Daily June 2016

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - Donnerstag 30-06-2016
by Daily end-of-shift report 30 Jun '16

30 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 29-06-2016 18:00 − Donnerstag 30-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Multiple vulnerabilities in Foxit Reader *** http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/dKs5CcUo7Us http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/XgoemmeT0GY http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/XNek5RDVxp0 http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/5xiMJFpDb9o http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/BO1ORv21ejs http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Yvk8m_ilMEE http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/BEv0AHg6Das http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/wgd366hnP7k http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/XfbdbhhiNGQ http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/mGq36S5AkiI http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/-_uz9VtYDFE http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/2K_wjeRUsls *** DSA-3608 libreoffice - security update *** --------------------------------------------- Aleksandar Nikolic discovered that missing input sanitising in the RTFparser in Libreoffice may result in the execution of arbitrary code ifa malformed documented is opened. --------------------------------------------- https://www.debian.org/security/2016/dsa-3608 *** Ransomware auf Smartphones hat sich vervierfacht *** --------------------------------------------- Erpresserische Schadsoftware auf Android-Smartphones ist laut einer Untersuchung von Kaspersky innerhalb eines Jahres um das Vierfache gestiegen. --------------------------------------------- http://futurezone.at/digital-life/ransomware-auf-smartphones-hat-sich-vervi… *** Malware Authors Adopt CEO Fraud Techniques *** --------------------------------------------- CEO Fraud scams, a type of Business Email Compromise (BEC), have gained popularity among scammers recently. These scams use the power of the CEOs name to try and elicit a .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Malware-Authors-Adopt-CEO-Fr… *** CEO Fraud Scams and How to Deal With Them at the Email Gateway *** --------------------------------------------- Email scams known as "CEO Fraud" are very common right now. They are a type of "Business Email Compromise" (BEC). There have .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/CEO-Fraud-Scams-and-How-to-D… *** Datenleck bei Terrordatenbank *** http://futurezone.at/digital-life/datenleck-bei-terrordatenbank/207.148.569 *** Phishing Campaign with Blurred Images, (Wed, Jun 29th) *** --------------------------------------------- For a few days, Im seeing a lot of phishing emails that try to steal credentials from victims. Well, nothing brand new but,this time, the scenario is quite different : The .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21207 *** DSA-3609 tomcat8 - security update *** --------------------------------------------- Multiple security vulnerabilities have been discovered in the Tomcatservlet and JSP engine, which may result in information disclosure, thebypass of CSRF protections, bypass of the SecurityManager or denial ofservice. --------------------------------------------- https://www.debian.org/security/2016/dsa-3609 *** Rooting Hummer malware brings $500,000 per day to its creator *** --------------------------------------------- Android malware with device rooting capabilities has been hitting Google Play for a while now, but for users third-party app stores the situation is even more dangerous. The Hummer malware family Hummer, an Android Trojan .. --------------------------------------------- https://www.helpnetsecurity.com/2016/06/30/rooting-hummer-malware/ *** StartEncrypt considered harmful today *** --------------------------------------------- Recently, one of our hackers (Thijs Alkemade) found a critical vulnerability in StartCom's new StartEncrypt tool, that allows an attacker to gain valid SSL certificates .. --------------------------------------------- https://www.computest.nl/blog/startencrypt-considered-harmful-today/ *** Wasserwaagen-App: Android-Trojaner im Play Store installiert ungewollt Apps *** --------------------------------------------- http://www.golem.de/news/wasserwagen-app-android-trojaner-im-play-store-ins… *** SBA Research got COMET *** --------------------------------------------- We are proud to announce that SBA Research got COMET funding for the next four years! Read the press release here. --------------------------------------------- https://www.sba-research.org/2016/06/30/sba-research-got-comet/ *** Fileless Malware - A Behavioural Analysis Of Kovter Persistence *** --------------------------------------------- During a recent talk by a representative of MalwareBytes, it was discussed that several modern malware families, notable Poweliks, Phase Bot and Kovter are moving away .. --------------------------------------------- http://blog.airbuscybersecurity.com/post/2016/03/FILELESS-MALWARE-%E2%80%93… *** What media companies don't want you to know about ad blockers *** --------------------------------------------- [...] Thompson did not say one word in his keynote address about the significant security benefits of ad blockers, which is ironic, because his paper was one of .. --------------------------------------------- http://www.cjr.org/opinion/ad_blockers_malware_new_york_times.php *** Passwort-Cracker hashcat versucht sich an Android und VeraCrypt *** --------------------------------------------- Version 3.00 des Passwort-Knackers hashcat knackt weitere Dateiformate .. --------------------------------------------- http://heise.de/-3251874

1 0

Tageszusammenfassung - Mittwoch 29-06-2016
by Daily end-of-shift report 29 Jun '16

29 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 28-06-2016 18:00 − Mittwoch 29-06-2016 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** How Red Hat uses CVSSv3 to Assist in Rating Flaws *** --------------------------------------------- Humans have been measuring risk since the dawn of time. "Im hungry, do I go outside my awesome cave here and forage for food? There might be something bigger, scarier, and hungrier than me out there...maybe I should wait?" Successfully navigating through life is a series of Risk/Reward calculations made each and every day. Sometimes, ideally, the choices are small ("Do I want fries with that?") while others can lead to catastrophic outcomes if the scenario isnt fully --------------------------------------------- https://access.redhat.com/blogs/766093/posts/CVSSv3 *** How to Compromise the Enterprise Endpoint *** --------------------------------------------- Posted by Tavis Ormandy.Symantec is a popular vendor in the enterprise security market, their flagship product is Symantec Endpoint Protection. They sell various products using the same core engine in several markets, including a consumer version under the Norton brand. Today we're publishing details of multiple critical vulnerabilities that we discovered, including many wormable remote code execution flaws.These vulnerabilities are as bad as it gets. --------------------------------------------- http://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-… *** E-Mail-Verschlüsselung für jedermann: Volksverschlüsselung steht bereit *** --------------------------------------------- Ab sofort können Windows-Nutzer die kostenlose Volksverschlüsselungs-Software nutzen, um E-Mails verschlüsselt über gängige Clients zu verschicken. --------------------------------------------- http://heise.de/-3250728 *** Europäisches Konsortium für cloud-basierte Unterschriften und Siegel gegründet *** --------------------------------------------- Zum Start der eIDAS-Verordnung haben euopäische Signatur-Dienstleister auf Initiative von Adobe das Cloud Signature Consortium (CSC) gegründet. Es soll einen offenen Standard für cloud-basierte Signaturen und Siegel erarbeiten. --------------------------------------------- http://heise.de/-3250807 *** Malware gibt sich als WhatsApp aus und stiehlt Daten *** --------------------------------------------- Auch andere Android-Apps wie Uber oder der Google Play Store wird von der Schadsoftware imitiert, um Kreditkartendaten zu erbeuten. --------------------------------------------- http://futurezone.at/digital-life/malware-gibt-sich-als-whatsapp-aus-und-st… *** Home security systems hacked with 1234 password - Update *** --------------------------------------------- Many smart home security systems come with standard passwords. Potential intruders can deactivate them online and use them to spy on homes - the affected systems are in use in many countries globally. --------------------------------------------- http://www.heise.de/ct/artikel/Home-security-systems-hacked-with-1234-passw… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: WebSphere Application Server Liberty API Discovery feature has potential vulnerability (CVE-2016-2945) *** http://www-01.ibm.com/support/docview.wss?uid=swg21984502 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021361 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in java affect Power Hardware Management Console (CVE-2016-3426 ) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021385 --------------------------------------------- *** IBM Security Bulletin: Cross Site Scripting (XSS) security vulnerabilities in IBM WebSphere Commerce (CVE-2016-2862) *** http://www.ibm.com/support/docview.wss?uid=swg21983625 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Productivity Center (CVE-2016-0363) *** http://www.ibm.com/support/docview.wss?uid=swg21986168 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in Open Source BeanShell has been addressed by IBM Kenexa LCMS Premier (CVE-2016-2510) *** http://www.ibm.com/support/docview.wss?uid=swg21985108 --------------------------------------------- *** IBM Security Bulletin: IBM Tealeaf Customer Experience installers vulnerable to attack (CVE-2016-2542) *** http://www-01.ibm.com/support/docview.wss?uid=swg21981024 --------------------------------------------- *** IBM Security Bulletin: Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2 *** http://www-01.ibm.com/support/docview.wss?uid=swg21985099 --------------------------------------------- *** Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109) *** http://www-01.ibm.com/support/docview.wss?uid=nas8N1021361 --------------------------------------------- *** Security Bulletin: Vulnerabilities in java affect Power Hardware Management Console (CVE-2016-3426 ) *** http://www-01.ibm.com/support/docview.wss?uid=nas8N1021385 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 28-06-2016
by Daily end-of-shift report 28 Jun '16

28 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 27-06-2016 18:00 − Dienstag 28-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Reverse Engineering Malware *** --------------------------------------------- The AlienVault Labs team does a lot of malware analysis as a part of their security research. I interviewed a couple members of our Labs team, including Patrick Snyder, Eddie Lee, Peter Ewane and Krishna Kona, to learn more about how they do it. Here are some of the approaches and tools and .. --------------------------------------------- https://www.alienvault.com/blogs/labs-research/reverse-engineering-malware *** A year of Windows kernel font fuzzing #1: the results *** --------------------------------------------- Post by Mateusz Jurczyk of Google Project ZeroThis post series is about how we used at-scale fuzzing to discover and report a total of 16 vulnerabilities in the handling of TrueType and OpenType fonts in the Windows kernel during the .. --------------------------------------------- http://googleprojectzero.blogspot.com/2016/06/a-year-of-windows-kernel-font… *** Scientology Seeks Captive Converts Via Google Maps, Drug Rehab Centers *** --------------------------------------------- Fake online reviews generated by unscrupulous marketers blanket the Internet these days. Although online review pollution isnt exactly a hot-button consumer issue, there are plenty of cases in which phony reviews may endanger ones life or .. --------------------------------------------- http://krebsonsecurity.com/2016/06/scientology-seeks-captive-converts-via-g… *** Large CCTV Botnet Leveraged in DDoS Attacks *** --------------------------------------------- Our security operations team investigate and mitigate multiple denial of service (DDoS) attacks every single day. One recent case caught our attention because of the .. --------------------------------------------- https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.ht… *** DDoS Extortion - Almost Universally an Empty Threat *** --------------------------------------------- Last year there was an emergence of threats of DDoS against financial websites (that eventually broadened to others) under the DD4BC moniker. Eventually that morphed into Armada Collective with both stopping around .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21199 *** Nuclear goes boom *** --------------------------------------------- Silver medallist exploit kit dies alongside Angler as new top dog doubles rental price Shake ups at the top of the exploit kit world continue, with news the worlds two top pop boxes have disappeared. --------------------------------------------- www.theregister.co.uk/2016/06/28/nuclear_goes_boom/ *** The Latest Android Overlay Malware Spreading via SMS Phishing in Europe *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2016/06/latest-android-overlay… *** Locky-Sprössling: Erpressungs-Trojaner Bart verschlüsselt anders und verlangt hohes Lösegeld *** --------------------------------------------- Sicherheitsforscher beobachteten bei der Ransomware Bart eine neue Methode, Daten als Geisel zu nehmen. --------------------------------------------- http://heise.de/-3250058 *** Cybersicherheit: "Sehr viel Wissen wird nicht umgesetzt" *** --------------------------------------------- Beim Start-up-Wettbewerb Security Rockstars werden innovative Sicherheitslösungen gesucht. Einreichungen sind noch bis zum 15. Juli möglich. --------------------------------------------- http://futurezone.at/thema/start-ups/cybersicherheit-sehr-viel-wissen-wird-… *** Verschlüsselungs-Trojaner verleibt sich Zimbra-Mails ein *** --------------------------------------------- Die Schädling ZimbraCryptor infiziert die Zimbra Collaboration Suite und verschlüsselt alle Daten im E-Mail-Ordner. Dafür muss sich ein Angreifer aber in einen Zimbra-Server hacken. --------------------------------------------- http://heise.de/-3250331 *** Press conference with Minister of Interior Wolfgang Sobotka, KSÖ and SBA: Security Rockstars *** --------------------------------------------- Er hoffe auf “frische und unkonventionelle Herangehensweisen an Cybersicherheitsthemen, sagte Innenminister Wolfgang Sobotka (ÖVP) am Mittwoch bei einem Pressegespräch .. --------------------------------------------- https://www.sba-research.org/2016/06/28/pressegesprach/

1 0

Tageszusammenfassung - Montag 27-06-2016
by Daily end-of-shift report 27 Jun '16

27 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 24-06-2016 18:00 − Montag 27-06-2016 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** Economical With The Truth: Making DNSSEC Answers Cheap *** --------------------------------------------- We launched DNSSEC late last year and are already signing 56.9 billion DNS record sets per day. At this scale, we care a great deal about compute cost. One of the ways we .. --------------------------------------------- https://blog.cloudflare.com/black-lies/ *** Security Advisory: Multiple Wireshark (tshark) vulnerabilities *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/87/sol87669052.html *** Security Advisory: Multiple Wireshark (tshark) vulnerabilities *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/01/sol01837042.html *** Option CloudGate Insecure Direct Object References Authorization Bypass *** --------------------------------------------- Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass .. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5333.php *** Bart - a new Ransomware *** --------------------------------------------- Phishme is reporting the discovery of a new ransomwarewhich its creators have named Bart. Bart shares several commonalities with the Locky ransomware. Bart is delivered by thesame downloader, RockLoader. The payment .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21195 *** Zwei populäre Exploit-Kits schlagartig verschwunden *** --------------------------------------------- Sicherheitsforscher haben seit mehreren Wochen keine Aktivitäten mehr durch die vormals bei Cyber-Ganoven beliebten Exploit-Kits Angler und Nuclear festgestellt. --------------------------------------------- http://heise.de/-3248999 *** How executives really feel about infosec reports *** --------------------------------------------- More than half of IT and security executives will lose their jobs as a result of failing to provide useful, actionable information. While the majority of board members say they understand everything they�re being told by IT and security .. --------------------------------------------- https://www.helpnetsecurity.com/2016/06/27/executives-infosec-reports/ *** Hackers peer into Uber passenger privates, find and plot trips on maps *** --------------------------------------------- Brute force efforts reveal 1000 discount codes Three hackers have found eight holes in Uber that could allow fake drivers to be created and user email addresses reveal, .. --------------------------------------------- www.theregister.co.uk/2016/06/27/hackers_peer_into_uber_passenger_privates_… *** Annual FiRST Conference Wrap-up *** --------------------------------------------- The 28th FiRST security event was held in - the land of morning calms' capital, Seoul this past June 12-17, 2016. This is the yearly conference for all CERT .. --------------------------------------------- https://blog.fortinet.com/2016/06/23/annual-first-conference-wrap-up *** The Threatening Evolution of Exploit Kits *** --------------------------------------------- Exploit Kits, even more sophisticated and profitable Exploit kits are rapidly evolving, threat actors improve them on a daily basis by adding the code for the exploitation of the most recent vulnerabilities. In October 2015, .. --------------------------------------------- http://resources.infosecinstitute.com/the-threatening-evolution-of-exploit-… *** Unechte PayLife-Mail: Verdacht auf Ihre letzte Transaktion *** --------------------------------------------- Mit einer unechten Benachrichtigung von PayLife versuchen Kriminelle, an Kontoinformationen von Opfern zu gelangen. Um das Ziel zu erreichen, behaupten sie, dass es bei der letzten PayLife-Transaktion zu Unstimmigkeiten gekommen sei. Aus .. --------------------------------------------- https://www.watchlist-internet.at/phishing/unechte-paylife-mail-verdacht-au… *** EU finanziert Code-Review: Open-Source-Projekte gesucht *** --------------------------------------------- Mit einem Pilotprojekt will die EU die IT-Sicherheit verbessern. Nun sind die Nutzer gefragt: Welches Open Souce-Projekt sollte einen Sicherheits-Check bekommen? --------------------------------------------- http://heise.de/-3249615 *** How to Backdoor Diffie-Hellman *** --------------------------------------------- Abstract: Lately, several backdoors in cryptographic constructions, protocols and implementations have been surfacing in the wild: Dual-EC in RSAs B-Safe product, a modified Dual-EC in Junipers operating system ScreenOS and a .. --------------------------------------------- https://eprint.iacr.org/2016/644 *** The Curious Case of an Unknown Trojan Targeting German-Speaking Users *** --------------------------------------------- Last week, an unidentified malware was discovered and circulated on Twitter by researcher @JAMES_MHT. Many researchers - including us - were unable to identify the malware so we decided to dig a bit further. In this post, .. --------------------------------------------- https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-…

1 0

Tageszusammenfassung - Freitag 24-06-2016
by Daily end-of-shift report 24 Jun '16

24 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 23-06-2016 18:00 − Freitag 24-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Crypto Wars: Neue Bundesbehörde soll Verschlüsselung knacken *** --------------------------------------------- Immer mehr Kommunikationsdienste verschlüsseln Nachrichten und schützen sie vor fremden Zugriffen. Die Bundesregierung will dem offenbar nicht tatenlos zusehen und eine Behörde mit dem Knacken der Kryptographie beauftragen. --------------------------------------------- http://heise.de/-3247957 *** PCI Compliance for eCommerce – Choosing Between SAQ A and A-EP *** --------------------------------------------- The Payment Card Industry Data Security Standards (PCI DSS) is a set of security standards established in a joint venture between a number of the top credit card issuers in the world – Visa, MasterCard, American Express, .. --------------------------------------------- https://blog.sucuri.net/2016/06/navigating-pci-self-assessment-questionnair… *** How to: Testing Android Application Security, Part 2 *** --------------------------------------------- The popularity of Android devices and applications makes it a target for malware and other threats. This post is the second in a short series on Android .. --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/testing-android-application-security-p… *** Necurs Botnet is Back, Updated With Smarter Locky Variant *** --------------------------------------------- After a mysterious three weeks off the grid, Necurs has returned to spewing massive volumes of email containing improved versions of the potent Locky ransomware and Dridex banking Trojan. --------------------------------------------- http://threatpost.com/necurs-botnet-is-back-updated-with-smarter-locky-vari… *** Rockwell Automation Allen-Bradley Stratix 5400 and 5410 Packet Corruption Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a resource management vulnerability in Rockwell Automation’s Allen-Bradley Stratix 5400 and Allen-Bradley Stratix 5410 industrial networking switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-175-01 *** Unitronics VisiLogic OPLC IDE vlp File Parsing Stack Buffer Overflow Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a buffer overflow vulnerability in the Unitronics VisiLogic. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-175-02 *** Meinberg NTP Time Server Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for a stack buffer overflow vulnerability and a privilege escalation vulnerability in Meinberg’s NTP Time Servers Interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03 *** About Lenovo Solution Center 3.3.002 Vulnerabilities (CVE-2016-5249) *** --------------------------------------------- After patching set of issues reported by Trustwave SpiderLabs last month, Lenovo released another version of its Lenovo Solution Center software to address new security .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/About-Lenovo-Solution-Center… *** Sicherheitslücke in Alarmanlagen von ABUS und Climax *** --------------------------------------------- Vernetzte Alarmanlagen sollen für Sicherheit und mehr Bedienkomfort sorgen. Durch eine Sicherheitslücke können Angreifer jedoch auf viele Systeme zugreifen – übers Internet. --------------------------------------------- http://heise.de/-3247868 *** WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting *** --------------------------------------------- http://jvn.jp/en/jp/JVN55826471/ *** WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting *** --------------------------------------------- http://jvn.jp/en/jp/JVN95082904/ *** WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection *** --------------------------------------------- http://jvn.jp/en/jp/JVN47363774/ *** [2016-06-24] ASUS DSL-N55U cross site scripting and information disclosure vulnerability *** --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016… *** Erpressungs-Trojaner: Neue Locky-Welle infiziert Computer *** --------------------------------------------- Wer dieser Tage eine E-Mail mit Dateianhang bekommt, sollte diese noch kritischer als sonst beäugen: Aktuell verbreitet sich der Verschlüsselungs-Trojaner Locky erneut vornehmlich über vermeintliche Bewerbungs-Mails in Deutschland. --------------------------------------------- http://heise.de/-3248277 *** How to Spot Ingenico Self-Checkout Skimmers *** --------------------------------------------- A KrebsOnSecurity story last month about credit card skimmers found in self-checkout lanes at some Walmart locations got picked up by quite a few publications. Since then Ive heard from several readers who work at retailers that use .. --------------------------------------------- http://krebsonsecurity.com/2016/06/how-to-spot-ingenico-self-checkout-skimm… *** Pretty Good Privacy: 40 Jahre Diffie-Hellman *** --------------------------------------------- Am 23. Juni 1976 präsentierten Whitfield Diffie und Martin Hellman ihren Ansatz eines asymmetrischen Verschlüsselungsverfahren auf dem "Symposium on Information Theory" im schwedischen Ronneby. --------------------------------------------- http://heise.de/-3248793

1 0

Tageszusammenfassung - Donnerstag 23-06-2016
by Daily end-of-shift report 23 Jun '16

23 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 22-06-2016 18:00 − Donnerstag 23-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** After Angler: Shift in Exploit Kit Landscape and New Crytpo-Ransomware Activity *** --------------------------------------------- Early this year, we reported that in 2015, Angler came out as the top exploit kit, having contributed 59.5% in the total exploit kit activity for the year. Now, there's barely any pulse left.After the arrest of 50 people accused of using malware to steal US$25 million, it is interesting to .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/angler-shift-ek-… *** ZDI-16-373: Trend Micro Deep Discovery hotfix_upload.cgi filename Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery. Authentication is required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-373/ *** Fraudsters are Buying IPv4 Addresses *** --------------------------------------------- IPv4 addresses are valuable, so criminals are figuring out how to buy or steal them.Hence criminals interest in ways to land themselves IP addresses, some of which were detailed this week by ARINs senior director of global registry knowledge, Leslie Nobile, at the North American Network Operators .. --------------------------------------------- https://www.schneier.com/blog/archives/2016/06/fraudsters_are_.html *** WordPress 4.5.3 release mends eight security flaws, 17 bugs *** --------------------------------------------- WordPress has released version 4.5.3 of its content management system, fixing eight security vulnerabilities that surfaced in previous versions, as well as 17 other bugs. --------------------------------------------- http://www.scmagazine.com/wordpress-453-release-mends-eight-security-flaws-… *** Cisco Unified Contact Center Enterprise Web-Based Management Interface Cross-Site Scripting Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Email Security Appliance .zip File Scanning Security Bypass Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** TLS Certificate Validation Vulnerability in Citrix iOS Receiver *** --------------------------------------------- http://support.citrix.com/article/CTX213998 *** Rise of Darknet Stokes Fear of The Insider *** --------------------------------------------- With the proliferation of shadowy black markets on the so-called "darknet" -- hidden crime bazaars that can only be accessed through special software that obscures ones true location online -- it has never been easier for disgruntled employees to harm their current or former employer. At least, this is the fear driving a growing stable of companies seeking technical solutions to detect would-be insiders. --------------------------------------------- http://krebsonsecurity.com/2016/06/rise-of-darknet-stokes-fear-of-the-insid… *** Linux Kernel ROP - Ropping your way to # (Part 2) *** --------------------------------------------- Introduction In Part 1 of this tutorial, we have demonstrated how to find useful ROP gadgets and build a privilege escalation ROP chain for our test system (3.13.0-32 kernel - Ubuntu 12.04.5 LTS). We have also developed a vulnerable kernel .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP---Ropp… *** Kritische Sicherheitslücken in libarchive gefährden FreeBSD & Co. *** --------------------------------------------- Sicherheitsforscher entdecken drei schwerwiegende Sicherheitslücken in der Open-Source-Biblitohek libarchive. Patches stehen noch nicht nicht für alle Tools bereit, die auf libarchive setzen. --------------------------------------------- http://heise.de/-3246535 *** Krypto-Trojaner Cerber: Angebliche Mediamarkt-Bestellung kommt Empfänger teuer zu stehen *** --------------------------------------------- Online-Erpresser verschicken derzeit Mails, die vorgeben, dass ein bei Mediamarkt.de besteller Artikel in Kürze geliefert wird. Wer die Bestellung einsehen oder stornieren will, handelt sich einen Krypto-Trojaner ein. --------------------------------------------- http://heise.de/-3246780 *** RFC 7905: ChaCha20-Verschlüsselung für TLS standardisiert *** --------------------------------------------- Mit RFC 7905 gibt es nun eine Spezifikation, um den Verschlüsselungsalgorithmus ChaCha20 im Poly1305-Modus in TLS zu nutzen. Der von Dan Bernstein entwickelte Algorithmus ist insbesondere auf .. --------------------------------------------- http://www.golem.de/news/rfc-7905-chacha20-verschluesselung-fuer-tls-standa… *** Apple gibt erstmals Einblick in Kern von iPhone-Betriebssystem iOS10 *** --------------------------------------------- In der Beta-Variante der nächsten Version iOS 10 ist der Kernel nicht verschlüsselt --------------------------------------------- http://derstandard.at/2000039668786 *** Unpatched Remote Code Execution Flaw Exists in Swagger *** --------------------------------------------- Researchers at Rapid7 found a vulnerability in the Swagger Code Generator that could execute arbitrary code embedded in a Swagger document. --------------------------------------------- http://threatpost.com/unpatched-remote-code-execution-flaw-exists-in-swagge… *** Redefining how we share our security data. *** --------------------------------------------- Red Hat Product Security has long provided various bits of machine-consumable information to customers and users via our Security Data page. Today we are pleased to announce that we have made it even easier to access and .. --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2387601 *** Defending Our Brand *** --------------------------------------------- Some months ago, it came to our attention that Comodo Group, Inc., is attempting to register at least three trademarks for the term "Let's Encrypt" for a variety of CA-related services. These trademark applications were .. --------------------------------------------- https://letsencrypt.org//2016/06/23/defending-our-brand.html *** Fünf Millionen Zertifikate: Lets Encrypt wächst rasant *** --------------------------------------------- Innerhalb von drei Monaten hat Let's Encrypt die Gesamtanzahl von kostenlos ausgestellten SSL-/TLS-Zertifikaten verfünffacht. --------------------------------------------- http://heise.de/-3247077

1 0

Tageszusammenfassung - Mittwoch 22-06-2016
by Daily end-of-shift report 22 Jun '16

22 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 21-06-2016 18:00 − Mittwoch 22-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Macro Malware Adds Tricks, Uses MaxMind to Avoid Detection *** --------------------------------------------- Macro malware continues to evolve and use new tricks to evade detection. This threat is responsible for downloading malicious Trojans such as Dridex and ransomware such as Locky. Recently McAfee Labs has encountered a new variant of macro .. --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/macro-malware-adds-tricks-uses-maxmind… *** Advantech WebAccess ActiveX Vulnerabilities *** --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 *** Schneider Electric PowerLogic PM8ECC Cross-site Scripting Vulnerability *** --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-173-02 *** DHL Packstation: Sicherheitslücke begünstigt Missbrauch der fast 3000 Paketautomaten *** --------------------------------------------- Durch eine Sicherheitslücke konnten Online-Ganoven unnötig leicht auf die Paketfächer der rund acht Millionen Packstation-Nutzer zugreifen. Als DHL das Problem bestritt, hat c't es selbst versucht. --------------------------------------------- http://heise.de/-3243343 *** Hacker, Bromium donate $30,000 in bug bounty cash to charity *** --------------------------------------------- Google hacker Tavis Ormandy and security firm Bromium have handed Amnesty International US$30,000 in bug bounty cash awarded after the former broke the latters security controls. --------------------------------------------- www.theregister.co.uk/2016/06/22/hacker_bromium_donate_30000_in_bug_bounty_… *** ENISA discusses cyber challenges of the digital transformation *** --------------------------------------------- https://www.enisa.europa.eu/news/executive-news/enisa-discusses-cyber-chall… *** DNS-Sicherheitslücke bei Apple: Weitere Plattformen betroffen *** --------------------------------------------- Neben den AirPort-Basisstationen sind auch iOS, OS X und watchOS von einer kritischen Lücke betroffen .. --------------------------------------------- http://heise.de/-3244645 *** E-Mail-Verschlüsselung: EU-Kommission hat Angst vor verschlüsseltem Spam *** --------------------------------------------- PGP ist sicher, aber in der Handhabung oft kompliziert, gerade in grossen Unternehmen. Die EU-Kommission will die Technik in einem Pilotprojekt für alle Mitarbeiter einführen. Eine Angst geht dabei um: die vor verschlüsselten Spammails. --------------------------------------------- http://www.golem.de/news/e-mail-verschluesselung-eu-kommission-hat-angst-vo… *** KSN Report: Ransomware from 2014-2016 *** --------------------------------------------- The number of users attacked with ransomware is huge. But how big is it? Ransomware seems to be a global threat. But maybe there are regions at a higher risk of danger? There seem to be a lot of ransomware malware groups. But what are the most widespread and dangerous? --------------------------------------------- http://securelist.com/analysis/publications/75145/pc-ransomware-in-2014-201… *** Microsofts entrauscht homomorphe Krypto-Library SEAL *** --------------------------------------------- Das Rechnen mit verschlüsselten Daten rückt heran. Durch einen Wechsel des zugrundeliegenden Krypto-Systems will Microsoft die homomorphe Verschlüsselung auf eine neue Stufe heben. --------------------------------------------- http://heise.de/-3243299 *** Exploiting Public Information for OSINT *** --------------------------------------------- Open source intelligence is an act of finding the information using publicly available sources; these sources could be anything, for instance; newspaper, business directories, annual reports, etc. And the scope of OSINT is not only limited to .. --------------------------------------------- http://resources.infosecinstitute.com/exploiting-public-information-for-osi… *** Online-Backup-Anbieter Carbonite fordert Nutzer zu Passwort-Reset auf *** --------------------------------------------- Wegen einer vermehrten Anzahl von unautorisierten Zugriffen auf Accounts sollten Nutzer des Online-Backup-Services Carbonite ihr Passwort zurücksetzen. --------------------------------------------- http://heise.de/-3245465 *** Return of Locky *** --------------------------------------------- There's been a lot of discussion recently of the Necurs botnet being quiet. Today, Necurs activity resumed, and a new Locky malspam campaign began! Let's look at it! --------------------------------------------- https://malcat.moe/?p=53 *** Interview with a Craigslist scammer *** --------------------------------------------- Ever wondered what motivates people who swindle others on Craigslist? Read on for a fascinating look into the mind of a small-time .. --------------------------------------------- http://www.infoworld.com/article/3086304/cyber-crime/interview-with-a-craig… *** 105.386 Österreicher von LinkedIn-Datenleck betroffen *** --------------------------------------------- In der Datenbank des Karriere-Netzwerks LinkedIn befanden sich insgesamt 15.386 österreichische Mail-Adressen und 76.344 Passwörter. --------------------------------------------- http://futurezone.at/digital-life/105-386-oesterreicher-von-linkedin-datenl… *** Vulnerability Spotlight: Pidgin Vulnerabilities *** --------------------------------------------- Pidgin is a universal chat client that is used on millions of systems worldwide. The Pidgin chat client enables you to communicate on multiple chat networks simultaneously. Talos has identified multiple vulnerabilities in the way Pidgin handles the MXit .. --------------------------------------------- http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html

1 0

Tageszusammenfassung - Dienstag 21-06-2016
by Daily end-of-shift report 21 Jun '16

21 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 20-06-2016 18:00 − Dienstag 21-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Exploiting Recursion in the Linux Kernel *** --------------------------------------------- On June 1st, I reported an arbitrary recursion bug in the Linux kernel that can be triggered by a local user on Ubuntu if the system was installed with home directory encryption support. If you want to see the crasher, the exploit .. --------------------------------- http://googleprojectzero.blogspot.com/2016/06/exploiting-recursion-in-linux… *** USN-3012-1: Wget vulnerability *** --------------------------------------------- Dawid Golunski discovered that Wget incorrectly handled filenames whenbeing redirected from an HTTP to an FTP URL. --------------------------------------------- http://www.ubuntu.com/usn/usn-3012-1/ *** USN-3011-1: HAProxy vulnerability *** --------------------------------------------- Falco Schmutz discovered that HAProxy incorrectly handled the reqdenyfilter. --------------------------------------------- http://www.ubuntu.com/usn/usn-3011-1/ *** Reverse-engineering DUBNIUM's Flash-targeting exploit *** --------------------------------------------- The DUBNIUM campaign in December involved one exploit in-the-wild that affected Adobe Flash Player. In this blog, we're going to examine the technical details of the exploit that targeted vulnerability CVE-2015-8651. For .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/06/20/reverse-engineering-dub… *** Cisco Integrated Services Routers OpenSSH TCP Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco 8800 Series IP Phone Directory Traversal Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Red Line Drawn: China Recalculates Its Use of Cyber Espionage *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2016/06/red-line-drawn-china-e… *** Hacker erbeuten Kunden-Daten aus Acers Online-Shop *** --------------------------------------------- Unbekannte Datendiebe haben offensichtlich den nordamerikanischen Online-Shop von Acer geentert und Daten von Kunden kopiert. Darunter könnten dem Hersteller zufolge auch Kreditkarten-Daten inklusive Sicherheitscodes sein. --------------------------------------------- http://heise.de/-3242703 *** Unbefugte schleichen sich in GoToMyPC-Konten *** --------------------------------------------- Aufgrund unbefugter Zugriffe auf Nutzer-Konten, hat der Anbieter der Fernwartungs-Software GoToMyPC die Passwörter .. --------------------------------------------- http://heise.de/-3242747 *** Phishing mit gestohlenem iPhone *** --------------------------------------------- Kriminelle stehlen iPhones. Nach rund einer Woche melden sie sich bei ihren Opfern mit einer vermeintlich echten SMS von Apple. In ihr ist davon die Rede, dass das .. --------------------------------------------- https://www.watchlist-internet.at/phishing/phishing-mit-gestohlenem-iphone/ *** Apple: Mysteriöse Lücke in Airport-Router gepatcht *** --------------------------------------------- Der Airport-Router und Time-Capsule von Apple haben offenbar Probleme mit bestimmten DNS-Anfragen. Die Sicherheitslücke wurde jetzt geschlossen, möglicherweise konnten Angreifer das Netzwerk der Nutzer kompromittieren. --------------------------------------------- http://www.golem.de/news/apple-mysterioese-luecke-in-airport-router-gepatch… *** Poorly crafted LogMeIn password reset email looks phishy, but isn't *** --------------------------------------------- LogMeIn has been sending out password reset emails to some of its customers, to prevent account hijacking fuelled by the recent spate of massive login credential leaks. Unfortunately, their own legitimate email .. --------------------------------------------- https://www.helpnetsecurity.com/2016/06/21/poorly-crafted-logmein-password-… *** Zwei-Faktor-Authentifizierung: Smartphone als zweiter Schlüssel fürs Google-Konto *** --------------------------------------------- Wer die Zwei-Faktor-Authentifizierung für sein Google-Konto nutzt, muss ab sofort neben seinem Passwort keine Codes mehr eingeben, sondern kann direkt sein Smartphone zur Anmeldung nutzen. --------------------------------------------- http://heise.de/-3243338 *** Flash: Mac OS X blockiert wieder alte Versionen *** --------------------------------------------- Apples Browser Safari unterstützt das Flash-Plug-in nur noch, wenn es auf dem aktuellen Stand ist. Adobe hatte vor wenigen Tagen kritische Schwachstellen geschlossen, darunter eine Zero-Day-Lücke. --------------------------------------------- http://heise.de/-3243340 *** Finding Browser Extensions To Hunt Evil! *** --------------------------------------------- Browser extensions, sometimes called plug-ins or add-ons, provide all types of wondrous functionality on top of the web browser, some of which may be actually wanted by the user! These little gems, however, have also proved valuable .. --------------------------------------------- https://labs.opendns.com/2016/06/16/finding-browser-extensions-find-evil/

1 0

Tageszusammenfassung - Montag 20-06-2016
by Daily end-of-shift report 20 Jun '16

20 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 17-06-2016 18:00 − Montag 20-06-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Locky, Dridex, and Angler among cybercrime groups to experience fall in activity *** --------------------------------------------- There has been a sudden drop off in activity relating to a number of major malware families in recent weeks. Dridex (W32.Cridex), Locky (Trojan.Cryptolocker.AF), the Angler exploit kit and Necurs (Backdoor.Necurs), are among the threats who appear affected by this development. --------------------------------------------- http://www.symantec.com/connect/blogs/locky-dridex-and-angler-among-cybercr… *** Erpressungs-Trojaner RAA kommt mit Passwort-Dieb im Huckepack daher *** --------------------------------------------- Der Computer-Schädling RAA soll nicht nur Daten als Geisel nehmen und ein Lösegeld verlangen, sondern auch einen Trojaner mitbringen, der Passwörter abgreift. --------------------------------------------- http://heise.de/-3242139 *** You Acer holes! PC maker leaks payment cards in e-store hack *** --------------------------------------------- Lost info includes names, addresses, numbers and security codes Acers insecure customer database spilled peoples personal information - including full payment card numbers - into hackers hands for more than a year. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/06/17/what_a_pain… *** New Ransomware Written Entirely In JavaScript *** --------------------------------------------- An anonymous reader writes: Security researchers have discovered a new form of ransomware written entirely in JavaScript and using the CryptoJS library to encode a users files. Researchers say the file is being distributed through email attachments, according to SC Magazine, which reports that "Opening the attachment kicks off a series of steps that not only locks up the victims files, but also downloads some additional malware onto the target computer. ... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/MLUCGZ3AfdM/new-ransomware-… *** GoToMyPC remote desktop service resets all passwords in wake of attack *** --------------------------------------------- GoToMyPC, a remote computer administration service offered by Citrix, has forced a password reset for all customers in the wake of what they call a 'very sophisticated password attack.' Effective immediately, you will be required to reset your GoToMyPC password before you can login again, the company told customers via email on Sunday, and advised them to use their regular GoToMyPC login link to reset the password, or go through the 'Forgot Password' link --------------------------------------------- https://www.helpnetsecurity.com/2016/06/20/gotomypc-resets-passwords/ *** Understanding Critical Windows Artifacts and Their Relevance During Investigation-Part 1 *** --------------------------------------------- In this article, we will learn about critical Windows artifacts, what they mean, where they are located in the system, what can be inferred from them and how can they help in actual during the investigation. This will be a series of articles and in Part 1, we will learn about the NTFS timestamps which ... --------------------------------------------- http://resources.infosecinstitute.com/understanding-critical-windows-artifa… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL and a vulnerability in GNU glibc affect IBM Security Proventia Network Enterprise Scanner *** http://www-01.ibm.com/support/docview.wss?uid=swg21984794 --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2016-0399) *** http://www-01.ibm.com/support/docview.wss?uid=swg21984134 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2016-0341) *** http://www-01.ibm.com/support/docview.wss?uid=swg21985111 --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco IOS XE Software SNMP Subsystem Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco cBR-8 Series Converged Broadband Router SNMP Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 17-06-2016
by Daily end-of-shift report 17 Jun '16

17 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 16-06-2016 18:00 − Freitag 17-06-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** SAP patches three-year-old vulnerability, plus 20 more flaws *** --------------------------------------------- SAP this week patched 21 product vulnerabilities, including an information disclosure flaw that was originally disclosed more than three years ago. --------------------------------------------- http://www.scmagazine.com/sap-patches-three-year-old-vulnerability-plus-20-… *** X86 Shellcode Obfuscation - Part 3 *** --------------------------------------------- Last time, Ive added obfuscation support for most common x86 instructions, which allowed to process the obfuscation output several times in order to get even better results. The obfuscated code output now, while being pretty well obfuscated, still is pretty easy to navigate as the execution flow is not changed. I will fix it this episode as I explain methods of implementing full blown execution flow obfuscation by injecting dozens of jumps to make the code output unrecognizable. --------------------------------------------- https://breakdev.org/x86-shellcode-obfuscation-part-3/ *** ENISA: Free online tool for the notification of personal data breaches *** --------------------------------------------- The purpose of the tool is to allow data controllers to complete and submit online a personal data breach notification to the competent authority (DPA/NRA). The tool covers all types of personal data breaches and business sectors, whether public or private. Based on the input of the notification, the tool also provides to the competent authority an assessment of the severity of the breach. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/free-online-tool-for-the-notifi… *** GitHub: Anmeldeversuche mit auf anderen Sites gestohlenen Zugangsdaten *** --------------------------------------------- Das GitHub-Team hat zahlreiche Log-in-Versuche festgestellt, die teilweise erfolgreich waren. Offensichtlich haben Hacker versucht, sich mit auf anderen Sites gestohlenen Zugangsdaten anzumelden. --------------------------------------------- http://heise.de/-3240522 *** Kryptowährung: Einbrecher stehlen 56 Millionen US-Dollar in Ether - fast *** --------------------------------------------- Sicherheitslücke bei der Bitcoin-Alternative Ethereum: Angreifer konnten 3,5 Millionen Einheiten der Ether stehlen. Eine ungewöhnliche Maßnahme soll aber verhindern, dass das Geld auch wirklich ausgezahlt wird. --------------------------------------------- http://www.golem.de/news/kryptowaehrung-einbrecher-stehlen-56-millionen-us-… *** Security updates available for Adobe Flash Player (APSB16-18) and Adobe AIR (APSB16-23) *** --------------------------------------------- Adobe has published a Security Bulletin (APSB16-18) regarding security updates that address critical vulnerabilities in Adobe Flash Player. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1371 *** Bugtraq: [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player *** --------------------------------------------- http://www.securityfocus.com/archive/1/538699 *** Cisco Prime Network Registrar System Configuration Protocol Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Bugtraq: User enumeration in Skype for Business 2013 *** --------------------------------------------- http://www.securityfocus.com/archive/1/538697 *** Bugtraq: [SECURITY] [DSA 3604-1] drupal7 security update *** --------------------------------------------- http://www.securityfocus.com/archive/1/538696 *** Python urllib HTTP Header Injection *** --------------------------------------------- Topic: Python urllib HTTP Header Injection Risk: Low Text:Pythons built-in URL library ("urllib2" in 2.x and "urllib" in 3.x) is vulnerable to protocol stream injection attacks (a.k.a... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016060130 *** Solarwinds Virtualization Manager 6.3.1 Java Deserialization *** --------------------------------------------- Topic: Solarwinds Virtualization Manager 6.3.1 Java Deserialization Risk: High Text:Java Deserialization in Solarwinds Virtualization Manager 6.3.1 Product: Solarwinds Virtualization Manager Vendor: Solarwin... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016060126 *** Json2Html Cross Site Scripting *** --------------------------------------------- Topic: Json2Html Cross Site Scripting Risk: Low Text:# Exploit Title: Json2Html Javascript Library - Reflective/Persistant XSS # Date: 0 day # Exploit Author: David Silveiro # E... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016060123 *** Gemalto Sentinel License Manager 18.0.1 Directory Traversal *** --------------------------------------------- Topic: Gemalto Sentinel License Manager 18.0.1 Directory Traversal Risk: Medium Text:Gemalto Sentinel License Manager 18.0.1 Directory Traversal Vulnerability Vendor: Gemalto NV | SafeNet, Inc Product we... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016060121 *** Security Advisory - Insufficient Input Validation Vulnerability in the FusionInsight *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160617-… *** Moxa PT-7728 Series Switch Improper Authorization Vulnerability *** --------------------------------------------- This advisory contains mitigation details for an improper authorization vulnerability in Moxa's Industrial Ethernet Switch PT-7728 series. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-168-01 *** sol64505405: NTP vulnerability CVE-2016-4956 *** --------------------------------------------- This vulnerability can only be exposed if the ntp.conf file is manually edited to enable "broadcastclient" mode in network time protocol (NTP). --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/k/64/sol64505405.html *** sol14969: BIG-IP Edge and FirePass client information leakage vulnerability CVE-2013-6024 *** --------------------------------------------- The Edge Client components in F5 BIG-IP APM, BIG-IP Edge Gateway, and FirePass allow attackers to obtain sensitive information from process memory via unspecified vectors. (CVE-2013-6024) An attacker with sufficient local privileges on a client machine running Windows or Mac OS X may be able to gain access to a users APM password. Note: This vulnerability is limited to the BIG-IP Edge Client and FirePass legacy client for Windows and Mac OS X only; it does not impact the BIG-IP or FirePass host. --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/14000/900/sol14969.html *** sol82644737: NTP vulnerability CVE-2016-4954 *** --------------------------------------------- Impact: The NTP service may be disrupted. Security Issue Status: F5 Product Development has assigned ID 597023 (BIG-IP), ID 598184 (BIG-IQ), ID 598186 (Enterprise Manager), and LRS-60784 (LineRate) to this vulnerability. --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/k/82/sol82644737.html *** IBM Security Bulletin: Vulnerability identified in IBM Java SDK affect WebSphere Service Registry and Repository Studio (CVE-2016-3426) *** --------------------------------------------- A vulnerability in IBM SDK Java Technology Edition, Version 6 that is shipped with IBM WebSphere Service Registry and Repository Studio. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): CVE-2016-3426 Affected product(s) and affected version(s): WebSphere Service Registry and Repository Studio V8.5, V8.0, V7.5 and V7.0 are... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21985335 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) *** --------------------------------------------- OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors. IBM b-type SAN firmware has addressed the applicable CVEs. CVE(s): CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794 Affected product(s) and affected version(s): IBM b-type switches and directors running FOS versions prior to 7.4.1c are affected. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1006391

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily June 2016