Daily June 2016

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - Donnerstag 16-06-2016
by Daily end-of-shift report 16 Jun '16

16 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 15-06-2016 18:00 − Donnerstag 16-06-2016 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** Estonia - Cryptographic Algorithms Lifecycle Report 2016 published *** --------------------------------------------- Estonian Information System Authority (RIA) and Cybernetica have published the "Cryptographic Algorithms Lifecycle Report 2016". --------------------------------------------- https://www.enisa.europa.eu/about-enisa/structure-organization/national-lia… *** TLS Certificate Validation Vulnerability in Citrix iOS Receiver *** --------------------------------------------- A vulnerability has been identified in Citrix iOS Receiver that could result in TLS certificates being incorrectly validated. This vulnerability has been assigned the following CVE number: CVE-2016-5433: TLS Certificate Validation Vulnerability in Citrix iOS Receiver. This vulnerability affects all versions of Citrix iOS Receiver earlier than 7.0. This vulnerability does not affect Citrix Receivers on any other platforms. --------------------------------------------- http://support.citrix.com/article/CTX213998 *** Citrix XenServer Security Update for CVE-2016-5302 *** --------------------------------------------- A security vulnerability has been identified in XenServer 7.0 that may allow an attacker on the management network who is in possession of Active Directory credentials for an AD account that is not authorised to manage a XenServer host to compromise that host. The following vulnerability has been addressed: CVE-2016-5302 (Low): Incorrect host management AD authentication --------------------------------------------- http://support.citrix.com/article/CTX213549 *** Views - Less Critical - Access Bypass - SA-CONTRIB-2016-036 *** --------------------------------------------- Project: Views (third-party module) Version: 7.x Date: 2016-June-15 Security risk: 7/25 ( Less Critical) Vulnerability: Access bypass DescriptionAn access bypass vulnerability exists in the Views module, where users without the "View content count" permission can see the number of hits collected by the Statistics module for results in the view. --------------------------------------------- https://www.drupal.org/node/2749333 *** Trend Micro: Sicherheitsfirma findet trojanisierte Teamviewer-Versionen *** --------------------------------------------- Wurde Teamviewer gehackt oder nicht? In den vergangenen Wochen beschwerten sich Hunderte Nutzer über Kriminelle, die über Teamviewer Konten plünderten. Der Hersteller selbst verwies auf schlechte Passwörter - eine Sicherheitsfirma hat jetzt eine weitere Idee. --------------------------------------------- http://www.golem.de/news/trend-micro-sicherheitsfirma-findet-trojanisierte-… *** Deep Discovery Inspector vulnerable to remote code execution *** --------------------------------------------- Deep Discovery Inspector provided by Trend Micro Incorporated contains a remote code execution vulnerability. --------------------------------------------- http://jvn.jp/en/jp/JVN55428526/ *** Facebook Privacy & Security Guide: Everything You Need to Know [Updated] *** --------------------------------------------- Facebook grew in the past years to become the largest online social network in the world. It spread so much that even our parents, neighbors and distant relatives, even from remote areas of the country, now constantly use it. It's the place where everybody is active, from friends, family, work colleagues, old school friends to ... --------------------------------------------- https://heimdalsecurity.com/blog/facebook-security-privacy-guide/ *** Bugtraq: [security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information *** --------------------------------------------- [security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information --------------------------------------------- http://www.securityfocus.com/archive/1/538693 *** Bugtraq: [security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties *** --------------------------------------------- [security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties --------------------------------------------- http://www.securityfocus.com/archive/1/538692 *** Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-002 *** --------------------------------------------- Project: Drupal core Version: 7.x, 8.x Security risk: 11/25 ( Moderately Critical) Vulnerability: Access bypass, Multiple vulnerabilities Description Saving user accounts can sometimes grant the user all roles --------------------------------------------- https://www.drupal.org/SA-CORE-2016-002 *** Cisco Security Advisories *** --------------------------------------------- *** Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Cross-Site Request Forgery Vulnerability in IBM WebSphere Portal (CVE-2016-2901) *** http://www-01.ibm.com/support/docview.wss?uid=swg21983974 --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Application platform is vulnerable to a cross-site scripting attack. (CVE-2016-2883) *** http://www.ibm.com/support/docview.wss?uid=swg21985158 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in BeanShell affects IBM Leads (CVE-2016-2510) *** http://www.ibm.com/support/docview.wss?uid=swg21982167 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallAnywhere affects IBM InfoSphere Optim Performance Manager for DB2 on LUW and IBM InfoSphere Optim Configuration Manager on Windows Platform (CVE-2016-4560) *** http://www-01.ibm.com/support/docview.wss?uid=swg21984067 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager FastBack for Bare Machine Recovery (CVE-2016-2542) *** http://www.ibm.com/support/docview.wss?uid=swg21984184 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager FastBack (CVE-2016-2542) *** http://www.ibm.com/support/docview.wss?uid=swg21982809 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM Notes KeyView PDF Filters (CVE-2016-0301, CVE-2016-0278, CVE-2016-0279, CVE-2016-0277) *** http://www.ibm.com/support/docview.wss?uid=swg21982277 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 15-06-2016
by Daily end-of-shift report 15 Jun '16

15 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 14-06-2016 18:00 − Mittwoch 15-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Security Advisory posted for Adobe Flash Player (APSA16-03) *** --------------------------------------------- A Security Advisory (APSA16-03) has been published regarding a critical vulnerability (CVE-2016-4171) in Adobe Flash Player. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1367 *** Security Bulletins Posted *** --------------------------------------------- Adobe has published security bulletins for the Adobe DNG SDK (APSB16-19), Adobe Brackets (APSB16-20), Adobe Creative Cloud Desktop Application (APSB16-21) and ColdFusion (APSB16-22). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1361 *** MS16-JUN - Microsoft Security Bulletin Summary for June 2016 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS16-JUN *** DSA-3602 php5 - security update *** --------------------------------------------- Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development. --------------------------------------------- https://www.debian.org/security/2016/dsa-3602 *** Where's the Macro? Malware authors are now using OLE embedding to deliver malicious files *** --------------------------------------------- Recently, we've seen reports of malicious files that misuse the legitimate Office object linking and embedding (OLE) capability to trick users into enabling and downloading malicious content. Previously, we've seen macros used .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/06/14/wheres-the-macro-malwar… *** Mofang: A politically motivated information stealing adversary *** --------------------------------------------- Mofang is a threat actor that almost certainly operates out of China and is probably government-affiliated. It is highly likely that Mofang's targets are selected based on involvement with .. --------------------------------------------- https://blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-informati… *** Safari 10 blockiert Flash standardmäßig *** ---------------------------------------------- Ab Herbst gaukelt Apples Browser Webseiten in der Standardeinstellung vor, dass Plug-ins wie Flash, Silverlight oder Java gar nicht installiert seien. Der Schritt soll Strom sparen und für mehr Sicherheit sorgen. --------------------------------------------- http://heise.de/-3238170 *** VMSA-2016-0009 *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0009.html *** VMSA-2016-0005.4 *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0005.html *** VMSA-2015-0009.3 *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0009.html *** VMSA-2015-0007.6 *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0007.html *** iOS-Apps müssen ab 2017 HTTPS verwenden *** --------------------------------------------- Apple hat angekündigt, ab 1. Jänner 2017 HTTPS-Verbindungen für iOS-Apps zu verlangen. Daten sollen nur noch verschlüsselt übertragen werden. --------------------------------------------- http://futurezone.at/apps/ios-apps-muessen-ab-2017-https-verwenden/204.603.… *** Russische Spione hacken Computer von US-Demokraten *** --------------------------------------------- http://derstandard.at/2000038962384-406 *** Adobe-Patchday lässt kritische Flash-Lücke ungepatcht *** --------------------------------------------- Adobe schliesst Lücken in ColdFusion, der Creative Cloud, dem DNG Development Kit und seinem Texteditor Brackets. Nur eine kritische Flash-Lücke bleibt erst mal ungepatcht. --------------------------------------------- http://heise.de/-3238271 *** DSA-3603 libav - security update *** --------------------------------------------- Several security issues have been corrected in multiple demuxers anddecoders of the libav multimedia library. A full .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3603 *** Cross-Site Scripting in extension "Bootstrap Package" (bootstrap_package) *** --------------------------------------------- https://typo3.org/news/article/cross-site-scripting-in-extension-formhandle… *** Microsoft-Patchday: Uralt-Lücke aus Windows-95-Zeiten geschlossen *** --------------------------------------------- Microsoft hat für diesen Monat 16 Sicherheitsupdates herausgegeben. Fünf davon sind kritisch und eine wichtige Lücke namens "BadTunnel" betrifft alle Windows-Versionen seit Windows 95. --------------------------------------------- http://heise.de/-3238328 *** xDedic - the shady world of hacked servers for sale *** --------------------------------------------- Over the last two years, deep in the slums of the Internet, a different kind of underground market has flourished. The short, cryptic name perhaps doesnt say much about it: xDedic. However, on this obscure marketplace anyone can purchase more than 70,000 hacked servers from all around the Internet. --------------------------------------------- http://securelist.com/blog/research/75027/xdedic-the-shady-world-of-hacked-… *** Programmiersprache: Microsoft forscht an sicherer C-Erweiterung *** --------------------------------------------- Einige Modifikationen an Syntax, Compiler und Laufzeitumgebung sollen C-Programme vor typischen Fehlern der Programmiersprache schützen. Microsoft erforscht diese Technik gemeinsam mit Universitäten in einem Open-Source-Projekt. --------------------------------------------- http://www.golem.de/news/programmiersprache-microsoft-forscht-an-sicherer-c… *** Next Steps for Legacy Plug-ins *** --------------------------------------------- The web platform is capable of amazing things. Thanks to the ongoing hard work of standards bodies, browser vendors, and web developers, web standards are feature-rich and continuously improving. The WebKit project in particular .. --------------------------------------------- https://webkit.org/blog/6589/next-steps-for-legacy-plug-ins/ *** Forenbetreiber gehackt: 45 Millionen Nutzer betroffen *** --------------------------------------------- Cyberkriminelle haben 45 Millionen Datensätze von VerticalScope gestohlen. Die kanadische Firma hostet über 1.100 Webseiten und Online-Foren. --------------------------------------------- http://futurezone.at/digital-life/forenbetreiber-gehackt-45-millionen-nutze… *** TalkTalk-Kunden werden über TeamViewer-Zugänge angegriffen *** --------------------------------------------- Nicht genug, dass die Daten der TalkTalk-Kunden im Netz sind: Jetzt werden diese auch noch Opfer von Ganoven. Diese versuchen, .. --------------------------------------------- http://heise.de/-3238766

1 0

Tageszusammenfassung - Dienstag 14-06-2016
by Daily end-of-shift report 14 Jun '16

14 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 13-06-2016 18:00 − Dienstag 14-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** ATM Insert Skimmers In Action *** --------------------------------------------- KrebsOnSecurity has featured several recent posts on "insert skimmers," ATM skimming devices made to fit snugly and invisibly inside a cash machines card acceptance slot. Im revisiting the subject again because Ive recently .. --------------------------------------------- http://krebsonsecurity.com/2016/06/atm-insert-skimmers-in-action/ *** DSA-3601 icedove - security update *** --------------------------------------------- Multiple security issues have been found in Icedove, Debians version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors maylead to the execution of arbitrary code or denial of service. --------------------------------------------- https://www.debian.org/security/2016/dsa-3601 *** Virenscanner infiziert Systeme mit Sality-Virus *** --------------------------------------------- Durch ein Update landete des Virenscanners Rising landet eine infizierte Datei auf den Systeme, die sich dann daran macht, den Sality-Virus weiter zu verbreiten. --------------------------------------------- http://heise.de/-3237654 *** Vawtrak banking Trojan shifts to new targets *** --------------------------------------------- The Vawtrak banking Trojan (aka Snifula) is slowly but surely becoming a serious threat. With version 2, the malware has acquired the capability to target .. --------------------------------------------- https://www.helpnetsecurity.com/2016/06/14/vawtrak-banking-trojan-shifts-ne… *** Kritische Sicherheitslücke: Angreifer können Adminrechte in Oxid-E-Shop erlangen *** --------------------------------------------- Eine Sicherheitslücke im E-Shop-System Oxid ermöglicht Angreifern den Zugriff auf das Admininterface, es kann auch Code ins Frontend injiziert werden. Aktuelle Versionen werden mit einem Patch abgesichert, für ältere existiert lediglich ein Workaround. --------------------------------------------- http://www.golem.de/news/kritische-sicherheitsluecke-angreifer-koennen-admi… *** Aufregung um Linkedin-Hack in .at: Nutzer sollten dringend Passwort ändern *** --------------------------------------------- Vollständige Nutzerdatenbank aus dem Jahr 2012 kursiert, und sorgt nun auch hierzulande für Schlagzeilen. --------------------------------------------- http://derstandard.at/2000038935519 *** Weaponizing Nessus *** --------------------------------------------- Once in a blue moon we come across a client that has truly done security right (or at least, tried really hard to do so). All the low hanging fruit has .. --------------------------------------------- http://www.shellntel.com/blog/2016/6/7/weaponizing-nessus *** The PhotoMiner Campaign *** --------------------------------------------- Over the past few months, we've been following a new type of worm we named PhotoMiner. PhotoMiner features a unique infection mechanism, reaching endpoints by infecting websites hosted on FTP servers while making money by .. --------------------------------------------- https://www.guardicore.com/2016/06/the-photominer-campaign/ *** Finding pearls; fuzzing ClamAV *** --------------------------------------------- Previously, I wrote about the general workflow to follow if you wanted to seriously begin fuzzing applications, while covering fuzzing a small YAML library. In this post, we will cover taking that workflow and applying it in real life to the open-source antivirus project ClamAV. This fuzz job was .. --------------------------------------------- https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/ *** phpMyAdmin Project Successfully Completes Security Audit *** --------------------------------------------- Software Freedom Conservancy congratulates its phpMyAdmin project on succesfuly completing completing a thorough security audit, as part of Mozillas Secure Open Source Fund. No serious issues were found in the phyMyAdmin codebase. --------------------------------------------- https://www.phpmyadmin.net/news/2016/6/13/phpmyadmin-project-successfully-c… *** Netgear-Router dank festinstallierter Schlüssel einfach zu knacken *** --------------------------------------------- Die Router D6000 und D3600 können von Angreifern gekapert werden, da sie fest installierte Krypto-Schlüssel nutzen, die immer gleich sind. Ausserdem lässt sich das Administrator-Passwort sehr einfach auslesen. --------------------------------------------- http://heise.de/-3237907 *** Making Curl | Bash safe(r) *** --------------------------------------------- You know those software installation instructions that tell you to download and run a script directly from the internet, as root, using something like the following? --------------------------------------------- https://sysdig.com/blog/making-curl-bash-safer/

1 0

Tageszusammenfassung - Montag 13-06-2016
by Daily end-of-shift report 13 Jun '16

13 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 10-06-2016 18:00 − Montag 13-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Linux Kernel ROP - Ropping your way to # (Part 1) *** --------------------------------------------- Kernel ROP In-kernel ROP (Return Oriented Programming) is a useful technique that is often used to bypass restrictions associated with non-executable memory regions. For example, on default kernels1, it presents a practical approach for .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP---Ropp… *** Siemens SIMATIC S7-300 Denial-of-Service Vulnerability *** --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01 *** Is it the End of Angler ? *** --------------------------------------------- http://malware.dontneedcoffee.com/2016/06/is-it-end-of-angler.html *** Visual Studio 2015 stopft ungefragt Tracing-Code in C++-Programme *** --------------------------------------------- Microsofts aktuelle Entwicklungsumgebung baut ungefragt und automatisch Funktionsaufrufe in C++-Code ein, die dem Erfassen von Telemetrie-Daten dienen. Microsoft will das nun mit Updates abstellen. --------------------------------------------- http://heise.de/-3235676 *** Blackberry verteilt Nutzerdaten weltweit an Behörden *** --------------------------------------------- Blackberry entschlüsselt Nachrichten, die über seine Geräte verschickt und empfangen werden und teilt diese Informationen und andere Nutzerdaten mit Behörden in aller Welt. --------------------------------------------- http://futurezone.at/netzpolitik/blackberry-verteilt-nutzerdaten-weltweit-a… *** Petya and Mischa - Ransomware Duet (part 2) *** --------------------------------------------- After being defeated in April, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload - Mischa. Both are named after the satellites from the GoldenEye movie. They deploy .. --------------------------------------------- https://blog.malwarebytes.org/threat-analysis/2016/06/petya-and-mischa-rans… *** DNS Sinkhole ISO Version 2.0 *** --------------------------------------------- After 4 years (previous version 1.3 Jun 2012), I containing the following changes: - Updated to Slackware 14.1 with Linux kernel 3.10.17 - Added inetsim in the /opt directory as a limited alternative to collect redirected sinkhole .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21153 *** Symantec übernimmt Blue Coat für 4,65 Milliarden Dollar *** --------------------------------------------- Blue Coat wurde vom Sicherheitssoftwareanbieter Symantec gekauft und will sich fortan vor allem auf Anti-Viren-Software konzentrieren. --------------------------------------------- http://futurezone.at/b2b/symantec-uebernimmt-blue-coat-fuer-4-65-milliarden… *** Verschlüsselung: Lets Encrypt veröffentlicht 7.618 E-Mail-Adressen *** --------------------------------------------- Lets Encrypt will Verbindungen im Internet besser absichern und so die privaten Daten der Nutzer besser schützen. Doch jetzt hat das Projekt durch eine Panne selbst zahlreiche Mailadressen preisgegeben. --------------------------------------------- http://www.golem.de/news/verschuesselung-let-s-encrypt-verraet-7-618-e-mail… *** FLocker Mobile Ransomware Crosses to Smart TV *** --------------------------------------------- Using multiple devices that run on one platform makes life easier for a lot of people. However, if a malware affects one of these devices, the said malware may eventually affect the others, too. This appears to be the case when we came across an .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/flocker-ransomwa… *** Statt Backups: Britische Firmen horten Bitcoins für Erpressungstrojaner *** --------------------------------------------- Anstatt für regelmäßige Backups zu sorgen, scheinen viele britische Firmen lieber Kryptogeldreserven anzulegen, um Lösegeld für ihre Daten bezahlen zu können. Laut einer Befragung sind viele Firmen bereit, bis zu 50.000 Pfund zu zahlen. --------------------------------------------- http://heise.de/-3236563 *** Intel verankert Anti-Exploit-Technik in (CPU-)Hardware *** --------------------------------------------- Mit der "Control-flow Enforcement Technology" will Intel dem Ausnutzen von Sicherheitslücken eine weitere Hürde in den Weg legen. Wann CET jedoch in Prozessoren debüttiert, steht noch in den Sternen. --------------------------------------------- http://heise.de/-3236707 *** Microsoft kauft LinkedIn für 26,2 Milliarden Dollar *** --------------------------------------------- Das Karriere-Netzwerk LinkedIn wird von Microsoft übernommen. Der Xing-Konkurrent werde dabei insgesamt mit 26,2 Milliarden Dollar bewertet, teilten die Unternehmen mit. --------------------------------------------- http://futurezone.at/b2b/microsoft-kauf-linkedin-fuer-26-2-milliarden-dolla… *** Process Explorer: Part 2 *** --------------------------------------------- For Windows operating systems (OS), especially those up to and including Windows 7, Process Explorer is an excellent replacement for Task Manager. After publishing .. --------------------------------------------- https://blog.malwarebytes.org/101/2016/05/process-explorer-part-2/ *** Empfehlungen für Cybersicherheitsgesetz veröffentlicht *** --------------------------------------------- Ein Jahr lang haben Experten aus Wirtschaft, Wissenschaft und Behörden über das Cybersicherheitsgesetz diskutiert, das eine Meldepflicht bei Cyberangriffen bringen soll. --------------------------------------------- http://futurezone.at/netzpolitik/empfehlungen-fuer-cyberischerheitsgesetz-v…

1 0

Tageszusammenfassung - Freitag 10-06-2016
by Daily end-of-shift report 10 Jun '16

10 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 09-06-2016 18:00 − Freitag 10-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Reverse-engineering DUBNIUM *** --------------------------------------------- DUBNIUM (which shares indicators with what Kaspersky researchers have called DarkHotel) is one of the activity groups that has been very active in recent years, and has many distinctive features. We located multiple variants of multiple-stage droppers and payloads in the last few months, and although they are not really packed or obfuscated in a... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/06/09/reverse-engineering-dub… *** "Webseiten werden angreifbarer" *** --------------------------------------------- Alexander Mitter von nimbusec und Andreas Tomek von SBA Research über Sicherheits-Start-ups in Österreich, Bedrohungsszenarien und Viagra-Shops auf Unternehmenswebseiten. --------------------------------------------- http://futurezone.at/thema/start-ups/webseiten-werden-angreifbarer/203.199.… *** Offensive or Defensive Security? Both!, (Thu, Jun 9th) *** --------------------------------------------- Sometimes students ask me the best way to jump into the security world. I usually compare information security to medicine: You start with a common base (a strong knowledge in IT) then you must choose a specialization: auditor, architect, penetrationtester, reverse engineer, incident handler, etc. Basically, those specializations can be grouped in two categories: offensiveand defensive. Many people like the first one because it looks more funny and the portrait of the hacker as depicted in Hollywood... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21149&rss *** Secure Open Source: Mozilla stiftet Fonds für bessere Security *** --------------------------------------------- In dem Programm Secure Open Source (SOS) stellt Mozilla zunächst 500.000 US-Dollar bereit, um die Sicherheit von Open-Source-Software zu verbessern. Anders als bei der Linux Foundation soll das Geld explizit für Audits und einen sauberen Umgang mit Sicherheitslücken genutzt werden. --------------------------------------------- http://www.golem.de/news/secure-open-source-mozilla-stiftet-fonds-fuer-bess… *** Crysis ransomware fills vacuum left by TeslaCrypt *** --------------------------------------------- TeslaCrypt has reached the end of the road, and other ransomware is ready to fill the vacuum left behind it. A relative newcomer to the market, Crysis ransomware is already laying claim to parts of TeslaCrypt's territory. The Crysis ransomware family � not to be confused with the Crisis backdoor/spyware Trojan that targeted both Windows and Mac users some four years ago - is currently in its second iteration, and doesn't differ much from other... --------------------------------------------- https://www.helpnetsecurity.com/2016/06/10/crysis-ransomware/ *** An Interview With the Hacker Probably Selling Your Password Right Now *** --------------------------------------------- A conversation with the stolen-data wholesaler selling 800 million stolen passwords, and plaguing the security teams of LinkedIn, Twitter, and Tumblr. --------------------------------------------- http://www.wired.com/2016/06/interview-hacker-probably-selling-password/ *** Optimizing TLS over TCP to reduce latency *** --------------------------------------------- The layered nature of the Internet (HTTP on top of some reliable transport (e.g. TCP), TCP on top of some datagram layer (e.g. IP), IP on top of some link (e.g. Ethernet)) has been very important in its development. Different link layers have come and gone over... --------------------------------------------- https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/ *** EMC and VMware both suffer malicious user access messes *** --------------------------------------------- The wrong people can access data on Data Domain, NSX and vRealize VMware and EMC have each revealed security nasties. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/06/10/emc_and_vmw… *** VU#778696: Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass *** --------------------------------------------- Vulnerability Note VU#778696 Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass Original Release date: 10 Jun 2016 | Last revised: 10 Jun 2016 Overview The Netgear D6000 and D3600 routers are vulnerable to authentication bypass and contain hard-coded cryptographic keys embedded in their firmware. Description CWE-321: Use of Hard-coded Cryptographic Key -- CVE-2015-8288The firmware for these devices contains a hard-coded RSA private key,... --------------------------------------------- http://www.kb.cert.org/vuls/id/778696 *** USN-2995-1: Squid vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-2995-19th June, 2016squid3 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in Squid.Software description squid3 - Web proxy cache server DetailsYuriy M. Kaminskiy discovered that the Squid pinger utility incorrectlyhandled certain ICMPv6 packets. A remote attacker could use this issue tocause Squid to crash, resulting in a... --------------------------------------------- http://www.ubuntu.com/usn/usn-2995-1/ *** DSA-3599 p7zip - security update *** --------------------------------------------- Marcin Icewall Noga of Cisco Talos discovered an out-of-bound readvulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zrfile archiver with high compression ratio. A remote attacker can takeadvantage of this flaw to cause a denial-of-service or, potentially theexecution of arbitrary code with the privileges of the user runningp7zip, if a specially crafted UDF file is processed. --------------------------------------------- https://www.debian.org/security/2016/dsa-3599 *** Security Advisory: Java vulnerabilities CVE-2013-5825 and CVE-2013-5830 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/48/sol48802597.html?… *** Security Advisory: iControl REST vulnerability CVE-2016-5021 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/99/sol99998454.html?… *** Bugtraq: ESA-2016-062: EMC Data Domain Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538642 *** VMSA-2016-0008 *** --------------------------------------------- VMware vRealize Log Insight addresses important and moderate security issues. --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0008.html *** VMSA-2016-0007 *** --------------------------------------------- VMware NSX and vCNS product updates address a critical information disclosure vulnerability --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0007.html *** Bugtraq: [security bulletin] HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS) *** --------------------------------------------- http://www.securityfocus.com/archive/1/538640 *** [R2] OpenSSL 20160503 Advisory Affects Tenable Products *** --------------------------------------------- Nessus and SecurityCenter are potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed. Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included version of OpenSSL as a precaution, and to save time. [...] Advisory Timeline 2016-05-19 - [R1] Initial Release | 2016-06-09 - [R2] Security Center details added --------------------------------------------- https://www.tenable.com/security/tns-2016-10 *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-3705) *** --------------------------------------------- There is a vulnerability in libxml2 that is used by IBM BigFix Compliance Analytics. IBM BigFix Compliance has addressed this vulnerability. CVE(s): CVE-2016-3705 Affected product(s) and affected version(s): IBM BigFix Security Compliance Analytics 1.7 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21984773X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112885 --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21984773 *** IBM Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects IBM BigFix Compliance Analytics. (CVE-2016-0264) *** --------------------------------------------- There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 Service Refresh 2 Fixpack 11 that is used by IBM BigFix Compliance Analytics. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): CVE-2016-0264 Affected product(s) and affected version(s): IBM BigFix Security Compliance Analytics 1.8. Refer to... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21983689 *** IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Deploy (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351) *** --------------------------------------------- Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Deploy. CVE(s): CVE-2015-5345, CVE-2015-5346, CVE-2015-5351 Affected product(s) and affected version(s): IBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.2, 6.2.0.1,... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000126 *** IBM Security Bulletin: IBM Notes InstallShield vulnerable to DLL planting (CVE-2016-2542) *** --------------------------------------------- IBM Notes uses InstallShield which generates install executables that are vulnerable to a DLL-planting vulnerability. CVE(s): CVE-2016-2542 Affected product(s) and affected version(s): This vulnerability affects installers of following versions of IBM Notes... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21979808 *** IBM Security Bulletin: Vulnerability in Apache Standard Taglibs affects IBM WebSphere Application Server (CVE-2015-0254) *** --------------------------------------------- There is an XML External Entity Injection (XXE) vulnerability in the Apache Standard Taglibs that affects IBM WebSphere Application Server. CVE(s): CVE-2015-0254 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server Version 8.5.5 Full Profile and Liberty Version 8.5 Full Profile and Liberty Version 8.0 Version... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21978495

1 0

Tageszusammenfassung - Donnerstag 9-06-2016
by Daily end-of-shift report 09 Jun '16

09 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 08-06-2016 18:00 − Donnerstag 09-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** AVM warnt vor Telefonmissbrauch bei Routern mit älterer Firmware *** --------------------------------------------- Fritzboxen mit "seltenen Konfigurationen" und älterer Firmware könnten aktuell Opfer von Angreifern werden, die auf Telefonbetrug zielen. AVM rät zu Updates. --------------------------------------------- http://heise.de/-3232343 *** Unpatched D-Link Wi-Fi Camera Flaw Remotely Exploitable *** --------------------------------------------- D-Links DCS930L Wi-Fi camera is vulnerable to a stack overflow vulnerability that can be remotely exploited. --------------------------------------------- http://threatpost.com/unpatched-d-link-wi-fi-camera-flaw-remotely-exploitab… *** Skype being used to distribute malware *** --------------------------------------------- Skype being used to distribute QRAT malware to unsuspecting travelers looking for help on filling out U.S, travel documents. --------------------------------------------- http://www.scmagazine.com/skype-being-used-to-distribute-malware/article/50… *** Searching for malspam, (Thu, Jun 9th) *** --------------------------------------------- Introduction About a week ago, I stopped seeing the daily deluge of malicious spam (malspam) distributing Dridex banking trojans or Locky ransomware. Before this month, I generally noticed multiple waves of Dridex/Locky malspam almost every day. This malspam contains attachments with zipped .js files or Microsoft Office documents designed to download and install the malware. I havent found much discussion about the current absence of Dridex/Locky malspam. Since the actor(s) behind Dridex... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21145&rss *** Security: Locky- und Dridex-Botnetz ist spurlos verschwunden *** --------------------------------------------- Sicherheitsforscher haben einen massiven Rückgang von Infektionen der bekannten Malware-Familien Dridex und Locky beobachtet. Schuld sind offenbar Probleme beim verteilenden Botnetz. Für Locky gibt es keine neue Infrastruktur. Was mit Opfern passiert, ist derzeit offen. --------------------------------------------- http://www.golem.de/news/security-wo-ist-nur-das-botnetz-hin-1606-121396-rs… *** REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2016-033Project: REST/JSON (third-party module)Version: 7.xDate: 2016-June-08Security risk: 19/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Proof/TD:AllVulnerability: Access bypass, Information Disclosure, Multiple vulnerabilitiesDescriptionThis module enables you to expose content, users and comments via a JSON API.The module contains multiple vulnerabilities includingNode access bypassComment access bypassUser enumerationField access bypassUser registration... --------------------------------------------- https://www.drupal.org/node/2744889 *** Citrix XenServer Security Update for CVE-2016-5302 *** --------------------------------------------- A security vulnerability has been identified in XenServer 7.0 that may allow an attacker on the management network who is in possession of Active Directory credentials for an AD account that is not authorised to manage a XenServer host to compromise that host. --------------------------------------------- https://support.citrix.com/article/CTX213549 *** Bugtraq: ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/538634 *** Bugtraq: ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/538635 *** Security Advisory: Custom monitor privilege escalation vulnerability CVE-2016-5020 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/00/sol00265182.html?… *** Security Advisory: PHP vulnerability CVE-2016-4070 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/42/sol42065024.html?… *** SSA-526760 (Last Update 2016-06-08): Weak Credentials Protection in SIMATIC WinCC flexible *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760… *** SSA-818183 (Last Update 2016-06-08): Denial-of-Service Vulnerability in S7-300 CPU *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183… *** SSA-301706 (Last Update 2016-06-08): GNU C Library Vulnerability in Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706… *** Bugtraq: [security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery *** --------------------------------------------- http://www.securityfocus.com/archive/1/538630 *** Bugtraq: [security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands *** --------------------------------------------- http://www.securityfocus.com/archive/1/538629 *** Bugtraq: [security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538633 *** Bugtraq: [security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538632 *** Cisco Aironet 3800 Series Access Point Platforms ARP Request Handling Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Application Policy Infrastructure Controller Binary Files Privilege Escalation Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino *** http://www.ibm.com/support/docview.wss?uid=swg21984678 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallShield/InstallAnywhere affects IBM Informix CSDK and Server installation on Windows(CVE-2016-2542, CVE-2016-4560) *** http://www-01.ibm.com/support/docview.wss?uid=swg21984231 --------------------------------------------- *** IBM Security Bulletin: IBM Client Application Access InstallShield vulnerable to DLL planting (CVE-2016-2542) *** http://www.ibm.com/support/docview.wss?uid=swg21981968 --------------------------------------------- *** IBM Security Bulletin: Secure Properties in IBM UrbanCode Deploy Vulnerable (CVE-2016-0267) *** http://www.ibm.com/support/docview.wss?uid=swg2C1000151 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience (CVE-2015-1794, CVE-2015-3194, CVE-2016-0702) *** http://www.ibm.com/support/docview.wss?uid=swg21981021 --------------------------------------------- *** IBM Security Bulletin: Security Bulletin: Vulnerabilities in OpenSSL and ReDoS vulnerability in semver module affect IBM SDK for Node.js in IBM Bluemix (CVE-2016-2107, CVE-2016-2105, CVE-2015-8855) *** http://www-01.ibm.com/support/docview.wss?uid=swg21983514 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection *** http://www.ibm.com/support/docview.wss?uid=swg21984424 --------------------------------------------- *** IBM Security Bulletin: An unspecified JMX component vulnerability affects IBM SPSS Analytic Server (CVE-2016-3427) *** http://www.ibm.com/support/docview.wss?uid=swg21984436 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 8-06-2016
by Daily end-of-shift report 08 Jun '16

08 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 07-06-2016 18:00 − Mittwoch 08-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Microsoft Bounty Program expansion - .NET Core and ASP.NET RC2 Beta Bounty *** --------------------------------------------- Today I have another exciting expansion of the Microsoft Bounty Program. Please visit https://aka.ms/BugBounty to find out more. As we approach release for .NET Core and ASP.NET, we would like to get even more feedback from the security research community. We are offering a bounty on the .NET Core and ASP.NET Core RC2 Beta Build which... --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2016/06/07/microsoft-bounty-progra… *** SWIFT May Ban Banks Without Strong Cybersecurity (June 3, 2016) *** --------------------------------------------- The head of SWIFT says that banks without adequate cybersecurity measures in place could find themselves suspended from using the SWIFT financial transfer communication network... --------------------------------------------- http://www.sans.org/newsletters/newsbites/r/18/45/202 *** Ransomware Leaves Server Credentials in its Code *** --------------------------------------------- While SNSLocker isn't a stand-out crypto-ransomware in terms of routine or interface, its coarse and bland facade hid quite a surprise. After looking closer at its code, we discovered that this Ransomware contains the credentials for the access of its own server. We also found out that they used readily-available servers and payment systems. This... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/gADipA92iAA/ *** Phishers Abuse Hosting Temporary URLs *** --------------------------------------------- Recently we told you how hackers use alternative domain names provided by web hosts to make their URLs look less suspicious. This time we'll show a similar trick used by phishers. Phishing web pages get blacklisted very fast. That's why hackers need to purchase many domains or compromise many websites so that they can point... --------------------------------------------- https://blog.sucuri.net/2016/06/phishers-abuse-hosting-temporary-urls.html *** Neutrino EK and CryptXXX, (Wed, Jun 8th) *** --------------------------------------------- Introduction By Monday 2016-06-06, the pseudo-Darkleech campaign began using Neutrino exploit kit (EK) to send CryptXXX ransomware [1]. Until then, Id only seen Angler EK distribute CryptXXX. However, this is not the first time weve seen campaigns associated with ransomware switch between Angler EK and Neutrino EK [2, 3, 4, 5]. It was documented as early as August 2015 [2]. This can be confusing, especially if youre expecting Angler EK. Campaigns can (and occasionally do) switch EKs. For an... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21141&rss *** Millions of must be firewalled services are open to the entire internet - research *** --------------------------------------------- 15m telnet nodes, 4.5m printers TCP port 445... Millions of services that ought to be restricted are exposed on the open internet, creating a huge risk of hacker attack against databases and more. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/06/08/services_be… *** How to Prevent Ransomware in Industrial Control Systems *** --------------------------------------------- Del Rodillas, our solution lead for SCADA & Industrial Control Systems, recently appeared in Electric Light & Power to discuss ransomware as an emerging threat for Operational Technology environments. With ransomware on everyone's mind these... --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/06/how-to-prevent-ransomwar… *** Linkedln-Nutzer erhalten unechte Geschäftsrechnung *** --------------------------------------------- Kriminelle versenden gezielt vermeintlich offene Unternehmensrechnungen an Nutzer/innen des Sozialen Netzwerks Linkedln. Darin führen sie die auf der Plattform veröffentlichten und richtigen Informationen, wie den Namen, die Berufsposition und das Unternehmen, an. Empfänger/innen sollen den beigefügten Dateianhang öffnen. Er verbirgt Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/linkedln-nutzer-er… *** Google To Deprecate SSLv3, RC4 in Gmail IMAP/POP Clients *** --------------------------------------------- Google will next week begin a gradual deprecation of unsafe crypto protocol SSLv3 and cipher RC4 in Gmail IMAP/POP clients. --------------------------------------------- http://threatpost.com/google-to-deprecate-sslv3-rc4-in-gmail-imappop-client… *** ENISA zeigt Möglichkeiten der forensischen Analyse bei Cloud-Vorfällen *** --------------------------------------------- Als Hilfestellung - nicht nur - für Anbieter von Cloud-Diensten hat die europäische Sicherheitsbehörde ENISA ein Papier zum technischen Stand der Analyse von Sicherheitsvorfällen in der Cloud veröffentlicht. --------------------------------------------- http://heise.de/-3231521 *** But have I really been pwned? Vetting your data *** --------------------------------------------- The news has been full of leaked passwords for some popular services recently. But these numbers of hacked accounts can be exaggerated for effect, and sometimes blatantly wrong.Categories: Criminals Threat analysis(Read more...) --------------------------------------------- https://blog.malwarebytes.org/threat-analysis/2016/06/but-have-i-really-bee… *** Cisco IOS XR Software LPTS Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** DSA-3597 expat - security update *** --------------------------------------------- Two related issues have been discovered in Expat, a C library for parsingXML. --------------------------------------------- https://www.debian.org/security/2016/dsa-3597 *** Symantec Embedded Security: Critical System Protection and Symantec Data Center Security: Server Advanced, Multiple Security Issues *** --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** DFN-CERT-2016-0918: GnuTLS: Eine Schwachstelle ermöglicht die Manipulation beliebiger Dateien *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0918/ *** Trihedral VTScada Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for several vulnerabilities in Trihedral Engineering Ltd.'s Trihedral VTScada. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01 *** KMC Controls Conquest BACnet Router Vulnerabilities *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on May 5, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for authentication and cross-site request forgery vulnerabilities in KMC Controls Conquest BACnet routers through its web interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-126-01 *** Security Advisory - Several Vulnerabilities in Huawei Honor Routers *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160607-… *** Security Advisory - Memory Leak Vulnerability in Some Huawei Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160608-… *** Security Advisory: SQLite vulnerabilities CVE-2015-3414 and CVE-2015-3415 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/37/sol37236006.html?… *** Security Advisory: SQLite vulnerability CVE-2015-3416 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/16000/900/sol16950.htm… *** Bugtraq: [security bulletin] HPSBGN03623 rev.1 - HPE Universal CMDB, Remote Disclosure of Sensitive Information *** --------------------------------------------- http://www.securityfocus.com/archive/1/538623 *** Bugtraq: [security bulletin] HPSBGN03622 rev.1 - HPE UCMDB, Universal Discovery, and UCMDB Configuration Manager using Apache Commons Collection, Remote Code Executon *** --------------------------------------------- http://www.securityfocus.com/archive/1/538622 *** Bugtraq: [security bulletin] HPSBGN03621 rev.1 - HPE Universal CMDB using OpenSSL, Remote Disclosure of Sensitive Information *** --------------------------------------------- http://www.securityfocus.com/archive/1/538621 *** IBM Security Bulletin: A vulnerability in the instance runAsUser function was found in IBM InfoSphere Streams (CVE-2016-2867) *** --------------------------------------------- There is a potential vulnerability in IBM InfoSphere Streams when the instance runAsUser property is set. IBM InfoSphere Streams has addressed this vulnerability. CVE(s): CVE-2016-2867 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 4.0.1.1 and earlier IBM Streams Version 4.1.1.0 and earlier Refer to the following reference URLs for remediation and additional vulnerability details:Source --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21983444 *** IBM Security Bulletin:Multiple security vulnerabilities in Open Source Apache Tomcat affect IBM Cognos Business Viewpoint (CVE-2016-0714 , CVE-2015-5174) *** --------------------------------------------- There are multiple vulnerabilities in Open Source Apace Tomcat that is used by IBM Cognos Business Viewpoint. These were disclosed in the 02/22/2016 X-Force Reports. IBM Cognos Business Viewpoint has addressed the applicable CVEs. CVE(s): CVE-2016-0714, CVE-2015-5174 Affected product(s) and affected version(s): IBM Cognos Business Viewpoint 10.1 FP1 IBM Cognos Business Viewpoint 10.1.1 FP2 Refer... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21984197 *** IBM Security Bulletin:InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability (CVE-2016-4560) *** --------------------------------------------- InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability affect IBM Security AppScan Source CVE(s): CVE-2016-4560 Affected product(s) and affected version(s): IBM Security AppScan Source 8.7, 8.8, 9.0, 9.0.1, 9.0.2, 9.0.3 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21983037X-Force Database:... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21983037 *** IBM Security Bulletin: Vulnerabilities in IBM Domino Keyview PDF Filters (CVE-2016-0277, CVE-2016-0278, CVE-2016-0279, CVE-2016-0277) *** --------------------------------------------- IBM Domino has four vulnerabilities in Keyview PDF filters. CVE(s): CVE-2016-0277, CVE-2016-0278, CVE-2016-0279, CVE-2016-0301 Affected product(s) and affected version(s): IBM Domino 9.0.1 FP5 and earlier releases. IBM Domino 9.0 IF4 and earlier releases. IBM Domino 8.5.3 FP6 IF12 and earlier releases. IBM Domino 8.5.2 FP4 IF3 and earlier releases. IBM Domino 8.5.1 FP5 IF3 and... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21983292 *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM InfoSphere Streams. (CVE-2016-2073) *** --------------------------------------------- There is a vulnerability in libxml2 that is used by IBM InfoSphere Streams. IBM InfoSphere Streams has addressed this vulnerability. CVE(s): CVE-2016-2073 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 1.2.1.0 IBM InfoSphere Streams Version 2.0.0.4 and earlier IBM InfoSphere Streams Version 3.0.0.5 and earlier IBM InfoSphere Streams Version 3.1.0.7 and earlier IBM InfoSphere... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21983372 *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM InfoSphere Streams. (CVE-2015-8710) *** --------------------------------------------- There is a vulnerability in libxml2 that is used by IBM InfoSphere Streams. IBM InfoSphere Streams has addressed this vulnerability. CVE(s): CVE-2015-8710 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 1.2.1.0 IBM InfoSphere Streams Version 2.0.0.4 and earlier IBM InfoSphere Streams Version 3.0.0.5 and earlier IBM InfoSphere Streams Version 3.1.0.7 and earlier IBM InfoSphere... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21983371 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2016-2108, CVE-2016-2107). *** --------------------------------------------- OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Direct for UNIX. IBM Sterling Connect:Direct for UNIX has addressed the applicable CVEs. CVE(s): CVE-2016-2108, CVE-2016-2107 Affected product(s) and affected version(s): IBM Sterling Connect:Direct for Unix 4.1.0 IBM Sterling Connect:Direct for Unix 4.0.0 Refer to the following... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21983909

1 0

Tageszusammenfassung - Dienstag 7-06-2016
by Daily end-of-shift report 07 Jun '16

07 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 06-06-2016 18:00 − Dienstag 07-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Gezielte Trojaner-Mails mit persönlichen Daten aus dem LinkedIn-Hack *** --------------------------------------------- Aktuell kursieren gefälschte Rechnungen mit Trojaner im Gepäck, die sich LinkedIn-Daten zunutze machen und deswegen plausibel wirken. --------------------------------------------- http://heise.de/-3228473 *** Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript *** --------------------------------------------- This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks, McAfee Labs has observed a huge increase in spam related to Locky, a new ransomware threat spread via spam campaigns. The contents of the spam email are carefully crafted to lure victims using social engineering... --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/locky-ransomware-hides-under-multiple-… *** Threat Actors Employ COM Technology in Shellcode to Evade Detection *** --------------------------------------------- COM (Component Object Model) is a technology in Microsoft Windows that enables software components to communicate with each other; it is one of the fundamental architectures in Windows. From the security point of view, several "features" built into COM have lead to many security vulnerabilities. These features include ActiveX (an Internet Explorer plug-in technology), the... --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/threat-actors-employ-com-technology-sh… *** FastPOS malware exfiltrates data immediately after harvesting it *** --------------------------------------------- POS malware might have taken a backseat when ransomware became the go-to malware for many cyber crooks, but stealing payment card information to effect fraudulent transactions is still a lucrative business. Trend Micro researchers have recently analyzed a new POS malware family sporting some interesting functionalities. One of these is what made them dub the threat FastPOS: the malware does not wait to collect a batch of data and then send it periodically to the... --------------------------------------------- https://www.helpnetsecurity.com/2016/06/07/fastpos-malware/ *** Check your BITS, because deleting malware might not be enough *** --------------------------------------------- Attackers are abusing the Windows Background Intelligent Transfer Service (BITS) to re-infect computers with malware after theyve been already cleaned by antivirus products.The technique was observed in the wild last month by researchers from SecureWorks while responding to a malware incident for a customer. The antivirus software installed on a compromised computer detected and removed a malware program, but the computer was still showing signs of malicious activity at the network level. --------------------------------------------- http://www.cio.com/article/3080016/check-your-bits-because-deleting-malware… *** Android gets patches for serious flaws in hardware drivers and media server *** --------------------------------------------- The June batch of Android security patches addresses nearly two dozen vulnerabilities in system drivers for various hardware components from several chipset makers.The largest number of critical and high severity flaws were patched in the Qualcomm video driver, sound driver, GPU driver, Wi-Fi driver, and camera driver. Some of these privilege escalation vulnerabilities could allow malicious applications to execute malicious code in the kernel leading to a permanent device compromise. Similar... --------------------------------------------- http://www.csoonline.com/article/3079726/security/android-gets-patches-for-… *** Android Security Bulletin - June 2016 *** --------------------------------------------- [...] The most severe issue is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files. --------------------------------------------- https://source.android.com/security/bulletin/2016-06-01.html *** BlackBerry powered by Android Security Bulletin - June 2016 *** --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available build, as outlined in the Available Updates section. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?articleNumber=000038209 *** NTP.org ntpd is vulnerable to denial of service and other vulnerabilities *** --------------------------------------------- NTP.orgs reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTPs security advisory listing and in the individual links below. --------------------------------------------- https://www.kb.cert.org/vuls/id/321640 *** DFN-CERT-2016-0840: IPv6-Protokoll: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff *** --------------------------------------------- Version 1 (2016-05-26 11:34) Neues Advisory Version 2 (2016-05-27 09:49) Cisco aktualisiert die referenzierte Sicherheitsmeldung [...] Version 3 (2016-06-01 11:36) Cisco aktualisiert die referenzierte Sicherheitsmeldung [...] Version 4 (2016-06-03 14:31) Cisco aktualisiert cisco-sa-20160525-ipv6 und weist darauf hin, dass es sich nicht um einen Cisco spezifischen Fehler handelt, [...] Version 5 (2016-06-06 15:12) Juniper Networks informiert darüber, dass EX4300, EX4600, QFX3500 und QFX5100... --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0840/ *** Bugtraq: [security bulletin] HPSBGN03620 rev.1 - HPE Helion OpenStack using OpenSSL and QEMU, Remote Unauthorized Data Access *** --------------------------------------------- http://www.securityfocus.com/archive/1/538612 *** Bugtraq: [security bulletin] HPSBGN03619 rev.1 - HPE Discovery and Dependency Mapping Inventory (DDMi) using Java Deserialization, remote Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/538611 *** Bugtraq: [security bulletin] HPSBGN03442 rev.2 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/538610 *** IBM Security Bulletin: Path Traversal affects IBM Security Guardium Database Activity Monitor (CVE-2016-0298) *** --------------------------------------------- IBM Security Guardium Database Activity Monitor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to view arbitrary files on the system. CVE(s): CVE-2016-0298 Affected product(s) and affected version(s): IBM Security Guardium Database Activity Monitor V10 Refer to the following reference URLs for remediation and... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21981749 *** IBM Security Bulletin: Using Components with Known Vulnerabilities affects IBM Security Guardium (multiple CVEs) *** --------------------------------------------- IBM Security Guardium is vulnerable to several possible remote attacks CVE(s): CVE-2015-4881, CVE-2015-7181, CVE-2015-7981, CVE-2013-1981, CVE-2015-3416, CVE-2015-2730, CVE-2015-7704, CVE-2015-3238, CVE-2015-5312, CVE-2015-5288 Affected product(s) and affected version(s): IBM Security Guardium V10 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21981747X-Force Database:... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21981747 *** IBM Security Bulletin: Cacheable SSL Page vulenrability affects IBM Security Guardium Database Activity Monitor (CVE-2016-0237) *** --------------------------------------------- IBM Security Guardium Database Activity Monitor contains locally cached browser data, that could allow a local attacker to obtain sensitive information. CVE(s): CVE-2016-0237 Affected product(s) and affected version(s): IBM Security Guardium Database Activity Monitor V10 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21981631X-Force Database:... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21981631 *** IBM Security Bulletin: Use of Hard-coded Cryptographic Key vulenrability affects IBM Security Guardium Database Activity Monitor (CVE-2016-0235) *** --------------------------------------------- IBM Security Guardium Database Activity Monitor uses a hard-coded password for the which is available to the administrator or a user with root access. This password could be used across other GRUB systems. CVE(s): CVE-2016-0235 Affected product(s) and affected version(s): IBM Security Guardium Database Activity Monitor V10 Refer to the following reference URLs for remediation... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21981748 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Streams (CVE-2016-0466, CVE-2016-0448) *** --------------------------------------------- There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 Service Refresh 2 Fix Pack 11 and earlier releases, Version 7R1 Service Refresh 3 Fix Pack 31 and earlier releases, and Version 6 Service Refresh 16 Fix Pack 21 and earlier releases. If you run your own Java code using the IBM Java... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21983436 *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM InfoSphere Streams. (CVE-2015-8317) *** --------------------------------------------- There is a vulnerability in libxml2 that is used by IBM InfoSphere Streams. IBM InfoSphere Streams has addressed this vulnerability. CVE(s): CVE-2015-8317 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 1.2.1.0 IBM InfoSphere Streams Version 2.0.0.4 and earlier IBM InfoSphere Streams Version 3.0.0.5 and earlier IBM InfoSphere Streams Version 3.1.0.7 and earlier IBM InfoSphere... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21983370 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ AMS (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196) *** --------------------------------------------- OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM MQ Advanced Message Security (AMS) on IBM i. IBM MQ has addressed the applicable CVEs. CVE(s): CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 Affected product(s) and affected version(s): IBM MQ 8.0 Advanced Message Security (AMS) on IBM i only Fix Pack 8.0.0.4... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21983823 *** IBM Security Bulletin: A vulnerability in XML processing affects IBM InfoSphere Streams (CVE-2015-1819) *** --------------------------------------------- IBM InfoSphere Streams may be vulnerable to a denial of service attack due to the use of Libxml2 (CVE-2015-1819) CVE(s): , CVE-2015-1819 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 1.2.1.0 IBM InfoSphere Streams Version 2.0.0.4 and earlier IBM InfoSphere Streams Version 3.0.0.5 and earlier IBM InfoSphere Streams Version 3.1.0.7 and earlier IBM InfoSphere... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21981066 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM BigFix Remote Control (CVE-2016-2107) *** --------------------------------------------- OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM BigFix Remote Control. IBM BigFix Remote Control has addressed the applicable CVEs. CVE(s): CVE-2016-2107 Affected product(s) and affected version(s): IBM BigFix Remote Control version 9.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin:... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21984111

1 0

Tageszusammenfassung - Montag 6-06-2016
by Daily end-of-shift report 06 Jun '16

06 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 03-06-2016 18:00 − Montag 06-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Magento Credit Card Stealer for Braintree Extension *** --------------------------------------------- We regularly find and write about malware that steals credit card details from Magento sites because attackers discover new techniques to obtain sensitive data daily. This time, the malicious code is specifically designed for Magento sites that use the Braintree extension. This extension connects a Magento store with the Braintree payment processing service that is... --------------------------------------------- https://blog.sucuri.net/2016/06/magento-credit-card-stealer-braintree-exten… *** WordPress Sites Under Attack From New Zero-Day In WP Mobile Detector Plugin *** --------------------------------------------- An anonymous reader writes: A large number of websites have been infected with SEO spam thanks to a new zero-day in the WP Mobile Detector plugin that was installed on over 10,000 websites. The zero-day was used in real-world attacks since May 26, but only surfaced to light on May 29 when researchers notified the plugins developer. Seeing that the developer was slow to react, security researchers informed Automattic, who had the plugin delisted from WordPress.orgs Plugin Directory on May 31. In... --------------------------------------------- https://tech.slashdot.org/story/16/06/03/2243238/wordpress-sites-under-atta… https://blog.sucuri.net/2016/06/wp-mobile-detector-vulnerability-being-expl… *** Whats Going on With libtiff?, (Sun, Jun 5th) *** --------------------------------------------- libtiff, as the name implies, is a library used to parse TIFF formatted images. While you dont run into TIFF images on the web every day, the format is quite popular for higher-resolution/high qualityapplications like printing. TIFF allows the user to select between lossless or lossycompression depending on the preferences of the user. While the library is very popular, a reader wrote in last week asking if the library is still maintained. Currently, there are three security issues listed in... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21131&rss *** Destructive BadBlock ransomware can be foiled *** --------------------------------------------- If you have been hit with ransomware, you want that malware to be BadBlock - but only if you haven't restarted your computer. This particular malware is a lacklustre attempt to create something on par with more popular ransomware, and that allowed Emsisoft security researcher Fabian Wosar to create a decrypter tool for it. The tool can be downloaded for free, and Bleeping Computer has offered instructions on how to use it. But, aside from... --------------------------------------------- https://www.helpnetsecurity.com/2016/06/06/destructive-badblock-ransomware-… *** Researchers hack the Mitsubishi Outlander SUV, shut off alarm remotely *** --------------------------------------------- Mitsubishi Outlander, a popular hybrid SUV sold around the world, can be easily broken into by attackers exploiting security weaknesses in the setup that allows the car to be remotely controlled via an app. The weaknesses were discovered by Pen Test Partners, and include: The mobile app connects to the car through a Wi-Fi access point on it, instead via a web service and GSM module, making it impossible to use if one is not... --------------------------------------------- https://www.helpnetsecurity.com/2016/06/06/researchers-hack-mitsubishi-outl… *** Dangerous self-spreading successor of Zeus and Carberp discovered *** --------------------------------------------- June 3, 2016 In June, Doctor Web security researchers examined a new dangerous virus targeting Russian bank clients. The virus is designed to steal money from bank accounts and monitor user activity. It has borrowed a lot of features from its predecessors Zeus (Trojan.PWS.Panda) and Carberp. Yet, unlike them, it can be spread without any user intervention infecting executable files. Besides, curing of the infected computer is rather complicated and may take several hours. Due to the ability to... --------------------------------------------- http://news.drweb.com/show/?i=9999&lng=en&c=9 *** Firmware Analysis for IoT Devices *** --------------------------------------------- Introduction This is the second post in the IoT Exploitation and Penetration Testing series. In this post, we are going to have a look at a key component in an IoT device architecture - Firmware. Any IoT device you use, you will be interacting with firmware, and this is because firmware can be thought of... --------------------------------------------- http://resources.infosecinstitute.com/firmware-analysis-for-iot-devices/ *** Widespread exploits evade protections enforced by Microsoft EMET *** --------------------------------------------- Its bad news for businesses. Hackers have launched large-scale attacks that are capable of bypassing the security protections added by Microsofts Enhanced Mitigation Experience Toolkit (EMET), a tool whose goal is to stop software exploits.Security researchers from FireEye have observed Silverlight and Flash Player exploits designed to evade EMET mitigations such as Data Execution Prevention (DEP), Export Address Table Access Filtering (EAF) and Export Address Table Access Filtering Plus --------------------------------------------- http://www.cio.com/article/3079747/widespread-exploits-evade-protections-en… *** Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** JSA10749 - IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability (CVE-2016-1409) *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10749&actp=RSS *** Security Advisory: NTP vulnerability CVE-2016-1548 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/63/sol63675293.html?… *** DSA-3595 mariadb-10.0 - security update *** --------------------------------------------- Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.25. Please see the MariaDB 10.0 Release Notes for furtherdetails: --------------------------------------------- https://www.debian.org/security/2016/dsa-3595 *** Bugtraq: [security bulletin] HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access *** --------------------------------------------- http://www.securityfocus.com/archive/1/538597 *** DFN-CERT-2016-0908: VideoLAN VLC Media Player: Eine Schwachstelle ermöglicht u.a. die Ausführung beliebigen Programmcodes mit Benutzerrechten *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0908/ *** Citrix NetScaler Gateway Lets Remote Users Hijack the Target Users Login Form Credentials *** --------------------------------------------- http://www.securitytracker.com/id/1036020

1 0

Tageszusammenfassung - Freitag 3-06-2016
by Daily end-of-shift report 03 Jun '16

03 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 02-06-2016 18:00 − Freitag 03-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Trillium Exploit Kit Update Offers 'Security Tips' *** --------------------------------------------- McAfee Labs has previously blogged about the Trillium Exploit Kit Version 3.0, which is commonly used to create and distribute malware. Last week, Version 4.0 appeared on several underground forums. We have analyzed the new version of the tool .. --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/trillium-exploit-kit-update-offers-sec… *** DSA-3593 libxml2 - security update *** --------------------------------------------- Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3593 *** GE MultiLink Series Hard-coded Credential Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a hard-coded credential vulnerability in GE's MultiLink series managed switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01 *** WP Mobile Detector <= 3.5 - Arbitrary File Upload *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8505 *** Understanding Angler Exploit Kit - Part 1: Exploit Kit Fundamentals *** --------------------------------------------- Generally speaking, criminal groups use two methods for widespread distribution of malware. The most common method is malicious spam (malspam). This is a fairly direct mechanism, usually through an email attachment or .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/06/unit42-understanding-ang… *** MySQL is YourSQL *** --------------------------------------------- Its The End of the World and We Know It If you listen to the press - those purveyors of doom, those nattering nabobs of negativism - you arrive at a single, undeniable conclusion: The worldis going to hell in a hand-basket. They .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21117 *** Nach Kontroversen: Teamviewer führte neue Accountsicherungen ein *** --------------------------------------------- Wenige Tage nach zahlreichen Nutzerbeschwerden über gehackte Accounts reagiert Teamviewer mit einem vorgezogenen Sicherheitsupdate. Wir haben mit dem Unternehmen darüber gesprochen. --------------------------------------------- http://www.golem.de/news/nach-kontroversen-teamviewer-fuehrte-neue-accounts…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily June 2016