Daily

daily@lists.cert.at

1 participants
3158 discussions

Tageszusammenfassung - Montag 13-06-2016
by Daily end-of-shift report 13 Jun '16

13 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 10-06-2016 18:00 − Montag 13-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Linux Kernel ROP - Ropping your way to # (Part 1) *** --------------------------------------------- Kernel ROP In-kernel ROP (Return Oriented Programming) is a useful technique that is often used to bypass restrictions associated with non-executable memory regions. For example, on default kernels1, it presents a practical approach for .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP---Ropp… *** Siemens SIMATIC S7-300 Denial-of-Service Vulnerability *** --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01 *** Is it the End of Angler ? *** --------------------------------------------- http://malware.dontneedcoffee.com/2016/06/is-it-end-of-angler.html *** Visual Studio 2015 stopft ungefragt Tracing-Code in C++-Programme *** --------------------------------------------- Microsofts aktuelle Entwicklungsumgebung baut ungefragt und automatisch Funktionsaufrufe in C++-Code ein, die dem Erfassen von Telemetrie-Daten dienen. Microsoft will das nun mit Updates abstellen. --------------------------------------------- http://heise.de/-3235676 *** Blackberry verteilt Nutzerdaten weltweit an Behörden *** --------------------------------------------- Blackberry entschlüsselt Nachrichten, die über seine Geräte verschickt und empfangen werden und teilt diese Informationen und andere Nutzerdaten mit Behörden in aller Welt. --------------------------------------------- http://futurezone.at/netzpolitik/blackberry-verteilt-nutzerdaten-weltweit-a… *** Petya and Mischa - Ransomware Duet (part 2) *** --------------------------------------------- After being defeated in April, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload - Mischa. Both are named after the satellites from the GoldenEye movie. They deploy .. --------------------------------------------- https://blog.malwarebytes.org/threat-analysis/2016/06/petya-and-mischa-rans… *** DNS Sinkhole ISO Version 2.0 *** --------------------------------------------- After 4 years (previous version 1.3 Jun 2012), I containing the following changes: - Updated to Slackware 14.1 with Linux kernel 3.10.17 - Added inetsim in the /opt directory as a limited alternative to collect redirected sinkhole .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21153 *** Symantec übernimmt Blue Coat für 4,65 Milliarden Dollar *** --------------------------------------------- Blue Coat wurde vom Sicherheitssoftwareanbieter Symantec gekauft und will sich fortan vor allem auf Anti-Viren-Software konzentrieren. --------------------------------------------- http://futurezone.at/b2b/symantec-uebernimmt-blue-coat-fuer-4-65-milliarden… *** Verschlüsselung: Lets Encrypt veröffentlicht 7.618 E-Mail-Adressen *** --------------------------------------------- Lets Encrypt will Verbindungen im Internet besser absichern und so die privaten Daten der Nutzer besser schützen. Doch jetzt hat das Projekt durch eine Panne selbst zahlreiche Mailadressen preisgegeben. --------------------------------------------- http://www.golem.de/news/verschuesselung-let-s-encrypt-verraet-7-618-e-mail… *** FLocker Mobile Ransomware Crosses to Smart TV *** --------------------------------------------- Using multiple devices that run on one platform makes life easier for a lot of people. However, if a malware affects one of these devices, the said malware may eventually affect the others, too. This appears to be the case when we came across an .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/flocker-ransomwa… *** Statt Backups: Britische Firmen horten Bitcoins für Erpressungstrojaner *** --------------------------------------------- Anstatt für regelmäßige Backups zu sorgen, scheinen viele britische Firmen lieber Kryptogeldreserven anzulegen, um Lösegeld für ihre Daten bezahlen zu können. Laut einer Befragung sind viele Firmen bereit, bis zu 50.000 Pfund zu zahlen. --------------------------------------------- http://heise.de/-3236563 *** Intel verankert Anti-Exploit-Technik in (CPU-)Hardware *** --------------------------------------------- Mit der "Control-flow Enforcement Technology" will Intel dem Ausnutzen von Sicherheitslücken eine weitere Hürde in den Weg legen. Wann CET jedoch in Prozessoren debüttiert, steht noch in den Sternen. --------------------------------------------- http://heise.de/-3236707 *** Microsoft kauft LinkedIn für 26,2 Milliarden Dollar *** --------------------------------------------- Das Karriere-Netzwerk LinkedIn wird von Microsoft übernommen. Der Xing-Konkurrent werde dabei insgesamt mit 26,2 Milliarden Dollar bewertet, teilten die Unternehmen mit. --------------------------------------------- http://futurezone.at/b2b/microsoft-kauf-linkedin-fuer-26-2-milliarden-dolla… *** Process Explorer: Part 2 *** --------------------------------------------- For Windows operating systems (OS), especially those up to and including Windows 7, Process Explorer is an excellent replacement for Task Manager. After publishing .. --------------------------------------------- https://blog.malwarebytes.org/101/2016/05/process-explorer-part-2/ *** Empfehlungen für Cybersicherheitsgesetz veröffentlicht *** --------------------------------------------- Ein Jahr lang haben Experten aus Wirtschaft, Wissenschaft und Behörden über das Cybersicherheitsgesetz diskutiert, das eine Meldepflicht bei Cyberangriffen bringen soll. --------------------------------------------- http://futurezone.at/netzpolitik/empfehlungen-fuer-cyberischerheitsgesetz-v…

1 0

Tageszusammenfassung - Freitag 10-06-2016
by Daily end-of-shift report 10 Jun '16

10 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 09-06-2016 18:00 − Freitag 10-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Reverse-engineering DUBNIUM *** --------------------------------------------- DUBNIUM (which shares indicators with what Kaspersky researchers have called DarkHotel) is one of the activity groups that has been very active in recent years, and has many distinctive features. We located multiple variants of multiple-stage droppers and payloads in the last few months, and although they are not really packed or obfuscated in a... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/06/09/reverse-engineering-dub… *** "Webseiten werden angreifbarer" *** --------------------------------------------- Alexander Mitter von nimbusec und Andreas Tomek von SBA Research über Sicherheits-Start-ups in Österreich, Bedrohungsszenarien und Viagra-Shops auf Unternehmenswebseiten. --------------------------------------------- http://futurezone.at/thema/start-ups/webseiten-werden-angreifbarer/203.199.… *** Offensive or Defensive Security? Both!, (Thu, Jun 9th) *** --------------------------------------------- Sometimes students ask me the best way to jump into the security world. I usually compare information security to medicine: You start with a common base (a strong knowledge in IT) then you must choose a specialization: auditor, architect, penetrationtester, reverse engineer, incident handler, etc. Basically, those specializations can be grouped in two categories: offensiveand defensive. Many people like the first one because it looks more funny and the portrait of the hacker as depicted in Hollywood... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21149&rss *** Secure Open Source: Mozilla stiftet Fonds für bessere Security *** --------------------------------------------- In dem Programm Secure Open Source (SOS) stellt Mozilla zunächst 500.000 US-Dollar bereit, um die Sicherheit von Open-Source-Software zu verbessern. Anders als bei der Linux Foundation soll das Geld explizit für Audits und einen sauberen Umgang mit Sicherheitslücken genutzt werden. --------------------------------------------- http://www.golem.de/news/secure-open-source-mozilla-stiftet-fonds-fuer-bess… *** Crysis ransomware fills vacuum left by TeslaCrypt *** --------------------------------------------- TeslaCrypt has reached the end of the road, and other ransomware is ready to fill the vacuum left behind it. A relative newcomer to the market, Crysis ransomware is already laying claim to parts of TeslaCrypt's territory. The Crysis ransomware family � not to be confused with the Crisis backdoor/spyware Trojan that targeted both Windows and Mac users some four years ago - is currently in its second iteration, and doesn't differ much from other... --------------------------------------------- https://www.helpnetsecurity.com/2016/06/10/crysis-ransomware/ *** An Interview With the Hacker Probably Selling Your Password Right Now *** --------------------------------------------- A conversation with the stolen-data wholesaler selling 800 million stolen passwords, and plaguing the security teams of LinkedIn, Twitter, and Tumblr. --------------------------------------------- http://www.wired.com/2016/06/interview-hacker-probably-selling-password/ *** Optimizing TLS over TCP to reduce latency *** --------------------------------------------- The layered nature of the Internet (HTTP on top of some reliable transport (e.g. TCP), TCP on top of some datagram layer (e.g. IP), IP on top of some link (e.g. Ethernet)) has been very important in its development. Different link layers have come and gone over... --------------------------------------------- https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/ *** EMC and VMware both suffer malicious user access messes *** --------------------------------------------- The wrong people can access data on Data Domain, NSX and vRealize VMware and EMC have each revealed security nasties. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/06/10/emc_and_vmw… *** VU#778696: Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass *** --------------------------------------------- Vulnerability Note VU#778696 Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass Original Release date: 10 Jun 2016 | Last revised: 10 Jun 2016 Overview The Netgear D6000 and D3600 routers are vulnerable to authentication bypass and contain hard-coded cryptographic keys embedded in their firmware. Description CWE-321: Use of Hard-coded Cryptographic Key -- CVE-2015-8288The firmware for these devices contains a hard-coded RSA private key,... --------------------------------------------- http://www.kb.cert.org/vuls/id/778696 *** USN-2995-1: Squid vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-2995-19th June, 2016squid3 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in Squid.Software description squid3 - Web proxy cache server DetailsYuriy M. Kaminskiy discovered that the Squid pinger utility incorrectlyhandled certain ICMPv6 packets. A remote attacker could use this issue tocause Squid to crash, resulting in a... --------------------------------------------- http://www.ubuntu.com/usn/usn-2995-1/ *** DSA-3599 p7zip - security update *** --------------------------------------------- Marcin Icewall Noga of Cisco Talos discovered an out-of-bound readvulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zrfile archiver with high compression ratio. A remote attacker can takeadvantage of this flaw to cause a denial-of-service or, potentially theexecution of arbitrary code with the privileges of the user runningp7zip, if a specially crafted UDF file is processed. --------------------------------------------- https://www.debian.org/security/2016/dsa-3599 *** Security Advisory: Java vulnerabilities CVE-2013-5825 and CVE-2013-5830 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/48/sol48802597.html?… *** Security Advisory: iControl REST vulnerability CVE-2016-5021 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/99/sol99998454.html?… *** Bugtraq: ESA-2016-062: EMC Data Domain Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538642 *** VMSA-2016-0008 *** --------------------------------------------- VMware vRealize Log Insight addresses important and moderate security issues. --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0008.html *** VMSA-2016-0007 *** --------------------------------------------- VMware NSX and vCNS product updates address a critical information disclosure vulnerability --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0007.html *** Bugtraq: [security bulletin] HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS) *** --------------------------------------------- http://www.securityfocus.com/archive/1/538640 *** [R2] OpenSSL 20160503 Advisory Affects Tenable Products *** --------------------------------------------- Nessus and SecurityCenter are potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed. Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included version of OpenSSL as a precaution, and to save time. [...] Advisory Timeline 2016-05-19 - [R1] Initial Release | 2016-06-09 - [R2] Security Center details added --------------------------------------------- https://www.tenable.com/security/tns-2016-10 *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-3705) *** --------------------------------------------- There is a vulnerability in libxml2 that is used by IBM BigFix Compliance Analytics. IBM BigFix Compliance has addressed this vulnerability. CVE(s): CVE-2016-3705 Affected product(s) and affected version(s): IBM BigFix Security Compliance Analytics 1.7 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21984773X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112885 --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21984773 *** IBM Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects IBM BigFix Compliance Analytics. (CVE-2016-0264) *** --------------------------------------------- There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 Service Refresh 2 Fixpack 11 that is used by IBM BigFix Compliance Analytics. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): CVE-2016-0264 Affected product(s) and affected version(s): IBM BigFix Security Compliance Analytics 1.8. Refer to... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21983689 *** IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Deploy (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351) *** --------------------------------------------- Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Deploy. CVE(s): CVE-2015-5345, CVE-2015-5346, CVE-2015-5351 Affected product(s) and affected version(s): IBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.2, 6.2.0.1,... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000126 *** IBM Security Bulletin: IBM Notes InstallShield vulnerable to DLL planting (CVE-2016-2542) *** --------------------------------------------- IBM Notes uses InstallShield which generates install executables that are vulnerable to a DLL-planting vulnerability. CVE(s): CVE-2016-2542 Affected product(s) and affected version(s): This vulnerability affects installers of following versions of IBM Notes... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21979808 *** IBM Security Bulletin: Vulnerability in Apache Standard Taglibs affects IBM WebSphere Application Server (CVE-2015-0254) *** --------------------------------------------- There is an XML External Entity Injection (XXE) vulnerability in the Apache Standard Taglibs that affects IBM WebSphere Application Server. CVE(s): CVE-2015-0254 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server Version 8.5.5 Full Profile and Liberty Version 8.5 Full Profile and Liberty Version 8.0 Version... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21978495

1 0

Tageszusammenfassung - Donnerstag 9-06-2016
by Daily end-of-shift report 09 Jun '16

09 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 08-06-2016 18:00 − Donnerstag 09-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** AVM warnt vor Telefonmissbrauch bei Routern mit älterer Firmware *** --------------------------------------------- Fritzboxen mit "seltenen Konfigurationen" und älterer Firmware könnten aktuell Opfer von Angreifern werden, die auf Telefonbetrug zielen. AVM rät zu Updates. --------------------------------------------- http://heise.de/-3232343 *** Unpatched D-Link Wi-Fi Camera Flaw Remotely Exploitable *** --------------------------------------------- D-Links DCS930L Wi-Fi camera is vulnerable to a stack overflow vulnerability that can be remotely exploited. --------------------------------------------- http://threatpost.com/unpatched-d-link-wi-fi-camera-flaw-remotely-exploitab… *** Skype being used to distribute malware *** --------------------------------------------- Skype being used to distribute QRAT malware to unsuspecting travelers looking for help on filling out U.S, travel documents. --------------------------------------------- http://www.scmagazine.com/skype-being-used-to-distribute-malware/article/50… *** Searching for malspam, (Thu, Jun 9th) *** --------------------------------------------- Introduction About a week ago, I stopped seeing the daily deluge of malicious spam (malspam) distributing Dridex banking trojans or Locky ransomware. Before this month, I generally noticed multiple waves of Dridex/Locky malspam almost every day. This malspam contains attachments with zipped .js files or Microsoft Office documents designed to download and install the malware. I havent found much discussion about the current absence of Dridex/Locky malspam. Since the actor(s) behind Dridex... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21145&rss *** Security: Locky- und Dridex-Botnetz ist spurlos verschwunden *** --------------------------------------------- Sicherheitsforscher haben einen massiven Rückgang von Infektionen der bekannten Malware-Familien Dridex und Locky beobachtet. Schuld sind offenbar Probleme beim verteilenden Botnetz. Für Locky gibt es keine neue Infrastruktur. Was mit Opfern passiert, ist derzeit offen. --------------------------------------------- http://www.golem.de/news/security-wo-ist-nur-das-botnetz-hin-1606-121396-rs… *** REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2016-033Project: REST/JSON (third-party module)Version: 7.xDate: 2016-June-08Security risk: 19/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Proof/TD:AllVulnerability: Access bypass, Information Disclosure, Multiple vulnerabilitiesDescriptionThis module enables you to expose content, users and comments via a JSON API.The module contains multiple vulnerabilities includingNode access bypassComment access bypassUser enumerationField access bypassUser registration... --------------------------------------------- https://www.drupal.org/node/2744889 *** Citrix XenServer Security Update for CVE-2016-5302 *** --------------------------------------------- A security vulnerability has been identified in XenServer 7.0 that may allow an attacker on the management network who is in possession of Active Directory credentials for an AD account that is not authorised to manage a XenServer host to compromise that host. --------------------------------------------- https://support.citrix.com/article/CTX213549 *** Bugtraq: ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/538634 *** Bugtraq: ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/538635 *** Security Advisory: Custom monitor privilege escalation vulnerability CVE-2016-5020 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/00/sol00265182.html?… *** Security Advisory: PHP vulnerability CVE-2016-4070 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/42/sol42065024.html?… *** SSA-526760 (Last Update 2016-06-08): Weak Credentials Protection in SIMATIC WinCC flexible *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760… *** SSA-818183 (Last Update 2016-06-08): Denial-of-Service Vulnerability in S7-300 CPU *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183… *** SSA-301706 (Last Update 2016-06-08): GNU C Library Vulnerability in Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706… *** Bugtraq: [security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery *** --------------------------------------------- http://www.securityfocus.com/archive/1/538630 *** Bugtraq: [security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands *** --------------------------------------------- http://www.securityfocus.com/archive/1/538629 *** Bugtraq: [security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538633 *** Bugtraq: [security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538632 *** Cisco Aironet 3800 Series Access Point Platforms ARP Request Handling Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Application Policy Infrastructure Controller Binary Files Privilege Escalation Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino *** http://www.ibm.com/support/docview.wss?uid=swg21984678 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallShield/InstallAnywhere affects IBM Informix CSDK and Server installation on Windows(CVE-2016-2542, CVE-2016-4560) *** http://www-01.ibm.com/support/docview.wss?uid=swg21984231 --------------------------------------------- *** IBM Security Bulletin: IBM Client Application Access InstallShield vulnerable to DLL planting (CVE-2016-2542) *** http://www.ibm.com/support/docview.wss?uid=swg21981968 --------------------------------------------- *** IBM Security Bulletin: Secure Properties in IBM UrbanCode Deploy Vulnerable (CVE-2016-0267) *** http://www.ibm.com/support/docview.wss?uid=swg2C1000151 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience (CVE-2015-1794, CVE-2015-3194, CVE-2016-0702) *** http://www.ibm.com/support/docview.wss?uid=swg21981021 --------------------------------------------- *** IBM Security Bulletin: Security Bulletin: Vulnerabilities in OpenSSL and ReDoS vulnerability in semver module affect IBM SDK for Node.js in IBM Bluemix (CVE-2016-2107, CVE-2016-2105, CVE-2015-8855) *** http://www-01.ibm.com/support/docview.wss?uid=swg21983514 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection *** http://www.ibm.com/support/docview.wss?uid=swg21984424 --------------------------------------------- *** IBM Security Bulletin: An unspecified JMX component vulnerability affects IBM SPSS Analytic Server (CVE-2016-3427) *** http://www.ibm.com/support/docview.wss?uid=swg21984436 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 8-06-2016
by Daily end-of-shift report 08 Jun '16

08 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 07-06-2016 18:00 − Mittwoch 08-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Microsoft Bounty Program expansion - .NET Core and ASP.NET RC2 Beta Bounty *** --------------------------------------------- Today I have another exciting expansion of the Microsoft Bounty Program. Please visit https://aka.ms/BugBounty to find out more. As we approach release for .NET Core and ASP.NET, we would like to get even more feedback from the security research community. We are offering a bounty on the .NET Core and ASP.NET Core RC2 Beta Build which... --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2016/06/07/microsoft-bounty-progra… *** SWIFT May Ban Banks Without Strong Cybersecurity (June 3, 2016) *** --------------------------------------------- The head of SWIFT says that banks without adequate cybersecurity measures in place could find themselves suspended from using the SWIFT financial transfer communication network... --------------------------------------------- http://www.sans.org/newsletters/newsbites/r/18/45/202 *** Ransomware Leaves Server Credentials in its Code *** --------------------------------------------- While SNSLocker isn't a stand-out crypto-ransomware in terms of routine or interface, its coarse and bland facade hid quite a surprise. After looking closer at its code, we discovered that this Ransomware contains the credentials for the access of its own server. We also found out that they used readily-available servers and payment systems. This... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/gADipA92iAA/ *** Phishers Abuse Hosting Temporary URLs *** --------------------------------------------- Recently we told you how hackers use alternative domain names provided by web hosts to make their URLs look less suspicious. This time we'll show a similar trick used by phishers. Phishing web pages get blacklisted very fast. That's why hackers need to purchase many domains or compromise many websites so that they can point... --------------------------------------------- https://blog.sucuri.net/2016/06/phishers-abuse-hosting-temporary-urls.html *** Neutrino EK and CryptXXX, (Wed, Jun 8th) *** --------------------------------------------- Introduction By Monday 2016-06-06, the pseudo-Darkleech campaign began using Neutrino exploit kit (EK) to send CryptXXX ransomware [1]. Until then, Id only seen Angler EK distribute CryptXXX. However, this is not the first time weve seen campaigns associated with ransomware switch between Angler EK and Neutrino EK [2, 3, 4, 5]. It was documented as early as August 2015 [2]. This can be confusing, especially if youre expecting Angler EK. Campaigns can (and occasionally do) switch EKs. For an... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21141&rss *** Millions of must be firewalled services are open to the entire internet - research *** --------------------------------------------- 15m telnet nodes, 4.5m printers TCP port 445... Millions of services that ought to be restricted are exposed on the open internet, creating a huge risk of hacker attack against databases and more. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/06/08/services_be… *** How to Prevent Ransomware in Industrial Control Systems *** --------------------------------------------- Del Rodillas, our solution lead for SCADA & Industrial Control Systems, recently appeared in Electric Light & Power to discuss ransomware as an emerging threat for Operational Technology environments. With ransomware on everyone's mind these... --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/06/how-to-prevent-ransomwar… *** Linkedln-Nutzer erhalten unechte Geschäftsrechnung *** --------------------------------------------- Kriminelle versenden gezielt vermeintlich offene Unternehmensrechnungen an Nutzer/innen des Sozialen Netzwerks Linkedln. Darin führen sie die auf der Plattform veröffentlichten und richtigen Informationen, wie den Namen, die Berufsposition und das Unternehmen, an. Empfänger/innen sollen den beigefügten Dateianhang öffnen. Er verbirgt Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/linkedln-nutzer-er… *** Google To Deprecate SSLv3, RC4 in Gmail IMAP/POP Clients *** --------------------------------------------- Google will next week begin a gradual deprecation of unsafe crypto protocol SSLv3 and cipher RC4 in Gmail IMAP/POP clients. --------------------------------------------- http://threatpost.com/google-to-deprecate-sslv3-rc4-in-gmail-imappop-client… *** ENISA zeigt Möglichkeiten der forensischen Analyse bei Cloud-Vorfällen *** --------------------------------------------- Als Hilfestellung - nicht nur - für Anbieter von Cloud-Diensten hat die europäische Sicherheitsbehörde ENISA ein Papier zum technischen Stand der Analyse von Sicherheitsvorfällen in der Cloud veröffentlicht. --------------------------------------------- http://heise.de/-3231521 *** But have I really been pwned? Vetting your data *** --------------------------------------------- The news has been full of leaked passwords for some popular services recently. But these numbers of hacked accounts can be exaggerated for effect, and sometimes blatantly wrong.Categories: Criminals Threat analysis(Read more...) --------------------------------------------- https://blog.malwarebytes.org/threat-analysis/2016/06/but-have-i-really-bee… *** Cisco IOS XR Software LPTS Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** DSA-3597 expat - security update *** --------------------------------------------- Two related issues have been discovered in Expat, a C library for parsingXML. --------------------------------------------- https://www.debian.org/security/2016/dsa-3597 *** Symantec Embedded Security: Critical System Protection and Symantec Data Center Security: Server Advanced, Multiple Security Issues *** --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** DFN-CERT-2016-0918: GnuTLS: Eine Schwachstelle ermöglicht die Manipulation beliebiger Dateien *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0918/ *** Trihedral VTScada Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for several vulnerabilities in Trihedral Engineering Ltd.'s Trihedral VTScada. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01 *** KMC Controls Conquest BACnet Router Vulnerabilities *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on May 5, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for authentication and cross-site request forgery vulnerabilities in KMC Controls Conquest BACnet routers through its web interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-126-01 *** Security Advisory - Several Vulnerabilities in Huawei Honor Routers *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160607-… *** Security Advisory - Memory Leak Vulnerability in Some Huawei Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160608-… *** Security Advisory: SQLite vulnerabilities CVE-2015-3414 and CVE-2015-3415 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/37/sol37236006.html?… *** Security Advisory: SQLite vulnerability CVE-2015-3416 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/16000/900/sol16950.htm… *** Bugtraq: [security bulletin] HPSBGN03623 rev.1 - HPE Universal CMDB, Remote Disclosure of Sensitive Information *** --------------------------------------------- http://www.securityfocus.com/archive/1/538623 *** Bugtraq: [security bulletin] HPSBGN03622 rev.1 - HPE UCMDB, Universal Discovery, and UCMDB Configuration Manager using Apache Commons Collection, Remote Code Executon *** --------------------------------------------- http://www.securityfocus.com/archive/1/538622 *** Bugtraq: [security bulletin] HPSBGN03621 rev.1 - HPE Universal CMDB using OpenSSL, Remote Disclosure of Sensitive Information *** --------------------------------------------- http://www.securityfocus.com/archive/1/538621 *** IBM Security Bulletin: A vulnerability in the instance runAsUser function was found in IBM InfoSphere Streams (CVE-2016-2867) *** --------------------------------------------- There is a potential vulnerability in IBM InfoSphere Streams when the instance runAsUser property is set. IBM InfoSphere Streams has addressed this vulnerability. CVE(s): CVE-2016-2867 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 4.0.1.1 and earlier IBM Streams Version 4.1.1.0 and earlier Refer to the following reference URLs for remediation and additional vulnerability details:Source --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21983444 *** IBM Security Bulletin:Multiple security vulnerabilities in Open Source Apache Tomcat affect IBM Cognos Business Viewpoint (CVE-2016-0714 , CVE-2015-5174) *** --------------------------------------------- There are multiple vulnerabilities in Open Source Apace Tomcat that is used by IBM Cognos Business Viewpoint. These were disclosed in the 02/22/2016 X-Force Reports. IBM Cognos Business Viewpoint has addressed the applicable CVEs. CVE(s): CVE-2016-0714, CVE-2015-5174 Affected product(s) and affected version(s): IBM Cognos Business Viewpoint 10.1 FP1 IBM Cognos Business Viewpoint 10.1.1 FP2 Refer... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21984197 *** IBM Security Bulletin:InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability (CVE-2016-4560) *** --------------------------------------------- InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability affect IBM Security AppScan Source CVE(s): CVE-2016-4560 Affected product(s) and affected version(s): IBM Security AppScan Source 8.7, 8.8, 9.0, 9.0.1, 9.0.2, 9.0.3 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21983037X-Force Database:... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21983037 *** IBM Security Bulletin: Vulnerabilities in IBM Domino Keyview PDF Filters (CVE-2016-0277, CVE-2016-0278, CVE-2016-0279, CVE-2016-0277) *** --------------------------------------------- IBM Domino has four vulnerabilities in Keyview PDF filters. CVE(s): CVE-2016-0277, CVE-2016-0278, CVE-2016-0279, CVE-2016-0301 Affected product(s) and affected version(s): IBM Domino 9.0.1 FP5 and earlier releases. IBM Domino 9.0 IF4 and earlier releases. IBM Domino 8.5.3 FP6 IF12 and earlier releases. IBM Domino 8.5.2 FP4 IF3 and earlier releases. IBM Domino 8.5.1 FP5 IF3 and... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21983292 *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM InfoSphere Streams. (CVE-2016-2073) *** --------------------------------------------- There is a vulnerability in libxml2 that is used by IBM InfoSphere Streams. IBM InfoSphere Streams has addressed this vulnerability. CVE(s): CVE-2016-2073 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 1.2.1.0 IBM InfoSphere Streams Version 2.0.0.4 and earlier IBM InfoSphere Streams Version 3.0.0.5 and earlier IBM InfoSphere Streams Version 3.1.0.7 and earlier IBM InfoSphere... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21983372 *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM InfoSphere Streams. (CVE-2015-8710) *** --------------------------------------------- There is a vulnerability in libxml2 that is used by IBM InfoSphere Streams. IBM InfoSphere Streams has addressed this vulnerability. CVE(s): CVE-2015-8710 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 1.2.1.0 IBM InfoSphere Streams Version 2.0.0.4 and earlier IBM InfoSphere Streams Version 3.0.0.5 and earlier IBM InfoSphere Streams Version 3.1.0.7 and earlier IBM InfoSphere... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21983371 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2016-2108, CVE-2016-2107). *** --------------------------------------------- OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Sterling Connect:Direct for UNIX. IBM Sterling Connect:Direct for UNIX has addressed the applicable CVEs. CVE(s): CVE-2016-2108, CVE-2016-2107 Affected product(s) and affected version(s): IBM Sterling Connect:Direct for Unix 4.1.0 IBM Sterling Connect:Direct for Unix 4.0.0 Refer to the following... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21983909

1 0

Tageszusammenfassung - Dienstag 7-06-2016
by Daily end-of-shift report 07 Jun '16

07 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 06-06-2016 18:00 − Dienstag 07-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Gezielte Trojaner-Mails mit persönlichen Daten aus dem LinkedIn-Hack *** --------------------------------------------- Aktuell kursieren gefälschte Rechnungen mit Trojaner im Gepäck, die sich LinkedIn-Daten zunutze machen und deswegen plausibel wirken. --------------------------------------------- http://heise.de/-3228473 *** Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript *** --------------------------------------------- This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks, McAfee Labs has observed a huge increase in spam related to Locky, a new ransomware threat spread via spam campaigns. The contents of the spam email are carefully crafted to lure victims using social engineering... --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/locky-ransomware-hides-under-multiple-… *** Threat Actors Employ COM Technology in Shellcode to Evade Detection *** --------------------------------------------- COM (Component Object Model) is a technology in Microsoft Windows that enables software components to communicate with each other; it is one of the fundamental architectures in Windows. From the security point of view, several "features" built into COM have lead to many security vulnerabilities. These features include ActiveX (an Internet Explorer plug-in technology), the... --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/threat-actors-employ-com-technology-sh… *** FastPOS malware exfiltrates data immediately after harvesting it *** --------------------------------------------- POS malware might have taken a backseat when ransomware became the go-to malware for many cyber crooks, but stealing payment card information to effect fraudulent transactions is still a lucrative business. Trend Micro researchers have recently analyzed a new POS malware family sporting some interesting functionalities. One of these is what made them dub the threat FastPOS: the malware does not wait to collect a batch of data and then send it periodically to the... --------------------------------------------- https://www.helpnetsecurity.com/2016/06/07/fastpos-malware/ *** Check your BITS, because deleting malware might not be enough *** --------------------------------------------- Attackers are abusing the Windows Background Intelligent Transfer Service (BITS) to re-infect computers with malware after theyve been already cleaned by antivirus products.The technique was observed in the wild last month by researchers from SecureWorks while responding to a malware incident for a customer. The antivirus software installed on a compromised computer detected and removed a malware program, but the computer was still showing signs of malicious activity at the network level. --------------------------------------------- http://www.cio.com/article/3080016/check-your-bits-because-deleting-malware… *** Android gets patches for serious flaws in hardware drivers and media server *** --------------------------------------------- The June batch of Android security patches addresses nearly two dozen vulnerabilities in system drivers for various hardware components from several chipset makers.The largest number of critical and high severity flaws were patched in the Qualcomm video driver, sound driver, GPU driver, Wi-Fi driver, and camera driver. Some of these privilege escalation vulnerabilities could allow malicious applications to execute malicious code in the kernel leading to a permanent device compromise. Similar... --------------------------------------------- http://www.csoonline.com/article/3079726/security/android-gets-patches-for-… *** Android Security Bulletin - June 2016 *** --------------------------------------------- [...] The most severe issue is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files. --------------------------------------------- https://source.android.com/security/bulletin/2016-06-01.html *** BlackBerry powered by Android Security Bulletin - June 2016 *** --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available build, as outlined in the Available Updates section. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?articleNumber=000038209 *** NTP.org ntpd is vulnerable to denial of service and other vulnerabilities *** --------------------------------------------- NTP.orgs reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTPs security advisory listing and in the individual links below. --------------------------------------------- https://www.kb.cert.org/vuls/id/321640 *** DFN-CERT-2016-0840: IPv6-Protokoll: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff *** --------------------------------------------- Version 1 (2016-05-26 11:34) Neues Advisory Version 2 (2016-05-27 09:49) Cisco aktualisiert die referenzierte Sicherheitsmeldung [...] Version 3 (2016-06-01 11:36) Cisco aktualisiert die referenzierte Sicherheitsmeldung [...] Version 4 (2016-06-03 14:31) Cisco aktualisiert cisco-sa-20160525-ipv6 und weist darauf hin, dass es sich nicht um einen Cisco spezifischen Fehler handelt, [...] Version 5 (2016-06-06 15:12) Juniper Networks informiert darüber, dass EX4300, EX4600, QFX3500 und QFX5100... --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0840/ *** Bugtraq: [security bulletin] HPSBGN03620 rev.1 - HPE Helion OpenStack using OpenSSL and QEMU, Remote Unauthorized Data Access *** --------------------------------------------- http://www.securityfocus.com/archive/1/538612 *** Bugtraq: [security bulletin] HPSBGN03619 rev.1 - HPE Discovery and Dependency Mapping Inventory (DDMi) using Java Deserialization, remote Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/538611 *** Bugtraq: [security bulletin] HPSBGN03442 rev.2 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/538610 *** IBM Security Bulletin: Path Traversal affects IBM Security Guardium Database Activity Monitor (CVE-2016-0298) *** --------------------------------------------- IBM Security Guardium Database Activity Monitor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to view arbitrary files on the system. CVE(s): CVE-2016-0298 Affected product(s) and affected version(s): IBM Security Guardium Database Activity Monitor V10 Refer to the following reference URLs for remediation and... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21981749 *** IBM Security Bulletin: Using Components with Known Vulnerabilities affects IBM Security Guardium (multiple CVEs) *** --------------------------------------------- IBM Security Guardium is vulnerable to several possible remote attacks CVE(s): CVE-2015-4881, CVE-2015-7181, CVE-2015-7981, CVE-2013-1981, CVE-2015-3416, CVE-2015-2730, CVE-2015-7704, CVE-2015-3238, CVE-2015-5312, CVE-2015-5288 Affected product(s) and affected version(s): IBM Security Guardium V10 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21981747X-Force Database:... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21981747 *** IBM Security Bulletin: Cacheable SSL Page vulenrability affects IBM Security Guardium Database Activity Monitor (CVE-2016-0237) *** --------------------------------------------- IBM Security Guardium Database Activity Monitor contains locally cached browser data, that could allow a local attacker to obtain sensitive information. CVE(s): CVE-2016-0237 Affected product(s) and affected version(s): IBM Security Guardium Database Activity Monitor V10 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21981631X-Force Database:... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21981631 *** IBM Security Bulletin: Use of Hard-coded Cryptographic Key vulenrability affects IBM Security Guardium Database Activity Monitor (CVE-2016-0235) *** --------------------------------------------- IBM Security Guardium Database Activity Monitor uses a hard-coded password for the which is available to the administrator or a user with root access. This password could be used across other GRUB systems. CVE(s): CVE-2016-0235 Affected product(s) and affected version(s): IBM Security Guardium Database Activity Monitor V10 Refer to the following reference URLs for remediation... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21981748 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Streams (CVE-2016-0466, CVE-2016-0448) *** --------------------------------------------- There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 Service Refresh 2 Fix Pack 11 and earlier releases, Version 7R1 Service Refresh 3 Fix Pack 31 and earlier releases, and Version 6 Service Refresh 16 Fix Pack 21 and earlier releases. If you run your own Java code using the IBM Java... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21983436 *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM InfoSphere Streams. (CVE-2015-8317) *** --------------------------------------------- There is a vulnerability in libxml2 that is used by IBM InfoSphere Streams. IBM InfoSphere Streams has addressed this vulnerability. CVE(s): CVE-2015-8317 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 1.2.1.0 IBM InfoSphere Streams Version 2.0.0.4 and earlier IBM InfoSphere Streams Version 3.0.0.5 and earlier IBM InfoSphere Streams Version 3.1.0.7 and earlier IBM InfoSphere... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21983370 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ AMS (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196) *** --------------------------------------------- OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM MQ Advanced Message Security (AMS) on IBM i. IBM MQ has addressed the applicable CVEs. CVE(s): CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 Affected product(s) and affected version(s): IBM MQ 8.0 Advanced Message Security (AMS) on IBM i only Fix Pack 8.0.0.4... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21983823 *** IBM Security Bulletin: A vulnerability in XML processing affects IBM InfoSphere Streams (CVE-2015-1819) *** --------------------------------------------- IBM InfoSphere Streams may be vulnerable to a denial of service attack due to the use of Libxml2 (CVE-2015-1819) CVE(s): , CVE-2015-1819 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 1.2.1.0 IBM InfoSphere Streams Version 2.0.0.4 and earlier IBM InfoSphere Streams Version 3.0.0.5 and earlier IBM InfoSphere Streams Version 3.1.0.7 and earlier IBM InfoSphere... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21981066 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM BigFix Remote Control (CVE-2016-2107) *** --------------------------------------------- OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM BigFix Remote Control. IBM BigFix Remote Control has addressed the applicable CVEs. CVE(s): CVE-2016-2107 Affected product(s) and affected version(s): IBM BigFix Remote Control version 9.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin:... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21984111

1 0

Tageszusammenfassung - Montag 6-06-2016
by Daily end-of-shift report 06 Jun '16

06 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 03-06-2016 18:00 − Montag 06-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Magento Credit Card Stealer for Braintree Extension *** --------------------------------------------- We regularly find and write about malware that steals credit card details from Magento sites because attackers discover new techniques to obtain sensitive data daily. This time, the malicious code is specifically designed for Magento sites that use the Braintree extension. This extension connects a Magento store with the Braintree payment processing service that is... --------------------------------------------- https://blog.sucuri.net/2016/06/magento-credit-card-stealer-braintree-exten… *** WordPress Sites Under Attack From New Zero-Day In WP Mobile Detector Plugin *** --------------------------------------------- An anonymous reader writes: A large number of websites have been infected with SEO spam thanks to a new zero-day in the WP Mobile Detector plugin that was installed on over 10,000 websites. The zero-day was used in real-world attacks since May 26, but only surfaced to light on May 29 when researchers notified the plugins developer. Seeing that the developer was slow to react, security researchers informed Automattic, who had the plugin delisted from WordPress.orgs Plugin Directory on May 31. In... --------------------------------------------- https://tech.slashdot.org/story/16/06/03/2243238/wordpress-sites-under-atta… https://blog.sucuri.net/2016/06/wp-mobile-detector-vulnerability-being-expl… *** Whats Going on With libtiff?, (Sun, Jun 5th) *** --------------------------------------------- libtiff, as the name implies, is a library used to parse TIFF formatted images. While you dont run into TIFF images on the web every day, the format is quite popular for higher-resolution/high qualityapplications like printing. TIFF allows the user to select between lossless or lossycompression depending on the preferences of the user. While the library is very popular, a reader wrote in last week asking if the library is still maintained. Currently, there are three security issues listed in... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21131&rss *** Destructive BadBlock ransomware can be foiled *** --------------------------------------------- If you have been hit with ransomware, you want that malware to be BadBlock - but only if you haven't restarted your computer. This particular malware is a lacklustre attempt to create something on par with more popular ransomware, and that allowed Emsisoft security researcher Fabian Wosar to create a decrypter tool for it. The tool can be downloaded for free, and Bleeping Computer has offered instructions on how to use it. But, aside from... --------------------------------------------- https://www.helpnetsecurity.com/2016/06/06/destructive-badblock-ransomware-… *** Researchers hack the Mitsubishi Outlander SUV, shut off alarm remotely *** --------------------------------------------- Mitsubishi Outlander, a popular hybrid SUV sold around the world, can be easily broken into by attackers exploiting security weaknesses in the setup that allows the car to be remotely controlled via an app. The weaknesses were discovered by Pen Test Partners, and include: The mobile app connects to the car through a Wi-Fi access point on it, instead via a web service and GSM module, making it impossible to use if one is not... --------------------------------------------- https://www.helpnetsecurity.com/2016/06/06/researchers-hack-mitsubishi-outl… *** Dangerous self-spreading successor of Zeus and Carberp discovered *** --------------------------------------------- June 3, 2016 In June, Doctor Web security researchers examined a new dangerous virus targeting Russian bank clients. The virus is designed to steal money from bank accounts and monitor user activity. It has borrowed a lot of features from its predecessors Zeus (Trojan.PWS.Panda) and Carberp. Yet, unlike them, it can be spread without any user intervention infecting executable files. Besides, curing of the infected computer is rather complicated and may take several hours. Due to the ability to... --------------------------------------------- http://news.drweb.com/show/?i=9999&lng=en&c=9 *** Firmware Analysis for IoT Devices *** --------------------------------------------- Introduction This is the second post in the IoT Exploitation and Penetration Testing series. In this post, we are going to have a look at a key component in an IoT device architecture - Firmware. Any IoT device you use, you will be interacting with firmware, and this is because firmware can be thought of... --------------------------------------------- http://resources.infosecinstitute.com/firmware-analysis-for-iot-devices/ *** Widespread exploits evade protections enforced by Microsoft EMET *** --------------------------------------------- Its bad news for businesses. Hackers have launched large-scale attacks that are capable of bypassing the security protections added by Microsofts Enhanced Mitigation Experience Toolkit (EMET), a tool whose goal is to stop software exploits.Security researchers from FireEye have observed Silverlight and Flash Player exploits designed to evade EMET mitigations such as Data Execution Prevention (DEP), Export Address Table Access Filtering (EAF) and Export Address Table Access Filtering Plus --------------------------------------------- http://www.cio.com/article/3079747/widespread-exploits-evade-protections-en… *** Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** JSA10749 - IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability (CVE-2016-1409) *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10749&actp=RSS *** Security Advisory: NTP vulnerability CVE-2016-1548 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/63/sol63675293.html?… *** DSA-3595 mariadb-10.0 - security update *** --------------------------------------------- Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.25. Please see the MariaDB 10.0 Release Notes for furtherdetails: --------------------------------------------- https://www.debian.org/security/2016/dsa-3595 *** Bugtraq: [security bulletin] HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access *** --------------------------------------------- http://www.securityfocus.com/archive/1/538597 *** DFN-CERT-2016-0908: VideoLAN VLC Media Player: Eine Schwachstelle ermöglicht u.a. die Ausführung beliebigen Programmcodes mit Benutzerrechten *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0908/ *** Citrix NetScaler Gateway Lets Remote Users Hijack the Target Users Login Form Credentials *** --------------------------------------------- http://www.securitytracker.com/id/1036020

1 0

Tageszusammenfassung - Freitag 3-06-2016
by Daily end-of-shift report 03 Jun '16

03 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 02-06-2016 18:00 − Freitag 03-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Trillium Exploit Kit Update Offers 'Security Tips' *** --------------------------------------------- McAfee Labs has previously blogged about the Trillium Exploit Kit Version 3.0, which is commonly used to create and distribute malware. Last week, Version 4.0 appeared on several underground forums. We have analyzed the new version of the tool .. --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/trillium-exploit-kit-update-offers-sec… *** DSA-3593 libxml2 - security update *** --------------------------------------------- Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3593 *** GE MultiLink Series Hard-coded Credential Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a hard-coded credential vulnerability in GE's MultiLink series managed switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01 *** WP Mobile Detector <= 3.5 - Arbitrary File Upload *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8505 *** Understanding Angler Exploit Kit - Part 1: Exploit Kit Fundamentals *** --------------------------------------------- Generally speaking, criminal groups use two methods for widespread distribution of malware. The most common method is malicious spam (malspam). This is a fairly direct mechanism, usually through an email attachment or .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/06/unit42-understanding-ang… *** MySQL is YourSQL *** --------------------------------------------- Its The End of the World and We Know It If you listen to the press - those purveyors of doom, those nattering nabobs of negativism - you arrive at a single, undeniable conclusion: The worldis going to hell in a hand-basket. They .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21117 *** Nach Kontroversen: Teamviewer führte neue Accountsicherungen ein *** --------------------------------------------- Wenige Tage nach zahlreichen Nutzerbeschwerden über gehackte Accounts reagiert Teamviewer mit einem vorgezogenen Sicherheitsupdate. Wir haben mit dem Unternehmen darüber gesprochen. --------------------------------------------- http://www.golem.de/news/nach-kontroversen-teamviewer-fuehrte-neue-accounts…

1 0

Tageszusammenfassung - Donnerstag 2-06-2016
by Daily end-of-shift report 02 Jun '16

02 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 01-06-2016 18:00 − Donnerstag 02-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** DSA-3591 imagemagick - security update *** --------------------------------------------- Bob Friesenhahn from the GraphicsMagick project discovered a commandinjection vulnerability in ImageMagick, a program suite for imagemanipulation. An attacker with control on input image or the inputfilename can execute arbitrary commands with the privileges of the userrunning the application. --------------------------------------------- https://www.debian.org/security/2016/dsa-3591 *** Lenovo advises users to remove a vulnerable support tool preinstalled on their systems *** --------------------------------------------- PC maker Lenovo is recommending that users remove an application preloaded on their computers because it contains a high-severity flaw that could allow attackers to take over their systems.The vulnerable tool is called .. --------------------------------------------- http://www.csoonline.com/article/3077935/security/lenovo-advises-users-to-r… *** Opening hours - Moderately Critical - XSS - SA-CONTRIB-2016-031 *** --------------------------------------------- https://www.drupal.org/node/2738707 *** DSA-3592 nginx - security update *** --------------------------------------------- It was discovered that a NULL pointer dereference in the Nginx coderesponsible for saving client request bodies to a temporary file mightresult in denial of service: Malformed requests could crash workerprocesses. --------------------------------------------- https://www.debian.org/security/2016/dsa-3592 *** Researchers spot 35-fold increase in newly observed ransomware domains *** --------------------------------------------- A record 35-fold increase in newly observed ransomware domains compared to the fourth quarter of 2015 have been spotted by Infoblox researchers. --------------------------------------------- http://www.scmagazine.com/infoblox-researchers-spotted-a-huge-uptick-in-dns… *** Yahoo Publishes National Security Letters After FBI Drops Gag Orders *** --------------------------------------------- Yahoo just became the first company to disclose that it has received NSLs without having to go to court to do so. --------------------------------------------- http://www.wired.com/2016/06/yahoo-publishes-national-security-letters-fbi-… *** Docker Containers Logging *** --------------------------------------------- In a previous diary, Jim talked about forensic operations against Docker containers. To be able to perform investigations after an incident, we must have some .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21121 *** Die meisten Android-Virenscanner sind unsicher *** --------------------------------------------- Eigentlich sollte AV-Software das Smartphone vor Schadcode schützen. Wie Forscher nun festgestellt haben, weisen viele Virenjäger für Android allerdings selbst eklatante Sicherheitsmängel auf. --------------------------------------------- http://heise.de/-3225169 *** Trend Micro enterprise products multiple vulnerabilities *** --------------------------------------------- Multiple enterprise products provided by Trend Micro Incorporated contain multiple vulnerabilities. --------------------------------------------- http://jvn.jp/en/jp/JVN48847535/ *** Trend Micro Internet Security multiple vulnerabilities *** --------------------------------------------- Trend Micro Internet Security provided by Trend Micro Incorporated contains multiple vulnerabilities. --------------------------------------------- http://jvn.jp/en/jp/JVN48789425/ *** Mitnick Attack Reappears at GeekPwn Macau Contest *** --------------------------------------------- Cao Yue, a Ph.D. student from University of California, Riverside, delivered a stunning show at the GeekPwn 2016 Macau Contest on May 12 attended by top-caliber white hat hackers worldwide. Cao succeeded in remotely hijacking TCP connections at his random choice. --------------------------------------------- http://www.prnewswire.com/news-releases/mitnick-attack-reappears-at-geekpwn… *** Hacker Lexicon: What Is Fuzzing? *** --------------------------------------------- Sometimes hacking isnt about taking a program apart: Its about throwing random objects at it to see what breaks. --------------------------------------------- http://www.wired.com/2016/06/hacker-lexicon-fuzzing/ *** [2016-06-02] Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway *** --------------------------------------------- The firmware for the cable modem Ubee EVW3226 contains multiple critical vulnerabilities, which can be exploited to gain full system-level access to the device. This allows for inspection, modification and redirection of traffic. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016… *** IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activityon SCADA Systems *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2016/06/irongate_ics_malware.h… *** TeamViewer users claim accounts hacked *** --------------------------------------------- TeamViewer is a remote desktop connection software that allows users to share screens and allow remote access from anywhere in the world. In the past 24 hours, many customers .. --------------------------------------------- http://www.inquisitr.com/3156809/teamviewer-accounts-hacked-users-claim/ *** Erpresser-Mails drohen mit Rufschädigung über Social Media *** --------------------------------------------- Erpresser machen sich die Berichterstattung über aktuelle Hackerangriffe zunutze, um Droh-Mails zu verschicken, in denen sie den Opfern damit drohen, sensible Informationen auf deren Online-Konten zu veröffentlichen. --------------------------------------------- http://heise.de/-3225619 *** 93% Of Phishing Emails Are Now Ransomware *** --------------------------------------------- According to the latest data from security firm PhishMe, 93% of all phishing emails as of the end of March contained encryption ransomware. The numbers .. --------------------------------------------- https://tech.slashdot.org/story/16/06/02/1356241/93-of-phishing-emails-are-… *** How Russian cybercrime bosses crafted a ransomware empire out of an economic crisis *** --------------------------------------------- Amid a crashing ruble and shaken markets due to global sanctions over Russian president Vladimir Putins .. --------------------------------------------- http://www.neowin.net/news/how-russian-cybercrime-bosses-crafted-a-ransomwa… *** XSA-178 *** --------------------------------------------- http://xenbits.xen.org/xsa/advisory-178.html *** XSA-175 *** --------------------------------------------- http://xenbits.xen.org/xsa/advisory-175.html

1 0

Tageszusammenfassung - Mittwoch 1-06-2016
by Daily end-of-shift report 01 Jun '16

01 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 31-05-2016 18:00 − Mittwoch 01-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Tor Browser 6.0: Ditches SHA-1 Support, Uses DuckDuckGo For Default Search Results *** --------------------------------------------- The version 6.0 of Tor Browser, a free software for enabling anonymous communication, is now available to download. The new version introduces several changes, including disabling SHA-1 support, and removing .. --------------------------------------------- https://tech.slashdot.org/story/16/05/31/1643234/tor-browser-60-ditches-sha… *** Drupal SQLi (Drupalgeddon) Attack Trend CVE-2014-3704 / SA-CORE-2014-005 *** --------------------------------------------- It has been over 19 months since Drupalgeddon, which refers to Drupal's Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it .. --------------------------------------------- https://blog.sucuri.net/2016/05/drupal-sqli-drupalgeddon-attack-trend-cve-2… *** Finding Conditional Drupal Database Spam *** --------------------------------------------- Nobody likes spam. It's never fun (unless you're watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what we deal with since our inception, giving us some pretty good .. --------------------------------------------- https://blog.sucuri.net/2016/05/finding-conditional-drupal-database-spam.ht… *** Cluster of 'megabreaches' compromises a whopping 642 million passwords *** --------------------------------------------- MySpace, Tumblr, and Fling are the latest services to join discredited LinkedIn. --------------------------------------------- http://arstechnica.com/security/2016/05/cluster-of-megabreaches-compromise-… *** Moxa UC 7408-LX-Plus Firmware Overwrite Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a firmware overwrite vulnerability in Moxa's UC 7408-LX-Plus device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-152-01 *** ABB PCM600 Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for one use of password hash with insufficient computational effort and three insufficiently protected credentials vulnerabilities in ABB's PCM600. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-152-02 *** Unfalsifiability of security claims *** --------------------------------------------- There is an inherent asymmetry in computer security: things can be declared insecure by observation, but not the reverse. There is no observation that allows us to declare an arbitrary system or technique secure. We .. --------------------------------------------- http://research.microsoft.com/pubs/256133/unfalsifiabilityOfSecurityClaims.… *** Lücke in ImageMagick und GraphicsMagick ermöglicht erneute Angriffe *** --------------------------------------------- Manipulierte Dateinamen können Schadcode über die popen()-Funktion des Betriebssystems zur Ausführung bringen. Patches stehen bereit. --------------------------------------------- http://heise.de/-3223811 *** Scrum.org hacked, may have lost crypto keys and some user data *** --------------------------------------------- Dont go dissing DevOps: a supplier has fessed up to a website vuln Scrum.org, the Scrum certification .. --------------------------------------------- www.theregister.co.uk/2016/06/01/scrumorg_hacked_may_have_lost_crypto_keys_… *** Heikle Sicherheitslücken in vorinstallierter Laptop-Software *** --------------------------------------------- http://derstandard.at/2000038006783 *** Microsoft: Spamfilter für Hotmail und Outlook kaputt *** --------------------------------------------- Unternehmen arbeitet mit Hochdruck an Lösung, manche Nutzer sollen "extreme Menge" an Spam-Mails erhalten --------------------------------------------- http://derstandard.at/2000038023486 *** The impossible task of creating a 'Best VPNs' list today *** --------------------------------------------- Our writer set out to make a list of reliable VPNs; turns out the task is complicated. --------------------------------------------- http://arstechnica.com/security/2016/06/aiming-for-anonymity-ars-assesses-t… *** VB2015 paper: Economic Sanctions on Malware *** --------------------------------------------- Financial pressure can be a proactive and potentially very effective tool in making our computer ecosystems safer. By cleverly employing various trust metrics and technologies such as digital signing, watermarking, and .. --------------------------------------------- https://www.virusbulletin.com/blog/2016/06/economic-sanctions-malware/ *** DRIDEX Poses as Fake Certificate in Latest Spam Run *** --------------------------------------------- At a glance, it seems that DRIDEX has dwindled its activities or operation, appearing only for a few days this May. This is quite unusual given that in the past five months or so, this prevalent online banking threat .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/dridex-poses-as-… *** Security: LG muss Android-Firmware reparieren *** --------------------------------------------- Zwei Sicherheitslücken in LGs-Android Firmware ermöglichen eine Reihe von Angriffen, teilweise auch aus der Ferne. Nutzer sollten schnell reagieren, die Updates stehen bereit. --------------------------------------------- http://www.golem.de/news/security-lg-muss-android-firmware-reparieren-1606-… *** Kindernahrung: Mein Baby Club von Hipp wurde gehackt *** --------------------------------------------- Kopierte Nutzerdaten sind immer ein Ärgernis - besonders, wenn die persönlichen Informationen von Kindern betroffen sind. Der Hersteller Hipp hat seine Kunden jetzt über einen Einbruch in die eigenen Serversysteme des Mein Baby Clubs informiert --------------------------------------------- http://www.golem.de/news/kindernahrung-mein-baby-club-von-hipp-wurde-gehack…

1 0

Tageszusammenfassung - Dienstag 31-05-2016
by Daily end-of-shift report 31 May '16

31 May '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 30-05-2016 18:00 − Dienstag 31-05-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Abgeschlossen: Wartungsarbeiten Dienstag, 31. 5. 2016 *** --------------------------------------------- Abgeschlossen: Wartungsarbeiten Dienstag, 31. 5. 201625. Mai 2016Am Dienstag, 31. Mai 2016, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen, diese können jeweils .. --------------------------------------------- http://www.cert.at/services/blog/20160525113745-1748.html *** Österreichische Handy-Signatur anfällig für Phishing *** --------------------------------------------- Mit einer sogenannten Handy-Signatur können Österreicher auch Dokumente für Kommunikation Behörden rechtsverbindlich unterschreiben. Doch die digitale Unterschrift lässt sich mit einem einfachen Phishing-Angriff fälschen. --------------------------------------------- http://heise.de/-3222980 *** Vulnerability in Citrix Studio Could Result in Insecure Access Policy Configuration *** --------------------------------------------- A vulnerability has been identified in Citrix Studio that could allow Access Policy rules to be set insecurely on the Citrix XenDesktop Delivery Controller. --------------------------------------------- https://support.citrix.com/article/CTX213045 *** Nach Kritik: Pornhub überarbeitet sein Bounty-Programm *** --------------------------------------------- Mit ihrem Bug-Bounty-Programm hat eine Pornoseite Schlagzeilen gemacht. Doch die Kommunikation mit den Hackern und die gezahlten Bountys sorgten für viel Kritik. Das Unternehmen verspricht jetzt Besserung. --------------------------------------------- http://www.golem.de/news/nach-kritik-pornhub-ueberarbeitet-sein-bounty-prog… *** Twitter paid out $322,420 in bug bounties *** --------------------------------------------- Researchers have proven that bug bounties are a cheaper way for discovering vulnerabilities than hiring full-time bug hunters would be and, in the last few years, many Internet and tech companies have instituted such programs. The security community has praised those who have, and the .. --------------------------------------------- https://www.helpnetsecurity.com/2016/05/31/twitter-bug-bounty/ *** Neuer Tor Browser setzt bei der Suche auf DuckDuckGo *** --------------------------------------------- Die bisherige Standardsuche Disconnect habe auf von Google auf Bing umgestellt, mit katastrophalem Ergebnis, begründen die Entwickler ihre Entscheidung. Weitere Änderungen betreffen Mac-Nutzer und die Anzeige von YouTube-Videos. --------------------------------------------- http://heise.de/-3210346 *** Bloatware Insecurity Continues to Haunt Consumer, Business Laptops *** --------------------------------------------- High-severity vulnerabilities were found in pre-installed software updaters present in consumer and business laptops from vendors such as Dell, HP, Lenovo, Asus and Acer. --------------------------------------------- http://threatpost.com/bloatware-insecurity-continues-to-haunt-consumer-busi…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily