Daily September 2015

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - Mittwoch 2-09-2015
by Daily end-of-shift report 02 Sep '15

02 Sep '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 01-09-2015 18:00 − Mittwoch 02-09-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Demystifying File and Folder Permissions *** --------------------------------------------- If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the same core ideas. The file permissions in Linux, Mac, and Windows computers are very similar to the file and folder permissions in Apache, Nginx, and IIS servers. You can right-clickRead More The post Demystifying File and Folder Permissions appeared first on Sucuri Blog. --------------------------------------------- https://blog.sucuri.net/2015/09/demystifying-file-and-folder-permissions.ht… *** Whats the situation this week for Neutrino and Angler EK?, (Wed, Sep 2nd) *** --------------------------------------------- Introduction Last month in mid-August 2015, an actor using Angler exploit kit (EK) switched to Neutrino EK [1]. A few days later, we found that actor using Angler again [2]. This week, were back to seeingNeutrino EK from the same actor. Neutrino EK from this actor is sending TeslaCrypt 2.0 as the payload. We also saw another actor use Angler EK to pushBedep during the same timeframe. Todays diary looks at two infection chains from Tuesday 2015-09-01, one for Angler EK and another for Neutrino. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20101&rss *** Verschlüsselung: Microsoft, Google und Mozilla schalten RC4 2016 ab *** --------------------------------------------- Es ist ein überfälliger Schritt: Microsoft, Google und Mozilla haben angekündigt, den unsicheren Verschlüsselungsalgorithmus RC4 ab 2016 in ihren Produkten endgültig nicht mehr zu verwenden. Ein konkretes Datum nennt bislang jedoch nur Mozilla. --------------------------------------------- http://www.golem.de/news/verschluesselung-microsoft-google-und-mozilla-scha… *** Per Web und USB-Stick: Smart-TVs vielfältig angreifbar *** --------------------------------------------- Mit vergleichsweise simplen Methoden haben Sicherheitsforscher App-Nutzerdaten von Medienabspielern und Smart TVs ausgelesen. Dabei konnten sie auch die Kamera aktivieren und bis auf die Root-Ebene vordringen. --------------------------------------------- http://heise.de/-2797227 *** Router-Lücken: Belkin N600 DB macht es den Hackern einfach *** --------------------------------------------- Die Beschreibung der Lücken in Belkins Heimrouter liest sich wie ein Handbuch mit Negativbeispielen der Firmware-Programmierung. Angreifer können die Nutzer des Routers unter anderem auf beliebige Webseiten umleiten. Abhilfe gibt es nicht. --------------------------------------------- http://heise.de/-2800853 *** IBM: CoreBot malware - simple but dangerous info stealer *** --------------------------------------------- IBMs X-Force research team has uncovered a new piece of data-swiping malware whose modular design allows it to be quickly altered and made even more dangerous. --------------------------------------------- http://www.scmagazine.com/x-force-team-uncovers-data-swiping-malware/articl… *** Factoring RSA Keys With TLS Perfect Forward Secrecy *** --------------------------------------------- What is being disclosed today? Back in 1996, Arjen Lenstra described an attack against an optimization (called the Chinese Remainder Theorem optimization, or RSA-CRT for short). If a fault happened during the computation of a signature (using the RSA-CRT optimization),... --------------------------------------------- https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perf… *** Adware-Installer erschleicht Zugriff auf den Mac-Schlüsselbund *** --------------------------------------------- Ein neuer Adware-Installer nutzt nach Angabe von Sicherheitsforschern einen simplen Trick, um sich ohne weiteres Zutun des Nutzers Zugang zum Schlüsselbund von OS X einzuräumen. --------------------------------------------- http://heise.de/-2802238 *** Cisco NX-OS Malformed ARP Header Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40748 *** VU#903500: Seagate 36C wireless hard-drive contains multiple vulnerabilities *** --------------------------------------------- Vulnerability Note VU#903500 Seagate 36C wireless hard-drive contains multiple vulnerabilities Original Release date: 01 Sep 2015 | Last revised: 01 Sep 2015 Overview The Seagate 36C wireless hard-drive contains multiple vulnerabilities. Description CWE-798: Use of Hard-coded Credentials - CVE-2015-2874 The Seagate 36C wireless hard-drive provides undocumented Telnet services accessible by using the default credentials of root as username and the default password.CWE-425: Direct Request --------------------------------------------- http://www.kb.cert.org/vuls/id/903500 *** ZDI-15-408: Hewlett-Packard LoadRunner Controller Scenario File Stack Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability could allow attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-408/ *** Siemens RUGGEDCOM ROS IP Forwarding Vulnerability *** --------------------------------------------- This advisory provides mitigation details for an IP forwarding vulnerability in older versions of Siemens RUGGEDCOM ROS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-244-01 *** Edimax BR6228nS/BR6228nC - Multiple vulnerabilities *** --------------------------------------------- Topic: Edimax BR6228nS/BR6228nC - Multiple vulnerabilities Risk: Medium Text:# Title: Edimax BR6228nS/BR6228nC - Multiple vulnerabilities # Date: 01.09.15 # Vendor: edimax.com # Firmware version: 1.22 ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015090013 *** Security Advisory - No Authentication Vulnerability on the Serial Port of the UAP2105 *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** [HTB23269]: Cross-Site Request Forgery in Cerb *** --------------------------------------------- Product: Cerb v7.0.3Vulnerability Type: Cross-Site Request Forgery [CWE-352]Risk level: Medium Creater: Webgroup Media LLCAdvisory Publication: August 12, 2015 [without technical details]Public Disclosure: September 2, 2015 CVE Reference: CVE-2015-6545 CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Vulnerability Details: High-Tech Bridge Security Research Lab discovered CSRF vulnerability in Cerb platform, which can be exploited to perform Cross-Site Request Forgery attacks against --------------------------------------------- https://www.htbridge.com/advisory/HTB23269 *** DFN-CERT-2015-1353: Xen: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1353/ *** Bugtraq: ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/536377 *** SiS Windows VGA Display Manager Multiple Privilege Escalation *** --------------------------------------------- Topic: SiS Windows VGA Display Manager Multiple Privilege Escalation Risk: Medium Text:KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation Title: SiS Windows VGA Display Manager Mult... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015090019 *** XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation *** --------------------------------------------- Topic: XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Risk: Medium Text:KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Title: XGI Windows VGA Display Manag... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015090018 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM SONAS (CVE-2015-2613) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005343 *** IBM Security Bulletin: HTTP Request smuggling vulnerability may affect IBM HTTP Server (CVE-2015-3183) *** http://www.ibm.com/support/docview.wss?uid=swg21963361 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience *** http://www.ibm.com/support/docview.wss?uid=swg21960713 *** IBM Security Bulletin: IBM WebSphere MQ 7.0.1 potential denial of service (CVE-2015-2013) *** http://www.ibm.com/support/docview.wss?uid=swg21962479 *** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects TS3100/TS3200 (CVE-2015-4000) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005368&myns=s034&m… *** IBM Security Bulletin: IBM Maximo Asset Management could allow a local attacker to obtain information due to the autocomplete feature on password input fields (CVE-2015-1933) *** http://www.ibm.com/support/docview.wss?uid=swg21965080 *** IBM Security Bulletin: Default Password Requirements are weak on new installations of IBM Maximo Asset Management (CVE-2015-1934) *** http://www.ibm.com/support/docview.wss?uid=swg21964855 *** Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098599

1 0

Tageszusammenfassung - Dienstag 1-09-2015
by Daily end-of-shift report 01 Sep '15

01 Sep '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 31-08-2015 18:00 − Dienstag 01-09-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** How the SIEM Solution Can Help in Achieving PCI-DSS *** --------------------------------------------- We all know that PCI-DSS is one of the toughest compliances/certifications to hold, but organizations that seek to be PCI-DSS compliant can greatly benefit if they incorporate a SIEM solution around the Card Holder Data Environment (CDE). In this article, we will learn how the SIEM solution can be leveraged to satisfy a majority of... --------------------------------------------- http://resources.infosecinstitute.com/how-the-siem-solution-can-help-in-ach… *** Microsoft accused of adding spy features to Windows 7, 8 *** --------------------------------------------- The privacy impact of Windows telemetry features continues to be scrutinized. --------------------------------------------- http://arstechnica.com/information-technology/2015/08/microsoft-accused-of-… *** ORX Locker, the new Darknet Ransomware-as-a-service platform *** --------------------------------------------- Security experts at Sensecy have uncovered ORX-Locker, a Darknet Ransomware-as-a-service platform that could allow everyone to become a cyber criminal. It is becoming even easier to become a cyber-criminal thanks to the model of sale known as malware-as-a-service that offers off-the-shelf malware for rent or sale. Recently malware authors started to offer also Ransomware-as-a-Service (RaaS), in... --------------------------------------------- http://securityaffairs.co/wordpress/39753/cyber-crime/orx-locker-raas.html 3430 *** l+f: Simuliertes Firmennetz als Spielwiese für Hacker *** --------------------------------------------- Im simulierten Netzwerk des Penetration Test Lab kann man virtuellen Systemen mit echten Pentesting-Tools auf den Zahn fühlen. --------------------------------------------- http://heise.de/-2795897 *** Android: Mehr Smartphones mit vorinstallierter Malware *** --------------------------------------------- Zwischenhändler sollen immer mehr Modelle aus dem Android-Lager vor dem Verkauf manipulieren, indem sie beliebte Apps mit Malware-Komponenten ausstatten und auf den Geräten installieren. --------------------------------------------- http://heise.de/-2794608 *** MassVet finds unknown malicious apps in app stores in 10 Sec *** --------------------------------------------- A group of researchers have developed a method dubbed Mass Vetting (MassVet) to find unknown malicious apps in app stores in 10 Seconds. A group of University researchers has created a new method for detecting malicious apps running on an Android devices called MassVet. MassVet doesn't use the old method of signatures scanning, instead it compares... --------------------------------------------- http://securityaffairs.co/wordpress/39762/malware/massvet-android-scan.html *** iOS-Trojaner ermöglichte Einkauf im App Store mit gehackten Accounts *** --------------------------------------------- Palo Alto Networks hat Details zu der letzte Woche entdeckten Hintertür in mehreren in China verteilten Jailbreak-Apps und Tweaks genannt. Demnach arbeitet die Malware äußerst trickreich. Gestohlen wurden 225.000 iCloud-Accounts. --------------------------------------------- http://heise.de/-2795857 *** Tired of memorizing passwords? A Turing Award winner came up with this algorithmic trick *** --------------------------------------------- Passwords are a bane of life on the Internet, but one Turing Award winner has an algorithmic approach that he thinks can make them not only easier to manage but also more secure.The average user has some 20 passwords today, and in general the easier they are to remember, the less secure they are. When passwords are used across multiple websites, they become even weaker.Manuel Blum, a professor of computer science at Carnegie Mellon University who won the Turing Award in 1995, has been working... --------------------------------------------- http://www.csoonline.com/article/2978170/data-protection/tired-of-memorizin… *** What Can you Learn from Metadata? *** --------------------------------------------- An Australian reporter for the ABC, Will Ockenden published a bunch of his metadata, and asked people to derive various elements of his life. They did pretty well, even though they were amateurs, which should give you some idea what professionals can do.... --------------------------------------------- https://www.schneier.com/blog/archives/2015/09/what_can_you_le.html *** Cisco AsyncOS for Cisco Email Security Appliance and Cisco Web Security Appliance Cluster Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39785 *** Cisco ASR 1000 Series Aggregation Services Routers Data-Plane Processing Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40708 *** DSA-3346 drupal7 - security update *** --------------------------------------------- Several vulnerabilities were discovered in Drupal, a content managementframework: --------------------------------------------- https://www.debian.org/security/2015/dsa-3346 *** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_gb *** Bugtraq: [security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information *** --------------------------------------------- http://www.securityfocus.com/archive/1/536363 *** Bugtraq: [security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information *** --------------------------------------------- http://www.securityfocus.com/archive/1/536364 *** DFN-CERT-2015-1329: MediaWiki: Mehrere Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1329/ *** Security Advisory: Apache HTTP server vulnerability CVE-2008-0455 *** --------------------------------------------- (SOL17201) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/17000/200/sol17201.htm… *** USN-2727-1: GnuTLS vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-2727-11st September, 2015gnutls28 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04SummaryGnuTLS could be made to crash or run programs if it processed a speciallycrafted certificate.Software description gnutls28 - GNU TLS library DetailsIt was discovered that GnuTLS incorrectly handled parsing CRL distributionpoints. A remote attacker could possibly use this issue to cause a denialof service, or execute arbitrary --------------------------------------------- http://www.ubuntu.com/usn/usn-2727-1/ *** USN-2726-1: Expat vulnerability *** --------------------------------------------- Ubuntu Security Notice USN-2726-131st August, 2015expat vulnerabilityA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryExpat could be made to crash or run programs as your login if it opened aspecially crafted file.Software description expat - XML parsing C library DetailsIt was discovered that Expat incorrectly handled malformed XML data. If auser or application linked against Expat were tricked into opening acrafted --------------------------------------------- http://www.ubuntu.com/usn/usn-2726-1/ *** VU#361684: Router devices do not implement sufficient UPnP authentication and security *** --------------------------------------------- Vulnerability Note VU#361684 Router devices do not implement sufficient UPnP authentication and security Original Release date: 31 Aug 2015 | Last revised: 31 Aug 2015 Overview Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures. Description The UPnP protocol allows automatic device discovery and interaction with devices on a network. The UPnP protocol was originally designed with the threat model of --------------------------------------------- http://www.kb.cert.org/vuls/id/361684 *** VU#201168: Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities *** --------------------------------------------- Vulnerability Note VU#201168 Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities Original Release date: 31 Aug 2015 | Last revised: 31 Aug 2015 Overview Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-5987DNS queries originating from the Belkin N600, such as those to resolve the names of firmware --------------------------------------------- http://www.kb.cert.org/vuls/id/201168

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily September 2015