[CERT-daily] Tageszusammenfassung - Dienstag 27-10-2015

Daily end-of-shift report team at cert.at
Tue Oct 27 18:28:34 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 23-10-2015 18:00 − Dienstag 27-10-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Botnets spreading Dridex still active, (Fri, Oct 23rd) ***
---------------------------------------------
Introduction In early September 2015, we started seeing reports about arrests tied to Dridex malware [1, 2]. About that time, we noticed a lack of botnet-based malicious spam (malspam) pushing Dridex malware. During the month of September, Dridex disappeared from our radar. By the beginning of October 2015, malspam pushing Dridex came back [3], and its continued since then. However, organizations still discussed the Dridex takedown, even after Dridex came back. The most recent wave of reporting...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20295&rss




*** Unsichere App-TAN: Sparkasse verteidigt ihr pushTAN-Banking ***
---------------------------------------------
Die Manipulationen beträfen "veraltete Versionsstände der S-pushTAN-App" und tatsächliche Schadensfälle seien unwahrscheinlich, heißt es in einer Stellungnahme der Sparkassen zu einem erfolgreichen Angriff auf ihr AppTAN-Verfahren.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Unsichere-App-TAN-Sparkasse-verteidigt-ihr-pushTAN-Banking-2854722.html?wt_mc=rss.ho.beitrag.rdf




*** Free and Commercial Tools to Implement the SANS Top 20 Security Controls, Part 5: Malware Defenses ***
---------------------------------------------
This is Part 5 of a How-To effort to compile a list of tools (free and commercial) that can help IT administrators comply with SANS Security Controls. In Part 1 we looked at Inventory of Authorized and Unauthorized Devices. In Part 2 we looked at Inventory of Authorized and Unauthorized Software. In Part 3 we looked at Secure Configurations. In Part 4 we looked at Continuous Vulnerability Assessment and Remediation. Now in Part 5 well take on Malware Defenses. 5-1 Employ automated tools...
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/free-and-commercial-tools-to-implement-the-sans-top-20-security-controls-part-5-malware-defenses-1




*** Beyond Automated Penetration Testing ***
---------------------------------------------
#WarStoryWednesday Not too long ago, I was tasked with performing an Application Security Assessment while onsite at a client location. I had worked with this client before, and was eager to see how they had matured their applications over the past couple years. Originally, I had performed an Application Security Assessment on an older version...
---------------------------------------------
http://resources.infosecinstitute.com/beyond-automated-penetration-testing/




*** Joomla SQL Injection Attacks in the Wild ***
---------------------------------------------
Last week, the Joomla team released an update patching a serious vulnerability in Joomla 3.x. This vulnerability, an SQL injection (CVE-2015-7858), allows for an attacker to take over a vulnerable site with ease. We predicted that the attacks would start in the wild very soon, due to the popularity of the Joomla platform alongRead More The post Joomla SQL Injection Attacks in the Wild appeared first on Sucuri Blog.
---------------------------------------------
https://blog.sucuri.net/2015/10/joomla-sql-injection-attacks-in-the-wild.html




*** Patch außer der Reihe: Adobe schließt kritische Lücke in Shockwave ***
---------------------------------------------
Angreifer können den Shockwave Player verwenden, um aus der Ferne Schadcode auf Rechner zu schleusen. Adobe bewertet die Lücke mit der höchsten Prioritätsstufe.
---------------------------------------------
http://heise.de/-2860125




*** Intel x86 considered harmful (new paper) ***
---------------------------------------------
Oct 27, 2015 - Joanna Rutkowska | Back in summer I have read a new book published by one of the core Intel architects about the Management Engine (ME). I didnt quite like what I read there. In fact I even found this a bit depressing, even though Intel ME wasnt particular news to me as we, at the ITL, have already studied this topic quite in-depth, so to say, back in 2008... But, as you can see in the linked article, I believed we could use VT-d to protect the host OS from the potentially...
---------------------------------------------
http://blog.invisiblethings.org/2015/10/27/x86_harmful.html




*** Patchday: Updates für Xen-Hypervisor ***
---------------------------------------------
Xen hat einige Lücken in seinem Hypervisor geschlossen. Details werden, wie üblich, erst später bekannt gegeben.
---------------------------------------------
http://www.golem.de/news/patchday-updates-fuer-xen-hypervisor-1510-117152-rss.html




*** Volkswagen: Hacker deaktivieren Airbag über gefälschte Diagnose-Software ***
---------------------------------------------
Wieder gibt es manipulierte Software bei VW - doch dieses Mal ist der Konzern nicht selbst verantwortlich. Hackern ist es offensichtlich gelungen, die Steuersoftware eines Audi TT so zu manipulieren, dass der Airbag ohne Wissen der Nutzer abgeschaltet werden kann.
---------------------------------------------
http://www.golem.de/news/volkswagen-hacker-deaktivieren-airbag-ueber-gefaelschte-diagnose-software-1510-117140-rss.html




*** The "Yes, but..." syndrome, (Tue, Oct 27th) ***
---------------------------------------------
This weekend, I worked on a pentest report that was already pending for a while. Im honest: Im lazzy to write reports (like many of us, no?).During a pentest, it is mandatory to keep evidences of all your findings. No only the tools you used and how you used them but as much details as possible (screenshots, logs, videos, papers,etc). Every day, we had a quick debriefing meeting with the customer to make the point about the new findings. The first feedback was often a Yes, but...: Me: We were
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20303&rss




*** JSA10711 - 2015-10 Out of Cycle Security Bulletin: NTP.org announcement of multiple vulnerabilities. ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10711&actp=RSS




*** Bugtraq: [security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536749




*** Bugtraq: [security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536748




*** DSA-3377 mysql-5.5 - security update ***
---------------------------------------------
Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.46. Please see the MySQL 5.5 Release Notes and OraclesCritical Patch Update advisory for further details:...
---------------------------------------------
https://www.debian.org/security/2015/dsa-3377




*** DSA-3378 gdk-pixbuf - security update ***
---------------------------------------------
Several vulnerabilities have been discovered in gdk-pixbuf, a toolkitfor image loading and pixel buffer manipulation. The CommonVulnerabilities and Exposures project identifies the following problems:...
---------------------------------------------
https://www.debian.org/security/2015/dsa-3378




*** Security Notice - Statement on the Huawei Honor phone Vulnerability Mentioned at the GeekPwn Conference ***
---------------------------------------------
Oct 25, 2015 09:27
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-459238.htm




*** Cisco Security Advisories ***
---------------------------------------------

*** Cisco Secure Access Control Server Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks ***
http://www.securitytracker.com/id/1033968

*** Cisco Secure Access Control Server Input Validation Flaw Lets Remote Authenticated Users Inject SQL Commands ***
http://www.securitytracker.com/id/1033967

*** Cisco Secure Access Control Server RBAC Flaw Lets Remote Authenticated Users Modify Dashboard Portlets on the Target System ***
http://www.securitytracker.com/id/1033971

*** Cisco Secure Access Control Server RBAC Flaw Lets Remote Authenticated Users Obtain System Administrator Reports and Status ***
http://www.securitytracker.com/id/1033970

*** Cisco Secure Access Control Server DOM Statement Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks ***
http://www.securitytracker.com/id/1033969




*** Siemens Rugged Operating System (ROS) Ethernet Frame Padding Bug Lets Remote Users on the Local Network Obtain Potentially Sensitive VLAN Information ***
---------------------------------------------
http://www.securitytracker.com/id/1033973


More information about the Daily mailing list