefangen haben, der Angriff auf Estland 2007 hat das Thema groß in die Presse gebracht, und spätestens seit den Angriffen der "Anonymous"-Bewegung sollte das Problem allgemein bekannt sein. Dazu gibt es auch einen Abschnitt in unserem letzten...
---------------------------------------------
http://www.cert.at/services/blog/20151116114639-1627.html




*** BlackBerry Enterprise Server Input Validation Flaw in Management Console Lets Remote Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1034154




*** D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability ***
---------------------------------------------
Cross-Site Request Forgery (CSRF) vulnerability in the DIR-816L wireless router enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated.
---------------------------------------------
http://www.securityfocus.com/archive/1/536886




*** Debian: strongswan security update ***
---------------------------------------------
Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.
---------------------------------------------
https://lists.debian.org/debian-security-announce/2015/msg00303.html




*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco Videoscape Distribution Suite Service Manager Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-vds
---------------------------------------------
*** Cisco IOS Software Virtual PPP Interfaces Security Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios1
---------------------------------------------
*** Cisco FireSIGHT Management Center Certificate Validation Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc
---------------------------------------------
*** Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca1
---------------------------------------------




*** IBM Security Bulletins ***
---------------------------------------------
*** Apache Commons Vulnerability for handling Java object deserialization ***
http://www.ibm.com/support/docview.wss?uid=swg21970575
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in GSKit affects IBM DataPower Gateways (CVE-2015-1788) ***
http://www.ibm.com/support/docview.wss?uid=swg21969271
---------------------------------------------
*** IBM Security Bulletin: Certain cookies missing Secure attribute in IBM DataPower Gateways (CVE-2015-7427) ***
http://www.ibm.com/support/docview.wss?uid=swg21969342
---------------------------------------------
*** Security Bulletin: Vulnerabilities in OpenSSL affect IBM System Networking RackSwitch (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098801
---------------------------------------------
*** IBM Security Bulletin: IBM Cúram Social Program Management contains an Apache Batik Vulnerability (CVE-2015-0250) ***
http://www.ibm.com/support/docview.wss?uid=swg21970112
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition ***
http://www.ibm.com/support/docview.wss?uid=swg21969225
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in qemu-kvm affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance ***
http://www.ibm.com/support/docview.wss?uid=swg21968929
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in FUSE affects PowerKVM (CVE-2015-3202) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022878
---------------------------------------------
*** IBM Security Bulletin: Lotus Protector for Mail Security affected by Opensource PHP Vulnerabilities (CVE-2015-6836 CVE-2015-6837 CVE-2015-6838) ***
http://www.ibm.com/support/docview.wss?uid=swg21968353
---------------------------------------------
*** IBM Security Bulletin: GPFS security vulnerabilities in IBM SONAS (CVE-2015-4974 and CVE-2015-4981) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005425
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Mozilla gdk-pixbuf2 affects PowerKVM (CVE-2015-4491) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022833
---------------------------------------------
*** Vulnerability in bind affects AIX (CVE-2015-5722) ***
http://www.ibm.com/support/
---------------------------------------------


More information about the Daily mailing list