Daily

daily@lists.cert.at

3157 discussions

Tageszusammenfassung - Donnerstag 11-06-2015
by Daily end-of-shift report 11 Jun '15

11 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 10-06-2015 18:00 − Donnerstag 11-06-2015 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Increase in CryptoWall 3.0 from malicious spam and Angler exploit kit, (Thu, Jun 11th) *** --------------------------------------------- Introduction Since Monday2015-05-25(a bitmore than 2 weeks ago), weve seen a significantamount of CryptoWall 3.0 ransomware from">) and theAngler exploit kit (EK). A malspam campaign pushing CryptoWall 3.0 started as early as Monday 2015-05-25, but it hasincreased significantly since Monday 2015-06-08. The CryptoWall3.0push from Angler EK appears to have started around the same time. Both campaigns (malspam and Angler EK) were active as recently as Wednesday 2015-06-10. The timing of... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19785&rss *** Factsheet: Software has an expiry date *** --------------------------------------------- Software vendors regularly make announcements that certain versions of software will no longer be supported after a particular date. Such dates are known as End-of-Life. After the End-of-Life, software is no longer supported and can therefore not be considered to be secure. The NCSC advises to update systems after the announcement as soon as possible. --------------------------------------------- https://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/fac… *** Cyberangriff: Bundestag benötigt komplett neues Computer-Netzwerk *** --------------------------------------------- Das Computer-Netzwerk im Bundestag ist hinüber. Der Cyberangriff auf den deutschen Bundestag hat weitreichendere Folgen als bisher angenommen. Das Parlament muss ein völlig neues Computer-Netzwerk errichten. --------------------------------------------- http://www.golem.de/news/cyberangriff-bundestag-benoetigt-komplett-neues-co… *** Bundestag: "Von einem Totalschaden kann keine Rede sein" *** --------------------------------------------- Nur 15 Rechner sollen von dem Hacker-Angriff auf den Bundestag betroffen sein. Das berichtet der Unionsabgeordnete Thomas Jarzombek und beruft sich auf das BSI. --------------------------------------------- http://www.golem.de/news/bundestag-von-einem-totalschaden-kann-keine-rede-s… *** MSRT June 2015: BrobanDel *** --------------------------------------------- Providing further protections for our customers, this month we added three new malware families and two variants to the Microsoft Malicious Software Removal Tool (MSRT): Win32/Bagopos Win32/BrobanDel Win32/Gatak PWS:Win32/OnLineGames.AH PWS:Win32/OnLineGames.MV Gatak is a family of information-stealing malware that collects sensitive information and sends it to a remote attacker, if a system is compromised. Bagopos is another information-stealing malware family that targets credit card... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/06/09/msrt-june-2015-brobandel… *** Windows 10 to offer application developers new malware defenses *** --------------------------------------------- Application developers can now actively participate in malware defense - in a new way to help protect customers from dynamic script-based malware and non-traditional avenues of cyberattack. Microsoft is making that possible through the Antimalware Scan Interface (AMSI) - a generic interface standard that allows applications and services to integrate with any antimalware product present on a machine. AMSI is currently available through the Windows 10 Technical Preview, and will be fully... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/06/09/windows-10-to-offer-appl… *** Advances in Scripting Security and Protection in Windows 10 and PowerShell V5 *** --------------------------------------------- In the last several releases of Windows, we've been working hard to make the platform much more powerful for administrators, developers, and power users alike. PowerShell is an incredibly useful and powerful language for managing Windows domains. Unfortunately, attackers can take advantage of these same properties when performing "post-exploitation" activities (actions that are performed after a system has been compromised). The PowerShell team, recognizing this behavior, have --------------------------------------------- http://blogs.technet.com/b/srd/archive/2015/06/10/advances-in-scripting-sec… *** CSDanube *** --------------------------------------------- CERT.at ist keine isolierte Einrichtung, im Gegenteil: Wir kooperieren in diversen Kreisen mit anderen Institutionen und Firmen. Das reicht von unserer Einbettung in die Umsetzung der ÖSCS, lokalen Partnern in der Industrie und Forschung bis hin zur globalen Vernetzung der CERTs. In diesem Kontext nehmen wir an einem Projekt teil, dass im Rahmen des START Programms der Danube Region Strategy gefördert wird: Es geht bei diesem Projekt darum, dass die CERTs der Region... --------------------------------------------- http://www.cert.at/services/blog/20150611115640-1547.html *** Security Advisory: Object Injection Vulnerability in WooCommerce *** --------------------------------------------- Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Object Injection Patched Version: 2.3.11 During a routine audit for our WAF, we discovered a dangerous Object Injection vulnerability which could, in certain contexts, be used by an attacker to download any file on the vulnerable server. Are you at risk? The vulnerability is only... --------------------------------------------- https://blog.sucuri.net/2015/06/security-advisory-object-injection-vulnerab… *** Hospira Plum A+ and Symbiq Infusion Systems Vulnerabilities *** --------------------------------------------- This advisory provides publicly disclosed vulnerabilities and compensating measures for the Hospira Plum A+ and Symbiq Infusion System that are similar to vulnerabilities identified in the Hospira LifeCare PCA Infusion System discussed in the updated advisory ICSA-15-125-01B Hospira LifeCare PCA Infusion System Vulnerabilities. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01 *** HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. --------------------------------------------- https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04686230 *** Cisco IOS XR telnetd Packet Processing Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39293 *** Cisco Nexus and Cisco Multilayer Director Switches MOTD Telnet Login Reset Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39280 *** Cisco Identity Services Engine Improper Web Page Controls Privilege Escalation Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39299

1 0

Tageszusammenfassung - Mittwoch 10-06-2015
by Daily end-of-shift report 10 Jun '15

10 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 09-06-2015 18:00 − Mittwoch 10-06-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39256 http://tools.cisco.com/security/center/viewAlert.x?alertId=39257 http://tools.cisco.com/security/center/viewAlert.x?alertId=39240 *** MS15-JUN - Microsoft Security Bulletin Summary for June 2015 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS15-JUN *** VMSA-2015-0004 *** --------------------------------------------- VMware Workstation, Fusion and Horizon View Client updates address critical security issues .. --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0004.html *** Vawtrak Uses Tor2Web making hard to track down its servers *** --------------------------------------------- Security experts at Fortinet uncovered a new strain of the Vawtrak banking Trojan is implementing an obscuring mechanism based on the Tor2Web service. The authors of the banking Trojan Vawtrak are adopting a new tactic to hide the .. --------------------------------------------- http://securityaffairs.co/wordpress/37682/malware/vawtrak-uses-tor2web.html *** iOS und OS X: Apple könnte HTTPS für Apps erzwingen *** --------------------------------------------- Entwickler von Apps für iOS und OS X sollten "so schnell wie möglich" auf sichere Verbindungen per HTTPS wechseln, empfiehlt Apple. Das Unternehmen könnte die Verschlüsselung gar für die Aufnahme im App Store erzwingen. --------------------------------------------- http://www.golem.de/news/ios-und-os-x-apple-koennte-https-fuer-apps-erzwing… *** Schlag gegen internationale Bande von Cyber-Kriminellen in Europa *** --------------------------------------------- http://derstandard.at/2000017259662 *** N-Tron 702W Hard-Coded SSH and HTTPS Encryption Keys *** --------------------------------------------- This advisory provides mitigation details for hard-coded SSH and HTTPS encryption keys in the N-Tron 702-W Industrial Wireless Access Point device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-160-01 *** Sinapsi eSolar Light Plaintext Passwords Vulnerability *** --------------------------------------------- This advisory provides mitigation details for plain text passwords in the Sinapsi eSolar Light application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-160-02 *** Adobe, Microsoft Issue Critical Security Fixes *** --------------------------------------------- Adobe today released software updates to plug at least 13 security holes in its Flash Player software. Separately, Microsoft pushed out fixes for at least three dozen flaws .. --------------------------------------------- http://krebsonsecurity.com/2015/06/adobe-microsoft-issue-critical-security-… *** The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns *** --------------------------------------------- Kaspersky Lab uncovers Duqu 2.0 � a highly sophisticated malware platform exploiting up to three zero-day vulnerabilities. --------------------------------------------- http://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophist… *** Duqu 2.0 *** --------------------------------------------- In our full report, available at http://www.crysys.hu/duqu2/duqu2.pdf, we point out numerous similarities that we discovered between Duqu and Duqu 2.0, .. --------------------------------------------- http://blog.crysys.hu/2015/06/duqu-2-0/ *** Microsoft pusht HTTPS beim Internet Explorer und Edge-Webbrowser *** --------------------------------------------- Ab sofort sollen der Internet Explorer und Webbrowser von Windows 10 Edge das verschlüsselte Surfen über HTTPS vorantreiben. Dafür hat Microsoft jetzt Updates verteilt, die HSTS einführen. --------------------------------------------- http://heise.de/-2687051 *** Xen Security Advisory CVE-2015-3209 / XSA-135 *** --------------------------------------------- The QEMU security team has predisclosed the following advisory: pcnet_transmit loads a transmit-frame descriptor from the guest into the /tmd/ local variable to recover a length field, a status field and a guest-physical location of the associated .. --------------------------------------------- http://www.openwall.com/lists/oss-security/2015/06/10/3 *** Russische Hacker sollen hinter Cyber-Angriff auf TV-Sender stecken *** --------------------------------------------- Nicht – wie bisher angenommen – der Islamistischer Staat (IS), sondern russische Profi-Hacker sollen im April den Sendebetrieb von TV5 lahm gelegt haben. Die platzierte IS-Propaganda sei möglicherweise nur ein Täuschungsmanöver gewesen. --------------------------------------------- http://heise.de/-2687434

1 0

Tageszusammenfassung - Dienstag 9-06-2015
by Daily end-of-shift report 09 Jun '15

09 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 08-06-2015 18:00 − Dienstag 09-06-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Bug Bounties in Crosshairs of Proposed US Wassenaar Rules *** --------------------------------------------- Bug bounties and rewards programs provide researchers with a measure of income, and if the proposed Wassenaar rules are implemented in the U.S., that initiatives could be adversely impacted. --------------------------------------------- http://threatpost.com/bug-bounties-in-crosshairs-of-proposed-us-wassenaar-r… *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39210 http://tools.cisco.com/security/center/viewAlert.x?alertId=38883 http://tools.cisco.com/security/center/viewAlert.x?alertId=39233 http://tools.cisco.com/security/center/viewAlert.x?alertId=39192 *** Fast look at Sundown EK *** --------------------------------------------- Disclaimer : There is nothing worth a post there...except mentionning this EK is around. I would put that "kit" in the same .. --------------------------------------------- http://malware.dontneedcoffee.com/2015/06/fast-look-at-sundown-ek.html *** New Episode of Punkey PoS Malware Airs *** --------------------------------------------- Reruns from the 1980s are all the rage these days, and like the sitcom its based on, weve encountered a second run from the Punkey Point of Sale malware as part of an .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/New-Episode-of-Punkey-P… *** Website der US-Armee wegen Hackerangriffs vorübergehend stillgelegt *** --------------------------------------------- Wegen eines Hackerangriffs hat die US-Armee ihre Website vorübergehend stillgelegt. Nach der Entdeckung der Cyberattacke seien "geeignete Vorsichtsmaßnahmen" ergriffen .. --------------------------------------------- http://derstandard.at/2000017173834 *** Pin und Aktivierungssperre: Apple erhöht Sicherheit von iOS und der Apple Watch *** --------------------------------------------- Apple führt bei iOS 9 längere Pin-Codes ein, mit denen die mobilen Geräte vor unbefugtem Zugriff geschützt werden. Wer TouchID verwendet, muss ein sechsstelliges Kennwort eingeben und die Apple Watch erhält die geforderte Aktivierungssperre. --------------------------------------------- http://www.golem.de/news/pin-und-aktivierungssperre-apple-erhoeht-sicherhei… *** Amazon will SSL-Zertifizierungstelle werden *** --------------------------------------------- Amazons SSL-Zertifizierungstelle soll Server- und EV-Zertifikate ausstellen und sich dabei nicht auf Amazon-Kunden beschränken. --------------------------------------------- http://heise.de/-2683851 *** iOS: Schwachstelle in Apple Mail ermöglicht offenbar raffiniertes iCoud-Phishing *** --------------------------------------------- Ein Angreifer kann die Lücke nach Angabe eines Entwicklers dazu nutzen, den iCloud-Anmeldedialog zu imitieren, der öfters in iOS erscheint. Apple ist angeblich seit Monaten über das Problem informiert. --------------------------------------------- http://heise.de/-2684896 *** Security updates available for Adobe Flash Player (APSB15-11) *** --------------------------------------------- A Security Bulletin (APSB15-11) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1200 *** Asus schützt seine Router vor Exploit-Kit *** --------------------------------------------- Nachdem kürzlich ein Exploit-Kit aufgetaucht ist, dass über 50 Router-Modelle verschiedener Hersteller angreifen kann, hat Asus nun Firmware-Updates für 16 Router herausgebracht. --------------------------------------------- http://heise.de/-2684612 *** SweetCAPTCHA Service used to Distribute Adware *** --------------------------------------------- SweetCaptcha is free CAPTCHA service that offers to match sweet-looking images instead of making you recognize distorted digits and characters. It has integration with many website .. --------------------------------------------- https://blog.sucuri.net/2015/06/sweetcaptcha-service-used-to-distribute-adw…

1 0

Tageszusammenfassung - Montag 8-06-2015
by Daily end-of-shift report 08 Jun '15

08 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-06-2015 18:00 − Montag 08-06-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** �UnfriendAlert� wants your Facebook Credentials *** --------------------------------------------- For our first "PUP Friday" post, we talked about UnfriendAlert, a program that purports to notify users .. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/06/unfriendalert-wants-y… *** Changes in Oracle Database 12c password hashes *** --------------------------------------------- Oracle has made improvements to user password hashes within Oracle Database 12c. By using a PBKDF2-based SHA512 hashing algorithm, instead of simple SHA1 hash, password .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Changes-in-Oracle-Database-1… *** [Honeypot Alert] Fritz!Box � Remote Command Execution Exploit Attempt *** --------------------------------------------- Our web honeypots picked up some exploit attempts for a remote command execution vulnerability in FRITZ!Box, a series of routers produced by AVM. This exploit targets router .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/-Honeypot-Alert--Fritz!Box-%… *** Checking for BACNet devices inside corporate networks *** --------------------------------------------- Building automation Networks are very common today for intelligent buildings. They interconnect several type of devices like escalators, elevators, power circuits, heating, ventilating and air conditioning (HVAC) to the main control .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19771 *** Insider vs. Outsider Threats: Identify and Prevent *** --------------------------------------------- In my last article, we discussed on a step-by-step approach on APT attacks. The origin of any kind of cyber-attack is through an external or an internal source. Multiple sophisticated insider attacks resulted in the exfiltration of .. --------------------------------------------- http://resources.infosecinstitute.com/insider-vs-outsider-threats-identify-… *** Antiquated environment and bad security practices aided OPM hackers *** --------------------------------------------- By now, youve all heard about the massive breach at the US Office of Personnel Managements (OPM), and that the attackers have accessed (and likely made off with) personal information .. --------------------------------------------- http://www.net-security.org/secworld.php?id=18484 *** Plex verschl�sselt Verbindung zur eigenen Medienzentrale *** --------------------------------------------- Den bisher größte Einsatz von Sicherheitszertifikaten heftet sich die Medienzentrale Plex auf die eigenen Fahnen. In einer Kooperation mit DigiCert bekommen sämtliche Nutzer der Software ein kostenloses SSL/TLS-Zertifikat für ihren Server ausgestellt. --------------------------------------------- http://derstandard.at/2000017144835 *** DSA-3281 - Debian Security Team PGP/GPG key change notice *** --------------------------------------------- This is a notice that the Debian Security Team has changed its PGP/GPGcontact key because of a periodic regular key rollover. --------------------------------------------- https://www.debian.org/security/2015/dsa-3281 *** Matryoshka dolls: analysing a packer for CTB locker *** --------------------------------------------- We recently encountered a phishing campaign distributing CTB locker. Victims were sent an e-mail that appeared to be from a Dutch webshop, with the e-mail describing a Fifa15 order for Playstation 3. While no one uses PS3 anymore , there were users who .. --------------------------------------------- https://www.dearbytes.com/en/nieuws/matroesjka-poppen-ctb-locker/ *** Raub im Zug: Datendiebstahl - ganz analog *** --------------------------------------------- Banden stehlen Handys und Laptops von Managern, um die Besitzer oder deren Firmen mit den erbeuteten Daten zu erpressen. --------------------------------------------- http://www.golem.de/news/raub-im-zug-datendiebstahl-ganz-analog-1506-114530… *** Malware zapft Kreditkartendaten von Oracle-Kassensystemen ab *** --------------------------------------------- Ein weiterer Schädling nistet sich in Point-of-Sales-Terminals ein und kopiert die Daten ahnungsloser Kreditkarten-Nutzer. MalaumPOS hat es auf ein weit verbreitetes Kassensystem von Oracle abgesehen. --------------------------------------------- http://heise.de/-2680638 *** Bugtraq: strongswan security update *** --------------------------------------------- Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links. When an IKEv2 client authenticates the server with certificates and the client authenticates itself to the server using pre-shared key or EAP, the constraints on the .. --------------------------------------------- http://www.securityfocus.com/archive/1/535708 *** Zeus Isn�t Dead, New Version Evades All Antivirus Detection Tools *** --------------------------------------------- The venerable Zeus banking Trojan has been killed off many times; disappearing from the global Internet time and time again only to reappear with new modifications designed .. --------------------------------------------- http://www.pcrisk.com/internet-threat-news/9068-zeus-evades-all-antivirus-d… *** Many Drug Pumps Open to Variety of Security Flaws *** --------------------------------------------- In April, a security researcher disclosed a litany of severe vulnerabilities in the PCA3 drug-infusion pump manufactured by a company named Hospira. He went so far as to .. --------------------------------------------- http://threatpost.com/many-drug-pumps-open-to-variety-of-security-flaws/113…

1 0

Tageszusammenfassung - Freitag 5-06-2015
by Daily end-of-shift report 05 Jun '15

05 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-06-2015 18:00 − Freitag 05-06-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Zero-Day Disclosed in Unity Web Player *** --------------------------------------------- A zero-day vulnerability has been disclosed in the popular Unity Web Player browser plugin. The flaw allows an attacker crossdomain access to websites and services using the victims credentials. --------------------------------------------- http://threatpost.com/zero-day-disclosed-in-unity-web-player/113124 *** PCI Council releases PA-DSS 3.1, nixes SSL, early TLS *** --------------------------------------------- The PCI Security Standards Council revisions to PA-DSS addresses SSL vulnerabilities. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/Ybnmzlufdo4/ *** Embedded: Geldautomaten sollen von XP auf Windows 10 updaten *** --------------------------------------------- Die Branchenorganisation ATM Industry Association ruft die Hersteller dazu auf, bei Geldautomaten Windows 8 und 8.1. zu überspringen. Auf Windows XP ausruhen sollen sie sich nicht. --------------------------------------------- http://www.golem.de/news/embedded-geldautomaten-sollen-von-xp-auf-windows-1… *** ICS Amsterdam 2015 *** --------------------------------------------- SANS ICS Amsterdam 2015 hosts five dedicated training courses for those tasked with securing Industrial Control Systems as well as a two day ICS Security Summit. This specialist training event takes place at the Radisson Blue Amsterdam, from September 22nd - 28th. --------------------------------------------- https://www.sans.org/event/ics-amsterdam-2015 *** Critical vulnerabilities in JSON Web Token libraries *** --------------------------------------------- Great. So, what's wrong with that? ... Meet the "none" algorithm. --------------------------------------------- http://ab0files.com/critical-vulnerabilities-in-json-web-token-libraries *** Achtung: Offene Intranets verraten zu viel *** --------------------------------------------- Viele Organisationen haben ein eigenes Intranet. Manche stellen versehentlich vertrauliche Dokumente online, die über Google auffindbar sind. Wir haben uns per Google Beispiele herausgepickt. --------------------------------------------- http://heise.de/-2680058 *** Asprox / Kuluoz Botnet Analysis *** --------------------------------------------- Introduction Kuluoz, aka Asprox, is a spam botnet that emerged in 2007. It has been known for sending mass of phishing emails used in conjunction with social engineering lures (e.g. booking confirmations, postal-themed spam, etc.) This article presents a view on the malware and its capabilities, how it communicates with the CnC, encryption schemes used,... --------------------------------------------- http://resources.infosecinstitute.com/asprox-kuluoz-botnet-analysis/ *** WLAN-Trick soll Apple-Pay-Nutzern Kreditkartendaten entlocken *** --------------------------------------------- Angreifer können die automatische WLAN-Verbindungsaufnahme von iOS dazu nutzen, um mit einem manipulierten Apple-Pay-Dialog auf Kreditkartenfang zu gehen, warnt eine Sicherheitsfirma. --------------------------------------------- http://heise.de/-2680369 *** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us *** McAfee ePolicy Orchestrator SSL/TLS spoofing *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/103610 *** Vulnerabilities in Cisco Products *** --------------------------------------------- *** Cisco FireSIGHT Management Center XSS and HTML Injection Vulnerabilities *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39171 *** Cisco ONS 15454 System Software Denial of Service Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39172 *** Cisco Edge 340 Privilege Escalation Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39187 *** Cisco TelePresence SX20 HTTP Response Splitting Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39210 *** XZERES 442SR Wind Turbine CSRF Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a cross-site request forgery vulnerability in XZERES's 442SR turbine generator operating system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-155-01 *** Bugtraq: CA20150604-01: Security Notice for CA Common Services *** --------------------------------------------- http://www.securityfocus.com/archive/1/535684

1 0

Tageszusammenfassung - Mittwoch 3-06-2015
by Daily end-of-shift report 03 Jun '15

03 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-06-2015 18:00 − Mittwoch 03-06-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Your Website Hacked but No Signs of Infection *** --------------------------------------------- Imagine for a moment, you have a suspicion that you have somehow been hacked. You see that something is off, but you feel as if you are missing something. This is the emotionally draining world that many live in, with a paranoia and concern that grips you once you see and recognize that something is not right. --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/0D6hUcbKq34/your-website-hack… *** Holy SSH-it! Microsoft promises secure logins for Windows PowerShell *** --------------------------------------------- Now that the door has hit Ballmer on the way out, OpenSSH support is go Microsoft has finally decided to add support for SSH to PowerShell, allowing people to log into Windows systems and use software remotely over an encrypted connection. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/06/02/openssh_win… *** Bug des Tages: Skype hat eine "SMS des Todes" *** --------------------------------------------- Sending the characters "http://:" (without the quotes) crashes Skype, and receiving a message with those characters makes it crash any time you try to sign in again. --------------------------------------------- http://blog.fefe.de/?ts=ab900965 *** Good Patch Management Is Crucial to Cybersecurity in ICS *** --------------------------------------------- A good cybersecurity strategy for industrial control systems (ICS) must include both a systematic approach to patch management and compensating cybersecurity controls for when patching is not an option. Patch management resolves bugs, operability, reliability,... --------------------------------------------- http://feedproxy.google.com/~r/PaloAltoNetworks/~3/tK1mqdG1qkA/ *** IoT Devices Hosted On Vulnerable Clouds In Bad Neighborhoods *** --------------------------------------------- OpenDNS report finds that organizations may be more susceptible to Internet of Things devices than they realize. --------------------------------------------- http://www.darkreading.com/cloud/iot-devices-hosted-on-vulnerable-clouds-in… *** Mass break-in: researchers catch 22 more routers for the SOHOpeless list *** --------------------------------------------- A business model ripe for the bin Yet another disclosure tips 22 SOHO routers in the security bin, with everything from privilege escalation and authentication bypass to hard-coded credential backdoors. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/06/03/mass_breaki… *** Piwik: Unberechtigte können Webseiten-Statistiken abrufen *** --------------------------------------------- Installationen der Google-Analytics-Alternative Piwik sind häufig nicht korrekt konfiguriert und Dritte können ohne viel Aufwand Abrufstatistiken einsehen und sogar herunterladen. --------------------------------------------- http://heise.de/-2678572 *** SSH: Sechs Jahre alter Bug bedroht Github-Repositories *** --------------------------------------------- Ein Debian-Bug aus dem Jahr 2008 hinterlässt immer noch Spuren. Eine Analyse der öffentlichen SSH-Schlüssel bei Github zeigt: Mittels angreifbarer Schlüssel hätten Angreifer die Repositories von Projekten wie Python und Firmen wie Spotify oder Yandex manipulieren können. --------------------------------------------- http://www.golem.de/news/ssh-sechs-jahre-alter-bug-bedroht-github-repositor… *** Emergency Security Band-Aids with Systemtap *** --------------------------------------------- Software security vulnerabilities are a fact of life. So is the subsequent publicity, package updates, and suffering service restarts. Administrators are used to it, and users bear it, and it's a default and traditional method. On the other hand, in... --------------------------------------------- https://securityblog.redhat.com/2015/06/03/emergency-security-band-aids-wit… *** Krypto-Trojaner überlegt es sich anders und entschlüsselt alles wieder *** --------------------------------------------- Der Erpressungs-Trojaner Locker ist erst seit wenigen Tagen im Umlauf. Und schon ist seine Karriere wieder vorbei: Er hat vergangenen Dienstag den Befehl erhalten, alle verschlüsselten Dateien wiederherzustellen. --------------------------------------------- http://heise.de/-2678669 *** Hackers Scan All Tor Hidden Services To Find Weaknesses In The Dark Web *** --------------------------------------------- If you go down to the deep web today, you'll be following hot on the heels of a digital beast. In a matter of hours last week, the entire semi-anonymising Tor network, where activists and criminals alike try to hide from the gaze of their respective authorities, was traversed by PunkSPIDER, an automated scanner that pokes websites to uncover vulnerabilities. --------------------------------------------- http://www.forbes.com/sites/thomasbrewster/2015/06/01/dark-web-vulnerabilit… *** DSA-3277 wireshark - security update *** --------------------------------------------- Multiple vulnerabilities were discovered in the dissectors/parsers forLBMR, web sockets, WCP, X11, IEEE 802.11 and Android Logcat, which couldresult in denial of service. --------------------------------------------- https://www.debian.org/security/2015/dsa-3277 *** Vulnerabilities in Cisco Products *** --------------------------------------------- *** Cisco Unified MeetingPlace Microsoft Outlook Reflected Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39161 *** Cisco Unified MeetingPlace Session ID Information Disclosure Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39162 *** Cisco AnyConnect Secure Mobility Client Privilege Escalation Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39158 *** Cisco Adaptive Security Appliance XAUTH Bypass Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39157 *** Cisco Unified MeetingPlace Arbitrary File Download Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39163 *** Beckwith Electric TCP Initial Sequence Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a TCP initial sequence numbers vulnerability in multiple Beckwith Electric products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-153-01 *** Moxa SoftCMS Buffer Overflow Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a buffer overflow vulnerability in the Moxa SoftCMS software package. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-153-02 *** [HTB23258]: Local PHP File Inclusion in ResourceSpace *** --------------------------------------------- Product: ResourceSpace v7.1.6513Vulnerability Type: PHP File Inclusion [CWE-98]Risk level: High Creater: Montala LimitedAdvisory Publication: May 6, 2015 [without technical details]Public Disclosure: June 3, 2015 CVE Reference: CVE-2015-3648 CVSSv2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) Vulnerability Details: High-Tech Bridge Security Research Lab discovered vulnerability in ResourceSpace, which can be exploited to include arbitrary local PHP file, execute PHP code, and compromise --------------------------------------------- https://www.htbridge.com/advisory/HTB23258 *** USN-2626-1: Qt vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-2626-13rd June, 2015qt4-x11, qtbase-opensource-src vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryQt could be made to crash or run programs as your login if it opened aspecially crafted file.Software description qt4-x11 - Qt 4 libraries qtbase-opensource-src - Qt 5 libraries DetailsWolfgang Schenk discovered that Qt incorrectly handled certain malformedGIF... --------------------------------------------- http://www.ubuntu.com/usn/usn-2626-1/ Next End-of-Shift report on 2015-06-05

1 0

Tageszusammenfassung - Dienstag 2-06-2015
by Daily end-of-shift report 02 Jun '15

02 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 01-06-2015 18:00 − Dienstag 02-06-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Understanding Flash Exploitation and the Alleged CVE-2015-0359 Exploit *** --------------------------------------------- What follows is a detailed analysis of the root cause of a vulnerability we call CVE-2015-X, as well as a step-by-step explanation of how to trigger it. For more on Flash vulnerabilities, we also invite you... --------------------------------------------- http://feedproxy.google.com/~r/PaloAltoNetworks/~3/JsuXUOWrYYM/ *** DYRE Banking Malware Upsurges; Europe and North America Most Affected *** --------------------------------------------- Online banking users in Europe and North America are experiencing the upsurge of DYRE, a malware family notorious for the multiple ways it steals data and its ties to parcel mule scams, among others. There has been a 125% increase of DYRE-related infections worldwide this quarter compared to the last, proving that cybercriminal interest in... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/HyDW9pkWWws/ *** Malvertising infected millions of users in 2015 *** --------------------------------------------- New research from Malwarebytes has found that malvertising is one of the primary infection vectors used to reach millions of consumers this year. The analysis looked at the three large scale zero-... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/9go1s-jFKtc/malware_news.… *** Playing with IP Reputation with Dshield & OSSEC *** --------------------------------------------- [This blogpost has also been published as a guest diary on isc.sans.org] When investigating incidents or searching for malicious activity in your logs, IP reputation is a nice way to increase the reliability of generated alerts. It can help to prioritize incidents. Let's take an example with a WordPress blog. It will, sooner or later, be targeted by a brute-force attack on the default /wp-admin page. In... --------------------------------------------- http://blog.rootshell.be/2015/06/02/playing-with-ip-reputation-with-dshield… *** Bugtraq: WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/535663 *** Red Hat JBoss Fuse and A-MQ XML External Entity Processing Flaw Lets Remote Users Obtain Potentially Sensitive Files *** --------------------------------------------- http://www.securitytracker.com/id/1032442 *** Xen Security Advisories XSA-128, XSA-129, XSA-130, XSA-131 *** --------------------------------------------- Potential unintended writes to host MSI message data field via qemu, PCI MSI mask bits inadvertently exposed to guests, Guest triggerable qemu MSI-X pass-through error messages, Unmediated PCI register access in qemu --------------------------------------------- http://xenbits.xen.org/xsa/ *** USN-2625-1: Apache HTTP Server update *** --------------------------------------------- Ubuntu Security Notice USN-2625-12nd June, 2015apache2 updateA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTSSummarySeveral security improvements have been made to the Apache HTTP Server.Software description apache2 - Apache HTTP server DetailsAs a security improvement, this update makes the following changes tothe Apache package in Ubuntu 12.04 LTS:Added support for ECC keys and ECDH ciphers.The SSLProtocol configuration directive now allows specifying --------------------------------------------- http://www.ubuntu.com/usn/usn-2625-1/ *** USN-2624-1: OpenSSL update *** --------------------------------------------- Ubuntu Security Notice USN-2624-11st June, 2015openssl updateA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryThe export cipher suites have been disabled in OpenSSL.Software description openssl - Secure Socket Layer (SSL) cryptographic library and tools DetailsAs a security improvement, this update removes the export cipher suitesfrom the default cipher list to prevent their use in possible --------------------------------------------- http://www.ubuntu.com/usn/usn-2624-1/ *** Cisco Headend Digital Broadband Delivery System Cross-Site Request Forgery Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39133 *** HPSBGN03269 rev.2 - HP StoreAll OS, Remote Code Execution *** --------------------------------------------- A potential security vulnerability has been identified with HP StoreAll OS. This is the GNU C Library (glibc) vulnerability known as "GHOST" which could be exploited remotely resulting in execution of code. --------------------------------------------- https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04599438 *** PCRE Heap Overflow in Regex Processing Lets Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1032453

1 0

Tageszusammenfassung - Montag 1-06-2015
by Daily end-of-shift report 01 Jun '15

01 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 29-05-2015 18:00 − Montag 01-06-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Which malware lures work best? *** --------------------------------------------- More often than not, malware peddlers main goal is to deliver their malicious wares to the maximum number of users possible. Choosing the right lure is crucial to achieving that goal. Two researc... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/SXwL_z3NcUM/malware_news.… *** New Android NFC Attack Could Steal Money From Credit Cards Anytime Your Phone Is Near *** --------------------------------------------- Your NFC capable Android smartphone could be the newest weapon hackers use to steal money from the credit cards in your pocket, researchers find. In a presentation at Hack In The Box Security Conference in Amsterdam, security researchers Ricardo J. Rodriguez and Jose Vila presented a demo of a real world attack, to which all NFC capable Android phones are vulnerable. This attack, delivered through poisoned apps, exploits the NFC feature allowing unethical hackers to steal money from... --------------------------------------------- http://www.idigitaltimes.com/new-android-nfc-attack-could-steal-money-credi… *** Crypto flaws in Blockchain Android app sent Bitcoins to the wrong address *** --------------------------------------------- A comedy of programming errors could prove catastrophic for affected users. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/9dMUjIT6yyo/ *** HITB Amsterdam Wrap-Up Day #2 *** --------------------------------------------- I left Amsterdam after the closing keynote and I just arrived at home. This is my quick wrap-up for the second day of Hack in the Box! The second keynote was presented by John Matherly: "The return of the Dragons". John is the guy behind Shodan, the popular devices search engine. Shodan started because Nmap was not designed to scan the whole Internet. With Shodan, Stateless... --------------------------------------------- http://blog.rootshell.be/2015/05/29/hitb-amsterdam-wrap-up-day-2-2/ *** Adventures in Social Engineering: The Evil Reference *** --------------------------------------------- I recently completed a social engineering gig targeting four bank locations. After a phone call and a few e-mails, I was able to grab some victims NTLMv2 domain hashed credentials. The Approach I developed a fictitious persona to help me... --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Adventures-in-Social-En… *** Locker Ransomware Author Allegedly Releases Database Dump of Private Keys *** --------------------------------------------- Allegedly, the author of the "Locker" ransomware has uploaded a dump of the C2 server database, releasing private keys of infected hosts to the public. Allegedly, the author of the "Locker" ransomware has uploaded a dump of the C2 server database, releasing private keys of infected hosts worldwide to the public. The "author" claims that... --------------------------------------------- http://securityaffairs.co/wordpress/37346/cyber-crime/locker-ransomware-db-… *** Malware Evolution Calls for Actor Attribution? *** --------------------------------------------- What makes one novel strain of malicious software more dangerous or noteworthy than another? Is it the sheer capability and feature set of the new malware, or are these qualities meaningless without also considering the skills, intentions and ingenuity of the person wielding it? Most experts probably would say it's important to consider attribution insofar as it is knowable, but it's remarkable how seldom companies that regularly publish reports on the latest criminal innovations go... --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/8rYlMnG_kmU/ *** Intelligente Städte: "Smart wäre, wenn man den ganzen Quatsch lassen würde" *** --------------------------------------------- Der White-Hat-Hacker Felix Lindner ist entsetzt, wie wenig Wert Politik und Industrie auf den Schutz der digital vernetzten Stadt vor Cyberattacken legen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Intelligente-Staedte-Smart-waere-wen… *** Researchers discover hidden shell in Hola VPN software *** --------------------------------------------- Hola, an Israeli company that develops a browser plug-in promoted heavily as a means to bypass region locks on Web-based content and anonymous surfing, faced a considerable amount of backlash last week - after it was discovered they were selling access to their users connections in what one researcher called "a poorly secured botnet."On Friday, 24-hours after the quasi-botnet operation was disclosed, a group of researchers released details on a number of critical vulnerabilities in... --------------------------------------------- http://www.csoonline.com/article/2929192/data-protection/researchers-discov… *** Unzählige Apps speichern private Daten unsicher in der Cloud *** --------------------------------------------- Auf den Cloud-Servern von Apple und Co. schlummern 56 Millionen nicht optimal geschützte Datensätze. Angreifer könnten vergleichsweise einfach Fotos, Adressdaten und weitere Infos abgreifen. --------------------------------------------- http://heise.de/-2671988 *** Blue Coat: SSL Visibility Appliance web based vulnerabilities, (Sun, May 31st) *** --------------------------------------------- Blue Coat has released a security advisory for SSL Visibility Appliance. The SSL Visibility Appliance is susceptible to multiple web-based vulnerabilities in the administration console. A remote attacker can use these vulnerabilities to obtain administrative access to the SSL Visibility Appliance. All versions of SSL Visibility prior to 3.8.4 are vulnerable. The vulnerabilities exist in the WebUI are: Cross-Site Request Forgery (CVE-2015-2852): Cross-site request forgery (CSRF) vulnerability... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19749&rss *** JSA10681 - 2015-05 Out of Cycle Security Bulletin: "Logjam" passive attack on sub-1024 DH groups, and active downgrade attack of TLS to DHE_EXPORT (CVE-2015-4000) *** --------------------------------------------- Affected Products: Junos OS (XNM-SSL)*, WXOS --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10681&actp=RSS *** Vulnerabilities in Cisco Products *** --------------------------------------------- *** Cisco Headend Digital Broadband Delivery System HTTP Response-Splitting Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=38863 *** Cisco Conductor for Videoscape and Cisco Headend System Release HTTP Injection Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=38945 *** Cisco Headend System Release Archive File Download Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=38944 *** Cisco Headend System Release UDP TFTP and DHCP Denial of Service Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=38938 *** Cisco Unified MeetingPlace XML Processing Information Disclosure Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39130 *** Multiple Cisco Products TCP Flood Denial of Service Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=38943 *** Security Advisory: cURL and libcurl vulnerability CVE-2015-3148 *** --------------------------------------------- (SOL16707) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/16000/700/sol16707.htm… *** Security Advisory: cURL and libcurl vulnerability CVE-2015-3143 *** --------------------------------------------- (SOL16704) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/16000/700/sol16704.htm… *** Novell Messenger 3.0 Support Pack 1 *** --------------------------------------------- Abstract: Novell Messenger 3.0 Support Pack 1 has been released. Please be aware that there are security fixes to Messengers server and client components (see the change log below and the Readme documentation on the web). It is recommended that they are updated on an expedited basis.Document ID: 5211030Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:consoleone1.3.6h_windows.zip (46.82 MB)nm301_full_linux_multi.tar.gz (269.53 MB)nm301_client_mac_multi.zip (40.61 --------------------------------------------- https://download.novell.com/Download?buildid=j6RbJAJrtC4~ *** IDM 4.5 MSGW Driver 4.0.1.0 *** --------------------------------------------- Abstract: This is a patch for the Managed System Gateway Driver (MSGW) for Identity Manager. It installs on Identity Manager version 4.5 but can be used on IDM 4.0.2. The version of this driver is 4.0.1.0Document ID: 5211010Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:IDM45_MSGW_4010.zip (4.68 MB)Products:Identity Manager 4.0.2Identity Manager 4.5Superceded Patches:IDM 4.0.2 MSGW Driver Version 4.0.0.6 --------------------------------------------- https://download.novell.com/Download?buildid=UQgGwYtht9c~ *** PHP Integer Overflows Let Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1032433 *** PHP Multipart POST Request Processing Flaw Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1032432 *** PHP Functions That Permit Null Characters in Path Values May Let Remote Users Bypass Access Controls *** --------------------------------------------- http://www.securitytracker.com/id/1032431 *** Security Notice - Statement on Security Researchers Revealing Security Vulnerabilities in Huawei SOHO Products on Packet Storm Website *** --------------------------------------------- May 30, 2015 17:23 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** Huawei Wimax CPE Bm632w Hidden Backdoor *** --------------------------------------------- Topic: Huawei Wimax CPE Bm632w Hidden Backdoor Risk: High Text:Exploit Title : Huawei Wimax CPE Bm632w Hidden Backdoor Date : 30 May 2015 Exploit Author : Koorosh Ghorbani Site : http://8... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015050183 *** Security Notice - Statement on Security Researchers Revealing Security Vulnerability in Huawei CPE Products on cxsecurity Website *** --------------------------------------------- Jun 01, 2015 14:48 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** DSA-3275 fusionforge - security update *** --------------------------------------------- Ansgar Burchardt discovered that the Git plugin for FusionForge, aweb-based project-management and collaboration software, does notsufficiently validate user provided input as parameter to the method tocreate secondary Git repositories. A remote attacker can use this flawto execute arbitrary code as root via a specially crafted URL. --------------------------------------------- https://www.debian.org/security/2015/dsa-3275 *** DSA-3276 symfony - security update *** --------------------------------------------- Jakub Zalas discovered that Symfony, a framework to create websites andweb applications, was vulnerable to restriction bypass. It wasaffecting applications with ESI or SSI support enabled, that use theFragmentListener. A malicious user could call any controller via the/_fragment path by providing an invalid hash in the URL (or removingit), bypassing URL signing and security rules. --------------------------------------------- https://www.debian.org/security/2015/dsa-3276 *** ESC 8832 Data Controller Session Hijacking *** --------------------------------------------- Topic: ESC 8832 Data Controller Session Hijacking Risk: Medium Text:=begin # Exploit Title: ESC 8832 Data Controller multiple vulnerabilities # Date: 2014-05-29 # Platform: SCADA / Web Applica... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015050181

1 0

Tageszusammenfassung - Freitag 29-05-2015
by Daily end-of-shift report 29 May '15

29 May '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 28-05-2015 18:00 − Freitag 29-05-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** The Empire Strikes Back Apple - how your Mac firmware security is completely broken *** --------------------------------------------- [...] What is that hole after all? Is Dark Jedi hard to achieve on Macs? No, it's extremely easy because Apple does all the dirty work for you. What the hell am I talking about? Well, Apple's S3 suspend-resume implementation is so f*cked up that they will leave the flash protections unlocked after a suspend-resume cycle. --------------------------------------------- https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-ma… *** HITB Amsterdam Wrap-Up Day #1 *** --------------------------------------------- The HITB crew is back in the beautiful city of Amsterdam for a new edition of their security conference. Here is my wrap-up for the first day! The opening keynote was assigned to Marcia Hofmann who worked for the EFF (the Electronic Frontier Foundation). Her keynote title was: "Fighting for Internet Security in the New Crypto Wars". EFF always fight for more privacy and she reviewed the history of encryption and... --------------------------------------------- http://blog.rootshell.be/2015/05/28/hitb-amsterdam-wrap-up-day-1-2/ *** Sicherheitslücken: Fehler in der Browser-Logik *** --------------------------------------------- Mit relativ simplen Methoden ist es dem 18-jährigen Webentwickler Bas Venis gelungen, schwerwiegende Sicherheitslücken im Chrome-Browser und im Flash-Plugin aufzudecken. Er ruft andere dazu auf, nach Bugs in der Logik von Browsern zu suchen. --------------------------------------------- http://www.golem.de/news/sicherheitsluecken-fehler-in-der-browser-logik-150… *** Tor: Hidden Services leichter zu deanonymisieren *** --------------------------------------------- Das Tor-Protokoll erlaubt es Angreifern relativ einfach, die Kontrolle über die Verzeichnisserver sogenannter Hidden Services zu erlangen. Dadurch ist die Deanonymisierung von Traffic deutlich einfacher als beim Zugriff auf normale Webseiten. --------------------------------------------- http://www.golem.de/news/tor-hidden-services-leichter-zu-deanonymisieren-15… *** Crypto flaws in Blockchain Android app sent Bitcoins to the wrong address *** --------------------------------------------- A comedy of programming errors could prove catastrophic for affected users. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/9dMUjIT6yyo/ *** ZyXEL schützt seine Router vor NetUSB-Lücke *** --------------------------------------------- Mit Sicherheits-Updates schließt der Netzwerkausrüster ZyXEL die kritische NetUSB-Lücke in allen betroffenen Modellen. --------------------------------------------- http://heise.de/-2671364 *** Lessons learned from Flame, three years later *** --------------------------------------------- Three years ago, on May 28th 2012, we announced the discovery of a malware known as Flame. Since that, we reported on many other advanced malware platform. Looking back at the discovery of Flame, here are some lessons we learned. --------------------------------------------- http://securelist.com/blog/opinions/70149/lessons-learned-from-flame-three-… *** Phishing Gang is Audacious Manipulator *** --------------------------------------------- Cybercriminals who specialize in phishing -- or tricking people into giving up usernames and passwords at fake bank and ecommerce sites -- arent generally considered the most sophisticated crooks, but occasionally they do exhibit creativity and chutzpah. Thats most definitely the case with a phishing gang that calls itself the "Manipulaters Team", whose Web site boasts that it specializes in brand research and development. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/qKqrwDK8oQ8/ *** A Drafty House: Analysis of the Current Use of AWS EC2 Security Groups *** --------------------------------------------- After a very confusing set of results from a survey we ran and exploring the new world of threat detection and incident response in AWS, we decided to go out and do a little research to see how the world was faring with the new security features in Amazon AWS. In short, we can safely say there is a good chunk of the EC2 users who left their front door open (actually with this analogy they also left their back door, side window, and garage open). Our analysis showed that users are: Using... --------------------------------------------- https://feeds.feedblitz.com/~/93538286/0/alienvault-blogs~A-Drafty-House-An… *** Stegosploit hides malicious code in images, this is the future of online attacks *** --------------------------------------------- Stegosploit is the technique developed by the security researcher Saumil Shah that allows an attacker to embed executable JavaScript code within an image. The security researcher Saumil Shah from Net Square security has presented at Hack In The Box conference in Amsterdam his Stegosploit project which allows an attacker to embed executable JavaScript code within an... --------------------------------------------- http://securityaffairs.co/wordpress/37302/hacking/stegosploit-malware-image… *** Statistics on botnet-assisted DDoS attacks in Q1 2015 *** --------------------------------------------- One popular DDoS scenario is a botnet-assisted attack. In Q1 2015, 23,095 botnet-assisted DDoS attacks were reported. These statistics refer to those botnets which were detected and analyzed by Kaspersky Lab. --------------------------------------------- http://securelist.com/blog/research/70071/statistics-on-botnet-assisted-ddo… *** Linux Kernel __driver_rfc4106_decrypt() Buffer Overflow May Let Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1032416 *** Pivotal Cloud Foundry directory traversal *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/103449 *** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us *** IBM Cognos Business Intelligence Developer 10.2.1 (backURL) Open Redirect *** --------------------------------------------- Input passed via the backURL GET parameter in /p2pd/servlet/dispatch is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5244.php *** DSA-3274 virtualbox - security update *** --------------------------------------------- Jason Geffner discovered a buffer overflow in the emulated floppydisk drive, resulting in potential privilege escalation. --------------------------------------------- https://www.debian.org/security/2015/dsa-3274 *** IDS RTU 850 Directory Traversal Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a directory traversal vulnerability in IDS RTU 850C. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-148-01 *** Security Notice - Statement on Security Researchers Revealing Security Issues on Huawei Products in HITB SecConf *** --------------------------------------------- May 29, 2015 17:47 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** Security Notice-Statement on the Wooyun-disclosed XSS Vulnerability in Huawei Smartphone Browser *** --------------------------------------------- May 29, 2015 17:43 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=36740 *** HPSBGN03332 rev.1 - HP Operations Analytics running SSLv3, Remote Denial of Service (DoS), Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified in HP Operations Analytics running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. --------------------------------------------- https://h20566.www2.hp.com/hpsc/doc/public/display?ac.admitted=143290405142… *** HPSBMU03267 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information *** --------------------------------------------- Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. --------------------------------------------- https://h20566.www2.hp.com/hpsc/doc/public/display?ac.admitted=143290406517… *** HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Information *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. --------------------------------------------- https://h20566.www2.hp.com/hpsc/doc/public/display?ac.admitted=143290408721… *** HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Systems Insight Manager running OpenSSL on Linux and Windows. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. --------------------------------------------- https://h20566.www2.hp.com/hpsc/doc/public/display?ac.admitted=143290410464…

1 0

Tageszusammenfassung - Donnerstag 28-05-2015
by Daily end-of-shift report 28 May '15

28 May '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 27-05-2015 18:00 − Donnerstag 28-05-2015 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39012 http://tools.cisco.com/security/center/viewAlert.x?alertId=39013 http://tools.cisco.com/security/center/viewAlert.x?alertId=39015 http://tools.cisco.com/security/center/viewAlert.x?alertId=38349 http://tools.cisco.com/security/center/viewAlert.x?alertId=39041 http://tools.cisco.com/security/center/viewAlert.x?alertId=39042 *** Microsoft to Detect Search Protection Code as Malware *** --------------------------------------------- Microsoft security products will begin detecting software containing search protection functions and classifying it as malicious on June 1. --------------------------------------------- http://threatpost.com/microsoft-to-detect-search-protection-code-as-malware… *** ZDI-15-246: (0Day) Wavelink Emulation ConnectPro TermProxy WLTermProxyService.exe HTTP Request Headers Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wavelink Emulation ConnectPro TermProxy. User interaction is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-246/ *** ZDI-15-245: (0Day) Wavelink Emulation License Server LicenseServer.exe HTTP Request Headers Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wavelink Emulation License Server. User interaction is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-245/ *** Ransomware threat Locker has sleeper component *** --------------------------------------------- KnowBe4 is alerting IT managers to be vigilant of a new ransomware threat that leverages a sleeper function. --------------------------------------------- http://www.scmagazine.com/alert-warns-it-managers-of-locker-ransomware/arti… *** Apple iOS Notification Processing Flaw Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1032408 *** Angler exploit kit pushing CryptoWall 3.0, (Thu, May 28th) *** --------------------------------------------- In the past two days, Ive infected two hosts from Angler exploit kit (EK) domains at 216.245.213.0/24. Both hosts were infected with CryptoWall 3.0 ransomware using the same bitcoin address for the ransom payment: 16Z6sidfLrfNoxJNu4qM5zhRttJEUD3XoB On Tuesday, 2015-05-26 at 15:17 UTC, .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19737 *** APPLE-SA-2015-05-27-1 OS X: Flash Player plug-in blocked *** --------------------------------------------- http://prod.lists.apple.com/archives/security-announce/2015/May/msg00002.ht… *** Splunk Enterprise 6.1.8, 6.0.9, and 5.0.13 address multiple vulnerabilities *** --------------------------------------------- Splunk Enterprise 6.1.8, 6.0.9, and 5.0.13 address multiple vulnerabilities Multiple vulnerabilities in OpenSSL versions before 1.0.1m and 0.9.8zf (SPL-98351) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on .. --------------------------------------------- http://www.splunk.com/view/SP-CAAAN4P *** Grabit and the RATs *** --------------------------------------------- Not so long ago, Kaspersky clients in the United States approached Kaspersky researchers with a request to investigate a new type of malicious software that they were able to recover from their organizations' servers. The malware calls itself Grabit. --------------------------------------------- http://securelist.com/blog/research/70087/grabit-and-the-rats/ *** Trend Micro Discovers Apache Cordova Vulnerability that Allows One-Click Modification of Android Apps *** --------------------------------------------- We've discovered a vulnerability in the Apache Cordova app framework that allows attackers to modify the behavior of apps just by clicking a URL. The extent of the modifications can range from causing nuisance for app users to crashing the .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-disc… *** SAP HANA Log Injection *** --------------------------------------------- Under certain conditions the SAP HANA XS engine is vulnerable to arbitrary log injection, allowing remote authenticated attackers to write arbitrary information in log files. This could be .. --------------------------------------------- http://cxsecurity.com/issue/WLB-2015050172 *** SAP HANA Information Disclosure *** --------------------------------------------- Under certain conditions some SAP HANA Database commands could be abused by a remote authenticated attacker to access information which is restricted. This could be used to gain access .. --------------------------------------------- http://cxsecurity.com/issue/WLB-2015050171 *** SOPHOS WAF JSON Filter Bypass *** --------------------------------------------- Topic: SOPHOS WAF JSON Filter Bypass Risk: Low Text:SECURITYLABS INTELLIGENT RESEARCH - SECURITY ADVISORY http://www.securitylabs.com.br/ ADVISORY/0115 - SOPHOS WAF (WEBSERV... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015050169 *** Phishers register domain names, hammer traditional targets *** --------------------------------------------- The number of domain names used for phishing reached an all-time high, according to a new report by the the Anti-Phishing Working Group (APWG). Many of these were registered by .. --------------------------------------------- http://www.net-security.org/secworld.php?id=18429 *** Crash-Benachrichtigung für iOS-Geräte: Apple stellt Bugfix in Aussicht *** --------------------------------------------- Apple will den 'Unicode of Death'-Fehler, der iPhone und iPad durch eine bestimmte Zeichenfolge zum Absturz bringt, mit einem Software-Update beheben - das Problem betrifft weit mehr als nur iMessage. --------------------------------------------- http://heise.de/-2669432 *** Oracle PeopleSoft admin credentials open to hackers *** --------------------------------------------- SAP Security experts discovered a number of unpatched vulnerabilities and weaknesses in Oracle PeopleSoft that could be exploited to obtain admin passwords. The SAP security experts, Alexander Polyakov and Alexey Tyurin, revealed that Oracle .. --------------------------------------------- http://securityaffairs.co/wordpress/37270/hacking/oracle-peoplesoft-vulnera… *** Bugtraq: [SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices *** --------------------------------------------- http://www.securityfocus.com/archive/1/535626 *** IDS, IPS and UTM - What's the Difference? *** --------------------------------------------- In our last webcast, we learned about lingering and general confusion over these crazy acronyms IDS and IPS, and how they are like or unlike UTM software modules. Everyone likes primers and simple descriptive definitions, .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/ids-ips-and-utm-whats-…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily