Daily August 2015

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - Montag 31-08-2015
by Daily end-of-shift report 31 Aug '15

31 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 28-08-2015 18:00 − Montag 31-08-2015 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** OWASP veröffentlicht Handbuch zum Schutz gegen automatisierte Angriffe *** --------------------------------------------- Als Hilfe für das Absichern von Webanwendungen hat die Non-Profit-Organisation OWASP ein Handbuch für Entwickler herausgebracht, das bislang wenig beachtete Angriffe beschreibt. --------------------------------------------- http://heise.de/-2794167 *** Spionage-Trojaner Regin: Symantec entdeckt 49 weitere Module *** --------------------------------------------- Das Sicherheitsunternehmen Symantec hatte Ende des vergangenen Jahres die Ausspähungssoftware "Regin" entdeckt. Nun warten die Experten mit neuen Einzelheiten auf. --------------------------------------------- http://heise.de/-2794176 *** Linux Foundation releases PARANOID internal infosec guide *** --------------------------------------------- Workstation security tips for system administrators. Linux Foundation project director Konstantin Ryabitsev has publicly-released the penguinistas internal hardening requirements to help sysadmins and other paranoid tech bods and system administrators secure their workstations. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/08/31/harden_like… *** Detecting file changes on Microsoft systems with FCIV, (Mon, Aug 31st) *** --------------------------------------------- Microsoft releases often interesting tools to help system administrators and incident handlers to investigate suspicious activities on Windows systems. In 2012, they released a free tool called FCIV(File Checksum Integrity Verifier)(1). It is a stand alone executable which does not require any DLL or other resources. Just launch it from any location.Its goal is to browse a file system or some directories recursively and to generate MD5/SHA1 hashes of all the files found. The results are saved in a... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20091&rss *** Schwachstellen in Kontrollsoftware von Kraftwerken und Raffinerien *** --------------------------------------------- Siemens und Schneider Electric haben eine Reihe von Lücken in SCADA-Systemen geschlossen. Zum Teil kommt die betroffene Software auch in deutschen Kraftwerken zum Einsatz. --------------------------------------------- http://heise.de/-2794724 *** Security: Standardpasswörter bei Heimroutern entdeckt *** --------------------------------------------- Mindestens fünf Router diverser Hersteller haben leicht zu erratene Standardpasswörter für den administrativen Zugang. Mit ihnen lassen sich die Geräte aus der Ferne manipulieren. --------------------------------------------- http://www.golem.de/news/security-standardpasswoerter-bei-heimroutern-entde… *** Contributor Conference: Owncloud führt Programm für Bug-Bounties ein *** --------------------------------------------- Hacker können nun auch mit der Sicherheitsprüfung von Owncloud Geld verdienen. Die Prämien können sich allerdings noch nicht mit denen von großen Unternehmen wie Google oder Microsoft messen. --------------------------------------------- http://www.golem.de/news/contributor-conference-owncloud-fuehrt-programm-fu… *** Whos afraid of shadow IT? *** --------------------------------------------- One of the biggest disruptions in the IT world is the quantity and quality of SaaS tools. From email and storage, to phone systems and infrastructure, it has never been easier to use top of the range ... --------------------------------------------- http://www.net-security.org/article.php?id=2373 *** KeyRaider Malware Steals Certificates, Keys and Account Data From Jailbroken iPhones *** --------------------------------------------- Researchers have discovered a new strain of iOS malware dubbed KeyRaider that targets jailbroken devices and has the ability to steal certificates, private keys, and Apple account information. The malware already has claimed the private Apple account data of more than 225,000 victims. The KeyRaider malware was discovered by researchers at Palo Alto Networks, who... --------------------------------------------- http://threatpost.com/keyraider-malware-steals-certificates-keys-and-accoun… *** SSD Advisory - AppLock Multiple Vulnerabilities *** --------------------------------------------- The following report describes three ( 3 ) different vulnerabilities found in the AppLock, an Android application, with over 10 Millions of downloads, used to secure pictures, videos and application with a PIN code. --------------------------------------------- https://blogs.securiteam.com/index.php/archives/2558 *** DRDoS, UDP-Based protocols and BitTorrent *** --------------------------------------------- On July 1st, 2015, the security team at BitTorrent received a report [1] from Florian Adamsky about Distributed Reflective Denial of Service (DRDoS) vulnerabilities affecting several BitTorrent products making use of UDP-based [2] protocols. uTorrent, BitTorrent and BitTorrent Sync use the Micro Transport Protocol (µTP) [3] implementation in libuTP [4] as the preferred transport backend running on top of UDP. While these vulnerabilities have been described before in other alerts [5] in... --------------------------------------------- http://engineering.bittorrent.com/2015/08/27/drdos-udp-based-protocols-and-… *** Patch für Schwachstelle in Hewlett Packard lt4112 LTE/HSPA+ Gobi 4G Module (Remote Execution of Arbitrary Code) *** --------------------------------------------- Hewlett Packard hat ein Security Bulletin zu einer Sicherheitslücke im HP lt4112 LTE/HSPA+ Gobi 4G Module veröffentlicht. Die Schwachstelle erlaubt einem entfernten Angreifer das Ausführen beliebigen Codes. Ein Firmware-Update, welches das Problem behebt, ist verfügbar. CVE-Nummern: CVE-2015-5367, CVE-2015-5367 CVSS2 Base Score: 6.9... --------------------------------------------- http://www.cert.at/services/blog/20150831172201-1588.html *** TA15-240A: Controlling Outbound DNS Access *** --------------------------------------------- Original release date: August 28, 2015 Systems Affected Networked systems Overview US-CERT has observed an increase in Domain Name System (DNS) traffic from client systems within internal networks to publically hosted DNS servers. Direct client access to Internet DNS servers, rather than controlled access through enterprise DNS servers, can expose an organization to unnecessary security risks and system inefficiencies. This Alert provides recommendations for improving security related to... --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA15-240A *** NetIQ Access Manager 4.1 Support Pack 1 Hot Fix 1 4.1.1.1-9 *** --------------------------------------------- Abstract: NetIQ Access Manager 4.1 Support Pack 1 Hot Fix 1 build (version 4.1.1.1-9). This file contains updates for services contained in the NetIQ Access Manager 4.1 product and requires 4.1 SP1 to be installed as a minimum. NetIQ recommends that all customers running Access Manager 4.1 release code apply this patch. The purpose of the patch is to provide a bundle of fixes for security issues that have surfaced since NetIQ Access Manager 4.1 SP1 was released. These fixes include updates to... --------------------------------------------- https://download.novell.com/Download?buildid=ceIVdhBEV2o~ *** Edimax PS-1206MF Web Admin Auth Bypass *** --------------------------------------------- Topic: Edimax PS-1206MF Web Admin Auth Bypass Risk: High Text:# Title: Edimax PS-1206MF - Web Admin Auth Bypass # Date: 30.08.15 # Vendor: edimax.com # Firmware version: 4.8.25 # Author... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015080183 *** HPSBMU03416 rev.1 - HP Data Protector, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Data Protector. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04776510 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Potential Information Disclosure vulnerability could expose user personal data in WebSphere Commerce (CVE-2015-4980) *** http://www.ibm.com/support/docview.wss?uid=swg21965013 *** IBM Security Bulletin: Java CVE-2015-2590 *** http://www.ibm.com/support/docview.wss?uid=nas8N1020888 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Sterling Connect:Direct for HP NonStop (CVE-2015-1792, CVE-2015-1789, CVE-2015-1790) *** http://www.ibm.com/support/docview.wss?uid=swg21963603 *** IBM Security Bulletin: Apache Tomcat Vulnerability in Algo Audit and Compliance (CVE-2014-0230 ) *** http://www.ibm.com/support/docview.wss?uid=swg21963664 *** IBM Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2014-0230) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005258 *** IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation and Rational Requirements Composer with potential for Cross Site Scripting attack (CVE-2015-1917) *** http://www.ibm.com/support/docview.wss?uid=swg21713610 *** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Storwize V7000 Unified (CVE-2013-7423) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005316 *** Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Flex System Manger (FSM) (CVE-2013-2877, CVE-2014-0191, CVE-2014-3660) *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098592 *** Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) (Multiple CVEs) *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098591 *** WordPress Responsive Thumbnail Slider 1.0 Shell Upload *** --------------------------------------------- Topic: WordPress Responsive Thumbnail Slider 1.0 Shell Upload Risk: High Text:<!-- # Exploit Title: Wordpress Responsive Thumbnail Slider Arbitrary File Upload # Date: 2015/8/29 # Exploit Author: Arash ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015080170

1 0

Tageszusammenfassung - Freitag 28-08-2015
by Daily end-of-shift report 28 Aug '15

28 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-08-2015 18:00 − Freitag 28-08-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Security Update: Hotfix Available for ColdFusion (APSB15-21) *** --------------------------------------------- A Security Bulletin (APSB15-21) has been published regarding a hotfix for ColdFusion. This hotfix addresses an important vulnerability that could result in information disclosure. Adobe recommends users apply the hotfix using the instructions provided .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1262 *** DSA-3344 php5 - security update *** --------------------------------------------- https://www.debian.org/security/2015/dsa-3344 *** Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability *** --------------------------------------------- A vulnerability in the Cisco Identity Services Engine (ISE) guest portal could allow an unauthenticated, remote attacker to view a customized page on the guest portal. The vulnerability is due to lack of access control for the uploaded HTML files. An attacker could exploit this vulnerability .. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40691 *** BitTorrent kills bug that turns networks into a website-slaying weapon *** --------------------------------------------- Reflective technique would let attacker amplify traffic and flood targets BitTorrent has fixed a flaw in its technology that quietly turns file-sharing networks into weapons .. --------------------------------------------- www.theregister.co.uk/2015/08/28/bittorrent_blasts_bug/ *** Google makes it official: Chrome will freeze Flash ads on sight from Sept 1 *** --------------------------------------------- Browser to make most stuff click-to-play by default Google is making good on its promise to strangle Adobe Flashs ability to .. --------------------------------------------- www.theregister.co.uk/2015/08/28/google_says_flash_ads_out_september/ *** BSI warnt vor Risiko bei Intels Fernwartungstechnik AMT *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik rät dazu, die Konfiguration von Notebooks und Desktop-PCs mit Intels Active Management Technology zu prüfen: Bei manchen .. --------------------------------------------- http://heise.de/-2792791 *** Business Email Scams: A Growing Threat *** --------------------------------------------- Business Email Scams: is that email from the CEO asking for a wire transfer the real deal? Learn to spot .. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/08/business-email-scams-… *** Moxa SoftCMS Buffer Overflow Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for buffer overflow vulnerabilities in the Moxa SoftCMS software package. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01 *** Siemens SIMATIC S7-1200 CSRF Vulnerability *** --------------------------------------------- This advisory provides mitigation details for Cross-Site Request Forgery vulnerability in the SIMATIC S7 1200 CPUs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02 *** Innominate mGuard VPN Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a denial-of-service vulnerability in the Innominate mGuard device --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03 *** This PUP Alerts You of a Zombie Invasion *** --------------------------------------------- Apps are constantly created to address certain needs. The more helpful an app claims to be, especially in times of crisis, the more users would likely take interest in .. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/08/draft-this-pup-alerts… *** Fake EFF site serving espionage malware was likely active for 3+ weeks *** --------------------------------------------- A spear-phishing campaign some researchers say is linked to the Russian government masqueraded as the Electronic Frontier Foundation in an attempt to infect targets with malware .. --------------------------------------------- http://arstechnica.com/security/2015/08/fake-eff-site-serving-espionage-mal…

1 0

Tageszusammenfassung - Donnerstag 27-08-2015
by Daily end-of-shift report 27 Aug '15

27 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 26-08-2015 18:00 − Donnerstag 27-08-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Paper: Not a GAMe maKER *** --------------------------------------------- Raul Alvarez performs low-level analysis of information-stealing trojan.The Gamker information-stealing trojan (also known as Shiz) has been around for a few years. It made the news back in 2013 when it was found to target SAP .. --------------------------------------------- http://www.virusbtn.com/blog/2015/08_26.xml *** Patched Ins0mnia Vulnerability Keeps Malicious iOS Apps Hidden *** --------------------------------------------- Apple's monster security update of Aug. 13 included a patch for an iOS vulnerability that could beacon out location data and other personal information from a device, even if a .. --------------------------------------------- http://threatpost.com/patched-ins0mnia-vulnerability-keeps-malicious-ios-ap… *** Concerns new Tor weakness is being exploited prompt dark market shutdown *** --------------------------------------------- A dark market website that relies on the Tor privacy network to keep its operators anonymous is temporarily shutting down amid concerns attackers are exploiting a newly reported weakness .. --------------------------------------------- http://arstechnica.com/security/2015/08/concerns-new-tor-weakness-is-being-… *** Cisco ACE 4710 Application Control Engine CLI Privilege Escalation Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40666 *** PDF + maldoc1 = maldoc2 *** --------------------------------------------- I received another example of a PDF file that contains a malicious MS Office document. Sample (MD5 0c044fd59cc6ccc28a48937bc69cc0c4). This time I want to focus on the analysis of such a sample. First we run pdfid to identify the sample. It contains .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20079 *** Taking root *** --------------------------------------------- We analyzed the statistics we had collected from May to August 2015 and identified three main Trojan families that use root privileges on the device to achieve their goals. --------------------------------------------- http://securelist.com/blog/mobile/71981/taking-root/ *** Throwback Thursday: Safe Hex in the 21st Century *** --------------------------------------------- This Throwback Thursday, we turn the clock back to July 2000, when we were already being warned that virus scanners were no longer enough.How many times have we heard commentators claim that anti-virus is dead? After all, in the current .. --------------------------------------------- http://www.virusbtn.com/blog/2015/08_27.xml *** Phisher greifen iranische Aktivisten an, umgehen Googles Multifaktor-Anmeldung *** --------------------------------------------- Eine Serie von Phishing-Angriffen hat es anscheinend auf iranische Aktivisten und Dissidenten abgesehen. Auch eine hochrangige Mitarbeiterin der EFF wurde angegriffen. --------------------------------------------- http://heise.de/-2792580 *** Important Notice Regarding Public Availability of Stable Patches *** --------------------------------------------- Grsecurity has existed for over 14 years now. During this time it has been the premier solution for hardening Linux against security exploits and served as a role model for many mainstream commercial applications elsewhere. All modern OSes took our lead and implemented to varying degrees a number of security .. --------------------------------------------- https://grsecurity.net/announce.php *** Angler Exploit Kit Strikes on MSN.com via Malvertising Campaign *** --------------------------------------------- The same actors behind the recent Yahoo and Azure malvertising attacks went after MSN.com this time. --------------------------------------------- https://blog.malwarebytes.org/malvertising-2/2015/08/angler-exploit-kit-str…

1 0

Tageszusammenfassung - Mittwoch 26-08-2015
by Daily end-of-shift report 26 Aug '15

26 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 25-08-2015 18:00 − Mittwoch 26-08-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Windows 10^H^H Symbolic Link Mitigations *** --------------------------------------------- For the past couple of years I've been researching Windows elevation of privilege attacks. This might be escaping sandboxing or gaining system privileges. One of the techniques I've used multiple times is abusing the symbolic link facilities of the Windows operating system to redirect privileged code to create .. --------------------------------------------- http://googleprojectzero.blogspot.com/2015/08/windows-10hh-symbolic-link-mi… *** VB2015 preview: advanced persistent threats *** --------------------------------------------- There was a time when analyses of malware and viruses at the Virus Bulletin conference used the number of infections as a measure of the harm done. And while there are still many talks on what is now referred to as opportunistic malware, targeted .. --------------------------------------------- http://www.virusbtn.com/blog/2015/08_25.xml *** Dropbox Phishing via Compromised Wordpress Site, (Tue, Aug 25th) *** --------------------------------------------- I got a couple of emails today notifying me of a Compulsory Email Account Update for my Dropbox account. The e-mails do overall mimic the Dropbox look and feel, and use dropbox(a)smtp.com .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20073 *** Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40620 *** FunWebProducts UserAgent Bloating Traffic *** --------------------------------------------- Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites get hacked. Sometimes though, the answer is not clear and we can only gather clues to make .. --------------------------------------------- https://blog.sucuri.net/2015/08/funwebproducts-useragent-bloating-traffic.h… *** Actor that tried Neutrino exploit kit now back to Angler *** --------------------------------------------- Last week, we saw the group behind a significant amount of Angler exploit kit (EK) switch to Neutrino EK. We didnt know if the change was permanent, and I also noted that criminal groups using EKs have quickly changed tactics .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20075 *** l+f: https-fuer-Fortgeschrittene *** --------------------------------------------- Googles Chrome und die Open-Source-Basis Chromium laden eine Reihe von Web-Seiten immer via gesichertem HTTPS - darunter auch viele deutsche. --------------------------------------------- http://heise.de/-2790788 *** Endress+Hauser HART Device DTM Vulnerability *** --------------------------------------------- Alexander Bolshev and Svetlana Cherkasova of Digital Security have identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager (DTM) library used in Endress+Hauser HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which Endress+Hauser has begun to integrate. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-237-01 *** Dynamic DNS and You Part 2: Identifying the Threat *** --------------------------------------------- Greetings! You all really seemed to like my last post on Dynamic DNS, so Ive been invited to come back and talk more about it. In part 1 , we discussed the uses of Dynamic DNS, as well as the various providers of the service and how it all .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/dynamic-dns-and-you-pa… *** Netflix Is Dumping Anti-Virus, Presages Death Of An Industry *** --------------------------------------------- For years, nails have been hammering down on the coffin of anti-virus. But none have really put the beast to bed. An industry founded in the 1980s, a time when John McAfee was known as a pioneer rather than a tequila-downing rascal, .. --------------------------------------------- http://www.forbes.com/sites/thomasbrewster/2015/08/26/netflix-and-death-of-… *** CryptoGirl on StageFright: A Detailed Explanation *** --------------------------------------------- Detecting the PoCs published by Zimperium is not difficult: you can fingerprint the PoCs, for example. Detecting variants of the PoCs, i.e., MP4s that use one of the discovered vulnerabilities, is far more difficult. Ill explain why in a .. --------------------------------------------- http://blog.fortinet.com/post/cryptogirl-on-stagefright-a-detailed-explanat…

1 0

Tageszusammenfassung - Dienstag 25-08-2015
by Daily end-of-shift report 25 Aug '15

25 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 24-08-2015 18:00 − Dienstag 25-08-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Signed Dridex Campaign *** --------------------------------------------- Malware authors use various means to make their malware look similar to legitimate software. One such approach involves signing a malware sample with a digital certificate. Recently we saw Dridex malware authors using this technique while .. --------------------------------------------- http://research.zscaler.com/2015/08/signed-dridex-campaign.htm *** AlienSpy RAT Resurfaces as JSocket *** --------------------------------------------- The dismantled AlientSpy remote access Trojan, the same malware found on the phone of dead Argentine prosecutor Alberto Nisman, has resurfaced with new crypto and a new name. --------------------------------------------- http://threatpost.com/alienspy-rat-resurfaces-as-jsocket/114385 *** Cisco Prime Infrastructure Web Interface Cross-Site Request Forgery Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40652 *** RTF Exploit Installs Italian RAT: uWarrior *** --------------------------------------------- Unit 42 researchers have observed a new Remote Access Tool (RAT) constructed by an unknown actor of Italian origin. This RAT, referred to as uWarrior because of embedded PDB strings, has been previously described .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-ita… *** Multiple vulnerabilities in Hewlett-Packard KeyView IDOL *** --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-405 http://www.zerodayinitiative.com/advisories/ZDI-15-404 http://www.zerodayinitiative.com/advisories/ZDI-15-403 http://www.zerodayinitiative.com/advisories/ZDI-15-402 http://www.zerodayinitiative.com/advisories/ZDI-15-401 http://www.zerodayinitiative.com/advisories/ZDI-15-400 http://www.zerodayinitiative.com/advisories/ZDI-15-399 http://www.zerodayinitiative.com/advisories/ZDI-15-398 http://www.zerodayinitiative.com/advisories/ZDI-15-397 *** Ask Sucuri: How Did My WordPress Website Get Hacked? *** --------------------------------------------- With the proliferation of Infrastructure and Platform as a Service providers, it is no surprise that a majority of today's websites are hosting in the proverbial cloud. This is great because it allows organizations and individuals alike to quickly deploy their websites, with relatively little overhead .. --------------------------------------------- https://blog.sucuri.net/2015/08/ask-sucuri-how-did-my-wordpress-website-get… *** What I learned from cracking 4000 Ashley Madison passwords *** --------------------------------------------- When the Ashley Madison database first got dumped, there was an interesting contingent of researchers talking about how pointless it would be to crack the passwords, .. --------------------------------------------- http://www.pxdojo.net/2015/08/what-i-learned-from-cracking-4000.html *** Browsefox variant High Stairs *** --------------------------------------------- https://blog.malwarebytes.org/security-threat/2015/08/browsefox-variant-hig… *** Datenschutz: Ashley Madison wusste von gravierenden Sicherheitsmängeln *** --------------------------------------------- Einige Wochen vor dem Angriff des Impact Teams warnten interne Sicherheitsexperten vor gravierenden Mängeln in der Infrastruktur der Webseite. --------------------------------------------- http://www.golem.de/news/datenschutz-ashley-madison-wusste-von-gravierenden… *** Ashley Madison: Gehackte Seitensprung-Site hackte eigene Konkurrenz *** --------------------------------------------- Die Dating-Webseite, die vor kurzem Opfer eines Hacker-Angriffs und Datenleck wurde, hat vor einigen Jahren selbst eine Konkurrenzplattform angegriffen. Dabei soll der Technikchef von Ashley Madison die Datenbank der Konkurrenz kopiert haben. --------------------------------------------- http://heise.de/-2790189 *** Are Data Breaches Getting Larger? *** --------------------------------------------- This research says that data breaches are not getting larger over time. "Hype and Heavy Tails: A Closer Look at Data Breaches," by Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest: Abstract: Recent widely publicized data breaches have .. --------------------------------------------- https://www.schneier.com/blog/archives/2015/08/are_data_breach.html *** You are the weakest link - goodbye! *** --------------------------------------------- On my first visit to Team Cymru's HQ in Lake Mary, Florida, I found myself reading the wall hangings and looking at the pictures depicting specific times in history. Many of them depicting the inspiring words of leaders such as Churchill. It lead me to think about the many lessons that can we learn from .. --------------------------------------------- https://blog.team-cymru.org/2015/08/you-are-the-weakest-link-goodbye/ *** Github Mitigates DDoS Attack *** --------------------------------------------- Github said it turned back a distributed denial of service attack; it's unknown whether this attack is related to a similar attack this March. --------------------------------------------- http://threatpost.com/github-mitigates-ddos-attack/114403 *** Gehackter Samsung-Kühlschrank verrät Gmail-Anmeldedaten *** --------------------------------------------- Auf der Hackerkonferenz DEFCON wurde eine Methode präsentiert, mit der ein Kühlschrank-Modell von Samsung dazu gebracht werden kann, Gmail-Log-ins zu verraten. --------------------------------------------- http://futurezone.at/digital-life/gehackter-samsung-kuehlschrank-verraet-gm… *** Certifi-Gate: Missbräuchliche App im Google Play Store entdeckt *** --------------------------------------------- Sicherheitsforscher präsentierten vor wenigen Wochen eine Schwachstelle, die Fernverwaltungs-Software wie Teamviewer betrifft. Im Nachgang fanden die Forscher eine App in Googles Play Store, die genau diese Schwäche ausnutzt. --------------------------------------------- http://heise.de/-2790706

1 0

Tageszusammenfassung - Montag 24-08-2015
by Daily end-of-shift report 24 Aug '15

24 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-08-2015 18:00 − Montag 24-08-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Extortionists Target Ashley Madison Users *** --------------------------------------------- People who cheat on their partners are always open to extortion by the parties involved. But when the personal details of millions of cheaters gets posted online for anyone to download - as is the case with the recent hack of infidelity hookup .. --------------------------------------------- http://krebsonsecurity.com/2015/08/extortionists-target-ashley-madison-user… *** Exploring a 'Malwarebytes Anti-Malware for Windows 10 - website' *** --------------------------------------------- Here at Malwarebytes, we offer support for a wide variety of Windows Operating Systems - from XP right up to Windows 10. The latter OS is the starting point for this blog post, with a website located .. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/08/exploring-an-mbam-for… *** One font vulnerability to rule them all #4: Windows 8.1 64-bit sandbox escape exploitation *** --------------------------------------------- This is the final part #4 of the 'One font vulnerability to rule them all' blog post series. In the previous posts, we introduced the 'blend' PostScript operator vulnerability and successfully used it to first exploit Adobe Reader, and later escape .. --------------------------------------------- http://googleprojectzero.blogspot.com/2015/08/one-font-vulnerability-to-rul… *** Cisco Wireless LAN Controller IPv6 IAPP WIPS Report Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40586 *** BSI: Richtlinie für sicheren Mail-Transport zeigt bereits Wirkung *** --------------------------------------------- Mit dem Erscheinen der Richtlinie wird leichter verständlich, weshalb Web.de und GMX nicht nur die PGP-Verschlüsselung für Mails eingeführt haben, sondern überraschend auch auf die Sicherheitstechniken DNSSEC und DANE setzen. --------------------------------------------- http://heise.de/-2788316 *** MMD-0039-2015 - ChinaZ made new malware: ELF Linux/BillGates.Lite *** --------------------------------------------- There are tweets I posted which is related to this topic, Our team spotted the sample a week ago. And this post is the promised details, I am sorry for the delay for limited resource that we have since for a week I focused to help .. --------------------------------------------- http://blog.malwaremustdie.org/2015/08/mmd-0039-2015-chinaz-made-new-malwar… *** Google Analyticator <= 6.4.9.4 - Multiple Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8159 *** Sending Windows Event Logs to Logstash *** --------------------------------------------- This topic is not brand new, there exists plenty of solutions to forward Windows event logs to Logstash (OSSEC, Snare or NXlog amongst many others). They perform a decent job to collect events on running systems .. --------------------------------------------- https://blog.rootshell.be/2015/08/24/sending-windows-event-logs-to-logstash/ *** Mass FTP Crawling *** --------------------------------------------- The combination of interesting files one can find on public FTP servers plus the technical expertise required to make a decent search engine motivated me to write Findex and ultimately this article. --------------------------------------------- http://findex.cedsys.nl/research/mass-ftp-crawling/ *** Bundestags-IT nach Reparatur wieder online *** --------------------------------------------- Das IT-System des Deutschen Bundestags ist nach mehrtägigen Reparaturarbeiten am Montag wieder hochgefahren worden. Nach Behebung der Folgen eines Hackerangriffs ging das System wieder ans Netz, wie eine Parlamentssprecherin bestätigte. Die Abgeordneten und Mitarbeiter wurden demnach per Lautsprecher am Montagvormittag über den Neustart des Systems informiert. --------------------------------------------- http://derstandard.at/2000021189218 *** Compromising a honeypot network through the Kippo password when logstash exec is used *** --------------------------------------------- We have been playing with Honeypots lately (shoutout to Theo and Sebastian for adding their honeypots to the network), collecting and visualizing the data from the honeypots is done .. --------------------------------------------- https://forsec.nl/2015/08/compromising-a-honeypot-network-through-the-kippo… *** Exploiting the Mercury Browser for Android *** --------------------------------------------- The Mercury Browser for Android suffers from an insecure Intent URI scheme implementation and a path traversal vulnerability within a custom web server used to support its WiFi Transfer feature. Chaining these vulnerabilities together can allow a .. --------------------------------------------- http://rotlogix.com/2015/08/23/exploiting-the-mercury-browser-for-android/ *** Username Enumeration against OpenSSH/SELinux with CVE-2015-3238 *** --------------------------------------------- I recently disclosed a low-risk vulnerability in Linux-PAM versions prior to 1.2.1 which allows attackers to conduct username enumeration and denial of service attacks. The purpose of this post is to provide more technical details around this vulnerability. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-ag…

1 0

Tageszusammenfassung - Freitag 21-08-2015
by Daily end-of-shift report 21 Aug '15

21 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-08-2015 18:00 − Freitag 21-08-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Top 3 biggest mistakes enterprises make in application security *** --------------------------------------------- Enterprise information security encompasses a broad set of disciplines and technologies, but at the highest level it can be broken down into three main categories: network security, endpoint security ... --------------------------------------------- http://www.net-security.org/article.php?id=2362 *** Apple Patches QuickTime Crash and Code Execution Flaws *** --------------------------------------------- Apple pushed out a new version of QuickTime that patched nine vulnerabilities, including a handful of denial of service and code execution bugs. --------------------------------------------- http://threatpost.com/apple-patches-quicktime-crash-and-code-execution-flaw… *** Security Awareness for Managers: Protecting Yourself and Your Company *** --------------------------------------------- Nowadays, security awareness training (SAT) is a top priority for organizations of any sizes. Thanks to SAT, management and employees can understand IT governance issues and control solutions as well as recognize concerns, understand their relevance and respond accordingly. Many companies invest heavily in cybersecurity education programs for employees to learn how to protect their... --------------------------------------------- http://resources.infosecinstitute.com/security-awareness-for-managers-prote… *** WordPress Compromises Behind Spike in Neutrino EK Traffic *** --------------------------------------------- A rash of compromised WordPress websites is behind this week's surge in Neutrino Exploit Kit traffic --------------------------------------------- http://threatpost.com/wordpress-compromises-behind-spike-in-neutrino-ek-tra… *** National Cyber Security Strategies: the latest news *** --------------------------------------------- http://www.enisa.europa.eu/media/news-items/national-cyber-security-strateg… *** APPLE-SA-2015-08-20-1 QuickTime 7.7.8 *** --------------------------------------------- APPLE-SA-2015-08-20-1 QuickTime 7.7.8QuickTime 7.7.8 is now available and addresses the following:QuickTimeAvailable for: Windows 7 and Windows VistaImpact: Processing a maliciously crafted file may lead to anunexpected application termination or arbitrary code execution [...] --------------------------------------------- http://prod.lists.apple.com/archives/security-announce/2015/Aug/msg00004.ht… *** ZDI-15-395: Foxit Reader GIF Conversion Heap Corruption Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-395/ *** ZDI-15-396: ManageEngine Service Desk File Upload Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine ServiceDesk. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-396/ *** Splunk Input Validation Flaw in Splunk Web Lets Remote Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1033339 *** Bugtraq: ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/536278 *** Bugtraq: [oCERT-2015-009] VLC arbitrary pointer dereference *** --------------------------------------------- http://www.securityfocus.com/archive/1/536287

1 0

Tageszusammenfassung - Donnerstag 20-08-2015
by Daily end-of-shift report 20 Aug '15

20 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 19-08-2015 18:00 − Donnerstag 20-08-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Inside the Unpatched OS X Vulnerabilities *** --------------------------------------------- Italian researcher Luca Todesco explains how exploiting two vulnerabilities in OS X gain enable root access for a hacker. He wont, however, say why he went public with details and exploit code before Apple patched. --------------------------------------------- http://threatpost.com/inside-the-unpatched-os-x-vulnerabilities/114344 *** Three bypasses and a fix for one of Flashs Vector. mitigations *** --------------------------------------------- Posted by Chris Evans, Cookie MonsterWith the release of Flash 18.0.0.209, two mitigations were introduced to combat abuse of Vector corruptions -- we covered these in a previous blog post. Flash 18.0.0.232 has just been released and it includes a change to the way one of the mitigations is implemented, to address Project Zero bug 482.This blog post notes some ways to bypass the way Adobe implemented the Vector. length checking mitigation. They are already fixed. It's not uncommon for new... --------------------------------------------- http://googleprojectzero.blogspot.com/2015/08/three-bypasses-and-fix-for-on… *** AdBlocker Plus exploit puts OSX users at risk *** --------------------------------------------- A visit to the Apple store will give any consumer a false sense of security, you will be told that by buying a Mac you are safe from threats and malware. I have... --------------------------------------------- http://www.webroot.com/blog/2015/08/19/adblocker-plus-puts-osx-at-risk/ *** Evaluating the security of open source software *** --------------------------------------------- The Core Infrastructure Initiative (CII), a project managed by The Linux Foundation, is developing a new free Badge Program, seeking input from the open source community on the criteria to be used to ... --------------------------------------------- http://www.net-security.org/secworld.php?id=18786 *** A light-weight forensic analysis of the AshleyMadison Hack *** --------------------------------------------- So Ashley Madison(AM) got hacked, it was first announced about a month ago and the attackers claimed theyd drop the full monty of user data if the AM website did not cease operations. The AM parent company Avid Life Media(ALM) did not cease business operations for the site and true to their word; the attackers seemed of have leaked everything they promised on August 18th 2015 including:... --------------------------------------------- http://blog.includesecurity.com/2015/08/forensic-analysis-of-the-AshleyMadi… *** Popular Tools for Brute-force Attacks *** --------------------------------------------- The brute-force attack is still one of the most popular password cracking methods. Nevertheless, it is not just for password cracking. Brute-force attacks can also be used to discover hidden pages and content in a web application. This attack is basically "a hit and try" until you succeed. This attack sometimes takes longer, but its... --------------------------------------------- http://resources.infosecinstitute.com/popular-tools-for-brute-force-attacks/ *** Web.de und GMX führen PGP-Verschlüsselung für Mail ein *** --------------------------------------------- Sehr einfach zu bedienen, aber dennoch sicher soll die PGP-Erweiterung der Mail-Dienste von Web.de und GMX sein, die sich per Web-Oberfläche und Mobil-Apps nutzen lässt. --------------------------------------------- http://heise.de/-2786133 *** Yet another Android security flaw: This time EVERYTHING is affected *** --------------------------------------------- Multitasking security flap places entire user base at risk of neer-do-well activity Security researchers have discovered yet another source of security flaws in Android. This time the problem affects the mobile operating systems multitasking functionality rather than the handling of multimedia messages, the crux of a cyber of recent vulnerabilities* including the infamous Stagefright flaw. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/08/20/android_mul… *** [R1] Apache Vulnerabilities Affects Tenable SecurityCenter *** --------------------------------------------- http://www.tenable.com/security/tns-2015-11 *** Cisco Aggregation Services Router ASR 5000 and ASR 5500 OSPF Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40585 *** VU#276148: Dedicated Micros DVR products use plaintext protocols and require no password by default *** --------------------------------------------- Vulnerability Note VU#276148 Dedicated Micros DVR products use plaintext protocols and require no password by default Original Release date: 20 Aug 2015 | Last revised: 20 Aug 2015 Overview Dedicated Micros DVR products, including the DV-IP Express, SD Advanced, SD, EcoSense, and DS2, by default use plaintext protocols and require no password. Description CWE-311: Missing Encryption of Sensitive DataDedicated Micros DVR products by default use HTTP, telnet, and FTP rather than secure --------------------------------------------- http://www.kb.cert.org/vuls/id/276148 *** Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CORE-2015-003Project: Drupal core Version: 6.x, 7.xDate: 2015-August-19Security risk: 18/25 ( Critical) AC:Complex/A:User/CI:All/II:All/E:Proof/TD:AllVulnerability: Cross Site Scripting, Access bypass, SQL Injection, Open Redirect, Multiple vulnerabilitiesThis security advisory fixes multiple vulnerabilities. See below for a list.Cross-site Scripting - Ajax system - Drupal 7A vulnerability was found that allows a malicious user to perform a cross-site scripting attack by --------------------------------------------- https://www.drupal.org/SA-CORE-2015-003

1 0

Tageszusammenfassung - Mittwoch 19-08-2015
by Daily end-of-shift report 19 Aug '15

19 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-08-2015 18:00 − Mittwoch 19-08-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** SANS Incident Response Survey 2015 Infographic *** --------------------------------------------- So, you have a security policy, a blue team tasked with protecting your organization and an incident response plan. What happens when the inevitable occurs - you are attacked? SANS just released their 2015 Incident Response survey, summarizing results from 507 survey respondents who shared the top attack types they are seeing, and what is (and it not) working today in terms of incident response. The good news: malware, data breaches and Advanced Persistent Threats (APT's) were all... --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/sans-incident-response… *** Who should be responsible for IT security? *** --------------------------------------------- Hot potato, or hot job? Typically, when a cybersecurity problem arises, it's the IT department that gets it in the neck. Ostensibly, that makes sense. After all, if someone is in your network mining your database for corporate secrets, it's hardly the office manager or the accounts receivable department's lookout, right? --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/08/18/responsibil… *** Kehrtwende bei Mail-Sicherheit: Web.de und GMX führen DANE ein *** --------------------------------------------- Mit seinen beiden Diensten gehört United Internet zu den Gründern der Initiative "E-Mail made in Germany", die ein eigenes Verfahren für die Absicherung des Mail-Transports einsetzt. Dennoch soll nun die moderne DANE-Technik hinzukommen. --------------------------------------------- http://heise.de/-2782473 *** Später lesen: Schwerwiegende Backend-Lücken in Pocket nachgewiesen *** --------------------------------------------- Ohne viel Aufwand hat ein Sicherheitsforscher auf die Backend-Infrastruktur von Pocket zugreifen können. Die Fehler sind zwar inzwischen behoben, dem Streit um die Aufnahme der App zum späteren Lesen in den Firefox-Browser könnte dies aber neuen Anschub geben. --------------------------------------------- http://www.golem.de/news/spaeter-lesen-schwerwiegende-backend-luecken-in-po… *** Outsourcing critical infrastructure (such as DNS), (Wed, Aug 19th) *** --------------------------------------------- Migrating everything to cloud or various online services is becoming increasingly popular in last couple of years (and will probably not stop). However, leaving our most valuable jewels with someone else makes a lot of security people (me included) nervous. During some of the latest external penetration tests I noticed an increasing trend of companies moving some of their services to various cloud solutions or to their providers.target.com. IN ANSWER SECTION: target.com. 1365 IN NS --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20057&rss *** IE Bug Exploited In Wild After Microsoft Releases Out-Of-Band Patch *** --------------------------------------------- Remote code execution vulnerability in Internet Explorer versions 7 through 11 being used to drop PlugX RAT. --------------------------------------------- http://www.darkreading.com/attacks-breaches/ie-bug-exploited-in-wild-after-… *** MS15-093 - Critical: Security Update for Internet Explorer (3088903) - Version: 1.0 *** --------------------------------------------- This security update resolves a vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS15-093 *** Security Hotfix Available for LiveCycle Data Services (APSB15-20) *** --------------------------------------------- A Security Bulletin (APSB15-20) has been published regarding a hotfix for LiveCycle DS. This hotfix addresses an important vulnerability that could result in information disclosure. Adobe recommends users apply the hotfix using the instructions provided in the "Solution" section of the Security Bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1259 *** Fortinet FortiGate/FortiOS MAC Authentication Flaw Lets Remote Users Modify Data on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1033256 *** Security Notice - Statement on "Fingerprints on Mobile Devices: Abusing and Leaking" at the Black Hat Conference *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** DSA-3337 gdk-pixbuf - security update *** --------------------------------------------- Gustavo Grieco discovered a heap overflow in the processing of BMP imageswhich may result in the execution of arbitrary code if a malformed imageis opened. --------------------------------------------- https://www.debian.org/security/2015/dsa-3337 *** Security Advisory: ICMP packet processing vulnerability CVE-2015-5058 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/17000/000/sol17047.htm… *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime and IBM WebSphere Application Server Liberty Profile affect WebSphere Appliance Management Center *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21963684 *** IBM Security Bulletin: Websphere Message Broker and IBM Integration Bus are affected by access control vulnerability (CVE-2015-2018) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21961734 *** Security Bulletin: Vulnerabilities in SSLv3 and GNU C library (glibc) affect multiple products shipped with Intelligent Cluster (CVE-2014-3566, CVE-2015-0235) *** --------------------------------------------- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098516 *** Cisco TelePresence Video Communication Server Expressway Command Execution Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40522 *** Cisco Unified Interaction Manager Cross-Site Scripting Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40555 *** Cisco TelePresence Video Communication Server Expressway Arbitrary File Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40518 *** Multiple Cisco Finesse Cross-Site Scripting Vulnerabilities *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40436

1 0

Tageszusammenfassung - Dienstag 18-08-2015
by Daily end-of-shift report 18 Aug '15

18 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 17-08-2015 18:00 − Dienstag 18-08-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Attacking ECMAScript Engines with Redefinition *** --------------------------------------------- Posted by Natalie Silvanovich = function () { return n; }ECMAScript has a property where almost all functions and variables can be dynamically redefined. This can lead to vulnerabilities in situations where native code assumes a function or variable behaves a certain way when accessed or does not have certain side effects when it can in fact be redefined. Project Zero has discovered 24 vulnerabilities involving ECMAScript redefinition in Adobe Flash in the past few months and similar issues... --------------------------------------------- http://googleprojectzero.blogspot.com/2015/08/attacking-ecmascript-engines-… *** Tool Tip: Kansa Stafford released, PowerShell for DFIR, (Mon, Aug 17th) *** --------------------------------------------- In his most recent post, Guy asked Are You a Hunter?. Heres one way to become one. Dave Hull has just published the Stafford release of his exemplary PowerShell DFIR tool, Kansa. For the uninitiated, Kansa is amodular incident response framework in Powershell.(PS v3 or higher preferred)that uses Powershell Remoting to run user contributed modules across hosts in an enterprise to collect data for use during incident response, breach hunts, or for building an environmental baseline. Per Daves... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20049&rss *** Risky Schneider Electric SCADA Vulnerabilities Remain Unpatched *** --------------------------------------------- Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON. --------------------------------------------- http://threatpost.com/risky-schneider-electric-scada-vulnerabilities-remain… *** Ransomware goes OPEN SOURCE in the name of education *** --------------------------------------------- Won't somebody think of the script kiddies? Turkish security bod Utku Sen has published what appears to be the first open source ransomware that anyone to download and spread. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/08/18/ransomware_… *** How Not to Start an Encryption Company *** --------------------------------------------- Probably the quickest way for a security company to prompt an overwhelmingly hostile response from the security research community is to claim that its products and services are "unbreakable" by hackers. The second-fastest way to achieve that outcome is to have that statement come from an encryption company CEO who served several years in federal prison for running a $210 million Ponzi scheme. Heres the story of a company that managed to accomplish both at the same time and is now... --------------------------------------------- http://krebsonsecurity.com/2015/08/how-not-to-start-an-encryption-company/ *** Sicherheitsrisiko Mainframe: Großrechner aus dem Internet erreichbar *** --------------------------------------------- Ein Sicherheitsforscher warnt, dass Mainframes zu einem leichten Angriffsziel werden könnten. --------------------------------------------- http://www.heise.de/newsticker/meldung/Sicherheitsrisiko-Mainframe-Grossrec… *** 1&1, GMX und Web.de: Millionen E-Mail-Postfächer waren angreifbar *** --------------------------------------------- Bei den E-Mail-Anbietern 1&1, Gmx und Web.de klaffte bis vor wenigen Tagen eine Sicherheitslücke, über die Angreifer unter bestimmten Umständen Zugriff auf fremde Konten bekommen konnten. --------------------------------------------- http://heise.de/-2782618 *** When You Can't ARPSpoof *** --------------------------------------------- There are times during a penetration test when you are having difficulty gaining the credentials you want from a host that has already been compromised. You have successfully socially engineered a system administrator or other user with privileges to a web application and you have established a meterpreter shell. You can dump the password hashes... --------------------------------------------- http://resources.infosecinstitute.com/when-you-cant-arpspoof/ *** Reflection DDoS Attacks Abusing RPC Portmapper *** --------------------------------------------- Level 3 Communications has discovered a new type of reflection DDoS attack that takes advantage of RPC Portmapper to overwhelm networking services. --------------------------------------------- http://threatpost.com/reflection-ddos-attacks-abusing-rpc-portmapper/114318 *** SAP Afaria 7 Buffer Overflow *** --------------------------------------------- Topic: SAP Afaria 7 Buffer Overflow Risk: High Text:Application: SAP Afaria 7 Versions Affected: SAP Afaria 7, probably others Vendor URL: http://SAP.com Bugs: Buffer Overflow ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015080088 *** DSA-3336 nss - security update *** --------------------------------------------- Several vulnerabilities have been discovered in nss, the Mozilla NetworkSecurity Service library. The Common Vulnerabilities and Exposures projectidentifies the following problems:... --------------------------------------------- https://www.debian.org/security/2015/dsa-3336 *** Bugtraq: EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532) *** --------------------------------------------- http://www.securityfocus.com/archive/1/536244 *** ZDI-15-393: Foxit Reader TIFF Conversion Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-393/ *** GnuTLS ServerKeyExchange Validation Flaw May Let Remote Users Forge Signatures *** --------------------------------------------- http://www.securitytracker.com/id/1033225 *** DFN-CERT-2015-1277. Linux-Kernel: Mehrere Schwachstellen ermöglichen einen Denial-of-Service-Angriff *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1277/ *** Security Notice - Statement about the Stagefright Security Vulnerability in Android OS Disclosed by Zimperium *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** Security Advisory - DoS Vulnerability in Huawei MBB Product *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21964039 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM GPFS Native RAID (CVE-2015-2638, CVE-2015-4760, CVE-2015-2619, CVE-2015-2613) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1022565 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Rational RequisitePro (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21964441 *** Apache ActiveMQ Directory Traversal Flaw Lets Remote Users Upload Files and Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1033315 *** USN-2710-2: OpenSSH regression *** --------------------------------------------- Ubuntu Security Notice USN-2710-218th August, 2015openssh regressionA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryUSN-2710-1 introduced a regression in OpenSSH.Software description openssh - secure shell (SSH) for secure access to remote machines DetailsUSN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix forCVE-2015-5600 caused a regression resulting in random authenticationfailures in non-default... --------------------------------------------- http://www.ubuntu.com/usn/usn-2710-2/ *** VU#248692: Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities *** --------------------------------------------- Vulnerability Note VU#248692 Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities Original Release date: 18 Aug 2015 | Last revised: 18 Aug 2015 Overview Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass. Description The Trend Micro Deep Discovery platform "enables you to detect, analyze, and respond to today's stealthy, targeted attacks in real time." It may be... --------------------------------------------- http://www.kb.cert.org/vuls/id/248692 *** Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40523

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily August 2015