Daily March 2016

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - Donnerstag 31-03-2016
by Daily end-of-shift report 31 Mar '16

31 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 30-03-2016 18:00 − Donnerstag 31-03-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Auch Google sollte für US-Behörden Smartphones entsperren *** --------------------------------------------- Alles dreht sich im aktuellen Streit um gesperrte Smartphones von mutmaßlichen Straftätern um Apple und das FBI - US-Behörden haben aber auch an Google zahlreiche derartiger Aufforderungen verschickt. Das hat die Bürgerrechtsvereinigung ACLU herausgefunden. --------------------------------------------- http://www.golem.de/news/nicht-nur-apple-auch-google-sollte-fuer-us-behoerd… *** Lücke bei SAP-Software: Hunderttausende Unternehmen gefährdet *** --------------------------------------------- Deutsche Behörden stufen die Mängel als "kritisch" ein, erst seit Oktober behoben --------------------------------------------- http://derstandard.at/2000033938536 *** Trend-Micro-Produkte öffneten triviale Hintertür *** --------------------------------------------- Antiviren-Software soll das System vor bösartiger Software schützen. Immer öfter stellt sich jedoch heraus, dass sie selbst als Einfallstor dienen kann. Ein Sicherheitsexperte demonstriert das zum wiederholten Mal mit Trend Micros Security-Produkten. --------------------------------------------- http://heise.de/-3159436 *** Automatisierte Medikamenten-Verteiler mit über 1400 Sicherheitslücken *** --------------------------------------------- Veraltete SupplyStation-Systeme sind nach wie vor in Krankenhäusern im Einsatz und haben tausende Sicherheitslücken. Das ICS-CERT in den USA warnt deswegen vor dem Sicherheitsrisiko durch diese Medikamenten-Verteiler. --------------------------------------------- http://heise.de/-3159439 *** Snort Covert Channels *** --------------------------------------------- Lab 3: Covert Channels Covert channels are used by outside attackers to establish communications with the compromised system, or by malicious insiders to secretly transfer data to unauthorized locations. There are various implementations .. --------------------------------------------- http://resources.infosecinstitute.com/snort-covert-channels/ *** Security best practices for git users *** --------------------------------------------- In recent years git has become one of most popular SCM/Version Control systems. Usage in some high-profile open-source projects like Linux or Raspberry Pi and support from vendors like GitHub and GitLab definitively helped to gain fame. As .. --------------------------------------------- http://resources.infosecinstitute.com/security-best-practices-for-git-users/ *** PowerWare 'Fileless Infection' Deepens Ransomware Conundrum for Healthcare Providers *** --------------------------------------------- The recent wave of ransomware attacks on healthcare institutions is not only raising questions about contingency planning, but also about whether healthcare is becoming the 'go-to' target for cyber extortionists looking to make quick .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/powerware-fileless-inf… *** DFN-CERT PGP-Schlüssel *** --------------------------------------------- https://www.dfn-cert.de/aktuell/dfn-cert-schluessel.html *** Cisco Firepower Malware Block Bypass Vulnerability *** --------------------------------------------- A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Let Me Get That Door for You: Remote Root Vulnerability in HID Door Controllers *** --------------------------------------------- If you've ever been inside an airport, university campus, hospital, government complex, or office building, you've probably seen one of HID's brand of card readers standing guard over a restricted area. HID is one of the world's largest .. --------------------------------------------- http://blog.trendmicro.com/let-get-door-remote-root-vulnerability-hid-door-… *** The Linux Remaiten malware is building a Botnet of IoT devices *** --------------------------------------------- Experts from the ESET firm have spotted a new threat in the wild dubbed Remaiten that targets embedded systems to recruit them in a botnet. ESET is actively monitoring malicious codes that target IoT systems such as routers, gateways .. --------------------------------------------- http://securityaffairs.co/wordpress/45820/iot/linux-remaiten-iot-botnet.html *** Ransomware Petya - a technical review *** --------------------------------------------- In March 24, researchers at G DATA received a sample of a new type of ransomware which was dubbed 'Petya'. Unlike other types of ransomware, Petya prevents the operating system from starting by manipulating the MBR and installing its own .. --------------------------------------------- https://blog.gdatasoftware.com/2016/03/28226-ransomware-petya-a-technical-r…

1 0

Tageszusammenfassung - Mittwoch 30-03-2016
by Daily end-of-shift report 30 Mar '16

30 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 29-03-2016 18:00 − Mittwoch 30-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** CareFusion Pyxis SupplyStation System Vulnerabilities *** --------------------------------------------- This medical advisory contains mitigation details for numerous third-party software vulnerabilities in end-of-life versions of CareFusion's Pyxis SupplyStation system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-16-089-01 *** Websites Hacked Redirect to Porn from PDF / DOC Links *** --------------------------------------------- We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. This time we'll tell you about yet another interesting blackhat SEO attack that we've been watching for the last year. Let's begin with .. --------------------------------------------- https://blog.sucuri.net/2016/03/pdf-doc-urls-redirect-to-porn.html *** CloudFlare <= 1.3.20 - Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8428 *** The Topology of Malicious Activity on IPv4 *** --------------------------------------------- There has been a great deal of academic and industry focus on identifying malicious activity across autonomous systems, and for good reasons. Over 50% of 'good' Internet traffic comes from large, ocean-like ASes pushing content from companies like Netflix, Google, Facebook, Apple and Amazon. However, .. --------------------------------------------- http://www.suchin.co/2016/03/23/Topology-Of-Malicious-Activity/ *** Betriebssystem: OpenBSD 5.9 filtert weitgehend Systemaufrufe *** --------------------------------------------- Die Funktion zum Filtern und Beschränken von Systemaufrufen ist in OpenBSD 5.9 um viele Anwendungen erweitert worden. Außerdem unterstützt das System nun neuere Laptops besser - dank UEFI und WLAN nach 802.11n. --------------------------------------------- http://www.golem.de/news/betriebssystem-openbsd-5-9-filtert-weitgehend-syst… *** Scammers Impersonate ISPs in New Tech Support Campaign *** --------------------------------------------- Scammers devise a new ploy to trick users into thinking their own ISP is warning them about malware. --------------------------------------------- https://blog.malwarebytes.org/threat-analysis/2016/03/scammers-impersonate-… *** [HTB23298]: Multiple Vulnerabilities in CubeCart *** --------------------------------------------- High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in popular open source shopping software CubeCart. The discovered vulnerabilities allow a remote attacker to compromise vulnerable website and its databases, and conduct sophisticated attacks against its users. --------------------------------------------- https://www.htbridge.com/advisory/HTB23298 *** System Integrity Protection: Apples rootfreie Zone ist gar nicht so rootfrei *** --------------------------------------------- Apple will mit El Capitan verhindern, dass böse Jungs mit Root-Rechten ihr System kaputt machen. Leider hat das auch als Rootless bekannte Sicherheitskonzept viele Lücken und funktioniert deswegen momentan nicht ganz. --------------------------------------------- http://heise.de/-3157130 *** Der Liebling aller Cyber-Kriminellen: Flash *** --------------------------------------------- In den Top-15 der am meisten genutzten Sicherheitslücken finden sich allein 13 Schwachstellen in Flash, berichten die Antiviren-Experten der finnischen Firma F-Secure. --------------------------------------------- http://heise.de/-3157553

1 0

Tageszusammenfassung - Dienstag 29-03-2016
by Daily end-of-shift report 29 Mar '16

29 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 25-03-2016 18:00 − Dienstag 29-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Deutsche Hoster vermehrt im Fokus von Cyberkriminellen *** --------------------------------------------- Immer stärker nutzen Cyberkriminelle die technisch hochentwickelten Internet-Infrastrukturen der ersten Welt. Immer beliebter werden bei ihnen deutsche Hoster zum Verteilen ihrer Schadsoftware. --------------------------------------------- http://heise.de/-3151832 *** Basic Snort Rules Syntax and Usage *** --------------------------------------------- In this series of lab exercises we will demonstrate various techniques in writing Snort rules, from basic rules syntax to writing rules aimed at detecting specific types of attacks. We will also examine some basic approaches .. --------------------------------------------- http://resources.infosecinstitute.com/snort-rules-workshop-part-one/ *** TWSL2016-006: Multiple XSS Vulnerabilities reported for Zen Cart *** --------------------------------------------- Today Trustwave released a vulnerability advisory in conjunction with Zen Cart. Researchers from the SpiderLabs Research team at Trustwave recently found multiple Cross-Site Scripting (XSS) vulnerabilities in the popular online open source shopping .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/TWSL2016-006--Multiple-… *** CVE-2016-1010 (??? - Flash up to 20.0.0.306) and Exploit Kits *** --------------------------------------------- http://malware.dontneedcoffee.com/2016/03/flash-up-to-2000306.html *** Neue Infektions-Masche: Erpressungs-Trojaner missbraucht Windows PowerShell *** --------------------------------------------- Die neu entdeckte Ransomware PowerWare bemächtigt sich der Windows PowerShell, um Computer zu infizieren und Daten zu verschlüsseln. --------------------------------------------- http://heise.de/-3151892 *** Every Tool in the Tool Box *** --------------------------------------------- When I teach people about reverse engineering, I often hear the following statement: "I got the right answer, but I cheated to get it". They are typically talking about using dynamic analysis to get an answer versus statically analyzing .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Every-Tool-in-the-Tool-Box/ *** DSA-3532 quagga - security update *** --------------------------------------------- Kostya Kortchinsky discovered a stack-based buffer overflowvulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIProuting daemon. A remote attacker can exploit this flaw to cause adenial of service (daemon crash), or potentially, execution of arbitrarycode, if bgpd is configured with BGP peers enabled for VPNv4. --------------------------------------------- https://www.debian.org/security/2016/dsa-3532 *** Improving Bash Forensics Capabilities *** --------------------------------------------- Bash is the default user shell in most Linux distributions. In case of incidents affecting a UNIX server, they are chances that a Bash shell will be .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20887 *** Life After the Isolated Heap *** --------------------------------------------- Over the past few months, Adobe has introduced a number of changes to the Flash Player heap with the goal of reducing the exploitability of certain types of vulnerabilities in Flash, especially use-after-frees. I wrote an exploit involving two bugs .. --------------------------------------------- http://googleprojectzero.blogspot.com/2016/03/life-after-isolated-heap.html *** APPLE-SA-2016-03-28-1 OS X: Flash Player plug-in blocked *** --------------------------------------------- http://prod.lists.apple.com/archives/security-announce/2016/Mar/msg00007.ht… *** DSA-3533 openvswitch - security update *** --------------------------------------------- Kashyap Thimmaraju and Bhargava Shastry discovered a remotelytriggerable buffer overflow vulnerability in openvswitch, a productionquality, multilayer virtual switch implementation. Specially craftedMPLS packets could overflow .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3533 *** "Collecting Serial Data for ICS Network Security Monitoring" *** --------------------------------------------- Below is a postby SANS ICS515 - ICS Active Defense and Incident Response instructor Mark Bristow. Adversaries across the capability spectrum are increasingly targeting Industrial Control System (ICS) environments. Malware such as .. --------------------------------------------- http://ics.sans.org/blog/2016/03/29/collecting-serial-data-for-ics-network-… *** Why PCI DSS cannot replace common sense and holistic risk assessment *** --------------------------------------------- Cybersecurity compliance is not designed to eliminate data breaches or stop cybercrime. --------------------------------------------- https://www.htbridge.com/blog/why-pci-dss-cannot-replace-common-sense-and-h… *** Printers all over the US 'hacked' to spew anti-Semitic fliers *** --------------------------------------------- Andrew 'Weev' Auernheimer, one of the two men who were prosecuted and convicted for harvesting e-mails and authentication IDs of 114,000 early-adopters of Apple's iPad from AT&T's .. --------------------------------------------- https://www.helpnetsecurity.com/2016/03/29/printers-us-hacked-anti-semitic-… *** Xen Security Advisory 172 (CVE-2016-3158, CVE-2016-3159) - broken AMD FPU FIP/FDP/FOP leak workaround *** --------------------------------------------- There is a workaround in Xen to deal with the fact that AMD CPUs dont load the x86 registers FIP (and possibly FCS), FDP (and possibly FDS), and FOP from memory (via XRSTOR or FXRSTOR) when there is no pending unmasked exception. (See XSA-52.) However, this workaround does not cover all possible input cases. --------------------------------------------- http://lists.xen.org/archives/html/xen-announce/2016-03/msg00001.html *** Google-Entwickler: NPM-Malware könnte sich als Wurm verbreiten *** --------------------------------------------- Wegen einiger Design-Prinzipien der Node-Paktverwaltung NPM könne sich ein schadhaftes Modul wie ein Wurm im gesamten System verbreiten, warnt ein Google-Entwickler. Gegen die Sicherheitslücke hilft vorerst nur Handarbeit. --------------------------------------------- http://www.golem.de/news/google-entwickler-npm-malware-koennte-sich-als-wur… *** Petya: Den Erpressungs-Trojaner stoppen, bevor er die Festplatten verschlüsselt *** --------------------------------------------- Die Ransomware Petya zielt auf deutschsprachige Opfer und sorgt dafür, dass deren Rechner nicht mehr starten. Der Trojaner verschlüsselt ausserdem die Festplatten, das kann man aber verhindern, wenn man ihn rechtzeitig stoppt. --------------------------------------------- http://heise.de/-3153388 *** Lücke in populärer Anrufer-ID-App Truecaller legt Nutzerdaten offen *** --------------------------------------------- http://derstandard.at/2000033814462

1 0

Tageszusammenfassung - Freitag 25-03-2016
by Daily end-of-shift report 25 Mar '16

25 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 24-03-2016 18:00 − Freitag 25-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** DFN-CERT-2016-0510/">Xen, QEMU: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0510/ *** USB Trojan Hides In Portable Applications, Targets Air-Gapped Systems *** --------------------------------------------- A Trojan program, dubbed USB Thief by researchers at security firm ESET, infects USB drives that contain portable installations of popular applications such as Firefox, NotePad++, or TrueCrypt, and it also seems to be designed to steal information from so-called air-gapped computers. "In the case we .. --------------------------------------------- https://it.slashdot.org/story/16/03/24/184255/usb-trojan-hides-in-portable-… *** F5: sol93122894: OpenSSL vulnerability CVE-2016-0705 *** --------------------------------------------- OpenSSL handling of malformed DSA private keys may cause memory corruption and possibly stop the handling process. --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/k/93/sol93122894.html *** Tenable: [R1] Log Correlation Engine (LCE) 4.8.0 Updates Libxml2 *** --------------------------------------------- The Log Correlation Engine (LCE) uses the third-party Libxml2 library for some XML parsing routines. A vulnerability was found and patched in Libxml2 recently. Tenable has not evaluated this vulnerability beyond acknowledging that user-supplied XML .. --------------------------------------------- http://www.tenable.com/security/tns-2016-06 *** Cogent DataHub Elevation of Privilege Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a privilege elevation vulnerability in the Cogent DataHub application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01 *** SQL Injection Cheat Sheet *** --------------------------------------------- What is an SQL Injection Cheat Sheet? An SQL injection cheat sheet is a resource in which you can find detailed technical information about the many different variants of the SQL Injection vulnerability. This cheat sheet is of good .. --------------------------------------------- https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ *** Erpressungstrojaner: "Petya" befällt deutschsprachiges Gebiet *** --------------------------------------------- Die Ransomware verbreitet sich über Dropbox und zwingt Windows-User, Geld für die Entsperrung ihres Computers zu zahlen. --------------------------------------------- http://derstandard.at/2000033657066

1 0

Tageszusammenfassung - Donnerstag 24-03-2016
by Daily end-of-shift report 24 Mar '16

24 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 23-03-2016 18:00 − Donnerstag 24-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** IBM Security Bulletin: IBM Forms Server vulnerability identified in Webform Server (CVE-2016-0223) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21977574 *** Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC5022 16Gb SAN and EN4023 10Gb Scalable Switches *** --------------------------------------------- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099273 *** Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for BladeCenter *** --------------------------------------------- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099272 *** Cisco Network Convergence System 6000 Series Routers SCP and SFTP Modules Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Zyxel MAX3XX Series Wimax CPEs Hardcoded Root Password *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016030135 *** Measuring SMTP STARTTLS Deployment Quality *** --------------------------------------------- At Yahoo, our users send and receive billions of emails everyday. We work to make Yahoo Mail easy to use, personalized, and secure for our hundreds of millions of users around the world. In line with our efforts to protect our users .. --------------------------------------------- https://yahoo-security.tumblr.com/post/141495385400/measuring-smtp-starttls… *** Kerberos Kadmind Null Pointer Dereference in process_db_args() Lets Remote Authenticated Users Execute Arbitrary Code on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1035399 *** CA Single Sign-On Agent Input Validation Flaws Let Remote Users Obtain Potentially Sensitive Information and Cause Denial of Service Conditions *** --------------------------------------------- http://www.securitytracker.com/id/1035389 *** Researchers find hole in SIP, Apple's newest protection feature *** --------------------------------------------- System Integrity Protection pwned Security researchers have discovered a vulnerability that creates a means for hackers to circumvent Apple's newest protection .. --------------------------------------------- www.theregister.co.uk/2016/03/24/macosx_security_bypass/ *** Nemucods CRYPTED Ransomware Can Be Neutralized with This Decrypter *** --------------------------------------------- Victims that had their computers locked by a ransomware that uses the CRYPTED file extension can now free their files using a special decrypter created by Emsisoft security .. --------------------------------------------- http://news.softpedia.com/news/nemucod-s-crypted-ransomware-can-be-neutrali… *** RCE flaw affects DVRs sold by over 70 different vendor *** --------------------------------------------- RSA security researcher Rotem Kerner has discovered a remote code execution vulnerability that affects digital video recorders (DVRs) sold by more than 70 different vendors around the world. --------------------------------------------- https://www.helpnetsecurity.com/2016/03/24/rce-flaw-dvrs-70-vendors/ *** Erpressungs-Trojaner Petya riegelt den gesamten Rechner ab *** --------------------------------------------- Eine neue Ransomware hat es aktuell auf deutschsprachige Windows-Nutzer abgesehen. Petya wird über Dropbox verteilt und manipuliert die Festplatte, wodurch das Betriebssystem nicht mehr ausgeführt werden kann. --------------------------------------------- http://www.heise.de/newsticker/meldung/Erpressungs-Trojaner-Petya-riegelt-d… *** VU#279472: Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities *** --------------------------------------------- http://www.kb.cert.org/vuls/id/279472 *** RedDoor: Erpresser drohen mit DDoS-Attacken auf deutsche Webseiten *** --------------------------------------------- Zahlt uns 3 Bitcoin oder wir legen eure Webseite lahm – mit dieser Drohung erpresst eine Gruppe gerade Firmen in Deutschland, Österreich und der Schweiz. Angeblich soll es sich dabei allerdings um einen Bluff handeln. --------------------------------------------- http://heise.de/-3151565 *** Emergency Java Patch Re-Issued for 2013 Vulnerability *** --------------------------------------------- Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. --------------------------------------------- http://threatpost.com/emergency-java-patch-re-issued-for-2013-vulnerability…

1 0

Tageszusammenfassung - Mittwoch 23-03-2016
by Daily end-of-shift report 23 Mar '16

23 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 22-03-2016 18:00 − Mittwoch 23-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** What was all that about a scary iMessage flaw? Your three-minute guide *** --------------------------------------------- On Sunday, we were warned that hackers could read our iMessages texts, photos and videos. Should I be worried? As it turns out: no. If youre even a little curious about cryptography and secure programming, though, it should interest and amuse you. --------------------------------------------- http://www.theregister.co.uk/2016/03/23/imessages_flaw_details/ *** Google publishes list of Certificate Authorities it doesnt trust *** --------------------------------------------- Thawte experiment aims to expose issuers of dodgy creds Googles announced another expansion to the security information offered in its transparency projects: its now going to track certificates you might not want to trust. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/03/23/google_now_… *** Abusing Oracles, (Wed, Mar 23rd) *** --------------------------------------------- No, no this has nothing to do with Oracle Corporation! This diary is about abusing encryption and decryption Oracles. First a bit of a background story. Most of the days I do web and mobile application penetration testing. While technical vulnerabilities, such as SQL Injection, XSS and similar are still commonly found, in last couple of years I would maybe dare to say that the Direct Object Reference (DOR) vulnerabilities have become prevalent. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20875&rss *** Libmcrypt - Incorrect S-Boxes for GOST cipher (2008, unfixed) *** --------------------------------------------- PHP just decided to abandon the trash fire that is libmcrypt. There were (are?) still other projects that use(d) it, so Im sharing this link in the interest of strongly encouraging projects to drop it like a lead balloon. This is far from the only problem with it ... --------------------------------------------- https://www.reddit.com/r/netsec/comments/4bl8xu/libmcrypt_incorrect_sboxes_… *** Microsoft Adds New Feature in Office 2016 That Can Block Macro Malware *** --------------------------------------------- Microsoft is finally addressing the elephant in the room in terms of security for Office users and has announced a new feature in the Office 2016 suite that will make it harder for attackers to exploit macro malware. ... Sysadmins can now block macros that connect to the Internet ... "This feature can be controlled via Group Policy and configured per application," Microsoft explains. "It enables enterprise administrators to block macros from running in Word, Excel and PowerPoint --------------------------------------------- http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-th… *** GroupWise 2014 R2 Hot Patch 1 - Windows Full Multilingual *** --------------------------------------------- Abstract: GroupWise 2014 R2 Hot Patch 1 has been released. Be aware that there are security fixes in this release. Please see the Security section for details. --------------------------------------------- https://download.novell.com/Download?buildid=AA7ZB93KAjc~ *** GroupWise 2014 R2 Hot Patch 1 - Windows Client Multilingual *** --------------------------------------------- Abstract: GroupWise 2014 R2 Hot Patch 1 has been released. Be aware that there are security fixes in this release. Please see the Security section for details. --------------------------------------------- https://download.novell.com/Download?buildid=dxd3rzvGvig~ *** GroupWise 2014 R2 Hot Patch 1 - Linux Full Multilingual *** --------------------------------------------- Abstract: GroupWise 2014 R2 Hot Patch 1 has been released. Be aware that there are security fixes in this release. Please see the Security section for details. --------------------------------------------- https://download.novell.com/Download?buildid=Wxix0_fCdmI~ *** sol51518670: Linux kernel vulnerability CVE-2015-2922 *** --------------------------------------------- The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. (CVE-2015-2922) --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/k/51/sol51518670.html *** F5 Security Advisory: Apache Tomcat 6.x vulnerabilities CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, and CVE-2016-0714 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/30/sol30971148.html?… --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** ZDI-16-210: IBM Informix portmap Service Privilege Escalation Vulnerability *** --------------------------------------------- This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- www.zerodayinitiative.com/advisories/ZDI-16-210/ *** ZDI-16-209: IBM Informix nsrexecd Service Privilege Escalation Vulnerability *** --------------------------------------------- This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-209/ *** ZDI-16-208: IBM Informix nsrd Service Privilege Escalation Vulnerability *** --------------------------------------------- This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-208/

1 0

Tageszusammenfassung - Dienstag 22-03-2016
by Daily end-of-shift report 22 Mar '16

22 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 21-03-2016 18:00 − Dienstag 22-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Moodle Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information and Bypass Security Restrictions and Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1035333 *** Libxml2 Memory Allocation Error in xmlStringGetNodeList() Lets Remote Users Consume Excessive Memory Resources *** --------------------------------------------- http://www.securitytracker.com/id/1035335 *** D-Link DWR-932 Authentication Bypass / Password Disclosure *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016030115 *** AsusTEK asio.sys MSR Manipulation *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016030116 *** Google slings critical patch at exploited Linux kernel root hole *** --------------------------------------------- Android re-installation ahoy to sink privilege elevation that opens avenue for rooting apps Google has shipped an out-of-band patch for Android shuttering a bug that is under active exploitation to root devices. --------------------------------------------- www.theregister.co.uk/2016/03/22/google_slings_critcial_patch_at_exploited_… *** IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affects IBM Rational DOORS Next Generation *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21978747 *** IBM Security Bulletin: Lotus Quickr 8.5 for WebSphere Portal January 2016 CPU (CVE-2016-0448) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21977579 *** Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2015-7575) *** --------------------------------------------- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099195 *** IBM Security Bulletin: Vulnerability in Apache Cordova affects IBM MobileFirst Platform Foundation (CVE-2015-5256) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000109 *** Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2015-5600) *** --------------------------------------------- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098977 *** Samba-Entwickler warnen vor Lücke auch in Windows *** --------------------------------------------- Badlock heißt eine kritische Sicherheitslücke, die Samba-Entwickler in ihrer eigenen Software, aber auch in Windows entdeckt haben. Sie warnen die Betreiber solcher Server eindringlich, am 12. April Zeit für das Einspielen von Patches einzuplanen. --------------------------------------------- http://heise.de/-3148379 *** Deluge of Apple Patches Fix iMessage Crypto Bug, Much More *** --------------------------------------------- Apple deployed patches for nearly all of its products, including Safari, OS X, iOS, Apple TV's tvOS, and watchOS on Monday. --------------------------------------------- http://threatpost.com/deluge-of-apple-patches-fix-imessage-crypto-bug-much-… *** "E-ISAC and SANS Report On The Ukrainian Grid Attack" *** --------------------------------------------- Yesterday the SANS ICS team released its Defense Use Case (DUC) #5 analyzing the cyber-attack that impacted Ukraine on December 23, 2015. The paper is written from the perspective of what lessons that can be learned from the event. The .. --------------------------------------------- http://ics.sans.org/blog/2016/03/22/e-isac-and-sans-report-on-the-ukrainian… *** A look at Locky ransomware *** --------------------------------------------- The Locky ransomware was first spotted in the wild last month in February 2016. Locky came to limelight when it hit the Hollywood Hospital last month causing the hospital to pay bitcoins worth 17,000$ USD in ransom. Locky is known to .. --------------------------------------------- http://research.zscaler.com/2016/03/a-look-at-locky-ransomware.html

1 0

Tageszusammenfassung - Montag 21-03-2016
by Daily end-of-shift report 21 Mar '16

21 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 18-03-2016 18:00 − Montag 21-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Palo Alto Networks: VPN-Webinterface mit überlangen Benutzernamen angreifbar *** --------------------------------------------- Ein Sicherheitsforscher der Heidelberger Firma ERNW hat eine Remote-Code-Execution-Lücke auf einer Palo-Alto-Appliance gefunden. Verantwortlich dafür war ein fehlender Längencheck bei der Eingabe des Benutzernamens. --------------------------------------------- http://www.golem.de/news/palo-alto-networks-vpn-webinterface-mit-ueberlange… *** IBM Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server (CVE-2016-0283) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21978293 *** FreeBSD crushes system-crashing bug *** --------------------------------------------- Time to upgrade, Unix-like OS-havers Sysadmins ought to patch their FreeBSD systems after an irritating bug was found in the kernel .. --------------------------------------------- www.theregister.co.uk/2016/03/18/freebsd_bug_patched/ *** Unplanmäßiger Android-Patch und noch einmal Stagefright *** --------------------------------------------- Knapp drei Wochen nach dem planmäßigen März-Update schließt Google eine Sicherheitslücke in Android, mit der sich Angreifer Root-Rechte erschleichen können. Derweil wurde ein weiterer Stagefright-Exploit bekannt. --------------------------------------------- http://www.heise.de/newsticker/meldung/Unplanmaessiger-Android-Patch-und-no… *** Google offers binary comparison tool BinDiff for free *** --------------------------------------------- In case you missed it, Google announced on Friday that BinDiff, a comparison tool for binary files, can now be downloaded for free. The tool is used to spot differences and similarities in disassembled code, and is helpful for identifying and isolating fixes for vulnerabilities in vendor-supplied .. --------------------------------------------- https://www.helpnetsecurity.com/2016/03/21/binary-comparison-tool-bindiff-f… *** Exploiting a Leaked Thread Handle *** --------------------------------------------- Once in awhile you'll find a bug that allows you to leak a handle opened in a privileged process into a lower privileged process. I found just such a bug in the Secondary Logon service on Windows, which was fixed this month as .. --------------------------------------------- http://googleprojectzero.blogspot.co.at/2016/03/exploiting-leaked-thread-ha… *** Erpresser rüsten nach: Verschlüsselungs-Trojaner TeslaCrypt 4.0 gesichtet *** --------------------------------------------- Sicherheitsforscher warnen vor einer neuen Version der Ransomware TeslaCrypt, die Computer infiziert und Daten chiffriert. Für Opfer ist es nun noch schwerer herauszufinden, was mit ihren Dateien passiert ist. --------------------------------------------- http://heise.de/-3145559 *** NIST releases updated telework guidance *** --------------------------------------------- The National Institute of Standards and Technology (NIST) released draft guidance for telework protocol, an update to the federal agencys initial documents drafted in 2009. --------------------------------------------- http://www.scmagazine.com/nist-releases-updated-telework-guidance/article/4… *** iOS URI Schemes Abuse *** --------------------------------------------- A set of URI schemes bugs that lead Safari to crash/freeze. --------------------------------------------- https://github.com/pwnsdx/iOS-URI-Schemes-Abuse-PoC *** OS X Malware Samples Analyzed *** --------------------------------------------- A couple of months ago, as we rang in 2016, we thought it would be interesting to take a quick look back at some OSX malware from 2015 and 2014. As reported by the team at Bit9+Carbon Black [1], 2015 marked 'the most prolific year in history for OS X .. --------------------------------------------- https://www.alienvault.com/open-threat-exchange/blog/os-x-malware-samples-a… *** Office für Mac: Microsoft veröffentlicht Sicherheits-Updates *** --------------------------------------------- Microsoft hat Updates für die OS-X-Versionen von Office 2011 und Office 2016 veröffentlicht, die eine kritische Schwachstelle schließen sollen. Die neue Version der Office-Suite baut die Sprachen-Unterstützung aus. --------------------------------------------- http://heise.de/-3146389

1 0

Tageszusammenfassung - Freitag 18-03-2016
by Daily end-of-shift report 18 Mar '16

18 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 17-03-2016 18:00 − Freitag 18-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Online Banking Threats in 2015: The Curious Case of DRIDEX's Prevalence *** --------------------------------------------- The thing about takedowns is that these do not necessarily wipe out the cybercriminal operations. In 2014, the ZeroAccess takedown has affected the botnet's click fraud operation, but its infections continued to soar. DRIDEX's .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/curious-case-dri… *** Mitre Takes On Critics, Set To Revamp CVE Vulnerability Reporting *** --------------------------------------------- Mitre Corporation will introduce a pilot program for classifying CVEs in response to critics who contend the agency is failing to keep pace with a massive influx CVE number requests. --------------------------------------------- http://threatpost.com/mitre-takes-on-critics-set-to-revamp-cve-vulnerabilit… *** Server Security: Indicators of Compromised Behavior with OSSEC *** --------------------------------------------- We leverage OSSEC extensively here at Sucuri to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, rootkit detection, .. --------------------------------------------- https://blog.sucuri.net/2016/03/server-security-anomaly-behaviour-with-osse… *** No mas, Samas: What's in this ransomware's modus operandi? *** --------------------------------------------- We've seen how ransomware managed to become a threat category that sends consumers and enterprise reeling when it hits them. It has become a high-commodity malware that is used as payload to spam email, macro malware, and exploit kit campaigns. It also digs onto victims' pockets in exchange for .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/03/17/no-mas-samas-whats-in-t… *** ABB Panel Builder 800 DLL Hijacking Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a DLL Hijacking vulnerability in the ABB Panel Builder 800 Version 5.1 application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-077-01 *** Apache ActiveMQ Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1035328 *** Apache ActiveMQ Lets Remote Users Conduct Clickjacking Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1035327 *** Android adware infiltrates devices' firmware, Trend Micro apps *** --------------------------------------------- Dubbed Gmobi by Dr. Web researchers, the malware comes in the form of a software development kit (SDK), and has been found in several legitimate applications by well-known companies, as well as in firmware for nearly 40 mobile .. --------------------------------------------- https://www.helpnetsecurity.com/2016/03/18/android-adware-infiltrates-devic… *** SSA-151221 (Last Update 2016-03-18): Incorrect File Permissions in APOGEE Insight *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-151221… *** [HTB23293]: Remote Code Execution via CSRF in iTop *** --------------------------------------------- High-Tech Bridge Security Research Lab discovered a Remote Code Execution vulnerability in iTop that is exploitable via Cross-Site Request Forgery flaw that is also present .. --------------------------------------------- https://www.htbridge.com/advisory/HTB23293 *** Lets Encrypt tritt CA/Browser Forum bei *** --------------------------------------------- Der nächste Schritt hin zu einer anerkannten Zertifizierungsstelle ist getan: Als Mitglied im CA/Browser Forum bewegt sich Let's Encrypt nun auf Augenhöhe mit Comodo, Symantec & Co. --------------------------------------------- http://heise.de/-3144202 *** Auch DDR4-Speicher für Bitflips anfällig *** --------------------------------------------- Offenbar sind mehr Arbeitsspeicher-Varianten für den Rowhammer-Angriff verwundbar, als bislang gedacht. Forscher haben jetzt einen Angriff auf DDR4-Speicher vorgestellt, auch professionelle Serverspeicher sollen betroffen sein. --------------------------------------------- http://www.golem.de/news/rowhammer-auch-ddr4-speicher-fuer-bitflips-anfaell… *** Sicherheits-Updates für Symantecs Endpoint Protection *** --------------------------------------------- Drei Lücken schließt das aktuelle Update für Symantecs Endpoint Protection (SEP), darunter eine SQL Injection. --------------------------------------------- http://heise.de/-3144528 *** Biometrics not a magic infosec bullet for web banking, warns GCHQ bloke *** --------------------------------------------- You can change a password. You cant change fingerprints Around the world, banks are implementing biometric authentication systems for their customers as fraud cases increase - but experts warn biometrics should not be treated like a silver bullet for ID .. --------------------------------------------- www.theregister.co.uk/2016/03/18/biometrics_not_answer_online_banking_secur… *** Security: Neuer Stagefright-Exploit betrifft Millionen Android-Geräte *** --------------------------------------------- Stagefright bedroht viele nach wie vor ungepatchte Android-Geräte weltweit, gilt aber als schwierig auszunutzen. Eine neue Technik erfordert etwas Infrastruktur, dürfte aber größere praktische Relevanz haben. --------------------------------------------- http://www.golem.de/news/security-neuer-stagefright-exploit-betrifft-millio… *** DDoS-Attacken auf Schweizer Websites *** --------------------------------------------- In der Schweiz gab es in der vergangenen Woche eine Reihe von DDoS-Angriffen auf Online-Shops, die Schweizerischen Bundesbahnen und Finanzinstitute. In einem Fall wurden .. --------------------------------------------- http://heise.de/-3144854

1 0

Tageszusammenfassung - Donnerstag 17-03-2016
by Daily end-of-shift report 17 Mar '16

17 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-03-2016 18:00 − Donnerstag 17-03-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Blundering ransomware uses backdoored crypto, unlock keys spewed *** --------------------------------------------- Hahah ... wait, what? A software developer whose example encryption code was used by a strain of ransomware has released the decryption keys for the malware. --------------------------------------------- http://www.theregister.co.uk/2016/03/16/locky_ransomware_undone_for_now/ *** Netgear CG3000v2 Password Change Bypass *** --------------------------------------------- I noticed a security issue in my Netgear CG3000v2 cable modem, as provided by Optus (an Australian phone/communications provider). The "admin password" can be changed on the web interface, without providing the current password. The page http://192.168.0.1/SetPassword.asp prompts for old and new passwords (and repeat of new), but in fact ignores the old password provided, and changes the password to the new one, regardless. --------------------------------------------- https://cxsecurity.com/issue/WLB-2016030089 *** 2015-12-10: POODLE Vulnerability in RTU500 Series *** --------------------------------------------- Affected Products: RTU500 series firmware of release 10 less than version 10.8.6 and of release 11 less than 11.2.1. RTU500 series releases 9 and less are not affected. Summary: A vulnerability has recently been published that affects the SSL protocol 3.0 and is commonly referred to as “POODLE”. The vulnerability affects the product versions listed above. --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=1KGT090264&LanguageC… *** ADAC: Autos mit Keyless-Schlüssel sehr leichter zu stehlen *** --------------------------------------------- Diebe können sich eine Sicherheitslücke in der Funkverbindung zunutze machen --------------------------------------------- http://derstandard.at/2000033077997 *** APT Attackers Flying More False Flags Than Ever *** --------------------------------------------- Investigators continue to focus on attack attribution, but Kaspersky researchers speaking at CanSecWest 2016 caution that attackers are manipulating data used to tie attacks to perpetrators. --------------------------------------------- http://threatpost.com/apt-attackers-flying-more-false-flags-than-ever/11681… *** sol06223540: F5 TCP vulnerability CVE-2015-8240 *** --------------------------------------------- Improper handling of TCP options under some circumstances may cause a denial-of-service (DoS) condition. (CVE-2015-8240) Versions known to be vulnerable: 11.6.0 HF5, 11.5.3 HF2, 11.4.1 HF9 on various BIG-IP products --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/k/06/sol06223540.html *** Metaphor - A (real) reallife Stagefright exploit *** --------------------------------------------- The team here at NorthBit has built a working exploit affecting Android versions 2.2 - 4.0 and 5.0 - 5.1, while bypassing ASLR on versions 5.0 - 5.1 (as Android versions 2.2 - 4.0 do not implement ASLR). --------------------------------------------- https://www.exploit-db.com/docs/39527.pdf *** Xen XSA-171: I/O port access privilege escalation in x86-64 Linux *** --------------------------------------------- User mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes (Denial of Service), or in-guest information leaks. --------------------------------------------- http://xenbits.xen.org/xsa/advisory-171.html *** BSI veröffentlicht Anforderungskatalog für Cloud Computing *** --------------------------------------------- Anhand des Katalogs können Kunden von Cloud-Dienstleistern herausfinden, wie es um die Informationssicherheit in einer Cloud steht. Aber auch Anbieter solcher Dienste können sich damit etwa auf eine anstehende Zertifizierung vorbereiten. --------------------------------------------- http://heise.de/-3141368 *** Introducing SHIPS - Centralized Password Management *** --------------------------------------------- The Shared Host Integrated Password System (SHIPS) is an open-source solution created by Geoff Walton from TrustedSec to provide unique and rotated local super user or administrator passwords for environments where it is not possible or not appropriate to disable these local accounts. Our goal is to make post exploitation more difficult and provide a simplistic way to manage multiple systems in an environment where Windows does not necessarily support an alternative. SHIPS supports both Linux --------------------------------------------- https://www.trustedsec.com/january-2015/introducing-ships-centralized-local… *** New NIST Encryption Guidelines *** --------------------------------------------- NIST has published a draft of their new standard for encryption use: "NIST Special Publication 800-175B, Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms." In it, the Escrowed Encryption Standard from the 1990s, FIPS-185, is no longer certified. And Skipjack, NSAs symmetric algorithm from the same period, will no longer be certified. --------------------------------------------- https://www.schneier.com/blog/archives/2016/03/new_nist_encryp.html *** Scores of Serial Servers Plagued by Lack of Authentication, Encryption *** --------------------------------------------- Thousands of serial servers connected to the internet arent password protected and lack encryption, leaving any data that transfers between them and devices theyre connected to open to snooping, experts warn. --------------------------------------------- http://threatpost.com/scores-of-serial-servers-plagued-by-lack-of-authentic… *** VU#897144: Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow *** --------------------------------------------- The Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2345 Solarwinds Dameware Remote Mini Controller is a software for assisting in remote desktop connections for helpdesk support. --------------------------------------------- http://www.kb.cert.org/vuls/id/897144 *** Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks *** --------------------------------------------- This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite. --------------------------------------------- https://mazinahmed.net/uploads/Bypassing%20NoScript%20Security%20Suite%20Us… *** Symantec Endpoint Protection Multiple Security Issues *** --------------------------------------------- Symantec Endpoint Protection (SEP) was susceptible to a number of security findings that could potentially result in an authorized but less privileged user gaining elevated access to the Management Console. SEP Client security mitigations can potentially be bypassed allowing arbitrary code execution on a targeted client. --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** IBM Security Bulletin *** --------------------------------------------- *** IBM Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities (CVE-2015-5345, CVE-2015-5351) *** http://www.ibm.com/support/docview.wss?uid=swg21978300 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2015-7575, CVE-2015-4872, CVE-2015-4893, CVE-2015-4803) *** http://www.ibm.com/support/docview.wss?uid=swg21976573 --------------------------------------------- *** IBM Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry (CVE-2015-7713, CVE-2015-5286) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023399 --------------------------------------------- *** IBM Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry(CVE-2015-5163 CVE-2015-3241 CVE-2015-5223) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023469 --------------------------------------------- *** IBM Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-5163 CVE-2015-3241 CVE-2015-5223) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023470 ---------------------------------------------

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily March 2016