Daily August 2016

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - Mittwoch 31-08-2016
by Daily end-of-shift report 31 Aug '16

31 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 30-08-2016 18:00 − Mittwoch 31-08-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Security Bulletin Posted for ColdFusion (APSB16-30) *** --------------------------------------------- Adobe has published a Security Bulletin (APSB16-30) announcing the availability of hotfixes for ColdFusion versions 11 and 10. These hotfixes resolve a critical vulnerability .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1395 *** Inside the Demise of the Angler Exploit Kit *** --------------------------------------------- Researchers at Kaspersky Lab today confirmed that the cybercriminals behind the Lurk Trojan were also responsible for the development and distribution of .. --------------------------------------------- http://threatpost.com/inside-the-demise-of-the-angler-exploit-kit/120222/ *** BASHLITE Family Of Malware Infects 1 Million IoT Devices *** --------------------------------------------- Over 1 million consumer web-connected video cameras and DVRs have have become the slaves to botnet herders that use the devices for DDoS and phishing attacks. --------------------------------------------- http://threatpost.com/bashlite-family-of-malware-infects-1-million-iot-devi… *** Ask Sucuri: How Modern Web Phishing Works *** --------------------------------------------- Most of us have experienced some kind of phishing attempt in our online lives, and we have seen phishing grow in complexity. Usually, we notice that the login pages are .. --------------------------------------------- https://blog.sucuri.net/2016/08/modern-web-phishing-works.html *** Ursnif: Deep Technical Dive *** --------------------------------------------- While attack tools around the world are stealthy and stay under the radar, we at Seculert examine many different malicious tools. This is done in order to stay at least one step ahead of the attackers, and improve our advanced analytics technology to detect their artistic evasive techniques. --------------------------------------------- http://www.seculert.com/blogs/ursnif-deep-technical-dive *** Das Ziel seien Banken: DDoS‑Erpresser fordern “nur” 1 Bitcoin und drohen Verschlüsselung an *** --------------------------------------------- Die aktuelle Gruppe nennt sich „HACKER TEAM – Armada Collective“. Die Kriminellen haben laut Link11 mehreren .. --------------------------------------------- http://www.it-finanzmagazin.de/ernstzunehmende-ddos-erpresser-fordern-nur-1… *** Adobe stopft ColdFusion-Lücken vor dem Patchday *** --------------------------------------------- Gut zwei Wochen vor dem regulären Patchday der Firma schließt Adobe zwei Lücken im Web-Application-Server ColdFusion. Das deutet darauf hin, dass Admins die Patches schnell einspielen sollten. --------------------------------------------- http://heise.de/-3309658 *** Blockchain-Technologie: Ein Drittel aller Bitcoin-Börsen wurde gehackt *** --------------------------------------------- Wie sicher sind Bitcoin bei Online-Börsen? Nicht besonders, wenn man einer aktuellen Studie Glauben schenkt. Demnach .. --------------------------------------------- http://www.golem.de/news/blockchain-technologie-ein-drittel-aller-bitcoin-b… *** [2016-08-31] Manipulation of pre-boot authentication in CryptWare CryptoPro Secure Disk for Bitlocker *** --------------------------------------------- CryptoPro Secure Disk for Bitlocker contains multiple vulnerabilities which can be used by an attacker to manipulate the PBA (pre-boot authentication). This allows .. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016… *** DSA-3657 libarchive - security update *** --------------------------------------------- Hanno Boeck and Marcin Noga discovered multiple vulnerabilities inlibarchive; processing malformed archives may result in denial ofservice or the execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2016/dsa-3657 *** Dropbox-Hack: Seit 2012 rund 68 Millionen Passwörter im Netz *** --------------------------------------------- Datenbank konnte offenbar wegen LinkedIn-Hack gestohlen werden, wo Dropbox-Mitarbeiter gleiches Passwort nutzte --------------------------------------------- http://derstandard.at/2000043625840 *** Swift spricht von weiteren Hackerattacken auf Banken *** --------------------------------------------- http://derstandard.at/2000043626250 *** BitTorrent-Client Transmission brachte erneut Malware auf Macs *** --------------------------------------------- Zum zweiten Mal konnten sich Nutzer durch den Download der populären BitTorrent-App Malware auf ihrem Mac .. --------------------------------------------- http://heise.de/-3310446 *** Sicherheitslücken in Defibrillatoren: Investmentfirma spekulierte mit Hersteller-Börsenkurs *** --------------------------------------------- Ein schwerer Vorwurf: Eine Sicherheitsfirma soll ein potenziell lebensbedrohliche Sicherheitslücken aufgebauscht und an eine Investmentfirma verraten haben, um dann an der Börse Geld zu scheffeln. --------------------------------------------- http://heise.de/-3309906 *** Zertifizierungsstelle: Wosign stellt unberechtigtes Zertifikat für Github aus *** --------------------------------------------- Eine ganze Reihe von Vorfällen bringt die Zertifizierungsstelle Wosign in Erklärungsnot. Verschiedene Sicherheitslücken ermöglichten die unberechtigte Ausstellung von .. --------------------------------------------- http://www.golem.de/news/zertifizierungsstelle-wosign-stellt-unberechtigtes…

1 0

Tageszusammenfassung - Dienstag 30-08-2016
by Daily end-of-shift report 30 Aug '16

30 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-08-2016 18:00 − Dienstag 30-08-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Browser-based fingerprinting: implications and mitigations *** --------------------------------------------- This post covers the information disclosure bugs in Internet Explorer and Edge that we sometimes refer to as fingerprinting. We review past .. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/exploits/2016/08/browser-based-fin… *** Double-click me not: Malicious proxy settings in OLE Embedded Script *** --------------------------------------------- Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigations investments in .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/08/29/double-click-me-not-mal… *** Hintergrund: Analysiert: Ransomware meets Info-Stealer - RAA und das diebische Pony *** --------------------------------------------- Im Rahmen unserer Analysiert:-Serie geht es diesmal einem Erpressungs-Trojaner an den Code: Olivia von Westernhagen untersucht den in JavaScript realisierte RAA-Trojaner, der gleich auch noch eine Passwort-Klau-Malware im Gepäck hat. --------------------------------------------- http://heise.de/-3303113 *** Skurriles Motiv für Cyberangriff auf Präsidenten-Website in Sri Lanka *** --------------------------------------------- 17 Jahre alter Angreifer forderte Verschiebung der Abiturprüfungen --------------------------------------------- http://derstandard.at/2000043545769 *** Linux-Paketmanager: RPM-Entwicklung verläuft chaotisch *** --------------------------------------------- Unser Autor hat versucht, potenzielle Sicherheitslücken im Paketmanager RPM zu melden, der von Red Hat, Suse und weiteren Linux-Distributionen genutzt wird. Doch das war gar .. --------------------------------------------- http://www.golem.de/news/linux-paketmanager-rpm-entwicklung-verlaeuft-chaot… *** The Hunt for Lurk *** --------------------------------------------- In June, 2016, the Russian police arrested the alleged members of the criminal group known as Lurk. The police suspected Lurk of stealing nearly three billion rubles. The story of Lurk gives some idea of the amount of work that has to be done to obtain enough evidence to arrest and prosecute suspects. --------------------------------------------- http://securelist.com/analysis/publications/75944/the-hunt-for-lurk/ *** Ripper: Geldautomaten-Malware gibt bis zu 40 Scheine aus *** --------------------------------------------- Sicherheitsforscher haben eine Schadsoftware entdeckt, die Geldautomaten gleich dreier Hersteller infizieren soll. Vieles deutet daraufhin, dass Kriminelle mit Hilfe der Malware in Thailand Geld im Wert von mehr als 300.000 Euro entwenden konnten. --------------------------------------------- http://www.golem.de/news/ripper-geldautomaten-malware-gibt-bis-zu-40-schein… *** Linux servers hit with FairWare ransomware – or is it just a scam? *** --------------------------------------------- Users posting on Bleeping Computer’s forums have alerted the world to a new threat targeting Linux server admins: the FairWare ransomware. Whether the ransomware actually .. --------------------------------------------- https://www.helpnetsecurity.com/2016/08/30/linux-fairware-ransomware/ *** Sicherheit implantierbarer Medizintechnik: Herzschrittmacher von St. Jude Medical sollen hackbar sein *** --------------------------------------------- Streit mit harten Bandagen: Der US-amerikanische Medizingerätehersteller St. Jude Medical zofft sich mit dem Sicherheitsspezialisten MedSec und der Investmentfirma Muddy Waters Capital über die Sicherheit von lebenswichtigen Geräten. --------------------------------------------- http://heise.de/-3307510 *** 71,000 Minecraft World Map accounts leaked online after hack *** --------------------------------------------- Dumped creds have been exposed since January Some 71,000 user accounts and IP addresses have been leaked from Minecraft fan website Minecraft World Map. --------------------------------------------- www.theregister.co.uk/2016/08/30/71000_minecraft_world_map_accounts_leak/

1 0

Tageszusammenfassung - Montag 29-08-2016
by Daily end-of-shift report 29 Aug '16

29 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 26-08-2016 18:00 − Montag 29-08-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** VMSA-2016-0007.2 *** --------------------------------------------- VMware NSX and vCNS product updates address a critical information disclosure vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0007.html *** Another Day - Another Ransomware Sample *** --------------------------------------------- Catching ransomware is pretty easy these days. I setup a procmail filter that will extract all e-mails with compressed JavaScript attachments. Whatever is .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21413 *** QNAP QTS Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Overwrite Arbitrary Files, and Inject Commands *** --------------------------------------------- http://www.securitytracker.com/id/1036699 *** Tips for Securing SSL Renegotiation *** --------------------------------------------- A number of Internet connections require SSL renegotiation, a Secure Sockets Layer/Transport .. --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/tips-securing-ssl-renegotiation/ *** Amazon: Gehackte Händlerkonten locken mit Schnäppchen *** --------------------------------------------- Bei besonders günstigen Artikeln im Amazon Marketplace versuchen die vermeintlichen Händler die Kaufabwicklung außerhalb des Shops vorzunehmen. --------------------------------------------- http://futurezone.at/digital-life/amazon-gehackte-haendlerkonten-locken-mit… *** Dropbox setzt Passwörter aus dem Jahr 2012 und davor zurück *** --------------------------------------------- Der Cloud-Speicher-Dienst fordert aktuell einige Nutzer dazu auf, ihr Dropbox-Kennwort zurückzusetzen und neu zu vergeben. Hintergrund ist ein Datenleck aus dem Jahr 2012. --------------------------------------------- http://heise.de/-3306240 *** Cybercriminals Select Insiders To Attack Telecom Providers *** --------------------------------------------- An anonymous reader quotes a report from Help Net Security: Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, according to Kaspersky Lab. In addition, these .. --------------------------------------------- https://tech.slashdot.org/story/16/08/27/0739204/cybercriminals-select-insi… *** Opera warns Opera Sync users of possible security breach *** --------------------------------------------- The Norwegian company warned the users that the Opera Sync service of a possible security breach that might have exposed their data. On Friday, Opera, published .. --------------------------------------------- http://securityaffairs.co/wordpress/50690/data-breach/opera-sync-security-b… *** Observatory: Mozilla bietet Sicherheitscheck für Websites *** --------------------------------------------- Wie sicher ist die eigene Internetseite? Der Test mit einem neuen Tool von Browserhersteller Mozilla könnte für viele Betreiber ernüchternd sein. --------------------------------------------- http://www.golem.de/news/observatory-mozilla-bietet-sicherheitscheck-fuer-w… *** Ransomware: Trojaner Fantom gaukelt kritisches Windows-Update vor *** --------------------------------------------- Ein Windows-Update wiegt die Nutzer in Sicherheit, haben sich die Hersteller des Erpressungstrojaners Fantom wohl gedacht. In diesem Fall ist jedoch besondere Vorsicht geboten. --------------------------------------------- http://www.golem.de/news/ransomware-trojaner-fantom-gaukelt-kritisches-wind… *** Exploits: Treiber der Android-Hersteller verursachen Kernel-Lücken *** --------------------------------------------- Die Zahl der Angriffe auf den Linux-Kernel in Android wächst sehr stark. Der mit Abstand größte Teil der bekannten Sicherheitslücken findet sich dabei in den Gerätetreibern der Hersteller, die mit der Kernel-Pflege offenbar überfordert sind. --------------------------------------------- http://www.golem.de/news/exploits-treiber-der-android-hersteller-verursache… *** Wartungsarbeiten Donnerstag, 1. 9. 2016, nachmittags *** --------------------------------------------- Am Donnerstag, 1. September 2016, werden wir ab etwa 13h notwendige Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu keinen Ausfällen der extern .. --------------------------------------------- http://www.cert.at/services/blog/20160829150342-1783.html *** l+f: Passwort-Safe mit Löchern *** --------------------------------------------- Googles Security Crack Tavis Ormandy nimmt sich nach der Anitviren-Software jetzt Passwort-Safes zur Brust -- mit ähnlich erschreckenden Resultaten. --------------------------------------------- http://heise.de/-3306993 *** ZDI-16-497: Apple OS X AppleHDA Buffer Overflow Privilege Escalation Vulnerability *** --------------------------------------------- This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-497/

1 0

Tageszusammenfassung - Freitag 26-08-2016
by Daily end-of-shift report 26 Aug '16

26 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 25-08-2016 18:00 − Freitag 26-08-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** OpenSSL schützt vor Sweet32-Attacke und tanzt ChaCha20 *** --------------------------------------------- Version 1.1.0 mistet alte, unsichere Krypto-Verfahren aus und unterstützt dafür modernere wie ChaCha20. Das Update stoppt zudem die Sweet32-Attacke auf SSL/TLS und OpenVPN. --------------------------------------------- http://heise.de/-3305647 *** Hintergrund: Die iOS-Spyware Pegasus - eine Bestandsaufnahme *** --------------------------------------------- Die Spionage-Software Pegasus erschüttert die iPhone-Welt. Wie kann ich mich schützen? Liegt das iOS-Sicherheitskonzept in Schutt und Asche? Ist das das Ende? Eine Analyse der bekannten Fakten schafft Klarheit. --------------------------------------------- http://heise.de/-3305780 *** What's The Deal With Machine Learning? *** --------------------------------------------- We've recently received quite a few questions regarding the use of machine learning techniques in cyber security. I figured it was time for a blog post. Interestingly, while I was writing this post, we got asked even more questions, so the timing couldn't be better. It seems that there are quite a few companies out... --------------------------------------------- https://labsblog.f-secure.com/2016/08/26/whats-the-deal-with-machine-learni… *** Floating Domains - Taking Over 20K DigitalOcean Domains via a Lax Domain Import System *** --------------------------------------------- DigitalOcean is a cloud service provider similar to Amazon Web Services or Google Cloud. They offer cloud DNS hosting as one of their product lines - a nice guide on how to set up your domain to use their DNS can be found here. Take a moment to read it over and see if you can spot any potential issues with their domain name set up process. --------------------------------------------- https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-dom… *** 5 security practices hackers say make their lives harder *** --------------------------------------------- Whether they identify as white hats, black hats or something in-between, a majority of hackers agree that no password is safe from them - or the government for that matter. Regardless of where they sit with respect to the law, hackers mostly agree that five key security measures can make it a lot harder to penetrate enterprise networks.At the Black Hat USA 2016 conference in Las Vegas earlier this month, Thycotic, a specialist in privileged account management (PAM) solutions, surveyed... --------------------------------------------- http://www.cio.com/article/3112740/security/5-security-practices-hackers-sa… *** iOS 9.3.5 *** --------------------------------------------- This document describes the security content of iOS 9.3.5. --------------------------------------------- https://support.apple.com/en-us/HT207107 *** F-Secure Policy Manager 12.00.67239 - Remote code execution by authenticated user *** --------------------------------------------- The F-Secure Policy Manager client relies on Spring remoting to communicate with the server. Spring remoting uses Java serialization as transfer protocol. Spring internal mechanisms first deserialize before validating the deserialization class is authorized. That behavior leads to remote command execution if we are able to send objects present in the classpath that execute code when they are deserialized. --------------------------------------------- https://remoteawesomethoughts.blogspot.com/2016/08/f-secure-policy-manager-… *** PowerDNS Recursor 4.0.2 - Released August 26th 2016 *** --------------------------------------------- This release fixes a regression in 4.x where CNAME records for DNSSEC signed domains were not sorted before the final answers, leading to some clients (notably some versions of Chrome) not being able to extract the required answer from the packet. [...] Further fixes and changes can be found below:... --------------------------------------------- https://doc.powerdns.com/md/changelog/ *** VU#305607: Accellion Kiteworks contains multiple vulnerabilities *** --------------------------------------------- Vulnerability Note VU#305607 Accellion Kiteworks contains multiple vulnerabilities Original Release date: 26 Aug 2016 | Last revised: 26 Aug 2016 Overview The Accellion Kiteworks appliance prior to version kw2016.03.00 contains multiple vulnerabilities. Description CWE-276: Incorrect Default Permissions - CVE-2016-5662 The `/opt/bin/cli` script has setuid permissions by default, allowing an authenticated KiteWorks users to escalate privileges of commands to root. In practice, the user would... --------------------------------------------- http://www.kb.cert.org/vuls/id/305607 *** AlienVault USM/OSSIM 5.2 conf/reload.php DOM-based XSS *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016080229 *** FreePBX 13.0.35 Remote command execution *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016080231 *** Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016080232 *** OpenBSD SMTP Processing Bug in rfc2822_parser_init() May Let Remote Users Bypass Security Restrictions on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1036691 *** DFN-CERT-2016-1391: OpenSSL: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen und Ausspähen von Informationen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1391/ *** OpenVPN Blowfish Cipher Block Collision Weakness Lets Remote Users Decrypt Data in Certain Cases *** --------------------------------------------- http://www.securitytracker.com/id/1036695 *** DSA-3651 rails - security update *** --------------------------------------------- Andrew Carpenter of Critical Juncture discovered a cross-site scriptingvulnerability affecting Action View in rails, a web applicationframework written in Ruby. Text declared as HTML safe will not havequotes escaped when used as attribute values in tag helpers. --------------------------------------------- https://www.debian.org/security/2016/dsa-3651 *** DSA-3654 quagga - security update *** --------------------------------------------- Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routingdaemon. --------------------------------------------- https://www.debian.org/security/2016/dsa-3654 *** DSA-3653 flex - security update *** --------------------------------------------- Alexander Sulfrian discovered a buffer overflow in theyy_get_next_buffer() function generated by Flex, which may result indenial of service and potentially the execution of code if operating ondata from untrusted sources. --------------------------------------------- https://www.debian.org/security/2016/dsa-3653 *** DSA-3652 imagemagick - security update *** --------------------------------------------- This updates fixes many vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitisingmay result in denial of service or the execution of arbitrary code ifmalformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,PDB, DDS, DCM, EXIF, RGF or BMP files are processed. --------------------------------------------- https://www.debian.org/security/2016/dsa-3652

1 0

Tageszusammenfassung - Donnerstag 25-08-2016
by Daily end-of-shift report 25 Aug '16

25 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 24-08-2016 18:00 − Donnerstag 25-08-2016 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability *** --------------------------------------------- A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** IBM Security Bulletin: Multiple vulnerabilities in IBM Financial Transaction Manager for ACH Services, Check Services, Corporate Payment Services (CVE-2016-5920, CVE-2016-1181, CVE-2016-1182, CVE-2016-3060) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21989060 *** IBM Security Bulletin: IBM Tivoli Storage Manager FastBack Demo package on the Web Potential DLL Loading Code Execution Vulnerability (CVE-2016-5934 ) *** --------------------------------------------- IBM Tivoli Storage Manager FastBack Demo package on the Web contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute .. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21988908 *** IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in OpenSSL *** --------------------------------------------- Vulnerabilities have been identified in OpenSSL. IBM Security Access Manager for Mobile uses OpenSSL and is affected by these vulnerabilities. CVE(s): CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, .. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21988189 *** Hacked Email: Why Cyber Criminals Want to Get Into Your Inbox *** --------------------------------------------- “I don’t care about getting hacked, there’s nothing valuable in my email” If I got a nickel .. --------------------------------------------- https://heimdalsecurity.com/blog/hacked-email-why-cyber-criminals-want-inbo… *** Example of Targeted Attack Through a Proxy PAC File, (Wed, Aug 24th) *** --------------------------------------------- Yesterday, I discovered a nice example of targeted attack against a Brazilian bank. It started with an email sample like this: This message was sent to a .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21405 *** Bugtraq: WebKitGTK+ Security Advisory WSA-2016-0005 *** --------------------------------------------- http://www.securityfocus.com/archive/1/539295 *** [2016-08-25] Multiple vulnerabilities in Micro Focus (Novell) GroupWise *** --------------------------------------------- Micro Focus (Novell) GroupWise 2014 (up to R2 SP1) contains vulnerabilities that allow an attacker to take over user sessions by sending the victim a crafted email, take over administrator accounts or potentially compromise the system (heap based buffer overflow). --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016… *** SWEET32: Kurze Verschlüsselungsblöcke sorgen für Kollisionen *** --------------------------------------------- Ein neuer Angriff auf TLS- und VPN-Verbindungen betrifft alte Verschlüsselungsalgorithmen wie Triple-DES und Blowfish, die Daten in 64-Bit-Blöcken verschlüsseln. Der Angriff erfordert das Belauschen vieler Gigabytes an Daten und dürfte damit nur selten praktikabel sein. --------------------------------------------- http://www.golem.de/news/sweet32-kurze-verschluesselungsbloecke-sorgen-fuer… *** Cisco liefert Sicherheits-Patches für NSA-Exploit ExtraBacon aus *** --------------------------------------------- Admins müssen Firewalls mit der Adaptive-Security-Appliance-Software (ASA) nun nicht mehr mittels eines Workarounds absichern: Cisco stopft die Schwachstelle mit abgesicherten Versionen. --------------------------------------------- http://heise.de/-3304688 *** Falsche Bank Austria-Mail: „Zahlungsbestätigung Monatsbeitrag“ *** --------------------------------------------- Internet-Nutzer/innen erhalten eine angebliche Benachrichtigung der Bank Austria. In dieser heißt es, dass der Newsletter und ein Gewinnspiel monatlich EUR 39,99- kosten. Den Gebrauch des Services sollen Kund/innen auf einer Website bestätigen. Empfänger/innen der E-Mail dürfen das nicht tun, denn andernfalls übermitteln sie Zugangsdaten an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/phishing/falsche-bank-austria-mail-zahlun… *** Security Advisory - Resource Management Vulnerability in Huawei Servers *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… *** Stolen devices to blame for many breaches in the financial services sector *** --------------------------------------------- Bitglass performed an analysis of all breaches in the financial services sector since 2006, with data aggregated from public databases and government mandated disclosures. They found that leaks nearly doubled between .. --------------------------------------------- https://www.helpnetsecurity.com/2016/08/25/breaches-financial-services-sect… *** Falsche Verbund-Rechnung verbreitet Schadsoftware *** --------------------------------------------- Im E-Mailpostfach findet sich eine Rechnung des Stromanbieters Verbund. Kund/innen können die Zahlungaufforderung auf der Website „verbund-bill.com“ ansehen. Das dürfen Empfänger/innen nicht tun, denn andernfalls installieren sie Schadsoftware auf ihrem Computer. Diese macht den PC unbrauchbar. Kriminelle fordern Bitcoins, um das zu ändern. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/falsche-verbund-re… *** BMI warnt: Erst Taschendiebstahl von iPhone, dann Phishing *** --------------------------------------------- Es werden vermehrt iPhones in Österreich gestohlen. Mit einer Masche wird danach die Fernsperre außer Kraft gesetzt. --------------------------------------------- http://futurezone.at/digital-life/bmi-warnt-erst-taschendiebstahl-von-iphon… *** How the Consumer Product Safety Commission is (Inadvertently) Behind the Internet’s Largest DDoS Attacks *** --------------------------------------------- The mission of the United States Governments Consumer Product Safety Commission (CPSC) is to protect consumers from injury by products. Its ironic then that the CPSC .. --------------------------------------------- https://blog.cloudflare.com/how-the-consumer-product-safety-commission-is-i…

1 0

Tageszusammenfassung - Mittwoch 24-08-2016
by Daily end-of-shift report 24 Aug '16

24 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-08-2016 18:00 − Mittwoch 24-08-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** The SWEET32 Issue, CVE-2016-2183 *** --------------------------------------------- Today, Karthik Bhargavan and Gaetan Leurent from Inria have unveiled a new attack on Triple-DES, SWEET32, Birthday attacks on 64-bit block ciphers in TLS and OpenVPN. It has been assigned CVE-2016-2183. This post gives a bit of background and describes what OpenSSL is doing. For more details, see their website. --------------------------------------------- https://www.openssl.org/blog/blog/2016/08/24/sweet32/ *** "Wildfire" Ransomware Extinguished by Tool From NoMoreRansom; Unlock Files for Free *** --------------------------------------------- Intel Security and Kaspersky Lab, partners in the project NoMoreRansom, are pleased to announce today the availability of a decryption tool for victims of the Wildfire variant of ransomware. This tool is available following successful collaboration with the Dutch police and the European Cybercrime Centre. This strong public-private partnership has led to the seizure of... --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/wildfire-ransomware-extinguished-tool-… *** BSI veröffentlicht Update zu den Top 10 Bedrohungen für Industrial Control Systems *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) beobachtet die Bedrohungslage für Industrial Control Systems deshalb kontinuierlich. Die schwerwiegendsten Gefahren sowie passende Gegenmaßnahmen fasst das BSI seit 2012 im Dokument "Industrial Control System Security - Top 10 Bedrohungen und Gegenmaßnahmen" zusammen. Für das Jahr 2016 hat das Bundesamt nun ein Update des Papiers herausgegeben. --------------------------------------------- https://www.allianz-fuer-cybersicherheit.de/ACS/DE/_/infos/20160823_Update_… *** NSA-Exploit ExtraBacon soll deutlich mehr Cisco-Firewalls bedrohen *** --------------------------------------------- Untersuchungen von Sicherheitsforschern legen nahe, dass auch neuere Version der Cisco Adaptive Security Appliance (ASA) angreifbar sind. --------------------------------------------- http://heise.de/-3303629 *** Privilege Escalation on Linux with Live examples *** --------------------------------------------- Introduction One of the most important phase during penetration testing or vulnerability assessment is Privilege Escalation. During that step, hackers and security researchers attempt to find out a way (exploit, bug, misconfiguration) to escalate between the system accounts. Of course, vertical privilege escalation is the ultimate goal. For many security researchers, this is a fascinating... --------------------------------------------- http://resources.infosecinstitute.com/privilege-escalation-linux-live-examp… *** Forscher sehen Löcher in Apples iOS-Sandbox *** --------------------------------------------- Die iOS-Sandbox weist Wissenschaftlern zufolge "bedenkliche Sicherheitslücken" auf, die Apps den eigentlich verwehrten Zugriff auf Nutzerdaten ermöglichen - und Eingriff ins System. Apple will die Schwachstellen offenbar mit iOS 10 schließen. --------------------------------------------- http://heise.de/-3304068 *** VMSA-2016-0013 *** --------------------------------------------- VMware Identity Manager and vRealize Automation updates address multiple security issues --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0013.html *** Moxa OnCell Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for several vulnerabilities in Moxa's OnCell products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01 *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… --------------------------------------------- *** Security Advisory - Weak Encryption Algorithm Vulnerability in Huawei Servers *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… --------------------------------------------- *** Security Advisory - XXE Vulnerability in the E9000 *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… --------------------------------------------- *** Security Advisory - Uncontrolled Format String Vulnerability on Multiple Products *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… --------------------------------------------- *** Security Advisory - Reset Password and Information Leak Vulnerabilities in Huawei UMA *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… --------------------------------------------- *** Security Advisory - Two Command Injection Vulnerabilities in Huawei UMA *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… --------------------------------------------- *** Security Advisory - Information Leak Vulnerability in Huawei FusionSphere Product *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 23-08-2016
by Daily end-of-shift report 23 Aug '16

23 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 22-08-2016 18:00 − Dienstag 23-08-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Vuln: WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/92572 *** Juniper Acknowledges Equation Group Targeted ScreenOS *** --------------------------------------------- Juniper Networks on Friday acknowledged that implants contained in the ShadowBrokers data dump target NetScreen firewalls running ScreenOS. --------------------------------------------- http://threatpost.com/juniper-acknowledges-equation-group-exploits-target-s… *** Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities in IP Phones *** --------------------------------------------- Obihai Technology recently patched a slew of issues in its ObiPhone IP phone products that could have led to memory corruption, a buffer overflow, and denial of service conditions, among other outcomes. --------------------------------------------- http://threatpost.com/obihai-patches-memory-corruption-dos-csrf-vulnerabili… *** Vuln: PHP php_quot_print_encode() Function Integer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/92588 *** shellray. a php webshell detector *** --------------------------------------------- nimbusec shellray ist ein kostenloser Online Webshell Detector für .php-Dateien. --------------------------------------------- https://shellray.com/de/ *** Voice Message Notifications Deliver Ransomware *** --------------------------------------------- Bad guys need to constantly find new ways to lure their victims. If billing notifications were very common for a while, not all people in a company are working .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21397 *** Security Notice - Statement About Toolkit Released by Shadow Brokers *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20160823-01-… *** 'Sicherheits-Check' bei Bank Austria-Kunden *** --------------------------------------------- Eine falsche Bank Austria-Mail ist im Umlauf. Darin behaupten Kriminelle, dass Kund/innen einen Sicherheits-Check durchführen müssen. Aus diesem .. --------------------------------------------- https://www.watchlist-internet.at/phishing/sicherheits-check-bei-bank-austr… *** Sandscout: Angriff auf Apples Sandkasten *** --------------------------------------------- Im Sicherheitsvergleich mit Android schneidet iOS meist besser ab. In einem aktuellen Versuch gelang es Forschern aber, einen erfolgreichen Angriff auf die Sandboxing-Funktion von iOS-Apps durchzuführen. --------------------------------------------- http://www.golem.de/news/sandscout-angriff-auf-apples-sandkasten-1608-12285… *** Timing of Browser-Based Security Alerts Could Be Better *** --------------------------------------------- New academic research shows that security warnings should be better timed to pop up when computers users are less likely to be multitasking. --------------------------------------------- http://threatpost.com/timing-of-browser-based-security-alerts-could-be-bett…

1 0

Tageszusammenfassung - Montag 22-08-2016
by Daily end-of-shift report 22 Aug '16

22 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 19-08-2016 18:00 − Montag 22-08-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Shadow Brokers Release of Hacking Code *** --------------------------------------------- Juniper responds to hacking code released by The Shadow Brokers. --------------------------------------------- https://forums.juniper.net/t5/Security-Incident-Response/Shadow-Brokers-Rel… *** Cisco ASA SNMP Remote Code Execution Vulnerability, (Sun, Aug 21st) *** --------------------------------------------- Looking back through all the vulnerabilities announced this week, one caught my eye. CVE-2016-6366 is a vulnerability in the Cisco ASA products which could allow a remote attacker to remotely execute code. This vulnerability is part of the Equation Group disclosures and was not previously known by Cisco.The vulnerability is in the SNMP code on the ASA and would allow an attacker with knowledge of the SNMP community stringto send craftedIPv4SNMP traffic which could be used to reload the system... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21389&rss *** I got the power - over your IoT power-point *** --------------------------------------------- It never gets better, does it? The latest "your IoT security is rubbish" takes the world one step closer to "burn it all and try again": a "smart" electrical outlet thats actually a whole-of-network attack vector. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/08/22/i_got_the_p… *** How to get your network and security teams working together *** --------------------------------------------- Its not surprising that network and security teams arent always on the same page. After all, networks need to be fast and efficient, while security is about slowing things down and implementing extra steps to help meet security measures. While both teams are a part of the IT department, and need to work together in the event of a breach, each group has its own objectives and expectations. But when a data breach or security threat strikes, businesses need both teams working together to help get... --------------------------------------------- http://www.cio.com/article/3110264/careers-staffing/how-to-get-your-network… *** Threat intelligence report for the telecommunications industry *** --------------------------------------------- The telecoms sector is under fire on all sides - hit by direct attacks on organizations and networks, indirect attacks in search of subscribers, and collateral damage from unrelated, targeted campaigns. This report reveals the many layers of vulnerability. --------------------------------------------- http://securelist.com/analysis/publications/75846/threat-intelligence-repor… *** Open sourced: Cyber reasoning system that won third place in DARPA's Cyber Grand Challenge *** --------------------------------------------- Earlier this month, the DARPA-backed Cyber Grand Challenge (CGC) has shown that a future in which computer systems will (wholly or partially) replace bug hunters and patchers looms near. Now, the team that has won third place in the contest - Shellphish of Santa Barbara, California - has open sourced many of the components of its winning Mechanical Phish cyber reasoning system. But individuals and teams interested in testing and advancing the system will have... --------------------------------------------- https://www.helpnetsecurity.com/2016/08/22/cyber-reasoning-system/ *** Finding and Enumerating Processes within Memory-Part 3 *** --------------------------------------------- Continuing with the series, in this article, we will learn about enumeration of important structures like heaps, environment variables, DLLs pointed by main PEB. Just to recap in the previous two articles, we have looked at the way of finding the processes within memory and then enumerated structures like Page Tables, VADs, and PEB. Dynamic... --------------------------------------------- http://resources.infosecinstitute.com/finding-enumerating-processes-within-… *** Announcing the Heimdal Cyber Security Glossary *** --------------------------------------------- Not too long ago, I was a total newbie in the cyber security field. Although I understood some of the basics, there was an entire universe for me to explore, from concepts to how they translate into action. What I found most baffling in the beginning were some of the technical terms. Of course I... --------------------------------------------- https://heimdalsecurity.com/blog/heimdal-cyber-security-glossary/ *** Young European white hat hackers meet for the 2nd Cyber Security Challenge competition *** --------------------------------------------- On the 7th of November, young European white hat hackers will meet at Düsseldorf to measure their skills in attacking and defending computer systems. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/young-european-white-hat-hacker… *** Bugtraq: [security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/539280 *** Vuln: MatrixSSL Multiple Information Disclosure Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/91488 *** ZDI-16-487: AVG Internet Security avgtdix.sys Kernel Driver Untrusted Pointer Dereference Privilege Escalation Vulnerability *** --------------------------------------------- This vulnerability allows local attackers to escalate privileges on vulnerable installations of AVG Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-487/ *** Security Advisory: Linux file utility vulnerabilities CVE-2014-8116 and CVE-2014-8117 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16347.htm… *** Self Service Password Reset 3.3.1.6 *** --------------------------------------------- Abstract: These files contain all updates made to SSPR 3.3.1 since the release of SSPR 3.3.1. This is a complete build of SSPR. SSPR 3.3.1 Patch 6 includes several new fixes. It also includes a security fix which was originally included in SSPR 3.3.1 HF2. Without this fix SSPR is vulnerable to a cross-site-scripting (XSS) attack (CVE-2016-1599, reported by Tom Ravenscroft of Datacom TSS). For more details see TID # 7017399 at https://www.netiq.com/support/kb/doc.php?id=7017399. It is mandatory... --------------------------------------------- https://download.novell.com/Download?buildid=AYDcXUSlNzI~ *** WordPress 4.5.3 - Authenticated Denial of Service (DoS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8606 *** Newtec Satellite Modem MDM6000 2.2.5 Cross-Site Scripting Vulnerability *** --------------------------------------------- Newtec Satellite Modem MDM6000 suffers from multiple reflected cross-site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5359.php *** Sakai 10.7 Multiple Vulnerabilities *** --------------------------------------------- Sakai suffers from multiple reflected cross-site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site. Also there is a file disclosure vulnerability when calling custom tool script. It is not properly verified before being used to read files. This can be exploited to disclose... --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5358.php *** tcPbX - (tcpbx_lang) Local File Inclusion *** --------------------------------------------- Topic: tcPbX - (tcpbx_lang) Local File Inclusion Risk: Medium Text:Vulnerable hardware : tcpbx voip distro Vendor : www.tcpbx.org Author : Ahmed sultan (@0x4148) Email : 0x4148(a)gmail.com ... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016080196 *** ZYCOO IP Phone System - Remote Command Execution *** --------------------------------------------- Topic: ZYCOO IP Phone System - Remote Command Execution Risk: High Text:Vulnerable hardware : ZYCOO IP phone system Vendor : zycoo.com Author : Ahmed sultan (@0x4148) Email : 0x4148(a)gmail.com ... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016080195 *** C2S DVR Management Remote Credentials Disclosure & Authentication Bypass *** --------------------------------------------- Topic: C2S DVR Management Remote Credentials Disclosure & Authentication Bypass Risk: High Text:1. Advisory Information = Title : C2S DVR Management Remote Credentials Disclosure & Authentic... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016080192 *** IP-Camera Vulnerabilities *** --------------------------------------------- *** MESSOA NIC990 IP-Camera auth bypass configuration download *** https://cxsecurity.com/issue/WLB-2016080194 --------------------------------------------- *** TOSHIBA IK-WP41A IP-Camera auth bypass configuration download *** https://cxsecurity.com/issue/WLB-2016080193 --------------------------------------------- *** JVC IP-Camera (VN-T216VPRU) Remote Credentials Disclosure *** https://cxsecurity.com/issue/WLB-2016080191 --------------------------------------------- *** Vanderbilt IP-Camera (CCPW3025-IR + CVMW3025-IR) Remote Credentials Disclosure *** https://cxsecurity.com/issue/WLB-2016080190 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 19-08-2016
by Daily end-of-shift report 19 Aug '16

19 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 18-08-2016 18:00 − Freitag 19-08-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** 18 Jahre lang vorhersehbare Zufallszahlen bei GnuPG *** --------------------------------------------- Lange Zeit schlummerte eine Sicherheitslücke in Libgcrypt, der Krypto-Bibliothek des GnuPG-Projektes. Glücklicherweise scheint es so, als ob Nutzern ein großflächiger Austausch von PGP-Schlüsseln erspart bleiben wird. --------------------------------------------- http://heise.de/-3300159 *** Neues von Locky: Der Erpressungstrojaner greift jetzt massenhaft Krankenhäuser an *** --------------------------------------------- Die Drahtzieher hinter Locky verlegen sich von X-beliebigen Internetnutzern auf Firmen. Vor allem Krankenhäuser haben sich als lukratives Ziel erwiesen. --------------------------------------------- http://heise.de/-3300555 *** Doctor Web discovers self-spreading Linux Trojan that can create P2P botnets *** --------------------------------------------- August 19, 2016 The Linux operating system remains a major target for virus makers. Doctor Web's security researchers have examined yet another Trojan for Linux written in the Go programming language. This malware program attacks web servers that use various CMS, performs DDoS attacks, sends out spam messages, and distributes itself over networks. The new Trojan, named Linux.Rex.1, was first spotted by Kernelmode forum users who referred to this malware as "Drupal ransomware"... --------------------------------------------- http://news.drweb.com/show/?i=10157&lng=en&c=9 *** Erpressungs-Trojaner Cerber rüstet sich gegen Entschlüsselungs-Tools *** --------------------------------------------- Check Points und Trend Micros kostenlose Dechiffrierungs-Tools können Daten nicht mehr aus den Fängen der aktuellen Version des Verschlüsselungs-Trojaners Cerber befreien. --------------------------------------------- http://heise.de/-3300589 *** Schwerwiegende Lücke im Teamspeak-Server offengelegt *** --------------------------------------------- Angreifer können über die aktuelle Version des Teamspeak-Servers Schadcode einschleusen und auf dem Server ausführen. Da der Sicherheitsforscher, der die Lücke entdeckte, die Entwickler nicht vorher informiert hat, gibt es momentan keinen Patch. --------------------------------------------- http://heise.de/-3300608 *** Pixpocket: So hätte die NSA VPNs ausspionieren können *** --------------------------------------------- Der Shadow-Brokers-Datensatz liefert möglicherweise Informationen darüber, wie die NSA in der Lage war, VPN-Verbindungen abzuhören. Die Schwachstelle hat Ähnlichkeiten mit Heartbleed. --------------------------------------------- http://www.golem.de/news/pixpocket-so-haette-die-nsa-vpns-ausspionieren-koe… *** DFN-CERT-2016-1359: PHP: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1359/ *** Bugtraq: Horizontal Privilege Escalation/Code Injection in ownCloud's Windows Client *** --------------------------------------------- http://www.securityfocus.com/archive/1/539269 *** Cisco IOS and Cisco IOS XE Software OpenSSH TCP Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the handling of Secure Shell (SSH) TCP packets in the Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to low memory on the device.The vulnerability is due to the handling of out-of-order, or otherwise invalid, TCP packets on an SSH connection to the device. An attacker could exploit this vulnerability by connecting via SSH to the device and then crafting TCP packets which are out of --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Navis WebAccess SQL Injection Vulnerability *** --------------------------------------------- NCCIC/ICS-CERT is aware of a public report of an SQL Injection vulnerability with proof-of-concept (PoC) exploit code affecting Navis WebAccess application. This report was released by "bRpsd" without coordination with either the vendor or ICS-CERT. ICS-CERT has reached out to the affected vendor to validate the report. ICS-CERT is issuing this alert to provide notice of the report and to identify baseline mitigations for reducing risks to this and other cybersecurity attacks. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-230-01 *** IBM Security Bulletin: IBM Connections Security Update *** --------------------------------------------- IBM Connections Security Update for multiple CVEs. There are multiple vulnerabilities in IBM Connections, see details below for remediation information. CVE(s): CVE-2016-2995, CVE-2016-2997, CVE-2016-2998, CVE-2016-3005, CVE-2016-3010 Affected product(s) and affected version(s): The following versions of IBM Connections are impacted: IBM Connections 5.5 IBM Connections 5.0 IBM Connections 4.5 IBM Connections 4.0 Refer to the following... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21988991 *** IBM Security Bulletin: The IBM BigFix Platform has a Cross-Site Scripting vulnerability (CVE-2016-0293 ) *** --------------------------------------------- A .beswrpt can be injected/modified to contain malicious JavaScript CVE(s): CVE-2016-0293 Affected product(s) and affected version(s): 9.0, 9.1, 9.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21985743X-Force Database:... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21985743

1 0

Tageszusammenfassung - Donnerstag 18-08-2016
by Daily end-of-shift report 18 Aug '16

18 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 17-08-2016 18:00 − Donnerstag 18-08-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco Firepower Management Center Remote Command Execution Vulnerability *** --------------------------------------------- A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security Afterworks – Best of Summer of Security Conferences *** --------------------------------------------- https://www.sba-research.org/events/security-afterworks-best-of-summer-of-s… *** Cookie Parser Buffer Overflow Vulnerability *** --------------------------------------------- FortiGate firmware (FOS) released before Aug 2012 has a cookie parser buffer overflow vulnerability. This vulnerability, when exploited by a crafted HTTP request, can result .. --------------------------------------------- http://fortiguard.com/advisory/cookie-parser-buffer-overflow-vulnerability *** Browser Address Bar Spoofing Vulnerability Disclosed *** --------------------------------------------- Chrome, Firefox and likely other major browsers are afflicted by a vulnerability that allows attackers to spoof URLs in the address bar. --------------------------------------------- http://threatpost.com/browser-address-bar-spoofing-vulnerability-disclosed/… *** Panelizer - Moderately Critical - Access Bypass - SA-CONTRIB-2016-048 *** --------------------------------------------- https://www.drupal.org/node/2785687 *** Panels - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-047 *** --------------------------------------------- https://www.drupal.org/node/2785631 *** Hosting - Less Critical - Access bypass - SA-CONTRIB-2016-046 *** --------------------------------------------- https://www.drupal.org/node/2785531 *** Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the command-line interface (CLI) parser of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, local attacker to create a denial of service (DoS) condition or potentially .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Patches ASA Zero Days Exposed by ShadowBrokers *** --------------------------------------------- Cisco today patched two vulnerabilities in its Adaptive Security Appliance that were leaked in the ShadowBrokers data dump of Equation Group exploits. --------------------------------------------- http://threatpost.com/cisco-patches-asa-zero-days-exposed-by-shadowbrokers/… *** 1 compromised site - 2 campaigns, (Thu, Aug 18th) *** --------------------------------------------- Earlier today, I ran across a compromised website with injected script from both the pseudo-Darkleech campaign and the EITest campaign. This is similar to another compromised site I reported back in June .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21381 *** DSA-3649 gnupg - security update *** --------------------------------------------- Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute ofTechnology discovered a flaw in the mixing functions of GnuPGs randomnumber generator. An attacker who obtains 4640 bits from the RNG cantrivially predict the next 160 bits of output. --------------------------------------------- https://www.debian.org/security/2016/dsa-3649 *** Bitcoin targeted by state sponsored attackers says Bitcoin.org *** --------------------------------------------- Bitcoin Core devs dont know about threat, advise usual signatures and hash checks Update Bitcoin.org is warning that the Bitcoin Core, the as-close-to-official-as-it-gets version of .. --------------------------------------------- www.theregister.co.uk/2016/08/18/bitcoin_targeted_by_state_sponsored_attack… *** PayPal patches 2FA portal bug *** --------------------------------------------- Attacker could log in to account without triggering confirmation text PayPal has patched a two-factor authentication (2FA) bug that could have let an attacker bypass its login processes. --------------------------------------------- www.theregister.co.uk/2016/08/18/paypal_patches_2fa_portal_bug/ *** If this headline was a security warning 90% of you would ignore it *** --------------------------------------------- Boffins find interrupting users with pop-ups in the middle of things just doesnt work Developers, advertisers, and scammers be warned; boffins say your pop ups will be almost universally ignored if they interrupt users. --------------------------------------------- www.theregister.co.uk/2016/08/18/coding_pop_ups_hit_em_when_theyre_idling_u… *** Gefälschte Software: Bitcoin fühlt sich durch Staaten angegriffen *** --------------------------------------------- Manipulierte Bitcoin-Software? Davon geht das Projekt offenbar aus. In einem Blogpost warnen die Macher vor staatlichen Angriffen auf das kommende Release. Das Projekt gibt auch Hinweise an die Nutzer. --------------------------------------------- http://www.golem.de/news/gefaelschte-software-bitcoin-fuehlt-sich-durch-sta… *** Lets Encrypt ups rate limits *** --------------------------------------------- 20 is plenty Lets Encrypt has revised its rate limits to make life easier for large organisations and hosting providers who use its services. --------------------------------------------- www.theregister.co.uk/2016/08/18/lets_encrypt_clarifies_rate_limit_rules/ *** The Shadow Brokers EPICBANANAS and EXTRABACON Exploits *** --------------------------------------------- On August 15th, 2016, Cisco was alerted to information posted online by the “Shadow Brokers”, which claimed to possess disclosures from the Equation Group. The files included exploit code that can be used against multi-vendor devices, including the Cisco ASA and legacy Cisco PIX firewalls. --------------------------------------------- https://blogs.cisco.com/security/shadow-brokers *** Locky Targets Hospitals In Massive Wave Of Ransomware Attacks *** --------------------------------------------- A massive wave of Locky ransomware delivered via DOCM attachments is targeting the healthcare sector this month. --------------------------------------------- http://threatpost.com/locky-targets-hospitals-in-massive-wave-of-ransomware…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily August 2016