Daily February 2017

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - Dienstag 28-02-2017
by Daily end-of-shift report 28 Feb '17

28 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 27-02-2017 18:00 − Dienstag 28-02-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Mac-AV-Software ermöglichte Einschleusen von Schadcode *** --------------------------------------------- Eine unzureichende Absicherung bei der Lizenzprüfung von Eset Endpoint Antivirus für macOS ermöglichte es einem Angreifer, beliebigen Code mit Root-Rechten auszuführen. Die als kritisch eingestufte Sicherheitslücke wurde inzwischen behoben. --------------------------------------------- https://heise.de/-3638786 *** MongoDB: Sprechender Teddy teilte alle Daten mit dem Internet *** --------------------------------------------- Spielzeug aus der Cloudpets-Reihe zeichnet die Stimmen der Kinder auf. Wem das nicht schon zu creepy ist, der dürfte sich spätestens über die offene MongoDB-Datenbank aufregen. 800.000 Nutzer mit über 2 Millionen Sprachsamples sind betroffen. (Spielzeug, Datenschutz) --------------------------------------------- https://www.golem.de/news/mongodb-sprechender-teddy-teilte-alle-daten-mit-d… *** Severe SQL Injection Flaw Discovered in WordPress Plugin with Over 1 Million Installs *** --------------------------------------------- A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a websites database. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/severe-sql-injection-flaw-di… *** Decrypting after a Findzip ransomware infection *** --------------------------------------------- The Findzip ransomware was discovered on February 22, 2017. At that time, it was thought that files would be irreversibly encrypted by this ransomware, with no chance of decryption. Turns out, thats not quite true. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip… *** Guidelines on Incident Notification for Digital Service Providers *** --------------------------------------------- ENISA publishes a comprehensive guideline on how to implement incident notification requirements for Digital Service Providers, in the context of the NIS Directive. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/guidelines-on-incident-notifica… *** DFN-CERT-2017-0355: TYPO3: Zwei Schwachstellen ermöglichen Cross-Site-Scripting-Angriffe und das Umgehen von Sichherheitsvorkehrungen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0355/ *** DFN-CERT-2017-0340: Red Hat Package Manager (RPM): Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0340/ *** SAP BusinessObjects Financial Consolidation Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037910 *** VU#742632: Sage XRT Treasury database fails to properly restrict access to authorized users *** --------------------------------------------- Vulnerability Note VU#742632 Sage XRT Treasury database fails to properly restrict access to authorized users Original Release date: 28 Feb 2017 | Last revised: 28 Feb 2017 Overview Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Description CWE-639: Authorization Bypass Through User-Controlled Key - CVE-2017-3183Sage XRT Treasury is a business finance... --------------------------------------------- http://www.kb.cert.org/vuls/id/742632 *** DFN-CERT-2017-0356: ktnef: Eine Schwachstelle ermöglicht u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0356/ *** Bugtraq: Advisory X41-2017-001: Multiple Vulnerabilities in X.org *** --------------------------------------------- http://www.securityfocus.com/archive/1/540180 *** VTS17-003: Multiple Vulnerabilities in Veritas NetBackup and NetBackup Appliance *** --------------------------------------------- https://www.veritas.com/content/support/en_US/security/VTS17-003.html *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2017 CPU *** http://www-01.ibm.com/support/docview.wss?uid=swg21998379 --------------------------------------------- *** IBM Security Bulletin: DB2 local escalation of privilege vulnerability affects Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-5995) *** http://www.ibm.com/support/docview.wss?uid=swg21998885 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Jazz for Service Management affects IBM Performance Management products (CVE-2016-9975) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993846&myns=swgtiv&mynp=… --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Cognos Controller *** http://www-01.ibm.com/support/docview.wss?uid=swg21983083 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Cognos Controller (CVE-2016-3427) *** http://www-01.ibm.com/support/docview.wss?uid=swg21983082 --------------------------------------------- *** IBM Security Bulletin: vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Performance Management products *** http://www.ibm.com/support/docview.wss?uid=swg21993794 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Controller. *** http://www-01.ibm.com/support/docview.wss?uid=swg21977636 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cognos Controller (CVE-2015-3195) *** http://www-01.ibm.com/support/docview.wss?uid=swg21976531 --------------------------------------------- *** IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to various CVEs *** http://www.ibm.com/support/docview.wss?uid=swg21999478 --------------------------------------------- *** IBM Security Bulletin: Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVEs *** http://www.ibm.com/support/docview.wss?uid=swg21999395 --------------------------------------------- *** IBM Security Bulletin: Apache Solr as used in IBM QRadar SIEM and Incident Forensics is vulnerable to a denial of service (CVE-2014-0050) *** http://www.ibm.com/support/docview.wss?uid=swg21999474 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM uses broken or risky cryptographic algorithms (CVE-2016-2879) *** http://www.ibm.com/support/docview.wss?uid=swg21997341 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2016-2880) *** http://www.ibm.com/support/docview.wss?uid=swg21997340 --------------------------------------------- *** IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVEs *** http://www.ibm.com/support/docview.wss?uid=swg21999488 --------------------------------------------- *** IBM Security Bulletin: IBM Java as used in IBM QRadar SIEM and Incident Forensics is vulnerable to various CVEs *** http://www.ibm.com/support/docview.wss?uid=swg21999479 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 27-02-2017
by Daily end-of-shift report 27 Feb '17

27 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 24-02-2017 18:00 − Montag 27-02-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Project Zero: Erneut ungepatchter Microsoft-Bug veröffentlicht *** --------------------------------------------- Project Zero meint es ernst: Zum dritten Mal innerhalb weniger Monate gibt es einen Bugreport ohne Patch von Microsoft. Dieses Mal handelt es sich um einen Type-Confusion-Fehler in Internet Explorer und Edge. --------------------------------------------- https://www.golem.de/news/project-zero-erneut-ungepatchter-microsoft-bug-ve… *** DFN-CERT-2017-0348: Microsoft Internet Explorer, Microsoft Edge: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes *** --------------------------------------------- Ein entfernter, nicht authentifizierter Angreifer, welcher einen Benutzer zum Besuch einer bösartig manipulierten Webseite verleiten kann, kann die Schwachstelle ausnutzen, um einen Denial-of-Service (DoS)-Zustand zu bewirken oder beliebigen Programmcode zur Ausführung zu bringen. Diese Schwachstelle wird von dem Google Projekt Zero veröffentlicht, da der Zeitraum, der dem Hersteller zum Beheben der Schwachstelle eingeräumt wurde (90 Tage), abgelaufen ist. Ein Sicherheitsupdate steht derzeit noch nicht zur Verfügung. Ein Proof-of-Concept zur Ausnutzung der Schwachstelle ist ebenfalls verfügbar. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0348/ *** Cloudflare data leak...what does it mean to me?, (Fri, Feb 24th) *** --------------------------------------------- The ISC has received several requests asking us to weigh in on the ramifications of the Cloudflare data leak, also being referred to by some as CloudBleed. The short version of the vulnerability is that in raresituations, a bug in Cloudflares edge servers could be triggered, which would cause a buffer overrun to occur. When these buffer overruns occurred, random data would be returned in the replies from the Cloudflare servers. This data would be data from any of Cloudflares customer... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22113&rss *** Zahlungsverkehr: Swift verlangt bessere Cyberabwehr *** --------------------------------------------- Im Kampf gegen Cyberkriminelle verlangt das Zahlungsverkehrssystem Swift größere Anstrengungen seitens der angeschlossenen Banken. --------------------------------------------- https://futurezone.at/b2b/zahlungsverkehr-swift-verlangt-bessere-cyberabweh… *** DSA-3795 bind9 - security update *** --------------------------------------------- It was discovered that a maliciously crafted query can cause ISCsBIND DNS server (named) to crash if both Response Policy Zones (RPZ)and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. Itis uncommon for both of these options to be used in combination, sovery few systems will be affected by this problem in practice. --------------------------------------------- https://www.debian.org/security/2017/dsa-3795 *** SHA1 Collision Attack Makes Its First Victim: Subversion Repositories *** --------------------------------------------- It took only one day for the SHA1 collision attack revealed by Google on Thursday to make its first victims after developers of the WebKit browser engine broke their Subversion (SVN) source code repository on Friday. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/sha1-collision-attack-makes-… *** DSA-3796 apache2 - security update *** --------------------------------------------- Several vulnerabilities were discovered in the Apache2 HTTP server. --------------------------------------------- https://www.debian.org/security/2017/dsa-3796 *** More on Bluetooth Ingenico Overlay Skimmers *** --------------------------------------------- This blog has featured several stories about "overlay" card and PIN skimmers made to be placed atop Ingenico-brand card readers at store checkout lanes. Im revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles on Ingenico overlay skimmers. --------------------------------------------- https://krebsonsecurity.com/2017/02/more-on-bluetooth-ingenico-overlay-skim… *** Gefälschte Oberbank-Nachricht: Konto gesperrt! *** --------------------------------------------- Kund/innen erhalten scheinbar eine E-Mail der Oberbank. Darin heißt es, dass es zu einem nicht autorisierten Zugriff auf ihr Konto gekommen sei. [...] Es handelt sich um einen Phishingversuch! --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-oberbank-nachricht-k… *** Cyber extortionists hold MySQL databases for ransom *** --------------------------------------------- Ransomware has become cyber crooks' favorite attack methodology for hitting businesses, but not all cyber extortion attempts are effected with this particular type of malware. Since the beginning of the year, we have witnessed attackers compromising databases, exfiltrating data from them, wiping them and then asking for money (0.2 BTC) in order to return the data. They ransacked MongoDB, CouchDB and Hadoop databases, and now they've set MySQL databases in their sights. According to... --------------------------------------------- https://www.helpnetsecurity.com/2017/02/27/mysql-databases-ransom/ *** Security products and HTTPS: lets do it better *** --------------------------------------------- A recent paper showed that many HTTPS-intercepting security solutions have implemented TLS rather poorly. Does that mean we should avoid such solutions altogether? --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/02/security-products-and-https-… *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: Slowloris denial-of-service attack vulnerability CVE-2007-6750 *** https://support.f5.com:443/kb/en-us/solutions/public/12000/600/sol12636.htm… --------------------------------------------- *** Security Advisory: Linux kernel vulnerability CVE-2016-9555 *** https://support.f5.com:443/kb/en-us/solutions/public/k/54/sol54095660.html?… --------------------------------------------- *** Security Advisory: Expat XML library vulnerability CVE-2015-2716 *** https://support.f5.com:443/kb/en-us/solutions/public/k/50/sol50459349.html?… --------------------------------------------- *** Security Advisory: libarchive vulnerability CVE-2016-8688 *** https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35263486.html?… --------------------------------------------- *** Security Advisory: libarchive vulnerability CVE-2016-8689 *** https://support.f5.com:443/kb/en-us/solutions/public/k/52/sol52697522.html?… --------------------------------------------- *** Security Advisory: libarchive vulnerability CVE-2016-8687 *** https://support.f5.com:443/kb/en-us/solutions/public/k/13/sol13074505.html?… --------------------------------------------- *** Security Advisory: Linux kernel vulnerability CVE-2016-4998 *** https://support.f5.com:443/kb/en-us/solutions/public/k/74/sol74171196.html?… --------------------------------------------- *** Security Advisory: OpenSSL vulnerability CVE-2017-3732 *** https://support.f5.com:443/kb/en-us/solutions/public/k/44/sol44512851.html?… --------------------------------------------- *** Security Advisory: F5 TLS vulnerability CVE-2016-9244 *** https://support.f5.com:443/kb/en-us/solutions/public/k/05/sol05121675.html?… --------------------------------------------- *** Security Advisory: PHPMailer vulnerability CVE-2016-10045 *** https://support.f5.com:443/kb/en-us/solutions/public/k/73/sol73926196.html?… --------------------------------------------- *** Security Advisory: BIG-IP REST vulnerability CVE-2016-6249 *** https://support.f5.com:443/kb/en-us/solutions/public/k/12/sol12685114.html?… --------------------------------------------- *** Security Advisory: GnuTLS vulnerabilities CVE-2017-5335, CVE-2017-5336, and CVE-2017-5337 *** https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59836191.html?… --------------------------------------------- *** Security Advisory: perl-XML-Twig vulnerability CVE-2016-9180 *** https://support.f5.com:443/kb/en-us/solutions/public/k/08/sol08383757.html?… --------------------------------------------- *** Security Advisory: OpenSSL vulnerability CVE-2017-3731 *** https://support.f5.com:443/kb/en-us/solutions/public/k/37/sol37526132.html?… --------------------------------------------- *** Security Advisory: BIND vulnerability CVE-2017-3135 *** https://support.f5.com:443/kb/en-us/solutions/public/k/80/sol80533167.html?… --------------------------------------------- *** Security Advisory: libxml2 vulnerability CVE-2015-8806 *** https://support.f5.com:443/kb/en-us/solutions/public/k/04/sol04450715.html?… --------------------------------------------- *** Security Advisory: GnuTLS vulnerability CVE-2017-5334 *** https://support.f5.com:443/kb/en-us/solutions/public/k/31/sol31336596.html?… --------------------------------------------- *** Security Advisory: iControl vulnerability CVE-2016-9256 *** https://support.f5.com:443/kb/en-us/solutions/public/k/47/sol47284724.html?… --------------------------------------------- *** Security Advisory: TMM vulnerability CVE-2016-9245 *** https://support.f5.com:443/kb/en-us/solutions/public/k/22/sol22216037.html?… ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 24-02-2017
by Daily end-of-shift report 24 Feb '17

24 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 23-02-2017 18:00 − Freitag 24-02-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Kriminelle versenden gefälschte BAWAK P.S.K.-SMS *** --------------------------------------------- In einer gefälschten BAWAG P.S.K.-SMS heißt es, dass die Bank das Konto von Kund/innen gesperrt habe. Damit diese ihr Konto wieder aktivieren können, sollen sie eine Website aufurfen und ihre Zugangsdaten bekannt geben. Achtung: Es handelt sich um einen Phishingversuch. Am besten ist es, wenn Sie die SMS löschen. --------------------------------------------- https://www.watchlist-internet.at/phishing/kriminelle-versenden-gefaelschte… *** Worlds Largest Spam Botnet Adds DDoS Feature *** --------------------------------------------- Necurs, the worlds largest spam botnet with nearly 5 million infected bots, of which one million active each day, has added a new module that can be used for launching DDoS attacks. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/worlds-largest-spam-botnet-a… *** Removing User Admin Rights Mitigates 94% of All Critical Microsoft Vulnerabilities *** --------------------------------------------- Just by preventing access to admin accounts, a system administrator could safeguard all the computers under his watch and prevent attackers from exploiting 94% of all the critical vulnerabilities Microsoft patched during the past year. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/removing-user-admin-rights-… *** Bleeding clouds: Cloudflare server errors blamed for leaked customer data *** --------------------------------------------- While working on something completely unrelated, Google security researcher, Tavis Ormandy, recently discovered that Cloudflare was leaking a wide range of sensitive information, which could have included everything from cookies and tokens, to credentials.Cloudflare moved quickly to fix things, but their postmortem downplays the risk to customers, Ormandy said.The problem on Cloudflares side, which impacted big brands like Uber, Fitbit, 1Password, and OKCupid, was a memory leak. The flaw --------------------------------------------- http://www.csoonline.com/article/3173639/security/bleeding-clouds-cloudflar… *** Leaked Android Banking Trojan Spotted in Disguise on the Google Play Store *** --------------------------------------------- Just as security experts have predicted, the source code of a potent Android banking trojan that was leaked online in mid-December 2016, is now being seen in live attacks on a regular basis. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/leaked-android-banking-troja… *** LibreOffice Calc and Writer Embedded Object Preview Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037893 *** [Xen-announce] Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe *** --------------------------------------------- A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation. --------------------------------------------- https://lists.xen.org/archives/html/xen-announce/2017-02/msg00004.html *** [Xen-announce] Xen Security Advisory 210 - arm: memory corruption when freeing p2m pages *** --------------------------------------------- A malicious or buggy guest may corrupt hypervisor state, commonly leading to a host crash (Denial of Service). Privilege escalation or information leaks cannot be excluded. --------------------------------------------- https://lists.xen.org/archives/html/xen-announce/2017-02/msg00005.html *** Novell: NetIQ Access Manager 4.3 Support Pack 1 4.3.1.0-53 *** --------------------------------------------- The purpose of the patch is to provide a bundle of fixes for issues that have surfaced since NetIQ Access Manager 4.3 was released. These fixes include updates to the Access Gateway Appliance, Access Gateway Service, Identity Server, Analytics Server and Admin Console. CVE - 20145183 --------------------------------------------- https://download.novell.com/Download?buildid=30pOHdA3ETQ~ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM WebSphere Real Time *** https://www.ibm.com/support/docview.wss?uid=swg21997192 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition *** https://www.ibm.com/support/docview.wss?uid=swg21997194 --------------------------------------------- *** IBM Security Bulletin: IBM Business Process Manager (BPM) document store is affected by clickjacking vulnerability in administrative tool for BPM document store (CVE-2013-5462) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998385 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology *** http://www-01.ibm.com/support/docview.wss?uid=swg21999362 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in Busybox (CVE-2014-9645) *** http://www.ibm.com/support/docview.wss?uid=swg21998196 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in IBM WebSphere Application Server (CVE-2016-5983) *** http://www.ibm.com/support/docview.wss?uid=swg21996871 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) related to IBM WebSphere Application Server Liberty *** http://www.ibm.com/support/docview.wss?uid=swg21999209 --------------------------------------------- *** IBM Security Bulletin: IBM Connections Security Refresh (CVE-2016-5932) *** http://www.ibm.com/support/docview.wss?uid=swg21998294 --------------------------------------------- *** IBM Security Bulletin: An XML parser vulnerability affects IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software releases (CVE-2016-4463) *** http://www.ibm.com/support/docview.wss?uid=swg21996869 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) Stack trace may be thrown if no default error page was set up and exception occurred *** http://www.ibm.com/support/docview.wss?uid=swg21997638 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 23-02-2017
by Daily end-of-shift report 23 Feb '17

23 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 22-02-2017 18:00 − Donnerstag 23-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Criminals Monetizing Attacks Against Unpatched WordPress Sites *** --------------------------------------------- Sites still vulnerable to a REST API endpoint flaw in WordPress are now being targeted by attackers trying to turn a profit. --------------------------------------------- http://threatpost.com/criminals-monetizing-attacks-against-unpatched-wordpr… *** MSRT February 2017: Chuckenit detection completes MSRT solution for one malware suite *** --------------------------------------------- In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, without your consent. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/02/22/msrt-february-2017-chuc… *** Top 8 Reverse Engineering Tools for Cyber Security Professionals *** --------------------------------------------- Whether it is rebuilding a car engine or diagramming a sentence, people can learn about many things simply by taking them apart and putting them back together again. This process of breaking something down to understand it, build a copy to improve it, is known as reverse engineering. --------------------------------------------- http://resources.infosecinstitute.com/top-8-reverse-engineering-tools-cyber… *** Impact of New Linux Kernel DCCP Vulnerability Limited *** --------------------------------------------- Existing mitigations and limitations around a newly disclosed Linux kernel vulnerability in the DCCP module mute the potential impact of local attacks. --------------------------------------------- http://threatpost.com/impact-of-new-linux-kernel-dccp-vulnerability-limited… *** Java, Python FTP Injection Attacks Bypass Firewalls *** --------------------------------------------- Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. --------------------------------------------- http://threatpost.com/java-python-ftp-injection-attacks-bypass-firewalls/12… *** Kollissionsangriff: Hashfunktion SHA-1 gebrochen *** --------------------------------------------- Forscher von Google und der Universität Amsterdam ist es gelungen, zwei unterschiedliche PDF-Dateien mit demselben SHA-1-Hash zu erzeugen. Dass SHA-1 unsicher ist, war bereits seit 2005 bekannt. (SHA-1, Google) --------------------------------------------- https://www.golem.de/news/kollissionsangriff-hashfunktion-sha-1-gebrochen-1… *** Putty 0.68 released *** --------------------------------------------- http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Buffer Overflow from improperly formatted SELECT command in IBM Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-8998) *** http://www.ibm.com/support/docview.wss?uid=swg21998747 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ cluster channel definition causes denial of service to cluster (CVE-2016-9009) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998647 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Netezza PureData System for Analytics (CVE-2016-8610) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997472 --------------------------------------------- *** IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to SWEET32 Birthday attack (CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995099 --------------------------------------------- *** IBM Security Bulletin: Information disclosure CVE-2016-9975 affects IBM Dashboard Application Services Hub (DASH) *** http://www.ibm.com/support/docview.wss?uid=swg21998714 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ (CVE-2016-2106, CVE-2016-2109) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998797 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 22-02-2017
by Daily end-of-shift report 22 Feb '17

22 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 21-02-2017 18:00 − Mittwoch 22-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Avast Releases a Decryptor for Offline Versions of the CryptoMix Ransomware *** --------------------------------------------- Today, Avast released a decryptor for CryptoMix victims that were encrypted while in offline mode. Offline mode is when the ransomware runs and encrypts a victims computer while there is no Internet connection or the computer cannot connect to the ransomwares Command & Control server. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/avast-releases-a-decryptor-f… *** [R1] Nessus 6.10.2 Fixes One Vulnerability *** --------------------------------------------- Nessus was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g. after a reboot). This issue only affects installations on Windows. --------------------------------------------- http://www.tenable.com/security/tns-2017-06 *** Financial cyberthreats in 2016 *** --------------------------------------------- In 2016 we continued our in-depth research into the financial cyberthreat landscape. Weve noticed over the last few years that large financial cybercriminal groups have started to concentrate their efforts on targeting large organizations - such as banks, payment processing systems, retailers, hotels and other businesses where POS terminals are widely used. --------------------------------------------- http://securelist.com/analysis/publications/77623/financial-cyberthreats-in… *** Microsoft patcht Flash Player unter Windows außer der Reihe *** --------------------------------------------- Diesen Monat ist der Patchday trotz bekannter Sicherheitslücken in Windows ausgefallen. Nun liefert Microsoft zumindest Patches für kritische Lücken im Flash Player nach. --------------------------------------------- https://heise.de/-3632329 *** Security Advisory - Privilege Elevation Vulnerability Caused by Arbitrary File Upload in Huawei Themes *** --------------------------------------------- The Huawei Themes APP in some Huawei products has a privilege elevation vulnerability due to the lack of theme pack check. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of arbitrary code. (Vulnerability ID: HWPSIRT-2016-11073) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2699. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170222-… *** Website Uses "Add Extension to Leave" Popups to Infect Chrome Users *** --------------------------------------------- A malvertising campaign has specifically targeted and redirected Chrome users to a website they couldnt leave unless they agreed to install a rogue Chrome extension. --------------------------------------------- https://www.bleepingcomputer.com/news/security/website-uses-add-extension-t… *** Apple: Logic Pro X 10.3.1 *** --------------------------------------------- Impact: Opening a maliciously crafted GarageBand project file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. --------------------------------------------- https://support.apple.com/en-us/HT207519 *** Sysinternals Updates *** --------------------------------------------- Sysmon v6, Autoruns v13.7, AccessChk v6.1, Process Monitor v3.32, Process Explorer v16.2, LiveKd v5.61, and BgInfo v4.21 --------------------------------------------- https://blogs.technet.microsoft.com/sysinternals/2017/02/17/update-sysmon-v… *** RSA Conference 2017 Playlist *** --------------------------------------------- https://www.youtube.com/playlist?list=PLeUGLKUYzh_j1Q75yeae8upX-T1FLmZWf *** Gefälschte A1-Rechnung verbreitet Schadsoftware *** --------------------------------------------- Kriminelle wollen mit einer scheinbar echten A1-Rechnung Schadsoftware auf fremden Computern hinterlegen. Damit sie das Ziel erreichen, fordern sie Empfänger/innen dazu auf, dass sie die angebliche Rechnung auf einer gefälschten A1-Website herunterladen. Wer die gefälschte Zahlungsaufstellung öffnet, installiert einen Trojaner. Er verschlüsselt Dateien und macht sie unbrauchbar. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-a1-rec… *** Mobile Devices und Softwareupdates *** --------------------------------------------- Mobile Devices bestimmen in unserer modernen Gesellschaft zunehmend den Alltag. Das Lesen von Emails oder das Online-Banking: alltägliche Anwendungen werden immer öfter mit einem mobilen Endgerät umgesetzt, privat oder beruflich. Waren es bis vor kurzem nur Smartphones, welche das Handy abgelöst haben, oder Tablet-Computer, die ursprünglich als Bücher-Ersatz gedacht waren, so folgen heute beispielsweise die Uhr, die Brille, das Auto und viele mehr. --------------------------------------------- https://www.dfn-cert.de/aktuell/mobile_devices_software_updates.html *** SSA-363881 (Last Update 2017-02-22): Web Vulnerabilities in RUGGEDCOM NMS *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-363881… *** SSA-623229 (Last Update 2017-02-22): DROWN Vulnerability in Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Mutiple vulnerabilities in zlib affect IBM ILOG CPLEX Optimization Studio *** http://www.ibm.com/support/docview.wss?uid=swg21997946 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Brocade Network Advisor affect IBM PureApplication System. *** http://www.ibm.com/support/docview.wss?uid=swg21998725 --------------------------------------------- *** IBM Security Bulletin: Potential cross-site scripting in the Admin Console for WebSphere Application Server (CVE-2016-8934) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992315 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSource Spring Source/Pivotal Spring Framework affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2013-7315, CVE-2013-4152, CVE-2014-0054) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992651 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 21-02-2017
by Daily end-of-shift report 21 Feb '17

21 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 20-02-2017 18:00 − Dienstag 21-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Joomla Security - Pornography Spam Campaign in the Wild *** --------------------------------------------- One of the worst experiences for a website owner is finding out that the search results for your site have turned into a pharmacy, a fashion outlet, or even a porn dump. Those unwanted keywords are a result of Search Engine Poisoning (SEP) attacks. This blackhat SEO technique is used by attackers to take advantage of your rankings on Search Engine Result Pages (SERPs). --------------------------------------------- https://blog.sucuri.net/2017/02/joomla-security-pornography-spam-campaign-i… *** Hardening Postfix Against FTP Relay Attacks, (Mon, Feb 20th) *** --------------------------------------------- Yesterday, I read an interesting blog post about exploiting XXE (XML eXternal Entity) flaws to send e-mails. In short: It is possible to trick the application to connect to an FTP server, but since mail servers tend to be forgiving enough, they will just accept e-mail if you use the FTP client to connect to port 25 on a mail server. The mail server will of course initially see the USER and PASS commands, but it will ignore them. Initially, I considered thisa lesser issue. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22086&rss *** New(ish) Mirai Spreader Poses New Risks *** --------------------------------------------- A cross-platform win32-based Mirai spreader and botnet is in the wild and previously discussed publicly. However, there is much information confused together, as if an entirely new IoT bot is spreading to and from Windows devices. This is not the case. Instead, an accurate assessment is that a previously active Windows botnet is spreading a Mirai bot variant. So let's make a level-headed assessment of what is really out there. --------------------------------------------- https://securelist.com/blog/research/77621/newish-mirai-spreader-poses-new-… *** Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway GCM nonce generation *** --------------------------------------------- A flaw in NetScaler ADC and Gateway causes GCM nonces to be randomly generated, making it marginally easier for remote attackers to obtain ... --------------------------------------------- https://support.citrix.com/article/CTX220329 *** DFN-CERT-2017-0317: Xen, QEMU: Eine Schwachstelle ermöglicht u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- Ein einfach authentifizierter Angreifer im benachbarten Netzwerk mit erweiterten Privilegien (Guest Administator) kann auf Speicher außerhalb von Speichergrenzen zugreifen (Out-of-Bounds Access) und dadurch einen Denial-of-Service (DoS)-Angriff durchführen oder möglicherweise beliebigen Programmcode zur Ausführung bringen. Die Schwachstelle betrifft QEMU in allen Versionen von Xen. Es stehen Sicherheitsupdates zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0317/ *** Unstoppable JavaScript Attack Helps Ad Fraud, Tech Support Scams, 0-Day Attacks *** --------------------------------------------- There are multiple issues and attack scenarios that Caballero discovered, but fortunately, they only affect Internet Explorer 11, but not Edge, or browsers from other vendors. --------------------------------------------- https://www.bleepingcomputer.com/news/security/unstoppable-javascript-attac… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ invalid requests cause denial of service to MQXR listener (CVE-2016-8986) *** http://www.ibm.com/support/docview.wss?uid=swg21998648 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ Invalid channel protocol flows cause denial of service on HP-UX (CVE-2016-8915) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998649 --------------------------------------------- *** IBM Security Bulletin: Pivotal Spring Framework vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999040 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere Application Server Liberty Profile vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-3092, CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998590 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ Java clients might send a password in clear text (CVE-2016-3052) *** http://www.ibm.com/support/docview.wss?uid=swg21998660 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ Channel data conversion denial of service (CVE-2016-3013) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998661 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 20-02-2017
by Daily end-of-shift report 20 Feb '17

20 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 17-02-2017 18:00 − Montag 20-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Android for Work Security Containers Bypassed with Relative Ease *** --------------------------------------------- Mobile security experts from Skycure have found two methods for bypassing the security containers put around "Android for Work," allowing attackers to access business data saved in this seemingly secure environment. --------------------------------------------- https://www.bleepingcomputer.com/news/mobile/android-for-work-security-cont… *** Users Continue to Install Malware on Their Phone 5 Years After Adobe Discontinued Flash for Android *** --------------------------------------------- It is unbelievable that almost five years after Adobe announced it would stop developing Flash Player for Android, users are still installing a non-existent piece of software, which in almost all cases is just malware in disguise. --------------------------------------------- https://www.bleepingcomputer.com/news/security/users-continue-to-install-ma… *** Google bellows bug news after Microsoft sails past fix deadline *** --------------------------------------------- Mess in Windows graphics library can give bad hombres access to memory Googles Project Zero has again revealed a Windows bug before Microsoft fixed it. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/02/20/google_proj… *** Mongoaudit Helps You Secure MongoDB Databases *** --------------------------------------------- A new tool developed by engineers at Stampery can help database administrators audit the security features of their current MongoDB installations, and take precautionary measures to prevent future exploitation. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mongoaudit-helps-you-secure-… *** BIOS/UEFI mit Ransomware infiziert *** --------------------------------------------- Sicherheitsforscher haben gezeigt, dass sich das BIOS/UEFI eines Computers trotz aktuellem Windows 10 und diversen aktivierten Sicherheitsmechanismen mit einem Erpressungstrojaner infizieren lässt. --------------------------------------------- https://heise.de/-3630662 *** Spam and phishing in 2016 *** --------------------------------------------- 2016 saw a variety of changes in spam flows, with the increase in the number of malicious mass mailings containing ransomware being the most significant. These programs are readily available on the black market, and in 2017 the volume of malicious spam is unlikely to fall. --------------------------------------------- http://securelist.com/analysis/kaspersky-security-bulletin/77483/kaspersky-… *** SAP Security for Beginners. Part 6: SAP Risks Fraud *** --------------------------------------------- Welcome to the latest part of SAP Risks. After we finished with Espionage and Sabotage, let's eat the last piece of this "sweet cake" dubbed Fraud. In my opinion, fraud is the most common issue in ERP System and other business applications. --------------------------------------------- http://resources.infosecinstitute.com/sap-security-beginners-part-6-sap-ris… *** DFN-CERT-2017-0302: Suricata: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- Mehrere nicht näher spezifizierte Schwachstellen in Suricata ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe aufgrund von Speicherlecks und Lesezugriffen außerhalb zugewiesenen Speichers. Der Hersteller informiert über die Schwachstellen und stellt Suricata 3.2.1 zur Behebung dieser Schwachstellen bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0302/ *** tenable: [R1] SecurityCenter 5.4.3 File Upload unserialize() Function PHP Object Handling Remote File Deletion *** --------------------------------------------- SecurityCenter was found to use the PHP unserialize() function in several places in such a way that may allow a remote authenticated attacker to upload a crafted PHP object that resulted in the deletion of arbitrary files. --------------------------------------------- http://www.tenable.com/security/tns-2017-05 *** WordPress Security - Fake TrafficAnalytics Website Infection *** --------------------------------------------- Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for a legitimate analytics service. ... Recently, a new variation of this type of infection has emerged. The new campaign uses trafficanalytics[.]online as the source for the injected script. --------------------------------------------- https://blog.sucuri.net/2017/02/fake-trafficanalytics-website-infection.html *** Penetration Testing Tools Cheat Sheet *** --------------------------------------------- Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Designed as a quick reference cheat sheet providing a high level overview of the typical commands you would run when performing a penetration test. --------------------------------------------- https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: DOM-based cross-site scripting vulnerability affects IBM Advanced Management Module (AMM) for BladeCenter Systems *** http://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-50… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2017-3731) *** http://aix.software.ibm.com/aix/efixes/security/openssl_advisory23.asc ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 17-02-2017
by Daily end-of-shift report 17 Feb '17

17 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 16-02-2017 18:00 − Freitag 17-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Divide Between Work, Personal Data on Android Breached *** --------------------------------------------- Researchers demonstrate how malicious apps can break into secure Android work containers on EMM managed phones. --------------------------------------------- http://threatpost.com/divide-between-work-personal-data-on-android-breached… *** Don’t panic over cyber-terrorism: Daesh-bags still at script kiddie level *** --------------------------------------------- Medieval terror bastards not great at hacking says ex-top NSA lawyer RSA USA There’s no need to panic about the threat of a major online terrorist attack, since ISIS and their allies are all talk and no .. --------------------------------------------- www.theregister.co.uk/2017/02/16/online_terrorism_isnt/ *** Mobile apps and stealing a connected car *** --------------------------------------------- The concept of a connected car, or a car equipped with Internet access, has been gaining popularity for the last several years. By using proprietary mobile .. --------------------------------------------- http://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-… *** DSA-3790 spice - security update *** --------------------------------------------- https://www.debian.org/security/2017/dsa-3790 *** MQTT-Protokoll: IoT-Kommunikation von etwa Reaktoren und Gefängnissen öffentlich einsehbar *** --------------------------------------------- Über das Telemetrie-Protokoll MQTT spricht eine unüberschaubare Zahl an IoT-Sensoren in etwa Autos und Flugzeugen mit ihren Servern – unverschlüsselt, ohne Frage nach Passwörtern. Hacker könnten nicht nur mitlesen, sondern Daten auch manipulieren. --------------------------------------------- https://heise.de/-3629650 *** Darknet-Drogenring in Braunau aufgeflogen *** --------------------------------------------- Die Hinweise auf den Suchtgifthandel kamen von Zollfahndung Frankfurt. Der Kopf der Bande befindet sich in Haft. --------------------------------------------- https://futurezone.at/digital-life/darknet-drogenring-in-braunau-aufgefloge… *** My Friend Cayla: Eltern müssen Puppen ihrer Kinder zerstören *** --------------------------------------------- Smartes Spielzeug wird vor allem von Datenschützern immer wieder kritisiert. In einem Fall greift die .. --------------------------------------------- https://www.golem.de/news/my-friend-cayla-eltern-muessen-puppen-ihrer-kinde… *** MQTT-Protokoll: IoT-Kommunikation von Reaktoren und Gefängnissen öffentlich einsehbar *** --------------------------------------------- Über das Telemetrie-Protokoll MQTT spricht eine unüberschaubare Zahl an IoT-Sensoren in etwa Autos und Flugzeugen .. --------------------------------------------- https://heise.de/-3629650 *** Gag Order: Riseup belebt den Kanarienvogel wieder *** --------------------------------------------- Nachdem Riseup seinen Warrant Canary im vergangenen Jahr nicht aktualisiert hatte, gab es viel Aufregung in der Szene. Jetzt gibt das Kollektiv bekannt: "Wir haben Nutzerdaten herausgegeben." Künftig soll das dank Verschlüsselung nicht mehr möglich sein. --------------------------------------------- https://www.golem.de/news/gag-order-riseup-belebt-den-kanarienvogel-wieder-… *** USB Killer now lets you fry most Lightning and USB-C devices for $55 *** --------------------------------------------- Plus a new, stealthy "anonymous" stick, because thats what the world really needed. --------------------------------------------- https://arstechnica.com/gadgets/2017/02/usb-killer-fry-lightning-usb-c-devi… *** Planning for an InfoSec Conference *** --------------------------------------------- I wasted many an early year going to InfoSec conferences and security events only to find them useless. Well, they werent totally useless, Id often come back with a bag full of goodies that more often than not included stress .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/planning-for-an-infose… *** SMTP Strict Transport Security Coming Soon to Gmail, Other Webmail Providers *** --------------------------------------------- SMTP Strict Transport Security is coming to major webmail providers this year, a Google engineer said at RSA Conference --------------------------------------------- http://threatpost.com/smtp-strict-transport-security-coming-soon-to-gmail-o… *** VB2016 paper: APT reports and OPSEC evolution, or: these are not the APT reports you are looking for *** --------------------------------------------- APT reports are great for gaining an understanding of how advanced attack groups operate - however, they can also .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/02/vb2016-paper-apt-reports-and…

1 0

Tageszusammenfassung - Donnerstag 16-02-2017
by Daily end-of-shift report 16 Feb '17

16 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 15-02-2017 18:00 − Donnerstag 16-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Metatag -Moderately Critical - Information disclosure - SA-CONTRIB-2017-019 *** --------------------------------------------- https://www.drupal.org/node/2852937 *** Search API Sorts - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-016 *** --------------------------------------------- https://www.drupal.org/node/2852922 *** Who Ran Leakedsource.com? *** --------------------------------------------- Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection .. --------------------------------------------- https://krebsonsecurity.com/2017/02/who-ran-leakedsource-com/ *** Yahoo reveals more breachiness to users victimized by forged cookies *** --------------------------------------------- Some accounts may have been accessed with forged cookies as recently as 2016. --------------------------------------------- https://arstechnica.com/information-technology/2017/02/yahoo-reveals-more-b… *** DSA-3789 libevent - security update *** --------------------------------------------- Several vulnerabilities were discovered in libevent, an asynchronousevent notification library. They would lead to Denial Of Service via application crash, or remote code execution. --------------------------------------------- https://www.debian.org/security/2017/dsa-3789 *** Ukraine verzeichnet 2016 Rekordzahl von Cyberangriffen *** --------------------------------------------- Chef des Inlandsgeheimdienstes vermeidet direkte Nennung Russlands --------------------------------------------- http://derstandard.at/2000052700282 *** Microsoft verschiebt Februar-Patches in den März *** --------------------------------------------- Diesen Monat gibt es keine Sicherheitspatches von Microsoft. Die eigentlich geplanten Updates will das .. --------------------------------------------- https://heise.de/-3627965 *** Blackberry liefert monatliche Sicherheitsupdates für alle Geräte *** --------------------------------------------- Im November war Blackberry aus dem Tritt geraten, versprochene Sicherheitsupdates für das DTEK50 kamen erst im Dezember. Nun hat sich die Versorgung wieder stabilisiert. --------------------------------------------- https://heise.de/-3627937 *** OpenSSL advisory 20170216 *** --------------------------------------------- During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected. --------------------------------------------- https://openssl.org/news/secadv/20170216.txt *** Google was aware of Russian APT28 group years before others *** --------------------------------------------- Lorenzo Bicchierai from MotherBoard shared an interesting private report about Russian cyber espionage operations conducted by APT28, the document was leaked online by Google. The .. --------------------------------------------- http://securityaffairs.co/wordpress/56336/apt/apt28-leaked-report.html *** Xen-Entwickler wollen weniger Sicherheitslücken offenlegen *** --------------------------------------------- Die Entwickler des Virtualisierungssystems Xen wollen weniger Sicherheitslücken öffentlich machen. Damit wollen sie vor allem Arbeit sparen, sorgen aber auch für eine klarere Linie im Umgang mit Schwachstellen. --------------------------------------------- https://heise.de/-3628690

1 0

Tageszusammenfassung - Mittwoch 15-02-2017
by Daily end-of-shift report 15 Feb '17

15 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 14-02-2017 18:00 − Mittwoch 15-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Amnesty International uncovers phishing campaign against human rights activists *** --------------------------------------------- Attacker targeted groups in Qatar, Nepal using extensive fake social media profile. --------------------------------------------- https://arstechnica.com/security/2017/02/amnesty-international-uncovers-phi… *** Siemens SIMATIC Authentication Bypass *** --------------------------------------------- This advisory contains mitigation details for an authentication bypass in Siemens SIMATIC. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-045-03 *** Attacking the Windows NVIDIA Driver *** --------------------------------------------- Modern graphic drivers are complicated and provide a large promising attack surface for EoPs and sandbox escapes from processes that have access to the GPU (e.g. the Chrome GPU process). In this blog post we’ll take a look at attacking the .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/02/attacking-windows-nvidia-driv… *** Ransomware: a declining nuisance or an evolving menace? *** --------------------------------------------- The volume of ransomware encounters is on a downward trend. Are we seeing the beginning of the end of this vicious threat? Unfortunately, a look at the attack vectors, the number of .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/02/14/ransomware-2016-threat-… *** New ASLR-busting JavaScript is about to make drive-by exploits much nastier *** --------------------------------------------- A property found in virtually all modern CPUs neuters decade-old security protection. --------------------------------------------- https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-abo… *** Adobe-Patchday: Flash Player wie üblich in kritischem Zustand *** --------------------------------------------- Im Flash Player und Adobe Digital Editions klaffen kritische Lücken. Aktuell sind vor allem Windows-Nutzer von den Flash-Lücken bedroht. Adobe Campaign erhält ebenfalls Sicherheitsupdates. --------------------------------------------- https://heise.de/-3626386 *** Researchers Discover Self-Healing Malware That Targets Magento Stores *** --------------------------------------------- Dutch malware experts have found a new malware strain that targets online shops running on the Magento platform, .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/researchers-discover-self-he… *** Cisco: Zwei VPN-Lücken und eine Schwachstelle, die offiziell keine ist *** --------------------------------------------- Cisco hat Sicherheitslücken im AnyConnect-VPN und auf seinen ASA-Firewalls gestopft. Ein Sicherheitsproblem mit dem SMI-Protokoll, welches es aus der Ferne erlaubt, neue Betriebssystem-Images auf Switches zu laden, sieht die Firma allerdings nicht. --------------------------------------------- https://heise.de/-3627330 *** Are Windows Registry Fixers Safe? *** --------------------------------------------- Before I got into cybersecurity, I spent years as a technical support agent for Windows end users of Windstream, an American ISP. Although Windstream is an ISP, they also offered a general Windows client OS remote support service for their predominantly .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/should-windows-users-b… *** Xagent: Russische Hackergruppe setzt auch auf Mac-Spionage-Software *** --------------------------------------------- Eine auf macOS abzielende Version der Malware Xagent stammt offenbar von der Hackergruppe APT28, die mit dem Angriff auf die Demokratische Partei im US-Wahlkampf in Verbindung gebracht wird. Xagent soll unter anderem iPhone-Backups entwenden. --------------------------------------------- https://heise.de/-3627630 *** Researchers trick CEO email scammer into giving up identity *** --------------------------------------------- Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.Researchers at Dell SecureWorks have documented how they identified a .. --------------------------------------------- http://www.cio.com/article/3170117/security/researchers-trick-ceo-email-sca…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily February 2017