Daily June 2015

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - Dienstag 16-06-2015
by Daily end-of-shift report 16 Jun '15

16 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 15-06-2015 18:00 − Dienstag 16-06-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Dude, where's my heap? *** --------------------------------------------- Guest posted by Ivan Fratric, spraying 1TB of memoryThe ability to place controlled content to a predictable location in memory can be an important primitive in exploitation of memory corruption vulnerabilities. A technique that is commonly used to this end in browser exploitation is heap spraying: By allocating a large amount of memory an attacker ensures that some of the allocations happen in a predictable memory region. In order to break this technique, in Windows 8 Microsoft introduced High... --------------------------------------------- http://googleprojectzero.blogspot.com/2015/06/dude-wheres-my-heap.html *** RFC 7540 - HTTP/2 protocol, (Mon, Jun 15th) *** --------------------------------------------- RFC 7540 has been out for a month now. What should we expect with this new version? 1. New frame: HTTP/2 implements a binary protocol with the following frame structure: Length: The length of the frame payload expressed as an unsigned 24-bit integer. Values greater than 2^14 must not be sent unless the receiver has set a larger value for SETTINGS_MAX_FRAME_SIZE parameter. Type: The 8-bit type of the frame. It determines the format and semantics of the frame.">Length: The length of the... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19799&rss *** LastPass Security Notice *** --------------------------------------------- We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. --------------------------------------------- https://blog.lastpass.com/2015/06/lastpass-security-notice.html/ *** Blackhats exploiting MacKeeper hole to foist dangerous trojan *** --------------------------------------------- Peskware now net nasty Last months MacKeeper vulnerability is now being exploited in the wild to hijack Apple machines, according to BAE security researcher Sergei Shevchenko. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/06/16/blackhats_e… *** Odd HTTP User Agents, (Tue, Jun 16th) *** --------------------------------------------- Many web application firewalls do block odd user agents. However, decent vulnerability scanners will try to evade these simple protections by trying to emulate the user agent string of commonly used browsers. To figure out if I can distinguish bad from good, I compared some of the logs from our honeypotsto logs from a normalweb server (isc.sans.edu). Many of the top user agents hitting the honeypot are hardly seen on normal web sites, allowing me to identify possible vulnerability scanners. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19805&rss *** Phone hacking blitz hammers UK.bizs poor VoIP handsets *** --------------------------------------------- If I ever get my hands on those phreaking kids who hacked my phones... UK businesses are getting disproportionately targeted by a surge of attacks against Voice over IP (VoIP) systems. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/06/16/voip_hackin… *** iOS Application Security Part 45 - Enhancements in Damn Vulnerable iOS app version 2.0 *** --------------------------------------------- In this article, i would like to give a quick walkthrough of the new vulnerabilities and challenges that we have added in version 2.0 of Damn Vulnerable iOS app. In the Insecure Data storage section, we have added challenges for the following databases. Realm Database Couchbase Lite YapDatabase We have also added a new section... --------------------------------------------- http://resources.infosecinstitute.com/ios-application-security-part-45-enha… *** DSA-3289 p7zip - security update *** --------------------------------------------- Alexander Cherepanov discovered that p7zip is susceptible to adirectory traversal vulnerability. While extracting an archive, itwill extract symlinks and then follow them if they are referenced infurther entries. This can be exploited by a rogue archive to writefiles outside the current directory. --------------------------------------------- https://www.debian.org/security/2015/dsa-3289 *** VU#101500: Retrospect Backup Client uses weak password hashing *** --------------------------------------------- Vulnerability Note VU#101500 Retrospect Backup Client uses weak password hashing Original Release date: 15 Jun 2015 | Last revised: 15 Jun 2015 Overview Retrospect Backup Client is a client to a network-based backup utility. This client stores passwords in a hashed format that is weak and susceptible to collision, allowing an attacker to generate a password hash collision and gain access to the targets backup files. Description CWE-916: Use of Password Hash With Insufficient Computational... --------------------------------------------- http://www.kb.cert.org/vuls/id/101500 *** VU#626420: Pearson ProctorCache contains hard coded credentials *** --------------------------------------------- Vulnerability Note VU#626420 Pearson ProctorCache contains hard coded credentials Original Release date: 16 Jun 2015 | Last revised: 16 Jun 2015 Overview The Pearson ProctorCache software uses a hard coded password for administrative tasks. Description The ProctorCache is designed to cache the testing content, as well as cache the responses and maintain a client list of active test-takers. ProctorCache is a server software package installed locally within the LAN on a Windows system.CWE-259: --------------------------------------------- http://www.kb.cert.org/vuls/id/626420 *** Bugtraq: ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/535776 *** Security Advisory: MIT Kerberos 5 vulnerability CVE-2014-5355 *** --------------------------------------------- (SOL16743) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/16000/700/sol16743.htm… *** RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-15-162-01 RLE Nova Wind Turbine HMI Unsecure Credentials Vulnerability that was published June 11, 2015, on the NCCIC/ICS-CERT web site. This updated advisory provides publicly disclosed vulnerabilities and mitigation measures for the RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-162-01A *** IBM Security Bulletins *** --------------------------------------------- Vulnerability in Diffie-Hellman ciphers affects TS3400 (CVE-2015-4000) Vulnerability in Diffie-Hellman ciphers affects TS2900 (CVE-2015-4000) Vulnerability in Diffie-Hellman ciphers affects IBM Cognos Metrics Manager (CVE-2015-4000) Vulnerability in Diffie-Hellman ciphers affects the IBM Installation Manager and IBM Packaging Utility (CVE-2015-4000) Vulnerability with Diffie-Hellman ciphers may affect Lotus Quickr 8.5 for WebSphere Portal (CVE-2015-4000) Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Integrated Operations Management (CVE-2015-0491, CVE-2015-0459, CVE-2015-0469, CVE-2015-0458, CVE-2015-0480, CVE-2015-0488, CVE-2015-0478, CVE-2015-047...) IBM QRadar Incident Forensics 7.2.4 is vulnerable to a cross site scripting vulnerability. (CVE-2015-1919) Vulnerabilities in OpenSSL affect IBM Campaign, IBM ContactOptimization (CVE-2015-0209, CVE-2015-0286, CVE-2015-0288, CVE-2015-0292, CVE-2015-0293) Open Source Apache Tomcat prior to 6.0.42 as used in IBM QRadar Security Information and Event Manager 7.1 MR2, and 7.2.4 is vulnerable to HTTP request smuggling. (CVE-2014-0227) Vulnerabilities in OpenSSL affect IBM Campaign, IBM ContactOptimization (CVE-2014-3569) IBM Tealeaf Customer Experience is affected by a vulnerability in OpenSSL (CVE-2014-3511, CVE-2014-3512) Vulnerability in Diffie-Hellman ciphers affects IBM Operations Analytics - Predictive Insights (CVE-2015-4000) Vulnerability in OpenSSL affects IBM XIV Storage System Gen3 (CVE-2014-3570) Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition April 2015 CPU --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us

1 0

Tageszusammenfassung - Montag 15-06-2015
by Daily end-of-shift report 15 Jun '15

15 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 12-06-2015 18:00 − Montag 15-06-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Hey kids, who wants to pwn a million BIOSes? *** --------------------------------------------- IT security bods warn of dysfunctional ecosystem, fraught with vulnerability The overlooked task of patching PC BIOS and UEFI firmware vulnerabilities leaves corporations wide open to attack, a new paper by security researchers warns. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/06/12/bios_securi… *** Oh look - JavaScript Droppers *** --------------------------------------------- In a typical drive-by-download attack scenario the shellcode would download and execute a malware binary. The malware binary is usually wrapped in a dropper that unpacks or de-obfuscates and executes it. Droppers' main goal is to launch malware without being detected by antiviruses and HIPS. Nowadays the most popular way of covert launching would probably... --------------------------------------------- http://labs.bromium.com/2015/06/12/oh-look-javascript-droppers/ *** NTP für Windows: Schaltsekunde könnte Probleme bereiten *** --------------------------------------------- Wer den NTP-Client für Windows installiert hat, sollte vor dem 30. Juni ein Update durchführen --------------------------------------------- http://derstandard.at/2000017430786 *** Windows Server 2003 End of Life: You Can't RIP *** --------------------------------------------- Windows XP reached end of support last year and now it's time for another end of life: Windows Server 2003. On July 14, 2015, this widely deployed Microsoft operating system will reach its end of life - a long run since its launch in April 2003. Estimates on the number of still-active Windows Server 2003 users vary from... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/FwOEN1rriTc/ *** OPM hack: Vast amounts of extremely sensitive data stolen *** --------------------------------------------- The extent of the breach suffered by the US Office of Personnel Management has apparently widened. Reports are coming in that the hackers have not only accessed Social Security numbers, job assign... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/FaMAmsBY66Y/secworld.php *** Dnstwist variiert und testet Domainnamen *** --------------------------------------------- Wer überwachen will, wie Vertipper- und Phishing-Domains für einen Domainnamen verbreitet sind, kann das Python-Skript Dnstwist nutzen. Es übernimmt viel Handarbeit und hilft bei der Analyse. --------------------------------------------- http://heise.de/-2690418 *** The top mistakes banks make defending against hackers *** --------------------------------------------- Many financial institutions fail to perform comprehensive risk analysis and assessment, exposing their companies and clients to enormous risk. --------------------------------------------- https://www.htbridge.com/blog/the-top-mistakes-banks-make-defending-against… *** Call to participate in the EU28 Cloud Security Conference *** --------------------------------------------- On June 16, in Riga, the Ministry of Defence of the Republic of Latvia and the European Union Agency for Network and Information Security (ENISA) will organise the EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union. The participants of the conference will discuss the cloud security in the two parallel tracks: "Legal & Compliance" and "Technologies and Solutions". --------------------------------------------- http://www.enisa.europa.eu/media/news-items/call-to-participate-in-the-eu28… *** The Duqu 2.0 persistence module *** --------------------------------------------- We have described how Duqu 2.0 does not have a normal "persistence" mechanism. This can lead users to conclude that flushing out the malware is as simple as rebooting all the infected machines. In reality, things are a bit more complicated. --------------------------------------------- http://securelist.com/blog/research/70641/the-duqu-2-0-persistence-module/ *** Duqu 2.0 Attackers Used Stolen Foxconn Certificate to Sign Driver *** --------------------------------------------- The attackers behind the recently disclosed Duqu 2.0 APT have used stolen digital certificates to help sneak their malware past security defenses, and one of the certificates used in the attacks was issued to Foxconn, the Chinese company that manufactures products for Apple, BlackBerry, Dell, and many other companies. Researchers at Kaspersky Lab, who discovered... --------------------------------------------- http://threatpost.com/duqu-2-0-attackers-used-stolen-foxconn-certificate-to… *** Massive route leak causes Internet slowdown *** --------------------------------------------- Earlier today a massive route leak initiated by Telekom Malaysia (AS4788) caused significant network problems for the global routing system. Primarily affected was Level3 (AS3549 - formerly known as Global Crossing) and their customers. Below are some of the details as we know them now. --------------------------------------------- https://www.bgpmon.net/massive-route-leak-cause-internet-slowdown/ *** Cisco issues 16 patches to pop pesky peccant packets *** --------------------------------------------- Remote code execution for some, denial of service for the rest of us Cisco has issued a string of patches for 16 faults including a fix for a possible remote code execution in its IOS and IOS XE routing software. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/06/15/cisco_ipv6_… *** Vulnerabilities in Cisco Products *** --------------------------------------------- *** Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39339 *** Cisco IOS Software TCL Script Interpreter Privilege Escalation Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39343 *** Cisco Virtualization Experience Client 6215 Devices Command Injection Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39347 *** Novell ZENworks Mobile Management Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1032576 *** Novell Messenger 3.0 Support Pack 1 *** --------------------------------------------- Abstract: Novell Messenger 3.0 Support Pack 1 has been released. Please be aware that there are security fixes to Messengers server and client components (see the change log below and the Readme documentation on the web). It is recommended that they are updated on an expedited basis.Document ID: 5212230Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:consoleone1.3.6h_windows.zip (46.82 MB)nm301_full_linux_multi.tar.gz (269.54 MB)nm301_client_mac_multi.zip (40.62... --------------------------------------------- https://download.novell.com/Download?buildid=o8Y11QiTuc4~ *** DSA-3285 qemu-kvm - security update *** --------------------------------------------- Several vulnerabilities were discovered in qemu-kvm, a fullvirtualization solution on x86 hardware. --------------------------------------------- https://www.debian.org/security/2015/dsa-3285 *** DSA-3284 qemu - security update *** --------------------------------------------- Several vulnerabilities were discovered in qemu, a fast processoremulator. --------------------------------------------- https://www.debian.org/security/2015/dsa-3284 *** DSA-3288 libav - security update *** --------------------------------------------- Several security issues have been corrected in multiple demuxers anddecoders of the libav multimedia library. A full list of the changes isavailable at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4 --------------------------------------------- https://www.debian.org/security/2015/dsa-3288 *** DSA-3287 openssl - security update *** --------------------------------------------- Multiple vulnerabilities were discovered in OpenSSL, a Secure SocketsLayer toolkit. --------------------------------------------- https://www.debian.org/security/2015/dsa-3287 *** DSA-3286 xen - security update *** --------------------------------------------- Multiple security issues have been found in the Xen virtualisationsolution: --------------------------------------------- https://www.debian.org/security/2015/dsa-3286 *** Vulnerabilities in multiple third party TYPO3 CMS extensions *** --------------------------------------------- *** SQL Injection vulnerability in extension FAQ - Frequently Asked Questions (js_faq) *** http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-… *** SQL Injection vulnerability in extension Developer Log (devlog) *** http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-… *** SQL Injection vulnerability in extension Smoelenboek (ncgov_smoelenboek) *** http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-… *** SQL Injection vulnerability in extension Store Locator (locator) *** http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-… *** SQL Injection vulnerability in extension wt_directory (wt_directory) *** http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-… *** Arbitrary Code Execution in extension Frontend User Upload (feupload) *** http://www.typo3.org/news/article/arbitrary-code-execution-in-extension-fro… *** Cross-Site Scripting in extension BE User Log (beko_beuserlog) *** http://www.typo3.org/news/article/cross-site-scripting-in-extension-be-user… *** Arbitrary Code Execution in extension Job Fair (jobfair) *** http://www.typo3.org/news/article/arbitrary-code-execution-in-extension-job… *** Security Advisory - Web UI Authentication Vulnerability in Huawei E5756S *** --------------------------------------------- Jun 15, 2015 18:00 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Filezilla 3.11.0.2 sftp module denial of service vulnerability *** --------------------------------------------- Topic: Filezilla 3.11.0.2 sftp module denial of service vulnerability Risk: Medium Text: # Exploit title: filezilla 3.11.0.2 sftp module denial of service vulnerability # Date: 5-6-2015 # Vendor homepage: http... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015060077 *** putty v0.64 denial of service vulnerability *** --------------------------------------------- Topic: putty v0.64 denial of service vulnerability Risk: Medium Text: # Exploit title: putty v0.64 denial of service vulnerability # Date: 5-6-2015 # Vendor homepage: http://www.chiark.green... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015060076 *** E-Detective Lawful Interception System multiple security vulnerabilities *** --------------------------------------------- Topic: E-Detective Lawful Interception System multiple security vulnerabilities Risk: Medium Text:Advisory: E-Detective Lawful Interception System multiple security vulnerabilities Date: 14/06/2015 CVE: ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015060075

1 0

Tageszusammenfassung - Freitag 12-06-2015
by Daily end-of-shift report 12 Jun '15

12 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 11-06-2015 18:00 − Freitag 12-06-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Gamarue dropping Lethic bot *** --------------------------------------------- The Gamarue (aka Andromeda) botnet is a highly modular botnet family that allows attackers to take complete control of an infected system and perform a range of malicious activity by downloading additional payloads. In this blog, we will cover a recent Gamarue .. --------------------------------------------- http://research.zscaler.com/2015/06/gamarue-dropping-lethic-bot.html *** Popcash Malvertising Leads to CryptoWall *** --------------------------------------------- End users face the harsh reality of malvertising with CryptoWall ransomware dropped on their systems. --------------------------------------------- https://blog.malwarebytes.org/malvertising-2/2015/06/popcash-malvertising-l… *** RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability *** --------------------------------------------- This advisory provides publicly disclosed vulnerabilities and mitigation measures for the RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-162-01 *** Microsoft flags Ask toolbar as unwanted and dangerous *** --------------------------------------------- >From this month on, all versions of Ask.coms infamous browser toolbar except the very last will be detected as unwanted .. --------------------------------------------- http://www.net-security.org/secworld.php?id=18506 *** The June 2015 issue of our SWITCH Security Report is available! *** --------------------------------------------- Dear Reader! A new issue of our monthly SWITCH Security Report has just been released. The topics covered in this report are: What do tax authorities and contact sites have in .. --------------------------------------------- http://securityblog.switch.ch/2015/06/12/the-june-2015-issue-of-our-switch-… *** Integrating PaX into Android *** --------------------------------------------- The PaX project provides many exploit mitigation features to harden the Linux kernel far beyond the baseline security features provided by upstream. Android is close enough to a normal Linux distribution for it to work quite well out-of-the-box .. --------------------------------------------- https://copperhead.co/2015/06/11/android-pax *** Phisher setzen auf Geo-Blocking *** --------------------------------------------- Damit Phishing-Seiten länger überleben, lassen sich manche von ihnen nur aus dem Land abrufen, auf das es die Cyber-Ganoven abgesehen haben. Phishing-Filterdienste bleiben deshalb außen vor und schöpfen keinen Verdacht. --------------------------------------------- http://www.heise.de/security/meldung/Phisher-setzen-auf-Geo-Blocking-268948… *** Dyre Configuration Dumper *** --------------------------------------------- It�s been over a year since Dyre first appeared, and with a rise of infections in 2015, it doesn�t look like the attackers are stopping anytime soon. At PhishMe we�ve been .. --------------------------------------------- http://phishme.com/dyre-configuration-dumper/ *** OpenSSL-Update verursacht ABI-Probleme *** --------------------------------------------- OpenSSL veröffentlicht Updates für kleinere Sicherheitslücken - dabei ist den Entwicklern ein Fehler unterlaufen: Durch eine veränderte Datenstruktur ändert sich die Binärschnittstelle der Bibliothek, was zu Fehlfunktionen führen kann. --------------------------------------------- http://www.golem.de/news/sicherheitsluecken-openssl-update-verursacht-abi-p… *** How Heartbleed couldve been found *** --------------------------------------------- tl;dr With a reasonably simple fuzzing setup I was able to rediscover the Heartbleed bug. This uses state-of-the-art fuzzing and memory protection technology (american fuzzy lop and Address Sanitizer), but it doesnt require any prior knowledge about .. --------------------------------------------- https://blog.hboeck.de/archives/868-How-Heartbleed-couldve-been-found.html

1 0

Tageszusammenfassung - Donnerstag 11-06-2015
by Daily end-of-shift report 11 Jun '15

11 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 10-06-2015 18:00 − Donnerstag 11-06-2015 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Increase in CryptoWall 3.0 from malicious spam and Angler exploit kit, (Thu, Jun 11th) *** --------------------------------------------- Introduction Since Monday2015-05-25(a bitmore than 2 weeks ago), weve seen a significantamount of CryptoWall 3.0 ransomware from">) and theAngler exploit kit (EK). A malspam campaign pushing CryptoWall 3.0 started as early as Monday 2015-05-25, but it hasincreased significantly since Monday 2015-06-08. The CryptoWall3.0push from Angler EK appears to have started around the same time. Both campaigns (malspam and Angler EK) were active as recently as Wednesday 2015-06-10. The timing of... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19785&rss *** Factsheet: Software has an expiry date *** --------------------------------------------- Software vendors regularly make announcements that certain versions of software will no longer be supported after a particular date. Such dates are known as End-of-Life. After the End-of-Life, software is no longer supported and can therefore not be considered to be secure. The NCSC advises to update systems after the announcement as soon as possible. --------------------------------------------- https://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/fac… *** Cyberangriff: Bundestag benötigt komplett neues Computer-Netzwerk *** --------------------------------------------- Das Computer-Netzwerk im Bundestag ist hinüber. Der Cyberangriff auf den deutschen Bundestag hat weitreichendere Folgen als bisher angenommen. Das Parlament muss ein völlig neues Computer-Netzwerk errichten. --------------------------------------------- http://www.golem.de/news/cyberangriff-bundestag-benoetigt-komplett-neues-co… *** Bundestag: "Von einem Totalschaden kann keine Rede sein" *** --------------------------------------------- Nur 15 Rechner sollen von dem Hacker-Angriff auf den Bundestag betroffen sein. Das berichtet der Unionsabgeordnete Thomas Jarzombek und beruft sich auf das BSI. --------------------------------------------- http://www.golem.de/news/bundestag-von-einem-totalschaden-kann-keine-rede-s… *** MSRT June 2015: BrobanDel *** --------------------------------------------- Providing further protections for our customers, this month we added three new malware families and two variants to the Microsoft Malicious Software Removal Tool (MSRT): Win32/Bagopos Win32/BrobanDel Win32/Gatak PWS:Win32/OnLineGames.AH PWS:Win32/OnLineGames.MV Gatak is a family of information-stealing malware that collects sensitive information and sends it to a remote attacker, if a system is compromised. Bagopos is another information-stealing malware family that targets credit card... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/06/09/msrt-june-2015-brobandel… *** Windows 10 to offer application developers new malware defenses *** --------------------------------------------- Application developers can now actively participate in malware defense - in a new way to help protect customers from dynamic script-based malware and non-traditional avenues of cyberattack. Microsoft is making that possible through the Antimalware Scan Interface (AMSI) - a generic interface standard that allows applications and services to integrate with any antimalware product present on a machine. AMSI is currently available through the Windows 10 Technical Preview, and will be fully... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/06/09/windows-10-to-offer-appl… *** Advances in Scripting Security and Protection in Windows 10 and PowerShell V5 *** --------------------------------------------- In the last several releases of Windows, we've been working hard to make the platform much more powerful for administrators, developers, and power users alike. PowerShell is an incredibly useful and powerful language for managing Windows domains. Unfortunately, attackers can take advantage of these same properties when performing "post-exploitation" activities (actions that are performed after a system has been compromised). The PowerShell team, recognizing this behavior, have --------------------------------------------- http://blogs.technet.com/b/srd/archive/2015/06/10/advances-in-scripting-sec… *** CSDanube *** --------------------------------------------- CERT.at ist keine isolierte Einrichtung, im Gegenteil: Wir kooperieren in diversen Kreisen mit anderen Institutionen und Firmen. Das reicht von unserer Einbettung in die Umsetzung der ÖSCS, lokalen Partnern in der Industrie und Forschung bis hin zur globalen Vernetzung der CERTs. In diesem Kontext nehmen wir an einem Projekt teil, dass im Rahmen des START Programms der Danube Region Strategy gefördert wird: Es geht bei diesem Projekt darum, dass die CERTs der Region... --------------------------------------------- http://www.cert.at/services/blog/20150611115640-1547.html *** Security Advisory: Object Injection Vulnerability in WooCommerce *** --------------------------------------------- Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Object Injection Patched Version: 2.3.11 During a routine audit for our WAF, we discovered a dangerous Object Injection vulnerability which could, in certain contexts, be used by an attacker to download any file on the vulnerable server. Are you at risk? The vulnerability is only... --------------------------------------------- https://blog.sucuri.net/2015/06/security-advisory-object-injection-vulnerab… *** Hospira Plum A+ and Symbiq Infusion Systems Vulnerabilities *** --------------------------------------------- This advisory provides publicly disclosed vulnerabilities and compensating measures for the Hospira Plum A+ and Symbiq Infusion System that are similar to vulnerabilities identified in the Hospira LifeCare PCA Infusion System discussed in the updated advisory ICSA-15-125-01B Hospira LifeCare PCA Infusion System Vulnerabilities. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01 *** HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. --------------------------------------------- https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04686230 *** Cisco IOS XR telnetd Packet Processing Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39293 *** Cisco Nexus and Cisco Multilayer Director Switches MOTD Telnet Login Reset Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39280 *** Cisco Identity Services Engine Improper Web Page Controls Privilege Escalation Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39299

1 0

Tageszusammenfassung - Mittwoch 10-06-2015
by Daily end-of-shift report 10 Jun '15

10 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 09-06-2015 18:00 − Mittwoch 10-06-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39256 http://tools.cisco.com/security/center/viewAlert.x?alertId=39257 http://tools.cisco.com/security/center/viewAlert.x?alertId=39240 *** MS15-JUN - Microsoft Security Bulletin Summary for June 2015 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS15-JUN *** VMSA-2015-0004 *** --------------------------------------------- VMware Workstation, Fusion and Horizon View Client updates address critical security issues .. --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0004.html *** Vawtrak Uses Tor2Web making hard to track down its servers *** --------------------------------------------- Security experts at Fortinet uncovered a new strain of the Vawtrak banking Trojan is implementing an obscuring mechanism based on the Tor2Web service. The authors of the banking Trojan Vawtrak are adopting a new tactic to hide the .. --------------------------------------------- http://securityaffairs.co/wordpress/37682/malware/vawtrak-uses-tor2web.html *** iOS und OS X: Apple könnte HTTPS für Apps erzwingen *** --------------------------------------------- Entwickler von Apps für iOS und OS X sollten "so schnell wie möglich" auf sichere Verbindungen per HTTPS wechseln, empfiehlt Apple. Das Unternehmen könnte die Verschlüsselung gar für die Aufnahme im App Store erzwingen. --------------------------------------------- http://www.golem.de/news/ios-und-os-x-apple-koennte-https-fuer-apps-erzwing… *** Schlag gegen internationale Bande von Cyber-Kriminellen in Europa *** --------------------------------------------- http://derstandard.at/2000017259662 *** N-Tron 702W Hard-Coded SSH and HTTPS Encryption Keys *** --------------------------------------------- This advisory provides mitigation details for hard-coded SSH and HTTPS encryption keys in the N-Tron 702-W Industrial Wireless Access Point device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-160-01 *** Sinapsi eSolar Light Plaintext Passwords Vulnerability *** --------------------------------------------- This advisory provides mitigation details for plain text passwords in the Sinapsi eSolar Light application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-160-02 *** Adobe, Microsoft Issue Critical Security Fixes *** --------------------------------------------- Adobe today released software updates to plug at least 13 security holes in its Flash Player software. Separately, Microsoft pushed out fixes for at least three dozen flaws .. --------------------------------------------- http://krebsonsecurity.com/2015/06/adobe-microsoft-issue-critical-security-… *** The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns *** --------------------------------------------- Kaspersky Lab uncovers Duqu 2.0 � a highly sophisticated malware platform exploiting up to three zero-day vulnerabilities. --------------------------------------------- http://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophist… *** Duqu 2.0 *** --------------------------------------------- In our full report, available at http://www.crysys.hu/duqu2/duqu2.pdf, we point out numerous similarities that we discovered between Duqu and Duqu 2.0, .. --------------------------------------------- http://blog.crysys.hu/2015/06/duqu-2-0/ *** Microsoft pusht HTTPS beim Internet Explorer und Edge-Webbrowser *** --------------------------------------------- Ab sofort sollen der Internet Explorer und Webbrowser von Windows 10 Edge das verschlüsselte Surfen über HTTPS vorantreiben. Dafür hat Microsoft jetzt Updates verteilt, die HSTS einführen. --------------------------------------------- http://heise.de/-2687051 *** Xen Security Advisory CVE-2015-3209 / XSA-135 *** --------------------------------------------- The QEMU security team has predisclosed the following advisory: pcnet_transmit loads a transmit-frame descriptor from the guest into the /tmd/ local variable to recover a length field, a status field and a guest-physical location of the associated .. --------------------------------------------- http://www.openwall.com/lists/oss-security/2015/06/10/3 *** Russische Hacker sollen hinter Cyber-Angriff auf TV-Sender stecken *** --------------------------------------------- Nicht – wie bisher angenommen – der Islamistischer Staat (IS), sondern russische Profi-Hacker sollen im April den Sendebetrieb von TV5 lahm gelegt haben. Die platzierte IS-Propaganda sei möglicherweise nur ein Täuschungsmanöver gewesen. --------------------------------------------- http://heise.de/-2687434

1 0

Tageszusammenfassung - Dienstag 9-06-2015
by Daily end-of-shift report 09 Jun '15

09 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 08-06-2015 18:00 − Dienstag 09-06-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Bug Bounties in Crosshairs of Proposed US Wassenaar Rules *** --------------------------------------------- Bug bounties and rewards programs provide researchers with a measure of income, and if the proposed Wassenaar rules are implemented in the U.S., that initiatives could be adversely impacted. --------------------------------------------- http://threatpost.com/bug-bounties-in-crosshairs-of-proposed-us-wassenaar-r… *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39210 http://tools.cisco.com/security/center/viewAlert.x?alertId=38883 http://tools.cisco.com/security/center/viewAlert.x?alertId=39233 http://tools.cisco.com/security/center/viewAlert.x?alertId=39192 *** Fast look at Sundown EK *** --------------------------------------------- Disclaimer : There is nothing worth a post there...except mentionning this EK is around. I would put that "kit" in the same .. --------------------------------------------- http://malware.dontneedcoffee.com/2015/06/fast-look-at-sundown-ek.html *** New Episode of Punkey PoS Malware Airs *** --------------------------------------------- Reruns from the 1980s are all the rage these days, and like the sitcom its based on, weve encountered a second run from the Punkey Point of Sale malware as part of an .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/New-Episode-of-Punkey-P… *** Website der US-Armee wegen Hackerangriffs vorübergehend stillgelegt *** --------------------------------------------- Wegen eines Hackerangriffs hat die US-Armee ihre Website vorübergehend stillgelegt. Nach der Entdeckung der Cyberattacke seien "geeignete Vorsichtsmaßnahmen" ergriffen .. --------------------------------------------- http://derstandard.at/2000017173834 *** Pin und Aktivierungssperre: Apple erhöht Sicherheit von iOS und der Apple Watch *** --------------------------------------------- Apple führt bei iOS 9 längere Pin-Codes ein, mit denen die mobilen Geräte vor unbefugtem Zugriff geschützt werden. Wer TouchID verwendet, muss ein sechsstelliges Kennwort eingeben und die Apple Watch erhält die geforderte Aktivierungssperre. --------------------------------------------- http://www.golem.de/news/pin-und-aktivierungssperre-apple-erhoeht-sicherhei… *** Amazon will SSL-Zertifizierungstelle werden *** --------------------------------------------- Amazons SSL-Zertifizierungstelle soll Server- und EV-Zertifikate ausstellen und sich dabei nicht auf Amazon-Kunden beschränken. --------------------------------------------- http://heise.de/-2683851 *** iOS: Schwachstelle in Apple Mail ermöglicht offenbar raffiniertes iCoud-Phishing *** --------------------------------------------- Ein Angreifer kann die Lücke nach Angabe eines Entwicklers dazu nutzen, den iCloud-Anmeldedialog zu imitieren, der öfters in iOS erscheint. Apple ist angeblich seit Monaten über das Problem informiert. --------------------------------------------- http://heise.de/-2684896 *** Security updates available for Adobe Flash Player (APSB15-11) *** --------------------------------------------- A Security Bulletin (APSB15-11) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1200 *** Asus schützt seine Router vor Exploit-Kit *** --------------------------------------------- Nachdem kürzlich ein Exploit-Kit aufgetaucht ist, dass über 50 Router-Modelle verschiedener Hersteller angreifen kann, hat Asus nun Firmware-Updates für 16 Router herausgebracht. --------------------------------------------- http://heise.de/-2684612 *** SweetCAPTCHA Service used to Distribute Adware *** --------------------------------------------- SweetCaptcha is free CAPTCHA service that offers to match sweet-looking images instead of making you recognize distorted digits and characters. It has integration with many website .. --------------------------------------------- https://blog.sucuri.net/2015/06/sweetcaptcha-service-used-to-distribute-adw…

1 0

Tageszusammenfassung - Montag 8-06-2015
by Daily end-of-shift report 08 Jun '15

08 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-06-2015 18:00 − Montag 08-06-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** �UnfriendAlert� wants your Facebook Credentials *** --------------------------------------------- For our first "PUP Friday" post, we talked about UnfriendAlert, a program that purports to notify users .. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/06/unfriendalert-wants-y… *** Changes in Oracle Database 12c password hashes *** --------------------------------------------- Oracle has made improvements to user password hashes within Oracle Database 12c. By using a PBKDF2-based SHA512 hashing algorithm, instead of simple SHA1 hash, password .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Changes-in-Oracle-Database-1… *** [Honeypot Alert] Fritz!Box � Remote Command Execution Exploit Attempt *** --------------------------------------------- Our web honeypots picked up some exploit attempts for a remote command execution vulnerability in FRITZ!Box, a series of routers produced by AVM. This exploit targets router .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/-Honeypot-Alert--Fritz!Box-%… *** Checking for BACNet devices inside corporate networks *** --------------------------------------------- Building automation Networks are very common today for intelligent buildings. They interconnect several type of devices like escalators, elevators, power circuits, heating, ventilating and air conditioning (HVAC) to the main control .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19771 *** Insider vs. Outsider Threats: Identify and Prevent *** --------------------------------------------- In my last article, we discussed on a step-by-step approach on APT attacks. The origin of any kind of cyber-attack is through an external or an internal source. Multiple sophisticated insider attacks resulted in the exfiltration of .. --------------------------------------------- http://resources.infosecinstitute.com/insider-vs-outsider-threats-identify-… *** Antiquated environment and bad security practices aided OPM hackers *** --------------------------------------------- By now, youve all heard about the massive breach at the US Office of Personnel Managements (OPM), and that the attackers have accessed (and likely made off with) personal information .. --------------------------------------------- http://www.net-security.org/secworld.php?id=18484 *** Plex verschl�sselt Verbindung zur eigenen Medienzentrale *** --------------------------------------------- Den bisher größte Einsatz von Sicherheitszertifikaten heftet sich die Medienzentrale Plex auf die eigenen Fahnen. In einer Kooperation mit DigiCert bekommen sämtliche Nutzer der Software ein kostenloses SSL/TLS-Zertifikat für ihren Server ausgestellt. --------------------------------------------- http://derstandard.at/2000017144835 *** DSA-3281 - Debian Security Team PGP/GPG key change notice *** --------------------------------------------- This is a notice that the Debian Security Team has changed its PGP/GPGcontact key because of a periodic regular key rollover. --------------------------------------------- https://www.debian.org/security/2015/dsa-3281 *** Matryoshka dolls: analysing a packer for CTB locker *** --------------------------------------------- We recently encountered a phishing campaign distributing CTB locker. Victims were sent an e-mail that appeared to be from a Dutch webshop, with the e-mail describing a Fifa15 order for Playstation 3. While no one uses PS3 anymore , there were users who .. --------------------------------------------- https://www.dearbytes.com/en/nieuws/matroesjka-poppen-ctb-locker/ *** Raub im Zug: Datendiebstahl - ganz analog *** --------------------------------------------- Banden stehlen Handys und Laptops von Managern, um die Besitzer oder deren Firmen mit den erbeuteten Daten zu erpressen. --------------------------------------------- http://www.golem.de/news/raub-im-zug-datendiebstahl-ganz-analog-1506-114530… *** Malware zapft Kreditkartendaten von Oracle-Kassensystemen ab *** --------------------------------------------- Ein weiterer Schädling nistet sich in Point-of-Sales-Terminals ein und kopiert die Daten ahnungsloser Kreditkarten-Nutzer. MalaumPOS hat es auf ein weit verbreitetes Kassensystem von Oracle abgesehen. --------------------------------------------- http://heise.de/-2680638 *** Bugtraq: strongswan security update *** --------------------------------------------- Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links. When an IKEv2 client authenticates the server with certificates and the client authenticates itself to the server using pre-shared key or EAP, the constraints on the .. --------------------------------------------- http://www.securityfocus.com/archive/1/535708 *** Zeus Isn�t Dead, New Version Evades All Antivirus Detection Tools *** --------------------------------------------- The venerable Zeus banking Trojan has been killed off many times; disappearing from the global Internet time and time again only to reappear with new modifications designed .. --------------------------------------------- http://www.pcrisk.com/internet-threat-news/9068-zeus-evades-all-antivirus-d… *** Many Drug Pumps Open to Variety of Security Flaws *** --------------------------------------------- In April, a security researcher disclosed a litany of severe vulnerabilities in the PCA3 drug-infusion pump manufactured by a company named Hospira. He went so far as to .. --------------------------------------------- http://threatpost.com/many-drug-pumps-open-to-variety-of-security-flaws/113…

1 0

Tageszusammenfassung - Freitag 5-06-2015
by Daily end-of-shift report 05 Jun '15

05 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-06-2015 18:00 − Freitag 05-06-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Zero-Day Disclosed in Unity Web Player *** --------------------------------------------- A zero-day vulnerability has been disclosed in the popular Unity Web Player browser plugin. The flaw allows an attacker crossdomain access to websites and services using the victims credentials. --------------------------------------------- http://threatpost.com/zero-day-disclosed-in-unity-web-player/113124 *** PCI Council releases PA-DSS 3.1, nixes SSL, early TLS *** --------------------------------------------- The PCI Security Standards Council revisions to PA-DSS addresses SSL vulnerabilities. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/Ybnmzlufdo4/ *** Embedded: Geldautomaten sollen von XP auf Windows 10 updaten *** --------------------------------------------- Die Branchenorganisation ATM Industry Association ruft die Hersteller dazu auf, bei Geldautomaten Windows 8 und 8.1. zu überspringen. Auf Windows XP ausruhen sollen sie sich nicht. --------------------------------------------- http://www.golem.de/news/embedded-geldautomaten-sollen-von-xp-auf-windows-1… *** ICS Amsterdam 2015 *** --------------------------------------------- SANS ICS Amsterdam 2015 hosts five dedicated training courses for those tasked with securing Industrial Control Systems as well as a two day ICS Security Summit. This specialist training event takes place at the Radisson Blue Amsterdam, from September 22nd - 28th. --------------------------------------------- https://www.sans.org/event/ics-amsterdam-2015 *** Critical vulnerabilities in JSON Web Token libraries *** --------------------------------------------- Great. So, what's wrong with that? ... Meet the "none" algorithm. --------------------------------------------- http://ab0files.com/critical-vulnerabilities-in-json-web-token-libraries *** Achtung: Offene Intranets verraten zu viel *** --------------------------------------------- Viele Organisationen haben ein eigenes Intranet. Manche stellen versehentlich vertrauliche Dokumente online, die über Google auffindbar sind. Wir haben uns per Google Beispiele herausgepickt. --------------------------------------------- http://heise.de/-2680058 *** Asprox / Kuluoz Botnet Analysis *** --------------------------------------------- Introduction Kuluoz, aka Asprox, is a spam botnet that emerged in 2007. It has been known for sending mass of phishing emails used in conjunction with social engineering lures (e.g. booking confirmations, postal-themed spam, etc.) This article presents a view on the malware and its capabilities, how it communicates with the CnC, encryption schemes used,... --------------------------------------------- http://resources.infosecinstitute.com/asprox-kuluoz-botnet-analysis/ *** WLAN-Trick soll Apple-Pay-Nutzern Kreditkartendaten entlocken *** --------------------------------------------- Angreifer können die automatische WLAN-Verbindungsaufnahme von iOS dazu nutzen, um mit einem manipulierten Apple-Pay-Dialog auf Kreditkartenfang zu gehen, warnt eine Sicherheitsfirma. --------------------------------------------- http://heise.de/-2680369 *** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us *** McAfee ePolicy Orchestrator SSL/TLS spoofing *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/103610 *** Vulnerabilities in Cisco Products *** --------------------------------------------- *** Cisco FireSIGHT Management Center XSS and HTML Injection Vulnerabilities *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39171 *** Cisco ONS 15454 System Software Denial of Service Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39172 *** Cisco Edge 340 Privilege Escalation Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39187 *** Cisco TelePresence SX20 HTTP Response Splitting Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39210 *** XZERES 442SR Wind Turbine CSRF Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a cross-site request forgery vulnerability in XZERES's 442SR turbine generator operating system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-155-01 *** Bugtraq: CA20150604-01: Security Notice for CA Common Services *** --------------------------------------------- http://www.securityfocus.com/archive/1/535684

1 0

Tageszusammenfassung - Mittwoch 3-06-2015
by Daily end-of-shift report 03 Jun '15

03 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-06-2015 18:00 − Mittwoch 03-06-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Your Website Hacked but No Signs of Infection *** --------------------------------------------- Imagine for a moment, you have a suspicion that you have somehow been hacked. You see that something is off, but you feel as if you are missing something. This is the emotionally draining world that many live in, with a paranoia and concern that grips you once you see and recognize that something is not right. --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/0D6hUcbKq34/your-website-hack… *** Holy SSH-it! Microsoft promises secure logins for Windows PowerShell *** --------------------------------------------- Now that the door has hit Ballmer on the way out, OpenSSH support is go Microsoft has finally decided to add support for SSH to PowerShell, allowing people to log into Windows systems and use software remotely over an encrypted connection. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/06/02/openssh_win… *** Bug des Tages: Skype hat eine "SMS des Todes" *** --------------------------------------------- Sending the characters "http://:" (without the quotes) crashes Skype, and receiving a message with those characters makes it crash any time you try to sign in again. --------------------------------------------- http://blog.fefe.de/?ts=ab900965 *** Good Patch Management Is Crucial to Cybersecurity in ICS *** --------------------------------------------- A good cybersecurity strategy for industrial control systems (ICS) must include both a systematic approach to patch management and compensating cybersecurity controls for when patching is not an option. Patch management resolves bugs, operability, reliability,... --------------------------------------------- http://feedproxy.google.com/~r/PaloAltoNetworks/~3/tK1mqdG1qkA/ *** IoT Devices Hosted On Vulnerable Clouds In Bad Neighborhoods *** --------------------------------------------- OpenDNS report finds that organizations may be more susceptible to Internet of Things devices than they realize. --------------------------------------------- http://www.darkreading.com/cloud/iot-devices-hosted-on-vulnerable-clouds-in… *** Mass break-in: researchers catch 22 more routers for the SOHOpeless list *** --------------------------------------------- A business model ripe for the bin Yet another disclosure tips 22 SOHO routers in the security bin, with everything from privilege escalation and authentication bypass to hard-coded credential backdoors. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/06/03/mass_breaki… *** Piwik: Unberechtigte können Webseiten-Statistiken abrufen *** --------------------------------------------- Installationen der Google-Analytics-Alternative Piwik sind häufig nicht korrekt konfiguriert und Dritte können ohne viel Aufwand Abrufstatistiken einsehen und sogar herunterladen. --------------------------------------------- http://heise.de/-2678572 *** SSH: Sechs Jahre alter Bug bedroht Github-Repositories *** --------------------------------------------- Ein Debian-Bug aus dem Jahr 2008 hinterlässt immer noch Spuren. Eine Analyse der öffentlichen SSH-Schlüssel bei Github zeigt: Mittels angreifbarer Schlüssel hätten Angreifer die Repositories von Projekten wie Python und Firmen wie Spotify oder Yandex manipulieren können. --------------------------------------------- http://www.golem.de/news/ssh-sechs-jahre-alter-bug-bedroht-github-repositor… *** Emergency Security Band-Aids with Systemtap *** --------------------------------------------- Software security vulnerabilities are a fact of life. So is the subsequent publicity, package updates, and suffering service restarts. Administrators are used to it, and users bear it, and it's a default and traditional method. On the other hand, in... --------------------------------------------- https://securityblog.redhat.com/2015/06/03/emergency-security-band-aids-wit… *** Krypto-Trojaner überlegt es sich anders und entschlüsselt alles wieder *** --------------------------------------------- Der Erpressungs-Trojaner Locker ist erst seit wenigen Tagen im Umlauf. Und schon ist seine Karriere wieder vorbei: Er hat vergangenen Dienstag den Befehl erhalten, alle verschlüsselten Dateien wiederherzustellen. --------------------------------------------- http://heise.de/-2678669 *** Hackers Scan All Tor Hidden Services To Find Weaknesses In The Dark Web *** --------------------------------------------- If you go down to the deep web today, you'll be following hot on the heels of a digital beast. In a matter of hours last week, the entire semi-anonymising Tor network, where activists and criminals alike try to hide from the gaze of their respective authorities, was traversed by PunkSPIDER, an automated scanner that pokes websites to uncover vulnerabilities. --------------------------------------------- http://www.forbes.com/sites/thomasbrewster/2015/06/01/dark-web-vulnerabilit… *** DSA-3277 wireshark - security update *** --------------------------------------------- Multiple vulnerabilities were discovered in the dissectors/parsers forLBMR, web sockets, WCP, X11, IEEE 802.11 and Android Logcat, which couldresult in denial of service. --------------------------------------------- https://www.debian.org/security/2015/dsa-3277 *** Vulnerabilities in Cisco Products *** --------------------------------------------- *** Cisco Unified MeetingPlace Microsoft Outlook Reflected Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39161 *** Cisco Unified MeetingPlace Session ID Information Disclosure Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39162 *** Cisco AnyConnect Secure Mobility Client Privilege Escalation Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39158 *** Cisco Adaptive Security Appliance XAUTH Bypass Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39157 *** Cisco Unified MeetingPlace Arbitrary File Download Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39163 *** Beckwith Electric TCP Initial Sequence Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a TCP initial sequence numbers vulnerability in multiple Beckwith Electric products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-153-01 *** Moxa SoftCMS Buffer Overflow Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a buffer overflow vulnerability in the Moxa SoftCMS software package. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-153-02 *** [HTB23258]: Local PHP File Inclusion in ResourceSpace *** --------------------------------------------- Product: ResourceSpace v7.1.6513Vulnerability Type: PHP File Inclusion [CWE-98]Risk level: High Creater: Montala LimitedAdvisory Publication: May 6, 2015 [without technical details]Public Disclosure: June 3, 2015 CVE Reference: CVE-2015-3648 CVSSv2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) Vulnerability Details: High-Tech Bridge Security Research Lab discovered vulnerability in ResourceSpace, which can be exploited to include arbitrary local PHP file, execute PHP code, and compromise --------------------------------------------- https://www.htbridge.com/advisory/HTB23258 *** USN-2626-1: Qt vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-2626-13rd June, 2015qt4-x11, qtbase-opensource-src vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryQt could be made to crash or run programs as your login if it opened aspecially crafted file.Software description qt4-x11 - Qt 4 libraries qtbase-opensource-src - Qt 5 libraries DetailsWolfgang Schenk discovered that Qt incorrectly handled certain malformedGIF... --------------------------------------------- http://www.ubuntu.com/usn/usn-2626-1/ Next End-of-Shift report on 2015-06-05

1 0

Tageszusammenfassung - Dienstag 2-06-2015
by Daily end-of-shift report 02 Jun '15

02 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 01-06-2015 18:00 − Dienstag 02-06-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Understanding Flash Exploitation and the Alleged CVE-2015-0359 Exploit *** --------------------------------------------- What follows is a detailed analysis of the root cause of a vulnerability we call CVE-2015-X, as well as a step-by-step explanation of how to trigger it. For more on Flash vulnerabilities, we also invite you... --------------------------------------------- http://feedproxy.google.com/~r/PaloAltoNetworks/~3/JsuXUOWrYYM/ *** DYRE Banking Malware Upsurges; Europe and North America Most Affected *** --------------------------------------------- Online banking users in Europe and North America are experiencing the upsurge of DYRE, a malware family notorious for the multiple ways it steals data and its ties to parcel mule scams, among others. There has been a 125% increase of DYRE-related infections worldwide this quarter compared to the last, proving that cybercriminal interest in... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/HyDW9pkWWws/ *** Malvertising infected millions of users in 2015 *** --------------------------------------------- New research from Malwarebytes has found that malvertising is one of the primary infection vectors used to reach millions of consumers this year. The analysis looked at the three large scale zero-... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/9go1s-jFKtc/malware_news.… *** Playing with IP Reputation with Dshield & OSSEC *** --------------------------------------------- [This blogpost has also been published as a guest diary on isc.sans.org] When investigating incidents or searching for malicious activity in your logs, IP reputation is a nice way to increase the reliability of generated alerts. It can help to prioritize incidents. Let's take an example with a WordPress blog. It will, sooner or later, be targeted by a brute-force attack on the default /wp-admin page. In... --------------------------------------------- http://blog.rootshell.be/2015/06/02/playing-with-ip-reputation-with-dshield… *** Bugtraq: WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/535663 *** Red Hat JBoss Fuse and A-MQ XML External Entity Processing Flaw Lets Remote Users Obtain Potentially Sensitive Files *** --------------------------------------------- http://www.securitytracker.com/id/1032442 *** Xen Security Advisories XSA-128, XSA-129, XSA-130, XSA-131 *** --------------------------------------------- Potential unintended writes to host MSI message data field via qemu, PCI MSI mask bits inadvertently exposed to guests, Guest triggerable qemu MSI-X pass-through error messages, Unmediated PCI register access in qemu --------------------------------------------- http://xenbits.xen.org/xsa/ *** USN-2625-1: Apache HTTP Server update *** --------------------------------------------- Ubuntu Security Notice USN-2625-12nd June, 2015apache2 updateA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTSSummarySeveral security improvements have been made to the Apache HTTP Server.Software description apache2 - Apache HTTP server DetailsAs a security improvement, this update makes the following changes tothe Apache package in Ubuntu 12.04 LTS:Added support for ECC keys and ECDH ciphers.The SSLProtocol configuration directive now allows specifying --------------------------------------------- http://www.ubuntu.com/usn/usn-2625-1/ *** USN-2624-1: OpenSSL update *** --------------------------------------------- Ubuntu Security Notice USN-2624-11st June, 2015openssl updateA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryThe export cipher suites have been disabled in OpenSSL.Software description openssl - Secure Socket Layer (SSL) cryptographic library and tools DetailsAs a security improvement, this update removes the export cipher suitesfrom the default cipher list to prevent their use in possible --------------------------------------------- http://www.ubuntu.com/usn/usn-2624-1/ *** Cisco Headend Digital Broadband Delivery System Cross-Site Request Forgery Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39133 *** HPSBGN03269 rev.2 - HP StoreAll OS, Remote Code Execution *** --------------------------------------------- A potential security vulnerability has been identified with HP StoreAll OS. This is the GNU C Library (glibc) vulnerability known as "GHOST" which could be exploited remotely resulting in execution of code. --------------------------------------------- https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04599438 *** PCRE Heap Overflow in Regex Processing Lets Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1032453

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily June 2015