Daily

daily@lists.cert.at

1 participants
3209 discussions

Tageszusammenfassung - Dienstag 5-01-2016
by Daily end-of-shift report 05 Jan '16

05 Jan '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 04-01-2016 18:00 − Dienstag 05-01-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** ProxieBack sneakily uses the victims server to bypass its own security *** --------------------------------------------- Palo Alto Networks has come across a new family of proxy-creating malware, called ProxyBack, that the company believes has been in the wild since 2014 and may have more than 20 versions now running. --------------------------------------------- http://www.scmagazine.com/proxieback-sneakily-uses-the-victims-server-to-by… *** Hocus-pocus! The stupidity of cybersecurity predictions *** --------------------------------------------- Every year, some publication asks me to come up with a list of my top 10 predictions for the security field, and every year I tell them they might as well just dust off an article I wrote a year earlier, with maybe a couple of buzzwords and a new technology added on. What you can generally expect in any given year is more of the same, with some slight variations.That doesn't stop people from making predictions, though. Vendors and supposed experts can't seem to control the urge, but... --------------------------------------------- http://www.cio.com/article/3019071/security/hocus-pocus-the-stupidity-of-cy… *** Matthew Garrett: Apple-Rechner eignen sich nicht für vertrauliche Arbeiten *** --------------------------------------------- Zwar kann mit UEFI Secure Boot und TPMs der Startprozess von Windows- und Linux-Rechnern einigermaßen abgesichert werden - dies ließe sich aber verbessern, sagt Security-Experte Matthew Garrett. Katastrophal sei die Lage dagegen bei Apple. --------------------------------------------- http://www.golem.de/news/matthew-garrett-apple-rechner-eignen-sich-nicht-fu… *** Comcast Home Security System Vulnerable to Attack *** --------------------------------------------- Comcast's Xfinity Home Security System is vulnerable to attacks that interfere with its ability to detect and alert to home intrusions. --------------------------------------------- http://threatpost.com/comcast-home-security-system-vulnerable-to-attack/115… *** Using IDAPython to Make Your Life Easier: Part 3 *** --------------------------------------------- In the first two posts of this series (Part 1 and Part 2), we discussed using IDAPython to make your life as a reverse engineer easier. Now let's look at conditional breakpoints. While debugging in... --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/01/using-idapython-to-make-… *** HTML5 Security Cheat Sheet *** --------------------------------------------- This OWASP cheat sheet serves as a guide for implementing HTML5 in a secure fashion. Contents include:Communication APIsStorage APIsGeolocationWeb WorkersSandboxed FramesOffline ApplicationsAnd... --------------------------------------------- http://www.net-security.org/secworld.php?id=19279 *** Nexus Security Bulletin - January 2016 *** --------------------------------------------- We have released a security update to Nexus devices through an over-the-air (OTA) update as part of our Android Security Bulletin Monthly Release process. [...] The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files. --------------------------------------------- https://source.android.com/security/bulletin/2016-01-01.html *** DSA-3432 icedove - security update *** --------------------------------------------- Multiple security issues have been found in Icedove, Debians version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors,integer overflows, buffer overflows and other implementation errors maylead to the execution of arbitrary code or denial of service. --------------------------------------------- https://www.debian.org/security/2016/dsa-3432 *** Puppet Enterprise Configuration Error Lets Remote Non-Whitelisted Users Access the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1034550 *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Jabber STARTTLS Downgrade Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS XR Software OSPF Link State Advertisement PCE Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Prime Infrastructure Frame Injection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Unified Communications Manager SQL Injection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** IBM Security Bulleins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects Rational Tau (CVE-2015-3194) *** http://www.ibm.com/support/docview.wss?uid=swg21973108 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Kenexa LCMS Premier on Cloud (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972649 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSource Dojo ToolKit affects IBM InfoSphere Master Data Management ( CVE-2015-5654) *** http://www.ibm.com/support/docview.wss?uid=swg21972787 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Partner Gateway Advanced/Enterprise editions(CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21973241 --------------------------------------------- *** IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2015-7456) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005574 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM TRIRIGA Application Platform (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972369 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business *** http://www.ibm.com/support/docview.wss?uid=swg21973135 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2015-5006, CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21972446 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affects IBM Rational Application Developer for WebSphere Software (CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21973785 --------------------------------------------- *** IBM Security Bulletin: IBM Tealeaf Customer Experience allows unauthorized access to system files (CVE-2015-4988) *** http://www.ibm.com/support/docview.wss?uid=swg21968868 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affects IBM Rational Application Developer for WebSphere Software (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21972455 --------------------------------------------- *** IBM Security Bulletin:Vulnerability in OpenSSL affects IBM PureApplication System. (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21974116 --------------------------------------------- *** IBM Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues *** http://www.ibm.com/support/docview.wss?uid=swg21972384 --------------------------------------------- Next End-of-Shift report on 2016-01-07

1 0

Tageszusammenfassung - Montag 4-01-2016
by Daily end-of-shift report 04 Jan '16

04 Jan '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 31-12-2015 18:00 − Montag 04-01-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Identische SSH-Schlüssel auf Hetzner-Servern *** --------------------------------------------- Aufgrund identischer SSH-Schlüssel können Angreifer verschlüsselte Verbindungen von Servern von Hetzner belauschen. --------------------------------------------- http://heise.de/-3057777 *** Difficult to block JavaScript-based ransomware can hit all operating systems *** --------------------------------------------- A new type of ransomware that still goes undetected by the great majority of AV solutions has been spotted and analyzed by Emsisoft researchers (via Google Translate). Ransom32 is delivered on the ... --------------------------------------------- http://www.net-security.org/malware_news.php?id=3184 http://blog.emsisoft.com/de/2016/01/01/meet-ransom32-the-first-javascript-r… *** Apple had more CVEs than any single MS product in 2015, but it doesnt really matter *** --------------------------------------------- Meaningless league table sparks silly schadenfreude A count of the number of CVEs issues on different platforms in 2015 has concluded that Apple was the most-advisoried operating system of the year, leading to gloating headlines that OS X is the "most vulnerable" of the lot. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/01/04/apple_had_m… *** Cisco Jabbers in the clear due to STARTTLS bug *** --------------------------------------------- Sysadmins get a belated Christmas present Twas the night before Christmas, when sysadmins probably werent watching their advisory feeds, that Cisco announced a vulnerability in its Jabber for Windows. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/01/04/cisco_jabbe… *** BlackEnergy cyberespionage group adds disk wiper and SSH backdoor to its arsenal *** --------------------------------------------- A cyberespionage group focused on companies and organizations in the energy sector has recently updated its arsenal with a destructive data-wiping component and a backdoored SSH server.The group is known in the security community as Sandworm or BlackEnergy, after its primary malware tool, and has been active for several years. It has primarily targeted companies that operate industrial control systems, especially in the energy sector, but has also gone after high-level government organizations,... --------------------------------------------- http://www.cio.com/article/3018790/blackenergy-cyberespionage-group-adds-di… *** The current state of boot security *** --------------------------------------------- I gave a presentation at 32C3 this week. One of the things I said was "If any of you are doing seriously confidential work on Apple laptops, stop. For the love of god, please stop." I didnt really have time to go into the details of that at the time, but right now Im sitting on a plane with a ridiculous sinus headache and the pseudoephedrine hasnt kicked in yet so here we go.The basic premise of my presentation was that its very difficult to determine whether your system is in a... --------------------------------------------- http://mjg59.dreamwidth.org/39339.html *** A Tip For The Analysis Of MIME Files, (Sat, Jan 2nd) *** --------------------------------------------- Ive written a diary entry about malicious MS Office documents stored as MIME files. A few days ago a reader contacted me for a problem he had analyzing such a maldoc MIME file. When he used emldump to analyze his sample (f67aa5a3ede3d31c5a68494c0678e2ee), it was not a multipart: $ ./emldump.py f67aa5a3ede3d31c5a68494c0678e2ee.vir 1: boundary=----=_NextPart_Jm9Ovypy.uUh6MCk charset=us-ascii $ You can make emldump skip this first line with option -H: $ ./emldump.py -H... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20561&rss *** More Internet of Things irony: a security alarm with alarming security *** --------------------------------------------- Imagine that a crook could change the text ALARM STATUS RED in your intruder alarm alerts to say ALARM STATUS GREEN... --------------------------------------------- https://nakedsecurity.sophos.com/2016/01/03/more-internet-of-things-irony-a… *** DFN-CERT-2016-0001: Mozilla Firefox, Network Security Services: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen *** --------------------------------------------- Bitte beachten Sie: Zur Behebung der hier genannten Schwachstelle hat Mozilla am 28. Dezember 2015 das Security Advisory MFSA2015-150 veröffentlicht, dieses aber kurze Zeit später, ohne Angaben von Gründen, wieder zurückgezogen. Zeitgleich wurde die Firefox Version 43.0.3 bereitgestellt. Ob die hier genannte Schwachstelle in der Version also tatsächlich behoben ist, ist unklar. In den Release Notes zur Firefox Version 43.0.3 wird die Schwachstelle nicht genannt. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0001/ *** Mozilla Firefox MD5 Signature Support in TLS ServerKeyExchange Messages Exposes Users to Hash Collision Forgery Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1034541 *** DFN-CERT-2016-0004: Mozilla Thunderbird: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0004/ *** Bugtraq: OSS-2016-03: Insufficient Integrity Protection in Winkhaus Bluesmart locking systems using Hitag S *** --------------------------------------------- http://www.securityfocus.com/archive/1/537223 *** Bugtraq: OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag *** --------------------------------------------- http://www.securityfocus.com/archive/1/537224 *** Bugtraq: Confluence Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/537232 *** DSA-3433 samba - security update *** --------------------------------------------- Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,print, and login server for Unix. The Common Vulnerabilities andExposures project identifies the following issues: --------------------------------------------- https://www.debian.org/security/2016/dsa-3433 *** PCRE Heap Overflow in pcre_compile2() in Processing Certain Regex Patterns May Let Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1034555 *** #2015-012 Ganeti multiple issues *** --------------------------------------------- Ganeti, an open source virtualization manager, suffers from multiple issues in its RESTful control interface (RAPI). --------------------------------------------- http://www.ocert.org/advisories/ocert-2015-012.html

1 0

Tageszusammenfassung - Mittwoch 30-12-2015
by Daily end-of-shift report 30 Dec '15

30 Dec '15

======================= = End-of-Shift Report = ======================= Timeframe: Dienstag 29-12-2015 18:00 − Mittwoch 30-12-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Microsoft may have your encryption key; here's how to take it back *** --------------------------------------------- It doesnt require you to buy a new copy of Windows. --------------------------------------------- http://arstechnica.com/information-technology/2015/12/microsoft-may-have-yo… *** Actor using Rig EK to deliver Qbot - update, (Wed, Dec 30th) *** --------------------------------------------- Introduction This diary is a follow-up to my previous diary on the actor using Rig exploit kit (EK) to deliver Qbot [1]. For this diary, Ive infected more Windows hosts from other compromised websites, so we have additional data on this actor. As previously noted, this actor has been delivering Qbot (also known as Qakbot) malware. The actor uses a gate to route traffic from the compromised website to the EK landing page. In this case, the gate returns a variable that is translated to a URL for... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20551&rss *** The Truth is in Your Logs! *** --------------------------------------------- [The post The Truth is in Your Logs! has been first published on /dev/random]Keeping an eye on logs is boring... but mandatory! Hopefully, sometimes it can reveal funny stuffs! It looks like people at the CCC are having some fun too while their annual conference is ongoing... Here is what I got in my Apache logs this morning: 151.217.177.200 - - [30/Dec/2015:06:51:22 +0100] "DELETE your logs. \ Delete your installations. Wipe everything clean. Walk out into the... --------------------------------------------- https://blog.rootshell.be/2015/12/30/the-truth-is-in-your-logs/ *** Killed by Proxy: Analyzing Client-end TLS Interception Software *** --------------------------------------------- Topic: Killed by Proxy: Analyzing Client-end TLS Interception Software Risk: Medium Text:Abstract—To filter SSL/TLS-protected traffic, some antivirus and parental-control applications interpose a TLS proxy in the... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015120310 *** 32C3: Automatisierte Sicherheitstests für das Internet der Dinge *** --------------------------------------------- Ein französisch-deutsches Forscherteam hat eine Emulationsumgebung entwickelt, mit der sich dynamische Penetrationstests von Firmware vernetzter Elektronikgeräte maschinell durchführen lassen. Erste Ergebnisse sprechen für sich. --------------------------------------------- http://heise.de/-3056880 *** Cloud Computing: Attacks Vectors and Counter Measures *** --------------------------------------------- I can bet that some of you might have missed the news about Star Wars, but there will be hardly any who do not know what Cloud computing is, as this has been the buzz for last several years. In this article, we will learn about various types of attacks that are possible in a... --------------------------------------------- http://resources.infosecinstitute.com/cloud-computing-attacks-vectors-and-c… *** Chrome: Google-Entwickler zerpflückt Antiviren-Addon *** --------------------------------------------- Eine Chrome-Erweiterung des Antiviren-Herstellers AVG habe so viele Sicherheitslücken gehabt, dass es auch Malware hätte sein können, schreibt ein Google-Entwickler. Die Fehler sind zwar behoben, das Addon könnte aber trotzdem aus dem Chrome-Store verbannt werden. --------------------------------------------- http://www.golem.de/news/chrome-google-entwickler-zerpflueckt-antiviren-add… *** Misconfigured databases, a growing threat *** --------------------------------------------- It has become commonplace to find misconfigured databases exposed to the public Internet. Last summer alone - 1,175 terabytes (approximately 1.1 petabytes) of data was left wide open for the amusement of inquiring minds and malicious hackers alike - ranging from SMBs to Fortune 500 companies. --------------------------------------------- http://darkmatters.norsecorp.com/2015/12/29/misconfigured-databases-a-growi… *** Mobile malware review for 2015 *** --------------------------------------------- December 30, 2015 The last year proved to be another challenging period for the smartphones and tablets owners. Cybercriminals continued to target users of Android devices - thus, the majority of "mobile" threats and unwanted software discovered in 2015 were intended for this platform. In particular, banking Trojans, Android ransomware, advertising modules, and SMS Trojans expanded their activity. Besides, this year witnessed a growing number of malware pre-installed into... --------------------------------------------- http://news.drweb.com/show/?i=9779&lng=en&c=9 *** Using IDAPython to Make Your Life Easier: Part 1 *** --------------------------------------------- As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2... --------------------------------------------- http://researchcenter.paloaltonetworks.com/2015/12/using-idapython-to-make-… *** The weird and wacky of 2015: strange security and privacy stories *** --------------------------------------------- These wacky stories remind us how important cybersecurity and online privacy have become in all areas of our lives. --------------------------------------------- https://nakedsecurity.sophos.com/2015/12/29/the-weird-and-wacky-of-2015-str… *** Steam blows as games websites security collapse *** --------------------------------------------- Christmas hiccup on gaming platform exposed user information to others --------------------------------------------- http://www.scmagazine.com/steam-blows-as-games-websites-security-collapse/a… *** 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 52.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/2755801 *** PHP Class Name Format String Flaw Lets Remote Users Execute Arbitrary C ode *** --------------------------------------------- http://www.securitytracker.com/id/1034543 *** Security Advisory: Apache HTTPD vulnerability CVE-2010-2791 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23332326.html?… *** Security Advisory: Apache vulnerability CVE-2011-3639 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/20/sol20979231.html?… *** AVG Anti-Virus Flaws in Web TuneUp Chrome Extension Lets Remote Users Obtain Potentially Sensitive Information on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1034547 Next End-of-Shift Report on 2016-01-04.

1 0

Tageszusammenfassung - Dienstag 29-12-2015
by Daily end-of-shift report 29 Dec '15

29 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 28-12-2015 18:00 − Dienstag 29-12-2015 18:00 Handler: L. Aaron Kaplan Co-Handler: Stephan Richter *** Security Updates Available for Adobe Flash Player (APSB16-01) *** --------------------------------------------- A security bulletin (APSB16-01) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1305 *** Quick Tips to Protect Your New (and old) Apple Devices *** --------------------------------------------- Apple has projected yet another record holiday for sales, but this should come as no surprise to fellow "Macheads". I myself, am a huge fan of Apple and have been for a quite...read moreThe post Quick Tips to Protect Your New (and old) Apple Devices appeared first on Webroot Threat Blog. --------------------------------------------- http://www.webroot.com/blog/2015/12/28/18251/ *** 2016 Reality: Lazy Authentication Still the Norm *** --------------------------------------------- My PayPal account was hacked on Christmas Eve. The perpetrator tried to further stir up trouble by sending my PayPal funds to a hacker gang that recruits for the terrorist group ISIS. Although the intruder failed to siphon any funds, the successful takeover of the account speaks volumes about why most organizations -- including many financial institutions -- remain woefully behind the times in authenticating their customers and staying ahead of identity thieves. --------------------------------------------- http://krebsonsecurity.com/2015/12/2016-reality-lazy-authentication-still-t… *** An Overview of the Upcoming libModSecurity *** --------------------------------------------- libModSecurity is a major rewrite of ModSecurity. It preserves the rich syntax and feature set of ModSecurity while delivering improved performance, stability, and a new experience in easy integration on different. libModSecurity - Motivations While ModSecurity version 2.9.0 is available... --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/An-Overview-of-the-Upcoming-… *** Forscher: Herzschrittmacher für Hackerangriffe und Softwarefehler anfällig *** --------------------------------------------- Forscherin und Patientin Marie Moe sprach auf dem Hackerkongress 32C3 über das Thema --------------------------------------------- http://derstandard.at/2000028215506 *** Lets Encrypt: Ein kostenfreies Zertifikat, alle zwei Sekunden *** --------------------------------------------- Der Start der neuen Certificate Authority Lets Encrypt hat offenbar recht gut funktioniert. Nach nur rund einem Monat im Betabetrieb ist das Projekt schon die fünftgrößte CA der Welt. Doch es gibt noch einige Aufgaben zu bewältigen. --------------------------------------------- http://www.golem.de/news/let-s-encrypt-ein-kostenfreies-zertifikat-alle-zwe… *** 32C3: pushTAN-App der Sparkasse nach wie vor angreifbar *** --------------------------------------------- Zwischen Erlanger Sicherheitsforschern und dem Sparkassenverband hat sich ein Katz-und-Maus-Spiel um die Online-Banking-App "pushTAN" entwickelt. Die jüngste Version ließe sich weiter recht einfach angreifen, sagen Experten. --------------------------------------------- http://heise.de/-3056667 *** 32C3: Verschlüsselung gängiger RFID-Schließanlagen geknackt *** --------------------------------------------- RFID-Transponderkarten, die für die elektronische Zutrittskontrolle genutzt werden, lassen sich Sicherheitsexperten zufolge oft "trivial einfach" klonen. --------------------------------------------- http://heise.de/-3056646 *** Geldautomaten-Skimming auf dem Rückzug *** --------------------------------------------- Die Milliardeninvestitionen von Banken und Handel in mehr Sicherheit zeigen Wirkung: Datendiebe kommen am Geldautomat in Deutschland immer seltener zum Zug. Doch noch finden die Kriminellen Löcher im System. --------------------------------------------- http://heise.de/-3056638 *** Microsoft Has Your Encryption Key If You Use Windows 10 *** --------------------------------------------- An anonymous reader writes with this bit of news from the Intercept. If you login to Windows 10 using your Microsoft account, your computer automatically uploads a copy of your recovery key to a Microsoft servers. From the article: "The fact that new Windows devices require users to backup their recovery key on Microsofts servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/YfNKeGMMq1o/microsoft-has-y… *** Voice over LTE: Angriffe auf mobile IP-Telefonie vorgestellt *** --------------------------------------------- Talks, die Albträume über mobile Kommunikation auslösen, haben beim CCC Tradition. Dieses Mal haben zwei koreanische Studenten Angriffe auf Voice over LTE vorgeführt. In Deutschland soll das angeblich nicht möglich sein. --------------------------------------------- http://www.golem.de/news/voice-over-lte-mobile-ip-telefonie-kann-abgehoert-… *** Fixing JavaScripts Broken Random Number Generator *** --------------------------------------------- szczys writes: It is surprising to learn how broken the JavaScript Random Number Generator has been for the past six years. The problem is compounded by the fact that Node.js uses the same broken Math.random() module. Learning about why this is broken is interesting, but perhaps even more interesting is how the bad code got there in the first place. It seems that a forum thread from way back in 1999 shared two versions of the code. If you read to the end of the thread you got the working --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/GG87DY0k6I4/fixing-javascri… *** DFN-CERT-2015-2002: Roundcubemail: Zwei Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-2002/ *** libtiff bmp file Heap Overflow *** --------------------------------------------- Topic: libtiff bmp file Heap Overflow Risk: High Text:Details = Product: libtiff Affected Versions: <= 4.0.6 Vulnerability Type: Heap Overflow Security Risk: High Vendor U... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015120304

1 0

Tageszusammenfassung - Montag 28-12-2015
by Daily end-of-shift report 28 Dec '15

28 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 23-12-2015 18:00 − Montag 28-12-2015 18:00 Handler: L. Aaron Kaplan Co-Handler: Stephan Richter *** Malware-Driven Card Breach at Hyatt Hotels *** --------------------------------------------- Hyatt Hotels Corporation said today it recently discovered malicious software designed to steal credit card data on computers that operate the payment processing systems for Hyatt-managed locations. --------------------------------------------- http://krebsonsecurity.com/2015/12/malware-driven-card-breach-at-hyatt-hote… *** Using WPScan: Finding WordPress Vulnerabilities *** --------------------------------------------- When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. The database at wpvulndb.com is used to check for vulnerable software and the WPScan team maintains the ever-growing list ofRead More The post Using WPScan: Finding WordPress Vulnerabilities appeared first on Sucuri Blog. --------------------------------------------- https://blog.sucuri.net/2015/12/using-wpscan-finding-wordpress-vulnerabilit… *** NSA und GCHQ nutzen seit Jahren Hintertüren in Juniper-Firewalls *** --------------------------------------------- Geheimes Dokument aus 2011 zeigt Zusammenarbeit der zwei Geheimdienste --------------------------------------------- http://derstandard.at/2000028055853 *** Victims of the Gomasom Ransomware can now decrypt their files for free *** --------------------------------------------- Fabian Wosar, security researcher at Emsisoft, created a tool for decrypting files locked by the Gomasom Ransomware. Ransomware are the most threatening cyber threats for end-users, but today I have a good news for victims of the Gomasom ransomware, victims can rescue their locked files. The news was spread by the security researcher Fabian Wosar that developed a... --------------------------------------------- http://securityaffairs.co/wordpress/43074/malware/decrypt-gomasom-ransomwar… *** Hacker zeigen massive Lücken bei Bankomatkarten *** --------------------------------------------- Vor Publikum PIN ausgelesen, Prepaid-Karte aufgeladen und Zahlungen umgeleitet --------------------------------------------- http://derstandard.at/2000028162750 *** 32C3: Hardware-Trojaner als unterschätzte Gefahr *** --------------------------------------------- Fest in IT-Geräte und Chips eingebaute Hintertüren stellten eine "ernste Bedrohung" dar, warnten Sicherheitsexperten auf der Hackerkonferenz. Sie seien zwar nur mit großem Einwand einzubauen, aber auch schwer zu finden. --------------------------------------------- http://heise.de/-3056452 *** 32C3: Dieselgate und die omninöse Akustik-Funktion *** --------------------------------------------- Kann die Manipulation der Abgaswerte bei Volkswagen wirklich das Werk einzelner Ingenieure sein? Auf dem CCC-Congress erteilten ein Insider und ein Hacker dieser Legende eine Absage. --------------------------------------------- http://heise.de/-3056438 *** 32C3: Automatische Zugsicherung und vernetzte Bahntechnik im Hackervisier *** --------------------------------------------- Eine Hackergruppe, die sich auf Industrieanlagen konzentriert, hat diverse Angriffsflächen rund um vernetzte Systeme zur Zugkontrolle ausgemacht. Veraltete Software sowie unsichere Passwörter seien dort "überall" zu finden. --------------------------------------------- http://heise.de/-3056484 *** DSA-3430 libxml2 - security update *** --------------------------------------------- Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an application using libxml2, would cause that application to use anexcessive amount of CPU, leak potentially sensitive information, orcrash the application. --------------------------------------------- https://www.debian.org/security/2015/dsa-3430 *** GIT git-remote-ext Helper URL Processing Lets Remote Users Execute Arbitrary Commands on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1034501 *** F5 Security Advisory: Apache vulnerability CVE-2010-0434 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/40/sol40284849.html?… *** EMC Secure Remote Services Virtual Edition Directory Traversal Flaw Lets Remote Authenticated Users View Files on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1034530 *** Cisco Jabber for Windows STARTTLS Downgrade Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Vuln: Dnsmasq CVE-2015-3294 Remote Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/74452 *** IDM 4.5 - 4.0.2 Midrange Driver Patch 4.0.2 *** --------------------------------------------- Abstract: Identity Manager Midrange: IBM i (i5/OS and OS/400) driver patch for the Identity Manager versions 4.0.2 or higher. Driver version will show i5os Driver Version 4.0.2 IDM 4.0.2 Build Date 20151207_1437IDM 4.5.x Build Date 201512071006 To see the version run I5OSDRV/I5OSDRV OPTION(*VERSION)Document ID: 5230811Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm45-402midrangepatch2.tar.gz (96.31 MB)Products:Identity Manager 4.0.2Identity Manager... --------------------------------------------- https://download.novell.com/Download?buildid=HsE3grsz-TU~ *** DFN-CERT-2015-1999: libvirt: Eine Schwachstelle ermöglicht die Manipulation von Dateien *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1999/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Websphere Liberty Profile (WLP) affect Power Management Console (CVE-2015-2017, CVE-2015-1927, CVE-2015-4938) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021040 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2015-7410) *** http://www.ibm.com/support/docview.wss?uid=swg21972676 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Linux-PAM affects PowerKVM (CVE-2015-3238) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022880 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in pam affect Power Management Console (CVE-2015-3238) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021041 --------------------------------------------- *** IBM Security Bulletin: A denial of service vulnerability affects IBM Sterling B2B Integrator (CVE-2014-0050) *** http://www.ibm.com/support/docview.wss?uid=swg21972944 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK including Logjam affect IBM PureApplication System. (CVE-2015-4000, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, and CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21973591 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931 and CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21973439 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM Integration Designer and WebSphere Integration Developer (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21972087 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-4962, CVE-2015-4946) *** http://www.ibm.com/support/docview.wss?uid=swg21973404 --------------------------------------------- *** IBM Security Bulletin: Malformed ECParameters causes infinite loop (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023038 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities affect AppScan Enterprise *** http://www.ibm.com/support/docview.wss?uid=swg21972830 --------------------------------------------- *** IBM Security Bulletin: Clickjack vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-1928) *** http://www.ibm.com/support/docview.wss?uid=swg21973200 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Content Manager Enterprise Edition (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21973416 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM Tivoli Storage Manager Client and IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, *** http://www.ibm.com/support/docview.wss?uid=swg21973383 --------------------------------------------- *** IBM Security Bulletin: Privilege escalation coverage gap in IBM SPSS Statistics (CVE-2015-7489) *** http://www.ibm.com/support/docview.wss?uid=swg21973502 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023034 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005474 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i. *** http://www.ibm.com/support/docview.wss?uid=nas8N1021047 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Monitoring clients (CVE-2015-2590 plus additional CVEs.) *** http://www.ibm.com/support/docview.wss?uid=swg21964027 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 23-12-2015
by Daily end-of-shift report 23 Dec '15

23 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 22-12-2015 18:00 − Mittwoch 23-12-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** 2015 Ransomware Wrap-Up *** --------------------------------------------- Heres a rundown of the innovative ransomware that frightened users and earned attackers big bucks this year. --------------------------------------------- http://www.darkreading.com/endpoint/2015-ransomware-wrap-up/d/d-id/1323424 *** 3-in-1 Malware Infection through Spammed JavaScript Attachments *** --------------------------------------------- Recently weve observed a massive uptick of malicious spam with JavaScript attachments with an intention to spread and infect Windows systems with variety of malicious executables. The spam usually contains a ZIP file attachment containing only one JavaScript file. The .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/3-in-1-Malware-Infectio… *** IT bloke: Crooks stole my bikes after cycling app blabbed my address *** --------------------------------------------- Brit suffers from GPS accuracy An IT manager in Manchester, England, says thieves stole his bikes after a smartphone cycling app pinpointed the location of his garage .. --------------------------------------------- www.theregister.co.uk/2015/12/22/it_manager_loses_bikes_after_cycling_app_p… *** Xen Project blunder blows own embargo with premature bug report *** --------------------------------------------- Malicious guest could eat your virtual rigs from the inside The Xen Project has reported a new bug, XSA-169, that means 'A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack.' .. --------------------------------------------- www.theregister.co.uk/2015/12/23/xen_blunder_blows_own_embargo_with_prematu… *** Expect Phishers to Up Their Game in 2016 *** --------------------------------------------- Expect phishers and other password thieves to up their game in 2016: Both Google and Yahoo! are taking steps to kill off the password as we know it.New authentication methods now offered by Yahoo! and to a beta group of Google users let customers log in just by supplying their email address, and then responding to a notification sent to their mobile device. --------------------------------------------- http://krebsonsecurity.com/2015/12/expect-phishers-to-up-their-game-in-2016 *** Why it's harder to forge a SHA-1 certificate than it is to find a SHA-1 collision *** --------------------------------------------- It's well known that SHA-1 is no longer considered a secure cryptographic hash function. Researchers now believe that finding a hash collision (two values that result in the same value when SHA-1 is applied) is inevitable and likely to happen in a matter of months. This poses a potential threat to trust on the web, as many websites use certificates that are digitally signed with algorithms that rely on SHA-1. Luckily for everyone, finding a hash collision is not enough to forge a digital --------------------------------------------- https://blog.cloudflare.com/why-its-harder-to-forge-a-sha-1-certificate-tha… *** Cyberangriffe auf türkische Internetserver *** --------------------------------------------- Unklare Hintergründe - Steckt Russland dahinter? Oder Anonymous? --------------------------------------------- http://derstandard.at/2000028013290 *** Hacker: Filmstars mit Problemen im Netz *** --------------------------------------------- Brandneue Spielfilme wie der jüngste Western von Quentin Tarantino sind im Internet aufgetaucht. Eine Reihe weiterer Stars hat ganz andere Probleme: Ein Hacker ist an Sexvideos und persönliche Daten von ihnen gelangt - er wurde allerdings nun verhaftet. --------------------------------------------- http://www.golem.de/news/hacker-filmstars-mit-problemen-im-netz-1512-118179… *** How a security director used a rootkit to rig the lottery and steal millions of dollars *** --------------------------------------------- Not too long ago, Eddie Tipton was convicted of hacking into the Multi-State Lottery Association's computer system in order to rig a nearly $17 million jackpot in Iowa. Now comes word that an investigation into Tipton's hacking activities is expanding to include a number of other states. Thus far, lottery officials from Colorado, Wisconsin and Oklahoma have indicated that Tipton may have also gamed lottery jackpots in their respective states. --------------------------------------------- https://bgr.com/2015/12/23/lottery-hacker-rootkit-stolen-numbers-investigat… *** Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for NTP daemon vulnerabilities in the Siemens RUGGEDCOM ROX-based devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01 Aufgrund der Weihnachtsfeiertage erscheint der nächste End-of-Shift Report erst am 28.12.2015.

1 0

Tageszusammenfassung - Dienstag 22-12-2015
by Daily end-of-shift report 22 Dec '15

22 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 21-12-2015 18:00 − Dienstag 22-12-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** IBM Security Bulletin: Blind SQL injection vulnerability in IBM OpenPages GRC Platform API (CVE-2015-5049) *** --------------------------------------------- A blind SQL injection vulnerability has been found in the OpenPages GRC Platform API that could allow retrival or manipulation of information in the database. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970590 *** Cisco IOS XE Software Packet Processing Denial of Service Vulnerability *** --------------------------------------------- The vulnerability is due to incorrect processing of packets that have a source MAC address of 0000:0000:0000. An attacker could exploit this vulnerability by sending a frame that has a source MAC address of all zeros to an affected device. A successful exploit could allow the attacker to cause the device to reload. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** [20151207] - Core - SQL Injection *** --------------------------------------------- Inadequate filtering of request data leads to a SQL Injection vulnerability. --------------------------------------------- https://developer.joomla.org/security-centre/640-20151207-core-sql-injectio… *** [20151206] - Core - Session Hardening *** --------------------------------------------- The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). This fixes the bug across all supported PHP versions. --------------------------------------------- https://developer.joomla.org/security-centre/639-20151206-core-session-hard… *** First Exploit Attempts For Juniper Backdoor Against Honeypot *** --------------------------------------------- We are detecting numerous login attempts against our ssh honeypots using the ScreenOSbackdoor password. Our honeypot doesnt emulate ScreenOS beyond the login banner, so we do not know what the attackers are up to, but some of the attacks appear to be manual in that we do see the attacker trying different .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20525 *** Protecting Your Sites from Apache.Commons Vulnerabilities *** --------------------------------------------- A few weeks ago, FoxGlove Security released this important blog post that includes several Proof-of-Concepts for exploiting Java unserialize vulnerabilities. A remote attacker can gain Remote Code Execution by sending specially crafted payload to any endpoint expecting a serialized .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Protecting-Your-Sites-f… *** Oracle muss Java-Updates nachbessern *** --------------------------------------------- Alte Java-Versionen müssen restlos von Computern verschwinden. Dafür muss Oracle sorgen. --------------------------------------------- http://heise.de/-3052761 *** Shopshifting: Sicherheitsforscher decken Lücken im elektronischen Zahlungsverkehr auf *** --------------------------------------------- Bezahl-Terminals sprechen übers Netz mit ihrer Kasse und dem Bezahldienstleister. Beide Kommunikationskanäle weisen Schwächen auf, die ein Angreifer nutzen kann, um Kunden oder Ladeninhaber auszuplündern. --------------------------------------------- http://heise.de/-3052165 *** rt-sa-2015-013 *** --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2015-013.txt *** Juniper backdoors *** --------------------------------------------- Juniper hat in einem Advisory (hier unsere unsere Warnung dazu) der Welt gesagt, dass sie bei einem Code-Audit zwei Hintertüren in ScreenOS gefunden haben.Die eine ist eine technisch ziemlich triviale Sache: ein konstantes Passwort erlaubt den Login per ssh oder telnet. Angeblich hat es nur 6 Stunden gebraucht, um dieses .. --------------------------------------------- http://www.cert.at/services/blog/20151222153859-1646.html *** IBM Security Bulletin: Multiple XSS Vulnerabilities in IBM UrbanCode Deploy (CVE-2015-7415) *** --------------------------------------------- IBM UrbanCode Deploy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker .. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970811 *** Bericht: Hacker haben Teile des US-Stromnetzes infiltriert *** --------------------------------------------- In rund zwölf Fällen sollen Cyberangriffe auf Kontrollzentren von Energieversorgern in den USA während der vergangenen zehn Jahre erfolgreich gewesen sein. Der Hack des Anbieters Calpine ging wohl vom Iran aus. --------------------------------------------- http://heise.de/-3054887 *** Call for Papers: VB2016 Prague *** --------------------------------------------- VB seeks submissions for the 26th Virus Bulletin Conference.Virus Bulletin is seeking submissions from those wishing to present papers at VB2016, which will take place 5 to 7 October 2016 at the Hyatt Regency Denver Hotel in Denver, Colorado, USA.Originally started as an annual gathering of anti-virus experts, the .. --------------------------------------------- http://www.virusbtn.com/blog/2015/12_22.xml

1 0

Tageszusammenfassung - Montag 21-12-2015
by Daily end-of-shift report 21 Dec '15

21 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 18-12-2015 18:00 − Montag 21-12-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Update für Crimeware Kit Microsoft Word Intruder *** --------------------------------------------- Über Sicherheitslücken in Microsoft Word kann ein Dateianhang schon beim Öffnen Windows-Systeme infizieren. Der Autor des im Untergrund beliebten Crimeware Kits MWI legt jetzt mit neuen Exploits nach. --------------------------------------------- http://heise.de/-3049547 *** VMSA-2015-0009 *** --------------------------------------------- VMware product updates address a critical deserialization vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2015-0009.html *** VMSA-2015-0003.15 *** --------------------------------------------- VMware product updates address critical information disclosure issue in JRE --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2015-0003.html *** Avira Registry Cleaner DLL Hijacking *** --------------------------------------------- avira_registry_cleaner_en.exe, available from <https://www.avira.com/en/download/product/avira-registry-cleaner> to clean up remnants the uninstallers of their snakeoil products fail to remove, is vulnerable: it loads and executes WTSAPI32.dll, UXTheme.dll and RichEd20.dll from its application directory (tested and verified under Windows XP SP3 and Windows 7 SP1). --------------------------------------------- https://cxsecurity.com/issue/WLB-2015120223 *** PUPs Masquerade as Installer for Antivirus and Anti-Adware *** --------------------------------------------- If youre looking for download sites of programs you wish to install onto your machine or simply try out, you, dear Reader, would be better off dropping by their official websites. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/12/pups-masquerade-as-in… *** Joomla 0-Day Exploited In the Wild (CVE-2015-8562) *** --------------------------------------------- A recent new 0-day in Joomla discovered by Sucuri (Sucuri Blog) has drawn a lot of attention from the Joomla community, as well as attackers. Using knowledge gained from our recent research on Joomla (CVE-2015-7857, SpiderLabs Blog Post) and information .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-0-Day-Exploited-… *** Google Chrome: Abschied von SHA-1-siginierten SSL-Zertifikaten *** --------------------------------------------- Ab Anfang nächsten Jahres wird Google Chrome keine neu ausgestellten SHA-1-signierten SSL-Zertifikate von öffentlichen CAs mehr akzeptieren. SHA-1 gilt seit zehn Jahren als unsicher, wird aber immer noch von HTTPS-Sites verwendet. --------------------------------------------- http://heise.de/-3049749 *** The EPS Awakens - Part 2 *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-t… *** Facebook hammers another nail into Flashs coffin *** --------------------------------------------- The Social NetworkTM bins Adobes malware-magnet for video, adopts HTML5 Facebook has hammered puts another nail in to the coffin of Adobe Flash, by switching from the bug-ridden plug-in to HTML5 for all videos on the site. --------------------------------------------- www.theregister.co.uk/2015/12/21/facebook_dumps_flash_for_video/ *** Hello Kitty: Kinderdaten ungeschützt im Netz *** --------------------------------------------- Eine MongoDB-Datenbank mit den privaten Informationen zahlreicher Hello-Kitty-Fans wurde veröffentlicht. Vor allem Kinder dürften davon betroffen sein - und sollten ihre Passwörter bei anderen Diensten überprüfen. --------------------------------------------- http://www.golem.de/news/security-hello-kitty-gehackt-1512-118123.html *** XXX is Angler EK *** --------------------------------------------- http://malware.dontneedcoffee.com/2015/12/xxx-is-angler-ek.html *** Schnüffelcode in Juniper-Netzgeräten: Weitere Erkenntnisse und Spekulationen *** --------------------------------------------- Die Analysen der ScreenOS-Updates fördern vogelwilde Dinge zu Tage. So gab es zwei unabhängige Hintertüren. Die SSH-Backdoor kann dank des veröffentlichten Passworts jeder ausnutzen; die komplexere VPN-Lücke beruht wohl auf einer bekannten NSA-Backdoor. --------------------------------------------- http://heise.de/-3051260 *** The many attacks on Zengge WiFi lightbulbs *** --------------------------------------------- In August I decided to check out the cool new Internet Of Things. I bought a WiFi-enabled colorful LED lightbulb. It was a cheap Chinese one that costs almost nothing on Alibaba, but I paid probably around $50 on Amazon. It's built by a company called Zengge. It turned out that my new lightbulb was a router, an HTTP server, an HTTP proxy, and a lot more. --------------------------------------------- http://blog.viktorstanchev.com/2015/12/20/the-many-attacks-on-zengge-wifi-l…

1 0

Tageszusammenfassung - Freitag 18-12-2015
by Daily end-of-shift report 18 Dec '15

18 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 17-12-2015 18:00 − Freitag 18-12-2015 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** JSA10713 - 2015-12 Out of Cycle Security Bulletin: ScreenOS: Multiple Security issues with ScreenOS (CVE-2015-7755) *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10713 *** JSA10712 - 2015-12 Out of Cycle Security Bulletin: ScreenOS: Crafted SSH negotiation may trigger system crash (CVE-2015-7754) *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10712 *** Cisco Model DPQ3925 Wireless Residential Gateway Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Schneider Electric Modicon M340 Buffer Overflow Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a buffer overflow vulnerability in Schneider Electric's Modicon M340 PLC product line. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01 *** Motorola MOSCAD SCADA IP Gateway Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for Remote File Inclusion and Cross-Site Request Forgery vulnerabilities in Motorola Solutions MOSCAD IP Gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-02 *** eWON Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for several vulnerabilities in the eWON sa industrial router. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03 *** Microsoft will stop trusting certificates from 20 Certificate Authorities *** --------------------------------------------- Starting on January 2016, Microsofts Trusted Root Certificate Program will no longer include twenty currently trusted CAs and will remove their root certificates removed from the Trusted .. --------------------------------------------- http://www.net-security.org/secworld.php?id=19252 *** Docker and Enterprise Security: Establishing Best Practices *** --------------------------------------------- Virtualization containers, with their extraordinarily efficient hardware utilization, can be like a dream come true for development teams. While containerization will probably .. --------------------------------------------- http://resources.infosecinstitute.com/docker-and-enterprise-security-establ… *** IBM Security Bulletins *** --------------------------------------------- *** Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2015-1947) *** http://www.ibm.com/support/docview.wss?uid=swg21967131 --------------------------------------------- *** IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050 and 5710 are affected by multiple vulnerabilities in OpenSSL *** http://www.ibm.com/support/docview.wss?uid=swg21971298 --------------------------------------------- *** Multiple vulnerabilities in current releases of IBM SDK for Node.js in IBM Bluemix *** http://www.ibm.com/support/docview.wss?uid=swg21973447 --------------------------------------------- *** Multiple Security Vulnerabilities affect IBM Security Privileged Identity Manager Virtual Appliance *** http://www.ibm.com/support/docview.wss?uid=swg21972496 --------------------------------------------- *** Multiple vulnerabilities in IBM Java SDK affect Rational Functional Tester (CVE-2015-4872, CVE-2015-4734, CVE-2015-5006) *** http://www.ibm.com/support/docview.wss?uid=swg21972844 --------------------------------------------- *** A vulnerability in lighttpd affects IBM Security Virtual Server Protection for VMware (CVE-2015-3200) *** http://www.ibm.com/support/docview.wss?uid=swg21973291 --------------------------------------------- *** IBM Multiple vulnerabilities in IBM Java SDK affect IBM API Management *** http://www.ibm.com/support/docview.wss?uid=swg21972828 --------------------------------------------- *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer that could, in certain configurations, allow a malicious administrator of a guest VM to compromise the host or obtain potentially sensitive information from other guest VMs. In addition, a vulnerability has been identified that would allow certain applications running on a guest to cause that guest to crash. --------------------------------------------- https://support.citrix.com/article/CTX203879 *** Vuln: Microsoft Windows Environment Variable Expansion in PATH Security Bypass Weakness *** --------------------------------------------- http://www.securityfocus.com/bid/44484 *** Cisco IOS and IOS XE Software IKEv1 State Machine Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** SSA-472334 (Last Update 2015-12-18): NTP Vulnerabilities in RUGGEDCOM ROX-based Devices *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-472334… *** SSA-396873 (Last Update 2015-12-18): TLS Vulnerability in Ruggedcom ROS- and ROX-based Devices *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-396873… *** iOS banking apps security still not good enough, says researcher *** --------------------------------------------- Repeat test throws up improved results from 2013 but problems remain The security of mobile banking apps has improved over the .. --------------------------------------------- www.theregister.co.uk/2015/12/18/ios_banking_app_audit/

1 0

Tageszusammenfassung - Donnerstag 17-12-2015
by Daily end-of-shift report 17 Dec '15

17 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-12-2015 18:00 − Donnerstag 17-12-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Press Backspace 28 times to own unlucky Grub-by Linux boxes *** --------------------------------------------- Integer underflow fault means you can get into rescue mode and rummage around A pair of researchers from the University of Valencias Cybersecurity research group have found that if you press backspace 28 times, its possible to bypass authentication during boot-up on some Linux machines. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/12/17/press_backs… *** Checklist - How to Secure Your WordPress Website *** --------------------------------------------- We know that you care about what you build and protecting it is incredibly important. Hacks happen, and it's your job to reduce their likelihood to the lowest probability possible. We built this checklist of best practices to help you harden your website and protect you and your users from hacks. --------------------------------------------- https://www.wordfence.com/learn/checklist-how-to-secure-your-wordpress-webs… *** Privileged Access Workstations *** --------------------------------------------- Privileged Access Workstations (PAWs) provide a dedicated operating system for sensitive tasks that is protected from Internet attacks and threat vectors. Separating these sensitive tasks and accounts from the daily use workstations and devices provides very strong protection from phishing attacks, application and OS vulnerabilities, various impersonation attacks, and credential theft attacks such as keystroke logging, Pass-the-Hash, and Pass-The-Ticket. --------------------------------------------- https://technet.microsoft.com/en-US/library/mt634654.aspx *** F-Secure: Sandboxed Execution Environment *** --------------------------------------------- Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors (Qemu, VirtualBox, LXC) can be employed to run the Test Environments. Plugins can be added to a Test Environment which provides an Event mechanism synchronisation for their interaction. Users can enable and configure the plugins through a JSON configuration file. --------------------------------------------- https://github.com/F-Secure/see *** How do you know if your smartphone has been compromised? *** --------------------------------------------- Signs that may indicate a mobile infection: Has your phone been compromised? #1: You notice the system or apps behaving strangely #2: Your call or message history includes some unknown entries ... --------------------------------------------- http://www.welivesecurity.com/2015/12/16/know-smartphone-compromised/ *** XSS, SQLi bugs found in several Network Management Systems *** --------------------------------------------- Network Management System (NMS) offerings by Spiceworks, Ipswitch, Opsview and Castle Rock Computing have been found sporting several cross-site scripting and SQL injection flaws that could be exploit... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/hQ6oQHF5luA/secworld.php *** POS Malware Families: An insight into the Behavior of POS Malware *** --------------------------------------------- In a previous blog, we discussed why Point of Sale (POS) devices remain such an attractive target and described some different attack methods. As you can see from the infographic below, retail and POS have been (pardon the pun) "Targets" on an ongoing basis for the past few years, and the trend doesn't appear to be reversing, even with technologies such as EMV and P2PE. In this blog, we describe some of the different families of POS malware. POS Malware Common Features... --------------------------------------------- https://feeds.feedblitz.com/~/128665939/0/alienvault-blogs~POS-Malware-Fami… *** Xen Security Advisories *** --------------------------------------------- XSA-155 - paravirtualized drivers incautious about shared memory contents http://xenbits.xen.org/xsa/advisory-155.html --------------------------------------------- XSA-157 - Linux pciback missing sanity checks leading to crash http://xenbits.xen.org/xsa/advisory-157.html --------------------------------------------- XSA-164 - qemu-dm buffer overrun in MSI-X handling http://xenbits.xen.org/xsa/advisory-164.html --------------------------------------------- XSA-165 - information leak in legacy x86 FPU/XMM initialization http://xenbits.xen.org/xsa/advisory-165.html --------------------------------------------- XSA-166 - ioreq handling possibly susceptible to multiple read issue http://xenbits.xen.org/xsa/advisory-166.html --------------------------------------------- *** DFN-CERT-2015-1948: Samba: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1948/ *** Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security Advisory: BIND vulnerability CVE-2015-8000 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/34/sol34250741.html?… *** Multiple SQL Injection Vulnerabilities in Citrix Command Center Web User Interface Java Servlets *** --------------------------------------------- A number of SQL Injection vulnerabilities have been identified in the Administration Web UI servlets used by Citrix Command Center. These vulnerabilities, if exploited, could allow an authenticated user to insert malicious SQL queries into the application, potentially causing the alteration or deletion of system data. --------------------------------------------- http://support.citrix.com/article/CTX203787 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM API Management (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21965259 --------------------------------------------- *** IBM Security Bulletin: Fix available for Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2015-7447) *** http://www.ibm.com/support/docview.wss?uid=swg21973152 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Content Manager Services for Lotus Quickr (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21973096 --------------------------------------------- *** IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by privilege escalation vulnerability (CVE-2015-7429) *** http://www.ibm.com/support/docview.wss?uid=swg21973087 --------------------------------------------- *** IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by unauthorized access vulnerability (CVE-2015-7420) *** http://www.ibm.com/support/docview.wss?uid=swg21973086 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) - IBM Java SDK updates October 2015 *** http://www.ibm.com/support/docview.wss?uid=swg21973355 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (IHS) affect IBM Security SiteProtector System (CVE-2015-1283, CVE-2015-3183 and CVE-2015-4947) *** http://www.ibm.com/support/docview.wss?uid=swg21972470 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Content Collector for SAP Applications (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21973147 --------------------------------------------- *** IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Cinder information disclosure vulneraility (CVE-2015-1851) *** http://www.ibm.com/support/docview.wss?uid=nas8N1020980 --------------------------------------------- *** IBM Security Bulletin: Infosphere BigInsights is affected by a vulnerability in DB2 that allows users to truncate any table even though the owner of the table has not granted any privilege to any user/role/group (CVE-2015-5020) *** http://www.ibm.com/support/docview.wss?uid=swg21967923 --------------------------------------------- *** IBM Security Bulletin: Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21970400 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Commons affects OpenPages GRC Platform with Application Server (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972345 --------------------------------------------- *** IBM Security Bulletin: IBM Curam Social Program Management is Vulnerable to Reflected Cross-Site Scripting (CVE-2015-7402) *** http://www.ibm.com/support/docview.wss?uid=swg21970661 --------------------------------------------- *** ZDI-15-641: Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/LfsseiLCccs/ *** ZDI-15-643: Foxit Reader Will Print Action Use-After-Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/28dKwkM6_5M/ *** ZDI-15-642: Foxit Reader Will Save Document Action Use-After-Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/uY-c98zZjQI/ *** ZDI-15-644: Foxit Reader FlateDecode Heap Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/s3waojIPu0E/

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily