Daily March 2015

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - Dienstag 17-03-2015
by Daily end-of-shift report 17 Mar '15

17 Mar '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 16-03-2015 18:00 − Dienstag 17-03-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** 3046310 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 1.0 *** --------------------------------------------- Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/3046310 *** Man who obtained Windows Live cert said his warnings went unanswered *** --------------------------------------------- "I tried, just for fun," said man who reported hole to Microsoft and authorities. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/GS2QPGGMdJ0/ *** Forthcoming OpenSSL releases *** --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. These releases will be made available on 19th March. They will fix a number of security defects. The highest severity defect fixed by these releases is classified as "high" severity. --------------------------------------------- https://mta.openssl.org/pipermail/openssl-users/2015-March/000778.html *** From PEiD To YARA, (Tue, Mar 17th) *** --------------------------------------------- Some time ago, Jim Clausing had a diary entry about PeID (a packer identifier) and since then he has a PEiD signature database on his handler page. Now, wouldnt it be great if we could reuse these signatures? For example as YARA rules? Thats why I wrote a Python program that converts PEiD signatures to YARA rules: peid-userdb-to-yara-rules.py Here is an example: PEiD signature: [!EP (ExE Pack) V1.0 - Elite Coding Group] signature = 60 68 ?? ?? ?? ?? B8 ?? ?? ?? ?? FF 10 ep_only = true Generated... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19473&rss *** Zweifaktor-Dienst Authy ließ jeden rein *** --------------------------------------------- Zwei-Faktor-Authentifizierung ist eine sichere Sache - wenn sie denn funktioniert. Authy, das von vielen prominenten Sites eingesetzt wird, ließ sich bis vor kurzem mit dem Generalschlüssel "../sms" umgehen. --------------------------------------------- http://heise.de/-2576764 *** D-Link patches critical flaws in wireless range extender, Wi-Fi cameras firmware *** --------------------------------------------- D-Link has released new firmware for its DAP-1320 wireless range extender and the DCS-93xL family of Wi-Fi cameras in order to patch two critical vulnerabilities that can lead to device hijacking. ... --------------------------------------------- www.net-security.org/secworld.php?id=18093 *** Search for vulnerable servers unearths weak, thousands-times repeated RSA keys *** --------------------------------------------- A group of researchers from the Information Security Group from Royal Holloway, University of London, wanted to see how many TLS servers still supported the weak, export-grade (512-bit) RSA public key... --------------------------------------------- http://www.net-security.org/secworld.php?id=18094 *** Cisco Virtual TelePresence Server Serial Console Privileged Access Vulnerability *** --------------------------------------------- Cisco Virtual TelePresence Server Software contains a vulnerability that could allow an authenticated, local attacker to gain unauthorized access with elevated privileges. Updates are available. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=37869 *** DSA-3192 checkpw - security update *** --------------------------------------------- Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a passwordauthentication program, has a flaw in processing account names whichcontain double dashes. A remote attacker can use this flaw to cause adenial of service (infinite loop). --------------------------------------------- https://www.debian.org/security/2015/dsa-3192 *** Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability *** --------------------------------------------- Topic: Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability Risk: High Text:/* Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability Vendor: Intel Product webpage: http://www.intel.co... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015030110 *** TYPO3 CMS 6.2.11 released *** --------------------------------------------- The TYPO3 Community announces the version 6.2.11 LTS of the TYPO3 Enterprise Content Management System. --------------------------------------------- http://www.typo3.org/news/article/typo3-cms-6211-released/ *** HPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash, Remote Denial of Service (DoS), Code Execution, Disclosure of Information *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash including: The OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…

1 0

Tageszusammenfassung - Montag 16-03-2015
by Daily end-of-shift report 16 Mar '15

16 Mar '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 13-03-2015 18:00 − Montag 16-03-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** ICS-CERT Monitor Quarterly Report - Phishing Reigns Supreme (March 12, 2015) *** --------------------------------------------- According to a quarterly report from the US Industrial Control System Computer Emergency Response Team (ICS-CERT), industrial control systems were targets of cyber attacks at least 245 times in the 12-month period between October 1, 2013 and September 30, 2014....... --------------------------------------------- http://www.sans.org/newsletters/newsbites/r/17/20/200 *** Security Advisory - NTPd Security Vulnerability in Multiple Huawei Products *** --------------------------------------------- Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet. Multiple Huawei products have this vulnerability. ( Vulnerability ID: HWPSIRT-2014-1276) --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** TeslaCrypt ransomware attacks gamers - "all your files are belong to us!" *** --------------------------------------------- TeslaCrypt is a new ransomware that goes above and beyond CryptoLocker in the types of files it seeks out to hold for ransom, including those related to video games. SophosLabs dug in to find out what TeslaCrypt has in store for gamers, and everyone else. --------------------------------------------- https://nakedsecurity.sophos.com/2015/03/16/teslacrypt-ransomware-attacks-g… *** Safari: Alte Sicherheitslücke speichert URLs auch im Private-Browsing-Modus *** --------------------------------------------- Normalerweise sollte ein Browser alle angesurften Adressen vergessen, wenn er im 'Privatmodus' genutzt wird. Apples Safari tut das allerdings nicht - die besuchten Adressen landen in einer ungeschützten Datenbank. --------------------------------------------- http://heise.de/-2575426 *** Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS *** --------------------------------------------- We provide new attacks against RC4 in TLS that are focussed on recovering user passwords, still the pre-eminent means of user authentication on the Web today. Our attacks enhance the statistical techniques used in the previous attacks and exploit specific features of the password setting to produce attacks that are much closer to being practical. We report on extensive simulations that illustrate this. --------------------------------------------- http://www.isg.rhul.ac.uk/tls/RC4mustdie.html *** Talk at Troopers15 *** --------------------------------------------- Peter Kieseberg and Sebastian Schrittwieser give a talk about 'iAnalyze - Automated security analysis of iOS apps' at the 'Hacking Mobiles Vol. 2.1 - MMA: Mobile Malicious Apps' workshop, which is held at Troopers15 conference in Heidelberg, Germany. --------------------------------------------- https://www.sba-research.org/2015/03/16/talk-at-troopers15/ *** Cisco Security Advisories *** * Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=37863 * Cisco AnyConnect Secure Mobility Client Hostscan Path Traversal Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=37862 * Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=37861 * Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=37860

1 0

Tageszusammenfassung - Freitag 13-03-2015
by Daily end-of-shift report 13 Mar '15

13 Mar '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 12-03-2015 18:00 − Freitag 13-03-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Security updates available for Adobe Flash Player (APSB15-05) *** --------------------------------------------- A Security Bulletin (APSB15-05) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin. This... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1185 *** After Delays, Samsung Patches Social Media Vulnerability in Millions of Devices *** --------------------------------------------- Samsung patched a vulnerability last month in SNS Provider that if exploited could have given attackers the ability to access to any personal information users stored on Facebook, LinkedIn and Twitter. --------------------------------------------- http://threatpost.com/after-delays-samsung-patches-social-media-vulnerabili… *** Blind SQL Injection against WordPress SEO by Yoast, (Fri, Mar 13th) *** --------------------------------------------- WordPress has released an advisory for the WordPress plugin SEO by Yoast. Version up to and including 1.7.3.3 can be exploited with a blind SQL injection. According to WordPress, this plugin has more than one million downloads. A description of the SQL injection with proof of concept is described here and the latest update is available here. [1] https://wordpress.org/plugins/wordpress-seo/ [2] https://downloads.wordpress.org/plugin/wordpress-seo.1.7.4.zip [3] --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19457&rss *** Achievement Locked: New Crypto-Ransomware Pwns Video Gamers *** --------------------------------------------- Gamers may be used to paying to unlock downloadable content in their favorite games, but a new crypto-ransomware variant aims to make gamers pay to unlock what they already own. Data files for more than 20 games can be affected by the threat, increasing what is already a large target for cybercriminals. Another file type... --------------------------------------------- http://labs.bromium.com/2015/03/12/achievement-locked-new-crypto-ransomware… *** VIRLOCK Combines File Infection and Ransomware *** --------------------------------------------- Analysis by Jaaziel Carlos, Jonh Chua, and Rodwin Fuentes Ransomware has become one of the biggest problems for end users are as of late. In the past months alone, we have reported on several variants of both ransomware and crypto-ransomware, each with their own "unique" routines. We recently came across one malware family, detected as... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/eJWas-XoY6I/ *** Microsoft EMET 5.2 is available, (Fri, Mar 13th) *** --------------------------------------------- Microsoft has announced a new release of the Enhanced Mitigation Experience Toolkit (EMET) 5.2. The main the main changes and improvements as the following: Control Flow Guard:EMETs native DLLs have been compiled with Control Flow Guard(CFG). CFG is a new feature introduced in Visual Studio 2015 (and supported by Windows 8.1 and Windows 10) that helps detect and stop attempts of code hijacking. EMET native DLLs (i.e. EMET.DLL) are injected into the application process EMET protects. Since we --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19461&rss *** Adobe schließt kritische Lücken in Flash *** --------------------------------------------- Ein neues Update für den Flash-Player schließt elf Sicherheitslücken und ist für alle Plattformen verfügbar. Eine zügige Installation ist ratsam, da Angreifer im schlimmsten Fall das System übernehmen könnten. --------------------------------------------- http://heise.de/-2574278 *** Bootschleife nach SHA-2-Update für Windows 7 *** --------------------------------------------- Böse Überraschung für einige Nutzer mit Linux-Dual-Boot: Ein Windows-7-Update vom letzten Patchday stürzt den Rechner in eine Bootschleife. Das scheint allerdings nur beim Booten über das klassische BIOS aufzutreten, UEFI-Nutzer haben Glück. --------------------------------------------- http://heise.de/-2574289 *** BlackBerry has no fix for devices vulnerable to FREAK security flaw *** --------------------------------------------- Summary:The company, lauded for having the worlds most protected devices for encrypted messaging, warns that devices will be vulnerable to a serious security flaw until a patch is released. --------------------------------------------- http://www.zdnet.com/article/blackberry-slow-to-respond-to-freak-flaw-says-… *** Mozilla Releases Open Source Masche Forensics Tool *** --------------------------------------------- Mozilla has released an open source memory forensics tool that some college students designed and built during the company's recent Winter of Security event. The new tool, known as Masche, is designed specifically for investigating server memory and has the advantage of being able to scan running processes without causing any problems with the machine. --------------------------------------------- http://threatpost.com/mozilla-releases-open-source-masche-forensics-tool/11… *** Google-Panne: Inhaberdaten von 300.000 geschützten Domains einsehbar *** --------------------------------------------- Google bietet seinen Kunden die Möglichkeit, Domains zu registrieren, ohne dass dabei persönliche Daten in den Whois-Einträgen auftauchen. Durch einen Bug waren die Informationen trotzdem abrufbar. --------------------------------------------- http://heise.de/-2574423 *** Bypassing ASLR with CVE-2015-0071: An Out-of-Bounds Read Vulnerability *** --------------------------------------------- Almost every Patch Tuesday cycle contains one bulletin that (for convenience) rolls up multiple Internet Explorer vulnerabilities into a single bulletin. February's Patch Tuesday cumulative IE bulletin (MS15-009) included a fix for a particularly interesting vulnerability that could be used to bypass one of the key anti-exploit technologies in use today, address space layout randomization... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/35xufNRKED8/ *** Security Afterworks: Cybercrime - Lessons From the Field & Best Of Troopers15 *** --------------------------------------------- Cybercrime – wie reagieren nach einem Vorfall? Die Frage ist schon längst nicht mehr ob, sondern wann Sie zum Ziel werden. Andreas Tomek informiert beim Security Afterworks im April über Lessons from the field – Incident Response & Cybercrime in Österreich. Danach geht es mit den Hot Topics der Troopers15 weiter. Lassen Sie sich von uns auf den neuesten Stand bringen! Dienstag, 14. April 2015 16.30 Uhr ab 17.30 Uhr gemütlicher Ausklang SBA Research --------------------------------------------- https://www.sba-research.org/events/security-afterworks-cybercrime-lessons-… https://www.sba-research.org/wp-content/uploads/2015/03/Security-Afterworks… *** Cisco FREAKs out, starts epic OpenSSL bug-splat *** --------------------------------------------- Happy weekend, network admins Cisco admins will be watching and waiting for fixes, with the company announcing that many of its OpenSSL implementations are carrying a bunch of post-POODLE fleas. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/03/13/cisco_freak… *** Samsung SNS Provider Application For Android Access Theft *** --------------------------------------------- Topic: Samsung SNS Provider Application For Android Access Theft Risk: Low Text: Fundacion Dr. Manuel Sadosky - Programa STIC Advisory www.fundacionsadosky.org.ar *Vulnerabilities in the Samsung SNS ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015030093 *** HP Security Bulletins *** --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** DSA-3186 nss - security update *** --------------------------------------------- It was discovered that the Mozilla Network Security Service library(nss) incorrectly handled certain ASN.1 lengths. A remote attacker couldpossibly use this issue to perform a data-smuggling attack. --------------------------------------------- https://www.debian.org/security/2015/dsa-3186 *** DSA-3185 libgcrypt11 - security update *** --------------------------------------------- Multiple vulnerabilities were discovered in libgcrypt: --------------------------------------------- https://www.debian.org/security/2015/dsa-3185 *** DSA-3184 gnupg - security update *** --------------------------------------------- Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard: --------------------------------------------- https://www.debian.org/security/2015/dsa-3184 *** WPML Multiple Vulnerabilities (Including SQLi) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7843 *** Schneider Electric Pelco DS-NVs Buffer Overflow Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a buffer overflow vulnerability in the Schneider Electric Pelco DS-NVs software package. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-071-01 *** Xen Multiple Flaws Let Local Guest Users Deny Service or Obtain Information From Other Guest Systems *** --------------------------------------------- http://www.securitytracker.com/id/1031806

1 0

Tageszusammenfassung - Donnerstag 12-03-2015
by Daily end-of-shift report 12 Mar '15

12 Mar '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 11-03-2015 18:00 − Donnerstag 12-03-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Cyber Security in Supply Chain Management: Part 1 *** --------------------------------------------- Introduction Cyber security is generally thought of as various types of security devices like firewalls, Web Application Firewall (WAF), IDS/IPS, SIEM, DLP etc. to safeguard network, applications and data. But what if, for example, the deployed security solutions have a bug inside? The latest example of this is exposing of a vulnerability in Lenovo notebooks. --------------------------------------------- http://resources.infosecinstitute.com/cyber-security-in-supply-chain-manage… *** Paper: Windows 10 patching process may leave enterprises vulnerable to zero-day attacks *** --------------------------------------------- Aryeh Goretsky gives advice on how to adapt to Windows 10s patching strategy.Patching is hard, especially when the code base is old and the bugs are buried deeply. This was highlighted once again this week when Microsoft released a patch for a vulnerability that was thought to have been patched almost five years ago, but which could still be exploited.In fact, six out of the last eight Patch Tuesdays have included patches that have caused problems for some Windows users.Probably in response to... --------------------------------------------- http://www.virusbtn.com/blog/2015/03_12.xml?rss *** Microsoft SHA-2 Advisory Causing "Infinite Loop" Issues *** --------------------------------------------- Windows users are having issues with a security update issued this week meant to add SHA-2 code-signing and verification support to Windows 7 and Windows Server 2008 R2 machines. --------------------------------------------- http://threatpost.com/microsoft-sha-2-advisory-causing-infinite-loop-issues… *** Schwerwiegende Sicherheitslücke im Shop-System xt:Commerce *** --------------------------------------------- Derzeit klafft eine Sicherheitslücke im aktuellen Versionszweig des verbreiteten Online-Shop-Systems xt:Commerce. Ein Patch ist bereits verfügbar. --------------------------------------------- http://heise.de/-2573755 *** Who got the bad SSL Certificate? Using tshark to analyze the SSL handshake., (Thu, Mar 12th) *** --------------------------------------------- Ever wonder if any of your users connect to sites with bad SSL certificates? I ran into this issue recently when debugging some SSL issues, and ended up with thisquick tshark and shell script trickto extract the necessary information from a packet capture. First, you may want to compare the host name your clients connect to, to the host name returned as part of the certificate. While the Host header is encrypted and not accessible, modern SSL libraries use Server Name Indication (SNI) as part... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19455&rss *** Defending Against PoS RAM Scrapers *** --------------------------------------------- Stealing payment card data has become an everyday crime that yields quick monetary gains. Attackers aim to steal the data stored in the magnetic stripe of payment cards, optionally clone the cards, and run charges on the accounts associated with them. The topic of PoS RAM scraper malware always prompts businesses and retailers to ask... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/CYPwDbRGFfc/ *** Dropbox Patches Remotely Exploitable Vulnerability in SDK *** --------------------------------------------- Developers at Dropbox recently fixed a remotely exploitable vulnerability in the Android SDK version of the app that enabled attackers to connect applications on some devices to a Dropbox account without the users consent. --------------------------------------------- http://threatpost.com/dropbox-patches-remotely-exploitable-vulnerability-in… *** Inverted WordPress Trojan *** --------------------------------------------- Trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously does something bad. In WordPress, typical trojans are plugins and themes (usually pirated) which may have backdoors, or send out spam, create doorways, inject hidden links or malware. The trojan modelRead More --------------------------------------------- http://blog.sucuri.net/2015/03/inverted-wordpress-trojan.html *** RSA Digital Certificate Manager Input Validation Flaws Permit Cross-Site Scripting and Denial of Service Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1031912 *** EMC Secure Remote Services GHOST / SQL Injection / Command Injection *** --------------------------------------------- Topic: EMC Secure Remote Services GHOST / SQL Injection / Command Injection Risk: High Text:ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities CVE Identifier: CVE-2... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015030076 *** Google Android Integer Oveflow / Heap Corruption *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2015030079 *** phpMyAdmin Bug May Disclose CSRF Token to Remote Users *** --------------------------------------------- http://www.securitytracker.com/id/1031871 *** Elipse E3 Process Control Vulnerability (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-15-069-04 Elipse E3 Process Control Vulnerability that was published March 10, 2015, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-069-04A *** IBM Security Bulletin: Apache Tomcat request smuggling affects Algo Audit and Compliance (CVE-2014-0227) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21698437 *** IBM Security Bulletin: IBM PowerVC - Ceilometer DB2/MongoDB Backend Password Leak (CVE-2013-6384) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1020585 *** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM/Cisco Switches and Directors (CVE-2015-0235) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1005122 *** IBM Security Bulletin: Multiple IBM InfoSphere Information Server components are affected by a vulnerability in the XML4C parser (CVE-2014-8901) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21696312 *** SA-CONTRIB-2015-077 - OG tabs - Cross Site Scripting (XSS) *** --------------------------------------------- https://www.drupal.org/node/2450427 *** SA-CONTRIB-2015-076 - Image Title - Cross Site Scripting (XSS) *** --------------------------------------------- https://www.drupal.org/node/2450393 *** SA-CONTRIB-2015-075 - Perfecto - Open Redirect *** --------------------------------------------- https://www.drupal.org/node/2450391 *** SA-CONTRIB-2015-074 - Site Documentation - Cross Site Scripting (XSS) *** --------------------------------------------- https://www.drupal.org/node/2450387 *** Pie Register 2.0.14 - Cross Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7842

1 0

Tageszusammenfassung - Mittwoch 11-03-2015
by Daily end-of-shift report 11 Mar '15

11 Mar '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 10-03-2015 18:00 − Mittwoch 11-03-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Inside the EquationDrug Espionage Platform *** --------------------------------------------- EquationDrug represents the main espionage platform from the Equation Group. It's been in use for over 10 years, replacing EquationLaser until it was itself replaced itself by the even more sophisticated GrayFish platform. --------------------------------------------- http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage… *** DroppedIn: Remotely Exploitable Vulnerability in the Dropbox SDK for Android *** --------------------------------------------- The IBM X-Force Application Security Research Team has discovered a vulnerability in the Dropbox SDK for Android (CVE-2014-8889) which allows attackers to connect applications on mobile devices to a Dropbox account controlled by the attacker without the victim's knowledge or authorization. This is a serious flaw in the authentication mechanism within any Android app using a Dropbox SDK Version 1.5.4 through 1.6.1 (note: this vulnerability was resolved in Dropbox SDK for Android v1.6.2). --------------------------------------------- http://securityintelligence.com/droppedin-remotely-exploitable-vulnerabilit… *** Unpatched security vulnerabilities affecting Facebook *** --------------------------------------------- A web security researcher from Portugal has discovered several vulnerabilities affecting Facebook that he considers to be serious, but hasnt had much success convincing the company of that, so he sha... --------------------------------------------- http://www.net-security.org/secworld.php?id=18069 *** Reconnect tool for hacking Facebook is publicly available *** --------------------------------------------- The security expert Egor Homakov from Sakurity firm has released the Reconnect tool that allows hackers to hijack accounts on sites that use Facebook logins. The security expert Security Egor Homakov has developed a hacking tool dubbed Reconnect that exploit a flaw in Facebook to hijack accounts on sites that use Facebook logins. Homakov, with works for... --------------------------------------------- http://securityaffairs.co/wordpress/34705/hacking/reconnect-hacking-faceboo… *** DDoS on UPNP Devices *** --------------------------------------------- Denial of service (DOS) attack is an attempt to make a machine or a network resource unavailable to its users. It basically consists of methods to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet, and these attacks are sent by one person or a system. One common method of... --------------------------------------------- http://resources.infosecinstitute.com/ddos-upnp-devices/ *** Full details on CVE-2015-0096 and the failed MS10-046 Stuxnet fix *** --------------------------------------------- In early January 2015, researcher Michael Heerklotz approached the Zero Day Initiative with details of a vulnerability in the Microsoft Windows operating system. We track this issue as ZDI-15-086. Unless otherwise noted, the technical details in this blog post are based on his detailed research. --------------------------------------------- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Full-details-on-CVE-… *** Threatglass has pcap files with exploit kit activity, (Tue, Mar 10th) *** --------------------------------------------- Threatglassis a one way to find up-to-date examples of exploit kit traffic. Not all of it is exploit kit traffic, but all of it represents some sort of malicious activity. Threatglassdoesnt explain what type of traffic youre looking at from the pcaps the site provides. Letslook at a page from last week on Thursday, March 5th 2015 [1]. This one isexploit kit activity. In the image below, youll find a link to the packet capture in the lower right-hand corner" /> Download the pcap and open... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19433&rss *** n00bs CTF Labs by Infosec Institute *** --------------------------------------------- n00bs CTF (Capture the Flag) Labs is a web application presented by Infosec Institute. It has 15 mini Capture the Flag challenges intended for beginners and newbies in the information security field or for any average infosec enthusiasts who haven't attended hacker conventions yet. So what is a CTF? In hacker conventions, CTF or Capture... --------------------------------------------- http://resources.infosecinstitute.com/n00bs-ctf-labs-infosec-institute/ *** Achtung: Panda-Virenscanner zerschießt Windows, nicht Neustarten! *** --------------------------------------------- Die Antivirenschutz-Produkte von Panda Security haben wegen fehlerhaften Signaturen etliche Windows-Rechner lahm gelegt. Wer betroffen ist, soll die Füße still halten und das System nicht neu starten - da es unter Umständen nicht mehr hochfährt. --------------------------------------------- http://heise.de/-2573233 *** Panda Antivirus: Gravierender Fehler im Virenscanner löscht Systemdateien *** --------------------------------------------- Ein gravierender Fehler in Pandas Antivirensoftware kann unter Umständen zu einem vollkommen unbrauchbaren System führen. Panda bestätigt das Problem. Golem.de hat erste Hinweise erhalten, wie der Fehler zu stoppen ist. (Virenscanner, Applikationen) --------------------------------------------- http://www.golem.de/news/panda-antivirus-gravierender-fehler-im-virenscanne… *** Doctor Web: February 2015 virus activity review *** --------------------------------------------- March 4, 2015 The shortest month of the year had its share of new malware. In early February, Doctor Web security researchers finished examining a complex multi-purpose malicious program for Linux, while at month's end, they published the results of their analysis of a new version of a backdoor for Mac OS X. As before, malicious programs for Android remained active throughout the month. PRINCIPAL TRENDS IN JANUARY New Linux Trojans Virus makers are still showing an interest in Mac OS X. --------------------------------------------- http://news.drweb.com/show/?i=9316&lng=en&c=9 *** Ein Blick in die Zukunft der Handy-Malware *** --------------------------------------------- Kaspersky hat eine Analyse zu einer Android-Malware veröffentlicht, die zwar aktuell nur in Russland aktiv ist, aber einen Vorgeschmack gibt, was demnächst auch bei uns passieren könnte: Wichtige Punkte daraus: Das Teil ist inzwischen so modular und gut geschützt, wie typische Windows Malware Frameworks Es enthält Code zum Anmelden des Opfers bei diversen Premium-Services Dabei kann es automatisch... --------------------------------------------- http://www.cert.at/services/blog/20150311102554-1454.html *** DSA-3177 mod-gnutls - security update *** --------------------------------------------- Thomas Klute discovered that in mod-gnutls, an Apache module providingSSL and TLS encryption with GnuTLS, a bug caused the servers clientverify mode not to be considered at all, in case the directorysconfiguration was unset. Clients with invalid certificates were thenable to leverage this flaw in order to get access to that directory. --------------------------------------------- https://www.debian.org/security/2015/dsa-3177 *** DSA-3182 libssh2 - security update *** --------------------------------------------- Mariusz Ziulek reported that libssh2, a SSH2 client-side library, wasreading and using the SSH_MSG_KEXINIT packet without doing sufficientrange checks when negotiating a new SSH session with a remote server. Amalicious attacker could man in the middle a real server and cause aclient using the libssh2 library to crash (denial of service) orotherwise read and use unintended memory areas in this process. --------------------------------------------- https://www.debian.org/security/2015/dsa-3182 *** Manage Engine AD Audit Manager Plus Cross Site Scripting *** --------------------------------------------- Topic: Manage Engine AD Audit Manager Plus Cross Site Scripting Risk: Low Text: # Title:- Reflected cross-site scripting(XSS) Vulnerability in Manage Engine AD Audit Manager Plus Admin Panel(Bui... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015030060 *** tcpdump Denial Of Service / Code Execution *** --------------------------------------------- Topic: tcpdump Denial Of Service / Code Execution Risk: High Text:Hi, please find tcpdump 4.7.2 source code at: http://www.ca.tcpdump.org/beta/tcpdump-4.7.2.tar.gz http://www.ca.tcpdu... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015030064 *** Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability *** --------------------------------------------- cisco-sa-20150311-ips --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor *** --------------------------------------------- cisco-sa-20150311-vcs --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** IBM Security Bulletin: Multiple vulnerabilities fixed in Current Release of Liberty for Java for IBM Bluemix (CVE-2012-6153, CVE-2014-3577, CVE-2015-0178) *** --------------------------------------------- 2015-03-11T10:06:12-04:00 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21696864 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities could, if exploited, allow ... --------------------------------------------- http://support.citrix.com/article/CTX200484 *** HPSBNS03280 rev.1 - HP NonStop Servers running SAMBA, Remote Execution of Arbitrary Code *** --------------------------------------------- A potential security vulnerability has been identified with HP NonStop Servers running SAMBA. The vulnerability could be exploited remotely resulting in execution of arbitrary code. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** HPSBUX03281 SSRT101968 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** USN-2524-1: eCryptfs vulnerability *** --------------------------------------------- Ubuntu Security Notice USN-2524-110th March, 2015ecryptfs-utils vulnerabilityA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Ubuntu 10.04 LTSSummarySensitive information in encrypted home and Private directories could beexposed if an attacker gained access to your files.Software description ecryptfs-utils - eCryptfs cryptographic filesystem utilities DetailsSylvain Pelissier discovered that eCryptfs did not generate a random --------------------------------------------- http://www.ubuntu.com/usn/usn-2524-1/ *** USN-2522-3: ICU vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-2522-310th March, 2015icu vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTSSummaryICU could be made to crash or run programs as your login if it processedspecially crafted data. Software description icu - International Components for Unicode library DetailsUSN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the fontpatches caused a regression when using LibreOffice Calc. The patches havenow been updated --------------------------------------------- http://www.ubuntu.com/usn/usn-2522-3/ *** VU#794095: Telerik Analytics Monitor Library allows DLL hijacking *** --------------------------------------------- Vulnerability Note VU#794095 Telerik Analytics Monitor Library allows DLL hijacking Original Release date: 10 Mar 2015 | Last revised: 10 Mar 2015 Overview Telerik Analytics Monitor Library is a third-party application analytics service that collects detailed application metrics for vendors. Some versions of the Telerik library allow DLL hijacking, allowing an attacker to load malicious code in the context of the Telerik-based application. Description CWE-114: Process ControlTelerik --------------------------------------------- http://www.kb.cert.org/vuls/id/794095 *** WordPress SEO by Yoast <= 1.7.3.3 - Blind SQL Injection *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7841

1 0

Tageszusammenfassung - Dienstag 10-03-2015
by Daily end-of-shift report 10 Mar '15

10 Mar '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 09-03-2015 18:00 − Dienstag 10-03-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** MS15-MAR - Microsoft Security Bulletin Summary for March 2015 - Version: 1.0 *** --------------------------------------------- This bulletin summary lists security bulletins released for March 2015. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS15-MAR *** Apple Patches for iOS, OS X and Apple TV, (Tue, Mar 10th) *** --------------------------------------------- With yesterdays updates for iOS, OS X and Apple TV, Apple also addressed a number of security vulnerabilities, most notably the Freak vulnerability. After updating, the affected operating systems no longer support export quality ciphers. However, Apple browsers continue to support SSLv3 and as a result, continue to be vulnerable to POODLE. Quick Summary of the security content of Apples updates: XCode 6.2: This update addresses 4 vulnerabilities in subversion and 1 in git. OS X: 5... --------------------------------------------- https://isc.sans.edu/diary/Apple+Patches+for+iOS%2C+OS+X+and+Apple+TV/19443 *** Exploiting the DRAM rowhammer bug to gain kernel privileges *** --------------------------------------------- "Rowhammer" is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer... --------------------------------------------- http://googleprojectzero.blogspot.co.at/2015/03/exploiting-dram-rowhammer-b… *** Network Forensics What Are Your Investigations Missing - SANS DFIR WEBCAST *** --------------------------------------------- Traditionally, computer forensic investigations focused exclusively on data from the seized media associated with a system of interest.Recently, memory analysis has become an integral part of forensic analysis, resulting in a new and significantly different way for digital examiners and investigators to perform their craft.Now another evolution in computer forensics is at hand - one that includes data collected from network devices as well as the from wires themselves. Every day, more and more... --------------------------------------------- http://blog.malwareresearch.institute/video/2015/03/09/network-forensics-wh… *** Yahoo Patches Critical eCommerce, Small Business Vulnerabilities *** --------------------------------------------- Yahoo has fixed a handful of vulnerabilities that could have given an attacker free reign over all of its user-run eCommerce websites and caused multiple headaches for small business owners. --------------------------------------------- http://threatpost.com/yahoo-patches-critical-ecommerce-small-business-vulne… *** Attackers targeting Elasticsearch remote code execution hole *** --------------------------------------------- Devs ring patch alarm bells, drop shell code Attackers are targeting a patched remote code execution vulnerability in Elasticsearch that grants unauthenticated bad guys access through a buggy API. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/03/10/elastic_sea… *** SMS Trojan bypasses CAPTCHA *** --------------------------------------------- Trojan-SMS.AndroidOS.Podec proved to be remarkable: it can send messages to premium-rate numbers employing tools that bypass the Advice of Charge system. It can also subscribe users to premium-rate services while bypassing CAPTCHA. --------------------------------------------- http://securelist.com/analysis/publications/69169/sms-trojan-bypasses-captc… *** Xen Security Advisory CVE-2015-2150 / XSA-120 *** --------------------------------------------- Non-maskable interrupts triggerable by guests --------------------------------------------- http://xenbits.xen.org/xsa/advisory-120.html *** Xen Security Advisory CVE-2015-2151 / XSA-123 *** --------------------------------------------- Hypervisor memory corruption due to x86 emulator flaw --------------------------------------------- http://xenbits.xen.org/xsa/advisory-123.html *** Xen Security Advisory XSA-124 *** --------------------------------------------- Non-standard PCI device functionality may render pass-through insecure --------------------------------------------- http://xenbits.xen.org/xsa/advisory-124.html *** Exploiting the DRAM "Row Hammer" Bug *** --------------------------------------------- IBM has determined that all IBM System z, System p, and System x products are not vulnerable to this attack. IBM is analyzing other IBM products to determine if they are potentially impacted by this issue. Please actively monitor both your IBM Support Portal for available fixes and/or remediation steps and this blog for additional information. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/exploiting_the_dram_r… *** Row Hammer Privilege Escalation Vulnerability *** --------------------------------------------- cisco-sa-20150309-rowhammer --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products *** --------------------------------------------- cisco-sa-20150310-ssl --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response *** --------------------------------------------- Topic: Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response Risk: High Text:Hi there, Latest varnish-cache 4.0.3 (https://www.varnish-cache.org/) seem to have a problem with parsing HTTP responses fro... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015030056 *** Foxit Reader Update Service Unsafe Service Path Lets Local Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1031879 *** Foxit Reader GIF File LZWMinimumCodeSize Memory Corruption Error Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1031878 *** Foxit Reader GIF File Ubyte Size Memory Corruption Error Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1031877 *** Red Hat Enterprise MRG Messaging Qpid Daemon Bugs Let Remote Users Deny Service and Access the System *** --------------------------------------------- http://www.securitytracker.com/id/1031872 *** Rails ActiveModel::Name Flaw Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031873 *** Security Advisory: MainWP-Child WordPress Plugin *** --------------------------------------------- Security Risk: Critical Exploitation level: Very Easy/Remote DREAD Score: 9/10 Vulnerability: Password bypass / Privilege Escalation Patched Version: 2.0.9.2 During a routine audit of our Website Firewall (WAF), we found a critical vulnerability affecting the popular MainWP Child WordPress plugin. According to worpdress.org, it is installed on more than 90,000 WordPress sites as as remote administration... --------------------------------------------- http://blog.sucuri.net/2015/03/security-advisory-mainwp-child-wordpress-plu… *** Google Analytics by Yoast 5.3.2 - Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7838 *** Fraction Theme <= 1.1.1 - Privilege Escalation via CSRF *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7840

1 0

Tageszusammenfassung - Montag 9-03-2015
by Daily end-of-shift report 09 Mar '15

09 Mar '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 06-03-2015 18:00 − Montag 09-03-2015 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** Attackers concealing malicious macros in XML files *** --------------------------------------------- XML files are harmless text files right? Wrong! The group behind the malicious Microsoft Office document campaigns have started to utilize Microsoft Office XML formats to hide malicious macros. This week, our spam traps were flooded with spam with XML... --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Attackers-concealing-ma… *** Samba Remote Code Execution Vulnerability - CVE-2015-0240 *** --------------------------------------------- The Samba team reported CVE-2015-0240 last February 23, 2015. This vulnerability is very difficult to exploit and we are not aware of successful exploitation. However, it is quite interesting from the point for view of detection. There are two important facts: The vulnerability resides in the Netlogon Remote Protocol implementation of Samba which is a... --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/samba-remote-cod… *** How Malware Generates Mutex Names to Evade Detection, (Mon, Mar 9th) *** --------------------------------------------- Malicious software sometimes uses mutex objects to avoid infecting the system more than once, as well as to coordinate communications among its multiple components on the host. Incident responders can look for known mutex names to spot the presence of malware on the system. To evade detection, some malware avoids using a hardcoded name for its mutex, as is the case with the specimen discussed in this note. Static Mutex Names as Indicators of Compromise For background details about mutex... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19429&rss *** New crypto ransomware in town : CryptoFortress *** --------------------------------------------- This post has been heavily edited to fix my mistake. --------------------------------------------- http://malware.dontneedcoffee.com/2015/03/cryptofortress-teeraca-aka.html *** Seagate Confirms NAS Zero Day, Won't Patch Until May *** --------------------------------------------- Seagate confirmed a publicly disclosed vulnerability in one of its network attached storage products, but said it wont have a patch available until May. --------------------------------------------- http://threatpost.com/seagate-confirms-nas-zero-day-wont-patch-until-may/11… *** OpenSSL Audit *** --------------------------------------------- IntroductionThe reputation built by NCC Group, including iSEC Partners, Matasano Security, Intrepidus Group and NGS Secure, has led compani ... --------------------------------------------- https://www.nccgroup.com/en/blog/2015/03/openssl-audit/ *** l+f: Vernetzte Wetterstation funkte WLAN-Passwort zum Hersteller *** --------------------------------------------- Die Netatmo-Wetterstationen schickten nicht nur ihre Messwerte ins Netz, sondern auch SSID und WLAN-Passwort des Nutzers. --------------------------------------------- http://heise.de/-2571218 *** Update - Notizen zu FREAK *** --------------------------------------------- In den letzten Tagen gab es wieder einmal große mediale Aufmerksamkeit für eine Schwachstelle in OpenSSL und anderen Crypto-Libraries. Der Eintrag für die zugehörige CVE-ID CVE-2015-0204 besteht seit November letzten Jahres, aktualisierte Versionen von OpenSSL wurden heuer im Jänner veröffentlicht. | Update 2015-03-09 | Ergänzung: Auflistungen betroffener Bibliotheken/Anbieter finden sich auf... --------------------------------------------- http://www.cert.at/services/blog/20150306175713-1442.html *** Mono TLS vulnerabilities *** --------------------------------------------- Topic: Mono TLS vulnerabilities Risk: Medium Text:Hi A TLS impersonation attack was discovered in Monos TLS stack by researchers at Inria. During checks on our TLS stack, w... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015030042 *** IBM Security Bulletin: Multiple Vulnerabilities in the IBM Java SDK affect IBM Notes and Domino (Oracle January 2015 Critical Patch Update) *** --------------------------------------------- 2015-03-09T11:05:28-04:00 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21698222 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2014-3570, CVE-2014-3572, CVE-2015-0204) *** --------------------------------------------- 2015-03-09T11:04:47-04:00 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21698574 *** IBM Security Bulletin: Vulnerability in SSLv3 Affects Power Hardware Management Console (CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568) *** --------------------------------------------- 2015-03-09T11:01:43-04:00 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1020593 *** IBM Security Bulletin: Vulnerability in SSLv3 enabled in IBM Host On-Demand affects Rational Functional Tester (CVE-2014-3566) *** --------------------------------------------- 2015-03-09T11:01:10-04:00 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21697348 *** IBM Security Bulletin: Fixes available for Security Vulnerabilities in IBM WebSphere Portal (CVE-2014-6214; CVE-2015-0139; CVE-2015-0177) *** --------------------------------------------- 2015-03-09T11:10:19-04:00 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21697213 *** HPSBUX03235 SSRT101750 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS) *** --------------------------------------------- A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Vulnerabilities in WordPress Pluins *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7826 https://wpvulndb.com/vulnerabilities/7827 https://wpvulndb.com/vulnerabilities/7828 https://wpvulndb.com/vulnerabilities/7829 https://wpvulndb.com/vulnerabilities/7830 https://wpvulndb.com/vulnerabilities/7831 https://wpvulndb.com/vulnerabilities/7832 https://wpvulndb.com/vulnerabilities/7833 https://wpvulndb.com/vulnerabilities/7834 https://wpvulndb.com/vulnerabilities/7835 https://wpvulndb.com/vulnerabilities/7836 https://wpvulndb.com/vulnerabilities/7837

1 0

Tageszusammenfassung - Freitag 6-03-2015
by Daily end-of-shift report 06 Mar '15

06 Mar '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 05-03-2015 18:00 − Freitag 06-03-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Oracle hängt Adware an den Java-Installer für Mac OS X *** --------------------------------------------- Bei der Installation von Java wird nun auch Mac-Nutzern Adware angedreht - dabei handelt es sich aktuell um eine Browser-Erweiterung. --------------------------------------------- http://heise.de/-2568995 *** Intuit Failed at 'Know Your Customer' Basics *** --------------------------------------------- Intuit, the makers of TurboTax, recently introduced several changes to beef up the security of customer accounts following a spike in tax refund fraud at the state and federal level. Unfortunately, those changes dont go far .. --------------------------------------------- http://krebsonsecurity.com/2015/03/intuit-failed-at-know-your-customer-basi… *** Why A Free Obfuscator Is Not Always Free. *** --------------------------------------------- We all love our code but some of us love it so much that we don't want anyone else to read or understand it. When you think about it, that's understandable - hours and hours of hard dev work, days of testing and weeks .. --------------------------------------------- http://blog.sucuri.net/2015/03/why-a-free-obfuscator-is-not-always-free.html *** Cisco IOS Autonomic Networking Infrastructure Self-Referential Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015… *** Contact Form DB 2.8.29 - CSRF *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7826 *** Cisco IOS Software and Cisco IOS XE Software Crafted RADIUS Packet Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015… *** Cisco IOS XR Software Malformed SNMP Packet Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015… *** Freak: Auch Windows von SSL-Lücke betroffen *** --------------------------------------------- Deutlich mehr Clients gefährdet als bisher angenommen - Neben Android und iOS auch Opera unter Linux .. --------------------------------------------- http://derstandard.at/2000012569585 *** Internetdienst Onlinetvrecorder.com gehackt *** --------------------------------------------- Der Internet-Aufnahmedienst Onlinetvrecorder.com ist Opfer eines Hackangriffes geworden. Der Anbieter empfiehlt allen Nutzern, ihr Passwort zu ändern. --------------------------------------------- http://heise.de/-2569350 *** Multiple vulnerabilities in Siemens products *** --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-15-064-01 https://ics-cert.us-cert.gov//advisories/ICSA-15-064-02 https://ics-cert.us-cert.gov//advisories/ICSA-15-064-03 https://ics-cert.us-cert.gov//advisories/ICSA-15-064-04 https://ics-cert.us-cert.gov//advisories/ICSA-15-064-05 *** Verbraucherschützer warnen vor falschen E-Mails von Paketdiensten *** --------------------------------------------- Links führen laut deutscher Verbraucherzentrale zu Schadsoftware - Falsche Mails nutzen Namen von DHL und UPS --------------------------------------------- http://derstandard.at/2000012593805 *** Powerspy: Stalking über den Akkuverbrauch *** --------------------------------------------- Statt über Bluetooth und per GPS lassen sich Smartphone-Benutzer auch anhand ihres Akkuverbrauchs verfolgen. Powerspy macht's möglich. --------------------------------------------- http://www.golem.de/news/powerspy-stalking-ueber-den-akkuverbrauch-1503-112… *** Adobe drückt sich vor Finderlohn für gemeldete Lücken *** --------------------------------------------- Wer Lücken im Adobe Reader, Flash und Co. findet, kann diese jetzt über ein Belohnungsprogramm an den Hersteller melden. Eine geldwerte Belohnung gibt es allerdings nicht – zumindest nicht von Adobe. --------------------------------------------- http://heise.de/-2569878 *** The Ongoing Debate about the Gap between Compliance and Security *** --------------------------------------------- Companies required to comply with the Payment Card Industry Data Security Standard (PCI DSS) must meet a wide range of technical and operation requirements. The challenge organizations face regarding PCI compliance has shifted from achieving the minimum level required to satisfy PCI audit .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/the-ongoing-debate-abo…

1 0

Tageszusammenfassung - Donnerstag 5-03-2015
by Daily end-of-shift report 05 Mar '15

05 Mar '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 04-03-2015 18:00 − Donnerstag 05-03-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** MICROSYS PROMOTIC Stack Buffer Overflow *** --------------------------------------------- This advisory provides mitigation details for a stack-based buffer overflow vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-15-062-01 *** Adobe Launches Web Application Vulnerability Disclosure Program on HackerOne *** --------------------------------------------- In recognition of the important role that independent security researchers play in keeping Adobe customers safe, today Adobe launches a web application .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1179 *** SA-CONTRIB-2015-063 - Webform - Cross Site Scripting (XSS) *** --------------------------------------------- The module doesn't sufficiently escape user data presented to administrative users in the webform results table. This issue affects the 7.x-4.x branch only. This vulnerability is mitigated by the fact that an attacker .. --------------------------------------------- https://www.drupal.org/node/2445935 *** Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015… *** Cisco Secure Access Control Server Default Tomcat Administration Interface Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Toshiba Bluetooth Stack Untrusted Service Path Lets Local Users Gain System Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1031825 *** BIND DNSSEC Guide *** --------------------------------------------- ISC has new documentation introducing DNSSEC, configuring BIND for common DNSSEC features, and basic DNSSEC troubleshooting. ISCs BIND DNSSEC Guide, co-written with DeepDive Networking, covers DNSSEC requirements, setting up a validating resolver, maintaining signed authoritative zones, and .. --------------------------------------------- http://users.isc.org/~jreed/dnssec-guide/dnssec-guide.html *** SANS ICS410 Vienna *** --------------------------------------------- SANS presents the essential ICS/SCADA training course, ICS410 ICS Security Essentials. This specialist training event is running with the support of the International Atomic Energy Agency (IAEA) and follows the IAEAs International Conference on Computer Security in a Nuclear World which takes place the preceding week in Vienna. --------------------------------------------- https://www.sans.org/event/ics410-vienna-with-iaea *** Malware "Casper": Wie die Franzosen in Syrien spionieren *** --------------------------------------------- Sicherheitsforscher analysieren Schadprogramm, das wohl von Frankreichs Geheimdiensten eingesetzt wird --------------------------------------------- http://derstandard.at/2000012513213 *** Format Injection Vulnerability in Duo Security Web SDK *** --------------------------------------------- Format Injection is not a new bug, but it was never described as a subclass of A1 Injection. You probably already hate me for giving it a name (at least I didn't create a logo!) but calling it an 'injection' is too general. --------------------------------------------- http://sakurity.com/blog/2015/03/03/duo_format_injection.html *** The State Of The Internet *** --------------------------------------------- One great idea behind the internet is to connect devices from nearly every position on earth. Well, this idea sometimes has its drawbacks. In order to get an overview about devices that are actually connected, the University of .. --------------------------------------------- https://splone.com/blog/2015/3/4/the-state-of-the-internet *** Schutz vor Freak Attack: Diese Browser sind betroffen *** --------------------------------------------- Der Freak-Angriff kompromittiert unzählige verschlüsselte Webseiten und Angreifer könnten sensible Daten ausspionieren. Ob man für die Attacke anfällig ist, hängt aber vom eingesetzten Betriebssystem, Webbrowser und der besuchten Internetseite ab. --------------------------------------------- http://heise.de/-2567655 *** OpenSSL Cookbook 2nd Edition released *** --------------------------------------------- Today we're releasing the second edition of OpenSSL Cookbook, Feisty Ducks free OpenSSL book. This edition is a major update, with some improvements to the existing text and new content added. The new edition has about 95 pages, an increase of about 35 pages. --------------------------------------------- http://blog.ivanristic.com/2015/03/openssl-cookbook-second-edition-released… *** Utilizing NLP To Detect APT in DNS *** --------------------------------------------- Imagine that after a nice, relaxing long weekend, you come in to work Monday morning at your job at the bank. While waking up with a cup of coffee, you begin checking email. Among the usual messages, there's a message about a security update and you click it. Security updates are so common these days that it's .. --------------------------------------------- https://labs.opendns.com/2015/03/05/nlp-apt-dns/ *** l+f: Abgelaufenes SSL-Zertifikat bei Visa *** --------------------------------------------- Wenn der Browser beim Besuch von Visa.de einen Zertifikatswarnung anzeigt, kann ein Angriff im Gange sein – oder der Admin hat vergessen, wann das Zertifikat abläuft. --------------------------------------------- http://heise.de/-2568054 *** VB2014 paper: Leaving our ZIP undone: how to abuse ZIP to deliver malware apps *** --------------------------------------------- Gregory Panakkal explains there are different ways of looking at APK files - and that sometimes has unintended consequences.Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we .. --------------------------------------------- http://www.virusbtn.com/blog/2015/03_05.xml *** Domain Trusts: Why You Should Care *** --------------------------------------------- Red teams have been abusing Windows domain trusts for years with great success, but the topic is still underrepresented in public infosec discussions. While the community has started to talk more about Active Directory .. --------------------------------------------- http://www.harmj0y.net/blog/redteaming/domain-trusts-why-you-should-care/ *** Decoding ZeuS Disguised as an .RTF File *** --------------------------------------------- While going through emails that were reported by our internal users using Reporter, I came across a particularly nasty looking phishing email that had a .doc attachment. At first when I detonated the sample in my VM, it seemed that the attackers weaponized the attachment incorrectly. .. --------------------------------------------- http://phishme.com/decoding-zeus-disguised-as-an-rtf-file/

1 0

Tageszusammenfassung - Mittwoch 4-03-2015
by Daily end-of-shift report 04 Mar '15

04 Mar '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 03-03-2015 18:00 − Mittwoch 04-03-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Datensicherheit: Smartphones sollen sicherer werden - zumindest ein bisschen *** --------------------------------------------- Wie lassen sich mobile Geräte wenn schon nicht sicher, dann zumindest weniger unsicher machen? In Barcelona stellen Silent Circle, Jolla und Qualcomm ihre Ideen vor. --------------------------------------------- http://www.golem.de/news/datensicherheit-smartphones-sollen-sicherer-werden… *** phpMoAdmin 0-day Nmap Script *** --------------------------------------------- An 0-day vulnerability has been posted on Full-Disclosure this morning. It affects the MongoDB GUI phpMoAdmin. The GUI is similar to the well-known phpMyAdmin and allows the DB administrator to perform maintenance tasks on the .. --------------------------------------------- http://blog.rootshell.be/2015/03/04/phpmoadmin-0-day-nmap-script/ *** Freak Attack: SSL-Verschlüsselung von Millionen Webseiten angreifbar *** --------------------------------------------- Wenn Nutzer von Apple- und Android-Geräten eine der Millionen für den Angriff Freak anfälligen Webseiten ansurfen, kann ein Man-in-the-Middle die verschlüsselten Verbindungen knacken. Angreifer können nicht nur Daten mitlesen, sondern auch manipulieren. --------------------------------------------- http://heise.de/-2566444 *** CryptoFortress : Teerac.A (aka TorrentLocker) got a new identity *** --------------------------------------------- Blitz post. I was hunting for Gootkit (pushed in a Nuclear Pack instance in France those days) but instead I got a Teerac.A. --------------------------------------------- http://malware.dontneedcoffee.com/2015/03/cryptofortress-teeraca-aka.html *** SuperFish SSL Sniffing *** --------------------------------------------- Let's start off by saying that SuperFish may top Adobe's ColdFusion un-authenticated remote code executions versions 6-10. Although, Adobe may not have put those vulnerabilities in there themselves and knowingly, Lenovo has no excuse. --------------------------------------------- http://pashakravtsov.com/2015/03/03/SuperFish-SSL-Sniffing/ *** Forensik-Training: Shellshock-Hinweise in Serverlogs aufspüren *** --------------------------------------------- Die europäische Sichereitsbehörde ENISA hat ihr Trainingsmaterial für netzwerkforensische Analysen aktualisiert und um neue Themen ergänzt. --------------------------------------------- http://heise.de/-2566554 *** Threat Spotlight: Angler Lurking in the Domain Shadows *** --------------------------------------------- Over the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant accounts to create large amounts .. --------------------------------------------- http://blogs.cisco.com/security/talos/angler-domain-shadowing *** A Few Thoughts on Cryptographic Engineering *** --------------------------------------------- This is the story of how a handful of cryptographers hacked the NSA. Its also a story of encryption backdoors, and why they never quite work out the way you want them to. --------------------------------------------- http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-fac… *** Google: Chrome-Support für Android 4.0 wird eingestellt *** --------------------------------------------- Der Chrome-Browser wird für Android 4.0 nur noch wenige Wochen mit Updates versorgt. Nach Version 42 wird der Support beendet. Der steigende Wartungsaufwand für das dreieinhalb Jahre alte Android sei nicht mehr gerechtfertigt, sagt Google. --------------------------------------------- http://www.golem.de/news/google-chrome-support-fuer-android-4-0-wird-einges… *** Skyfall Meets Skype *** --------------------------------------------- The portmanteau-named SKYPEFALL.EXE is the latest, very active, malware-spamming campaign spreading through Skype. --------------------------------------------- http://securelist.com/blog/incidents/69065/skyfall-meets-skype/

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily March 2015