November 2015 - Daily

Tageszusammenfassung - Montag 30-11-2015
by Daily end-of-shift report 30 Nov '15

30 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 27-11-2015 18:00 − Montag 30-11-2015 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** IBM Security Bulletin: IBM Maximo Asset Management contains a vulnerability which could allow a user to log in with an expired password (CVE-2015-5017) *** --------------------------------------------- IBM Maximo Asset Management contains a vulnerability which could allow a user to log into the system with an expired password. This vulnerability could allow a local attacker to obtain sensitive information or compromise the integrity of the system. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21969052 *** IBM Security Bulletin: Security Bulletin: Vulnerability in Apache Commons affects IBM Endpoint Manager for Remote Control (CVE-2015-7450) *** --------------------------------------------- Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971490 *** Program:Win32/CompromisedCert.D *** --------------------------------------------- This threat is a Dell root certificate for which the private keys were leaked. This means a hacker can use this certificate to modify your browsing experience and steal sensitive information. --------------------------------------------- https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?na… *** Dell Root-CA-Desaster: Microsoft bringt Updates in Stellung *** --------------------------------------------- Mit einem Update für mehrere seiner Sicherheits-Tools will Microsoft zwei digitale Zertifikate entfernen, die auf Computern des Herstellers Dell zu Sicherheitsrisiken wurden. Erste Schadsoftware, die das Einfallstor nutzt, wurde bereits gefunden. --------------------------------------------- http://heise.de/-3025738 *** Turris Omnia Security Project protects home network users *** --------------------------------------------- The non-profit security research Turris Omnia project originating from the Czech Republic focuses on safety of SoHo users. The non-profit security research project originating from the Czech Republic, which focuses on safety of SoHo .. --------------------------------------------- http://securityaffairs.co/wordpress/42382/hacking/turris-omnia-router-proje… *** International NCSC One Conference 2016 *** --------------------------------------------- We are pleased to announce the fourth edition of our international One Conference 2016 that will take place at the World Forum in The Hague on April 5 and 6, 2016. Again the program will be informative and eye-opening offering something of interest to a wide variety of participants from private sectors, .. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/ncsc-one-conference-2016.ht… *** Lancom fixt Verschlüsselungsproblem in Routern *** --------------------------------------------- In verschiedenen Routern von Lancom klafft eine Schwachstelle, über die Angreifer verschlüsselte Verbindungen aufbrechen können. Workarounds sichern betroffene Geräte ab. --------------------------------------------- http://heise.de/-3026432 *** DFN-CERT-2015-1837: Xen: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1837/ *** Bugtraq: Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation *** --------------------------------------------- http://www.securityfocus.com/archive/1/537001 *** SSA-763427: Vulnerability in Communication Processor (CP) modules SIMATIC CP 343-1, TIM 3V-IE, TIM 4R-IE, and CP 443-1 *** --------------------------------------------- An authentication bypass vulnerability in Communication Processor (CP) module families SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 could allow unauthenticated users to perform administrative operations under certain conditions. --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427… *** Multiple serious vulnerabilities in RSI Videofied's alarm protocol *** --------------------------------------------- RSI Videofied are a French company that produce a series of alarm panels that are fairly unique in the market. They are designed to be battery powered and send videos from the detectors if the alarm is triggered. This is called video .. http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-vi… *** Forthcoming OpenSSL releases *** --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2e, 1.0.1q, 1.0.0t and 0.9.8zh. These releases will be made available on 3rd December between approx. 1pm and 5pm (UTC). They will fix a number of security defects, the highest of which is classified as "moderate" severity. --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2015-November/000045.html

1 0

Tageszusammenfassung - Freitag 27-11-2015
by Daily end-of-shift report 27 Nov '15

27 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 26-11-2015 18:00 − Freitag 27-11-2015 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter, Robert Waldner *** Reader's Digest and other WordPress Sites Compromised, Push Angler EK *** --------------------------------------------- Readers Digest is among the latest compromised sites pushing Angler EK. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/11/readers-digest-and-ot… *** Known 'Good' DNS, An Observation, (Thu, Nov 26th) *** --------------------------------------------- This has come up enough it seems worth noting for this U.S. Thanks Giving Holiday. The concept of public Domain Name Service (DNS) is not new, but worth discussing both the merits and pitfalls. Weve discussed DNS here quite a bit over the years, for a prospectus. There are a few (this is not an endorsement *quickly looks around for legal counsel and dodges them*) good services around that are known. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20419&rss *** DSA-3407 dpkg - security update *** --------------------------------------------- Hanno Boeck discovered a stack-based buffer overflow in the dpkg-debcomponent of dpkg, the Debian package management system. This flaw couldpotentially lead to arbitrary code execution if a user or an automatedsystem were tricked into processing a specially crafted Debian binarypackage (.deb) in the old style Debian binary package format. --------------------------------------------- https://www.debian.org/security/2015/dsa-3407 *** Apache Cordova vulnerable to improper application of whitelist restrictions *** --------------------------------------------- Apache Cordova contains a vulnerability where whitelist restrictions are not properly applied. --------------------------------------------- http://jvn.jp/en/jp/JVN18889193/ *** ManageEngine Firewall Analyzer fails to restrict access permissions *** --------------------------------------------- ManageEngine Firewall Analyzer provided by Zoho Corporation contains a vulerability where access permissions are not restricted. --------------------------------------------- http://jvn.jp/en/jp/JVN12991684/ *** ManageEngine Firewall Analyzer vulnerable to directory traversal *** --------------------------------------------- ManageEngine Firewall Analyzer provided by Zoho Corporation contains a directory traversal vulnerability. --------------------------------------------- http://jvn.jp/en/jp/JVN21968837/ *** Defending against Actual IT Threats *** --------------------------------------------- Roger Grimes has written an interesting paper: "Implementing a Data-Driven Computer Security Defense." His thesis is that most organizations dont match their defenses to the actual risks. His paper explains how it got to be this way, and how to fix it.... --------------------------------------------- https://www.schneier.com/blog/archives/2015/11/defending_again_4.html *** Adobe will Weiterverteilung von Flash Player einschränken *** --------------------------------------------- Ab Januar 2016 können nur noch Business-Anwender mit einer gültigen Lizenz den Flash Player zur Weiterverteilung herunterladen, verkündet Adobe. --------------------------------------------- http://heise.de/-3025473 *** Paper: Optimizing ssDeep for use at scale *** --------------------------------------------- Brian Wallace presents tool to optimize ssDeep comparisons.Malware rarely comes as a single file, and to avoid having to analyse each sample in a set individually, a fuzzy hashing algorithm tool like ssDeep can tell a researcherwhether two files are very similar - or not similar at all.When working with a large set of samples, the number of comparisons (which grows quadratically with the set size) may soon become extremely large though. To make this task more manageable, Cylance --------------------------------------------- http://www.virusbtn.com/blog/2015/11_27.xml?rss

1 0

Tageszusammenfassung - Donnerstag 26-11-2015
by Daily end-of-shift report 26 Nov '15

26 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 25-11-2015 18:00 − Donnerstag 26-11-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Verschlüsselung: Punkte auf der falschen elliptischen Kurve *** --------------------------------------------- Forscher der Ruhr-Universität Bochum haben einen schon lange bekannten Angriff auf Verschlüsselungsverfahren mit elliptischen Kurven in der Praxis umsetzen können. Verwundbar ist neben Java-Bibliotheken auch ein Hardware-Verschlüsselungsgerät von Utimaco. --------------------------------------------- http://www.golem.de/news/verschluesselung-punkte-auf-der-falschen-elliptisc… *** Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Shields up on potentially unwanted applications in your enterprise *** --------------------------------------------- Has your enterprise environment been bogged down by a sneaky browser-modifier which tricked you into installing adware from a seemingly harmless software bundle? Then you might have already experienced what a potentially unwanted application (PUA) can do. The good news is, the new opt-in feature for .. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/11/25/shields-up-on-potentiall… *** "Cyberangriffe werden besser und komplexer" *** --------------------------------------------- Vertreter österreichischer Unternehmen und Sicherheitsexperten diskutierten mit der futurezone über Trends in der Cyberkriminalität und den Schutz kritischer Infrastruktur. --------------------------------------------- http://futurezone.at/digital-life/cyberangriffe-werden-besser-und-komplexer… *** DSA-3405 smokeping - security update *** --------------------------------------------- Tero Marttila discovered that the Debian packaging for smokepinginstalled it in such a way that the CGI implementation of Apache httpd(mod_cgi) passed additional arguments to the smokeping_cgi program,potentially leading to arbitrary code execution in response to craftedHTTP requests. --------------------------------------------- https://www.debian.org/security/2015/dsa-3405 *** Serverseitiges JavaScript: Zwei offene Lücken in Node.js *** --------------------------------------------- Eine DoS-Schwachstelle und einen Out-of-Bounds-Zugriffsfehler bei der JavaScript-Engine V8 sind in unterschiedlichen Node.js-Versionen zu finden. Ein Patch soll nächste Woche veröffentlicht werden. --------------------------------------------- http://heise.de/-3022698 *** Ads on popular Search Engine are leading to Phishing Sites *** --------------------------------------------- The Reporting and Analysis Centre for Information Assurance (MELANI) and GovCERT.ch is aware of an ongoing phishing campaign that is targeting a large credit card issuer in Switzerland. What makes this phishing campaign somehow unique is the way how the phishers are advertising their phishing sites: while .. --------------------------------------------- http://www.govcert.admin.ch/blog/16/ads-on-popular-search-engine-are-leadin… *** Malware Researcher's Handbook (Demystifying PE File) *** --------------------------------------------- PE File Portable executable file format is a type of format that is used in Windows (both x86 and x64). As per Wikipedia, the portable executable (PE) format is a file format for executable, object code, DLLs, FON font files, and core dumps. The PE file .. --------------------------------------------- http://resources.infosecinstitute.com/2-malware-researchers-handbook-demyst… *** Smart Home: Sicherheitslücken im Zigbee-Protokoll demonstriert *** --------------------------------------------- Sicherheitsforscher haben auf der Sicherheitskonferenz Deepsec in Wien eklatante Mängel in der Sicherheit von Zigbee-Smart-Home-Geräten demonstriert. Es gelang ihnen, ein Türschloss zu übernehmen und zu öffnen. --------------------------------------------- http://www.golem.de/news/smart-home-sicherheitsluecken-im-zigbee-protokoll-… *** Windows Defender mit verstecktem Adware-Killer *** --------------------------------------------- Microsofts Virenschutz blokiert jetzt auch Adware. Eigentlich ist die nützliche Funktion für Unternehmensnetze gedacht – sie lässt sich aber auch auf gewöhnlichen Windows-Systemen freischalten, wie ein Test von heise Security zeigt. --------------------------------------------- http://heise.de/-3023579

1 0

Tageszusammenfassung - Mittwoch 25-11-2015
by Daily end-of-shift report 25 Nov '15

25 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 24-11-2015 18:00 − Mittwoch 25-11-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco Unified CallManager and Unified Presence Server ICMP Echo Request Handling Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-… *** A $10 Tool Can Guess (And Steal) Your Next Credit Card Number *** --------------------------------------------- A pattern in AmEx card numbers allows Samy Kamkars DIY gadget to predict and use new numbers for fraud as fast as the company can generate them. --------------------------------------------- http://www.wired.com/2015/11/samy-kamkar-10-dollar-tool-can-guess-and-steal… *** High-Security, Open-Source Router is a Hit on Indiegogo (Video) *** --------------------------------------------- The device is called the Turris Omnia, and its Indiegogo page says its a "hi-performance & open-source router." Their fundraising goal is $100,000. So far, 1,191 backers have pledged $248,446 (as of the moment this was typed), with 49 days left .. --------------------------------------------- http://linux.slashdot.org/story/15/11/24/1940251/high-security-open-source-… *** Hilton Acknowledges Credit Card Breach *** --------------------------------------------- Two months after KrebsOnSecurity first reported that multiple banks suspected a credit card breach at Hilton Hotel properties across the country, Hilton has acknowledged an intrusion involving malicious software found on some point-of-sale systems. --------------------------------------------- http://krebsonsecurity.com/?p=33068 *** Xen VPMU Feature May Let Local Users Deny Service, Obtain Information, and Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1034230 *** Unwanted Software and Harmful Programs *** --------------------------------------------- We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings including search engines, anti-virus programs, firewalls and and e-mail spam. Recently I came .. --------------------------------------------- https://blog.sucuri.net/2015/11/unwanted-software-and-harmful-programs.html *** Google kann nicht ohne weiteres geschützte Geräte entsperren *** --------------------------------------------- Ein Sicherheitsbericht des Bezirksstaatsanwalts von Manhattan berichtet von einer Hintertür, durch die Google auf richterlichen Beschluss in den USA auf bestimmte passwortgeschützte Android-Smartphones zugreifen können soll. Dem widerspricht jetzt ein Mitarbeiter des Android-Sicherheitsteams. --------------------------------------------- http://www.golem.de/news/android-sicherheit-google-kann-nicht-ohne-weiteres… *** House of Keys: Industry-Wide HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide *** --------------------------------------------- In the course of an internal research project we have analyzed the firmware images of more than 4000 embedded devices of over 70 vendors. The devices we have looked at include Internet gateways, routers, modems, IP cameras, VoIP phones, etc. We have specifically analyzed .. --------------------------------------------- http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html *** DSDTestProvider: Weiteres gefährliches Dell-Zertifikat entdeckt *** --------------------------------------------- Auf Dell-Computern ist ein weiteres CA-Zertifikat mitsamt privatem Schlüssel entdeckt worden. Damit kann jeder gültige Zertifikate ausstellen und die Verschlüsselung von Webseiten ad absurdum führen. Der Patch zum Löschen von eDellRoot ist verfügbar. --------------------------------------------- http://heise.de/-3020134 *** Internet Explorer: Microsoft stellt Support für fast alle Versionen ein *** --------------------------------------------- Ab Mitte Jänner wird nur mehr der IE11 mit Sicherheitsupdates versorgt – Fast ein Viertel der Web-Nutzer betroffen. --------------------------------------------- http://derstandard.at/2000026383964 *** Amazon.com setzt Passwörter von Kunden zurück *** --------------------------------------------- Einige Amazon-Kunden in den USA und Großbritannien müssen sich ein neues Passwort ausdenken. Amazon hat die Passwörter zurückgesetzt - eine reine Vorsichtsmaßnahme, wie es heißt. Doch das Statement von Amazon ist teilweise widersprüchlich und lässt viele Fragen offen. --------------------------------------------- http://www.golem.de/news/security-amazon-com-setzt-passwoerter-von-kunden-z… *** When Your CEO Won't Take Security Awareness Training *** --------------------------------------------- CEOs are often the busiest people in any organization. As security professionals, we should respect that: but what can we do when our CEO won't take security awareness training? This is not uncommon but it can be a hard nut for security .. --------------------------------------------- http://resources.infosecinstitute.com/when-your-ceo-wont-take-security-awar… *** Does prevalence matter? A different approach to traditional antimalware test scoring *** --------------------------------------------- Most well-known antimalware tests today focus on broad-spectrum malware. In other words, tests include malware that is somewhat indiscriminate (isnt necessarily targeted), at least somewhat prevalent and sometimes very prevalent. Typically,.. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/11/25/does-prevalence-matter-a… *** Moxa OnCell Central Manager Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for hardcoded credentials and authentication bypass vulnerabilities in the Moxa OnCell Central Manager Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-328-01 *** Tor-Betreiber starten Crowdfunding *** --------------------------------------------- Private Gelder sollen Abhängigkeit von US-Behörden reduzieren und Weiterentwicklung ermöglichen --------------------------------------------- http://derstandard.at/2000026409932 *** A Problem Shared *** --------------------------------------------- Information sharing has been a much discussed, but traditionally a hit-and-miss affair within the world of information security - after all, one's information can hardly be said to be secure if you're bandying it about to anyone who expresses .. --------------------------------------------- https://blog.team-cymru.org/2015/11/a-problem-shared/ *** Protecting Windows Networks - Dealing with credential theft *** --------------------------------------------- Credential theft is a huge problem, if you care to look at Verizon Data Breach reports over the years, you will see that use of stolen credentials was lingering at the top intrusion method for quite some time. They also prevalent in APT attacks. And why .. --------------------------------------------- https://dfirblog.wordpress.com/2015/11/24/protecting-windows-networks-deali… *** Ransomware Playbook - Guide for Handling Ransomware Infections *** --------------------------------------------- The following post demonstrates the writing process of a ransomware playbook for effective incident response and handling ransomware infections. --------------------------------------------- https://www.demisto.com/playbooks/playbook-for-handling-ransomware-infectio… *** Breach at IT Automation Firm LANDESK *** --------------------------------------------- LANDESK, a company that sells software to help organizations securely and remotely manage their fleets of desktop computers, servers and mobile devices, alerted employees last week that a data breach may have exposed their personal information. But LANDESK .. --------------------------------------------- http://krebsonsecurity.com/2015/11/breach-at-it-automation-firm-landesk

1 0

Tageszusammenfassung - Dienstag 24-11-2015
by Daily end-of-shift report 24 Nov '15

24 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 23-11-2015 18:00 − Dienstag 24-11-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Stealthy GlassRAT Spies on Commercial Targets *** --------------------------------------------- RSA has uncovered GlassRAT, a spy tool targeting commercial targets thats signed with a stolen certificate from a large developer in China. --------------------------------------------- http://threatpost.com/stealthy-glassrat-spies-on-commercial-targets/115453/ *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-… --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Multiple vulnerabilities in Apache Commons affecting IBM products *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971377 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971376 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971415 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971412 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971246 *** IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by operating system command vulnerability (CVE-2015-7426) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971484 *** IBM Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2015-7416 *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1020995 *** IBM Security Bulletin: IBM Smart Analytics System 5600 is affected by a vulnerability in IBM GPFS (CVE-2015-1788) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21969177 *** IBM Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect Sytem Storage DS8000 *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1005448 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect AppScan Standard (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970847 *** Security Advisory - Overflow Vulnerabilities in SNMPv3 *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Worlds most complex cash register malware plunders millions in US *** --------------------------------------------- ModPos kernel monster threatens haul during festive shopping blitz The worlds most complex sales till malware has been discovered ... after it ripped millions of bank cards from US retailers .. --------------------------------------------- www.theregister.co.uk/2015/11/24/modpos_point_of_sale_malware/ *** Break a dozen secret keys, get a million more for free *** --------------------------------------------- For many years NIST has officially claimed that AES-128 has "comparable strength" to 256-bit ECC, namely 128 "bits of security". Ten years ago, in a talk "Is 2255−19 big enough?", I disputed this claim. The underlying attack algorithms had already been known for years, and its not hard to see their impact on key-size selection; but somehow NIST hadnt gotten .. --------------------------------------------- http://blog.cr.yp.to/20151120-batchattacks.html *** Steam Weak File Permissions Privilege Escalation *** --------------------------------------------- A low privileged user could modify the steam.exe binary and obtain code execution with elevated privileges upon an administrator login or execution of steam.exe --------------------------------------------- http://www.securityfocus.com/archive/1/536961 *** Security Advisory - Memory Overflow Vulnerability in the Huawei Smartphone *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Root-CA-Zertifikat: Dell will eDellRoot über Update entfernen *** --------------------------------------------- Dell versichert, dass Besitzer eines Dell-Computers das vom Hersteller standardmäßig installierte gefährliche CA-Zertifikat über ein Update deinstallieren oder per Hand dauerhaft entfernen können. --------------------------------------------- http://heise.de/-3015616 *** 3 Attacks on Cisco TACACS+: Bypassing the Ciscos auth *** --------------------------------------------- I would like to tell the results of my little security research of TACACS+ protocol. --------------------------------------------- http://agrrrdog.blogspot.ca/2015/11/3-attacks-on-cisco-tacacs-bypassing.html *** Hackers do the Haka - Part 1 *** --------------------------------------------- Haka is an open source network security oriented language that allows writing security rules and protocol dissectors. In this first part of a two-part series, we will focus on writing security rules. --------------------------------------------- http://thisissecurity.net/2015/11/23/hackers-do-the-haka-part-1/ *** Heap Overflow in PCRE *** --------------------------------------------- There are two variants of PCRE, the classic one and PCRE2. PCRE2 is not affected. ... If you use PCRE with potentially untrusted regular expressions you should update immediately. There is no immediate risk if you use regular expressions from a trusted source with an untrusted input. --------------------------------------------- https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html *** Ermittlern gelingt Schlag gegen weltweit agierende Phisher-Bande *** --------------------------------------------- Das LKA Sachsen hat fünf Tatverdächtige verhaftet, die bandenmäßig mit Betrugsanrufen PIN-Codes für Online-Zahlungsgutscheine abgephisht haben sollen. --------------------------------------------- http://heise.de/-3016944 *** WP Page Widget <= 2.7 - Authenticated Reflected Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8317 *** Social Share Button <= 2.1 - Authenticated Persistent Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8326 *** Google kann Android-Geräte aus der Ferne entsperren *** --------------------------------------------- Google kann offensichtlich die Bildschirmsperren der meisten Android-Geräte auf Behördenanordnung zurücksetzen. Das geht aus dem Bericht eines New Yorker Bezirksstaatsanwalt hervor. Der einzige Schutz dagegen ist die Vollverschlüsselung. --------------------------------------------- http://heise.de/-3015984 *** WP Live Chat Support <= 4.3.5 - Unauthenticated Blind SQL Injection *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8343 *** WR ContactForm <= 1.1.9 - Authenticated SQL Injection *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8341

1 0

Tageszusammenfassung - Montag 23-11-2015
by Daily end-of-shift report 23 Nov '15

23 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 20-11-2015 18:00 − Montag 23-11-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Command and Control Server Detection: Methods & Best Practices *** --------------------------------------------- Botnet C&C servers issue commands in many ways Recently I discussed botnets and the way they represent an ongoing and evolving threat to corporate IT security. This time I'll be discussing .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/command-and-control-se… *** Cisco Networking Services Sensitive Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Deepsec: ZigBee macht Smart Home zum offenen Haus *** --------------------------------------------- ZigBee-Funknetze weisen nach neuen Erkenntnissen von Sicherheitsforschern eklatante Sicherheitsmängel auf. Die Technik wird beispielsweise bei der Steuerung von Türschlössern eingesetzt. --------------------------------------------- http://heise.de/-3010287 *** Blackberry Offers Lawful Device Interception Capabilities *** --------------------------------------------- An anonymous reader writes: Apple and Google have been vocal in their opposition to any kind of government regulation of cell phone encryption. BlackBerry, however, is taking a different stance, saying it specifically supports "lawful interception capabilities" .. --------------------------------------------- http://yro.slashdot.org/story/15/11/22/0048205/blackberry-offers-lawful-dev… *** JW Player 6 Plugin for Wordpress <= 2.1.14 - Authenticated Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8260 *** DSA-3401 openjdk-7 - security update *** --------------------------------------------- It was discovered that rebinding a receiver of a direct method handlemay allow a protected method to be accessed. --------------------------------------------- https://www.debian.org/security/2015/dsa-3401 *** Bugtraq: Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation *** --------------------------------------------- Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation --------------------------------------------- http://www.securityfocus.com/archive/1/536951 *** Data breach at firm that manages Cisco, Microsoft certifications *** --------------------------------------------- Pearson VUE says credentials manager product affected Cisco, IBM, Oracle and Microsofts certification management provider, Pearson VUE, has copped to a data breach following a malware .. --------------------------------------------- www.theregister.co.uk/2015/11/23/pearson_vue_data_breach_pcm/ *** Ist hier jemand Dell-Kunde? Die shippen anscheinend ... *** --------------------------------------------- Ist hier jemand Dell-Kunde? Die shippen anscheinend eine Backdoor-CA mit ihrem Windows.Aber, mal unter uns, wer sich irgendeinen PC kauft und nicht als erstes das Windows wegschmeisst und frisch neu installiert, dem ist eh nicht zu helfen.Daher war das ja .. --------------------------------------------- http://blog.fefe.de/?ts=a8adce6b *** WP Database Backup <= 3.3 - Authenticated Persistent Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8275 *** Pornography - A Favorite Costume For Android Malware *** --------------------------------------------- 30% of Internet traffic is in some way related to pornography and this is the primary reason why malware authors are using porn apps to infect large numbers of users. During recent data mining, we noticed an increasing volume of mobile malware using pornography (disguised as porn apps) to lure victims into different scams .. --------------------------------------------- http://research.zscaler.com/2015/11/pornography-favorite-costume-for.html

1 0

Tageszusammenfassung - Freitag 20-11-2015
by Daily end-of-shift report 20 Nov '15

20 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 19-11-2015 18:00 − Freitag 20-11-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** Trojanized adware family abuses accessibility service to install whatever apps it wants *** --------------------------------------------- Shedun does not exploit a vulnerability in the service, instead it takes advantage of the service's legitimate features. By gaining the permission to use the accessibility service, Shedun is able to read the text that appears on screen, determine if an application installation prompt is shown, scroll through the permission list, and finally, press the install button without any physical interaction from the user. --------------------------------------------- https://blog.lookout.com/blog/2015/11/19/shedun-trojanized-adware/ *** Tibbo AggreGate Platform Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for vulnerabilities in the Tibbo AggreGate SCADA/HMI package. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01 *** When Hunting BeEF, Yara rules. *** --------------------------------------------- BeEF, The Browser Exploitation Framework, is a penetration-testing tool focusing on web browsers. You can think of it as the Metasploit for web browsers security testing. In fact, it offers several modules that may allow the attacker to, for example, steal web login credentials, switch on microphone and camera, etc. --------------------------------------------- https://isc.sans.edu/diary/When+Hunting+BeEF%2C+Yara+rules./20395 *** HTTP Evasions Explained - Part 8 - Borderline Robustness *** --------------------------------------------- This is part eight in a series which explains the evasions done by HTTP Evader. This part looks into the excessive and inconsistent robustness attempts done by the browser vendors and how this can be used to evade firewalls. --------------------------------------------- http://noxxi.de/research/http-evader-explained-8-borderline-robustness.html *** Nmap 7 Released! *** --------------------------------------------- I encounter many folks at security conferences who havent heard about all the modern Nmap capabilities and still just use it as a simple port scanner. Folks who dont use (or at least know about) NSE, Ncat, Nping, Zenmap, Ndiff, version detection and IPv6 scanning are really missing out! --------------------------------------------- http://seclists.org/nmap-announce/2015/6 *** contrast-rO0 *** --------------------------------------------- A lightweight Java agent for preventing attacks against object deserialization like those discussed by @breenmachine and the original researchers @frohoff and @gebl, affecting WebLogic, JBoss, Jenkins and more. --------------------------------------------- https://github.com/Contrast-Security-OSS/contrast-rO0 *** Metasploit module: Chkrootkit Local Privilege Escalation *** --------------------------------------------- Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privsec. CVE: CVE-2014-0476 --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110179 *** ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting *** --------------------------------------------- ArcSight Management Center and ArcSight Logger contain a cross-site scripting vulnerability. --------------------------------------------- http://jvn.jp/en/jp/JVN51046809/ *** IBM Security Bulletin: IBM i Access for Windows affected by vulnerabilities CVE-2015-2023 and CVE-2015-7422 *** --------------------------------------------- IBM i Access for Windows is affected by vulnerabilities CVE-2015-2023 and CVE-2015-7422. These vulnerabilities affect the Windows system running the IBM i Access for Windows product. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1020996 *** IBM Security Bulletin: Multiple vulnerabilities in current releases of IBM WebSphere Real Time *** --------------------------------------------- Java SE issues disclosed in the Oracle October 2015 Critical Patch Update, plus CVE-2015-5006 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970978

1 0

Tageszusammenfassung - Donnerstag 19-11-2015
by Daily end-of-shift report 19 Nov '15

19 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 18-11-2015 18:00 − Donnerstag 19-11-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** GovCERT.ch zu den DDoS-Erpressungen *** --------------------------------------------- Die Kollegen aus der Schweiz haben ausführlich zu den aktuellen Erpressungsversuchen (DD4BC/Armada Collective) gebloggt und auch eine Zusammenfassung über Mitigations-Massnahmen geschrieben. --------------------------------------------- http://www.cert.at/services/blog/20151119115219-1633.html *** BSI veröffentlicht Bericht zur Lage der IT-Sicherheit in Deutschland 2015 *** --------------------------------------------- Der Bericht zur Lage der IT-Sicherheit in Deutschland beschreibt und analysiert die aktuelle IT-Sicherheitslage, die Ursachen von Cyber-Angriffen sowie die verwendeten Angriffsmittel und -methoden. Daraus abgeleitet thematisiert der Lagebericht Lösungsansätze zur Verbesserung der IT-Sicherheit in Deutschland. Der Lagebericht verdeutlicht, dass die Anzahl der Schwachstellen und Verwundbarkeiten in IT-Systemen weiterhin auf einem hohen Niveau liegt und ... --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2015/Lage_der_IT… *** ARRIS Cable Modem has a Backdoor in the Backdoor *** --------------------------------------------- While researching on the subject, I found a previously undisclosed backdoor on ARRIS cable modems, affecting many of their devices including TG862A, TG862G, DG860A. As of this writing, Shodan searches indicate that the backdoor affects over 600.000 externally accessible hosts and the vendor did not state whether its going to fix it yet. --------------------------------------------- https://w00tsec.blogspot.co.at/2015/11/arris-cable-modem-has-backdoor-in.ht… *** BSI veröffentlicht Sicherheitsstudie zu TrueCrypt *** --------------------------------------------- Im Auftrag des Bundesamtes für Sicherheit in der Informationstechnik (BSI) untersuchte das Fraunhofer-Institut für Sichere Informationstechnologie SIT die Verschlüsselungssoftware TrueCrypt auf Sicherheitslücken. ... Die Sicherheitsexperten kommen zu dem Ergebnis, dass TrueCrypt weiterhin für die Verschlüsselung von Daten auf Datenträgern geeignet ist. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2015/Sicherheits… *** ZDI-15-570: SQLite fts3_tokenizer Untrusted Pointer Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/U5RlY6kAls0/ *** Encrypt - Moderately Critical - Weak Encryption - SA-CONTRIB-2015-166 *** --------------------------------------------- This module enables you to encrypt data within Drupal using a user-configurable encryption method and key provider. The module did not sufficiently validate good configurations and api usage resulting in multiple potential weaknesses ... --------------------------------------------- https://www.drupal.org/node/2618362 *** Actors using exploit kits - How they change tactics, (Thu, Nov 19th) *** --------------------------------------------- Introduction Exploit kits (EKs) are used by criminals to infect unsuspecting users while they are browsing the web. EKs are hosted on servers specifically dedicated to the EK. How are the users computers directed to an EK? It happens through compromised websites. Threat actors compromise legitimate websites, and pages from these compromised servers have injected script that connects the users computer to an EK server. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20391&rss *** NVIDIA Driver Windows Control Panel Unquoted Search Path Lets Local Users Gain Elevated Privileges *** --------------------------------------------- The NVIDIA Control Panel executable Smart Maximize Helper (nvSmartMaxApp.exe) uses an unquoted path when launching process threads. A local user can place a specially crafted program in certain locations in the search path to cause arbitrary code to be executee with elevated privileges during Windows startup. --------------------------------------------- http://www.securitytracker.com/id/1034175 *** NVIDIA 3D Driver for Windows Named Pipe Access Control Flaw Lets Remote Authenticated Users Gain Elevated Privileges *** --------------------------------------------- The 3D Driver's 'Vision service' (nvSCPAPISvr.exe) creates a named pipe without proper access controls. A local user or a remote authenticated user can create a specially crafted run key entry to execute arbitrary command line statements with the privileges of the target user. In a Windows Domain environment, a remote authenticated user with access to a domain-joined system can exploit this flaw within the joined domain. --------------------------------------------- http://www.securitytracker.com/id/1034173 *** Microsoft Security Intelligence Report: Strontium *** --------------------------------------------- The Microsoft Security Intelligence Report (SIR) provides a regular snapshot of the current threat landscape, using data from more than 600 million computers worldwide. The latest report (SIRv19) was released this week and includes a detailed analysis of the actor group STRONTIUM - a group that uses zero-day exploits to collect the sensitive information of high-value targets in government and political organizations. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/11/18/microsoft-security-intel… *** NVIDIA NVAPI and Kernel Mode Driver Bugs Let Local Users Deny Service, Obtain Potentially Sensitive Information, and Gain Elevated Privielges *** --------------------------------------------- The NVAPI support layer of NVIDIA GPU graphics drivers does not properly validate user-supplied input. In addition, an integer overflow may occur in the kernel mode driver. A local user can exploit these vulnerabilities to potentially sensitive information, deny service, or execute arbitrary code on the target system with elevated privileges. --------------------------------------------- http://www.securitytracker.com/id/1034176 *** Open-Xchange Guard 2.0 Cross Site Scripting *** --------------------------------------------- Topic: Open-Xchange Guard 2.0 Cross Site Scripting Risk: Low Text:Product: Open-Xchange Guard Vendor: Open-Xchange GmbH Internal reference: 41466 (Bug ID) Vulnerability type: Cross-Site-Sc... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110166 *** Edgy online shoppers face Dyre Christmas as malware mutates *** --------------------------------------------- Bank-plundering code now hunts Windows 10 and its Edge browser VXers have cooked up Windows 10 and Edge support for the nasty Dyre or Dyreza banking trojan. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/19/edgy_online… *** Windows Sandbox Attack Surface Analysis *** --------------------------------------------- TL;DR; I've released my tools I use internally to test out sandboxed code and determine the likely attack surface exposed to an attacker if a sandboxed process is compromised. You can get the source code from https://github.com/google/sandbox-attacksurface-analysis-tools. This blog post will describe a few common use cases so that you can use them to do your own sandbox analysis. --------------------------------------------- http://googleprojectzero.blogspot.co.at/2015/11/windows-sandbox-attack-surf… *** Bugtraq: CVE-2015-8131: Kibana CSRF vulnerability *** --------------------------------------------- Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a CSRF attack. We have been assigned CVE 2015-8131 for this issue. CVSS Score: 4.0 Remediation: We recommend that all Kibana users upgrade to either 4.1.3, 4.2.1, or a later version. --------------------------------------------- http://www.securityfocus.com/archive/1/536935 *** Russian financial cybercrime: how it works *** --------------------------------------------- The Russian-language cybercrime market is known all over the world. Kaspersky Lab experts have been monitoring the Russian hacker underground since its emergence. In this review we analyze how financial cybercrime works. --------------------------------------------- http://securelist.com/analysis/publications/72782/russian-financial-cybercr… *** VMSA-2015-0008 *** --------------------------------------------- vCenter Server, vCloud Director, Horizon View information disclosure issue VMware products that use Flex BlazeDS may be affected by a flaw in the processing of XML External Entity (XXE) requests. A specially crafted XML request sent to the server could lead to unintended information be disclosed. ... The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-3269 to this issue. --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0008.html *** Cisco Unified Interaction Manager Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the web chat interface of Cisco Unified Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the chat on the affected system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-… *** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450) *** --------------------------------------------- An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by WebSphere Application Server and WebSphere Application Server Hypervisor Edition. This vulnerability does not affect the IBM HTTP Server or versions of WebSphere Application Server prior to Version 7.0. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970575

1 0

Tageszusammenfassung - Mittwoch 18-11-2015
by Daily end-of-shift report 18 Nov '15

18 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 17-11-2015 18:00 − Mittwoch 18-11-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Adobe releases out-of-band security patches - amazingly not for Flash *** --------------------------------------------- ColdFusion, LiveCycle and Premiere get fixed ... Adobe says that it hasnt seen any evidence that these flaws are being exploited in the wild, but that users should patch anyway, just to be on the safe side - certainly before hackers reverse-engineer the updates and start abusing the bugs... --------------------------------------------- http://www.theregister.co.uk/2015/11/17/adobe_releases_outofband_security_p… *** Introducing Chuckle and the importance of SMB signing *** --------------------------------------------- Digital signing is a feature of SMB designed to allow a recipient to confirm the authenticity of SMB packets and to prevent tampering during transit - this feature was first made available back in Windows NT 4.0 Service Pack 3. By default, only domain controllers require packets to be signed and this default behavior is usually seen in most corporate networks. --------------------------------------------- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2015/novem… *** Team Cymru: Free tools for incident response *** --------------------------------------------- We at Team Cymru would like to be helpful to incident response vendors in implementing the USG's growing security strategy. To that end, we have identified a few of our free community resources (and one commercial service) that would be most useful to IR. --------------------------------------------- https://blog.team-cymru.org/2015/11/free-tools-for-incident-response-and-a-… *** How two seconds become two days *** --------------------------------------------- At 3:37PM PST, we had a power blip in one of our datacenters. In those two seconds, over 1,000 systems blinked offline. As a non-profit, we don't have all of those niceties such as hot-hot datacenters or those new fangled UPSes. Instead, we do it the old fashioned way, which means we are susceptible to... --------------------------------------------- http://blog.shadowserver.org/2015/11/17/how-two-seconds-become-two-days/ *** A flaw in D-Link Switches opens corporate networks to hack *** --------------------------------------------- A flaw in certain D-Link switches can be exploited by remote attackers to access configuration data and hack corporate networks. The independent security researcher Varang Amin and the chief architect at Elastica's Cloud Threat Labs Aditya Sood have discovered a vulnerability in the D-Link Switches belonging to the DGS-1210 Series Gigabit Smart Switches. The security experts revealed... --------------------------------------------- http://securityaffairs.co/wordpress/42054/hacking/d-link-switches-flaw.html *** Blast from the Past: Blackhole Exploit Kit Resurfaces in Live Attacks *** --------------------------------------------- The year is 2015 and a threat actor is using the defunct Blackhole exploit kit in active drive-by download campaigns via compromised websites.Categories: ExploitsTags: drive-by downloadsexploitexploit kitwebsite(Read more...) --------------------------------------------- https://blog.malwarebytes.org/exploits-2/2015/11/blast-from-the-past-blackh… *** Google VirusTotal - now with autoanalysis of OS X malware *** --------------------------------------------- Google just announced that its virus classification and auto-analysis service, VirusTotal, is now officially interested in OS X malware. --------------------------------------------- http://feedproxy.google.com/~r/nakedsecurity/~3/buCfkbvoJqQ/ *** Nishang: A Post-Exploitation Framework *** --------------------------------------------- Introduction I was recently doing an external penetration test for one of our clients, where I got shell access to Windows Server 2012(Internal WebServer sitting behind an IPS) with Administrative Privileges. It also appears to have an Antivirus installed on the system as everything I was uploading on to the machine was being deleted on... --------------------------------------------- http://resources.infosecinstitute.com/nishang-a-post-exploitation-framework/ *** 10 dumb security mistakes sys admins make *** --------------------------------------------- Security isn't merely a technical problem -- its a people problem. There's only so much technology you can throw at a network before dumb human mistakes trip you up.But guess what? Those mistakes are often committed by the very people who should know better: system administrators and other IT staff.[ Also on InfoWorld: 10 security mistakes that will get you fired. | Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorlds... --------------------------------------------- http://www.cio.com/article/3006147/security/10-dumb-security-mistakes-sys-a… *** SANS Pentest Sumit: Evil DNS tricks by Ron Bowes - slide deck *** --------------------------------------------- Things Im gonna talk about: * How to use DNS in pentesting * How to use DNSs indirect nature * DNS tunnelling (dnscat2) --------------------------------------------- https://docs.google.com/presentation/d/1Jxh6PPO9JbUqXwOCTQFyA00uQoFMDBh-1Pe… *** Cyber Security Assessment Netherlands 2015: cross-border cyber security approach necessary *** --------------------------------------------- The CSAN has five Core Findings: * Cryptoware and other ransomware constitute the preferred business model for cyber criminals * Geopolitical tensions manifest themselves increasingly often in (impending) digital security breaches * Phishing is often used in targeted attacks and can barely be recognised by users * Availability becomes more important as alternatives to IT systems are disappearing * Vulnerabilities in software are still the Achilles heel of digital security --------------------------------------------- https://www.ncsc.nl/english/current-topics/Cyber+Security+Assessment+Nether… *** Inside the Conficker-Infected Police Body Cameras *** --------------------------------------------- A Florida integrator who discovered the Conficker worm lurking in body cameras meant for police use takes Threatpost inside the story, including a frustrating disclosure with a disbelieving manufacturer. --------------------------------------------- http://threatpost.com/inside-the-conficker-infected-police-body-cameras/115… *** EMC VPLEX GeoSynchrony Default Log Level Lets Local Users View Passwords *** --------------------------------------------- http://www.securitytracker.com/id/1034169 *** F5 security advisory: NTP vulnerability CVE-2015-5300 *** --------------------------------------------- A man-in-the-middle attacker able to intercept network time protocol (NTP) traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time. --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/k/10/sol10600056.html?ref=… *** Atlassian Hipchat XSS to RCE *** --------------------------------------------- Topic: Atlassian Hipchat XSS to RCE Risk: Medium Text:Two issues exist in Atlassian’s HipChat desktop client that allow an attacker to retrieve files or execute remote code when a... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110164 *** [HTB23272]: RCE and SQL injection via CSRF in Horde Groupware *** --------------------------------------------- Product: Horde Groupware v5.2.10 Vulnerability Type: Cross-Site Request Forgery [CWE-352]Risk level: High Creater: http://www.horde.orgAdvisory Publication: September 30, 2015 [without technical details]Public Disclosure: November 18, 2015 CVE Reference: CVE-2015-7984 CVSSv2 Base Score: 8.3 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H] Vulnerability Details: High-Tech Bridge Security Research Lab discovered three Cross-Site Request Forgery (CSRF) vulnerabilities in a popular collaboration... --------------------------------------------- https://www.htbridge.com/advisory/HTB23272 *** Security Advisory - Information Leak Vulnerability in Huawei DSM Product *** --------------------------------------------- There is a information leak vulnerability in DSM (Document Security Management) Product. The DSM does not clear the clipboard after data in a secure file opened using the DSM is copied and the secure file is closed. Data in the clipboard can be copied in common documents that do not use the DSM, leading to information leaks. (Vulnerability ID: HWPSIRT-2015-09009) Huawei has released software updates to fix these vulnerabilities. --------------------------------------------- http://www1.huawei.com/en/security/psirt/security-bulletins/security-adviso… *** Symantec Endpoint Protection Elevation of Privilege Issues SYM15-011 *** --------------------------------------------- 11/16/2015 - Assigned a new CVE ID, CVE-2015-8113 and Bugtraq ID 77585, to the SEP Client Binary Planting Partial Fix to differentiate between the original fix released in 12.1-RU6-MP1 and the updated issue and fix released in 12.1-RU6-MP3 --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Firepower 9000 USB Kernel Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Firepower 9000 Persistent Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Firepower 9000 Cross-Site Request Forgery Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Firepower 9000 Series Switch Clickjacking Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Firepower 9000 Arbitrary File Read Access Script Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-4852) *** http://www.ibm.com/support/docview.wss?uid=swg21970575 --------------------------------------------- *** IBM Security Bulletin: IBM Sterling B2B Integrator has Cross Site Scripting vulnerabilities in Queue Watcher (CVE-2015-7431) *** http://www.ibm.com/support/docview.wss?uid=swg21970676 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.5.0 and 1.7.0 affect IBM Flex System Manager (FSM) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022835 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director Storage Control (CVE-2015-2613 CVE-2015-2601 CVE-2015-2625 CVE-2015-1931 ) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022936 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Monitoring (CVE-2015-1829, CVE-2015-3183, CVE-2015-1283, CVE-2015-4947, CVE-2015-2808) *** http://www.ibm.com/support/docview.wss?uid=swg21970056 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.5.0 and 1.7.0 affect IBM Flex System Manager (FSM) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022820 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 17-11-2015
by Daily end-of-shift report 17 Nov '15

17 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 16-11-2015 18:00 − Dienstag 17-11-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Cyber crooks actively hijacking servers with unpatched vBulletin installations *** --------------------------------------------- Administrators of vBulletin installations would do well to install the latest vBulletin Connect updates as soon as possible, as cyber crooks are actively searching for servers running vulnerable versi... --------------------------------------------- http://www.net-security.org/secworld.php?id=19113 *** Windows driver signing bypass by Derusbi *** --------------------------------------------- Derusbi is an infamous piece of malware. The oldest identified version was compiled in 2008. It was used on well-known hacks such as the Mitsubishi Heavy Industries hack discovered in October 2011 or the Anthem hack discovered in 2015. --------------------------------------------- http://www.sekoia.fr/blog/windows-driver-signing-bypass-by-derusbi/ *** Developers Are (still) From Mars, Infosec People (still) From Venus *** --------------------------------------------- In March 2011, Brian Honan contributed to an issue of the INSECURE magazine with an article called "Management are from Mars, information security professional are from Venus". This title comes from the John Gray's worldwide bestseller where he presents the relations between men and women. Still today, we can reuse this subject for many purposes. Last week, I... --------------------------------------------- https://blog.rootshell.be/2015/11/17/developers-mars-infosec-people-venus/ *** Why Algebraic Eraser may be the riskiest cryptosystem you've never heard of *** --------------------------------------------- Researchers say there's a fatal flaw in proposed "Internet of things" standard. --------------------------------------------- http://arstechnica.com/security/2015/11/why-algebraic-eraser-may-be-the-mos… *** Cyber Security Assessment Netherlands 2015: cross-border cyber security approach necessary *** --------------------------------------------- Cybercrime and digital espionage remain the largest threat to digital security in the Netherlands. Geopolitical developments like international conflicts and political sensitivities have a major impact on the scope of this threat. These are key findings from the Cyber Security Assessment Netherlands (CSAN), presented to the House of Representatives by State Secretary Dijkhoff in October, and now available in English. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/cyber-security-assessment-n… *** Gas- und Öl-Industrie: Leichte Ziele für Hacker *** --------------------------------------------- Sicherheitsforscher warnen davor, dass Cyber-Kriminelle mit vergleichsweise einfachen Methoden einen Großteil der weltweiten Öl-Produktion kontrollieren könnten. --------------------------------------------- http://heise.de/-2922912 *** Bugtraq: Open-Xchange Security Advisory 2015-11-17 *** --------------------------------------------- PGP public keys allow to specify arbitrary "User ID" information that gets encoded to the public key and is presented to OX Guard users at "Guard PGP Settings". Public keys containing such content are still valid. Therefor they can be distributed and in case the uid field contains javascript code, they can be used to inject code. --------------------------------------------- http://www.securityfocus.com/archive/1/536923 *** Cisco Firepower 9000 Unauthenticated File Access Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** D-Link DIR-645 UPNP Buffer Overflow *** --------------------------------------------- Topic: D-Link DIR-645 UPNP Buffer Overflow Risk: High Text:## Advisory Information Title: Dlink DIR-645 UPNP Buffer Overflow Vendors contacted: William Brown <william.brown(a)dlink.com... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110133 *** D-Link DIR-815 Buffer Overflow / Command Injection *** --------------------------------------------- Topic: D-Link DIR-815 Buffer Overflow / Command Injection Risk: High Text:## Advisory Information Title: DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities Ve... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110135 *** Huawei Security Notice - Statement on Seclists.org Revealing Security Vulnerability in Huawei P8 Smart Phone *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices…

1 0

Tageszusammenfassung - Montag 16-11-2015
by Daily end-of-shift report 16 Nov '15

16 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 13-11-2015 18:00 − Montag 16-11-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** BitLocker encryption can be defeated with trivial Windows authentication bypass *** --------------------------------------------- Companies relying on Microsoft BitLocker to encrypt the drives of their employees computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk.Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the attack Friday at the Black Hat Europe security conference in Amsterdam. The issue affects Windows computers that are part... --------------------------------------------- http://www.cio.com/article/3005178/bitlocker-encryption-can-be-defeated-wit… *** The November 2015 issue of our SWITCH Security Report is available! *** --------------------------------------------- Dear Reader! A new issue of our monthly SWITCH Security Report has just been released. The topics covered in this report are: No safe harbour in the Land of the Free - EU Court of Justice restricts data transfer to... --------------------------------------------- http://securityblog.switch.ch/2015/11/13/the-november-2015-issue-of-our-swi… *** Websicherheit: Datenleck durch dynamische Skripte *** --------------------------------------------- Moderne Webseiten erstellen häufig dynamischen Javascript-Code. Wenn darin private Daten enthalten sind, können fremde Webseiten diese auslesen. Bei einer Untersuchung von Sicherheitsforschern war ein Drittel der untersuchten Webseiten von diesem Problem betroffen. --------------------------------------------- http://www.golem.de/news/websicherheit-datenleck-durch-dynamische-skripte-1… *** Op-ed: (How) did they break Diffie-Hellman? *** --------------------------------------------- Relax - its not true that researchers have broken the Diffie-Hellman key exchange protocol. --------------------------------------------- http://arstechnica.com/security/2015/11/op-ed-how-did-they-break-diffie-hel… *** More POS malware, just in time for Christmas *** --------------------------------------------- VXers stuff evidence-purging malware in retailer stockings. Threat researchers are warning of two pieces of point of sales malware that have gone largely undetected during years of retail wrecking and now appear likely to earn VXers a haul over the coming festive break. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/16/more_pos_ma… *** Black Hat Europe 2015 slides *** --------------------------------------------- briefings - november 12-13 --------------------------------------------- https://www.blackhat.com/eu-15/briefings.html *** Choosing the Right Cryptography Library for your PHP Project: A Guide *** --------------------------------------------- ... conventional wisdom states that you almost certainly should not try to design your own cryptography. Instead, you should use an existing cryptography library. Okay, great. So which PHP cryptography library should I use? That depends on your exact requirements. Lets look at some good choices. (We wont cover any terrible choices.) --------------------------------------------- https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-… *** Apple OS X authentication issue when recovering from sleep mode *** --------------------------------------------- When Apple Remote Desktop is used in full screen mode and the remote connection is alive upon entering sleep mode, the text entered in the dialog box upon recovering from sleep mode is sent to the remotely connected host instead of the local host. This may result in command execution at the remote host. --------------------------------------------- http://jvn.jp/en/jp/JVN56210048/index.html *** Programmbibliothek libpng verlangt nach Sicherheitsupdates *** --------------------------------------------- Eine Schwachstelle in libpng kann als Einfallstor für Angreifer dienen, um Anwendungen zum Absturz zu bringen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Programmbibliothek-libpng-verlangt-n… *** Container: CoreOS gibt CVE-Service als Open Source frei *** --------------------------------------------- Der Linux-Distributor CoreOS hat sein Container-Security-Werkzeug Clair als Open-Source-Software freigegeben. Das Tool ist in der Lage, jede einzelne Containerschicht nach Schwachstellen zu durchforsten und im Falle eines Fundes eine Meldung über die Art der Bedrohung zu übermitteln. Hierfür greift Clair auf die CVE-Datenbank (Common Vulnerabilities and Exposures) und ähnliche Ressourcen von Red Hat, Ubuntu, und Debian zurück. Clair hilft allerdings nicht, die... --------------------------------------------- http://www.heise.de/newsticker/meldung/Container-CoreOS-gibt-CVE-Service-al… *** LiME - Linux Memory Extractor *** --------------------------------------------- Features Full Android memory acquisition Acquisition over network interface Minimal process footprint --------------------------------------------- http://www.kitploit.com/2015/11/lime-linux-memory-extractor.html *** DD4BC / Armada Collective: Erpressung mittels DDoS *** --------------------------------------------- DD4BC / Armada Collective: Erpressung mittels DDoS16. November 2015Das ist mal wieder nichts wirklich Neues. Distributed Denial of Service Angriffe gibt es schon lange, das mag mit Turf-Fights in der Rotlicht-Szene angefangen haben, der Angriff auf Estland 2007 hat das Thema groß in die Presse gebracht, und spätestens seit den Angriffen der "Anonymous"-Bewegung sollte das Problem allgemein bekannt sein. Dazu gibt es auch einen Abschnitt in unserem letzten... --------------------------------------------- http://www.cert.at/services/blog/20151116114639-1627.html *** BlackBerry Enterprise Server Input Validation Flaw in Management Console Lets Remote Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1034154 *** D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability *** --------------------------------------------- Cross-Site Request Forgery (CSRF) vulnerability in the DIR-816L wireless router enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated. --------------------------------------------- http://www.securityfocus.com/archive/1/536886 *** Debian: strongswan security update *** --------------------------------------------- Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials. --------------------------------------------- https://lists.debian.org/debian-security-announce/2015/msg00303.html *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Videoscape Distribution Suite Service Manager Information Disclosure Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS Software Virtual PPP Interfaces Security Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco FireSIGHT Management Center Certificate Validation Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** Apache Commons Vulnerability for handling Java object deserialization *** http://www.ibm.com/support/docview.wss?uid=swg21970575 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in GSKit affects IBM DataPower Gateways (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21969271 --------------------------------------------- *** IBM Security Bulletin: Certain cookies missing Secure attribute in IBM DataPower Gateways (CVE-2015-7427) *** http://www.ibm.com/support/docview.wss?uid=swg21969342 --------------------------------------------- *** Security Bulletin: Vulnerabilities in OpenSSL affect IBM System Networking RackSwitch (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792) *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098801 --------------------------------------------- *** IBM Security Bulletin: IBM Cúram Social Program Management contains an Apache Batik Vulnerability (CVE-2015-0250) *** http://www.ibm.com/support/docview.wss?uid=swg21970112 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition *** http://www.ibm.com/support/docview.wss?uid=swg21969225 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in qemu-kvm affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance *** http://www.ibm.com/support/docview.wss?uid=swg21968929 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in FUSE affects PowerKVM (CVE-2015-3202) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022878 --------------------------------------------- *** IBM Security Bulletin: Lotus Protector for Mail Security affected by Opensource PHP Vulnerabilities (CVE-2015-6836 CVE-2015-6837 CVE-2015-6838) *** http://www.ibm.com/support/docview.wss?uid=swg21968353 --------------------------------------------- *** IBM Security Bulletin: GPFS security vulnerabilities in IBM SONAS (CVE-2015-4974 and CVE-2015-4981) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005425 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Mozilla gdk-pixbuf2 affects PowerKVM (CVE-2015-4491) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022833 --------------------------------------------- *** Vulnerability in bind affects AIX (CVE-2015-5722) *** http://www.ibm.com/support/ ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 13-11-2015
by Daily end-of-shift report 13 Nov '15

13 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 12-11-2015 18:00 − Freitag 13-11-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Using Facebook to log in - safe or not? *** --------------------------------------------- Open up your favorite web site and you can see what this is about right away. There are in many cases two options, an ordinary log-in and "Log in with Facebook". Have you been using the Facebook option? It is quite convenient, isn't it? I was talking to a journalist about privacy a while ago... --------------------------------------------- http://safeandsavvy.f-secure.com/2015/11/12/using-facebook-to-log-in-safe-o… *** MIG Mozilla InvestiGator *** --------------------------------------------- Search through your infrastructure in real-time from the command line --------------------------------------------- https://jve.linuxwall.info/ressources/taf/LISA15/ *** ZipInputStream Armageddon *** --------------------------------------------- Again, again, again .. and again these bugs are turning up because of the general lack of validation occurring on the ZIP contents. In most cases this is probably due to the fact that developers are making assumptions that these ZIP files are not being tampered with, and therefore dont really consider the ramifications. --------------------------------------------- http://rotlogix.com/2015/11/12/zipinputstream-armageddon/ *** botfrei.de: Werbeblocker-Sanktionen "der falsche Weg" *** --------------------------------------------- Das "Anti-Botnet Beratungszentrums" botfrei.de und der Betreiber, der eco Verband der Internetwirtschaft, halten Online-Werbung für wichtig. Sanktionen gegen Werbeblocker würden aber wichtige Nutzerinteressen unberücksichtigt lassen. --------------------------------------------- http://heise.de/-2920022 *** One BadBarcode Spoils Whole Bunch *** --------------------------------------------- At PacSec 2015, researchers demonstrated attacks using poisoned barcodes scanned by numerous keyboard wedge barcode scanners to open a shell on a machine and virtually type control commands. --------------------------------------------- http://threatpost.com/one-badbarcode-spoils-whole-bunch/115362/ *** Google Reconnaissance, Sprinter-style, (Fri, Nov 13th) *** --------------------------------------------- When doing security assessments or penetration tests, theres a significant amount of findings that you can get from search engines. For instance, if a client has sensitive information or any number of common vulnerabilities, you can often find those with a Google or Bing search, without sending a single packet to the clients infrastructure. This concept is called google dorking, and was pioneered by Johnny Long back in the day (he has since moved on to other projects see... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20375&rss *** Researchers Discover Two New Strains of POS Malware *** --------------------------------------------- Two new and different strains of point of sale malware have come to light, including one that's gone largely undetected for the past five years. --------------------------------------------- http://threatpost.com/researchers-discover-two-new-strains-of-pos-malware/1… *** Spring Social Core Vulnerability Disclosure *** --------------------------------------------- Today we would like to announce the discovery of a vulnerability in the Spring Social Core library. Spring Social provides Java bindings to popular service provider APIs like GitHub, Facebook, Twitter, etc., and is widely used by developers. All current versions (1.0.0.RELEASE to 1.1.2.RELEASE) of the library are affected by this vulnerability. --------------------------------------------- https://blog.srcclr.com/spring-social-core-vulnerability-disclosure/ *** Unitronics VisiLogic OPLC IDE Vulnerabilities *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on November 3, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for vulnerabilities in Unitronics VisiLogic OPLC IDE. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02 *** Security Advisory - App Validity Check Bypass Vulnerability in Huawei P7 Smartphone *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Security Notice - Statement on Black Hat Europe 2015 Revealing Security Vulnerability in Huawei P7 Smart Phone *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** DFN-CERT-2015-1761: Jenkins: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1761/ *** Cisco AnyConnect Secure Mobility Client Arbitrary File Move Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IOS Software Tunnel Interfaces Security Bypass Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Aironet 1800 Series Access Point SSHv2 Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…

1 0

Tageszusammenfassung - Donnerstag 12-11-2015
by Daily end-of-shift report 12 Nov '15

12 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 11-11-2015 18:00 − Donnerstag 12-11-2015 18:01 Handler: Robert Waldner Co-Handler: Stephan Richter *** Distributed Vulnerability Search - Told via Access Logs *** --------------------------------------------- Sometimes just a few lines of access logs can tell a whole story: Many ongoing attacks against WordPress and Joomla sites use a collection of known vulnerabilities in many different plugins, themes and components. This helps hackers maximize the number of sites they can compromise. Google Dorks Do you ever think about how hackers find... --------------------------------------------- https://blog.sucuri.net/2015/11/distributed-vulnerability-search-told-via-a… *** Latest Android phones hijacked with tidy one-stop-Chrome-pop *** --------------------------------------------- Chinese researcher burns exploit for ski trip. PacSec: Googles Chrome for Android has been popped in a single exploit that could lead to the compromise of any handset. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/12/mobile_pwn2… *** Samsung S6 calls open to man-in-the-middle base station snooping *** --------------------------------------------- Their cheap man-in-the-middle attack requires an OpenBTS base station to be established and located near target handsets. Handsets will automatically connect to the bogus station. The malicious base station then pushes firmware to the phones baseband processor (the chip that handles voice calls, and which isnt directly accessible to end users). ... The Register would speculate that since the Qualcomm silicon in question isnt unique to Samsung kit, other researchers are probably setting to work... --------------------------------------------- http://www.theregister.co.uk/2015/11/12/mobile_pwn2own1/ *** Geschäftsgeheimnisse: Sicherheitsforscher warnt vor TTIP *** --------------------------------------------- Das Freihandelsabkommmen TTIP hat eine weitere Gegnergruppe: IT-Sicherheitsforscher. Das jedenfalls sagt René Pfeiffer, Organisator der Deepsec in Wien. Er fürchtet, dass Informationen über Sicherheitsrisiken damit noch stärker unterbunden werden. --------------------------------------------- http://www.golem.de/news/geschaeftsgeheimnisse-sicherheitsforscher-warnt-vo… *** Outlook-Probleme: Microsoft fixt Sicherheits-Update für Windows *** --------------------------------------------- Microsoft hat ein fehlerhaftes Update zurückgezogen und durch eine gefixte Version ersetzt. Nach der Installation soll Outlook nicht mehr abstürzen. Doch es gibt noch weitere Probleme. --------------------------------------------- http://heise.de/-2919456 *** Pentesting SAP Applications : An Introduction *** --------------------------------------------- Introduction to SAP SAP (Systems-Applications-Products) is a software suite that offers standard business solutions; it is used by thousands of customers across the globe to manage their business. In other words, SAP systems provide the capability to manage financial, asset, and cost accounting, production operations and materials, personnel and many more tasks. Before we jump... --------------------------------------------- http://resources.infosecinstitute.com/pen-stesting-sap-applications-part-1/ *** EMV Protocol Fuzzer *** --------------------------------------------- The world-wide introduction of the Europay, MasterCard and Visa standard (EMV), to facilitate communication between smartcards and EMV-enabled devices, such as point-of-sale (POS) terminals and automatic teller machines (ATMs), has altered the security landscape of the daily markets. Surprisingly limited public research exists addressing security aspects of hardware and software specific implementations. This is something we wanted to put right and therefore started a new research programme to... --------------------------------------------- https://labs.mwrinfosecurity.com/blog/2015/11/11/emv-protocol-fuzzer/ *** Got a time machine? Good, you can brute-force 2FA *** --------------------------------------------- Security researcher Gabor Szathmari says the problem is that if your 2FA tokens depend on the network time protocol (NTP), its too easy for a sysadmin to put together an attackable implementation. As he explains in two posts.., if an attacker can trick NTP, they can mount a brute-force attack against the security tokens produced by Google Authenticator (the example in the POC) and a bunch of other Time-based One-time Password Algorithm-based (TOTP) 2FA mechanisms. --------------------------------------------- http://www.theregister.co.uk/2015/11/12/got_a_time_machine_good_you_can_bru… *** Spam and phishing in Q3 2015 *** --------------------------------------------- The dating theme is typical for spam emails, but in the third quarter of 2015 we couldn't help but notice the sheer variety appearing in these types of mailings. We came across some rather interesting attempts to deceive recipients and to bypass filters, as well as new types of spam mailings that were bordering on fraud. --------------------------------------------- https://securelist.com/analysis/quarterly-spam-reports/72724/spam-and-phish… *** Oracle WebLogic Server: CVE-2015-4852 patched, (Thu, Nov 12th) *** --------------------------------------------- Lost in the hoopla around Microsoft and Adobe patch Tuesday was a critical patch released by Oracle which addressed CVE-2015-4852. CVE-2105-4852is a critical vulnerability in Apache Commons which affects Oracle WebLogic Server. This vulnerability permits remote exploitation without authentication and should be patchedas soon as practical. More information can be found at the Oracle Blog. -- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ -... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20369&rss *** Cisco Cloud Web Security DNS Hijack, (Thu, Nov 12th) *** --------------------------------------------- We have received a report that a domain critical in delivering the Cisco Cloud Web Security product had for a while earlier today been hijacked. The report indicates thatthe DNS entrys forscansafe.net were hijacked and pointed to 208.91.197.132, a site which both VirusTotal and Web of Trust indicate has a reputation for delivering malware.">Guidance that has been provided to customers is that the issue has been resolved but that the TTL on the DNS entries are 48 hours so it will take a... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20371&rss *** Volatility 2.5 released *** --------------------------------------------- This is the first release since the publication of The Art of Memory Forensics! It adds support for Windows 10 (initial), Linux kernels 4.2.3, and Mac OS X El Capitan. Additionally, the unified output rendering gives users the flexibility of asking for results in various formats (html, sqlite, json, xlsx, dot, text, etc.) while simplifying things for plugin developers. In short, less code... --------------------------------------------- http://www.volatilityfoundation.org/?_escaped_fragment_=25/c1f29 *** Die Apache Software Foundation zu dem Java Commons Collection/Java (De)Serialization Problem *** --------------------------------------------- Die Apache Software Foundation zu dem Java Commons Collection/Java (De)Serialization Problem12. November 2015Die Apache Software Foundation hat dazu einen ausführlichen Blog-Post verfasst. Die Money Quote daraus: "Even when the classes implementing a certain functionality cannot be blamed for this vulnerability, and fixing the known cases will also not make the usage of serialization in an untrusted context safe, there is still demand to fix at least the known cases, even when this... --------------------------------------------- http://www.cert.at/services/blog/20151112140918-1625.html *** R-Scripts VRS 7R Multiple Stored XSS And CSRF Vulnerabilities *** --------------------------------------------- The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Stored cross-site scripting vulnerabilitity was also discovered. The issue is triggered when input passed via multiple POST parameters is not properly sanitized before being returned to the user. This can be exploited to execute... --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5274.php *** Cisco FireSight Management Center Web Framework Cross-Site Scripting Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Google Picasa CAMF Section Integer Overflow Vulnerability *** --------------------------------------------- 2) Severity Rating: Highly critical Impact: System Access Where: From remote ... 4) Solution Update to version 3.9.140 Build 259. --------------------------------------------- http://www.securityfocus.com/archive/1/536878 *** Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 *** --------------------------------------------- A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host. This vulnerability affects all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1. --------------------------------------------- http://support.citrix.com/article/CTX202583 *** Security Notice - Statement on Security Researchers Revealing a Security Vulnerability in Huawei HG630a&HG630a-50 on Packet Storm Website *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices…

1 0

Tageszusammenfassung - Mittwoch 11-11-2015
by Daily end-of-shift report 11 Nov '15

11 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 10-11-2015 18:00 − Mittwoch 11-11-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** November 2015 Security Update Release Summary *** --------------------------------------------- Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month's security updates and advisories can be found in the Security TechNet Library. MSRC Team --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2015/11/10/november-2015-security-u… *** MSRT November 2015: Detection updates *** --------------------------------------------- The Microsoft Malicious Software Removal Tool (MSRT) is updated monthly with new malware detections - so far this year we have added 29 malware families. This month we are updating our detections for some of the malware families already included in the tool. We choose the malware families we add to the MSRT each month using several criteria. One of the most common reasons is the prevalence of a family in the malware ecosystem. For example, in recent months we focused on... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/11/10/msrt-november-2015-detec… *** Patchday: Adobe pflegt den Flash-Patienten *** --------------------------------------------- Flash liegt mal wieder auf dem OP-Tisch und wird geflickt. Nutzer sollten ihren Flash-Patienten zügig behandeln, denn die Lücken gelten als kritisch. Exploits sollen aber noch nicht kursieren. --------------------------------------------- http://www.heise.de/newsticker/meldung/Patchday-Adobe-pflegt-den-Flash-Pati… *** What You Should Know about Triangulation Fraud and eBay *** --------------------------------------------- The increasing phenomenon of triangulation fraud on eBay has led to a published analysis on behalf of the company, as to how buyers should get informed and what they should pay attention to. Over the past few months, a new phenomenon has risen and its proportions have been growing exponentially. It seems that, even if... --------------------------------------------- http://securityaffairs.co/wordpress/41891/cyber-crime/triangulation-fraud-a… *** Symantec Endpoint Protection: Alte Sicherheitslücke bricht wieder auf *** --------------------------------------------- Eine totgeglaubte Schwachstelle ist wieder da, da ein älterer Patch nur Teile des Problems angegangen ist. Das aktuelle Update für Symantecs Endpoint Protection soll es nun richten und noch weitere Schwachstellen abdichten. --------------------------------------------- http://www.heise.de/newsticker/meldung/Symantec-Endpoint-Protection-Alte-Si… *** What Happens to Hacked Social Media Accounts *** --------------------------------------------- This article is going to look at a few reasons why a social media account is hacked. The goal is for you to understand why you will want to better protect your account, regardless of whether or not you see yourself as "important". --------------------------------------------- http://www.tripwire.com/state-of-security/security-awareness/what-happens-t… *** InstaAgent: Passwort-sammelnder Instagram-Client fliegt aus App Store und Google Play *** --------------------------------------------- Die App, die Nutzern verschiedene Zusatzinformationen zu ihrem Profil bei Facebooks populärem Foto-Dienst verspricht, sendete offenbar Instagram-Benutzernamen und Passwort im Klartext an einen Dritt-Server. --------------------------------------------- http://heise.de/-2917792 *** GasPot Integrated Into Conpot, Contributing to Open Source ICS Research *** --------------------------------------------- In August of this year, we presented at Blackhat our paper titled The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems. GasPot was a honeypot designed to mimic the behavior of the Guardian AST gas-tank-monitoring system. It was designed to look like no other existing honeypot, with each instance being unique to make fingerprinting by attackers impossible. These were deployed within networks located in various countries, to give us a complete picture of the attacks... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4jNwbTj60bk/ *** Questions are the answeres - How to avoid becoming the blamed victim *** --------------------------------------------- "You have to ask questions", I say. Questions before, during, and after a breach. If you ask the right questions at the right time, you'll be able to make better decisions than the knee-jerk ones you've been making. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/questions-are-the-answ… *** TA15-314A: Web Shells - Threat Awareness and Guidance *** --------------------------------------------- Original release date: November 10, 2015 Systems Affected Web servers that allow web shells Overview This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert outlines the threat and provides prevention, detection, and mitigation strategies.Consistent use of web shells by Advanced Persistent Threat (APT) and criminal groups has led to significant cyber incidents.This... --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA15-313A *** Bugtraq: [security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS) *** --------------------------------------------- http://www.securityfocus.com/archive/1/536877 *** Huawei HG630a / HG630a-50 Default SSH Admin Password *** --------------------------------------------- Topic: Huawei HG630a / HG630a-50 Default SSH Admin Password Risk: High Text:# Exploit Title: Huawei HG630a and HG630a-50 Default SSH Admin Password on Adsl Modems # Date: 10.11.2015 # Exploit Author: M... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110087 *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - Input Validation Vulnerability in Huawei VP9660 Products *** http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… --------------------------------------------- *** Security Advisory - Directory Traversal Vulnerability in Huawei AR Router *** http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… --------------------------------------------- *** Security Advisory - DoS Vulnerability in Huawei U2990 and U2980 *** http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… --------------------------------------------- *** Security Advisory - DoS Vulnerability in Huawei eSpace 8950 IP Phone *** http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… --------------------------------------------- *** Security Advisory - DoS Vulnerability in Huawei eSpace 7900 IP Phone *** http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… --------------------------------------------- *** ZDI-15-549: AlienVault Unified Security Management av-forward Deserialization of Untrusted Data Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/eDK-If3dTI8/ *** ZDI-15-548: AlienVault Unified Security Management Local Privilege Escalation Vulnerability *** --------------------------------------------- This vulnerability allows local attackers to escalate privileges to root on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/TpChWMSd5n0/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM FileNet eForms is affected by vulnerabilities in Apache HttpComponents(CVE-2012-6153 and CVE-2014-3577) *** http://www.ibm.com/support/docview.wss?uid=swg21962659 --------------------------------------------- *** IBM Security Bulletin: IBM Forms Server could be affected by a denial of service attack (CVE-2013-4517) *** http://www.ibm.com/support/docview.wss?uid=swg21962659 --------------------------------------------- *** IBM Security Bulletin: Fix Available for Denial of Service Vulnerability in IBM WebSphere Portal (CVE-2015-7419) *** http://www.ibm.com/support/docview.wss?uid=swg21969906 --------------------------------------------- *** IBM Security Bulletin: Additional Password Disclosure via application tracing in FlashCopy Manager on Windows, Data Protection for Exchange, and Data Protection for SQL CVE-2015-7404 *** http://www.ibm.com/support/docview.wss?uid=swg21969514 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in libuser affect Power Hardware Management Console (CVE-2015-3245 CVE-2015-3246) *** http://www.ibm.com/support/docview.wss?uid=nas8N1020961 --------------------------------------------- *** IBM Security Bulletin: IBM Cúram Social Program Management is vulnerable to a SQL injection attack *** http://www.ibm.com/support/docview.wss?uid=swg21967851 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Content Collector and IBM CommonStore for Lotus Domino (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21969654 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ *** http://www.ibm.com/support/docview.wss?uid=swg21970103 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Expeditor (CVE-2015-4000) *** http://www.ibm.com/support/docview.wss?uid=swg21959292 --------------------------------------------- *** Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director Storage Control *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098822 --------------------------------------------- *** IBM Security Bulletin: IBM FileNet eForms is affected by vulnerabilities in Apache HttpComponents(CVE-2012-6153 and CVE-2014-3577) *** http://www.ibm.com/support/docview.wss?uid=swg21970090 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 10-11-2015
by Daily end-of-shift report 10 Nov '15

10 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 09-11-2015 18:00 − Dienstag 10-11-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** The Internet of Bad Things, Observed *** --------------------------------------------- In his VB2015 keynote address, Ross Anderson described attacks against EMV cards.The VB2015 opening keynote by Ross Anderson could hardly have been more timely. In his talk "The Internet of Bad Things, Observed", the Cambridge professor looked at various attacks against the EMV standard for payment cards - attacks that have been used to steal real money from real people.Such cards, often called chip-and-PIN or chip-and-signature, are generally seen as better protected against... --------------------------------------------- http://www.virusbtn.com/blog/2015/11_10.xml?rss *** Linux.Encoder.1: Ransomware greift Magento-Nutzer an *** --------------------------------------------- Eine Malware für Linux verschlüsselt zurzeit die Daten von Nutzern des Magento-Shopsystems. Für die Entschlüsselung sollen die Opfer zahlen, doch die Angreifer haben geschlampt: Die Verschlüsselung lässt sich knacken. --------------------------------------------- http://www.golem.de/news/linux-encoder-1-ransomware-greift-magento-nutzer-a… *** Comodo fixes bug, revokes banned certificates *** --------------------------------------------- After reporting last week that it had issued banned certificates that could facilitate man in the middle (MitM) attacks, Comodo has fixed the "subtle bug" that the companys Senior Research and Development Scientist Rob Stradling wrote prompted the problem. --------------------------------------------- http://www.scmagazine.com/comodo-fixes-bug-revokes-banned-certificates/arti… *** Proof-of-concept threat is reminder OS X is not immune to crypto ransomware *** --------------------------------------------- Symantec analysis confirms that in the wrong hands, Mabouia ransomware could be used to attack Macs. Twitter Card Style: summary Analysis by Symantec has confirmed that the proof-of-concept (PoC) threat known as Mabouia works as described and could be used to create functional OS X crypto ransomware if it fell into the wrong hands.read more --------------------------------------------- http://www.symantec.com/connect/blogs/proof-concept-threat-reminder-os-x-no… *** Protecting Users and Enterprises from the Mobile Malware Threat, (Mon, Nov 9th) *** --------------------------------------------- With recent news of mobile malicious adware that roots smartphones, attention is again being paid to mobile security and the malware threat that is posed to it. While mobile ransomware is also a pervasive and growing threat, there are mobile RATs (such as JSocket and OmniRAT) that are also able to take full remote control of mobile devices. Some of the functionality of those tolls includes the ability to use the microphone to listen in on victims and to view whatever is in front of the camera... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20355&rss *** Cisco Connected Grid Network Management System Privilege Escalation Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 *** --------------------------------------------- A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host. ... --------------------------------------------- http://support.citrix.com/article/CTX202583 *** PowerDNS Security Advisory 2015-03: Packet parsing bug can lead to crashes *** --------------------------------------------- A bug was found using afl-fuzz in our packet parsing code. This bug, when exploited, causes an assertion error and consequent termination of the the pdns_server process, causing a Denial of Service. ... PowerDNS Authoritative Server 3.4.4 - 3.4.6 are affected. No other versions are affected. The PowerDNS Recursor is not affected. --------------------------------------------- https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/

1 0

Tageszusammenfassung - Montag 9-11-2015
by Daily end-of-shift report 09 Nov '15

09 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 06-11-2015 18:00 − Montag 09-11-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** ICYMI: Widespread Unserialize Vulnerability in Java, (Mon, Nov 9th) *** --------------------------------------------- On Friday, a blog post from Fox Glove Security was posted that details a widespread Java unserialize vulnerability that affects all the major flavors of middleware (WebSphere, WebLogic, et al). There is a lot of great details, including exploitation instructions for pentesters, in the post so go take a look. It didnt get much press because admittedly its complicated to explain. It also doesnt have a logo. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20353&rss *** SSH-Client PuTTY 0.66 schließt Sicherheitslücke *** --------------------------------------------- Die neue Version des SSH- und Telnet-Clients bringt ein paar kleine Verbesserungen und Fehlerkorrekturen. Zudem wurde eine Sicherheitslücke geschlossen. --------------------------------------------- http://www.heise.de/newsticker/meldung/SSH-Client-PuTTY-0-66-schliesst-Sich… *** Gratis-WLAN: Welche Risiken es gibt und wie man sich schützt *** --------------------------------------------- Ein öffentliches Netzwerk ist praktisch, Nutzer sollten sich aber nicht blindlings einloggen --------------------------------------------- http://derstandard.at/2000025293625 *** Guide to application whitelisting *** --------------------------------------------- The National Institute of Standards and Technology (NIST) has published a guide to deploying automated application whitelisting to help thwart malicious software from gaining access to organizations' computer systems. --------------------------------------------- http://www.net-security.org/secworld.php?id=19079 *** Dangerous bugs leave open doors to SAP HANA systems *** --------------------------------------------- The most serious software flaws ever have been found in SAPs HANA platform, the in-memory database platform that underpins many of the German companys products used by large companies.Eight of the flaws are ranked critical, the highest severity rating ... --------------------------------------------- http://www.cio.com/article/3003054/dangerous-bugs-leave-open-doors-to-sap-h… *** Vbulletin 5.1.X Unserialize Preauth RCE Exploit *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110060 *** Ransomware meets CMS / Linux *** --------------------------------------------- Ransomware am PC gibt es schon seit Jahren: Die Malware sperrt/verschlüsselt den infizierten PC und verlangt Lösegeld dafür, damit der User weiterarbeiten kann.Dass schlecht gewartete Webseiten mit Joomla, Wordpress, Drupal & co ein Fressen für Hacker sind, ist auch nichts neues. Wir sehen regelmäßig Wellen an Defacements und Exploitpacks, wenn mal wieder jemand das Ausnutzen einer Web-Schwachstelle automatisiert. --------------------------------------------- http://www.cert.at/services/blog/20151109095947-1618.html *** Google AdWords API client libraries - XML eXternal Entity Injection (XXE) *** --------------------------------------------- Confirmed in googleads-php-lib <= 6.2.0 for PHP, AdWords libraries: googleads-java-lib for Java, and googleads-dotnet-lib for .NET are also likely to be affected. --------------------------------------------- http://legalhackers.com/advisories/Google-AdWords-API-libraries-XXE-Injecti… *** Closing the Open Door of Java Object Serialization *** --------------------------------------------- If you can communicate with a JVM using Java object serialization using java.io.ObjectInputStream, then you can send a class that can execute commands against the OS from inside of the readObject method, and thereby get shell access. Once you have shell access, you can modify the Java server however you feel like. This is a class of exploit called 'deserialization of untrusted data', aka CWE-502. It's a class of bug that has been encountered from Python, PHP, and from Rails. --------------------------------------------- https://tersesystems.com/2015/11/08/closing-the-open-door-of-java-object-se… *** Protecting Windows Networks - Defeating Pass-the-Hash *** --------------------------------------------- Pass-the-hash is popular attack technique to move laterally inside the network that relies on two components - the NTLM authentication protocol and ability to gain password hashes. This attack allows you to log in on the systems via stolen hash instead of providing clear text password, so there is no need to crack those hashes. To make use of this attack, attacker already has to have admin rights on the box, which is a plausible scenario in a modern "assume breach" mindset. --------------------------------------------- https://dfirblog.wordpress.com/2015/11/08/protecting-windows-networks-defea… *** Security Notice - Statement about Path Traversal Vulnerability in Huawei HG532 Routers Disclosed by CERT/CC *** --------------------------------------------- It is confirmed that some customized versions of Huawei HG532, HG532e, HG532n, and HG532s have this vulnerability. Huawei has prepared a fixed version for affected carriers and is working with them to release the fixed version. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** No surprise here: Adobes Flash is a hackers favorite target *** --------------------------------------------- Adobe Systems Flash plugin gets no love from anyone in the security field these days. A new study released Monday shows just how much it is favored by cybercriminals to sneak their malware onto computers. --------------------------------------------- http://www.cio.com/article/3002668/no-surprise-here-adobes-flash-is-a-hacke… *** Joomla CMS - Bad Cryptography - Multiple Vulnerabilities *** --------------------------------------------- heres a complete enumeration of what Ive found: - JCrypt: Silent fallback to a weak, userspace PRNG (which is very bad for cryptography purposes) - JCryptCipherSimple: Homegrown weak cipher (XOR-ECB) - JCryptCipher: Chosen ciphertext attacks (no authentication) - JCryptCipher: Data corruption / padding oracle attack - JCryptCipher: Static IV for CBC mode (stored with JCryptKey under the misnomer property, "public") -- this sort of defeats the purpose of using CBC mode - JCryptPasswordSimple: PHP Non-Strict Type Comparison (a.k.a. Magic Hash vulnerability) --------------------------------------------- http://www.openwall.com/lists/oss-security/2015/11/08/1 *** HTTP Evasions Explained - Part 7 - Lucky Numbers *** --------------------------------------------- This is part seven in a series which will explain the evasions done by HTTP Evader. This part will be about using the wrong or even invalid status codes to evade the analysis. For 30% of the firewalls in the tests reports Ive got it is enough to use a status code of 100 instead of 200 to bypass analysis and at least Chrome, IE and Edge will download the data even with this wrong status code: --------------------------------------------- http://noxxi.de/research/http-evader-explained-7-lucky-number.html *** Security Advisory: Linux kernel vulnerability CVE-2014-9419 *** --------------------------------------------- F5 Product Development has assigned ID 530413 (BIG-IP), ID 530553 (BIG-IQ), ID 530554 (Enterprise Manager), ID 520651 (FirePass), ID 461496 (ARX), and INSTALLER-1299 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17551.htm… *** IBM Security Bulletins *** --------------------------------------------- *** Vulnerabilities in Qemu affect PowerKVM (Multiple Vulnerabilities) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022875 --------------------------------------------- *** IBM Smart Analytics System 5600 is affected by vulnerabilities in IBM GPFS (CVE-2015-4974, CVE-2015-4981) *** http://www.ibm.com/support/docview.wss?uid=swg21969198 --------------------------------------------- *** Authentication Bypass vulnerability found in IBM Sterling B2B Integrator (CVE-2015-5019) *** http://www.ibm.com/support/docview.wss?uid=swg21967781 --------------------------------------------- *** IBM Smart Analytics System 5600 is affected by a vulnerability in BIND (CVE-2015-5722) *** http://www.ibm.com/support/docview.wss?uid=swg21964962 --------------------------------------------- *** Vulnerability in Net-SNMP affects PowerKVM (CVE-2015-5621) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022903 --------------------------------------------- *** Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management, and IBM Emptoris Services Procurement. *** http://www.ibm.com/support/docview.wss?uid=swg21969875 --------------------------------------------- *** Multiple OpenSSL Vulnerabilities affect IBM WebSphere MQ 5.3 on HP NonStop (CVE-2015-1788) (CVE-2015-1789) (CVE-2015-1791) *** http://www.ibm.com/support/docview.wss?uid=swg21966723 --------------------------------------------- *** Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator *** https://www-304.ibm.com/support/docview.wss?uid=swg21969901 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 6-11-2015
by Daily end-of-shift report 06 Nov '15

06 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 05-11-2015 18:00 − Freitag 06-11-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** jQuery.min.php Malware Affects Thousands of Websites *** --------------------------------------------- Fake jQuery injections have been popular among hackers since jQuery itself went mainstream and became one of the most widely adopted JavaScript libraries. Every now and then we write about such attacks. Almost every week we see new fake jQuery domains and scripts that mimic jQuery. --------------------------------------------- https://blog.sucuri.net/2015/11/jquery-min-php-malware-affects-thousands-of… *** OmniRAT malware scurrying into Android, PC, Mac, Linux systems *** --------------------------------------------- Leverages Stagefright scare for installs As police across Europe crack down on the use of the DroidJack malware, a similar software nasty has emerged that can control not just Android, but also Windows, Mac, and Linux systems and is being sold openly at a fraction of the cost. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/06/omnirat_mal… *** Check Point Discovers Critical vBulletin 0-Day *** --------------------------------------------- As widely reported, the main vBulletin.org forum was compromised earlier this week and an exploit for a vBulletin 0-day was up for sale in online markets. A patch later released by vBulletin fixes the vulnerability reported, but fails to neither credit any reporting nor mention the appropriate CVE number. As the vulnerability is now fixed and an exploit exists in the wild with public analyses, we follow with the technical description as submitted to vBulletin. --------------------------------------------- http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulle… *** Peter Kieseberg @ 5th KIRAS Fachtagung *** --------------------------------------------- Today Peter Kieseberg (SBA Research) presented the results of the SCUDO-Project together with Alexander Szönyi (Thales Austria) and Wolfgang Rosenkranz (Repuco) at the 5th 'KIRAS Fachtagung' in the Austria Trend Hotel Savoyen Vienna. This project was focused on the development of a training process for defence simulation trainings in the area of critical infrastructures ... --------------------------------------------- https://www.sba-research.org/2015/11/05/peter-kieseberg-5th-kiras-fachtagun… *** Bundestag will Mitarbeitern Flash verbieten *** --------------------------------------------- Nach dem schweren Hackerangriff vor rund sechs Monaten will der Deutsche Bundestag mit einigen Maßnahmen die IT-Sicherheit erhöhen. Mitarbeiter und Abgeordnete sollen zu längeren Passwörtern und PINs mit mindestens acht Zeichen verpflichtet werden, außerdem werden Flash und andere Browsererweiterungen von den Rechnern verbannt, wie Spiegel Online unter Berufung auf ein internes Dokument der Bundestagsverwaltung berichtet. --------------------------------------------- http://www.golem.de/news/nach-hackerangriff-bundestag-will-flash-verbieten-… *** Slides from RUXCON, Oct. 24-25, Melbourne *** --------------------------------------------- * DNS as a Defense Vector, Paul Vixie * High Performance Fuzzing, Richard Johnson * MalwAirDrop: Compromising iDevices via AirDrop, Mark Dowd * Broadcasting Your Attack: Security Testing DAB Radio In Cars, Andy Davis * Windows 10: 2 Steps Forward, 1 Step Back, James Forshaw ... --------------------------------------------- https://ruxcon.org.au/slides/?year=2015 *** Tracking HTTP POST data with ELK, (Fri, Nov 6th) *** --------------------------------------------- The Apache webserver has a very modular logging system. It is possible to customize what to log and how. But it lacks in logging data submitted to the server via POST HTTP requests. Recently, I had to investigate suspicious HTTP traffic and one of the requirements was to analyze POST data. If you already have a solution which performs full packet capture, youre lucky but it could quickly become a pain to search for information across gigabytes of PCAP files. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20345&rss *** Encryption ransomware threatens Linux users *** --------------------------------------------- November 6, 2015 Doctor Web warns users about new encryption ransomware targeting Linux operating systems. Judging from the directories in which the Trojan encrypts files, one can draw a conclusion that the main target of cybercriminals is website administrators whose machines have web servers deployed on. Doctor Web security researchers presume that at least tens of users have already fallen victim to this Trojan. --------------------------------------------- http://news.drweb.com/show/?i=9686&lng=en&c=9 *** Advantech EKI Hard-coded SSH Keys Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a hard-coded SSH key vulnerability in Advantech's EKI-122X series products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01 *** ICIT Brief: Know Your Enemies - A Primer on Advanced Persistent Threat Groups *** --------------------------------------------- This primer provides an overview of the threat landscape, attack vectors, size and sophistication of threat actors. Some of the Groups and Platforms include: The Elderwood Platform, Topsec, Axiom, Hidden Lynx, Deep Panda, PLA Unit 61398, Putter Panda, Tarh Andishan, Ajax, Bureau 121, Energetic Bear, Uroburos, APT 28, Hammertoss, CrazyDuke, Sandworm, Syrian Electronic Army, Anonymous and Butterfly Group among others. --------------------------------------------- http://icitech.org/icit-brief-know-your-enemies-a-primer-on-advanced-persis… *** Security Advisory: NTP vulnerability CVE-2015-7704 *** --------------------------------------------- An off-path attacker can send a crafted Kiss of Death (KoD) packet to the client, which will increase the client's polling interval to a large value and effectively disable synchronization with the server. --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17566.htm… *** Security Advisory - DoS Vulnerability in GPU Driver of Huawei Products *** --------------------------------------------- Some Huawei products have a DoS vulnerability. An attacker may trick a user into installing a malicious application and use it to input invalid parameters into the GPU driver program of the products, which can crash the system of the device. (Vulnerability ID: HWPSIRT-2015-09017) This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-7740. Huawei has released software updates to fix these vulnerabilities. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Security Advisory - DoS Vulnerability in Camera Driver of Huawei Products *** --------------------------------------------- Some Huawei products have a DoS vulnerability. An attacker who has the system or camera permission can input invalid parameters into the camera driver program to crash the system. (Vulnerability ID: HWPSIRT-2015-09013) Huawei has released software updates to fix these vulnerabilities. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…

1 0

Tageszusammenfassung - Donnerstag 5-11-2015
by Daily end-of-shift report 05 Nov '15

05 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 04-11-2015 18:00 − Donnerstag 05-11-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** A Technical Look At Dyreza *** --------------------------------------------- Inside the core of Dyreza - a look at its malicious functions and their implementation.Categories: Malware AnalysisTags: dyrezamalware(Read more...) --------------------------------------------- https://blog.malwarebytes.org/intelligence/2015/11/a-technical-look-at-dyre… *** Malicious spam with links to CryptoWall 3.0 - Subject: Domain [name] Suspension Notice, (Thu, Nov 5th) *** --------------------------------------------- Introduction Since Monday 2015-10-26, weve noticed a particular campaign sending malicious spam (malspam) with links to download CryptoWall 3.0 ransomware. This campaign has been impersonating domain registrars. Conrad Longmore blogged about it last week [1], and Techhelplist.com has a good write-up on the campaign [2]. Several other sources have also discussed this wave of malspam [3, 4, 5, 6, 7, 8 to name a few]. For this diary, well take a closer look at the emails and associated CryptoWall --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20333&rss *** CryptoWall 4.0 Released with a New Look and Several New Features *** --------------------------------------------- The fourth member of the CryptoWall family of ransomware, CryptoWall 4.0, has just been released, complete with new features and a brand new look. We recently reported that CryptoWall 3.0 has allegedly caused over $325 million in annual damages. CryptoWall first emerged in April 2014. Its first major upgrade was dubbed CryptoWall 2.0, and first emerged in October... --------------------------------------------- http://securityaffairs.co/wordpress/41718/cyber-crime/cryptowall-4-0-releas… *** SSL-Zertifikate: Microsoft will sich schon nächstes Jahr von SHA-1 trennen *** --------------------------------------------- Die Firma überlegt ob der neuen Qualität von Angriffen auf den Hash-Algorithmus, diesen schon Mitte 2016 auf die verbotene Liste zu setzen. Google und Mozilla gehen ähnliche Wege. --------------------------------------------- http://heise.de/-2880134 *** Mabouia: The first ransomware in the world targeting MAC OS X *** --------------------------------------------- Rafael Salema Marques, a Brazilian researcher, published a PoC about the existence of Mabouia ransomware, the first ransomware that targets MAC OS X. Imagine this scenario: You received a ransom warning on your computer stating that all your personal files had been locked. In order to unlock the files, you would have to pay $500. --------------------------------------------- http://securityaffairs.co/wordpress/41755/cyber-crime/mabouia-ransomware-ma… *** Meet the Android rooting adware that cannot be removed *** --------------------------------------------- Researchers have identified a new strain of malicious adware that is impossible for affected Android device owners to uninstall. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/Prm6r3X3tzk/ *** No C&C server needed: Russia menaced by offline ransomware *** --------------------------------------------- Harder to take down, nyet? Miscreants have cooked up a new strain of ransomware that works offline and so might be more resistant to law enforcement takedown efforts as a result. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/05/offline_ran… *** Thousands of legitimate iOS apps discovered containing ad library backdoors *** --------------------------------------------- More than 2,000 iOS apps stocked in Apples legitimate App Store reportedly contained backdoored versions of an ad library, which could have allowed for surveillance without users knowledge. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/nxOb5Ac0sYo/ *** The Omnipresence of Ubiquiti Networks Devices on the Public Web *** --------------------------------------------- There are ongoing in the wild attacks against Ubiquiti Networks devices. Attackers are using default credentials to gain access to the affected devices via SSH. The devices are infected by a botnet client that is able to infect other devices.Further information about these attacks is available at:Krebs on Security: http://krebsonsecurity.com/2015/06/crooks-use-hacked-routers-to-aid-cyberhe… Research: https://www.incapsula.com/blog/ddos-botnet-soho-router.htmlCARISIRT --------------------------------------------- http://blog.sec-consult.com/2015/11/the-omnipresence-of-ubiquiti-networks.h… *** vBulletin Exploits in the Wild *** --------------------------------------------- The vBulletin team patched a serious object injection vulnerability yesterday, that can lead to full command execution on any site running on an out-of-date vBulletin version. The patch supports the latest versions, from 5.1.4 to 5.1.9. The vulnerability is serious and easy to exploit; it was used to hack and deface the main vBulletin.com website. As aRead More The post vBulletin Exploits in the Wild appeared first on Sucuri Blog. --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/NNlPrHaDARs/vbulletin-exploit… *** TalkTalk, Script Kids & The Quest for "OG" *** --------------------------------------------- So youve got two-step authentication set up to harden the security of your email account (you do, right?). But when was the last time you took a good look at the security of your inboxs recovery email address? That may well be the weakest link in your email security chain, as evidenced by the following tale of a IT professional who saw two of his linked email accounts recently hijacked in a bid to steal his Twitter identity.Earlier this week, I heard from Chris Blake, a longtime KrebsOnSecurity... --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/im8m6Imwfsk/ *** Connecting the Dots in Cyber Threat Campaigns, Part 2: Passive DNS *** --------------------------------------------- This is the second part of our series on "connecting the dots", where we investigate ways to link attacks together to gain a better understanding of how they are related. In Part 1, we looked... --------------------------------------------- http://feedproxy.google.com/~r/PaloAltoNetworks/~3/7x_ynKHJKns/ *** Xen Project 4.5.2 Maintenance Release Available *** --------------------------------------------- I am pleased to announce the release of Xen 4.5.2. Xen Project Maintenance releases are released roughly every 4 months, in line with our Maintenance Release Policy. We recommend that all users of the 4.5 stable series update to this point release. --------------------------------------------- https://blog.xenproject.org/2015/11/05/xen-project-4-5-2-maintenance-releas… *** Open-Xchange Input Validation Flaw in Printing Dialogs Lets Remote Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1034018 *** Bugtraq: [KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/536839 *** Bugtraq: [KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/536838 *** MIT Kerberos Multiple Bugs Let Remote Users Cause the Target Service to Crash *** --------------------------------------------- http://www.securitytracker.com/id/1034084 *** [2015-11-05] Insecure default configuration in Ubiquiti Networks products *** --------------------------------------------- Ubiquiti Networks products have remote administration enabled by default (WAN port). Additionally these products use the same certificates and private keys for administration via HTTPS. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2015… *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise ... --------------------------------------------- http://support.citrix.com/article/CTX202404 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ is affected by multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 5, 6 & 7 *** http://www.ibm.com/support/docview.wss?uid=swg21968485 --------------------------------------------- *** IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to Denial of Service Attack. (CVE-2014-0230) *** http://www.ibm.com/support/docview.wss?uid=swg21970036 --------------------------------------------- *** IBM Security Bulletin: Openstack Nova vulnerability affects IBM Cloud Manager with OpenStack (CVE-2015-2687) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022691 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM DB2 LUW (CVE-2015-0204) *** http://www.ibm.com/support/docview.wss?uid=swg21968869 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities identified in IBM Java SDK affect WebSphere Service Registry and Repository Studio (CVE-2015-2613 CVE-2015-2601 CVE-2015-2625 CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21969911 --------------------------------------------- *** PowerHA SystemMirror privilege escalation vulnerability (CVE-2015-5005) *** http://www.ibm.com/support/ --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to change work orders that the user should not have access to change (CVE-2015-7395 ) *** http://www.ibm.com/support/docview.wss?uid=swg21969072 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1022785 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Python affect PowerKVM (CVE-2013-5123, CVE-2014-8991) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022786 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSLP affects PowerKVM (CVE-2015-5177) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022876 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Python-httplib2 affects PowerKVM (CVE-2013-2037) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022877 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in lcms affects PowerKVM (CVE-2015-4276) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022834 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Libcrypt++ affects PowerKVM (CVE-2015-2141) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022879 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in lighttpd affects PowerKVM (CVE-2015-3200) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022837 --------------------------------------------- *** IBM Security Bulletin:Vulnerabilities in wpa_supplicant may affect PowerKVM (CVE-2015-1863 and CVE-2015-4142) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022832 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in libXfont affect PowerKVM (CVE-2015-1802, CVE-2015-1803, CVE-2015-1804) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022787 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Mozilla NSS affects PowerKVM (CVE-2015-2730) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022790 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability could expose user personal data in IBM WebSphere Commerce (CVE-2015-5015) *** http://www.ibm.com/support/docview.wss?uid=swg21969174 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager is affected by a vulnerability from FSM's use of strongswan: (CVE-2015-4171) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022817 --------------------------------------------- *** IBM Security Bulletin: IBM Netezza Host Management is vulnerable to a BIND 9 utility issue (CVE-2015-5722) *** http://www.ibm.com/support/docview.wss?uid=swg21966952 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 4-11-2015
by Daily end-of-shift report 04 Nov '15

04 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 03-11-2015 18:00 − Mittwoch 04-11-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Return of the EXIF PHP Joomla Backdoor *** --------------------------------------------- Our Remediation and Research teams are in constant communication and collaboration. It's how we stay ahead of the latest threats, but it also presents an opportunity to identify interesting threats that aren't new but may be reoccuring. Such as today's post, in which we explore a case we shared close to two years ago where... --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/VZAI0vVYGjI/exif-php-joomla-b… *** Researchers map out hard-to-kill, multi-layered spam botnet *** --------------------------------------------- A dropper component sent to the Akamai researchers led them to the discovery of a spamming botnet that consists of at least 83,000 compromised systems. The botnet is multi-layered, decentralized, a... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/B72jnhO-1Ds/secworld.php *** Nach Hack des Support-Forums: Mysteriöser vBulletin-Patch erschienen *** --------------------------------------------- Nach einem Angriff auf das offizielle Support-Forum der Forensoftware vBulletin ist ein Sicherheitsupdate erschienen. Ob dies die Lücke stopft, die bei dem Angriff ausgenutzt wurde, ist nicht ganz klar. --------------------------------------------- http://heise.de/-2869989 *** Internet Wide Scanners Wanted, (Wed, Nov 4th) *** --------------------------------------------- In our data, we often find researchers performing internet wide scans. To better identify these scans, we would like to add a label to these IPs identifying them as part of a research project. If you are part of such a project, or if you know of a project, please let me know. You can submit any information as a comment or via our contact form. If the IP addresses change often, then a URLs with a parseable list would be appreciated to facilitate automatic updates. --- Johannes B. Ullrich, Ph.D. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20337&rss *** GovRAT, the malware-signing-as-a-service platform in the underground *** --------------------------------------------- Security Experts at InfoArmor discovered GovRAT, a malware-signing-as-a-service platform that is offered to APT groups in the underground. In the past, I have explained why digital certificates are so attractive for crooks and intelligence agencies, one of the most interesting uses is the signature of malware code in order to fool antivirus. Naturally, digital certificates... --------------------------------------------- http://securityaffairs.co/wordpress/41714/cyber-crime/govrat-platform.html *** Confusing Convenience for Security: SSH Keys *** --------------------------------------------- Secure Shell (SSH) keys are a common part of accessing Unix systems, and you need to put some focus specifically on your organization's use of SSH keys. --------------------------------------------- http://blog.beyondtrust.com/confusing-convenience-for-security-ssh-keys *** Security Fixes in Firefox 42 *** --------------------------------------------- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firef… *** VU#391604: ZTE ZXHN H108N R1A routers contains multiple vulnerabilities *** --------------------------------------------- Vulnerability Note VU#391604 ZTE ZXHN H108N R1A routers contains multiple vulnerabilities Original Release date: 03 Nov 2015 | Last revised: 03 Nov 2015 Overview ZTE ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.h_PE, and ZXV10 W300 router, version W300V1.0.0f_ER1_PE, contain multiple vulnerabilities. Description CWE-200: Information Exposure - CVE-2015-7248 Multiple information exposure vulnerabilities enable an attacker to obtain credentials and other sensitive details about the ZXHN... --------------------------------------------- http://www.kb.cert.org/vuls/id/391604 *** Alcatel-Lucent Home Device Manager Spoofing *** --------------------------------------------- Topic: Alcatel-Lucent Home Device Manager Spoofing Risk: Low Text: ## # # SWISSCOM CSIRT ADVISORY - https://www.swisscom.ch/en/about/sustainability/digital- #switze... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110029 *** DSA-3391 php-horde - security update *** --------------------------------------------- It was discovered that the web-based administration interface in theHorde Application Framework did not guard against Cross-Site RequestForgery (CSRF) attacks. As a result, other, malicious web pages couldcause Horde applications to perform actions as the Horde user. --------------------------------------------- https://www.debian.org/security/2015/dsa-3391 *** DSA-3392 freeimage - security update *** --------------------------------------------- Pengsu Cheng discovered that FreeImage, a library for graphic imageformats, contained multiple integer underflows that could lead to adenial of service: remote attackers were able to trigger a crash bysupplying a specially crafted image. --------------------------------------------- https://www.debian.org/security/2015/dsa-3392 *** Bugtraq: [security bulletin] HPSBGN03425 rev.1 - HP ArcSight SmartConnectors, Remote Disclosure of Information, Local Escalation of Privilege *** --------------------------------------------- http://www.securityfocus.com/archive/1/536827 *** Bugtraq: [security bulletin] HPSBGN03386 rev.2 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, *** --------------------------------------------- http://www.securityfocus.com/archive/1/536824 *** Security Advisory - Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Security Notice - Statement on Venustech Revealing Heap Overflow Vulnerability in Huawei Smart Phone *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED] *** --------------------------------------------- http://www.securityfocus.com/archive/1/536833 *** Cisco Security Advisories *** --------------------------------------------- *** Cisco SocialMiner WeChat Page Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Mobility Services Engine Static Credential Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco AsyncOS TCP Flood Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Web Security Appliance Range Request Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Mobility Services Engine Privilege Escalation Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…

1 0

Tageszusammenfassung - Dienstag 3-11-2015
by Daily end-of-shift report 03 Nov '15

03 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 02-11-2015 18:00 − Dienstag 03-11-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** UK-US Cyberattack Simulation On Finance Sector Set For This Month *** --------------------------------------------- US-CERT and CERT-UK putting President and Prime Ministers earlier plans into action. --------------------------------------------- http://www.darkreading.com/operations/uk-us-cyberattack-simulation-on-finan… *** Latest Adobe Flash vulnerability now in Angler, Nuclear EKs *** --------------------------------------------- Malwarebytes is reporting that once again Adobe Flash Player has become a target as the recently patched zero-day exploit that was discovered and patched has become a part of several exploit kits (EK). --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/s2Q_P9QhW74/ *** WoW! Want to beat Microsofts Windows security defenses? Poke some 32-bit software *** --------------------------------------------- Compatibility tool hampers EMET anti-malware protections Two chaps claim to have discovered how to trivially circumvent Microsofts Enhanced Mitigation Experience Toolkit (EMET) using Redmonds own compatibility tools. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/03/32bit_softw… *** Web server secured? Good, now lets talk about e-mail *** --------------------------------------------- Its not just Hillary whose servers a spillory While Website owners may have noticed the need to get rid of old, buggy or weak crypto, those operating e-mail servers seem to be operating on autopilot. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/03/web_server_… *** Dev to Mozilla: Please dump ancient Windows install processes *** --------------------------------------------- Old habits die hard Security bod Stefan Kanthak is asking Mozilla to quit using Windows self-extracting installs. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/03/dev_to_mozi… *** The official website of the popular vBulletin forum has been hacked *** --------------------------------------------- The website of the vBulletin forum software is down for maintenance following a data breach that exposed personal information of hundreds of thousands users On Sunday, the vBulletin official website has been hacked by an attacker using the moniker "Coldzer0". The website has been defaced and the vBulletin forum was displaying the message "Hacked by Coldzer0." At the... --------------------------------------------- http://securityaffairs.co/wordpress/41656/cyber-crime/vbulletin-forum-hacke… *** Chimera crypto-ransomware is hitting German companies *** --------------------------------------------- A new piece of crypto-ransomware is targeting German companies: its called Chimera, and the criminals behind the scheme are threatening to release sensitive corporate data on the Internet if the targ... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/D53NfnuVrIM/malware_news.… *** KeyPass looter: The password plunderer to hose pwned sys admins *** --------------------------------------------- When youre owned, youre boned. Kiwi hacker Denis Andzakovic has developed an application that steals password vaults from the popular local storage vault KeyPass. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/03/keypass_loo… *** Security: Kommandozeilen-Zugriff auf Bankterminal dokumentiert *** --------------------------------------------- Ein deutscher Sicherheitsforscher hat eine Sicherheitslücke in Geldautomaten-Software gefunden. Die Schwachstelle ermöglichte den Zugriff auf die Kommandozeile des Geräts und das Auslesen zahlreicher kritischer Daten. --------------------------------------------- http://www.golem.de/news/security-kommandozeilen-zugriff-auf-bankterminal-d… *** OTA-Patch: Google verteilt Sicherheitsupdate für Android 6.0 *** --------------------------------------------- Die neue Android-Version 6.0 alias Marshmallow bekommt nach einem Monat ihre erste Sicherheitsaktualisierung. Grund sind insgesamt sieben Bedrohungen, von denen Google zwei als kritisch einstuft. --------------------------------------------- http://www.golem.de/news/ota-patch-google-verteilt-sicherheitsupdate-fuer-a… *** Kaspersky DDoS Intelligence Report Q3 2015 *** --------------------------------------------- In the third quarter of 2015 botnet-assisted DDoS attacks targeted victims in 79 countries around the world; 91.6% of targeted resources were located in 10 countries. The largest numbers of DDoS attacks targeted victims in China, the US and South Korea. The longest DDoS attack in Q3 2015 lasted for 320 hours. --------------------------------------------- http://securelist.com/analysis/quarterly-malware-reports/72560/kaspersky-dd… *** Wormhole-Schwachstelle: Backdoor in über 14.000 Android-Apps *** --------------------------------------------- Das Moplus SDK hält in zahlreichen Apps eine Hintertür für Angreifer auf, sodass diese etwa heimlich Dateien von Android-Gerät abziehen und SMS-Nachrichten versenden können. --------------------------------------------- http://www.heise.de/newsticker/meldung/Wormhole-Schwachstelle-Backdoor-in-u… *** A few things about Redis security *** --------------------------------------------- >From time to time I get security reports about Redis. It's good to get reports, but it's odd that what I get is usually about things like Lua sandbox escaping, insecure temporary file creation, and similar issues, in a software which is designed (as we explain in our security page here http://redis.io/topics/security) to be totally insecure if exposed to the outside world. Yet these bug reports are often useful since there are different levels of security concerning any software in... --------------------------------------------- http://antirez.com/news/96 *** How Carders Can Use eBay as a Virtual ATM *** --------------------------------------------- How do fraudsters "cash out" stolen credit card data? Increasingly, they are selling in-demand but underpriced products on eBay that they dont yet own. Once the auction is over, the auction fraudster uses stolen credit card data to buy the merchandise from an e-commerce store and have it shipped to the auction winner. Because the auction winners actually get what they bid on and unwittingly pay the fraudster, very often the only party left to dispute the charge is the legitimate... --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/E4QijbOr8i0/ *** ORX-Locker, a Web Platform to Create Ransomware *** --------------------------------------------- The only thing more dangerous than cryptolocker-type ransomware in the hands of a highly skilled hacker is the same ransomware offered as a service and made available to the general public. Similar to the private TOX RaaS (Ransomware as a Service) platform discovered in August, ORX-Locker is a free-to-use web platform where anyone can create and download malware that will encrypt a victim's file system and demand payment for recovery. This is one of the first public RaaS sites we've... --------------------------------------------- https://feeds.feedblitz.com/~/122089935/0/alienvault-blogs~ORXLocker-a-Web-… *** XcodeGhost S: A New Breed Hits the US *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2015/11/xcodeghost_s_a_new.html *** Enhancing pentesting recon with nmap, (Tue, Nov 3rd) *** --------------------------------------------- You might have used nmap several times for recon using the conventional portscan functionality (Connect scan, SYN Scan, FIN scan, UDP scan, ...) but for gathering extra info like HTTP directories, DNS host enumeration without performing zone transfer, Microsoft SQL Server enumeration and SMB device info people usually uses additional tools. I will show you how nmap can provide that information without use of extra tools: 1. HTTP Directories The http-enum script is able to test for the existence... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20331&rss *** VU#316888: MobaXterm server may allow arbitrary command injection due to missing X11 authentication *** --------------------------------------------- Vulnerability Note VU#316888 MobaXterm server may allow arbitrary command injection due to missing X11 authentication Original Release date: 02 Nov 2015 | Last revised: 02 Nov 2015 Overview The MobaXterm server prior to verion 8.3 is vulnerable to arbitrary command injection over port 6000 when using default X11 settings. Description CWE-306: Missing Authentication for Critical Function - CVE-2015-7244MobaXterm server prior to version 8.3 includes an X11 server listening on all IP addresses... --------------------------------------------- http://www.kb.cert.org/vuls/id/316888 *** Security Advisory - Local Permission Escalation Vulnerability in GPU of P7 Phones *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Cisco Unified Computing System Blade Server Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7852 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17516.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7850 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17528.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7701 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17517.htm… --------------------------------------------- *** Security Advisory: NTP vulnerabilities CVE-2015-7704 and CVE-2015-7705 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17527.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7703 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17529.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7848 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17526.htm… --------------------------------------------- *** Security Advisory: NTP vulnerabilities CVE-2015-7691, CVE-2015-7692, and CVE-2015-7702 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17530.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7871 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17518.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7849 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17521.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7854 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17524.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7853 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17525.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7855 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17515.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7851 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17522.htm… ---------------------------------------------

1 0

Tageszusammenfassung - Montag 2-11-2015
by Daily end-of-shift report 02 Nov '15

02 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 30-10-2015 18:00 − Montag 02-11-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** CoinVault and Bitcryptor Ransomware Victims Can Now Recover Their Files For Free *** --------------------------------------------- itwbennett writes: Researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained the last set of encryption keys from command-and-control servers that were used by CoinVault and Bitcryptor, writes Lucian Constantin. Those keys have been uploaded to Kasperskys ransomware decrypt or service that was originally set up in April with a set of around 750 keys recovered from servers hosted in the Netherlands. --------------------------------------------- http://yro.slashdot.org/story/15/10/30/2341230/coinvault-and-bitcryptor-ran… *** Disaster Recovery Starts with a Plan, (Mon, Nov 2nd) *** --------------------------------------------- One of the security questions being asked of security professionals, by business executives these days, from both internal and external entities, is What is the status of our Disaster Recovery plan? The driving force behind the question varies, from compliance and our business partners are asking to I read an article about an earthquake. A disaster recovery plan is one of those things that you dont want to define the requirements as you go, this is one that is truly about the *plan*. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20325&rss *** About Lenovo System Update Vulnerabilities and CVE-2015-6971 *** --------------------------------------------- Over the past seven months, a number of vulnerabilities in Lenovo System Update software have come to light. Lenovo patched the first of a batch of these vulnerabilities in spring of this year. I decided to take a deeper look... --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/About-Lenovo-System-Update-V… *** Useful tools for malware analysis *** --------------------------------------------- In early October, the international project 'Cyber Security in the Danube Region' organized training for security teams operating within the region. As sharing of information and knowledge are essential in the field of security, I decided to write a post ... --------------------------------------------- http://en.blog.nic.cz/2015/10/30/useful-tools-for-malware-analysis/ *** Debian: elasticsearch end-of-life (DSA 3389-1) *** --------------------------------------------- Security support for elasticsearch in jessie is hereby discontinued. The project no longer releases information on fixed security issues which allow backporting them to released versions of Debian and actively discourages from doing so. elasticsearch will also be removed from Debian stretch (the next stable Debian release), but will continue to remain in unstable and available in jessie-backports. --------------------------------------------- https://lists.debian.org/debian-security-announce/2015/msg00290.html *** PageFair: Halloween Security Breach *** --------------------------------------------- I want to take some time here to describe exactly what happened, how it may have affected some of your visitors, and what we are doing to prevent this from ever happening again. --------------------------------------------- http://blog.pagefair.com/2015/halloween-security-breach/ *** RWSPS: WPA/2 Cracking Using HashCat *** --------------------------------------------- We will cover the following topics: WPA/2 Cracking with Dictionary attack using Hashcat. WPA/2 Cracking with Mask attack using Hashcat. WPA/2 Cracking with Hybrid attack using Hashcat. WPA/2 Cracking Pause/resume in Hashcat (One of the best features) WPA/2 Cracking save sessions and restore. --------------------------------------------- http://www.rootsh3ll.com/2015/10/rwsps-wpa2-cracking-using-hashcat-cloud-ch… *** Protecting Windows Networks - Local administrative accounts management *** --------------------------------------------- There is a common problem in all environments with local administrative accounts, such as local Administrator account, root accounts or any kind of application specific built-in admin accounts set to a common password, shared across all systems. --------------------------------------------- https://dfirblog.wordpress.com/2015/11/01/protecting-windows-networks-local… *** new Windows 10 cumulative update (3105210) *** --------------------------------------------- Bulletin revised to announce the release of a new Windows 10 cumulative update (3105210) to address an additional vulnerability, CVE-2015-6045, which has been added to this bulletin. Only customers running Windows 10 systems need to install this new update. Earlier operating systems are either not affected or have received the fix in the original updates of October 13, 2015. --------------------------------------------- https://technet.microsoft.com/library/security/ms15-106 *** 5 signs your Web application has been hacked *** --------------------------------------------- When customers interact with your business, they most likely go through a Web application first. It's your company's public face -- and by virtue of that exposure, an obvious point of vulnerability.Most attacks against Web applications are stealthy and hard to spot. --------------------------------------------- http://www.csoonline.com/article/3000315/application-security/5-signs-your-… *** How Much is a Zero-Day Exploit for an SCADA/ICS System? *** --------------------------------------------- Current scenario How much is a zero-day for an industrial control system? Where is it possible to buy them and who are the main buyers of these commodities? I can tell you that there isn't a unique answer to the above questions, but first all let us try to understand the current scenario ... --------------------------------------------- http://resources.infosecinstitute.com/how-much-is-a-zero-day-exploit-for-an… *** Cisco Security Advisories *** --------------------------------------------- *** Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Unified Communications Domain Manager URI Enumeration Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco FireSIGHT Management Center HTML Injection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco ASR 5500 SAE Gateway BGP Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Prime Service Catalog SQL Injection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco ASA CX Context-Aware Security Web GUI Unauthorized Access Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Unified Border Element Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Secure Access Control Server SQL Injection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Wireless LAN Controller Client Disconnection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ---------------------------------------------

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily November 2015