Daily May 2016

daily@lists.cert.at

1 participants
19 discussions

Tageszusammenfassung - Freitag 13-05-2016
by Daily end-of-shift report 13 May '16

13 May '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 12-05-2016 18:00 − Freitag 13-05-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Cyber Heist Attribution *** --------------------------------------------- Written by Sergei Shevchenko and Adrian Nish | BACKGROUND | Attributing a single cyber-attack is a hard task and often impossible. However, when multiple attacks are conducted over long periods of time, they leave a trail of digital evidence. Piecing this together into a campaign can help investigators to see the bigger picture, and even hint at who may be behind the attacks. Our research into malware used on SWIFT based systems running in banks has turned up multiple bespoke tools used by a set of... --------------------------------------------- http://baesystemsai.blogspot.com/2016/05/cyber-heist-attribution.html *** Neuer Angriff auf Swift-Netzwerk: Angreifer nutzen manipulierten PDF-Reader *** --------------------------------------------- Eine Bank setzte zur Überprüfung von Transaktionen offenbar keine Hashwerte der einzelnen Vorgänge ein - sondern nimmt eine Sichtprüfung von PDFs vor. Aus diesem Grund konnten Angreifer erneut illegale Transaktionen im Swift-Netzwerk vornehmen. --------------------------------------------- http://www.golem.de/news/neuer-angriff-auf-swift-netzwerk-angreifer-nutzen-… *** EZB plant Meldestelle für Cyber-Angriffe auf Banken *** --------------------------------------------- Auch die Bankenaufseher der Europäischen Zentralbank reagieren auf die wachsende Zahl von Angriffen mit einer Meldepflicht bei schwerwiegenden Bedrohungen. --------------------------------------------- http://heise.de/-3207934 *** MISP - Malware Information Sharing Platform, (Fri, May 13th) *** --------------------------------------------- In a previous diary (Unity Makes Strength), I briefly mentioned MISP(which means Malware Information Sharing Platform). Since this tool is becomingmore and more popular, Id like to give more details about it.Sharing is key could be the slogan of MISP. The ideais to allow different organizations to share IOCs (Indicators of Compromize) like IP addresses, domains, hashes, URLs, filenames, ... Thegoal is to increase their ability to protect themselves against malicious activities. With millions of... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21053&rss *** Open sourcing our NGINX HTTP/2 + SPDY code *** --------------------------------------------- In December, we released HTTP/2 support for all customers and last week we released HTTP/2 Server Push support as well. The release of HTTP/2 by CloudFlare had a huge impact on the number of sites supporting and using the protocol. Today, 50% of sites that use HTTP/... --------------------------------------------- https://blog.cloudflare.com/open-sourcing-our-nginx-http-2-spdy-code/ *** Meteocontrol WEBlog Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for one authentication and two information exposure vulnerabilities in Meteocontrol's WEB'log application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01 *** TrendMicro - Multiple HTTP Problems with CoreServiceShell.exe *** --------------------------------------------- Topic: TrendMicro - Multiple HTTP Problems with CoreServiceShell.exe Risk: Medium Text:Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=775 The main component of Trend Micro Antivirus is CoreSe... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016050051 *** Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version *** --------------------------------------------- Revisions None Severity Severity (CVSS version 2 and CVSS Version 3) CVSS2 ... --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Bugtraq: May 2016 - HipChat Server - Critical Security Advisory *** --------------------------------------------- http://www.securityfocus.com/archive/1/538378 *** Bugtraq: [security bulletin] HPSBGN03597 rev.1 - HPE Cloud Optimizer (Virtualization Performance Viewer) using glibc Remote Denial of Service (DoS) *** --------------------------------------------- http://www.securityfocus.com/archive/1/538371 *** Bugtraq: [security bulletin] HPSBMU03589 rev.1 - HPE Version Control Repository Manager (VCRM), Remote Denial of Service (DoS) *** --------------------------------------------- http://www.securityfocus.com/archive/1/538377 *** Bugtraq: [security bulletin] HPSBMU03591 rev.1 - HPE Server Migration Pack, Remote Denial of Service (DoS) *** --------------------------------------------- http://www.securityfocus.com/archive/1/538376 *** Bugtraq: [security bulletin] HPSBMU03590 rev.1 - HPE Systems Insight Manager (SIM) on Windows and Linux, Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538379 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server for Bluemix April 2016 CPU (CVE-2016-3426, CVE-2016-3427) *** http://www.ibm.com/support/docview.wss?uid=swg21983039 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition 8.5.0 (CVE-2016-3449, CVE-2016-0264) *** http://www.ibm.com/support/docview.wss?uid=swg21982262 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Sterling Connect:Express for Unix (CVE-2016-2842). *** http://www.ibm.com/support/docview.wss?uid=swg21982374 --------------------------------------------- *** IBM Security Bulletin: A Security Vulnerability exist in IBM Cognos TM1 *** http://www.ibm.com/support/docview.wss?uid=swg21981936 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) (Multiple CVEs) *** http://www.ibm.com/support/docview.wss?uid=swg21973066 --------------------------------------------- Next End-of-Shift Report: 2016-05-17

1 0

Tageszusammenfassung - Donnerstag 12-05-2016
by Daily end-of-shift report 12 May '16

12 May '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 11-05-2016 18:00 − Donnerstag 12-05-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Security Updates Available for Adobe Flash Player (APSB16-15) *** --------------------------------------------- A Security Bulletin (APSB16-15) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin. Adobe... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1352 *** Tips to Prevent Ransomware in Healthcare Environments *** --------------------------------------------- If 2015 was the year of the healthcare breach, 2016 is shaping up to be the year of ransomware. By this time last year, 105 healthcare breaches had been reported to the U.S. Department of... --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/05/tips-to-prevent-ransomwa… *** Entpacker 7-Zip kann zum Ausführen von Schadcode missbraucht werden *** --------------------------------------------- Über eine Lücke im Kompressions-Tool 7-Zip können Angreifer Schadcode ausführen und eventuell auch den Rechner des Opfers kapern. Besonders brisant: Der Open-Source-Code des Tools steckt auch in Sicherheitssoftware. --------------------------------------------- http://heise.de/-3206787 *** US-CERT warnt Betreiber von SAP-Systemen *** --------------------------------------------- Anlass der Sicherheitswarnung des Computer-Notfall-Teams der USA ist ein Bericht, demzufolge mindestens 36 Organisationen in der ganzen Welt über eine SAP-Lücke angegriffen und kompromittiert wurden. --------------------------------------------- http://heise.de/-3207245 *** New Wave of the Test0.com/Test5.xyz Redirect Hack *** --------------------------------------------- Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domain. This week the default7 .com domain went down but the attackers returned with a new wave of site infections and the new redirecting domain - test5 .xyz (registered just a few... --------------------------------------------- https://blog.sucuri.net/2016/05/test0test5-com-redirect-hack-new-wave.html *** Popular cache Squid skids as hacker pops lid *** --------------------------------------------- Yet another mess we can blame on the combination of Flash and advertising Tsinghua University postgraduate student Jianjun Chen has reported a critical cache poisoning vulnerability in the Squid proxy server, a transparent cache widely deployed by internet service providers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/05/12/telco_fave_… *** Giving up Your Roots: A Root Remedy Checklist *** --------------------------------------------- As an IT organization, should you be concerned that your sysAdmins login as root, su to root, or sudo su to root?The post Giving up Your Roots: A Root Remedy Checklist appeared first on BeyondTrust. --------------------------------------------- https://www.beyondtrust.com/blog/root-remedy-checklist/ *** Facebook CTF platform is now open source *** --------------------------------------------- Capture the Flag competitions are a good - not to mention legal - way for hackers to build and hone their skills. But, quality CTF environments are difficult and expensive to build and run. This is a burden that Facebook aims to lighten by open sourcing the Facebook CTF platform, devised for the training of their own employees and used around the world by various organizations looking to interest kids in computer security. The now-free... --------------------------------------------- https://www.helpnetsecurity.com/2016/05/12/facebook-ctf-platform-open-sourc… *** From the Netherlands Presidency of the EU Council: Coordinated vulnerability disclosure Manifesto signed *** --------------------------------------------- Approximately 30 organisations have signed the Coordinated Vulnerability Disclosure Manifesto today, in which they declare to support the principle of having a point of contact to report IT vulnerabilities to and already have this set up in their own organisations, or they plan to do so soon. By signing the manifesto, the participating... --------------------------------------------- https://www.enisa.europa.eu/news/member-states/from-the-netherlands-preside… *** DFN-CERT-2016-0770: Jenkins: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0770/ *** DFN-CERT-2016-0739: OpenVPN: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0739/ *** Security Notice - Statement on Bogner Florian Revealing Privilege Escalation Vulnerability in Huawei E5373 LTE Mobile Wi-Fi Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20160512-01-… *** F5 Security Advisory: Nginx vulnerabilities CVE-2016-0742, CVE-2016-0746, and CVE-2016-0747 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23073482.html?… *** BulletProof Security <= .53.3 - Multiple XSS Vulnerabilities *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8492 *** Bugtraq: [security bulletin] HPSBHF03592 rev.1 - HPE VAN SDN Controller OVA using OpenSSL, Multiple Remote Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538359 *** Bugtraq: [security bulletin] HPSBNS03581 rev.2 - HPE NonStop Servers running Samba (NS-Samba), Multiple Remote Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538360 *** Bugtraq: [security bulletin] HPSBST03598 rev.1 - HPE 3PAR OS using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/538365 *** Bugtraq: [security bulletin] HPSBST03586 rev.1 - HPE 3PAR OS, Remote Unauthorized Modification *** --------------------------------------------- http://www.securityfocus.com/archive/1/538364 *** Bugtraq: [security bulletin] HPSBST03599 rev.1 - HPE 3PAR OS running OpenSSH, Remote Denial of Service (DoS), Access Restriction Bypass *** --------------------------------------------- http://www.securityfocus.com/archive/1/538366 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin:Vulnerability in IBM Java Runtime affect IBM Host On-Demand (CVE-2016-0363) *** http://www.ibm.com/support/docview.wss?uid=swg21982489 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Web Browser XSS Protection affects IBM Algorithmics Algo Risk Application - CVE-2016-0390 *** http://www.ibm.com/support/docview.wss?uid=swg21981321 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect WebSphere Application Server shipped with SmartCloud Provisioning *** http://www.ibm.com/support/docview.wss?uid=swg2C1000105 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) *** http://www.ibm.com/support/docview.wss?uid=swg21982883 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Workload Deployer. (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) *** http://www.ibm.com/support/docview.wss?uid=swg21982877 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus *** http://www.ibm.com/support/docview.wss?uid=swg21982172 --------------------------------------------- *** IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7488) *** http://www.ibm.com/support/docview.wss?uid=swg21982874 --------------------------------------------- *** IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7456) *** http://www.ibm.com/support/docview.wss?uid=swg21982873 --------------------------------------------- *** IBM Security Bulletin: A potential vulnerability in IBM Java SDK affect InfoSphere Streams (CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21973403 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 11-05-2016
by Daily end-of-shift report 11 May '16

11 May '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 10-05-2016 18:00 − Mittwoch 11-05-2016 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** Security Advisory posted for Adobe Flash Player (APSA16-02) *** --------------------------------------------- A Security Advisory (APSA16-02) has been published regarding a critical vulnerability (CVE-2016-4117) in Adobe Flash Player. Adobe is aware of a report that an exploit .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1346 *** Security Updates for Adobe Acrobat and Reader and Hotfixes for ColdFusion Available *** --------------------------------------------- Security Bulletins for Adobe Acrobat and Reader (APSB16-14) as well as ColdFusion (APSB16-16) have been published. Adobe recommends users update their product installations to the latest versions using the instructions in the relevant security .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1350 *** IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by vulnerabilities in IBM Spectrum Scale (CVE-2016-0263, CVE2016-0361) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1023767 *** MS16-MAY - Microsoft Security Bulletin Summary for May 2016 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS16-MAY *** May 2016 security update release *** --------------------------------------------- Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month's security .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2016/05/10/may-2016-security-updat… *** 5 security experts share their best tips for 'fringe' devices *** --------------------------------------------- What is a 'fringe' device in IT?For some, it's a gadget everyone has forgotten about - a printer in a corner office, an Android tablet in a public area used to schedule conference rooms. A fringe device can also be one that's common enough to be used .. --------------------------------------------- http://www.cio.com/article/3068406/security/5-security-experts-share-their-… *** Panasonic FPWIN Pro Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details concerning buffer overflow vulnerabilities in Panasonic FPWIN Pro software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01 *** DSA-3574 libarchive - security update *** --------------------------------------------- Rock Stevens, Andrew Ruef and Marcin Icewall Noga discovered aheap-based buffer overflow vulnerability in the zip_read_mac_metadatafunction in libarchive, a multi-format archive and compression library,which may .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3574 *** It's time to get serious about ICS cybersecurity *** --------------------------------------------- As recently reported by The Register, a proof-of-concept PLC worm could spell disaster for the critical infrastructure by making attacks exponentially more difficult to detect and stop. Unfortunately, the proof of concept of a PLC worm is a viable scenario which could cause immeasurable .. --------------------------------------------- https://www.helpnetsecurity.com/2016/05/11/time-get-serious-ics-cybersecuri… *** Patchday: Microsoft schliesst Zero-Day-Lücke im Internet Explorer *** --------------------------------------------- Wie jeden Monat heißt es auch im Mai für Windows-Nutzer wieder einmal: Jetzt schnell Patches einspielen! Diesmal ist es besonders dringend, denn eine im Patchday geschlossene Lücke wurde bereits vor ihrer Veröffentlichung aktiv für Angriffe missbraucht. --------------------------------------------- http://heise.de/-3202816 *** Multiple JVC HDRs and Net Cameras - Multiple Vulnerabilities *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016050040 *** The Art of Searching for Open Source Intelligence *** --------------------------------------------- The Internet is a big ocean, and it carries loads of information you might be interested in or looking for, but where and how to find that information? Thanks to search engines like Google that make the searches using a query possible, .. --------------------------------------------- http://resources.infosecinstitute.com/the-art-of-searching-for-open-source-… *** CryptXXX 2.0 foils decryption tool, locks PCs *** --------------------------------------------- CryptXXX ransomware, first spotted in mid-April, has reached version 2.0, and a new level of nastiness. It's also on its way to become one of the top ransomware families in the wild. The malware's first version would encrypt files but leave .. --------------------------------------------- https://www.helpnetsecurity.com/2016/05/11/cryptxxx-2-0-foils-decryption/ *** Adobe lässt sich Zeit mit Patch für ausgenutzte Lücke *** --------------------------------------------- Mit dem Sicherheitsupdate für den Flash-Player lässt Adobe sich mehr Zeit, als Nutzer zum Deinstallieren der Software benötigen. --------------------------------------------- http://www.golem.de/news/kritische-flash-luecke-adobe-laesst-sich-zeit-mit-… *** Hintergrund: Dridex analysiert *** --------------------------------------------- Eine kleine Artikelreihe zeigt, wie man einen Bot-Netz-Client mit dem Debugger auseinander nimmt. --------------------------------------------- http://heise.de/-3204362 *** TA16-132A: Exploitation of SAP Business Applications *** --------------------------------------------- Original release date: May 11, 2016 Systems Affected Outdated or misconfigured SAP systems Overview At least 36 organizations worldwide are affected by an SAP vulnerability [1]. Security researchers from Onapsis discovered .. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA16-132A *** Updated factsheets security of ICS/SCADA systems *** --------------------------------------------- Malicious persons and security researchers show interest in the (lack of) security of industrial control systems. This relates not only to 'traditional' ICS/SCADA systems, but also to building management systems (incl. HVAC and CCTV). --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/updated-factsheets-security… *** IBM Security Bulletin: Multiple vulnerabilities in Samba affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000130 *** IBM Security Bulletin: IBM Emptoris Sourcing is affected by open redirect vulnerability (CVE-2016-0329). *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21982629 *** IBM Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000110

1 0

Tageszusammenfassung - Dienstag 10-05-2016
by Daily end-of-shift report 10 May '16

10 May '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 09-05-2016 18:00 − Dienstag 10-05-2016 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** [Xen-announce] Xen Security Advisory 179 (CVE-2016-3710, CVE-2016-3712) - QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks *** --------------------------------------------- Qemu VGA module allows banked access to video memory using the window at 0xa00000 and it supports different access modes with different address calculations. But an attacker can easily change access modes after setting the bank .. --------------------------------------------- http://lists.xen.org/archives/html/xen-announce/2016-05/msg00001.html *** Finding Conditional SEO Spam in Drupal *** --------------------------------------------- Nobody likes spam. It's never fun (unless you're watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of .. --------------------------------------------- https://blog.sucuri.net/2016/05/seo-spam-in-drupal-database.html *** DSA-3572 websvn - security update *** --------------------------------------------- Nitin Venkatesh discovered that websvn, a web viewer for Subversion repositories, is susceptible to cross-site scripting attacks viaspecially crafted file and directory names in repositories. --------------------------------------------- https://www.debian.org/security/2016/dsa-3572 *** Gamarue, Nemucod, and JavaScript *** --------------------------------------------- JavaScript is now being used largely to download malware because it's easy to obfuscate the code and it has a small size. Most recently, one of the most predominant JavaScript malware that has been spreading other malware is Nemucod. This .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/05/09/gamarue-nemucod-and-jav… *** Don�t Put Off Till Tomorrow What You Should Start Today (Part 1) *** --------------------------------------------- For some, the upcoming EU legislative changes (the General Data Protection Regulation, referred to as GDPR, and the Network and Information Security Directive, referred to as the NIS Directive) may have seemed like they .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/05/cso-dont-put-off-till-to… *** Performing network forensics with Dshell. Part 1: Basic usage, (Mon, May 9th) *** --------------------------------------------- I found out recently there is a very interesting tool that enables some interesting capabilities to perform network forensics from a PCAP capture file. It"> in the command prompt. There is a major keyword that launches .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21035 *** This is what a root debug backdoor in the Linux kernel looks like *** --------------------------------------------- Allwinners all-loser code makes it into shipped firmware A root backdoor for debugging Android gadgets managed to end up in shipped firmware - and were surprised this sort of colossal blunder doesnt happen more often. --------------------------------------------- www.theregister.co.uk/2016/05/09/allwinners_allloser_custom_kernel_has_a_na… *** DSA-3573 qemu - security update *** --------------------------------------------- https://www.debian.org/security/2016/dsa-3573 *** SS7 spookery on the cheap allows hackers to impersonate mobile chat subscribers *** --------------------------------------------- Flaws in the mobile signalling protocols can be abused to read messaging apps such as WhatsApp and Telegram. --------------------------------------------- www.theregister.co.uk/2016/05/10/ss7_mobile_chat_hack/ *** Security Advisory: ImageMagick vulnerability CVE-2016-3714 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/03/sol03151140.html *** Let's stop talking password flaws and instead discuss access management *** --------------------------------------------- A good bit of attention has been given to a new report that suggests that there are organizations that don't change their administrative passwords at all, ever. While it may be a bit eye opening that many IT professionals said they did not .. --------------------------------------------- https://www.helpnetsecurity.com/2016/05/10/password-flaws-access-management/ *** xt:Commerce: Dringende Patches ohne Details *** --------------------------------------------- Der Anbieter des Online-Shop-Systems xt:Commerce verteilt aktuell einen Sicherheitspatch. Betroffene Admins sollten die abgesicherten Versionen mit "sehr hoher .. --------------------------------------------- http://heise.de/-3200152 *** Hacker Challenges *** --------------------------------------------- Want to get started hacking things but don't want to do anything illegal? Here are some challenges others have made to help you practice some hacking skills. By participating in the challenges you could learn the following .. --------------------------------------------- https://www.tunnelsup.com/hacker-challenges/ *** Ransomware Is Not a 'Malware Problem' - It's a Criminal Business Model *** --------------------------------------------- Today Unit 42 published our latest paper on ransomware, which has quickly become one of the greatest cyberthreats facing organizations around the world. As a business model, ransomware has proven to be highly effective .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/05/unit-42-ransomware-trend… *** Lateral Movement: Do You Have Enough Eyes? *** --------------------------------------------- Sophisticated attackers can find their way into a corporate network in many ways. An attack could come from an external source, through the exploitation of a service, or by being brought in by a user whose laptop has been infected while .. --------------------------------------------- http://resources.infosecinstitute.com/lateral-movement-do-you-have-enough-e… *** Böse Bilder: Akute Angriffe auf Webseiten über ImageMagick *** --------------------------------------------- Die Gnadenfrist ist abgelaufen. Wer ein ungepatchtes ImageMagick auf seinem Server einsetzt, sollte schnellstens handeln, denn nun sind Exploits im Umlauf. --------------------------------------------- http://heise.de/-3200773 *** Xen Security Advisory CVE-2016-3710,CVE-2016-3712 / XSA-179 *** --------------------------------------------- http://xenbits.xen.org/xsa/advisory-179.txt *** IBM Security Bulletin: Vulnerabilities in OpenSource PHP Affect IBM Lotus Protector For Mail Security (CVE-2016-3142 ) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21981983 *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000128 *** Hackers paradise: Outdated Internet Explorer, Flash installs in enterprises *** --------------------------------------------- Two in five Flash users DO update. Surprised? A quarter of all Windows devices are running outdated and unsupported versions of Internet Explorer, exposing users to more .. --------------------------------------------- www.theregister.co.uk/2016/05/10/ie_flash_vulns_rife/

1 0

Tageszusammenfassung - Montag 9-05-2016
by Daily end-of-shift report 09 May '16

09 May '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 06-05-2016 18:00 − Montag 09-05-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Symantec Endpoint Encryption Unquoted Service Path Local Elevation of Privilege *** --------------------------------------------- CVSS2 Base Score: 6.8 Symantec Endpoint Encryption (SEE) has an unquoted search path in EEDService. This could provide a non-privileged local user the ability to successfully insert arbitrary code in the root path. --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** WordPress 4.5.2 Security Release *** --------------------------------------------- WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues. --------------------------------------------- https://wordpress.org/news/2016/05/wordpress-4-5-2/ *** Lenovo Patches Serious Flaw In Pre-Installed Support Tool *** --------------------------------------------- Reader itwbennett writes: Lenovo has made available a patch for the vulnerability in its Lenovo Solution Center, a support tool which comes pre-installed on many Lenovo laptops and desktops. The vulnerability could allow attackers to execute code with system privileges and take over computers. Users should automatically be prompted to update LSC when they open the application, but in case they arent, they should download the latest version (3.3.002) manually from Lenovos website. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/8xQvMt43Nw8/lenovo-patches-… *** The massive password breach that wasn't: Google says data is 98% 'bogus' *** --------------------------------------------- When a script kiddie sells 272 million accounts for $1, be very, very skeptical. --------------------------------------------- http://arstechnica.com/security/2016/05/the-massive-password-breach-that-wa… *** Security Advisory: OpenSSL vulnerability CVE-2016-2109 *** --------------------------------------------- The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23230229.html?… *** Analyzing ImageTragick Exploits in the Wild *** --------------------------------------------- Three days ago the ImageMagic (ImageTragick) vulnerability was released to the world. We've been actively monitoring as promised, and have started to see a few different attacks targeting the vulnerability. Interestingly enough, the attacks themselves seem to be targeted against specific customers and not mass blanket attacks, which is what you'd expect ... --------------------------------------------- https://blog.sucuri.net/2016/05/analyzing-imagetragick-exploits-in-the-wild… *** "Detecting the Siemens S7 Worm and Similar Capabilities" *** --------------------------------------------- An article came out on May 5th titled "Daisy-chained research spells malware worm hell for power plants and other utilities" with the subtitle of "Worlds first PLC worm spreads like cancer". Having been on the receiving end of sensationalized headlines before I empathize with the authors of the research... --------------------------------------------- http://ics.sans.org/blog/2016/05/08/detecting-the-siemens-s7-worm-and-simil… *** World Password Day--Dont be an easy target *** --------------------------------------------- Thursday, May 5th, marks the 'celebration' of the fourth annual World Password Day. .. * Have you updated the passwords on all of your accounts within the last three months? * Have you enabled two-factor authentication on accounts that allow it? *Are you using the strongest possible combinations of numbers, letters and symbols allowed by the site? *Are you using different passwords for every account (no duplicates or very similar variations)? --------------------------------------------- http://community.hpe.com/t5/Protect-Your-Assets/World-Password-Day-Don-t-be… *** AlphaLocker Is the Most Professional Ransomware Kit to Date ... but security researchers already cracked it *** --------------------------------------------- Luckily for us, other security experts have already cracked its secrets over the past weekend, and a decrypter was published that helps any of the infected victims recover their files for free, without paying the ransom. Nevertheless, heres a small intro into how crooks are creating, advertising, and then selling ransomware on the underground market. --------------------------------------------- http://news.softpedia.com/news/alphalocker-is-the-most-professional-ransomw… *** ImageMagick Vulnerability Information *** --------------------------------------------- A few days ago an ImageMagick vulnerability was disclosed dubbed 'ImageTragick' that affects WordPress websites whose host has ImageMagick installed. If you control your own hosting for your WordPress site, you should look to implement the following fix(es) immediately. --------------------------------------------- https://make.wordpress.org/core/2016/05/06/imagemagick-vulnerability-inform… *** Wordpress-Plugin bleibt ungefixt *** --------------------------------------------- Ein Sicherheitsforscher deckte zwei Lücken in der Wordpress-Erweiterung Event-Registration auf; die Hersteller reagieren jedoch nicht. --------------------------------------------- http://heise.de/-3198956 *** Penetration Testing of a Citrix Server *** --------------------------------------------- Here I'll discuss how I did a pentest of a Citrix server in a lab network. First, let us understand about Windows terminal service. Microsoft Windows Terminal Services, otherwise known as Remote Desktop Services, is one of the components of Windows 2003-08 Server, which allows multiple sessions to run the application over it. --------------------------------------------- http://resources.infosecinstitute.com/penetration-testing-of-a-citrix-serve… *** Security Advisory - XSS Vulnerability in the Email App of Huawei Smartphone *** --------------------------------------------- There is a vulnerability due to the lack of output encoding for some particular characters in the email APP built in the affected Smart Phones. A successful exploitation of the vulnerability could allow an unauthenticated remote attacker to perform a cross-site scripting (XSS) attack and lead to obtain the user information. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160507-… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: The vulnerability in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(CVE-2016-0363 and CVE-2016-0376) *** http://www.ibm.com/support/docview.wss?uid=swg21982634 --------------------------------------------- *** IBM Security Bulletin: Security Bulletin: Vulnerability in OpenSSL affects IBM InfoSphere Master Data Management (CVE-2016-2842) *** http://www.ibm.com/support/docview.wss?uid=swg21982353 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified - CVE-2016-0800 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005717 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM SONAS - CVE-2016-0800 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005716 --------------------------------------------- *** IBM Security Bulletin: Apache Tomcat vulnerability affects IBM SONAS (CVE-2015-5345) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005712 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager HSM for Windows (CVE-2016-2542) *** http://www.ibm.com/support/docview.wss?uid=swg21982741 --------------------------------------------- *** IBM Security Bulletin: IBM Forms Viewer Installation could allow a remote attacker to execute arbitrary code on the system (CVE-2016-2542) *** http://www.ibm.com/support/docview.wss?uid=swg21982440 --------------------------------------------- *** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM SONAS (CVE-2015-7547) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005681 --------------------------------------------- *** IBM Security Bulletin: Potential vulnerabilities in IBM OpenPages GRC Platform with Database *** http://www.ibm.com/support/docview.wss?uid=swg21982461 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in TLS affects IBM SONAS (CVE-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005722 --------------------------------------------- *** IBM Security Bulletin: Samba vulnerability issues on IBM SONAS (CVE-2015-5252, CVE-2015-5296, and CVE-2015-5299) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005693 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Cordova Android may affect IBM WebSphere Portal (CVE-2015-5256) *** http://www.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/integrate/wl_int… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM SONAS (CVE-2015-1794, CVE-2015-3194, CVE-2015-3195, and CVE-2015-3196) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005694 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in GSKit affect Tivoli Workload Scheduler (CVE-2015-7421, CVE-2015-7420) *** http://www.ibm.com/support/docview.wss?uid=swg21982432 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Liberty for Java for IBM Bluemix April 2016 CPU (CVE-2016-3426, CVE-2016-3427) *** http://www.ibm.com/support/docview.wss?uid=swg21982850 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 6-05-2016
by Daily end-of-shift report 06 May '16

06 May '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 04-05-2016 18:00 − Freitag 06-05-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Microsoft to retire support for SHA1 certificates in the next 4 months *** --------------------------------------------- The lock icon will be gone by summer; sites using SHA1 to be blocked come January. --------------------------------------------- http://arstechnica.com/security/2016/05/microsoft-to-retire-support-for-sha… *** Österreich auf der Suche nach Nachwuchs-Hackern *** --------------------------------------------- Bei der Cyber Security Challenge 2016 werden vom Abwehramt und dem Verein Cyber Security Austria zum fünften Mal junge Hacker-Talente gesucht. --------------------------------------------- http://futurezone.at/digital-life/oesterreich-auf-der-suche-nach-nachwuchs-… *** ImageTragick: Another Vulnerability, Another Nickname, (Thu, May 5th) *** --------------------------------------------- Introduction On Tuesday 2016-05-03, we started seeing reports about a vulnerability for a cross-platform suite named ImageMagick [1, 2, 3]. This new vulnerability has been nicknamed ImageTragick and has its own website. Apparently, the vulnerability will be assigned to CVE-2016-3714. It wasnt yet on mitre.orgs CVE site when I wrote this diary. Johannes Ullrich already discussed this vulnerability in yesterdays ISC StormCast for 2016-05-04, but theres been more press about it. Should... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21023&rss *** Jaku botnet hides targeted attacks within generic botnet noise *** --------------------------------------------- Botnets are usually created by cyber criminals that use them to launch DDoS attacks, deliver spam, effect click fraud. The recently discovered Jaku botnet can effectively do all those things, if its botmaster(s) choose to do so, but it seems that they have other things in mind. The botnet which, according to Forcepoint researchers, numbered as many as 17,000 victims at different points in time, consists of several botnets "answering to" different C&C servers. The... --------------------------------------------- https://www.helpnetsecurity.com/2016/05/05/jaku-botnet-targeted-attacks/ *** Juniper patches OpenSSHs roaming bug in Junos OS *** --------------------------------------------- Screen OS not affected The next vendor to kill off the OpenSSH roaming bug announced in January is Juniper Networks. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/05/05/juniper_pat… *** Criminals Peddling Affordable AlphaLocker Ransomware *** --------------------------------------------- A relatively affordable and difficult to detect ransomware-as-a-service named AlphaLocker has begun making the rounds, researchers warn. --------------------------------------------- http://threatpost.com/criminals-peddling-affordable-alphalocker-ransomware/… *** Microsoft BITS Used to Download Payloads, (Thu, May 5th) *** --------------------------------------------- A few day ago,I found an interesting malicious Word document. First of all, the file has a very low score on VT:2/56 (analysis is available here). The document is a classic one:Once opened, it asks the victim to enable macro execution if not yet enabled. The document targets" />">">The OLE document contains"> $ oledump.py b2a9d203bb135b54319a9e5cafc43824 1: 113 \x01CompObj 2: 4096 \x05DocumentSummaryInformation 3: 4096 \x05SummaryInformation 4: 9398 1Table 5: --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21027&rss *** On The Monetization Of Crypto-Ransomware *** --------------------------------------------- Over the last few years, technologies and infrastructure, in the form of crypto-currencies, the dark web and well-organized criminal affiliate programs have aligned to create the perfect storm. And from that storm, the crypto-ransomware beast has arisen. There's a reason why crypto-ransomware is making the news almost daily - it's unique compared to every other... --------------------------------------------- https://labsblog.f-secure.com/2016/05/06/on-the-monetization-of-crypto-rans… *** Studie: TLS-Proxies bringen Sicherheitsprobleme *** --------------------------------------------- Unter 14 Antivirus- und Kinderschutzprodukten, die Inhalte in gesicherten TLS-Verbindungen filtern, fand sich kein einziges, das dabei keine zusätzlichen Sicherheitsprobleme verursachte. --------------------------------------------- http://heise.de/-3197932 *** Qualcomm flaw puts millions of Android devices at risk *** --------------------------------------------- A vulnerability in an Android component shipped with phones that use Qualcomm chips puts users text messages and call history at risk of theft.The flaw was found by security researchers from FireEye and was patched by Qualcomm in March. However, because the vulnerability was introduced five years ago, many affected devices are unlikely to ever receive the fix because theyre no longer supported by their manufacturers.The vulnerability, which is tracked as CVE-2016-2060, is located on an Android... --------------------------------------------- http://www.cio.com/article/3066827/qualcomm-flaw-puts-millions-of-android-d… *** Security Alert: New Ransomware Promises to Donate Earnings to Charity *** --------------------------------------------- Psychological manipulation is heavily used in cyber attacks, especially in phishing and ransomware compromise attempts. As with all online scams, the attackers' main objective is simple: to make as much money and steal as much data as possible. So, in their malicious pursuit, they'll come up with new tactics to force their victims into complying with their conditions. Encrypting ransomware, such as CryptoWall or TeslaCrypt, is proof. --------------------------------------------- https://heimdalsecurity.com/blog/security-alert-new-ransomware-donate-earni… *** New Security Flaw Found in Lenovo Solution Center Software *** --------------------------------------------- Security researchers at Trustwave SpiderLabs have discovered a new vulnerability in Lenovo's much maligned Lenovo Solution Center software. The vulnerability allows attackers with local network access to a PC to execute arbitrary code. --------------------------------------------- http://threatpost.com/new-security-flaw-found-in-lenovo-solution-center-sof… *** Public Key Infrastructure (PKI) *** --------------------------------------------- Executive Summary This article is a detailed theoretical and hands-on with Public Key Infrastructure (PKI) and OpenSSL based Certificate Authority. In the first section, PKI and its associated concepts will be discussed. A test bed or lab environment on Ubuntu 14 will be prepared to apply PKI knowledge. Generation of CA, server and user keys/certificates... --------------------------------------------- http://resources.infosecinstitute.com/public-key-infrastructure-pki-2/ *** Upcoming Security Updates for Adobe Acrobat and Reader (APSB16-14) *** --------------------------------------------- A prenotification Security Advisory (APSB16-14) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, May 10, 2016. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1344 *** Squid HTTP caching proxy Multiple Vulns *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016050024 *** [R1] PHP < 5.6.21 Vulnerabilities Affect Tenable SecurityCenter *** --------------------------------------------- http://www.tenable.com/security/tns-2016-09 *** HPE Network Node Manager i Multiple Flaws Let Remote Users Bypass Authentication, Obtain Data and Potentially Sensitive Information, and Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1035767 *** Bugtraq: ESA-2016-051: Patch 14 for RSA Authentication Manager 8.1 SP1 to Address Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538287 *** DSA-3567 libpam-sshauth - security update *** --------------------------------------------- It was discovered that libpam-sshauth, a PAM module to authenticateusing an SSH server, does not correctly handle system users. In certainconfigurations an attacker can take advantage of this flaw to gain rootprivileges. --------------------------------------------- https://www.debian.org/security/2016/dsa-3567 *** USN-2963-1: OpenJDK 8 vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-2963-14th May, 2016openjdk-8 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTSSummarySeveral security issues were fixed in OpenJDK 8.Software description openjdk-8 - Open Source Java implementation DetailsMultiple vulnerabilities were discovered in the OpenJDK JRE related toinformation disclosure, data integrity, and availability. An attackercould exploit these to cause a denial of service, expose sensitive... --------------------------------------------- http://www.ubuntu.com/usn/usn-2963-1/ *** USN-2964-1: OpenJDK 7 vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-2964-14th May, 2016openjdk-7 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTSSummarySeveral security issues were fixed in OpenJDK 7.Software description openjdk-7 - Open Source Java implementation DetailsMultiple vulnerabilities were discovered in the OpenJDK JRE related to informationdisclosure, data integrity, and availability. An attacker could exploitthese to cause a denial of service, expose... --------------------------------------------- http://www.ubuntu.com/usn/usn-2964-1/ *** Cisco security Advisories *** --------------------------------------------- *** Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in bind affect Power Hardware Management Console (CVE-2016-1285, CVE-2016-1286) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021266 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in ntp affect Power Hardware Management Console (CVE-2015-5300, CVE-2015-7704, CVE-2015-8138) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021264 --------------------------------------------- *** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM XIV Storage System (CVE-2015-7547) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005699 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2015-7575, CVE-2016-0475) *** http://www.ibm.com/support/docview.wss?uid=swg21982445 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2015-7575, CVE-2016-0475) *** http://www.ibm.com/support/docview.wss?uid=swg21982446 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Insight (CVE-2015-4872, CVE-2015-4893, CVE-2015-4803, CVE-2015-5006, CVE-2016-0483, CVE-2015-7575, CVE-2016-0448, CVE-2016-0466) *** http://www.ibm.com/support/docview.wss?uid=swg21972468 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence (CVE-2015-4872, CVE-2015-4893, CVE-2015-4803, CVE-2015-5006, CVE-2016-0483, CVE-2015-7575, CVE-2016-0448, CVE-2016-0466) *** http://www.ibm.com/support/docview.wss?uid=swg21972469 --------------------------------------------- *** IBM Security Bulletin: IBM Cognos Business Intelligence Server 2016Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. *** http://www.ibm.com/support/docview.wss?uid=swg21979767 --------------------------------------------- *** IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) February 2016 *** http://www.ibm.com/support/docview.wss?uid=swg21980693 --------------------------------------------- *** IBM Security Bulletin: Current Releases of IBM SDK for Node.js in IBM Bluemix are affected by CVE-2016-3956, CVE-2016-2515 and CVE-2016-2537. *** http://www.ibm.com/support/docview.wss?uid=swg21981433 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (CVE-2016-2542) *** http://www.ibm.com/support/docview.wss?uid=swg21982467 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage FlashCopy Manager on Windows (CVE-2016-2542) *** http://www.ibm.com/support/docview.wss?uid=swg21982448 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in SQLite affects IBM Security Access Manager for Mobile (CVE-2015-3416) *** http://www.ibm.com/support/docview.wss?uid=swg21981269 --------------------------------------------- *** IBM Security Bulletin: IBM SPSS Statistics ActiveX Control Buffer Overflow (CVE-2015-8530) *** http://www.ibm.com/support/docview.wss?uid=swg21982035 --------------------------------------------- *** IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7403) *** http://www.ibm.com/support/docview.wss?uid=swg21982660 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 4-05-2016
by Daily end-of-shift report 04 May '16

04 May '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 03-05-2016 18:00 − Mittwoch 04-05-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Dev using Libarchive? Patch and push *** --------------------------------------------- Input validation bug opens code execution vuln The popular Libarchive open source compression library needs an update to cover a code execution vulnerability. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/05/04/dev_using_l… *** Sicherheitsupdates: PHP anfällig für Remote Code Execution *** --------------------------------------------- Angreifer können verschiedenen PHP-Versionen aus der Ferne Schadcode unterjubeln. Drei abgesicherte Versionen schließen zwei Sicherheitslücken. --------------------------------------------- http://heise.de/-3196826 *** Neue Versionen von Apache Struts wehren sich gegen Schad-Code *** --------------------------------------------- Über eine Sicherheitslücke können Angreifer Server mit Apache Struts unter Umständen aus der Ferne attackieren und Code ausführen. --------------------------------------------- http://heise.de/-3196868 *** Petya: the two-in-one trojan *** --------------------------------------------- Petya Trojan is an unusual hybrid of an MBR blocker and data encryptor: it prevents not only the operating system from booting but also blocks normal access to files located on the hard drives of the attacked system. --------------------------------------------- http://securelist.com/blog/research/74609/petya-the-two-in-one-trojan/ *** Höflicher Erpressungstrojaner entschuldigt sich und bittet um Geschenke *** --------------------------------------------- Ein neuer Krypto-Trojaner geht um: Die Alpha Ransomware verlangt iTunes-Gutscheine vom Opfer, sonst bleiben die Daten mit AES-256 verschlüsselt. Der Erpresserbrief ist überraschend höflich, verschweigt allerdings wichtige Details. --------------------------------------------- http://heise.de/-3197135 *** Yet Another Padding Oracle in OpenSSL CBC Ciphersuites *** --------------------------------------------- Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it's in the code that fixes Lucky13.It was found by Juraj Somorovsky using a tool he developed called TLS-Attacker. Like in the "old days"... --------------------------------------------- https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphe… *** Neutrino exploit kit sends Cerber ransomware, (Wed, May 4th) *** --------------------------------------------- Introduction Seems like were always finding new ransomware. In early March 2016, BleepingComputer announced a new ransomware named Cerber had appeared near the end of February [1]. A few days later, the Malwarebytes blog provided further analysis and more details on subsequent Cerber samples [2]. Cerber is distributed through exploit kits (EKs) and malicious spam (malspam). Ive only seen .rtf attachments that download and install Cerber if opened in Microsoft Word [3]." /> Shown above:... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21017 *** Security Advisory: Stored XSS in bbPress *** --------------------------------------------- Exploitation Level: Easy/Remote DREAD Score: 6/10 Vulnerability: Stored XSS Patched Version: bbPress 2.5.9 During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress which is currently installed on 300,000 live websites - one of them being the popular wordpress.org support forum. Vulnerability Disclosure Timeline: April... --------------------------------------------- https://blog.sucuri.net/2016/05/security-advisory-stored-xss-bbpress-2.html *** Xcode 7.3.1 *** --------------------------------------------- Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code --------------------------------------------- https://support.apple.com/kb/HT206338 *** Cisco Prime Collaboration Assurance Open Redirect Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** F5 Security Advisory: Multiple OpenSSL vulnerabilities CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/07/sol07538415.html?… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427) *** http://www.ibm.com/support/docview.wss?uid=swg21982223 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2016-0799, CVE-2016-0702). *** http://www.ibm.com/support/docview.wss?uid=swg21981764 --------------------------------------------- *** IBM Security Bulletin: Potential vulnerabilities in IBM OpenPages GRC Platform with Application Server *** http://www.ibm.com/support/docview.wss?uid=swg21982462 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Metrics Manager (CVE-2016-0448, CVE-2016-0466) *** http://www.ibm.com/support/docview.wss?uid=swg21977134 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition affect IBM Tivoli Network Manager IP Edition *** http://www.ibm.com/support/docview.wss?uid=swg21975424 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM InfoSphere Information Server installer could expose sensitive information (CVE-2015-7493) *** http://www.ibm.com/support/docview.wss?uid=swg21982034 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2015-3194, CVE-2015-3195). *** http://www.ibm.com/support/docview.wss?uid=swg21981765 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Cognos Metrics Manager (CVE-2015-2017) *** http://www.ibm.com/support/docview.wss?uid=swg21976798 --------------------------------------------- *** IBM Security Bulletin: DB2 local escalation of privilege vulnerability affects IBM Tivoli Storage Manager server (CVE-2015-1947) *** http://www.ibm.com/support/docview.wss?uid=swg21979698 --------------------------------------------- *** IBM Security Bulletin: A security vulnerability has been identified in IBM Tivoli / Security Directory Server *** http://www.ibm.com/support/docview.wss?uid=swg21980585 --------------------------------------------- Next End-of-Shift report on 2016-05-06

1 0

Tageszusammenfassung - Dienstag 3-05-2016
by Daily end-of-shift report 03 May '16

03 May '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 02-05-2016 18:00 − Dienstag 03-05-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** GOZNYM MALWARE *** --------------------------------------------- Antivirus software detects GozNym hybrid as Nymaim variant GozNym samples resolve domains, do not connect to IPs returned. Separate IP used for HTTP comms. C2 channel for GozNym appears to be HTTP POST requests, in line with .. --------------------------------------------- https://blog.team-cymru.org/2016/05/goznym-malware/ *** JSA10748 - Protect-RE (loopback) Firewall Filter does not discard OSPF packets from non-permitted prefixes *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10748&actp=RSS *** Acunetix WVS 10 - Remote command execution (SYSTEM privilege) *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016050003 *** 3-in-4 Android phones, slabs, gizmos menaced by fresh hijack flaws *** --------------------------------------------- Another month, another round of critical vulnerabilities patched by Google Google has today issued a bundle of 40 security patches for its Android operating system. --------------------------------------------- www.theregister.co.uk/2016/05/02/android_may_patch_batch/ *** Fake Security Conferences *** --------------------------------------------- Turns out there are two different conferences with the title International Conference on Cyber Security (ICCS 2016), one real and one fake. Richard Clayton has the story .. --------------------------------------------- https://www.schneier.com/blog/archives/2016/05/fake_security_c.html *** RSA Data Loss Prevention Bugs Let Remote Users Conduct Cross-Site Scripting and Clickjacking Attacks and Let Remote Authenticated Users Bypass Security Controls and Obtain Potentially Sensitive Information *** --------------------------------------------- http://www.securitytracker.com/id/1035714 *** SNMP Pentesting *** --------------------------------------------- In the previous article about SNMP, we have discussed how to set up your own vulnerable lab where we have configured pfSense and VyOS with SNMP misconfigurations. You can find this article here. In this article, we will discuss how to assess the security .. --------------------------------------------- http://resources.infosecinstitute.com/snmp-pentesting/ *** l+f: Webseite des Ministeriums für digitale Infrastruktur erneut löchrig *** --------------------------------------------- Nach Heartbleed nun XSS: Der Web-Auftritt des Bundesministeriums für Verkehr und digitale Infrastruktur war abermals unzureichend abgesichert. --------------------------------------------- http://heise.de/-3196376 *** OpenSSL Security Advisory [3rd May 2016] *** --------------------------------------------- https://openssl.org/news/secadv/20160503.txt *** OpenSSL schließt Abkömmling der Lucky-13-Lücke *** --------------------------------------------- Die vielgenutzte Krypto-Bibliothek erhält Patches für sechs Sicherheitslücken. Zwei davon haben die Priorität .. --------------------------------------------- http://heise.de/-3196510 *** Ransomware deployments after brute force RDP attack *** --------------------------------------------- Fox-IT has encountered various ways in which ransomware is being spread and activated. Many infections happen by sending spam e-mails and luring the receiver in opening the infected .. --------------------------------------------- https://blog.fox-it.com/2016/05/02/ransomware-deployments-after-brute-force…

1 0

Tageszusammenfassung - Montag 2-05-2016
by Daily end-of-shift report 02 May '16

02 May '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 29-04-2016 18:00 − Montag 02-05-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** DSA-3561 subversion - security update *** --------------------------------------------- Several vulnerabilities were discovered in Subversion, a version controlsystem. The Common Vulnerabilities and Exposures project identifies thefollowing problems: --------------------------------------------- https://www.debian.org/security/2016/dsa-3561 *** Google Patches 9 Security Flaws in New Chrome Browser Build *** --------------------------------------------- Five Chrome bug bounty hunters split $14,000 in rewards as Google patches nine security flaws in its browser, four are labeled 'high'. --------------------------------------------- http://threatpost.com/google-patches-9-security-flaws-in-new-chrome-browser… *** Cloned Websites Stealing Google Rankings *** --------------------------------------------- We often speak of black hat SEO tactics and content scraping sites are just one example of such tactics. Scraping is the act of copying all content from a website using automated scripts, usually with the intention of stealing .. --------------------------------------------- https://blog.sucuri.net/2016/04/cloned-website-stealing-google-rankings-seo… *** Lizard Squad Ransom Threats: New Name, Same Faux Armada Collective M.O. *** --------------------------------------------- [...] Beginning late Thursday evening (Pacific Standard Time) several CloudFlare customers began to receive threatening emails from a "new" group calling itself the 'Lizard Squad'. These emails have a similar modus operandi to the previous ransom emails. This group was threatenin .. --------------------------------------------- https://blog.cloudflare.com/lizard-squad-ransom-threats-new-name-same-faux-… *** Cyber Security Challenge: Wettbewerb für "Nachwuchs-Hacker" startet am 2. Mai *** --------------------------------------------- Ab sofort sind Schüler und Studenten wieder aufgerufen, sich den Online-Prüfungen der Cyber Security Challenge zu stellen. Die Qualifikationsphase läuft bis zum 1. August, das deutsche Finale findet Ende September in Berlin statt. --------------------------------------------- http://heise.de/-3194493 *** Crypto-ransomware Gains Footing in Corporate Grounds, Gets Nastier for End Users *** --------------------------------------------- In the first four months of 2016, we have discovered new families and variants of ransomware, seen their vicious new routines, and witnessed threat actors behind these operations upping the ransomware game to new heights. All these developments further establish crypto-ransomware as a .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/crypto-ransomwar… *** Schwarzmarkt: Preis für mobile Malware zieht an *** --------------------------------------------- Sicherheitsforschern zufolge floriert der Handel mit mobiler Malware. Der Anbieter des Android-Trojaners GM Bot zieht indes die Preise auf Malware-Marktplätzen spürbar an. --------------------------------------------- http://heise.de/-3195382 *** Practical Reverse Engineering Part 2 - Scouting the Firmware *** --------------------------------------------- In part 1 we found a debug UART port that gave us access to a linux shell. At this point we've got the same access to the router that a developer would use to debug issues, control the system, etc. --------------------------------------------- http://jcjc-dev.com/2016/04/29/reversing-huawei-router-2-scouting-firmware/ *** Ernste Sicherheitslücke in Ubuntus neuem Paketformat Snap geschlossen *** --------------------------------------------- Ubuntus neues Paketformat Snap sorgt erneut für Aufsehen: Nun haben die Entwickler einen Schreibfehler im Code entfernt, der Angreifern das Ausführen von beliebigem Schadcode ermöglicht hatte. --------------------------------------------- http://heise.de/-3195532

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily May 2016