Daily

daily@lists.cert.at

1 participants
3158 discussions

Tageszusammenfassung - Donnerstag 3-11-2016
by Daily end-of-shift report 03 Nov '16

03 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 02-11-2016 18:00 − Donnerstag 03-11-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Unpatched Vulnerability on Wix.com Puts Millions of Sites at Risk *** --------------------------------------------- Wix websites are vulnerable to reflective DOM cross-site scripting attack that could give attackers control of user's websites. --------------------------------------------- http://threatpost.com/unpatched-vulnerability-on-wix-com-puts-millions-of-s… *** Malware: Adwords-Anzeige verlinkt auf falschen Google Chrome *** --------------------------------------------- Eine Malware-Kampagne, die sich gegen Apple-Nutzer richtet, bietet gefälschte Versionen von Googles Chrome-Browser. Dabei nutzten die Betrüger ausgerechnet Googles Adword-Anzeigen, um Opfer hereinzulegen. --------------------------------------------- http://www.golem.de/news/malware-adwords-anzeige-verlinkt-auf-falschen-goog… *** Recognizing Packed Malware and its Unpacking Approaches-Part 2 *** --------------------------------------------- In Part 1 of this article series, we had a look at the ways to recognize packed executables and various ways to automate the unpacking process. In this article, we will look at the manual process of unpacking a packed malware specimen. In the last article, we have seen how the malware specimen was packed... --------------------------------------------- http://resources.infosecinstitute.com/recognizing-packed-malware-and-its-un… *** Bereits 30.000 Angriffe: Experten warnen vor Joomla-Lücke *** --------------------------------------------- Cyberkriminelle verschaffen sich erweiterte Rechte - Webseiten-Betreiber sollten sofort auf die neueste Version updaten --------------------------------------------- http://derstandard.at/2000046902782 *** Barracuda: Outage caused by large number of inbound connections *** --------------------------------------------- Yet firm refuses to say the word DDoS. What are they hiding? Outage-hit security firm Barracuda appears to have been struck down by a DDoS - though the firm says its still investigating and refuses to confirm or deny it. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/11/03/barracuda_o… *** These 12+ Internet Crime Stories Will Make You Care about Cybersecurity [Updated] *** --------------------------------------------- Online security seems such an abstract and distant field, where other people get hurt, but you somehow stay safe, either by luck or internet savvy. But the truth is, it could happen to anyone, and it might even have happened to you in the past. They say that nothing beats learning from experience, but sometimes it's best... --------------------------------------------- https://heimdalsecurity.com/blog/12-true-stories-that-will-make-you-care-ab… *** Browsererweiterungen: Plötzlich nackt im Netz *** --------------------------------------------- Alle Suchwörter, alle Webseiten - der Browser-Verlauf eines ganzen Monats steht zum Verkauf. Unser Autor erlebte, wie das ist, wenn die eigenen Daten zur Ware werden. --------------------------------------------- http://www.golem.de/news/browsererweiterungen-ploetzlich-nackt-im-netz-1611… *** Ubuntu Core Snaps door shut on Linuxs new Dirty COWs *** --------------------------------------------- When did Linux start becoming like Windows? Canonical has released Ubuntu Core 16 for IoT, featuring Linux self-patching for a generation of users against future Bash or Dirty COWs. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/11/03/ubuntu_core… *** HPSBUX03664 SSRT110248 rev.1 HP-UX BIND Service running named, Remote Denial of Service (DoS) *** --------------------------------------------- Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05321107 *** Security Advisory: BIG-IP virtual server TCP sequence numbers vulnerability *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/68/sol68401558.html?… *** Security Advisory: OpenSSL vulnerability CVE-2016-6304 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/54/sol54211024.html?… *** Security Advisory: BIND vulnerability CVE-2016-8864 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35322517.html?… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2016 CPU (CVE-2016-5573, CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993440 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM WebSphere Real Time *** https://www-01.ibm.com/support/docview.wss?uid=swg21993501 --------------------------------------------- *** IBM Security Bulletin: Lotus Protector for Mail Security Affected By Multiple Open Source OpenSSL Vulnerabilities *** http://www.ibm.com/support/docview.wss?uid=swg21992348 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-3426) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992149 --------------------------------------------- *** IBM Security Bulletin: Password Disclosure via application tracing in IBM Tivoli Storage Manager Client (CVE-2016-0371) *** http://www.ibm.com/support/docview.wss?uid=swg21985114 --------------------------------------------- *** IBM Security Bulletin: A Vulnerability in OpenSource Apache Taglibs Vulnerability affect Content Integrator (CVE-2015-0254) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993243 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 2-11-2016
by Daily end-of-shift report 02 Nov '16

02 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 31-10-2016 18:00 − Mittwoch 02-11-2016 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** New, more-powerful IoT botnet infects 3,500 devices in 5 days *** --------------------------------------------- Discovery of Linux/IRCTelnet suggests troubling new DDoS menace could get worse. --------------------------------------------- http://arstechnica.com/security/2016/11/new-iot-botnet-that-borrows-from-no… *** Docker user? Havent patched Dirty COW yet? Got bad news for you *** --------------------------------------------- Repeat after me, containerization isnt protection, its a management feature Heres another reason to pay attention to patching your Linux systems against the Dirty COW vulnerability: it can be used to escape Docker containers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/11/01/docker_user… *** Sicherheits-Patch für Zero-Day-Lücke in Windows in Sicht *** --------------------------------------------- Ein Ausnutzen der Schwachstelle soll nur in Verbindung mit einer bereits geschlossenen Flash-Lücke funktionieren. Microsoft kritisiert Google für die frühe Offenlegung der Lücke. --------------------------------------------- https://heise.de/-3454255 *** Millionen Surf-Profile: Daten stammen angeblich auch von Browser-Addon WOT *** --------------------------------------------- Die detaillierten Daten zum Surfverhalten von Millionen Deutschen, auf die NDR-Reporter Zugriff haben, stammen offenbar auch von der beliebten Browser-Erweiterung WOT. Die damit gesammelten Daten seien leicht bestimmten Personen zuzuordnen. --------------------------------------------- https://heise.de/-3453820 *** Performance-Framework: Kritische Sicherheitslücken in Memcached geschlossen *** --------------------------------------------- Von einer Sicherheitslücke in einem beliebten Performance-Framework sind auch Dienste wie Facebook, Youtube und Reddit betroffen gewesen. Angreifer hätten auf dem Zielsystem Code ausführen können. Ein Patch und ein Workaround sind verfügbar. --------------------------------------------- http://www.golem.de/news/performance-framework-kritische-sicherheitsluecken… *** Datenpanne: Wenn das iPhone die Geheimnummer der Nationalratspräsidentin kennt *** --------------------------------------------- Offenbar durch einen Fehler bei AppleCare sind die Telefonbucheinträge mehrerer iPhone-Nutzer an andere übertragen worden, berichten der "Stern" und das österreichische Magazin "News". --------------------------------------------- https://heise.de/-3454575 *** Belkin's WeMo Gear Can Hack Android Phones *** --------------------------------------------- Vulnerabilities in WeMo home automation devices can be used to attack the Android apps used to manage devices remotely. --------------------------------------------- http://threatpost.com/belkins-wemo-gear-can-hack-android-phones/121730/ *** Security Advisory: OpenSSL vulnerability CVE-2016-2179 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23512141.html?… *** Security Advisory 2016-02: Security Update for OTRS *** --------------------------------------------- November 01, 2016 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security(a)otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2017-08-20] uid OTRS Security Team GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 --------------------------------------------- https://www.otrs.com/security-advisory-2016-02-security-update-otrs/ *** Palo Alto PAN-OS Insecure API Token Generation Lets Remote Users Access the Target Firewall API Interface *** --------------------------------------------- http://www.securitytracker.com/id/1037153 *** Palo Alto PAN-OS Input Validation Flaw in Captive Portal Lets Remote Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037152 *** DFN-CERT-2016-1794: Django: Zwei Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1794/ *** USN-3118-1: Mailman vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-3118-11st November, 2016mailman vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in Mailman.Software description mailman - Powerful, web-based mailing list manager DetailsIt was discovered that the Mailman administrative web interface did notprotect against cross-site request forgery (CSRF) attacks. If anauthenticated user were --------------------------------------------- http://www.ubuntu.com/usn/usn-3118-1/ *** CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure *** --------------------------------------------- A defect in BINDs handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c --------------------------------------------- https://kb.isc.org/article/AA-01434/0/CVE-2016-8864%3A-A-problem-handling-r… *** Symantec IT Management Suite Multiple Issues *** --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Norton Mobile Security for Android Multiple Security Issues *** --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Identity Manager ( CVE-2016-1181 CVE-2016-1182 ) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992931 --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2016-6072) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991893 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium Data Redaction is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU Jul 2016 Includes Oracle Jul 2016 CPU (CVE-2016-3485) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992001 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring (CVE-2016-3485, CVE-2016-3511, CVE-2016-3598) *** http://www.ibm.com/support/docview.wss?uid=swg21993191 --------------------------------------------- *** IBM Security Bulletin: A command injection vulnerability has been identified in IBM Security Access Manager for Mobile appliances (CVE-2016-3028) *** http://www.ibm.com/support/docview.wss?uid=swg21991110 --------------------------------------------- *** IBM Security Bulletin: A vulnerability associated with the default account lockout settings in IBM Security Access Manager for Mobile has been identified (CVE-2016-3025) *** http://www.ibm.com/support/docview.wss?uid=swg21991107 --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco ASR 5500 Series with DPC2 Cards SESSMGR Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco TelePresence Endpoints Local Command Injection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Prime Home Authentication Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ---------------------------------------------

1 0

Tageszusammenfassung - Montag 31-10-2016
by Daily end-of-shift report 31 Oct '16

31 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 28-10-2016 18:00 − Montag 31-10-2016 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Of course smart homes are targets for hackers *** --------------------------------------------- The Wirecutter, an in-depth comparative review site for various electrical and electronic devices, just published an opinion piece on whether users should be worried about security issues in IoT devices. The summary: avoid devices that dont require passwords (or dont force you to change a default and devices that want you to disable security, follow general network security best practices but otherwise dont worry - criminals arent likely to target you.This is terrible, irresponsible advice. Its --------------------------------------------- http://mjg59.dreamwidth.org/45483.html *** Ensuring that ICS/SCADA isn't our next IoT nightmare *** --------------------------------------------- The DDoS chaos of the past month tells us that we need to work together to ensure future standards and reduce security risks --------------------------------------------- https://nakedsecurity.sophos.com/2016/10/28/ensuring-that-icsscada-isnt-our… *** Volatility Bot: Automated Memory Analysis, (Sun, Oct 30th) *** --------------------------------------------- Few weeks ago Ive attended the SANS DFIR Summit in Prague, and one of the very interesting talks was from Martin Korman (@MartinKorman), who presented a new tool he developed: Volatility Bot. According to his description, Volatility Bot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation. Not only does it automatically extract the executable... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21655&rss *** Masque Attack Abuses iOS's Code Signing to Spoof Apps and Bypass Privacy Protection *** --------------------------------------------- First reported in 2014, Masque Attack allowed hackers to replace a genuine app from the App Store with a malformed, enterprise-signed app that had the same Bundle Identifier (Bundle ID). Apple subsequently patched the vulnerabilities (CVE-2015-3772 and CVE-2015-3725), but while it closed a door, scammers seemed to have opened a window. Haima's repackaged, adware-laden apps and its native helper application prove that App Store scammers are still at it. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ffHuC_yu178/ *** DDOS-Attacke gegen Server legt Wiener TU-Informatiker lahm *** --------------------------------------------- Eine DDOS-Attacke gegen Server der Fachschaft Informatik der TU Wien hat zu Webseiten-Ausfällen geführt. --------------------------------------------- https://futurezone.at/digital-life/ddos-attacke-gegen-server-legt-wiener-tu… *** Joomla websites attacked en masse using recently patched exploits *** --------------------------------------------- Attackers are aggressively attacking Joomla-based websites by exploiting two critical vulnerabilities patched last week.The flaws allow the creation of accounts with elevated privileges on websites built with the popular Joomla content management system, even if account registration is disabled. They were patched in Joomla 3.6.4, released Tuesday.Hackers didnt waste any time reverse engineering the patches to understand how the two vulnerabilities can be exploited to compromise websites,... --------------------------------------------- http://www.csoonline.com/article/3136933/security/joomla-websites-attacked-… *** CardComplete-Phishingmail: 3-D Secure Aktualisierung *** --------------------------------------------- In einer vermeintlichen CardComplete-Benachrichtigung heißt es, dass Kreditkarteninhaber/innen ihr 3-D Secure Verfahren aktualisieren müssen. Dazu sollen sie eine Website aufrufen und ihre persönlichen Kreditkarteninformationen bekannt geben. In Wahrheit stammt die E-Mail von Kriminellen, die damit sensible Daten stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/cardcomplete-phishingmail-3-d-se… *** "AtomBombing": Forscher warnen vor "unpatchbarer" Windows-Lücke *** --------------------------------------------- Angeblich alle Windows-Systeme betroffen - Gefahrenpotenzial allerdings unklar --------------------------------------------- http://derstandard.at/2000046630311 *** Cybercrime-Report 2015: Elf Prozent mehr Anzeigen in Österreich *** --------------------------------------------- Mehr Fälle bei Internetbetrug, Erpressung und Datenmissbrauch --------------------------------------------- http://derstandard.at/2000046762022 *** The Week in Ransomware - October 28 2016 - Locky, Angry Duck, and More! *** --------------------------------------------- Lots and lots of little ransomware and in-dev variants released this week. Of particular note is the quick release of two Locky variants that used .sh*t and then a day later the .thor extension for encrypted files. --------------------------------------------- http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-octobe… *** Security Advisory: OpenSSL vulnerability CVE-2016-2181 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59298921.html?… *** Vuln: Moodle CVE-2016-7919 Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93971 *** GNU tar 1.29 Extract Pathname Bypass *** --------------------------------------------- Topic: GNU tar 1.29 Extract Pathname Bypass Risk: Low Text: - t216 special vulnerability release -- Vulnerability: POINTYFEATHER aka Tar extract pathname bypass ... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016100254 *** About the security content of iOS 10.1.1 *** --------------------------------------------- This document describes the security content of iOS 10.1.1. --------------------------------------------- https://support.apple.com/en-us/HT207287 *** Vulnerabilities in InfraPower PPS-02-S Q213V1 *** --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5375.php --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5374.php --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5373.php --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5372.php --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5371.php --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Local File Disclosure Vulnerability *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5370.php --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Multiple XSS Vulnerabilities *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5369.php --------------------------------------------- Next End-of-Shift report: 2016-11-02

1 0

Tageszusammenfassung - Freitag 28-10-2016
by Daily end-of-shift report 28 Oct '16

28 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-10-2016 18:00 − Freitag 28-10-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Vuln: HP Business Service Management CVE-2016-4392 Cross Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93933 *** MS16-128 - Critical: Security Update for Adobe Flash Player (3201860) - Version: 1.0 *** https://technet.microsoft.com/en-us/library/security/MS16-128 *** Vuln: Python urllib3 CVE-2016-9015 TLS Certificate Validation Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93941 *** Vuln: Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93944 *** iTunes 12.5.2 for Windows *** --------------------------------------------- https://support.apple.com/kb/HT207274 *** iPrint Appliance 2.1 Patch 1 *** --------------------------------------------- https://download.novell.com/Download?buildid=AmZsfGf_NQ4~ *** Malvertising *** --------------------------------------------- Unsere Kollegen vom niederländischen NCSC haben eben ihr "Cyber Security Assessment Netherlands 2016" auch auf Englisch veröffentlicht. Da steckt viel Arbeit .. --------------------------------------------- http://www.cert.at/services/blog/20161028083404-1815.html *** Researchers tag new brace of bugs in NTP, but theyre fixable *** --------------------------------------------- However, because these are protocol vulnerabilities, the researchers fixing NTP is more important. They propose replacing the current model with one that uses more .. --------------------------------------------- http://www.theregister.co.uk/2016/10/28/researchers_tag_new_brace_of_bugs_i… *** Honeywell Experion PKS Improper Input Validation Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a denial-of-service condition caused by an improper input validation vulnerability in Honeywell’s Experion Process Knowledge System platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01 *** Bugtraq: [security bulletin] HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information *** --------------------------------------------- http://www.securityfocus.com/archive/1/539646 *** Bugtraq: [security bulletin] HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege *** --------------------------------------------- http://www.securityfocus.com/archive/1/539645 *** Der Bot im Babyfon *** --------------------------------------------- In ein Heimnetzwerk integrierte IoT-Geräte bauen oftmals selbstständig eine Verbindung zum Internet auf, indem sie den Router des Nutzers per UPnP (Universal Plug and Play) so konfigurieren, dass eine Portweiterleitung .. --------------------------------------------- https://www.bsi-fuer-buerger.de/BSIFB/DE/Service/Aktuell/Informationen/Arti… *** Researchers expose Mirai vuln that could be used to hack back against botnet *** --------------------------------------------- Exploit can halt attacks from IoT devices Security researchers have discovered flaws in the Mirai .. --------------------------------------------- www.theregister.co.uk/2016/10/28/mirai_botnet_hack_back/

1 0

Tageszusammenfassung - Donnerstag 27-10-2016
by Daily end-of-shift report 27 Oct '16

27 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 25-10-2016 18:00 − Donnerstag 27-10-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Asterisk users need to patch DoS bug *** --------------------------------------------- Overlap dialling lets attacker shut down system Asterisk users need to get busy with a patch. --------------------------------------------- www.theregister.co.uk/2016/10/25/asterisk_patch_dos_bug/ *** Denial of Service Vulnerability in Citrix License Server *** --------------------------------------------- A vulnerability has been identified in the Citrix License Server for Windows and Citrix License Server VPX that could allow a remote .. --------------------------------------------- https://support.citrix.com/article/CTX217430 *** Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware *** --------------------------------------------- https://support.citrix.com/article/CTX216642 *** Memory Permission Weakness in Citrix XenApp and XenDesktop *** --------------------------------------------- https://support.citrix.com/article/CTX215460 *** Security Advisory - PXN Defense Mechanism Failure Vulnerability in Huawei Mobile Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161026-… *** VMSA-2016-0017 *** --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0017.html *** Security Advisory - Two Information Leak Vulnerabilities in ION Memory Management Module of Huawei Smart Phone *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161026-… *** Cisco Identity Services Engine SQL Injection Vulnerability *** --------------------------------------------- A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Siemens SICAM RTU Devices Denial-of-Service Vulnerability *** --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-299-01 *** Bundeskriminalamt gibt Tipps zum Schutz mobiler Geräte *** --------------------------------------------- http://derstandard.at/2000046518819 *** Security updates available for Adobe Flash Player (APSB16-36) *** --------------------------------------------- A Security Bulletin (APSB16-36) has been published regarding security updates for Adobe Flash Player. These updates address a critical vulnerability, and Adobe .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1416 *** Vulnerability in Linux Kernel Affecting Cisco Products: October 2016 *** --------------------------------------------- On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries *** --------------------------------------------- http://jvn.jp/en/jp/JVN76780067/ *** Cisco Email Security Appliance Malformed DGN File Attachment Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability *** --------------------------------------------- Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability *** --------------------------------------------- A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Email Security Appliance FTP Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits.The .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Email Security Appliance Drop Bypass Vulnerability *** --------------------------------------------- A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Email Security Appliance Corrupted Attachment Fields Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Remote Code Execution Vulnerabilities Plague LibTIFF Library *** --------------------------------------------- Three vulnerabilities, all which can lead to remote code execution, exist in the LibTIFF library. --------------------------------------------- http://threatpost.com/remote-code-execution-vulnerabilities-plague-libtiff-… *** Tripal BLAST UI - Highly Critical - Remote Code Execution - SA-CONTRIB-2016-054 *** --------------------------------------------- This module enables you to run NCBI BLAST jobs on the host system.The module doesnt sufficiently validate advanced options available to users submitting BLAST jobs, thereby exposing the ability to enter a short snippet of shell code that will be .. --------------------------------------------- https://www.drupal.org/node/2822366 *** Office 2013 can now block macros to help prevent infection *** --------------------------------------------- In response to the growing trend of macro-based threats, a new feature in Office 2016 allows an enterprise administrator to block users from running macros .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/10/26/office-2013-can-now-blo… *** Joomla! squashes critical privileged account creation holes *** --------------------------------------------- Borked two factor authentication also fixed Joomla! has revealed its patched twin critical flaws allowing attackers to bypass rules and create elevated privilege accounts. --------------------------------------------- www.theregister.co.uk/2016/10/27/joomla_squashes_critical_privileged_accoun… *** Three LibTIFF bugs found, only two patched *** --------------------------------------------- Buffer overruns, remote code execution, you know the drill LibTIFF has three bugs that let booby-trapped files pwn a target - and only two of them have been patched. --------------------------------------------- www.theregister.co.uk/2016/10/27/three_libtiff_bugs_found_only_two_patched/ *** Inside the Gootkit C&C server *** --------------------------------------------- In September 2016, we discovered a new version of Gootkit with a characteristic and instantly recognizable feature: an extra check of the environment .. --------------------------------------------- http://securelist.com/blog/research/76433/inside-the-gootkit-cc-server/ *** Citrix XenServer Security Update for CVE-2016-7777 *** --------------------------------------------- A security vulnerability has been identified in Citrix XenServer that may allow malicious user code within an HVM guest VM to read or modify the contents of .. --------------------------------------------- https://support.citrix.com/article/CTX217363 *** IBM Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by Open Source Tomcat vulnerability (CVE-2016-3092) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21993043 *** Are the Days of “Booter” Services Numbered? *** --------------------------------------------- It may soon become easier for Internet service providers to anticipate and block certain types of online assaults launched by Web-based attack-for-hire services known as "booter" or "stresser" services, new research released today suggests. --------------------------------------------- https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbere…

1 0

Tageszusammenfassung - Dienstag 25-10-2016
by Daily end-of-shift report 25 Oct '16

25 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 24-10-2016 18:00 − Dienstag 25-10-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** iOS 10.1 *** --------------------------------------------- https://support.apple.com/kb/HT207271 *** IoT Device Maker Vows Product Recall, Legal Action Against Western Accusers *** --------------------------------------------- A Chinese electronics firm pegged by experts as responsible for making many of the components leveraged in last weeks massive attack that disrupted Twitter and .. --------------------------------------------- https://krebsonsecurity.com/2016/10/iot-device-maker-vows-product-recall-le… *** Locky Ransomwares new .SHIT Extension shows that you cant Polish a Turd *** --------------------------------------------- To further show how ransomware is such a pile of crap, a new version of Locky has been released that appends the .shit extension on encrypted files. Like previous .. --------------------------------------------- http://www.bleepingcomputer.com/news/security/locky-ransomwares-new-shit-ex… *** DSA-3698 php5 - security update *** --------------------------------------------- Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development. --------------------------------------------- https://www.debian.org/security/2016/dsa-3698 *** Critical Patch Update - October 2016 *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html *** Kryptologe Hellman: NSA propagiert mittlerweile Verschlüsselung *** --------------------------------------------- Daten verlässlich zu verschlüsseln auch für Sicherheit von Staaten wichtig – Zusammensetzen sicherer Komponenten macht außerdem noch lange kein sicheres System --------------------------------------------- http://derstandard.at/2000046466661 *** Wosign und Startcom: Mozilla veröffentlicht Details des TLS-Rauswurfs *** --------------------------------------------- Mozillas Firefox-Browser wird keine TLS-Zertifikate der beiden skandalträchtigen Certificate Authorities mehr akzeptieren. Wie dies genau umgesetzt wird, hat die Stiftung nun erläutert. --------------------------------------------- http://www.golem.de/news/wosign-und-startcom-mozilla-veroeffentlicht-detail… *** Certificate Transparency: Betrug mit TLS-Zertifikaten wird fast unmöglich *** --------------------------------------------- Alle TLS-Zertifizierungsstellen müssen ab nächstem Herbst ihre Zertifikate vor der Ausstellung in ein öffentliches Log eintragen. Mittels Certificate Transparency kann Fehlverhalten bei der Zertifikatsausstellung leichter entdeckt werden - das TLS-Zertifikatssystem insgesamt wird vertrauenswürdiger. --------------------------------------------- http://www.golem.de/news/certificate-transparency-betrug-mit-tsl-zertifikat… *** [20161002] - Core - Elevated Privileges *** --------------------------------------------- Incorrect use of unfiltered data allows for users to register on a site with elevated privileges. Affected Installs Joomla! CMS versions 3.4.4 through 3.6.3 Solution Upgrade to .. --------------------------------------------- https://developer.joomla.org/security-centre/660-20161002-core-elevated-pri… *** [20161001] - Core - Account Creation *** --------------------------------------------- Inadequate checks allows for users to register on a site when registration has been disabled. Affected Installs Joomla! CMS versions 3.4.4 .. --------------------------------------------- https://developer.joomla.org/security-centre/659-20161001-core-account-crea… *** BSI: Deutschland soll vernetzte Geräte besser schützen *** --------------------------------------------- Nach einem Angriff auf die Internet-Infrastruktur hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) höhere Sicherheitsstandards verlangt. --------------------------------------------- https://futurezone.at/netzpolitik/bsi-deutschland-soll-vernetzte-geraete-be… *** Vulnerabilities in Slack could have led to account hijacking *** --------------------------------------------- Persistence pays off as security researcher nets bug bounty for unearthing an access control bypass allowing attackers to reset passwords if they know the usernames. --------------------------------------------- http://www.scmagazine.com/vulnerabilities-in-slack-could-have-led-to-accoun… *** task_t considered harmful *** --------------------------------------------- Posted by Ian Beer, Project ZeroThis post discusses a design issue at the core of the XNU kernel which powers iOS and MacOS. Apple have shipped two iterations of mitigations followed yesterday by a large refactor in MacOS 10.12.1/iOS .. --------------------------------------------- http://googleprojectzero.blogspot.com/2016/10/posted-by-ian-beer-project-ze… Aufgrund des Feiertages am morgigen Mittwoch, den 26.10.2016, erscheint der nächste End-of-Shift Report erst am 27.10.2016.

1 0

Tageszusammenfassung - Montag 24-10-2016
by Daily end-of-shift report 24 Oct '16

24 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-10-2016 18:00 − Montag 24-10-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** In a BIND: Third parties distributed outdated, vulnerable ISC Domain Name System software *** --------------------------------------------- The Internet Systems Consortium issued an advisory on Wednesday, warning that some third parties are distributing versions of ISCs BIND software that contain a high-severity vulnerability, which if exploited can trigger an assertion failure. --------------------------------------------- http://www.scmagazine.com/in-a-bind-third-parties-distributed-outdated-vuln… *** Credentials Stealer on Prestashop *** --------------------------------------------- In a matter of hours, a big e-commerce website can have hundreds of credit card numbers stolen and used by attackers on other websites around the world. We commonly see ecommerce websites infected with credit card (CC) .. --------------------------------------------- https://blog.sucuri.net/2016/10/credentials-stealer-prestashop.html *** Hacked Cameras, DVRs Powered Today’s Massive Internet Outage *** --------------------------------------------- A massive and sustained Internet attack that has caused outages and network congestion today for a large number of Web sites was launched with the help of hacked "Internet of Things" (IoT) devices, such as CCTV video cameras and digital video recorders, new data suggests. --------------------------------------------- https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-mass… *** Beware of Hicurdismos: It’s a fake Microsoft Security Essentials installer that can lead to a support call scam *** --------------------------------------------- Wouldn’t it be a shame if, in trying to secure your PC, you inadvertently install malware and run the risk of being scammed? We recently discovered a threat .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/10/21/beware-of-hicurdismos-i… *** DSA-3697 kdepimlibs - security update *** --------------------------------------------- Roland Tapken discovered that insufficient input sanitising in KMailsplain text viewer allowed the injection of HTML code. --------------------------------------------- https://www.debian.org/security/2016/dsa-3697 *** Policy Analyzer v3.1 PRE-RELEASE *** --------------------------------------------- Lots of updates to Policy Analyzer in this unsigned, pre-release preview build — please post comments here to let me know how well it addresses your needs and what .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2016/10/22/policy-analyzer-v3-… *** Sicherere Pornos: "https" soll Nutzer schützen *** --------------------------------------------- Sicherheitsprotokoll schützt Privatsphäre – soll außerdem vor potenzielle Leaks verhindern --------------------------------------------- http://derstandard.at/2000046090383 *** "Dirty Cow": Warnung vor "ekliger" Linux-Lücke *** --------------------------------------------- Fehler erlaubt es Nutzern im Linux-Kernel Dateien zu überschreiben, für die sie Leserechte haben --------------------------------------------- http://derstandard.at/2000046330107 *** FBI: Russe soll LinkedIn und Dropbox gehackt haben *** --------------------------------------------- Der russische Staatsbürger wurde in Tschechien festgenommen --------------------------------------------- http://derstandard.at/2000046330952 *** Request for Packets TCP 4786 - CVE-2016-6385, (Sat, Oct 22nd) *** --------------------------------------------- We have received information about potential active reconnaissance for TCP 4786 which might be related to CVE-2016-6385 (Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability) an advisory released 28 Sep 2016. This .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21625 *** Mirai-Botnetz: Dyn bestätigt Angriff von zig-Millionen IP-Adressen *** --------------------------------------------- Der Internet-Dienstleister Dyn hat erste Details zur schweren DDoS-Attacke vom vergangenen Freitag genannt. Demnach gab es drei Angriffswellen von unterschiedlichem Ausmaß. --------------------------------------------- http://www.golem.de/news/mirai-botnetz-dyndns-bestaetigt-angriff-von-zig-mi… *** Hohe Phishing-Quote: So einfach ließen sich US-Politiker hacken *** --------------------------------------------- Die Veröffentlichungen von Wikileaks bringen die US-Politik in Schwierigkeiten. Die Hacks machen deutlich, welche Gefahren durch die Nutzung populärer E-Mail-Dienste wie Gmail entstehen. --------------------------------------------- http://www.golem.de/news/hohe-phishing-quote-so-einfach-liessen-sich-us-pol… *** Mozilla plots TLS 1.3 future for Firefox *** --------------------------------------------- Quicker handshake starts encrypting data sooner Mozilla has decided it needs to lift its HTTPS game, and will default to TLS 1.3 in next years Firefox 52.… --------------------------------------------- www.theregister.co.uk/2016/10/23/mozilla_plots_tls_13_future_for_firefox/ *** DDoS für 7.500 US-Dollar: Hacker verkaufen Zugang zu IoT-Botnetz im Darknet *** --------------------------------------------- Der Zugang zum IoT-Botnetz Mirai setzt neuerdings keine technischen Kenntnisse mehr voraus, sondern nur genügend Finanzmittel - 7.500 US-Dollar. Außerdem bestätigte ein chinesischer Hersteller, dass seine Geräte Teil des .. --------------------------------------------- http://www.golem.de/news/ddos-fuer-7-500-us-dollar-hacker-verkaufen-zugang-… *** Gefälschte Verbund-Rechnung verschlüsselt Dateien *** --------------------------------------------- Kriminelle versenden gefälschte Verbund-Rechnungen per E-Mail. Darin fordern sie Empfänger/innen auf, dass diese eine Website öffnen. Sie imitiert den Internetauftritt der .. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-verbun… *** Drammer: Rowhammer bringt zuverlässig Root-Zugriff auf Android *** --------------------------------------------- Mit forcierten Bitflips im Arbeitsspeicher lassen sich leicht Root-Rechte auf Systemen erlangen. Forscher zeigen, dass dies auch zuverlässig auf Android-Telefonen .. --------------------------------------------- http://www.golem.de/news/drammer-rowhammer-bringt-zuverlaessig-root-zugriff… *** Trick Bot – Dyreza’s successor *** --------------------------------------------- Recently, our analyst Jérôme Segura captured an interesting payload in the wild. It turned out to be a new bot, that, at the moment of the analysis, hadnt been described .. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-suc… *** From There to Here (But Not Back Again) *** --------------------------------------------- Red Hat Product Security recently celebrated our 15th anniversary this summer and while I cannot claim to have been with Red Hat for that long (although I’m coming up .. --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2712261 *** Analyzing Rig *** --------------------------------------------- I recently Googled for a sleeping accommodation in "The Ardennes", a region of extensive forests in Southern Belgium. It wasnt surprised that by clicking on the fourth .. --------------------------------------------- https://www.uperesia.com/analyzing-rig-exploit-kit

1 0

Tageszusammenfassung - Freitag 21-10-2016
by Daily end-of-shift report 21 Oct '16

21 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-10-2016 18:00 − Freitag 21-10-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** iCloud Phishing Campaign Zycode Back From the Dead *** --------------------------------------------- http://threatpost.com/icloud-phishing-campaign-zycode-back-from-the-dead/12… *** EMC Avamar Data Store and Virtual Edition Unspecified Flaw Lets Remote Authenticated Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1037066 *** Hack.lu 2016 Wrap-Up Day #3 *** --------------------------------------------- The third day is already over! I’m just back at home so it’s time for a last quick wrap-up before recovering before BruCON which is organized next week! Damien .. --------------------------------------------- https://blog.rootshell.be/2016/10/20/hack-lu-2016-wrap-day-3/ *** Oracle Critical Patch Update Advisory - October 2016 *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html *** Moxa EDR-810 Industrial Secure Router Privilege Escalation Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a privilege escalation vulnerability in Moxa’s EDR-810 Industrial Secure Router. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01 *** “Most serious” Linux privilege-escalation bug ever is under active exploit (updated) *** --------------------------------------------- While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation .. http://arstechnica.com/security/2016/10/most-serious-linux-privilege-escala… *** CVE-2016-2848: A packet with malformed options can trigger an assertion failure in ISC BIND versions released prior to May 2013 *** --------------------------------------------- A packet with a malformed options section can be used to deliberately trigger an assertion .. --------------------------------------------- https://kb.isc.org/article/AA-01433/74/CVE-2016-2848 *** Nagios XI 5.2.9 Cross Site Scripting / Open Redirect *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016100203 *** Doctor Web examines new backdoor for Linux *** --------------------------------------------- October 20, 2016 Most backdoor Trojans are created for Microsoft Windows; however, a few of them can infect Linux devices. This rare type of Trojan .. --------------------------------------------- http://news.drweb.com/show/?i=10265&lng=en&c=9 *** Vuln: Multiple Synology DiskStation Products CVE-2016-6554 Insecure Default Password Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93805 *** Warnung vor gefälschter BAWAG PSK-Phishingmail *** --------------------------------------------- In einer gefälschten BAWAG PSK-Nachricht behaupten Kriminelle, dass es „einer dringenden .. --------------------------------------------- https://www.watchlist-internet.at/phishing/warnung-vor-gefaelschter-bawag-p… *** Dridex - an old dog is learning new tricks *** --------------------------------------------- A lot of things have been said and written about Dridex in the past few months. It has risen and fallen in prevalence and it was rumored that its makers collaborate .. --------------------------------------------- https://blog.gdatasoftware.com/2016/10/29261-dridex-an-old-dog-is-learning-… *** New ESET research paper puts Sednit under the microscope *** --------------------------------------------- Security researchers at ESET have released their latest research into the notorious Sednit .. --------------------------------------------- http://www.welivesecurity.com/2016/10/20/new-eset-research-paper-puts-sedni… *** SSA-296574 (Last Update 2016-10-21): Denial of Service in SICAM RTU Devices *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-296574… *** Hax0rs sow Discord by using VoIP service to sling malware at gamers *** --------------------------------------------- Not even playtimes safe these days Hackers abused a free VoIP service for gamers to distribute remote-access Trojans and other malware. --------------------------------------------- www.theregister.co.uk/2016/10/21/gaming_voip_service_malware_abuse/ *** DDoS on Dyn Impacts Twitter, Spotify, Reddit *** --------------------------------------------- Criminals this morning massively attacked Dyn, a company that provides core Internet services .. --------------------------------------------- https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-red…

1 0

Tageszusammenfassung - Donnerstag 20-10-2016
by Daily end-of-shift report 20 Oct '16

20 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 19-10-2016 18:00 − Donnerstag 20-10-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Cisco ASA Software Local Certificate Authority Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system.The vulnerability is due to improper handling of .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Firepower Detection Engine HTTP Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Meeting Server Information Disclosure Vulnerability *** --------------------------------------------- A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server.The vulnerability is due to missing bounds checks in the Web Bridge functionality. An .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Meeting Server Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability in the Identity Firewall feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Adult FriendFinder Vulnerability Leaves Millions Exposed *** --------------------------------------------- Security experts are reporting popular adult website Adult FriendFinder has been compromised by hackers who have gained access to the sites backend servers. --------------------------------------------- http://threatpost.com/adult-friendfinder-vulnerability-leaves-millions-expo… *** The new .LNK between spam and Locky infection *** --------------------------------------------- Just when it seems the Ransom:Win32/Locky activity has slowed down, our continuous monitoring of the ransomware family reveals a new workaround that the authors .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/10/19/the-new-lnk-between-spa… *** Hack.lu 2016 Wrap-Up Day #2 *** --------------------------------------------- I'm just back from the second day of hack.lu. The day started early with Patrice Auffret about Metabrik! Patrice is a Perl addict and developed lot of CPAN .. --------------------------------------------- https://blog.rootshell.be/2016/10/20/hack-lu-2016-wrap-day-2/ *** Researchers Bypass ASLR Protection On Intel Haswell CPUs *** --------------------------------------------- An anonymous reader writes: "A team of scientists from two U.S. universities has devised .. --------------------------------------------- https://news.slashdot.org/story/16/10/19/2358209/researchers-bypass-aslr-pr… *** OWASP ModSecurity CRS Version 3.0 RC2 Released *** --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/OWASP-ModSecurity-CRS-Versio… *** Novell: Storage Manager for eDirectory 5.0.0 *** --------------------------------------------- https://download.novell.com/Download?buildid=4x6-1FswplA~ *** Security research tool had security problem *** --------------------------------------------- Plugin for popular disassembler OllyDGB allowed man-in-the-middle diddle Security .. --------------------------------------------- www.theregister.co.uk/2016/10/20/ollydgb_vulnerability/ *** Can I spam from here: An Unusually Clever Spambot Tests Blacklists *** --------------------------------------------- Unit 42 researchers recently observed an unusually clever spambot's attempts to increase delivery efficacy by abusing reputation blacklist service .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/10/unit42-can-i-spam-from-h… *** Bugtraq: [security bulletin] HPSBGN03663 rev.1 - HPE ArcSight WINC Connector, Remote Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/539609 *** Skyping and Typing the Latest Threat to Privacy *** --------------------------------------------- Typing while using Skype or over other Voice over Internet Protocol (VoIP) services presents an opportunity for an attacker to record the conversation, separate .. --------------------------------------------- https://threatpost.com/skyping-and-typing-the-latest-threat-to-privacy/1213… *** The Kings In Your Castle Part #1 *** --------------------------------------------- In March 2016 I presented together with Raphael Vinot at this year�s Troopers conference in Heidelberg. The talk treated research of targeted malware, .. --------------------------------------------- https://cyber.wtf/2016/10/12/the-kings-in-your-castle-all-the-lame-threats-… *** Palo Alto PAN-OS Input Validation Flaw in Monitor Tab Lets Remote Authenticated Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037063

1 0

Tageszusammenfassung - Mittwoch 19-10-2016
by Daily end-of-shift report 19 Oct '16

19 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-10-2016 18:00 − Mittwoch 19-10-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Is it worth reporting ransomware? *** --------------------------------------------- Answer: yes. Police forces badly need more people to tell them about attacks. --------------------------------------------- https://nakedsecurity.sophos.com/2016/10/18/is-it-worth-reporting-ransomwar… *** Security Advisory: PHP vulnerability CVE-2015-8935 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/63/sol63712424.html?… *** PHP Buffer Overflow in php_pcre_replace_impl() Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A remote user can supply specially crafted data that, when processed by the target application, will trigger a heap overflow in php_pcre_replace_impl() in the PCRE component and execute arbitrary code on the target system. ... [Editor's note: The vendor indicates that these other memory errors require strings on the order of 2GB to exploit and that memory_limit and max_input_size values on the target system should prevent exploitation.] --------------------------------------------- http://www.securitytracker.com/id/1037033 *** Security Advisory: TIFF vulnerability CVE-2015-7554 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/38/sol38871451.html?… *** IDM 4.5 Midrange BiDirectional Driver 4.5 *** --------------------------------------------- https://download.novell.com/Download?buildid=sQgqe1Stbog~ *** Hack.lu 2016 Wrap-Up Day #1 *** --------------------------------------------- I'm back to Luxembourg for a new edition of hack.lu. In fact, I arrived yesterday afternoon to attend the MISP summit. It was a good opportunity to meet MISP users and to get fresh news about the project. --------------------------------------------- https://blog.rootshell.be/2016/10/18/hack-lu-2016-wrap-day-1/ *** Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges *** --------------------------------------------- Version(s): 6u121, 7u111, 8u102; Java SE Embedded: 8u101 Description: Multiple vulnerabilities were reported in Oracle Java SE. A remote user can access data on the target system. A remote user can modify data on the target system. A remote user can gain elevated privileges. --------------------------------------------- http://www.securitytracker.com/id/1037040 *** Oracle Database Multiple Flaws Let Remote and Local Users Access and Modify Data and Gain Elevated Privileges and Let Local Users Deny Service *** --------------------------------------------- Version(s): 11.2.0.4, 12.1.0.2 Description: Multiple vulnerabilities were reported in Oracle Database. A remote and local user can access data on the target system. A remote user can modify data on the target system. A local user can cause denial of service conditions on the target system. A local user can obtain elevated privileges on the target system. A remote authenticated user can gain elevated privileges. --------------------------------------------- http://www.securitytracker.com/id/1037035 *** Vuln: Oracle Fusion Middleware CVE-2016-5531 Remote Security Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93730 *** MySQL Multiple Bugs Let Remote Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Modify Data and Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1037050 *** Solaris Multiple Bugs Let Remote and Local Users Access Data and Deny Service and Let Local Users Modify Data and Deny Service *** --------------------------------------------- Version(s): 10, 11.3 Description: Multiple vulnerabilities were reported in Solaris. A remote or local user can access data on the target system. A remote or local user can cause denial of service conditions on the target system. A local user can modify data on the target system. A local user can obtain elevated privileges on the target system. --------------------------------------------- http://www.securitytracker.com/id/1037048 *** Installer of Evernote for Windows may insecurely load Dynamic Link Libraries *** --------------------------------------------- http://jvn.jp/en/jp/JVN03251132/ *** Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a hard-coded password vulnerability in Schneider Electric's PowerLogic PM8ECC device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01 *** Cisco Talos: Vulnerability Spotlight: Foxit PDF Reader JBIG2 Parser Information Disclosure *** --------------------------------------------- Talos has identified an information disclosure vulnerability in Foxit PDF Reader (TALOS-2016-0201/CVE-2016-8334). A wrongly bounded call to `memcpy`, while parsing jbig2 segments within a PDF file, can be triggered in Foxit PDF Reader causing an out-of-bounds heap memory to be read into a buffer. --------------------------------------------- http://blog.talosintel.com/2016/10/foxit-pdf-jbig2.html *** CAIDA: Spoofer *** --------------------------------------------- We have developed and support a new client-server system for Windows, MacOS, and UNIX-like systems that periodically tests a networks ability to both send and receive packets with forged source IP addresses (spoofed packets). We are (in the process of) producing reports and visualizations that will inform operators, response teams, and policy analysts. --------------------------------------------- https://www.caida.org/projects/spoofer/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Cloud Orchestrator, HTTP Server and bundling products shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg2C1000137 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK for Node.js in IBM Bluemix *** http://www.ibm.com/support/docview.wss?uid=swg21992427 --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Application Platform Reflected Cross-Site Scripting (XSS) (CVE-2016-5980) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991992 --------------------------------------------- *** IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-3092 *** http://www.ibm.com/support/docview.wss?uid=swg21992457 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability in IBM Websphere Application Server and IBM Websphere Application Server Liberty affects IBM BigFix Remote Control (CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991987 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in PCRE affects IBM Tivoli Network Manager IP Edition (CVE-2016-1283) *** http://www.ibm.com/support/docview.wss?uid=swg21991978 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily