Daily May 2016

daily@lists.cert.at

1 participants
19 discussions

Tageszusammenfassung - Dienstag 31-05-2016
by Daily end-of-shift report 31 May '16

31 May '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 30-05-2016 18:00 − Dienstag 31-05-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Abgeschlossen: Wartungsarbeiten Dienstag, 31. 5. 2016 *** --------------------------------------------- Abgeschlossen: Wartungsarbeiten Dienstag, 31. 5. 201625. Mai 2016Am Dienstag, 31. Mai 2016, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen, diese können jeweils .. --------------------------------------------- http://www.cert.at/services/blog/20160525113745-1748.html *** Österreichische Handy-Signatur anfällig für Phishing *** --------------------------------------------- Mit einer sogenannten Handy-Signatur können Österreicher auch Dokumente für Kommunikation Behörden rechtsverbindlich unterschreiben. Doch die digitale Unterschrift lässt sich mit einem einfachen Phishing-Angriff fälschen. --------------------------------------------- http://heise.de/-3222980 *** Vulnerability in Citrix Studio Could Result in Insecure Access Policy Configuration *** --------------------------------------------- A vulnerability has been identified in Citrix Studio that could allow Access Policy rules to be set insecurely on the Citrix XenDesktop Delivery Controller. --------------------------------------------- https://support.citrix.com/article/CTX213045 *** Nach Kritik: Pornhub überarbeitet sein Bounty-Programm *** --------------------------------------------- Mit ihrem Bug-Bounty-Programm hat eine Pornoseite Schlagzeilen gemacht. Doch die Kommunikation mit den Hackern und die gezahlten Bountys sorgten für viel Kritik. Das Unternehmen verspricht jetzt Besserung. --------------------------------------------- http://www.golem.de/news/nach-kritik-pornhub-ueberarbeitet-sein-bounty-prog… *** Twitter paid out $322,420 in bug bounties *** --------------------------------------------- Researchers have proven that bug bounties are a cheaper way for discovering vulnerabilities than hiring full-time bug hunters would be and, in the last few years, many Internet and tech companies have instituted such programs. The security community has praised those who have, and the .. --------------------------------------------- https://www.helpnetsecurity.com/2016/05/31/twitter-bug-bounty/ *** Neuer Tor Browser setzt bei der Suche auf DuckDuckGo *** --------------------------------------------- Die bisherige Standardsuche Disconnect habe auf von Google auf Bing umgestellt, mit katastrophalem Ergebnis, begründen die Entwickler ihre Entscheidung. Weitere Änderungen betreffen Mac-Nutzer und die Anzeige von YouTube-Videos. --------------------------------------------- http://heise.de/-3210346 *** Bloatware Insecurity Continues to Haunt Consumer, Business Laptops *** --------------------------------------------- High-severity vulnerabilities were found in pre-installed software updaters present in consumer and business laptops from vendors such as Dell, HP, Lenovo, Asus and Acer. --------------------------------------------- http://threatpost.com/bloatware-insecurity-continues-to-haunt-consumer-busi…

1 0

Tageszusammenfassung - Montag 30-05-2016
by Daily end-of-shift report 30 May '16

30 May '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 27-05-2016 18:00 − Montag 30-05-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Security baseline for Windows Server 2016 Technical Preview 5 (TP5) *** --------------------------------------------- Microsoft is pleased to announce the draft release of the security configuration baseline settings for Windows Server 2016, corresponding to Technical .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2016/05/27/security-baseline-f… *** New Locky ransomware campaign sets sights on Amazon customers *** --------------------------------------------- Amazon customers are the target of a wide-ranging phishing email scam intended to fool recipients into opening up a malicious attachment that results in the downloading of Locky ransomware. --------------------------------------------- http://www.scmagazine.com/new-locky-ransomware-campaign-sets-sights-on-amaz… *** How Attackers Use a Flash Exploit to Distribute Crimeware and Other Malware *** --------------------------------------------- Background Adobe Flash is multimedia software that runs on more than 1 billion systems worldwide. Its long list of security vulnerabilities and huge market presence .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/how-attackers-use-a-fl… *** VMSA-2016-0005.2 *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0005.html *** Security Advisory: Stored XSS in Jetpack *** --------------------------------------------- During regular research audits for our Sucuri Firewall (Cloud-based WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more than a million WordPress sites. The .. --------------------------------------------- https://blog.sucuri.net/2016/05/security-advisory-stored-xss-jetpack-2.html *** ZDI-16-361: (Pwn2Own) Apple OS X libATSServer Heap-based Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-361/ *** ZDI-16-360: (Pwn2Own) Apple OS X fontd Sandbox Escape Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-360/ *** Microsoft stattet Windows 10 mit doppelten Virenschutz aus *** --------------------------------------------- http://derstandard.at/2000037805637 *** Nach LinkedIn Datenleck auch bei MySpace *** --------------------------------------------- Der LinkedIn-Hacker hat laut eigenen Angaben auch 360 Millionen E-Mail-Adressen von MySpace-Nutzern und .. --------------------------------------------- http://futurezone.at/digital-life/nach-linkedin-datenleck-auch-bei-myspace/… *** Duqu 2.0 kernel exploitation technique analysis (part 1 of 2) *** --------------------------------------------- Out of the multiple components used in the sophisticated Duqu 2.0 cyberespionage attack, we had a chance to look into one of the kernel exploits used for its .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/05/29/%e2%80%8bduqu-2-0-kerne… *** CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename *** --------------------------------------------- All existing releases of GraphicsMagick and ImageMagick support a file open syntax where if the first character of the file specification is a |, then the remainder of the filename is passed to the shell for execution using the .. --------------------------------------------- http://permalink.gmane.org/gmane.comp.security.oss.general/19669 *** breaking into a wordpress site without knowing wordpress/php or infosec at all *** --------------------------------------------- This is a post about how I tried and broke into my colleges wordpress installation without having any prior knowledge of wordpress/php and without any experience with hacking web-servers. The attempts were spread out over a month, .. --------------------------------------------- https://notehub.org/5zo2v *** Saudi-Arabien soll Cyberangriffe gegen Iran gestartet haben *** --------------------------------------------- http://derstandard.at/2000037865736 *** Microsoft geht gegen zu einfache Passwörter vor *** --------------------------------------------- Künftig sollen Nutzer von Azure und anderen Diensten Warnungen erhalten, wenn ihr Kennwort .. --------------------------------------------- http://derstandard.at/2000037866342 *** Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the IP Version 6 (IPv6) packet processing functions of Cisco IOS XR Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Angreifer erbeuten Nutzerdaten von sz-magazin.de *** --------------------------------------------- Ein Unbefugter habe sich Mitte Mai rechtswidrig Zugriff auf einen Datenbankserver des SZ-Magazins verschafft. --------------------------------------------- http://heise.de/-3222586 *** Hintergrund: Zertifikate sperren - so gehts *** --------------------------------------------- Verkehrte Welt -- um ein Zertifikat zu sperren, muss man es erst installieren. Mit der folgenden Anleitung .. --------------------------------------------- http://heise.de/-3222308 *** Zum Weltnichtrauchertag: BSI warnt vor Malware in E-Zigaretten *** --------------------------------------------- Wer E-Zigaretten raucht, erspart seiner Lunge Teer, setzt aber die Gesundheit seines Rechners aufs Spiel - zumindest, wenn die E-Zigarette per USB aufgeladen wird. --------------------------------------------- http://www.golem.de/news/zum-weltnichtrauchertag-bsi-warnt-vor-malware-in-e…

1 0

Tageszusammenfassung - Freitag 27-05-2016
by Daily end-of-shift report 27 May '16

27 May '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 26-05-2016 18:00 − Freitag 27-05-2016 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** VU#482135: MEDHOST Perioperative Information Management System contains hard-coded database credentials *** --------------------------------------------- MEDHOST Perioperative Information Management System (PIMS) versions prior to 2015R1 contain hard-coded credentials that are used for customer database access. --------------------------------------------- http://www.kb.cert.org/vuls/id/482135 *** Environmental Systems Corporation Data Controllers Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for data controller vulnerabilities in the Environmental Systems Corporation (ESC) 8832 Data Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01 *** Sixnet BT Series Hard-coded Credentials Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a hard-coded credential vulnerability in Sixnet's BT series routers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-147-02 *** Black Box AlertWerks ServSensor Credential Management Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a credential management vulnerability in Black Box's AlertWerks ServSensor devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03 *** Bugtraq: ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/538499 *** Up to a dozen banks are reportedly investigating potential SWIFT breaches *** --------------------------------------------- More banks have reportedly launched investigations into potential security breaches on their networks after hackers stole US$81 million from the Bangladesh .. --------------------------------------------- http://www.cio.com/article/3075448/up-to-a-dozen-banks-are-reportedly-inves… *** Cisco WebEx Meeting Center Site Access Control User Account Enumeration Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security Advisory: NTP vulnerability CVE-2016-2519 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/41/sol41613034.html *** Security Advisory: NTP vulnerability CVE-2016-2517 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/61/sol61200338.html *** Multiple Buffalo wireless LAN routers vulnerable to information disclosure *** --------------------------------------------- http://jvn.jp/en/jp/JVN75813272/ *** Multiple Buffalo wireless LAN routers vulnerable to directory traversal *** --------------------------------------------- http://jvn.jp/en/jp/JVN81698369/ *** Link (.lnk) to Ransom *** --------------------------------------------- We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior. This ransom leverages removable and network drives to propagate .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/ *** Spoofer *** --------------------------------------------- Seeking to minimize Internets susceptibility to spoofed DDoS attacks, we are developing and supporting open-source software tools to assess and report on the deployment of source address validation (SAV) best anti-spoofing practices. This .. --------------------------------------------- http://www.caida.org/projects/spoofer/ *** Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160527-… *** Path Traversal in extension "Media management" (media) *** --------------------------------------------- https://typo3.org/news/article/path-traversal-in-extension-media-management… *** Cross-Site Scripting in extension "Formhandler" (formhandler) *** --------------------------------------------- https://typo3.org/news/article/cross-site-scripting-in-extension-formhandle… *** Global companies arent quick to patch 'high' severity flaw in OpenSSL *** --------------------------------------------- Yet another Padding Oracle flaw (CVE-2016-2107), allowing decrypting TLS traffic in a MITM attack, remains exploitable on the most popular web and email servers. --------------------------------------------- https://www.htbridge.com/blog/CVE-2016-2107-padding-oracle-exploit.html *** TLS-Zertifikate: Google zieht Daumenschrauben der CAs weiter an *** --------------------------------------------- Ab Juni müssen alle Symantec-CAs ihre Aktivitäten via Certificate Transparency registrieren. Sonst werden die Zertifikats-Inhaber abgestraft. Das könnte auch andere CAs treffen. --------------------------------------------- http://heise.de/-3215053 *** Cisco Firepower Management Center Web Interface Code Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Android Banking Trojan 'SpyLocker' Targets More Banks in Europe *** --------------------------------------------- Since the discovery of the Android banking Trojan SpyLocker, Intel Security has closely monitored this threat. SpyLocker first appeared disguised as Adobe Flash Player and targeted customers of banks in Australia, New Zealand, and .. --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targe…

1 0

Tageszusammenfassung - Mittwoch 25-05-2016
by Daily end-of-shift report 25 May '16

25 May '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 24-05-2016 18:00 − Mittwoch 25-05-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** New Botnets Used for Low and Slow Credential Testing (May 23, 2016) *** --------------------------------------------- Botnets are being used to test account access credentials... --------------------------------------------- http://www.sans.org/newsletters/newsbites/r/18/41/306 *** Many Ubiquiti Wireless Devices Still Vulnerable (May 20 and 23, 2016) *** --------------------------------------------- Owners of Ubiquiti wireless devices are being urged to apply a patch that the company released last year; the flaw it fixes is being actively exploited... --------------------------------------------- http://www.sans.org/newsletters/newsbites/r/18/41/308 *** Nulled WordPress Themes: Malvertising and Black Hat SEO *** --------------------------------------------- If you have been following our blog for some time, you know that we regularly warn about risks associated with the use of third-party software on your site. A benign plugin may sneakingly inject ads into your site which cause malvertising problems for the site visitors (e.g. SweetCaptcha). Other plugins may be hijacked by hackers or... The post Nulled WordPress Themes: Malvertising and Black Hat SEO appeared first on Sucuri Blog. --------------------------------------------- https://blog.sucuri.net/2016/05/nulled-wordpress-themes-malvertising-black-… *** New Wekby Attacks Use DNS Requests As Command and Control Mechanism *** --------------------------------------------- We have observed an attack led by the APT group Wekby targeting a US-based organization in recent weeks. Wekby is a group that has been active for a number of years, targeting various industries such... --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks… *** SWIFT exec unveils info sharing plan, calls Bangladesh a watershed event *** --------------------------------------------- SWIFT CEO Gottfried Leibbrandt issued details of the messaging service companys information-sharing strategy. --------------------------------------------- http://www.scmagazine.com/swift-exec-unveils-info-sharing-plan-calls-bangla… *** Stop Using "internal" Top Level Domain Names, (Wed, May 25th) *** --------------------------------------------- Cert.org this week warned again that internal top level domain names can be used against you, if one of these domains happens to be registered as a new generic top level domain (gTLD). Currently, there are about 1200 approved gTLDs, and the number will only increase even though the initial gold rush seems to have leveled off somewhat [1] US-Cert just sent out a reminder again regarding the use of internal domain names for automatic proxy configuration via WPAD. If this internal, but not... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21095&rss *** CVE-2015-2545: overview of current threats *** --------------------------------------------- Cyberespionage attacks conducted by different groups across the Asia-Pacific (APAC) and Far East regions share one common feature: in order to infect their victims with malware, the attackers use an exploit for the CVE-2015-2545 vulnerability. --------------------------------------------- http://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of… *** Who's tracking you online, and how? *** --------------------------------------------- Armed with a tool that mimics a consumer browser but is actually bent on discovering all the ways websites are tracking visitors, Princeton University researchers have discovered several device fingerprinting techniques never before seen in the wild. The web privacy measurement tool is called OpenWPM, and has been open sourced. Its creators are the very same researchers who performed this latest study. They crawled and analyzed measurements collected from 1 million of the most popular... --------------------------------------------- https://www.helpnetsecurity.com/2016/05/25/whos-tracking-you-online/ *** The Answer is always the same: Layers of Security *** --------------------------------------------- There is a common misperception that now that containers support seccomp we no longer need SELinux to help protect our systems. WRONG. The big weakness in containers is the container possesses the ability to interact with the host kernel and the host file systems. Securing the container processes is all about shrinking the attack surface on the host OS and more specifically on the host kernel.seccomp does a great job of shrinking the attack surface on the kernel. The idea is to limit the number... --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2334141 *** Skimmers Found at Walmart: A Closer Look *** --------------------------------------------- Recent local news stories about credit card skimmers found in self-checkout lanes at some Walmart locations reminds me of a criminal sales pitch I saw recently for overlay skimmers made specifically for the very same card terminals. --------------------------------------------- http://krebsonsecurity.com/2016/05/skimmers-found-at-walmart-a-closer-look/ *** VMSA-2016-0006 *** --------------------------------------------- VMware vCenter Server updates address an important cross-site scripting issue --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0006.html *** HPE Service Manager Unspecified Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1035954 *** Operation Technology ETAP 14.1.0 Multiple Stack Buffer Overrun Vulnerabilities *** --------------------------------------------- Multiple ETAP binaries are prone to a stack-based buffer overflow vulnerability because the application fails to handle malformed arguments. An attacker can exploit these issues to execute arbitrary code within the context of the application or to trigger a denial-of-service conditions. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5324.php *** Operation Technology ETAP 14.1.0 Local Privilege Escalation *** --------------------------------------------- ETAP suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the C flag (Change) for Authenticated Users group. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5323.php *** ZDI-16-354: (0Day) ActivePDF Toolkit ImageToPDF IAT Overwrite Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ActivePDF Toolkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-354/ *** Moxa MiiNePort Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for weak credential management, sensitive information not protected, and cross-site request forgery vulnerabilities in Moxa's MiiNePort serial device server module series. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01 *** Security Advisory: Java vulnerabilities CVE-2013-5802 and CVE-2013-5823 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/53/sol53316849.html?… *** Security Advisory: Multiple Java vulnerabilities *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/95/sol95313044.html?… *** Wartungsarbeiten Dienstag, 31.5.2016 *** --------------------------------------------- Wartungsarbeiten Dienstag, 31. 5. 2016 | 25. Mai 2016 | Am Dienstag, 31. Mai 2016, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen, diese können jeweils mehrere Minuten andauern. Es... --------------------------------------------- http://www.cert.at/services/blog/20160525113745-1748.html Next End-of-Shift report: 2016-05-27

1 0

Tageszusammenfassung - Dienstag 24-05-2016
by Daily end-of-shift report 24 May '16

24 May '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 23-05-2016 18:00 − Dienstag 24-05-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** DMA Locker 4.0 - Known Ransomware Preparing For A Massive Distribution *** --------------------------------------------- We take a look at the step towards maturity of DMA Locker how this will be spreading on a bigger scale.Categories: Malware Threat analysisTags: DMA Lockerransomware(Read more...) --------------------------------------------- https://blog.malwarebytes.org/threat-analysis/2016/05/dma-locker-4-0-known-… *** Beware of keystroke loggers disguised as USB phone chargers, FBI warns *** --------------------------------------------- Private industry notification comes 15 months after debut of KeySweeper. --------------------------------------------- http://arstechnica.com/security/2016/05/beware-of-keystroke-loggers-disguis… *** SWIFT to unveil new security plan after hackers heists *** --------------------------------------------- The SWIFT secure messaging service that underpins international banking said it plans to launch a new security program as it fights to rebuild its reputation in the wake of the Bangladesh Bank heist. [...] Users frequently do not inform SWIFT of breaches of their SWIFT systems and even now, the co-operative has not proposed any sanctions for clients who fail to pass on information, which SWIFT itself says is key to stopping future attacks. --------------------------------------------- http://www.reuters.com/article/us-cyber-banks-swift-idUSKCN0YE2S6 *** Kommentar: Allo, Google? Gehts noch? *** --------------------------------------------- Googles WhatsApp-Alternative Allo verschlüsselt nicht konsequent, sondern liest stattdessen aktiv mit. Was soll das? --------------------------------------------- http://heise.de/-3215729 *** WPAD name collision bug opens door for MitM attackers *** --------------------------------------------- A vulnerability in Web Proxy Auto-Discovery (WPAD), a protocol used to ensure all systems in an organization utilize the same web proxy configuration, can be exploited to mount MitM attacks from anywhere on the Internet, US-CERT warns. "With the New gTLD program, previously undelegated gTLD strings are now being delegated for public domain name registration. These strings may be used by private or enterprise networks, and in certain circumstances, such as when a work computer... --------------------------------------------- https://www.helpnetsecurity.com/2016/05/24/wpad-name-collision-bug/ *** Hacker finds flaw in teleconference tool used by US Army, NASA and CERN *** --------------------------------------------- Like we need another reason to hate videoconferences Sydney security tester Jamieson OReilly has reported a since-patched vulnerability in popular video platform Vidyo - used by the likes of the US Army, NASA and CERN - that could see videos leaked and systems compromised. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/05/19/popular_tel… *** Pastejacking im Browser: Codeausführung per Copy and Paste *** --------------------------------------------- Browser können den Inhalt der Zwischenablage selbstständig verändern. In einem Proof-of-Concept wird gezeigt, wie diese Funktion für Angriffe genutzt werden kann - und Nutzer sich recht einfach schützen können. --------------------------------------------- http://www.golem.de/news/pastejacking-im-browser-codeausfuehrung-per-copy-a… *** Bösartige Apps stellen heimlich teure Telefonverbindungen her *** --------------------------------------------- Warnung der Regulierungsbehörde --------------------------------------------- http://derstandard.at/2000037564561 *** Neben Erpressung nun auch DDoS: Verschlüsselungs-Trojaner Cerber lernt dazu *** --------------------------------------------- Mit einer neuen Version von Cerber wollen die Drahtzieher hinter der Ransomware noch mehr Profit generieren: Der Schädling nimmt persönliche Daten als Geisel und die Kriminellen können infizierte Computer für DDoS-Attacken missbrauchen. --------------------------------------------- http://heise.de/-3217254 *** The Anti-Ransomware Protection Plan You Need to Follow Today *** --------------------------------------------- Technology has made our lives both easier and more complicated - there's no denying that. Fast Internet access opened up a world of wisdom and all the distractions we can image. But the door is also open for cyber criminals with little to no scruples and a big appetite for money. And there's no better... --------------------------------------------- https://heimdalsecurity.com/blog/anti-ransomware-protection-plan/ *** Xen Security Advisory CVE-2014-3672 / XSA-180 *** --------------------------------------------- When the libxl toolstack launches qemu for HVM guests, it pipes the output of stderr to a file in /var/log/xen. This output is not rate-limited in any way. The guest can easily cause qemu to print messages to stderr, causing this file to become arbitrarily large. --------------------------------------------- http://xenbits.xen.org/xsa/advisory-180.html *** Pulse Connect Secure Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1035932 *** Missing Access Check in TYPO3 CMS *** --------------------------------------------- It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions. --------------------------------------------- https://typo3.org/news/article/missing-access-check-in-typo3-cms/ *** Missing Access Check in extension "Frontend User Registration" (sf_register) *** --------------------------------------------- It has been discovered that the extension "Frontend User Registration" (sf_register) lacks a proper access check. --------------------------------------------- https://typo3.org/news/article/missing-access-check-in-extension-frontend-u… *** Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco UCS Invicta Software Default GPG Key Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: GNU C Library (glibc) vulnerability CVE-2016-3075 *** https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15439022.html?… --------------------------------------------- *** Security Advisory: OpenSSH vulnerability CVE-2016-1907 *** https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35424631.html?… --------------------------------------------- *** Security Advisory: glibc vulnerability CVE-2016-3075 *** https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15439022.html?… --------------------------------------------- *** Security Advisory: Java vulnerabilities CVE-2013-5782 and CVE-2013-5803 *** https://support.f5.com:443/kb/en-us/solutions/public/k/14/sol14340611.html?… --------------------------------------------- *** Security Advisory: PHP Vulnerability CVE-2016-4539 *** https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35240323.html?… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Host On-Demand (CVE-2016-0264 ,CVE-2016-3449) *** http://www.ibm.com/support/docview.wss?uid=swg21983578 --------------------------------------------- *** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005812 --------------------------------------------- *** IBM Security Bulletin: IBM Connections Security Update (CVE-2016-0322) *** http://www.ibm.com/support/docview.wss?uid=swg21982611 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Tomcat may affect IBM WebSphere Application Server Community Edition (CVE-2015-5174) *** http://www.ibm.com/support/docview.wss?uid=swg21983128 --------------------------------------------- *** IBM Applicable countries and regions *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099367 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities have been identified in the versions of IBM WebSphere Application Server Community Edition bundled with Web Experience Factory 7.0.x and 8.0.x (CVE-2015-5345) (CVE-2016-0706) (CVE-2016-0714) *** http://www.ibm.com/support/docview.wss?uid=swg21981775 --------------------------------------------- *** IBM Security Bulletin: HTTP response splitting has been identified in IBM WebSphere Application Server Liberty Profile shipped with SmartCloud Cost Management and Tivoli Usage Accounting Manager (CVE-2015-2017) *** http://www.ibm.com/support/docview.wss?uid=swg2C1000121 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 23-05-2016
by Daily end-of-shift report 23 May '16

23 May '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 20-05-2016 18:00 − Montag 23-05-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Backdoor in Fake Joomla! Core Files *** --------------------------------------------- We usually write a lot about obfuscation methods on Sucuri Labs and here on the blog. Sometimes we write about free tools to obfuscate your code that aren't that free and we also have an online tool to help decoding the malware you find. But sometimes the malware is not clearly encoded using base64, gzinflate, hex concatenation,... The post Backdoor in Fake Joomla! Core Files appeared first on Sucuri Blog. --------------------------------------------- https://blog.sucuri.net/2016/05/unexpected-backdoor-fake-core-files.html *** 60 percent of enterprise Android phones prone to QSEE vulnerability *** --------------------------------------------- Duo Labs researchers found that 60 percent of enterprise Android phones are affected by a critical QSEE vulnerability. --------------------------------------------- http://www.scmagazine.com/majority-of-enterprise-android-phones-vulnerable-… *** The strange case of WinZip MRU Registry key, (Sun, May 22nd) *** --------------------------------------------- When we want to know if a document (.doc, .pdf, whatever) has been opened by the user, in a Windows environment our information goldmine place is the Registry and particularly its MRUs keys. However, it seems this is not always the case. During the analysis of the Retefe case I wrote about in my previous diary, I came across a Registry behavior I did not expect, or at least I was not aware of, about how to verify if the file contained within the zip archive had been opened or not. Regarding... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21087&rss *** ENISA- Europol issue joint statement *** --------------------------------------------- ENISA and Europol issue joint statement on lawful criminal investigation that respects 21st Century data protection. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-europol-issue-joint-state… *** Geldautomaten: Kriminelle erbeuten Millionen in zwei Stunden *** --------------------------------------------- Kriminelle Kartenfälscher agieren global: Mit Hilfe von Kreditkarteninformationen einer südafrikanischen Bank erbeutete eine Bande in Japan in nur 2,5 Stunden Bargeld im Wert von mehr als 12 Millionen Euro. --------------------------------------------- http://www.golem.de/news/geldautomaten-kriminelle-erbeuten-millionen-in-zwe… *** National coordinators meet to prepare for ECSM launch *** --------------------------------------------- National coordinators from across Europe gathered in Brussels earlier this month in preparation for the launch of this year's European Cyber Security Month. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/national-coordinators-meet-to-p… *** Organizations unprepared for employee-caused security incidents *** --------------------------------------------- While employee-related security risks are the number-one concern for security professionals, organizations are not taking adequate steps to prevent negligent employee behavior, according to a new Ponemon Institute study. The study, Managing Insider Risk Through Training & Culture, asked more than 600 individuals at companies that currently have a data protection and privacy training program to weigh in on the topic of negligent and malicious employee behaviors, as well as the consequences... --------------------------------------------- https://www.helpnetsecurity.com/2016/05/23/employee-caused-security-inciden… *** When Hashing isn't Hashing *** --------------------------------------------- Anyone working in application security has found themselves saying something like this a thousand times: "always hash passwords with a secure password hashing function." I've said this phrase at nearly all of the developer events I've spoken at, it's become a mantra of sorts for many of us that try to improve the security of applications. We tell developers to hash passwords, then we have to qualify it to explain that it isn't normal hashing. --------------------------------------------- https://adamcaudill.com/2016/05/23/when-hashing-isnt-hashing/ *** Technical Report about the RUAG espionage case *** --------------------------------------------- After several months of Incident Response and Analysis in the RUAG cyber espionage case, we got the assignment from the Federal Council to write and publish a report about the findings. The following is a purely technical report, intending to inform the public about Indicators of Compromise (IOCs) and the Modus Operandi of the attacker group behind this case. We strongly believe in... --------------------------------------------- https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espion… *** Hack von Rüstungskonzern: Schweizer Cert gibt Security-Tipps für Unternehmen *** --------------------------------------------- Daran könnten sich andere Sicherheitsfirmen ein Beispiel nehmen: Das Schweizer Cert hat detailliert die Angriffsmethoden einer APT-Gruppe auf den Technikkonzern Ruag analysiert und gibt Unternehmen Tipps zum Schutz. --------------------------------------------- http://www.golem.de/news/hack-von-ruestungskonzern-schweizer-cert-gibt-secu… *** After trio of hacks, SWIFT addresses information sharing concerns *** --------------------------------------------- Following reports of a cyberattack last year in which hackers stole $9 million from an Ecuadorean bank, SWIFT stated it is taking steps to create more information sharing practices. --------------------------------------------- http://www.scmagazine.com/after-trio-of-hacks-swift-addresses-information-s… *** Student convicted after finding encryption flaws in government network *** --------------------------------------------- He found that the encrypted network often wasnt... but he lost patience when it looked as though nothing was being done about it. --------------------------------------------- https://nakedsecurity.sophos.com/2016/05/23/student-convicted-after-finding… *** A recently patched Flash Player exploit is being used in widespread attacks *** --------------------------------------------- It took hackers less than two weeks to integrate a recently patched Flash Player exploit into widely used Web-based attack tools that are being used to infect computers with malware.The vulnerability, known as CVE-2016-4117, was discovered earlier this month by security researchers FireEye. It was exploited in targeted attacks through malicious Flash content embedded in Microsoft Office documents.When the targeted exploit was discovered, the vulnerability was unpatched, which prompted a... --------------------------------------------- http://www.cio.com/article/3073558/a-recently-patched-flash-player-exploit-… *** Security Update Available for Adobe Connect (APSB16-17) *** --------------------------------------------- A Security Bulletin (APSB16-17) has been published regarding a security update for Adobe Connect. Adobe recommends users update their product installations to the latest version using the instructions referenced in the security bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1355 *** TA16-144A: WPAD Name Collision Vulnerability *** --------------------------------------------- Original release date: May 23, 2016 Systems Affected Windows, OS X, Linux systems, and web browsers with WPAD enabled Overview Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries that are intended for resolution on private or enterprise DNS servers have been observed reaching public DNS servers [1]. In combination with the New generic Top Level Domain (gTLD) program's incorporation of previously undelegated gTLDs for public registration, leaked WPAD queries could result in... --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA16-144A *** Bugzilla 4.4.11 and 5.0.2 Security Advisory *** --------------------------------------------- A specially crafted bug summary could trigger XSS in dependency graphs. --------------------------------------------- https://www.bugzilla.org/security/4.4.11/ *** DSA-3585 wireshark - security update *** --------------------------------------------- Multiple vulnerabilities were discovered in the dissectors/parsers forPKTC, IAX2, GSM CBCH and NCP which could result in denial of service. --------------------------------------------- https://www.debian.org/security/2016/dsa-3585 *** SECURITY BULLETIN: Trend Micro InterScan Web Security Virtual Appliance (IWSVA) Multiple Remote Code Execution Vulnerabilities *** --------------------------------------------- Trend Micro has released new builds of the Trend Micro InterScan Web Security Virtual Appliance. These updates resolve vulnerabilities in the product that could potentially allow a remote attacker to execute arbitrary code on vulnerable installations. --------------------------------------------- https://esupport.trendmicro.com/solution/en-US/1114185.aspx *** SECURITY BULLETIN: Trend Micro OfficeScan Path Traversal Vulnerability *** --------------------------------------------- Trend Micro has released an update for OfficeScan (OSCE) 11.0 Service Pack (SP) 1 which resolves a vulnerability in the product that when certain conditions are met could be exploited to access files and directories located outside of the core product web root folder. --------------------------------------------- https://esupport.trendmicro.com/solution/en-US/1114097.aspx *** ZDI-16-353: BitTorrent API Cross Site Scripting Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent and uTorrent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-353/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM WebSphere affect IBM Control Center (CVE-2016-0283, CVE-2015-7417). *** http://www.ibm.com/support/docview.wss?uid=swg21981914 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology (CVE-2015-7484, CVE-2015-7474, CVE-2015-7485, CVE-2015-7486, CVE-2016-0219) *** http://www.ibm.com/support/docview.wss?uid=swg21983720 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2015-3193, CVE-2015-3195, CVE-2015-1794) *** http://www.ibm.com/support/docview.wss?uid=swg21982608 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Marketing Platform (CVE-2016-0224, CVE-2016-0229, CVE-2016-0233) *** http://www.ibm.com/support/docview.wss?uid=swg21980989 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in XML processing affect IBM DataPower Gateways *** http://www.ibm.com/support/docview.wss?uid=swg21982607 --------------------------------------------- *** IBM Security Bulletin: Vulnerability identified in IBM Domino Java Console (CVE-2016-0304) *** http://www.ibm.com/support/docview.wss?uid=swg21983328 --------------------------------------------- *** IBM Security Bulletin: OpenSSL vulnerabilities in Node.js found on May 03, 2016 affect Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2016-2107, CVE-2016-2105) *** http://www.ibm.com/support/docview.wss?uid=swg21983555 --------------------------------------------- *** IBM Security Bulletin: Multiple OpenSSL vulnerabilities in Node.js included in Rational Application Developer for WebSphere Software *** http://www.ibm.com/support/docview.wss?uid=swg21982949 --------------------------------------------- *** IBM Security Bulletin: One vulnerability in IBM Java SDK affect Application Delivery Intelligence 1.0.0 (CVE-2016-3427) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023804 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 6, affects: WebSphere Dashboard Framework (CVE-2016-3427, CVE-2016-3426, CVE-2016-0264) *** http://www.ibm.com/support/docview.wss?uid=swg21982528 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 6, affects: Web Experience Factory (CVE-2016-3427, CVE-2016-3426, CVE-2016-0264) *** http://www.ibm.com/support/docview.wss?uid=swg21982527 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Integration Designer and WebSphere Integration Developer (CVE-2016-3427) *** http://www.ibm.com/support/docview.wss?uid=swg21983002 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems, IBM OS Images for AIX, and Windows. (CVE-2016-0363, CVE-2016-0376, CVE-2016-3426, and CVE-2016-0264) *** http://www.ibm.com/support/docview.wss?uid=swg21983647 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool. (CVE-2016-0363, CVE-2016-0376, CVE-2016-3426, and CVE-2016-0264) *** http://www.ibm.com/support/docview.wss?uid=swg21983644 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects Tivoli Provisioning Manager for OS Deployment, Tivoli Provisioning Manager for Images (CVE-2016-2842) *** http://www.ibm.com/support/docview.wss?uid=swg21982159 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server *** http://www.ibm.com/support/docview.wss?uid=swg21981545 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in ApacheTomcat affect IBM Security SiteProtector System (CVE-2015-5174, CVE-2015-5345, CVE-2016-0706 and CVE-2016-0714) *** http://www.ibm.com/support/docview.wss?uid=swg21983242 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2015-3197 ) *** http://www.ibm.com/support/docview.wss?uid=swg21982697 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenStack affect IBM Spectrum Scale V4.2 and V4.1.1 (CVE-2015-8466 and CVE-2016-0738) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005833 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 20-05-2016
by Daily end-of-shift report 20 May '16

20 May '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 19-05-2016 18:00 − Freitag 20-05-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** DSA-3584 librsvg - security update *** --------------------------------------------- Gustavo Grieco discovered several flaws in the way librsvg, a SAX-basedrenderer library for SVG files, parses SVG files with circulardefinitions. A remote attacker can take advantage of these flaws tocause an application using the librsvg library to crash. --------------------------------------------- https://www.debian.org/security/2016/dsa-3584 *** Petya and Mischa - Ransomware Duet (part 1) *** --------------------------------------------- After being defeated about a month ago, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload - Mischa. Both are named after the satellites from the GoldenEye movie. They deploy attacks on .. --------------------------------------------- https://blog.malwarebytes.org/threat-analysis/2016/05/petya-and-mischa-rans… *** EITest campaign still going strong, (Fri, May 20th) *** --------------------------------------------- Originally reported by Malwarebytes in October 2014 [1], the EITest campaign has been going strong ever since. Earlier this year, I documented how the campaign has evolved over time [2]. During its run, I had only noticed the EITest campaign use Angler EK to distribute a variety of .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21081 *** TLS/GCM: Gefahr durch doppelte Nonces *** --------------------------------------------- Moderne TLS-Verbindungen nutzen üblicherweise das AES-GCM-Verschlüsselungsverfahren. Das benötigt einen sogenannten Nonce-Wert, der sich nicht wiederholen darf. Ansonsten ist die Sicherheit dahin. --------------------------------------------- http://www.golem.de/news/tls-gcm-gefahr-durch-doppelte-nonces-1605-121005.h… *** Important Security-Bulletin Pre-Announcement *** --------------------------------------------- https://typo3.org/news/article/important-security-bulletin-pre-announcement… *** Resource Data Management Intuitive 650 TDB Controller Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for a privilege escalation vulnerability and a cross-site request forgery vulnerability in Resource Data Management's Intuitive 650 TDB Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-140-01 *** Siemens SIPROTEC Information Disclosure Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for information disclosure vulnerabilities in the Siemens SIPROTEC 4 and SIPROTEC Compact. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-140-02 *** Hacked in a public space? Thanks, HTTPS *** --------------------------------------------- Kali Linux, laptop, coffee - hack on! Have you ever bothered to look at who your browser trusts? The padlock of a HTTPS connection doesnt mean anything if you cant trust the other end of the connection and its upstream signatories. Do you .. --------------------------------------------- www.theregister.co.uk/2016/05/20/https_wifi_trust_in_a_public_place/ *** Wichtiger Sicherheits-Patch für Typo3 voraus *** --------------------------------------------- In vielen Typo3-Versionen klafft offensichtlich eine schwerwiegende Sicherheitslücke. Ein Patch soll Anfang nächster Woche erscheinen. --------------------------------------------- http://heise.de/-3212058 *** l+f: Erpressung für den guten Zweck *** --------------------------------------------- Ein Verschlüsselungs-Trojaner fordert ein horrende Summe und will damit Gutes tun. Wer's glaubt ... --------------------------------------------- http://heise.de/-3212111

1 0

Tageszusammenfassung - Donnerstag 19-05-2016
by Daily end-of-shift report 19 May '16

19 May '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 18-05-2016 18:00 − Donnerstag 19-05-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Website Hacked Trend Report - 2016/Q1 *** --------------------------------------------- Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our customers in an effort to identify and remove website infections to include .. --------------------------------------------- https://blog.sucuri.net/2016/05/sucuri-hacked-report-2016q1.html *** Registration Codes - Less Critical - Input Validation Vulnerability - SA-CONTRIB-028 *** --------------------------------------------- https://www.drupal.org/node/2728711 *** Dropbox client - Multiple Vulnerabilities - SA-CONTRIB-2016-027 *** --------------------------------------------- https://www.drupal.org/node/2728693 *** Web Mailing List vulnerable to cross-site scripting *** --------------------------------------------- http://jvn.jp/en/jp/JVN43076390/ *** The 5Ws and 1H of Ransomware *** --------------------------------------------- For the past three months, we have seen ransomware hop its way across globe. Majority of the ransomware incidents are found in the United States, then Italy, and Canada. The prevalence of large-scale ransomware incidents led the United States and Canadian governments to issue a joint statement about .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/05/18/the-5ws-and-1h-of-ranso… *** Hackerangriff auf Linkedin: 100 Millionen Nutzer betroffen *** --------------------------------------------- Attacke fand bereits 2012 statt - Ausmass wurde jedoch erst jetzt in vollem Umfang bekannt --------------------------------------------- http://derstandard.at/2000037231582 *** Erpressungstrojaner: Teslacrypt-Entwickler geben auf *** --------------------------------------------- Master-Key veröffentlicht, Entschlüsselungssoftware verfügbar. --------------------------------------------- http://derstandard.at/2000037236758 *** Ransomware Awareness Tag *** --------------------------------------------- Unsere Kollegen von der Schweizer Melde- und Analysestelle Informationssicherung MELANI veranstalten heute, am 19. Mai 2016, einen Aktionstag zum Thema Ransomware. Das Ziel ist es, die Informationen zu der Bedrohung .. --------------------------------------------- http://www.cert.at/services/blog/20160519095712-1737.html *** Kernel Waiter Exploit from the Hacking Team Leak Still Being Used *** --------------------------------------------- Although the Hacking Team leak took place several months ago, the impact of this data breach - where exploit codes were made public and spurred a chain of attacks - can still be felt until today. We recently spotted malicious Android apps that appear to use an exploit found in the Hacking Team data .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/kernel-waiter-ex… *** FBI muss Mozilla keine Informationen über Sicherheitslücke übergeben *** --------------------------------------------- Der Richter in einem Verfahren gegen einen Nutzer einer Kinderpornographie-Plattform hat es abgelehnt, dass Mozilla sich einmischt, um an Informationen über eine Sicherheitslücke im Tor-Browser zu kommen. --------------------------------------------- http://heise.de/-3211120

1 0

Tageszusammenfassung - Mittwoch 18-05-2016
by Daily end-of-shift report 18 May '16

18 May '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 17-05-2016 18:00 − Mittwoch 18-05-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** That Insane, $81M Bangladesh Bank Heist? Here's What We Know *** --------------------------------------------- Someone stole $81 million from Bangladesh Bank in a matter of hours, and appears to have targeted other banks that use .. --------------------------------------------- http://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/ *** Academics Make Theoretical Breakthrough in Random Number Generation *** --------------------------------------------- Two University of Texas academics have made what some experts believe is a breakthrough in random number generation that could have longstanding implications for cryptography and computer security. --------------------------------------------- http://threatpost.com/academics-make-theoretical-breakthrough-in-random-num… *** XSA-176 *** --------------------------------------------- http://xenbits.xen.org/xsa/advisory-176.html *** First ATM malware is back and badder than ever *** --------------------------------------------- Original gangster Skimer goes global Cybercriminals have retrofitted a strain of ATM malware first discovered in 2009 to create an even more potent threat. --------------------------------------------- www.theregister.co.uk/2016/05/17/skimer_atm_malware/ *** Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Adaptive Security Appliance VPN Memory Block Exhaustion Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Unified Computing System Central Cross-Site Scripting Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Identity Services Engine Active Directory Integration Component Remote Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Malicious macro using a sneaky new trick *** --------------------------------------------- We recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/05/17/malicious-macro-using-a… *** Hacker weiden Untergrund-Forum Nulled.IO aus *** --------------------------------------------- Im Hacker-Forum Nulled.IO treffen sich Gleichgesinnte und handeln etwa mit erbeuteten Nutzer-Konten. Ironischerweise wurde Nulled.IO nun selbst Opfer einer verheerenden Hacker-Attacke. --------------------------------------------- http://heise.de/-3209682 *** Windows 10 Device Guard and Credential Guard Demystified *** --------------------------------------------- While helping Windows Enterprise customers deploy and realize the benefits of Windows 10, I've observed there's still a lot of confusion regarding the security features of the operating system. This is a shame since some .. --------------------------------------------- https://blogs.technet.microsoft.com/ash/2016/03/02/windows-10-device-guard-… *** Scammers target cybersecurity brands *** --------------------------------------------- Cybersquatting, typosquatting and phishing now target the largest cybersecurity brands. --------------------------------------------- https://www.htbridge.com/blog/scammers-target-cybersecurity-companies-brand… *** Google to shutter SSLv3, RC4 from SMTP servers, Gmail *** --------------------------------------------- Mark your calendars: Google will disable support for the RC4 stream cipher and the SSLv3 protocol on its SMTP servers and Gmail servers on June 16.After the deadline, Googles SMTP servers will no longer exchange mail with servers .. --------------------------------------------- http://www.cio.com/article/3071866/security/google-to-shutter-sslv3-rc4-fro… *** Magento 2.0.6 Security Update *** --------------------------------------------- Magento Enterprise Edition and Community Edition 2.0.6 contain multiple security and functional enhancements. You can find more details about the vulnerabilities addressed below. --------------------------------------------- https://magento.com/security/patches/magento-206-security-update *** Magento - Unauthenticated Remote Code Execution *** --------------------------------------------- The vulnerability (CVE-2016-4010) allows an attacker to execute PHP code at the vulnerable Magento server unauthenticated. This vulnerability actually consists of many small vulnerabilities, as described further in the blog post. --------------------------------------------- http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-executi… *** Sicherheitsrichtlinie: EU-Rat billigt Meldepflicht bei Cyberangriffen *** --------------------------------------------- Die EU-Mitgliedsstaaten haben den Kompromiss zur geplanten Richtlinie über Netz- und Informationssicherheit angenommen, den Verhandlungsführer zuvor mit dem EU-Parlament ausgehandelt hatten. Es geht um Sicherheitsauflagen für Online-Anbieter. --------------------------------------------- http://heise.de/-3210189 *** Ransomware Activity Spikes in March, Steadily increasing throughout 2016 *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2016/05/ransomware_activity.ht… *** The Ultimate Guide to Angler Exploit Kit for Non-Technical People *** --------------------------------------------- There's been a lot of talk about the Angler exploit kit lately, but, for most people, the warnings don't strike a chord. And they're definitely not to blame. Not everyone .. --------------------------------------------- https://heimdalsecurity.com/blog/ultimate-guide-angler-exploit-kit-non-tech… *** Die Crypto Wars und die Folgen: Wie uns alte Hintertüren weiter verfolgen *** --------------------------------------------- Erneut fordern Politiker, Geheimdienste und Strafverfolger, Krypto-Software absichtlich zu schwächen. Das war schon einmal vorgeschrieben und die Konsequenzen verfolgen uns noch heute: Verheerende Sicherheitslücken haben genau darin ihren Ursprung. --------------------------------------------- http://heise.de/-3210209 *** Bitly partners with Let's Encrypt for HTTPS links *** --------------------------------------------- Bitly processes data associated with more than 12 billion clicks per month, leading to massive troves of intelligence. Now, they're partnering with Let's Encrypt to generate SSL certificates for more than 40,000 Bitly .. --------------------------------------------- https://www.helpnetsecurity.com/2016/05/18/bitly-https-links/ *** IRZ RUH2 3G Firmware Overwrite Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a firmware overwrite vulnerability in iRZ's RUH2 device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-138-01 *** Moxa EDR-G903 Secure Router Vulnerabilities *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on February 11, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for Moxa's ECR G903 secure routers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01 *** Fixing `marked` XSS vulnerability *** --------------------------------------------- A few weeks ago we added to our DB a Cross-Site Scripting (XSS) vulnerability in the popular marked package. This post explains the vulnerability, shows how to exploit it on a sample app, and explains how to fix the issue in your application. --------------------------------------------- https://snyk.io/blog/marked-xss-vulnerability/

1 0

Tageszusammenfassung - Dienstag 17-05-2016
by Daily end-of-shift report 17 May '16

17 May '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 13-05-2016 18:00 − Dienstag 17-05-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Panama Papers: the result of neglected IT security *** --------------------------------------------- The financial, legal and political world have been turned upside down by the Panama Papers. But how on earth was it possible to steal 2.6 terabytes of data from Mossack Fonseca? --------------------------------------------- https://blog.gdatasoftware.com/2016/05/28239-panama-papers-the-result-of-ne… *** Yahoo-owned Tumblr announces email credential compromise *** --------------------------------------------- Tumblr announced Thursday that a third party accessed a set of Tumblr user email addresses with salted and hashed passwords. --------------------------------------------- http://www.scmagazine.com/tumblr-announces-email-credentials-compromised/ar… *** CVE-2016-4117: Flash Zero-Day Exploited in the Wild *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-ze… *** "Bösartiges Design": Wie Webseiten Nutzer reinlegen und betrügen *** --------------------------------------------- Skrupellose Abzock-Praktiken stehen immer mehr unter Kritik, etwa das automatische Anklicken von Abonnements --------------------------------------------- http://derstandard.at/2000037009828 *** Unethische Forschung: Wissenschaftler veröffentlichen 70.000 OKCupid-Profile *** --------------------------------------------- Wissenschaftler aus Dänemark haben Profile von rund 70.000 OKCupid-Nutzern analysiert und veröffentlicht. Den beteiligten Herren ist ein Ethik-Seminar dringend zu empfehlen. --------------------------------------------- http://www.golem.de/news/unethische-forschung-wissenschaftler-veroeffentlic… *** Gatecoin: Mehr als zwei Millionen US-Dollar in Kryptowährungen gestohlen *** --------------------------------------------- Wer seine Bitcoin oder Ether bei dem Anbieter Gatecoin aufbewahrt, sollte seine Accounts checken - rund 15 Prozent der Einlagen wurden gestohlen. Auszahlungen sollen erst ab dem 28. Mai wieder möglich sein, es wird aber an Entschädigungsregeln gearbeitet. --------------------------------------------- http://www.golem.de/news/gatecoin-ueber-zwei-millionen-us-dollar-in-kryptow… *** Swift-Attacke abgewehrt: Millionen-Transaktion im Visier von Cyberdieben *** --------------------------------------------- Ziel der Hacker bei der Tien Phong Bank war eine Transaktion von umgerechnet mehr als einer Million Euro gewesen --------------------------------------------- http://derstandard.at/2000037024022-1231152558333 *** Carding Sites Turn to the 'Dark Cloud' *** --------------------------------------------- Crooks who peddle stolen credit cards on the Internet face a constant challenge: Keeping their shops online and reachable in the face of meddling from law enforcement officials, security firms, researchers and vigilantes. In this .. --------------------------------------------- http://krebsonsecurity.com/2016/05/carding-sites-turn-to-the-dark-cloud/ *** Chrome könnte Flash noch dieses Jahr standardmässig blockieren *** --------------------------------------------- Google plant anscheinend, HTML5 noch stringenter als Standard in seinem Webbrowser Chrome einzusetzen. Flash-Inhalte sollen im Zuge dessen entweder gar nicht mehr oder nur in Ausnahmefällen wiedergegeben werden. --------------------------------------------- http://heise.de/-3208837 *** Android Hacking: Dumping and Analyzing Application's Memory *** --------------------------------------------- In this article, we will discuss how to dump the memory of a specific application using Android Studio's heap dump feature. We will also explore EclipseMemoryAnalyzer(MAT) to analyze the heap dump we acquire. It is possible to create heap dumps of an application�s heap in Android. We can dump .. --------------------------------------------- http://resources.infosecinstitute.com/android-hacking-dumping-and-analyzing… *** Cisco Video Communication Server Session Initiation Protocol Packet Processing Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** OS X El Capitan v10.11.5 and Security Update 2016-003 *** --------------------------------------------- https://support.apple.com/kb/HT206567 *** DSA-3580 imagemagick - security update *** --------------------------------------------- Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discoveredseveral vulnerabilities in ImageMagick, a program suite for imagemanipulation. These vulnerabilities, collectively known as ImageTragick,are the consequence of lack of sanitization of untrusted input. Anattacker with control .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3580 *** Secure Coding: How to Account for Input Sanitization *** --------------------------------------------- On average, a website leverages around 18-20 different plugins in its structure. These plugins enhance the website's functionality and in some instances extend the applications core capabilities. It's great for website owners because they can pick and .. --------------------------------------------- https://blog.sucuri.net/2016/05/secure-coding-account-input-sanitization.ht… *** Symantec Antivirus Engine Malformed PE Header Parser Memory Access Violation *** --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Zombie crypto still rules smart grids: OSGP vendors need to kill RC4 *** --------------------------------------------- Deprecated almost everywhere, researchers crack open smart grid ancient crypto suite AGAIN The Open Smart Grid Protocols custom RC4 encryption has been cracked - again. --------------------------------------------- www.theregister.co.uk/2016/05/17/zombie_crypto_still_rules_smart_grids/ *** Malicious Android apps slip into Google Play, top third party charts *** --------------------------------------------- Enlist phones in ad fraud, premium SMS, loser DDoS Malicious Android applications have bypassed Googles Play store security checks to enslave infected devices into distributed denial of service attack, advertising fraud, and spam botnets. --------------------------------------------- www.theregister.co.uk/2016/05/17/viking_horde_android_app_malware/ *** VMSA-2016-0005 *** --------------------------------------------- VMware product updates address critical and important security issues --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0005.html *** Kritische Lücke gefährdet Antiviren-Produkte von Symantec und Norton *** --------------------------------------------- Ein gefährlicher Bug in der Scan Engine von Symantect zieht weite Kreise und bedroht alle Symantec- und Norton-Produkte auf allen Plattformen, warnt ein Sicherheitsforscher. --------------------------------------------- http://heise.de/-3208967 *** Security Principles in iOS Architecture *** --------------------------------------------- I strongly suggest readers checkout my two prior blogs on Cryptography, Principle of Least Privilege, and Biometrics. All of these will be explored in depth throughout this blog. --------------------------------------------- https://woumn.wordpress.com/2016/05/02/security-principles-in-ios-architect… *** Killing XSS and CSRF on web server layer *** --------------------------------------------- Existing and new web security technologies based on actively developed RFCs propose new approaches to common web vulnerabilities remediation. --------------------------------------------- https://www.htbridge.com/blog/killing-xss-and-csrf-on-web-server-layer.html *** "Cryptohitman": Erpressungstrojaner ersetzt Sperrbildschirm mit Pornos *** --------------------------------------------- Verschlüsselt Dateien mit Endung ".porno" - kostenloses Tool rettet Userdaten --------------------------------------------- http://derstandard.at/2000037097552 *** Finanzministerium warnt vor falschen BMF-Mails *** --------------------------------------------- Phishing-Attacke - Löschen, löschen, löschen! --------------------------------------------- http://derstandard.at/2000037101098 *** The Sleepy User Agent *** --------------------------------------------- >From time to time a customer writes in and asks about certain requests that have been blocked by the CloudFlare WAF. Recently, a customer couldn't understand why it appeared that some simple GET requests for their homepage were .. --------------------------------------------- https://blog.cloudflare.com/the-sleepy-user-agent/

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily May 2016