- Daily - CERT.at

Tageszusammenfassung - Montag 21-11-2016
by Daily end-of-shift report 21 Nov '16

21 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 18-11-2016 18:00 − Montag 21-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Vuln: Huawei Smart Phones Multiple Local Denial of Service Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/94404 *** Vuln: Multiple Lenovo ThinkPad Products CVE-2016-8222 Local Security Bypass Vulnerability *** --------------------------------------------- Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. --------------------------------------------- http://www.securityfocus.com/bid/94409 *** Security Advisory: PHP vulnerability CVE-2016-6289 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/52/sol52430518.html?… *** SSA-672373 (Last Update 2016-11-18): Vulnerabilities in SIMATIC CP 1543-1 *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373… *** SSA-701708 (Last Update 2016-11-18): Local Privilege Escalation in Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708… *** SAP NetWeaver AS ABAP 7.4 Directory Traversal *** --------------------------------------------- The code provides access to the file specified after the READ DATASET statement. The variable transmitted to the input of the statement is entered in it by user input. Thus, the user can access the files stored on the operating system. This vulnerability is called a Directory Traversal. --------------------------------------------- https://cxsecurity.com/issue/WLB-2016110168 *** Update wichtig: Sicherheitswarnung zu Symantec-Software *** --------------------------------------------- Das BSI hat eine Sicherheitswarnung der Stufe 4 bezüglich der Symantec-Produkte Endpoint Security herausgegeben und empfiehlt ein sofortiges Update. --------------------------------------------- https://heise.de/-3492125 *** Second Chinese Firm In a Week Found Hiding a Backdoor In Android Firmware *** --------------------------------------------- An anonymous reader quotes Bleeping Computer: Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the targets phone with root privileges. This is the second issue of its kind that came to light this week after researchers from Kryptowire discovered a similar secret backdoor in the firmware of Chinese firm Shanghai Adups Technology Co. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/A1TnPdkseTU/second-chinese-… *** Putty Cleartext Password Storage *** --------------------------------------------- Putty.exe stores Passwords unencrypted for sessions that use a Proxy connection and specify a password to save. --------------------------------------------- https://cxsecurity.com/issue/WLB-2016110172 *** WordPress Plugin MailChimp 4.0.7 - Cross-Site Request Forgery / XSS *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016110174 *** Vuln: Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability *** --------------------------------------------- Apache OpenOffice is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Apache OpenOffice 4.1.2 and prior versions are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/94418 *** DFN-CERT-2016-1916/">GStreamer-Plugin: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes *** --------------------------------------------- Ein entfernter, nicht authentifizierter Angreifer kann mit Hilfe einer speziell präparierten Mediendatei einen Pufferüberlauf auf dem Heap erzeugen, dadurch große Speicherbereiche kontrollieren und in der Folge beliebigen Programmcode ausführen. Die Schwachstelle kann im Kombination mit anderen Sicherheitslücken und Design-Entscheidungen auf bestimmten Linux-Systemen einfach durch den Besuch einer speziell präparierten Webseite ausgenutzt werden. Es ist dabei keine Interaktion des Benutzers notwendig. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1916/ *** Bugtraq: [security bulletin] HPSBHF03675 rev.1 - HPE Integrated Lights-Out 3 and 4 (iLO 3, iLO 4), Cross-Site Scripting (XSS) *** --------------------------------------------- HPE has made the following firmware updates available to resolve the vulnerability in iLO 3 and iLO 4: For iLO3, please upgrade to firmware v1.88 For iLO4, please upgrade to firmware v2.44 --------------------------------------------- http://www.securityfocus.com/archive/1/539791 *** Oil and Gas Cybersecurity part 3: Midstream Security for Oil *** --------------------------------------------- I hope you enjoyed the previous parts of Oil and Gas Cyber Security series (Upstream Cyber Security and Oil and Gas Cyber Security 101). Today we will talk about OT and ICS with a special focus on the Midstream sector of the petroleum industry. --------------------------------------------- http://resources.infosecinstitute.com/oil-and-gas-cybersecurity-part-3-mids… *** Nemucod Infections Spreading Locky Over Facebook *** --------------------------------------------- Researchers have spotted an increase in Nemucod downloader infections moving via Facebook Messenger spam, with some victims being infected with Locky ransomware. --------------------------------------------- http://threatpost.com/nemucod-infections-spreading-locky-over-facebook/1220… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM Social Rendering Templates for Digital Data Connector (CVE-2016-8936) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993895 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Netcool Configuration Manager (ITNCM) is affected by a vulnerability discovered in XSTREAM (CVE-2016-3674) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992217 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Directors and Switches (CVE-2016-0701, CVE-2015-3197) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009610 --------------------------------------------- *** IBM Security Bulletin: Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Directors and switches (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009608 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 18-11-2016
by Daily end-of-shift report 18 Nov '16

18 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 17-11-2016 18:00 − Freitag 18-11-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Webseite aufgerufen, Linux gehackt *** --------------------------------------------- Linux-Nutzer können sich durch das bloße Aufrufen einer Webseite Schadcode einfangen. Die Ursache ist eine Kombination eigentlich harmloser Ereignisse – und eine Zero-Day-Lücke. Betroffen ist vor allem Fedora Workstation. --------------------------------------------- https://heise.de/-3489774 *** Google Removing SHA-1 Support in Chrome 56 *** --------------------------------------------- Google released its final SHA-1 deprecation deadlines, and crypto services provider Venafi said that 35 percent of the web is still running weak SHA-1 certificates. --------------------------------------------- http://threatpost.com/google-removing-sha-1-support-in-chrome-56/122041/ *** MacBook Pro 2016: Malware-Schutz teils ab Werk deaktiviert *** --------------------------------------------- Apple hat offenbar verpasst, den macOS-Systemintegritätsschutz (System Integrity Protection) auf allen MacBook-Pro-Modellen mit Touch Bar zu aktivieren. SIP soll die Möglichkeiten von Schad-Software begrenzen. --------------------------------------------- https://heise.de/-3491210 *** 8 million GitHub profiles scraped, data found leaking online *** --------------------------------------------- Technology recruitment site GeekedIn has scraped 8 million GitHub profiles and left the information exposed in an unsecured MongoDB database. The backup of the database .. --------------------------------------------- https://www.helpnetsecurity.com/2016/11/18/8-million-github-profiles-scrape… *** DSA-3718 drupal7 - security update *** --------------------------------------------- Multiple vulnerabilities has been found in the Drupal content managementframework. For additional information, please refer to the upstream advisoryat https://www.drupal.org/SA-CORE-2016-005 --------------------------------------------- https://www.debian.org/security/2016/dsa-3718 *** Metadaten: Apple speichert Verbindungsdaten mehrere Monate in iCloud *** --------------------------------------------- Apple bezeichnet sich gern als Datenschutzkonzern. Eine jetzt entdeckte Funktion zeigt aber, dass Apple Verbindungsdaten mehrere Monate im iCloud-Backup ablegt. Das dürfte nicht jedem gefallen. --------------------------------------------- http://www.golem.de/news/metadaten-apple-speichert-verbindungsdaten-mehrere… *** Top-Level-Domain .box macht Fritzbox-Routern Probleme *** --------------------------------------------- Router ist im internen Netz über den Domainnamen fritz.box erreichbar --------------------------------------------- http://derstandard.at/2000047782737 *** iPhone: Lockscreen-Lücke erlaubt Zugriff auf Kontakte und Fotos *** --------------------------------------------- Angriffsmethode soll auch bei den neuesten Versionen von iOS funktionieren --------------------------------------------- http://derstandard.at/2000047783306 *** Google Project Brillo: IoT-Android wird sicherer als Smartphone-Android *** --------------------------------------------- Google krempelt die Zusammenarbeit mit Herstellern für sein Internet-of-Things-System Brillo im Vergleich zu Android völlig um. So gibt es nur einen Linux-Kernel, der .. --------------------------------------------- http://www.golem.de/news/google-project-brillo-iot-android-wird-sicherer-al… *** The Rampage of Locky *** --------------------------------------------- Locky has been a constant in the malware zoo for a considerable time. And while we are aware that there are still victims being hit by the variant sporting the .ODIN extension, .. --------------------------------------------- https://blog.gdatasoftware.com/2016/11/29310-the-rampage-of-locky *** Filesharing: Hacker erbeuten Sourcecoude von Mega.nz *** --------------------------------------------- Mehrere Gbyte an Quellcode und einige Admin-Zugänge wurden bei Kim Dotcoms Dienst Mega.nz kopiert. Nach Angaben des Unternehmens sind keine Nutzerdaten betroffen, die veröffentlichten Zugänge seien zudem veraltet. --------------------------------------------- http://www.golem.de/news/filesharing-hacker-erbeuten-sourcecoude-von-mega-n…

1 0

Tageszusammenfassung - Donnerstag 17-11-2016
by Daily end-of-shift report 17 Nov '16

17 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-11-2016 18:00 − Donnerstag 17-11-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** VMSA-2016-0020 *** --------------------------------------------- vRealize Operations update addresses REST API deserialization vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0020.html *** VMSA-2016-0016.1 *** --------------------------------------------- vRealize Operations (vROps) updates address privilege escalation vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0016.html *** Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-005 *** --------------------------------------------- https://www.drupal.org/SA-CORE-2016-005 *** VMSA-2016-0018.1 *** --------------------------------------------- VMware product updates address local privilege escalation vulnerability in Linux kernel --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-00201.html *** VMSA-2016-0018.1 *** --------------------------------------------- VMware product updates address local privilege escalation vulnerability in Linux kernel --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0018.html *** Antivirus tools are a useless box-ticking exercise says Google security chap *** --------------------------------------------- Advocates whitelists and other tools that genuinely help security Kiwicon Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort .. --------------------------------------------- www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_ju… *** DSA-3716 firefox-esr - security update *** --------------------------------------------- Multiple security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, buffer overflows and otherimplementation errors may .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3716 *** Tails 2.7 is out *** --------------------------------------------- https://tails.boum.org/news/version_2.7/ *** Malware Hunters Catch New Android Spyware For Governments In The Wild *** --------------------------------------------- A group of malware hunters has caught a new Android spyware in the wild. The spyware is marketed to governments and police forces and was made in Italy—but it wasn’t built by the infamous surveillance tech vendor Hacking Team. --------------------------------------------- https://motherboard.vice.com/read/malware-hunters-catch-new-android-spyware… *** Internet of Things: US-Regierung veröffentlicht Security-Strategie *** --------------------------------------------- Sechs Empfehlungen für ein weniger unsicheres Internet of Things hat die US-Regierung ausgearbeitet. Das offizielle Dokument könnte Entwicklern und Sicherheitsabteilungen Rückenwind geben. --------------------------------------------- https://heise.de/-3488886 *** Erpressungs-Trojaner Ransoc soll Social-Media-Accounts ausspionieren *** --------------------------------------------- Sicherheitsforschern zufolge droht Ransoc damit, persönliche Daten zu veröffentlichen. Dafür soll er eine individuelle Erpresserbotschaft mit privaten Bildern und Informationen bauen. --------------------------------------------- https://heise.de/-3488976 *** Call for Papers Domain pulse 2017 *** --------------------------------------------- Das Generalthema des Domain pulse 2017 lautet „Netzwerken in Netzwerken“ – im weitesten Sinne des Begriffs. Wer oder was wird vernetzt? Wie wichtig ist Vernetzung? Wo findet sie statt? Wie kann sie bestmöglich gelingen? Und welche Probleme kann sie lösen? --------------------------------------------- http://www.domainpulse.at/de/call-for-papers *** Forensik-Tool-Hersteller: Apple speichert iPhone-Anrufprotokolle in iCloud – für viele Monate *** --------------------------------------------- Apple synchronisiert die Anrufhistorie von iCloud-Nutzern automatisch ohne darauf explizit hinzuweisen. Die Software des Herstellers soll Strafverfolgungsbehörden .. --------------------------------------------- https://heise.de/-3490866 *** Confessions of a Google Spammer *** --------------------------------------------- Before I became an inbound marketer, I once made $50,000 a month spamming Google. I worked a maximum of 10 hours a week. And I am telling you from the bottom of my heart: never, never ever follow in my footsteps. --------------------------------------------- https://readthink.com/confessions-of-a-google-spammer-4f2e0c3e9869

1 0

Tageszusammenfassung - Mittwoch 16-11-2016
by Daily end-of-shift report 16 Nov '16

16 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 15-11-2016 18:00 − Mittwoch 16-11-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Chinese company installed secret backdoor on hundreds of thousands of phones *** --------------------------------------------- http://arstechnica.com/security/2016/11/chinese-company-installed-secret-ba… *** Carbanak Attacks Shift to Hospitality Sector *** --------------------------------------------- The Carbanak cybercrime gang has shifted strategy and targets the hospitality and restaurant industries with new techniques and malware. --------------------------------------------- http://threatpost.com/carbanak-attacks-shift-to-hospitality-sector/121966/ *** Cloned Spam Sites in Subdirectories *** --------------------------------------------- In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding a complete WordPress CMS installation into a directory and using .. --------------------------------------------- https://blog.sucuri.net/2016/11/cloned-spam-sites-in-subdirectories.html *** Fake fax ushers in revival of a ransomware family *** --------------------------------------------- “Criminal case against you” is a message that may understandably cause panic. That’s what a recent spam campaign hopes happens, increasing the likelihood of .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/11/15/fake-fax-ushers-in-revi… *** Malspam distributing Troldesh ransomware *** --------------------------------------------- Earlier this week on Monday 2016-11-14, I found an example of malicious spam (malspam) distributing Troldesh ransomware. Troldesh (also called .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21717 *** Lynxspring JENEsys BAS Bridge Vulnerabilities *** --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01 *** VMware-Produkte abgesichert: Angreifer können aus Gast-System ausbrechen *** --------------------------------------------- In Fusion und Workstation klafft eine kritische Sicherheitslücke. --------------------------------------------- https://heise.de/-3484180 *** Ermittlungen gegen Skidata im Betriebsspionage-Verfahren eingestellt *** --------------------------------------------- Salzburger Firma soll Kundendaten auf IT-Server eines Konkurrenten ausgespäht haben – Laut Staatsanwaltschaft kein widerrechtlicher Datenzugriff --------------------------------------------- http://derstandard.at/2000047640813 *** Datenschutz bei Mac-App: Shazam will nicht mehr dauerhaft mithören *** --------------------------------------------- Ein Mikrofon, das dauerhaft angeschaltet ist, dürfte vielen Nutzern Unbehagen bereiten. Genau das tat Shazam auf dem Mac mindestens seit 2014. Jetzt will das .. --------------------------------------------- http://www.golem.de/news/datenschutz-bei-mac-app-shazam-will-nicht-mehr-dau… *** Sicherheitsupdates: Symantec-Software kann sich an DLL verschlucken *** --------------------------------------------- Verschiedene Symantec-Produkte sind angreifbar. Im schlimmsten Fall können Angreifer Systeme kapern. --------------------------------------------- https://heise.de/-3484233 *** Analysts apply Occams razor to Tesco Bank breach *** --------------------------------------------- Unexpected items in the banking area Analysis Security analysts have narrowed down the range of possible explanations for the Tesco Bank breach. --------------------------------------------- www.theregister.co.uk/2016/11/16/tesco_bank_breach_competing_theories_analy… *** Wickedly Clever USB Stick Installs a Backdoor on Locked PCs *** --------------------------------------------- The proof-of-concept tool PoisonTap uses a series of subtle design flaws to steal a victims cookies and even hack their router or intranet. --------------------------------------------- https://www.wired.com/2016/11/wickedly-clever-usb-stick-installs-backdoor-l… *** IT-Sicherheit: Facebook kauft Passwörter im Darknet *** --------------------------------------------- Die Doppelverwendung von Passwörtern bezeichnet der Sicherheitschef von Facebook als "größte Gefahr für .. --------------------------------------------- http://www.golem.de/news/it-sicherheit-facebook-kauft-passwoerter-im-darkne… *** Automobilzulieferer: Leoni schreibt nach 40-Millionen-Betrug Verluste *** --------------------------------------------- Der Betrugsfall geht an Leoni nicht spurlos vorbei. Nachdem rund 40 Millionen Euro entwendet wurden, schreibt das Unternehmen im vergangenen Quartal Verluste. Die Ermittlungen gehen weiter. --------------------------------------------- http://www.golem.de/news/automobilzulieferer-leoni-schreibt-nach-40-million… *** Nach Adobe-Hack: Einigung auf eine Million US-Dollar Strafe *** --------------------------------------------- Adobe hat sich mit insgesamt 15 US-Bundesstaaten auf eine Strafzahlung von zusammen einer Million US-Dollar geeinigt, weil das Unternehmen 2013 Millionen Nutzerdaten verloren hatte. Die hatten Angreifer bei einem Hack an sich gebracht. --------------------------------------------- https://heise.de/-3485542 *** Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability *** --------------------------------------------- A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…

1 0

Tageszusammenfassung - Dienstag 15-11-2016
by Daily end-of-shift report 15 Nov '16

15 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 14-11-2016 18:00 − Dienstag 15-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Vuln: Git for Windows CVE-2016-9274 Unspecified Untrusted Search Path vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/94289 *** CVE-2016-4484: Cryptsetup Initrd root Shell *** --------------------------------------------- An attacker with access to the console of the computer and with the ability to reboot the computer can launch a shell (with root permissions) when he/she is prompted for the password to unlock the system partition. The shell is executed in the initrd environment. Obviously, the system partition is encrypted and it is not possible to decrypt it (AFAWK). But other partitions may be not encrypted, and so accessible. --------------------------------------------- http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.… *** phpWebAdmin Version 1.0 SQL Injection Proof Of Concept Exploit *** --------------------------------------------- The user parameter in the index.php file is vulnerable to a blind SQL time-based Injection attack. Proof of concept is exploit attached below --------------------------------------------- https://cxsecurity.com/issue/WLB-2016110127 *** ImageMagick MagickCore/fx.c Heap Buffer Overflow Vulnerability *** --------------------------------------------- ImageMagick is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploits may result in denial-of-service condition. --------------------------------------------- http://www.securityfocus.com/bid/94310/discuss *** The Kings in Your Castle, Pt #2 *** --------------------------------------------- The second part of Marion Marschaleks and Raphael Vinots article series deals with questions that surround the tools and the data used by analysts. They shine a light on some of the challenges facing analysts when it comes to Indicators of Compromise. While those are easily created and implemented, they can end up being outdated rather quickly. For an effective strategy, other metrics are required which are less easy to create. --------------------------------------------- https://blog.gdatasoftware.com/2016/11/29304-the-kings-in-your-castle-pt-2 *** Beliebte Chrome-Erweiterungen zur Werbeschleuder mutiert *** --------------------------------------------- Einige beliebte Chrome-Erweiterungen werden offenbar zur Verbreitung dubioser Werbeanzeigen missbraucht. Wer eine davon installiert hat, sollte sie umgehend entfernen. --------------------------------------------- https://heise.de/-3465981 *** Windows Mobile Application Penetration Testing Part 4: Intercepting HTTP/HTTPS Traffic on Windows Phones *** --------------------------------------------- Introduction and Background: In the previous article of the series, we have discussed Sideloading concepts associated with Windows Phone 8.1 apps and UWP apps. In this article, we will discuss how to get your phones/emulators ready for intercepting HTTP/HTTPS traffic to proceed with further analysis of the application. --------------------------------------------- http://resources.infosecinstitute.com/windows-mobile-application-penetratio… *** Bypassing Mixed Content Warnings - Loading Insecure Content in Secure Pages *** --------------------------------------------- There are no doubts that the web is moving forward to HTTPS (secure) content. Most important names have today their certificates ready and their websites are in effect, secure. But have you ever wandered: secure to what extent? --------------------------------------------- https://www.brokenbrowser.com/loading-insecure-content-in-secure-pages/ *** Cisco IOS XE Software Directory Traversal Vulnerability *** --------------------------------------------- A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system.The vulnerability is due to insufficient validation of files submitted to the affected installation utility. An attacker could exploit this vulnerability by uploading a crafted file to an affected system and running the installation utility command. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Single Sign-on: Eine Milliarde Accounts für Hijacking anfällig *** --------------------------------------------- Single Sign-on ist praktisch, wird aber oft falsch implementiert. Sicherheitsforscher haben demonstriert, welche Fehler App-Entwickler dabei machen. Mehrere hundert Apps machten dabei Probleme. --------------------------------------------- http://www.golem.de/news/single-sign-on-eine-milliarde-accounts-fuer-hijack… *** DLL Loading Issue in Symantec Enterprise Products *** --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: OpenSSL vulnerability CVE-2016-2180 *** https://support.f5.com:443/kb/en-us/solutions/public/k/02/sol02652550.html?… --------------------------------------------- *** Security Advisory: BIG-IP ASM vulnerability CVE-2016-7472 *** https://support.f5.com:443/kb/en-us/solutions/public/k/17/sol17119920.html?… --------------------------------------------- *** Security Advisory: Apache Tomcat vulnerabilities CVE-2016-5018, CVE-2016-6794, and CVE-2016-6796 *** https://support.f5.com:443/kb/en-us/solutions/public/k/65/sol65230547.html?… --------------------------------------------- *** Security Advisory: Apache Tomcat vulnerability CVE-2016-6797 *** https://support.f5.com:443/kb/en-us/solutions/public/k/36/sol36302720.html?… --------------------------------------------- *** Security Advisory: Apache Tomcat vulnerability CVE-2016-0762 *** https://support.f5.com:443/kb/en-us/solutions/public/k/36/sol36784855.html?… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center (CVE-2016-5554, CVE-2016-5556, CVE-2016-5568) *** http://www.ibm.com/support/docview.wss?uid=swg21993861 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server (CVE-2016-5554, CVE-2016-5556, CVE-2016-5568, CVE-2016-5582) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993857 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024488 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Perl affects Power Hardware Management Console (‪‪CVE-2016-1238‬) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021704 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple perl vulnerabilities (CVE-2016-1238, CVE-2016-2381, CVE-2016-8853) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024470 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a vulnerability in fontconfig (CVE-2016-5384) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024468 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a vulnerability in sqlite (CVE-2016-6153) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024467 --------------------------------------------- *** IBM Security Bulletin: IBM PowerVC Local escalation of privilege vulnerability in DB2 for Linux (CVE-2016-5995) *** http://www-01.ibm.com/support/docview.wss?uid=nas8N1021652 --------------------------------------------- *** IBM Security Bulletin: Samba vulnerability issue in IBM SONAS (CVE-2016-2119) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009570 --------------------------------------------- *** IBM Security Bulletin: GPFS security vulnerabilities in IBM SONAS (CVE-2016-2985 and CVE-2016-2984 ) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009323 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 14-11-2016
by Daily end-of-shift report 14 Nov '16

14 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 11-11-2016 18:00 − Montag 14-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** No payment necessary: Fighting back against ransomware *** --------------------------------------------- Any IT professional who's ever had an experience with malware knows how fast an intrusive attack can happen, and how difficult it can be to educate employees to be vigilant against such threats. And with ransomware attacks only growing, having information, tools and technologies to help protect your network can mean the difference between serious... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/11/11/no-payment-necessary-fi… *** New Guide on How to Fix Hacked Joomla! Sites *** --------------------------------------------- Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the internet today. For that reason, we are glad that our team includes a former contributor who helped create the official Joomla! docs on website security. We have also participated in various Joomla! events around the world, and our cofounder Dre Armeda is a keynote speaker at the upcoming Joomla! World Conference in Vancouver, Canada. Continue reading New --------------------------------------------- https://blog.sucuri.net/2016/11/new-guide-fix-hacked-joomla-sites.html *** Vuln: Docker Multiple Security Bypass Vulnerabilities *** --------------------------------------------- Vulnerable: Docker 1.12, Docker 1.6.1, Docker 1.6, Docker 1.3.3, Docker 1.4.1, Docker 1.3.2, Docker 1.3.1, Docker 1.3.0, Docker 1.12.3, Docker 1.12.2, Docker 1.0.0 --------------------------------------------- http://www.securityfocus.com/bid/94272 *** Vuln: Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerabilities *** --------------------------------------------- Sophos Web Appliance is prone to a privilege-escalation vulnerability and remote code-execution vulnerabilities. Attackers can leverage these issues to gain elevated privileges or execute arbitrary commands within the context of the affected application. Sophos Web Appliance 4.2.1.3 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/94274 *** OWASP ModSecurity Core Rule Set Version 3.0 Released *** --------------------------------------------- Need a new set of generic attack detection rules for your web application firewall? Try the new OWASP ModSecurity Core Rule Set version 3.0.0! Long-time Slashdot reader dune73 writes: The OWASP CRS is a widely-used Open Source set of generic rules designed to protect users against threats like the OWASP Top 10. The rule set is most often deployed in conjunction with an existing Web Application Firewall like ModSecurity. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/DKhaxHVZD-s/owasp-modsecuri… *** MikroTik RouterOS 6.36.2 Cross Site Scripting *** --------------------------------------------- Topic: MikroTik RouterOS 6.36.2 Cross Site Scripting Risk: Low --------------------------------------------- https://cxsecurity.com/issue/WLB-2016110115 *** VMSA-2016-0019 *** --------------------------------------------- VMware product updates address local privilege escalation vulnerability in linux kernel --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0019.html *** Kaspersky Lab Black Friday Threat Overview 2016 *** --------------------------------------------- Our research shows that, over the last few years, the holiday period which starts on so-called Black Friday was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year. --------------------------------------------- http://securelist.com/analysis/publications/76615/kaspersky-lab-black-frida… *** [2016-11-14] Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2 *** --------------------------------------------- Attackers are able to control the SolarEagle V2.00 / MPPT Solar Controller SMART2 device as authentication is broken. Furthermore attackers can eavesdrop the unencrypted communication or denial service. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016… *** Adult Friend Finder: 412 Milionen Accounts von Datingseite gehackt *** --------------------------------------------- Nach dem Ashley-Madison-Hack gibt es einen weiteren großen Einbruch in ein Datingnetzwerk. Angreifer veröffentlichten 412 Millionen Accountdaten des Webseitennetzwerkes rund um Adult Friend Finder. --------------------------------------------- http://www.golem.de/news/adult-friend-finder-412-milionen-accounts-von-dati… *** Vuln: Jenkins Java Deserialization Remote Code Execution Vulnerability *** --------------------------------------------- Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. --------------------------------------------- http://www.securityfocus.com/bid/94281 *** [TYPO3-announce] Vulnerabilities in multiple third party TYPO3 CMS extensions *** --------------------------------------------- several vulnerabilities have been found in the following third party TYPO3 extensions: - "Store Locator" (locator) - "Code Highlighter" (mh_code_highlighter) - "Shibboleth Authentication" (shibboleth_auth) - "Secure Download Form" (rs_securedownload) - "Member Infosheets" (if_membersheet) - "TC Directmail" (tcdirectmail) --------------------------------------------- http://lists.typo3.org/pipermail/typo3-announce/2016/000388.html *** NIST Small Business Information Security guide for Small businesses *** --------------------------------------------- The NIST Small Business Information Security: The Fundamentals guide aims to provide basic cybersecurity recommendations to small businesses. --------------------------------------------- http://securityaffairs.co/wordpress/53423/breaking-news/nist-small-business… *** [CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE *** --------------------------------------------- Versions Affected: Apache OpenMeetings 3.1.0 Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack The issue was fixed in 3.1.2. All users are recommended to upgrade to Apache OpenMeetings 3.1.3 --------------------------------------------- http://www.securityfocus.com/archive/1/539751 *** Recordings from AppSecUSA 2016 in Washington, DC *** --------------------------------------------- https://www.youtube.com/playlist?list=PLpr-xdpM8wG8DPozMmcbwBjFn15RtC75N *** E-Mail-Sicherheitslücke in LTE-Router von Drei *** --------------------------------------------- Jeder Nutzer, der sich mit einem Drei-Smartphone bei einem Drei-LTE-Router anmeldet, hat Zugriff auf die E-Mails des Router-Besitzers. --------------------------------------------- https://futurezone.at/produkte/e-mail-sicherheitsluecke-in-lte-router-von-d… *** Updated Good Practice Guide on National Cyber Security Strategies by ENISA *** --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/updated-good-practice-guide-on-… *** Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 *** --------------------------------------------- On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities. ... Cisco investigated its product line to determine which products may be affected by these vulnerabilities and the impact of the vulnerabilities on each affected product. For information about whether a product is affected, refer to the “Vulnerable Products” and “Products Confirmed Not Vulnerable” sections of this advisory. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Master Decryption Keys and Decryptor for the Crysis Ransomware Released. *** --------------------------------------------- The master decryption keys for the CrySiS Ransomware have been released this morning in a post on the BleepingComputer.com forums. At approximately 1 AM EST, a member named crss7777 created a post in the CrySiS support topic at BleepingComputer with a Pastebin link to a file containing the master decryption keys and how to use them. [...] --------------------------------------------- http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-de… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple security vulnerabilities have been addressed in LMS 5.0 on Cloud *** http://www.ibm.com/support/docview.wss?uid=swg21993982 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2016-6304, CVE-2016-6303, CVE-2016-2178, CVE-2016-6306 and CVE-2016-2183) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009586 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images *** http://www-01.ibm.com/support/docview.wss?uid=swg21992898 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM SONAS (CVE-2016-2183) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009585 --------------------------------------------- *** IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty which may impact IBM Streams (CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993612 --------------------------------------------- *** IBM Security Bulletin: A Security Vulnerability has been fixed in IBM Security Privileged Identity Manager (CVE-2016-5964) *** http://www.ibm.com/support/docview.wss?uid=swg21994065 --------------------------------------------- *** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS. *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009590 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM WebSphere Portal (CVE-2016-3092) *** http://www-01.ibm.com/support/docview.wss?uid=swg21989359 --------------------------------------------- *** IBM Security Bulletin: IBM Connections Security Update *** http://www.ibm.com/support/docview.wss?uid=swg21990864 --------------------------------------------- *** IBM Security Bulletin: GPFS security vulnerabilities in IBM Storwize V7000 Unified (CVE-2016-0392) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009571 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 11-11-2016
by Daily end-of-shift report 11 Nov '16

11 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 10-11-2016 18:00 − Freitag 11-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Benevolent malware? reincarna/Linux.Wifatch, (Fri, Nov 11th) *** --------------------------------------------- In the new to me department. It looks like this one has been around for more thanthree years. Today I was doing some banner grabbing looking for a Mirainodethat had gotten away from me, and came across the Telnet banner below. It appears this device is infected with a piece of malware called Reincarna/Linux.Wifatch. It purports to being a memory resident malware that defends the device from more malicious malware. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21703&rss *** BSI-Bericht zur Lage der IT-Sicherheit: Die Lage bleibt angespannt *** --------------------------------------------- In seinem neuesten Bericht beurteilt das Bundesamt für Sicherheit in der Informationstechnik die aktuelle Gefährdungslage der IT-Sicherheit in Deutschland. Dabei zeigt es Schwachstellen auf und bewertet unter anderem Angriffsmethoden. --------------------------------------------- https://www.heise.de/newsticker/meldung/BSI-Bericht-zur-Lage-der-IT-Sicherh… *** CA Unified Infrastructure Management Directory Traversal Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a directory traversal vulnerability in CA Technologies Unified Infrastructure Management application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-315-01 *** F5 Security Advisory: Linux TCP stack vulnerability CVE-2016-5696 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/46/sol46514822.html?… *** Vuln: Brocade NetIron OS CVE-2016-8203 Memory Corruption Vulnerability *** --------------------------------------------- An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. Brocade NetIron OS 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a are vulnerable. --------------------------------------------- http://www.securityfocus.com/bid/94232 *** F5 Security Advisory: TMM vulnerability CVE-2016-7476 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/87/sol87416818.html?… *** MyBB 1.8.6 Cross Site Scripting *** --------------------------------------------- These issues may lead to the injection of JavaScript keyloggers, injection of content such as ads, or the bypassing of CSRF protection, which would for example allow the creation of a new admin user. --------------------------------------------- https://cxsecurity.com/issue/WLB-2016110096 *** Security Advisory - Path Traversal Vulnerability in Huawei Home Gateway Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2015/hw-462908 *** Vuln: Multiple I-O DATA Network Camera Products CVE-2016-7814 Information Disclosure Vulnerability *** --------------------------------------------- An attacker can exploit this issue to obtain sensitive information. This may aid in further attacks. The following products and versions are vulnerable: TS-WRLP firmware version 1.00.01 and prior TS-WRLA firmware version 1.00.01 and prior --------------------------------------------- http://www.securityfocus.com/bid/94250 *** Security Advisory - Input Validation Vulnerability in Some Huawei Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161111-… *** Windows Mobile Application Penetration Testing Part 3: Sideloading *** --------------------------------------------- Introduction and Background: In the First article of the series, we have covered the introduction and background required to start learning Windows Mobile Application Penetration Testing. We have also seen the requirements for setting up Windows Phone 8.1 emulators as well as Windows 10 mobile emulators. --------------------------------------------- http://resources.infosecinstitute.com/windows-mobile-application-penetratio… *** TYPO3: Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer) *** --------------------------------------------- It has been discovered that the extension "HTML5 Video Player" (html5videoplayer) is susceptible to Cross-Site Scripting. --------------------------------------------- https://typo3.org/news/article/cross-site-scripting-in-extension-html5-vide… *** TYPO3: Multiple vulnerabilities in extension "TC Directmail " (tcdirectmail) *** --------------------------------------------- It has been discovered that the extension "TC Directmail " (tcdirectmail) is susceptible to Cross Site-Scripting and SQL Injection. --------------------------------------------- https://typo3.org/news/article/multiple-vulnerabilities-in-extension-tc-dir… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in PAM affect Power Hardware Management Console (‪CVE-2013-7041 and CVE-2015-3238‬) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021702 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 April 2016 *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009348 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 10-11-2016
by Daily end-of-shift report 10 Nov '16

10 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 09-11-2016 18:00 − Donnerstag 10-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** VMSA-2016-0018 VMware product updates address local privilege escalation vulnerability in linux kernel *** --------------------------------------------- Relevant Products * VMware Identity Manager * vRealize Automation * vRealize Operations --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0018.html *** FortiWLC Undocumented Hardcoded core Account *** --------------------------------------------- FortiWLC comes with a hardcoded account named core which is used by Meru Access Points to send core dumps to the FortiWLC and has read/write privileges over various parts of the system. Impact: Unauthorized read/write remote access Affected Products: FortiWLC 7.0-9-1, 7.0-10-0, 8.1-2-0, 8.1-3-2 and 8.2-4-0 --------------------------------------------- https://fortiguard.com/advisory/fortiwlc-undocumented-hardcoded-core-account *** Deepsec: "Unternehmen interessieren sich nicht für Privacy, außer zum Marketing" *** --------------------------------------------- Sicherheitsexperte Marcus J. Ranum übt auch scharfe Kritik an eigener Branche: Teure Lösungen für wenig Nutzen --------------------------------------------- http://derstandard.at/2000047306876 *** OpenSSL Security Advisory [10 Nov 2016] (CVE-2016-7054, CVE-2016-7053, CVE-2016-7055) *** --------------------------------------------- CVE-2016-7054: TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. CVE-2016-7053: Applications parsing invalid CMS structures can crash with a NULL pointer dereference. --------------------------------------------- https://www.openssl.org/news/secadv/20161110.txt *** ICMP Unreachable DoS Attacks (aka "Black Nurse"), (Thu, Nov 10th) *** --------------------------------------------- It is not recommended to block all Type 3 ICMP messages. In particular Type 3 Code 4 (Fragmentation Needed and Don't Fragment was Set) messages are requied for path MTU discovery, which many modern operating systems use. ... So what should you do? * Don't panic. This is not a big deal. Test your firewall if you can, or check if is on the vulnerable list * You are vulnerable if you use a smaller Cisco ASA firewall. Newer/Larger multi-core versions appear to be fine. SonicWall and "some" Palo Alto firewalls appear to be vulnerable too. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21699&rss *** Bugtraq: Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/539732 *** Bugtraq: Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/539731 *** Internet Of Things: Sorgenkind Sicherheit *** --------------------------------------------- Das Geschäft mit smarten Devices und vernetzten Produktionsanlagen brummt, doch die Sicherheit ist oft nur Nebensache. Auf einer Konferenz in Köln zeichneten Branchenvertreter ein düsteres Bild. --------------------------------------------- https://heise.de/-3463589 *** Windows Mobile Application Penetration Testing Part 2: Understanding Applications *** --------------------------------------------- In the First article of the series, we have covered the introduction and background required to start learning Windows Mobile Application Penetration Testing. We have also seen the requirements for setting up Windows Phone 8.1 emulators as well as Windows 10 mobile emulators. In this article, we will discuss the basics of Windows Phone 8.1 applications and UWP applications. --------------------------------------------- http://resources.infosecinstitute.com/windows-mobile-application-penetratio… *** [R3] Nessus 6.9 Fixes Multiple Vulnerabilities *** --------------------------------------------- http://www.tenable.com/security/tns-2016-16 *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: BIG-IP ASM Proactive Bot Defense vulnerability CVE-2016-7472 *** https://support.f5.com:443/kb/en-us/solutions/public/k/17/sol17119920.html?… --------------------------------------------- *** Security Advisory: SSL renegotiation vulnerability CVE-2011-1473 *** https://support.f5.com:443/kb/en-us/solutions/public/15000/200/sol15278.htm… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in lquerylv in LVM impacts AIX (CVE-2016-6079) *** http://aix.software.ibm.com/aix/efixes/security/lquerylv_advisory.asc --------------------------------------------- *** IBM Security Bulletin: IBM Resilient Cross Site Scripting Vulnerability (CVE-2016-6062) *** https://success.resilientsystems.com/hc/en-us/articles/213457065-Security-B… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Struts affect IBM WebSphere Portal (CVE-2015-0899, CVE-2016-1181, CVE-2016-1182) *** http://www-01.ibm.com/support/docview.wss?uid=swg21988770 --------------------------------------------- *** IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty which may impact IBM Streams (CVE-2016-0378) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993571 --------------------------------------------- *** IBM Security Bulletin: HTTP response splitting attack affects IBM TS7700 Virtualization Engine (CVE-2015-2017) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1008115 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 9-11-2016
by Daily end-of-shift report 09 Nov '16

09 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 08-11-2016 18:00 − Mittwoch 09-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Admins aufgepasst: SHA1-Zertifikate vor dem endgültigen Aus *** --------------------------------------------- Ab Januar 2017 wird es ernst: die großen Browser werden ab dann richtige Fehlermeldungen anzeigen, wenn sie auf Zertifikate treffen, die eine Signatur mit SHA1 aufweisen. Die sind aber immer noch im Einsatz, wie ein Kurztest von heise Security zeigt. --------------------------------------------- https://heise.de/-3460868 *** Adsense: Google entfernt Bankentrojaner aus Werbenetzwerk *** --------------------------------------------- Erneut ist über ein Werbenetzwerk Schadsoftware verteilt worden. Eine Google-Adsense-Kampagne hatte versucht, Android-Nutzern einen Bankentrojaner unterzuschieben. Die entsprechenden Anzeigen wurden mittlerweile deaktiviert. (Malware, Virus) --------------------------------------------- http://www.golem.de/news/adsense-google-entfernt-bankentrojaner-aus-werbene… *** MS16-NOV - Microsoft Security Bulletin Summary for November 2016 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS16-NOV *** App-Schwachstelle: Angreifer können iPhone-Anrufe auslösen *** --------------------------------------------- Ein Fehler in populären iOS-Apps ermöglicht es, das iPhone zum automatischen Anwählen einer bestimmten Rufnummer zu bringen und den Nutzer zugleich am sofortigen Abbruch des Telefonats zu hindern. --------------------------------------------- https://heise.de/-3460552 *** November 2016 security update release *** --------------------------------------------- Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month's security updates and advisories can be found in the Security TechNet Library. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2016/11/08/november-2016-security-… *** Thoughts on the recent 'NtSetWindowLongPtr' vulnerability *** --------------------------------------------- On October 31, Google security team has announced it has discovered a vulnerability, actively exploited the wild, in (unspecified) versions of Microsoft Windows. The vulnerability is a local privilege escalation, allowing an unprivileged user to gain kernel privileges. --------------------------------------------- https://labs.bromium.com/2016/11/08/thoughts-on-the-recent-ntsetwindowlongp… *** New XM1RPC SEO Spam and Backdoor Campaign *** --------------------------------------------- We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1RPC campaign due to the common backdoor used across all of the compromised sites. The file is named in such a way as to confuse WordPress administrators who are familiar with XML-RPC. This malware usually infects all sites that share the same FTP account, which means cleaning just one website won't help... --------------------------------------------- https://blog.sucuri.net/2016/11/xm1rpc-spam-backdoor.html *** Phoenix Contact ILC PLC Authentication Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for authentication vulnerabilities in Phoenix Contact's ILC PLCs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-313-01 *** Siemens Industrial Products Local Privilege Escalation Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a privilege escalation vulnerability that affects several Siemens industrial products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02 *** OSIsoft PI System Incomplete Model of Endpoint Features Vulnerability *** --------------------------------------------- This advisory contains mitigation details for an incomplete model of endpoint features vulnerability in OSIsoft's PI System software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICS-VU-313-03 *** TrickBot Banking Trojan Adds New Browser Manipulation Tools *** --------------------------------------------- The banking Trojan TrickBot is evolving fast, according to researchers, and within weeks will expand its victim list and attack scope. --------------------------------------------- http://threatpost.com/trickbot-banking-trojan-adds-new-browser-manipulation… *** DSA-3709 libxslt - security update *** --------------------------------------------- Nick Wellnhofer discovered that the xsltFormatNumberConversion functionin libxslt, an XSLT processing runtime library, does not properly checkfor a zero byte terminating the pattern string. This flaw can be exploited to leak a couple of bytes after the buffer that holds thepattern string. --------------------------------------------- https://www.debian.org/security/2016/dsa-3709 *** Security Advisory - Input Validation Vulnerability in Wi-Fi Driver of Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161109-… *** Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched *** --------------------------------------------- The effectiveness of a zero-day quickly deteriorates as an attack tool after it gets discovered and patched by the affected software vendors. Within the time between the discovery of the vulnerability and the release of the fix, a bad actor might try to get the most out of his previously valuable attack assets. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/QdtwFJ1RHyQ/ *** Vuln: SAP NetWeaver Java AS Webdynpro Component Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/94174 *** New BEC scams seek to build trust first, request wire transfer later *** --------------------------------------------- Business email compromise scammers have gradually changed their tactics to improve their scam success rate. --------------------------------------------- https://www.symantec.com/connect/blogs/new-bec-scams-seek-build-trust-first… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple OpenSSL vulnerabilities affect IBM Aspera Shares 1.9.4 or earlier and IBM Aspera Console 3.0.6 or earlier *** https://support.asperasoft.com/hc/en-us/articles/229505687-Security-Bulleti… -IBM-Aspera-Console-3-0-6-or-earlier --------------------------------------------- *** IBM Security Bulletin: The BigFix Platform has a vulnerability involving missing the HTTP Strict-Transport-Security Header (CVE-2016-0297) *** http://www.ibm.com/support/docview.wss?uid=swg21993214 --------------------------------------------- *** IBM Security Bulletin: BigFix Platform has a vulnerability where information is exposed through Log Files (CVE-2016-0296) *** http://www.ibm.com/support/docview.wss?uid=swg21993213 --------------------------------------------- *** IBM Security Bulletin: Lotus Protector for Mail Security Affected By Multiple Open Source CURL Vulnerabilities (CVE-2016-7167) *** http://www.ibm.com/support/docview.wss?uid=swg21993246 --------------------------------------------- *** IBM Security Bulletin: IBM Connections Mobile Server Security Refresh for Apache Struts (CVE-2016-0785, CVE-2016-0785, CVE-2016-3093, CVE-2016-4003) *** http://www.ibm.com/support/docview.wss?uid=swg21984206 --------------------------------------------- *** IBM Security Bulletin: IBM Connections Security Refresh for Apache Struts CVE-IDs: CVE-2016-0785 CVE-2016-2162 *** http://www.ibm.com/support/docview.wss?uid=swg21985424

1 0

Tageszusammenfassung - Dienstag 8-11-2016
by Daily end-of-shift report 08 Nov '16

08 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 07-11-2016 18:00 − Dienstag 08-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Android: Sicherheitsupdate für November lässt kritische Lücke offen *** --------------------------------------------- Linux-Kernel-Bug auf Nexus- und Pixel-Geräten noch nicht geschlossen - Update schließt Dutzende Sicherheitslücken --------------------------------------------- http://derstandard.at/2000047142975 *** Android Security Bulletin November 2016 *** --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Google devices through an over-the-air (OTA) update. --------------------------------------------- https://source.android.com/security/bulletin/2016-11-01.html *** DDoS attack halts heating in Finland amidst winter *** --------------------------------------------- The systems that were attacked tried to respond to the attack by rebooting the main control circuit. This was repeated over and over so that heating was never working. --------------------------------------------- http://metropolitan.fi/entry/ddos-attack-halts-heating-in-finland-amidst-wi… *** Security Updates for Adobe Connect (APSB16-35) and Adobe Flash Player (APSB16-37) Available *** --------------------------------------------- Adobe has published security bulletins for Adobe Connect (APSB16-35) and Adobe Flash Player (APSB16-37). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1420 *** MSRT November 2016: Unwanted software has nowhere to hide in this month's release *** --------------------------------------------- We came across a browser modifier that sports rootkit capabilities. Not only does the threat, detected as BrowserModifier:Win32/Soctuseer, cross the line that separates legitimate software from unwanted, it also takes staying under the radar to the next level. Rootkit capabilities, which make it difficult to detect and remove applications, are usually associated with malware. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/11/08/msrt-november-2016-unwa… *** Vuln: phpMyAdmin CVE-2016-6610 Full Path Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/94118 *** BlackBerry powered by Android Security Bulletin November 2016 *** --------------------------------------------- http://support.blackberry.com/kb/articleDetail?articleNumber=000038666 *** Vuln: Multiple D-Link DIR Routers CVE-2016-6563 Remote Stack Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/94130 *** Piwik 2.16.0 PHP Object Injection *** --------------------------------------------- Affected Versions: Version 2.16.0 and prior versions. Vulnerability Description: The vulnerability can be triggered through the saveLayout() method defined in /plugins/Dashboard/Controller.php: --------------------------------------------- https://cxsecurity.com/issue/WLB-2016110055 *** f5 Security Advisories *** --------------------------------------------- *** Security Advisory: Configuration utility CSRF vulnerability *** https://support.f5.com:443/kb/en-us/solutions/public/k/21/sol21485342.html?… --------------------------------------------- *** Security Advisory: Linux kernel vulnerability CVE-2016-7117 *** https://support.f5.com:443/kb/en-us/solutions/public/k/51/sol51201255.html?… --------------------------------------------- *** Security Advisory: Multiple LibTIFF vulnerabilities *** https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35155453.html?… --------------------------------------------- *** Security Advisory: LibTIFF vulnerabilities CVE-2016-5320 and CVE-2015-8784 *** https://support.f5.com:443/kb/en-us/solutions/public/k/89/sol89096577.html?… --------------------------------------------- *** Security Advisory: PHP vulnerabilities CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, and CVE-2015-6838 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/300/sol17377.htm… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for HP NonStop (CVE-2016-2177, CVE-2016-6306, CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993601 --------------------------------------------- *** IBM Security Bulletin: Password Disclosure via application tracing in IBM Tivoli Storage Manager for Space Management (CVE-2016-0371) *** http://www.ibm.com/support/docview.wss?uid=swg21990042 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect the BigFix Platform *** http://www.ibm.com/support/docview.wss?uid=swg21993215 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect the BigFix Platform *** http://www.ibm.com/support/docview.wss?uid=swg21993210 --------------------------------------------- *** IBM Security Bulletin: The BigFIx platform has a vulnerability where WebReports executes with unnecessary privileges (CVE-2016-0396) *** http://www.ibm.com/support/docview.wss?uid=swg21993206 --------------------------------------------- *** IBM Security Bulletin: BigFix Platform has a vulnerability allowing unrestricted file upload (CVE-2016-0214) *** http://www.ibm.com/support/docview.wss?uid=swg21993203 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 7-11-2016
by Daily end-of-shift report 07 Nov '16

07 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 04-11-2016 18:00 − Montag 07-11-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Sophos Web Appliance 4.2.1.3 Remote Code Execution *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016110036 *** Two Critical MySQL Bugs Discovered *** --------------------------------------------- An anonymous reader quotes InfoWorld: Two critical privilege escalation vulnerabilities in MySQL, MariaDB, and PerconaDB can help take control of .. --------------------------------------------- https://developers.slashdot.org/story/16/11/05/056227/two-critical-mysql-bu… *** Tech support scammers use denial of service bug to hang victims *** --------------------------------------------- Process pig keeps eyes glued on fraudsters phone number. Tech support fraudsters have taught an old denial of service bug new tricks to add a convincing layer of authenticity to scams. --------------------------------------------- www.theregister.co.uk/2016/11/07/tech_support_scammers_use_denial_of_servic… *** Vuln: cURL/libcURL CVE-2016-8625 Remote Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/94107 *** Disassembling a Mobile Trojan Attack *** --------------------------------------------- In fact, any site using AdSense to display adverts could potentially have displayed messages that downloaded the dangerous Svpeng and automatically saved it to .. --------------------------------------------- http://securelist.com/blog/research/76286/disassembling-a-mobile-trojan-att… *** Hintergrund: Threat Intelligence: IT-Sicherheit zum Selbermachen? *** --------------------------------------------- Viele IT-Sicherheitsfirmen erweitern ihr Portfolio derzeit um sogenannte Threat Intelligence. Die ist jedoch kein Allheilmittel sondern muss gezielt eingesetzt werden, um einen echten Mehrwert zu erzielen. Dr. Timo Steffens vom .. --------------------------------------------- https://heise.de/-3453595 *** SSA-701708 (Last Update 2016-11-07): Local Privilege Escalation in Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708… *** SSA-378531 (Last Update 2016-11-07): Vulnerabilities in SIMATIC WinCC, PCS 7 and WinCC Runtime Professional *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531… *** IBM Security Bulletin: Vulnerability in IBM Java SDK affects Rational Lifecycle Integration Adapter for HP ALM (CVE-2016-5597) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21993700 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight (CVE-2016-3598) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21992715 *** IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerability (CVE-2016-5388) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21992977 *** Login Form Hijacking Vulnerability in Citrix NetScaler Gateway *** --------------------------------------------- https://support.citrix.com/article/CTX213313 *** Citrix XenServer Security Update for CVE-2016-0800 *** --------------------------------------------- A security vulnerability has been identified in Citrix XenServer that could, if exploited, allow a malicious attacker with access to the XenServer .. --------------------------------------------- https://support.citrix.com/article/CTX208403 *** Multiple Security Vulnerabilities in Citrix NetScaler Platform ... *** --------------------------------------------- A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler .. --------------------------------------------- https://support.citrix.com/article/CTX216642

1 0

Tageszusammenfassung - Freitag 4-11-2016
by Daily end-of-shift report 04 Nov '16

04 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 03-11-2016 18:00 − Freitag 04-11-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Extracting Malware Transmitted Via Telnet, (Thu, Nov 3rd) *** --------------------------------------------- One charactersitcs of many of the telnet explois we have seen over the last few years has been the transmission of malware using echo commands. Even the recent versions of Mirai used this trick. Reconstruction the malware from packet captures can be a little bit tricky, in particular if you are trying to automate the process. So here is what I have been doing for my honeypot DVR: First of all, the DVR is connected to a remote controlled power outlet, to make it easy to reboot it as needed. I do... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21673&rss *** Moving Beyond EMET *** --------------------------------------------- EMET - Then and Now Microsoft's Trustworthy Computing initiative was 7 years old in 2009 when we first released the Enhanced Mitigation Experience Toolkit (EMET). Despite substantial improvements in Windows OS security during that same period, it was clear that the way we shipped Windows at the time (3-4 years between major releases) was simply... --------------------------------------------- https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/ *** Mobile subscriber identity numbers can be exposed over Wi-Fi *** --------------------------------------------- For a long time, law enforcement agencies and hackers have been able to track the identity and location of mobile users by setting up fake cellular network towers and tricking their devices to connect to them. Researchers have now found that the same thing can be done much more cheaply with a simple Wi-Fi hotspot.The devices that pose as cell towers are known in the industry as IMSI catchers, with the IMSI (international mobile subscriber identity) being a unique number tied to a mobile... --------------------------------------------- http://www.cio.com/article/3138469/security/mobile-subscriber-identity-numb… *** Outlook Web Access Two-Factor Authentication Bypass Exists *** --------------------------------------------- Two-factor authentication protecting Outlook Web Access and Office 365 portals can be bypassed-and the situation likely cannot be fixed, a researcher has disclosed. --------------------------------------------- http://threatpost.com/outlook-web-access-two-factor-authentication-bypass-e… *** DNS Analysis and Tools *** --------------------------------------------- In this article, we will take a look at the complete DNS process, DNS lookup, DNS reverse lookup, DNS zone transfer, etc. along with some tools to analyze & enumerate DNS traffic. Domain Name System (DNS) is a naming system used to convert human readable domain names like infosecinstitute.com into a numerical IP address. The... --------------------------------------------- http://resources.infosecinstitute.com/dns-analysis-and-tools/ *** Security Advisory: Configuration utility CSRF vulnerability *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/61/sol61045143.html?… *** cURL/libcurl Multiple Bugs Let Remote Users Inject Cookies, Reuse Connections, and Execute Arbitrary Code and Let Local Users Obtain Potentially Sensitive Information and Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1037192 *** Security Notice - Statement on Black Hat Europe 2016 Revealing Security Vulnerability in Huawei Mate Smart Phone *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20161104-01-… *** Moxa OnCell Security Vulnerabilities *** --------------------------------------------- This advisory contains mitigation vulnerabilities for authorization bypass and disclosed OS commanding vulnerabilities in Moxa's OnCell Security Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01 *** Schneider Electric Magelis HMI Resource Consumption Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for resource consumption vulnerabilities affecting Schneider Electric's Magelis human-machine interface products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02 *** Schneider Electric IONXXXX Series Power Meter Vulnerabilities *** --------------------------------------------- This advisory is a follow-up to the alert titled ICS-ALERT-16-256-02 Schneider Electric ION Power Meter CSRF Vulnerability that was published September 12, 2016, on the NCCIC/ICS-CERT web site. This advisory contains mitigation details for a cross-site request forgery and no access control vulnerabilities in Schneider Electric's IONXXXX series power meters. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03 *** IBM Security Bulletin *** --------------------------------------------- *** IBM Security Bulletin: IBM i is affected by several vulnerabilities (CVE-2016-2183 and CVE-2016-6329) *** http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSH and OpenSSL affect GPFS for Windows V3.5 *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024394 --------------------------------------------- *** IBM Security Bulletin: Cross-site scripting vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-2926) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993444 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM InfoSphere Information Server (CVE-2012-6153 CVE-2014-3577) *** http://www-01.ibm.com/support/docview.wss?uid=swg21982420 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 3-11-2016
by Daily end-of-shift report 03 Nov '16

03 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 02-11-2016 18:00 − Donnerstag 03-11-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Unpatched Vulnerability on Wix.com Puts Millions of Sites at Risk *** --------------------------------------------- Wix websites are vulnerable to reflective DOM cross-site scripting attack that could give attackers control of user's websites. --------------------------------------------- http://threatpost.com/unpatched-vulnerability-on-wix-com-puts-millions-of-s… *** Malware: Adwords-Anzeige verlinkt auf falschen Google Chrome *** --------------------------------------------- Eine Malware-Kampagne, die sich gegen Apple-Nutzer richtet, bietet gefälschte Versionen von Googles Chrome-Browser. Dabei nutzten die Betrüger ausgerechnet Googles Adword-Anzeigen, um Opfer hereinzulegen. --------------------------------------------- http://www.golem.de/news/malware-adwords-anzeige-verlinkt-auf-falschen-goog… *** Recognizing Packed Malware and its Unpacking Approaches-Part 2 *** --------------------------------------------- In Part 1 of this article series, we had a look at the ways to recognize packed executables and various ways to automate the unpacking process. In this article, we will look at the manual process of unpacking a packed malware specimen. In the last article, we have seen how the malware specimen was packed... --------------------------------------------- http://resources.infosecinstitute.com/recognizing-packed-malware-and-its-un… *** Bereits 30.000 Angriffe: Experten warnen vor Joomla-Lücke *** --------------------------------------------- Cyberkriminelle verschaffen sich erweiterte Rechte - Webseiten-Betreiber sollten sofort auf die neueste Version updaten --------------------------------------------- http://derstandard.at/2000046902782 *** Barracuda: Outage caused by large number of inbound connections *** --------------------------------------------- Yet firm refuses to say the word DDoS. What are they hiding? Outage-hit security firm Barracuda appears to have been struck down by a DDoS - though the firm says its still investigating and refuses to confirm or deny it. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/11/03/barracuda_o… *** These 12+ Internet Crime Stories Will Make You Care about Cybersecurity [Updated] *** --------------------------------------------- Online security seems such an abstract and distant field, where other people get hurt, but you somehow stay safe, either by luck or internet savvy. But the truth is, it could happen to anyone, and it might even have happened to you in the past. They say that nothing beats learning from experience, but sometimes it's best... --------------------------------------------- https://heimdalsecurity.com/blog/12-true-stories-that-will-make-you-care-ab… *** Browsererweiterungen: Plötzlich nackt im Netz *** --------------------------------------------- Alle Suchwörter, alle Webseiten - der Browser-Verlauf eines ganzen Monats steht zum Verkauf. Unser Autor erlebte, wie das ist, wenn die eigenen Daten zur Ware werden. --------------------------------------------- http://www.golem.de/news/browsererweiterungen-ploetzlich-nackt-im-netz-1611… *** Ubuntu Core Snaps door shut on Linuxs new Dirty COWs *** --------------------------------------------- When did Linux start becoming like Windows? Canonical has released Ubuntu Core 16 for IoT, featuring Linux self-patching for a generation of users against future Bash or Dirty COWs. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/11/03/ubuntu_core… *** HPSBUX03664 SSRT110248 rev.1 HP-UX BIND Service running named, Remote Denial of Service (DoS) *** --------------------------------------------- Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05321107 *** Security Advisory: BIG-IP virtual server TCP sequence numbers vulnerability *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/68/sol68401558.html?… *** Security Advisory: OpenSSL vulnerability CVE-2016-6304 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/54/sol54211024.html?… *** Security Advisory: BIND vulnerability CVE-2016-8864 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35322517.html?… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2016 CPU (CVE-2016-5573, CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993440 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM WebSphere Real Time *** https://www-01.ibm.com/support/docview.wss?uid=swg21993501 --------------------------------------------- *** IBM Security Bulletin: Lotus Protector for Mail Security Affected By Multiple Open Source OpenSSL Vulnerabilities *** http://www.ibm.com/support/docview.wss?uid=swg21992348 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-3426) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992149 --------------------------------------------- *** IBM Security Bulletin: Password Disclosure via application tracing in IBM Tivoli Storage Manager Client (CVE-2016-0371) *** http://www.ibm.com/support/docview.wss?uid=swg21985114 --------------------------------------------- *** IBM Security Bulletin: A Vulnerability in OpenSource Apache Taglibs Vulnerability affect Content Integrator (CVE-2015-0254) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993243 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 2-11-2016
by Daily end-of-shift report 02 Nov '16

02 Nov '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 31-10-2016 18:00 − Mittwoch 02-11-2016 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** New, more-powerful IoT botnet infects 3,500 devices in 5 days *** --------------------------------------------- Discovery of Linux/IRCTelnet suggests troubling new DDoS menace could get worse. --------------------------------------------- http://arstechnica.com/security/2016/11/new-iot-botnet-that-borrows-from-no… *** Docker user? Havent patched Dirty COW yet? Got bad news for you *** --------------------------------------------- Repeat after me, containerization isnt protection, its a management feature Heres another reason to pay attention to patching your Linux systems against the Dirty COW vulnerability: it can be used to escape Docker containers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/11/01/docker_user… *** Sicherheits-Patch für Zero-Day-Lücke in Windows in Sicht *** --------------------------------------------- Ein Ausnutzen der Schwachstelle soll nur in Verbindung mit einer bereits geschlossenen Flash-Lücke funktionieren. Microsoft kritisiert Google für die frühe Offenlegung der Lücke. --------------------------------------------- https://heise.de/-3454255 *** Millionen Surf-Profile: Daten stammen angeblich auch von Browser-Addon WOT *** --------------------------------------------- Die detaillierten Daten zum Surfverhalten von Millionen Deutschen, auf die NDR-Reporter Zugriff haben, stammen offenbar auch von der beliebten Browser-Erweiterung WOT. Die damit gesammelten Daten seien leicht bestimmten Personen zuzuordnen. --------------------------------------------- https://heise.de/-3453820 *** Performance-Framework: Kritische Sicherheitslücken in Memcached geschlossen *** --------------------------------------------- Von einer Sicherheitslücke in einem beliebten Performance-Framework sind auch Dienste wie Facebook, Youtube und Reddit betroffen gewesen. Angreifer hätten auf dem Zielsystem Code ausführen können. Ein Patch und ein Workaround sind verfügbar. --------------------------------------------- http://www.golem.de/news/performance-framework-kritische-sicherheitsluecken… *** Datenpanne: Wenn das iPhone die Geheimnummer der Nationalratspräsidentin kennt *** --------------------------------------------- Offenbar durch einen Fehler bei AppleCare sind die Telefonbucheinträge mehrerer iPhone-Nutzer an andere übertragen worden, berichten der "Stern" und das österreichische Magazin "News". --------------------------------------------- https://heise.de/-3454575 *** Belkin's WeMo Gear Can Hack Android Phones *** --------------------------------------------- Vulnerabilities in WeMo home automation devices can be used to attack the Android apps used to manage devices remotely. --------------------------------------------- http://threatpost.com/belkins-wemo-gear-can-hack-android-phones/121730/ *** Security Advisory: OpenSSL vulnerability CVE-2016-2179 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23512141.html?… *** Security Advisory 2016-02: Security Update for OTRS *** --------------------------------------------- November 01, 2016 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security(a)otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2017-08-20] uid OTRS Security Team GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 --------------------------------------------- https://www.otrs.com/security-advisory-2016-02-security-update-otrs/ *** Palo Alto PAN-OS Insecure API Token Generation Lets Remote Users Access the Target Firewall API Interface *** --------------------------------------------- http://www.securitytracker.com/id/1037153 *** Palo Alto PAN-OS Input Validation Flaw in Captive Portal Lets Remote Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037152 *** DFN-CERT-2016-1794: Django: Zwei Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1794/ *** USN-3118-1: Mailman vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-3118-11st November, 2016mailman vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in Mailman.Software description mailman - Powerful, web-based mailing list manager DetailsIt was discovered that the Mailman administrative web interface did notprotect against cross-site request forgery (CSRF) attacks. If anauthenticated user were --------------------------------------------- http://www.ubuntu.com/usn/usn-3118-1/ *** CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure *** --------------------------------------------- A defect in BINDs handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c --------------------------------------------- https://kb.isc.org/article/AA-01434/0/CVE-2016-8864%3A-A-problem-handling-r… *** Symantec IT Management Suite Multiple Issues *** --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Norton Mobile Security for Android Multiple Security Issues *** --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Identity Manager ( CVE-2016-1181 CVE-2016-1182 ) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992931 --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2016-6072) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991893 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium Data Redaction is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU Jul 2016 Includes Oracle Jul 2016 CPU (CVE-2016-3485) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992001 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring (CVE-2016-3485, CVE-2016-3511, CVE-2016-3598) *** http://www.ibm.com/support/docview.wss?uid=swg21993191 --------------------------------------------- *** IBM Security Bulletin: A command injection vulnerability has been identified in IBM Security Access Manager for Mobile appliances (CVE-2016-3028) *** http://www.ibm.com/support/docview.wss?uid=swg21991110 --------------------------------------------- *** IBM Security Bulletin: A vulnerability associated with the default account lockout settings in IBM Security Access Manager for Mobile has been identified (CVE-2016-3025) *** http://www.ibm.com/support/docview.wss?uid=swg21991107 --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco ASR 5500 Series with DPC2 Cards SESSMGR Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco TelePresence Endpoints Local Command Injection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Prime Home Authentication Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ---------------------------------------------

1 0

Tageszusammenfassung - Montag 31-10-2016
by Daily end-of-shift report 31 Oct '16

31 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 28-10-2016 18:00 − Montag 31-10-2016 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Of course smart homes are targets for hackers *** --------------------------------------------- The Wirecutter, an in-depth comparative review site for various electrical and electronic devices, just published an opinion piece on whether users should be worried about security issues in IoT devices. The summary: avoid devices that dont require passwords (or dont force you to change a default and devices that want you to disable security, follow general network security best practices but otherwise dont worry - criminals arent likely to target you.This is terrible, irresponsible advice. Its --------------------------------------------- http://mjg59.dreamwidth.org/45483.html *** Ensuring that ICS/SCADA isn't our next IoT nightmare *** --------------------------------------------- The DDoS chaos of the past month tells us that we need to work together to ensure future standards and reduce security risks --------------------------------------------- https://nakedsecurity.sophos.com/2016/10/28/ensuring-that-icsscada-isnt-our… *** Volatility Bot: Automated Memory Analysis, (Sun, Oct 30th) *** --------------------------------------------- Few weeks ago Ive attended the SANS DFIR Summit in Prague, and one of the very interesting talks was from Martin Korman (@MartinKorman), who presented a new tool he developed: Volatility Bot. According to his description, Volatility Bot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation. Not only does it automatically extract the executable... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21655&rss *** Masque Attack Abuses iOS's Code Signing to Spoof Apps and Bypass Privacy Protection *** --------------------------------------------- First reported in 2014, Masque Attack allowed hackers to replace a genuine app from the App Store with a malformed, enterprise-signed app that had the same Bundle Identifier (Bundle ID). Apple subsequently patched the vulnerabilities (CVE-2015-3772 and CVE-2015-3725), but while it closed a door, scammers seemed to have opened a window. Haima's repackaged, adware-laden apps and its native helper application prove that App Store scammers are still at it. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ffHuC_yu178/ *** DDOS-Attacke gegen Server legt Wiener TU-Informatiker lahm *** --------------------------------------------- Eine DDOS-Attacke gegen Server der Fachschaft Informatik der TU Wien hat zu Webseiten-Ausfällen geführt. --------------------------------------------- https://futurezone.at/digital-life/ddos-attacke-gegen-server-legt-wiener-tu… *** Joomla websites attacked en masse using recently patched exploits *** --------------------------------------------- Attackers are aggressively attacking Joomla-based websites by exploiting two critical vulnerabilities patched last week.The flaws allow the creation of accounts with elevated privileges on websites built with the popular Joomla content management system, even if account registration is disabled. They were patched in Joomla 3.6.4, released Tuesday.Hackers didnt waste any time reverse engineering the patches to understand how the two vulnerabilities can be exploited to compromise websites,... --------------------------------------------- http://www.csoonline.com/article/3136933/security/joomla-websites-attacked-… *** CardComplete-Phishingmail: 3-D Secure Aktualisierung *** --------------------------------------------- In einer vermeintlichen CardComplete-Benachrichtigung heißt es, dass Kreditkarteninhaber/innen ihr 3-D Secure Verfahren aktualisieren müssen. Dazu sollen sie eine Website aufrufen und ihre persönlichen Kreditkarteninformationen bekannt geben. In Wahrheit stammt die E-Mail von Kriminellen, die damit sensible Daten stehlen. --------------------------------------------- https://www.watchlist-internet.at/phishing/cardcomplete-phishingmail-3-d-se… *** "AtomBombing": Forscher warnen vor "unpatchbarer" Windows-Lücke *** --------------------------------------------- Angeblich alle Windows-Systeme betroffen - Gefahrenpotenzial allerdings unklar --------------------------------------------- http://derstandard.at/2000046630311 *** Cybercrime-Report 2015: Elf Prozent mehr Anzeigen in Österreich *** --------------------------------------------- Mehr Fälle bei Internetbetrug, Erpressung und Datenmissbrauch --------------------------------------------- http://derstandard.at/2000046762022 *** The Week in Ransomware - October 28 2016 - Locky, Angry Duck, and More! *** --------------------------------------------- Lots and lots of little ransomware and in-dev variants released this week. Of particular note is the quick release of two Locky variants that used .sh*t and then a day later the .thor extension for encrypted files. --------------------------------------------- http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-octobe… *** Security Advisory: OpenSSL vulnerability CVE-2016-2181 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59298921.html?… *** Vuln: Moodle CVE-2016-7919 Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93971 *** GNU tar 1.29 Extract Pathname Bypass *** --------------------------------------------- Topic: GNU tar 1.29 Extract Pathname Bypass Risk: Low Text: - t216 special vulnerability release -- Vulnerability: POINTYFEATHER aka Tar extract pathname bypass ... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016100254 *** About the security content of iOS 10.1.1 *** --------------------------------------------- This document describes the security content of iOS 10.1.1. --------------------------------------------- https://support.apple.com/en-us/HT207287 *** Vulnerabilities in InfraPower PPS-02-S Q213V1 *** --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5375.php --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5374.php --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5373.php --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5372.php --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5371.php --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Local File Disclosure Vulnerability *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5370.php --------------------------------------------- *** InfraPower PPS-02-S Q213V1 Multiple XSS Vulnerabilities *** http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5369.php --------------------------------------------- Next End-of-Shift report: 2016-11-02

1 0

Tageszusammenfassung - Freitag 28-10-2016
by Daily end-of-shift report 28 Oct '16

28 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-10-2016 18:00 − Freitag 28-10-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Vuln: HP Business Service Management CVE-2016-4392 Cross Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93933 *** MS16-128 - Critical: Security Update for Adobe Flash Player (3201860) - Version: 1.0 *** https://technet.microsoft.com/en-us/library/security/MS16-128 *** Vuln: Python urllib3 CVE-2016-9015 TLS Certificate Validation Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93941 *** Vuln: Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93944 *** iTunes 12.5.2 for Windows *** --------------------------------------------- https://support.apple.com/kb/HT207274 *** iPrint Appliance 2.1 Patch 1 *** --------------------------------------------- https://download.novell.com/Download?buildid=AmZsfGf_NQ4~ *** Malvertising *** --------------------------------------------- Unsere Kollegen vom niederländischen NCSC haben eben ihr "Cyber Security Assessment Netherlands 2016" auch auf Englisch veröffentlicht. Da steckt viel Arbeit .. --------------------------------------------- http://www.cert.at/services/blog/20161028083404-1815.html *** Researchers tag new brace of bugs in NTP, but theyre fixable *** --------------------------------------------- However, because these are protocol vulnerabilities, the researchers fixing NTP is more important. They propose replacing the current model with one that uses more .. --------------------------------------------- http://www.theregister.co.uk/2016/10/28/researchers_tag_new_brace_of_bugs_i… *** Honeywell Experion PKS Improper Input Validation Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a denial-of-service condition caused by an improper input validation vulnerability in Honeywell’s Experion Process Knowledge System platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01 *** Bugtraq: [security bulletin] HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information *** --------------------------------------------- http://www.securityfocus.com/archive/1/539646 *** Bugtraq: [security bulletin] HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege *** --------------------------------------------- http://www.securityfocus.com/archive/1/539645 *** Der Bot im Babyfon *** --------------------------------------------- In ein Heimnetzwerk integrierte IoT-Geräte bauen oftmals selbstständig eine Verbindung zum Internet auf, indem sie den Router des Nutzers per UPnP (Universal Plug and Play) so konfigurieren, dass eine Portweiterleitung .. --------------------------------------------- https://www.bsi-fuer-buerger.de/BSIFB/DE/Service/Aktuell/Informationen/Arti… *** Researchers expose Mirai vuln that could be used to hack back against botnet *** --------------------------------------------- Exploit can halt attacks from IoT devices Security researchers have discovered flaws in the Mirai .. --------------------------------------------- www.theregister.co.uk/2016/10/28/mirai_botnet_hack_back/

1 0

Tageszusammenfassung - Donnerstag 27-10-2016
by Daily end-of-shift report 27 Oct '16

27 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 25-10-2016 18:00 − Donnerstag 27-10-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Asterisk users need to patch DoS bug *** --------------------------------------------- Overlap dialling lets attacker shut down system Asterisk users need to get busy with a patch. --------------------------------------------- www.theregister.co.uk/2016/10/25/asterisk_patch_dos_bug/ *** Denial of Service Vulnerability in Citrix License Server *** --------------------------------------------- A vulnerability has been identified in the Citrix License Server for Windows and Citrix License Server VPX that could allow a remote .. --------------------------------------------- https://support.citrix.com/article/CTX217430 *** Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware *** --------------------------------------------- https://support.citrix.com/article/CTX216642 *** Memory Permission Weakness in Citrix XenApp and XenDesktop *** --------------------------------------------- https://support.citrix.com/article/CTX215460 *** Security Advisory - PXN Defense Mechanism Failure Vulnerability in Huawei Mobile Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161026-… *** VMSA-2016-0017 *** --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0017.html *** Security Advisory - Two Information Leak Vulnerabilities in ION Memory Management Module of Huawei Smart Phone *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161026-… *** Cisco Identity Services Engine SQL Injection Vulnerability *** --------------------------------------------- A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Siemens SICAM RTU Devices Denial-of-Service Vulnerability *** --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-299-01 *** Bundeskriminalamt gibt Tipps zum Schutz mobiler Geräte *** --------------------------------------------- http://derstandard.at/2000046518819 *** Security updates available for Adobe Flash Player (APSB16-36) *** --------------------------------------------- A Security Bulletin (APSB16-36) has been published regarding security updates for Adobe Flash Player. These updates address a critical vulnerability, and Adobe .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1416 *** Vulnerability in Linux Kernel Affecting Cisco Products: October 2016 *** --------------------------------------------- On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries *** --------------------------------------------- http://jvn.jp/en/jp/JVN76780067/ *** Cisco Email Security Appliance Malformed DGN File Attachment Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability *** --------------------------------------------- Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability *** --------------------------------------------- A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Email Security Appliance FTP Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits.The .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Email Security Appliance Drop Bypass Vulnerability *** --------------------------------------------- A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Email Security Appliance Corrupted Attachment Fields Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Remote Code Execution Vulnerabilities Plague LibTIFF Library *** --------------------------------------------- Three vulnerabilities, all which can lead to remote code execution, exist in the LibTIFF library. --------------------------------------------- http://threatpost.com/remote-code-execution-vulnerabilities-plague-libtiff-… *** Tripal BLAST UI - Highly Critical - Remote Code Execution - SA-CONTRIB-2016-054 *** --------------------------------------------- This module enables you to run NCBI BLAST jobs on the host system.The module doesnt sufficiently validate advanced options available to users submitting BLAST jobs, thereby exposing the ability to enter a short snippet of shell code that will be .. --------------------------------------------- https://www.drupal.org/node/2822366 *** Office 2013 can now block macros to help prevent infection *** --------------------------------------------- In response to the growing trend of macro-based threats, a new feature in Office 2016 allows an enterprise administrator to block users from running macros .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/10/26/office-2013-can-now-blo… *** Joomla! squashes critical privileged account creation holes *** --------------------------------------------- Borked two factor authentication also fixed Joomla! has revealed its patched twin critical flaws allowing attackers to bypass rules and create elevated privilege accounts. --------------------------------------------- www.theregister.co.uk/2016/10/27/joomla_squashes_critical_privileged_accoun… *** Three LibTIFF bugs found, only two patched *** --------------------------------------------- Buffer overruns, remote code execution, you know the drill LibTIFF has three bugs that let booby-trapped files pwn a target - and only two of them have been patched. --------------------------------------------- www.theregister.co.uk/2016/10/27/three_libtiff_bugs_found_only_two_patched/ *** Inside the Gootkit C&C server *** --------------------------------------------- In September 2016, we discovered a new version of Gootkit with a characteristic and instantly recognizable feature: an extra check of the environment .. --------------------------------------------- http://securelist.com/blog/research/76433/inside-the-gootkit-cc-server/ *** Citrix XenServer Security Update for CVE-2016-7777 *** --------------------------------------------- A security vulnerability has been identified in Citrix XenServer that may allow malicious user code within an HVM guest VM to read or modify the contents of .. --------------------------------------------- https://support.citrix.com/article/CTX217363 *** IBM Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by Open Source Tomcat vulnerability (CVE-2016-3092) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21993043 *** Are the Days of “Booter” Services Numbered? *** --------------------------------------------- It may soon become easier for Internet service providers to anticipate and block certain types of online assaults launched by Web-based attack-for-hire services known as "booter" or "stresser" services, new research released today suggests. --------------------------------------------- https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbere…

1 0

Tageszusammenfassung - Dienstag 25-10-2016
by Daily end-of-shift report 25 Oct '16

25 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 24-10-2016 18:00 − Dienstag 25-10-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** iOS 10.1 *** --------------------------------------------- https://support.apple.com/kb/HT207271 *** IoT Device Maker Vows Product Recall, Legal Action Against Western Accusers *** --------------------------------------------- A Chinese electronics firm pegged by experts as responsible for making many of the components leveraged in last weeks massive attack that disrupted Twitter and .. --------------------------------------------- https://krebsonsecurity.com/2016/10/iot-device-maker-vows-product-recall-le… *** Locky Ransomwares new .SHIT Extension shows that you cant Polish a Turd *** --------------------------------------------- To further show how ransomware is such a pile of crap, a new version of Locky has been released that appends the .shit extension on encrypted files. Like previous .. --------------------------------------------- http://www.bleepingcomputer.com/news/security/locky-ransomwares-new-shit-ex… *** DSA-3698 php5 - security update *** --------------------------------------------- Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development. --------------------------------------------- https://www.debian.org/security/2016/dsa-3698 *** Critical Patch Update - October 2016 *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html *** Kryptologe Hellman: NSA propagiert mittlerweile Verschlüsselung *** --------------------------------------------- Daten verlässlich zu verschlüsseln auch für Sicherheit von Staaten wichtig – Zusammensetzen sicherer Komponenten macht außerdem noch lange kein sicheres System --------------------------------------------- http://derstandard.at/2000046466661 *** Wosign und Startcom: Mozilla veröffentlicht Details des TLS-Rauswurfs *** --------------------------------------------- Mozillas Firefox-Browser wird keine TLS-Zertifikate der beiden skandalträchtigen Certificate Authorities mehr akzeptieren. Wie dies genau umgesetzt wird, hat die Stiftung nun erläutert. --------------------------------------------- http://www.golem.de/news/wosign-und-startcom-mozilla-veroeffentlicht-detail… *** Certificate Transparency: Betrug mit TLS-Zertifikaten wird fast unmöglich *** --------------------------------------------- Alle TLS-Zertifizierungsstellen müssen ab nächstem Herbst ihre Zertifikate vor der Ausstellung in ein öffentliches Log eintragen. Mittels Certificate Transparency kann Fehlverhalten bei der Zertifikatsausstellung leichter entdeckt werden - das TLS-Zertifikatssystem insgesamt wird vertrauenswürdiger. --------------------------------------------- http://www.golem.de/news/certificate-transparency-betrug-mit-tsl-zertifikat… *** [20161002] - Core - Elevated Privileges *** --------------------------------------------- Incorrect use of unfiltered data allows for users to register on a site with elevated privileges. Affected Installs Joomla! CMS versions 3.4.4 through 3.6.3 Solution Upgrade to .. --------------------------------------------- https://developer.joomla.org/security-centre/660-20161002-core-elevated-pri… *** [20161001] - Core - Account Creation *** --------------------------------------------- Inadequate checks allows for users to register on a site when registration has been disabled. Affected Installs Joomla! CMS versions 3.4.4 .. --------------------------------------------- https://developer.joomla.org/security-centre/659-20161001-core-account-crea… *** BSI: Deutschland soll vernetzte Geräte besser schützen *** --------------------------------------------- Nach einem Angriff auf die Internet-Infrastruktur hat das Bundesamt für Sicherheit in der Informationstechnik (BSI) höhere Sicherheitsstandards verlangt. --------------------------------------------- https://futurezone.at/netzpolitik/bsi-deutschland-soll-vernetzte-geraete-be… *** Vulnerabilities in Slack could have led to account hijacking *** --------------------------------------------- Persistence pays off as security researcher nets bug bounty for unearthing an access control bypass allowing attackers to reset passwords if they know the usernames. --------------------------------------------- http://www.scmagazine.com/vulnerabilities-in-slack-could-have-led-to-accoun… *** task_t considered harmful *** --------------------------------------------- Posted by Ian Beer, Project ZeroThis post discusses a design issue at the core of the XNU kernel which powers iOS and MacOS. Apple have shipped two iterations of mitigations followed yesterday by a large refactor in MacOS 10.12.1/iOS .. --------------------------------------------- http://googleprojectzero.blogspot.com/2016/10/posted-by-ian-beer-project-ze… Aufgrund des Feiertages am morgigen Mittwoch, den 26.10.2016, erscheint der nächste End-of-Shift Report erst am 27.10.2016.

1 0

Tageszusammenfassung - Montag 24-10-2016
by Daily end-of-shift report 24 Oct '16

24 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-10-2016 18:00 − Montag 24-10-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** In a BIND: Third parties distributed outdated, vulnerable ISC Domain Name System software *** --------------------------------------------- The Internet Systems Consortium issued an advisory on Wednesday, warning that some third parties are distributing versions of ISCs BIND software that contain a high-severity vulnerability, which if exploited can trigger an assertion failure. --------------------------------------------- http://www.scmagazine.com/in-a-bind-third-parties-distributed-outdated-vuln… *** Credentials Stealer on Prestashop *** --------------------------------------------- In a matter of hours, a big e-commerce website can have hundreds of credit card numbers stolen and used by attackers on other websites around the world. We commonly see ecommerce websites infected with credit card (CC) .. --------------------------------------------- https://blog.sucuri.net/2016/10/credentials-stealer-prestashop.html *** Hacked Cameras, DVRs Powered Today’s Massive Internet Outage *** --------------------------------------------- A massive and sustained Internet attack that has caused outages and network congestion today for a large number of Web sites was launched with the help of hacked "Internet of Things" (IoT) devices, such as CCTV video cameras and digital video recorders, new data suggests. --------------------------------------------- https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-mass… *** Beware of Hicurdismos: It’s a fake Microsoft Security Essentials installer that can lead to a support call scam *** --------------------------------------------- Wouldn’t it be a shame if, in trying to secure your PC, you inadvertently install malware and run the risk of being scammed? We recently discovered a threat .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/10/21/beware-of-hicurdismos-i… *** DSA-3697 kdepimlibs - security update *** --------------------------------------------- Roland Tapken discovered that insufficient input sanitising in KMailsplain text viewer allowed the injection of HTML code. --------------------------------------------- https://www.debian.org/security/2016/dsa-3697 *** Policy Analyzer v3.1 PRE-RELEASE *** --------------------------------------------- Lots of updates to Policy Analyzer in this unsigned, pre-release preview build — please post comments here to let me know how well it addresses your needs and what .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2016/10/22/policy-analyzer-v3-… *** Sicherere Pornos: "https" soll Nutzer schützen *** --------------------------------------------- Sicherheitsprotokoll schützt Privatsphäre – soll außerdem vor potenzielle Leaks verhindern --------------------------------------------- http://derstandard.at/2000046090383 *** "Dirty Cow": Warnung vor "ekliger" Linux-Lücke *** --------------------------------------------- Fehler erlaubt es Nutzern im Linux-Kernel Dateien zu überschreiben, für die sie Leserechte haben --------------------------------------------- http://derstandard.at/2000046330107 *** FBI: Russe soll LinkedIn und Dropbox gehackt haben *** --------------------------------------------- Der russische Staatsbürger wurde in Tschechien festgenommen --------------------------------------------- http://derstandard.at/2000046330952 *** Request for Packets TCP 4786 - CVE-2016-6385, (Sat, Oct 22nd) *** --------------------------------------------- We have received information about potential active reconnaissance for TCP 4786 which might be related to CVE-2016-6385 (Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability) an advisory released 28 Sep 2016. This .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21625 *** Mirai-Botnetz: Dyn bestätigt Angriff von zig-Millionen IP-Adressen *** --------------------------------------------- Der Internet-Dienstleister Dyn hat erste Details zur schweren DDoS-Attacke vom vergangenen Freitag genannt. Demnach gab es drei Angriffswellen von unterschiedlichem Ausmaß. --------------------------------------------- http://www.golem.de/news/mirai-botnetz-dyndns-bestaetigt-angriff-von-zig-mi… *** Hohe Phishing-Quote: So einfach ließen sich US-Politiker hacken *** --------------------------------------------- Die Veröffentlichungen von Wikileaks bringen die US-Politik in Schwierigkeiten. Die Hacks machen deutlich, welche Gefahren durch die Nutzung populärer E-Mail-Dienste wie Gmail entstehen. --------------------------------------------- http://www.golem.de/news/hohe-phishing-quote-so-einfach-liessen-sich-us-pol… *** Mozilla plots TLS 1.3 future for Firefox *** --------------------------------------------- Quicker handshake starts encrypting data sooner Mozilla has decided it needs to lift its HTTPS game, and will default to TLS 1.3 in next years Firefox 52.… --------------------------------------------- www.theregister.co.uk/2016/10/23/mozilla_plots_tls_13_future_for_firefox/ *** DDoS für 7.500 US-Dollar: Hacker verkaufen Zugang zu IoT-Botnetz im Darknet *** --------------------------------------------- Der Zugang zum IoT-Botnetz Mirai setzt neuerdings keine technischen Kenntnisse mehr voraus, sondern nur genügend Finanzmittel - 7.500 US-Dollar. Außerdem bestätigte ein chinesischer Hersteller, dass seine Geräte Teil des .. --------------------------------------------- http://www.golem.de/news/ddos-fuer-7-500-us-dollar-hacker-verkaufen-zugang-… *** Gefälschte Verbund-Rechnung verschlüsselt Dateien *** --------------------------------------------- Kriminelle versenden gefälschte Verbund-Rechnungen per E-Mail. Darin fordern sie Empfänger/innen auf, dass diese eine Website öffnen. Sie imitiert den Internetauftritt der .. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-verbun… *** Drammer: Rowhammer bringt zuverlässig Root-Zugriff auf Android *** --------------------------------------------- Mit forcierten Bitflips im Arbeitsspeicher lassen sich leicht Root-Rechte auf Systemen erlangen. Forscher zeigen, dass dies auch zuverlässig auf Android-Telefonen .. --------------------------------------------- http://www.golem.de/news/drammer-rowhammer-bringt-zuverlaessig-root-zugriff… *** Trick Bot – Dyreza’s successor *** --------------------------------------------- Recently, our analyst Jérôme Segura captured an interesting payload in the wild. It turned out to be a new bot, that, at the moment of the analysis, hadnt been described .. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-suc… *** From There to Here (But Not Back Again) *** --------------------------------------------- Red Hat Product Security recently celebrated our 15th anniversary this summer and while I cannot claim to have been with Red Hat for that long (although I’m coming up .. --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2712261 *** Analyzing Rig *** --------------------------------------------- I recently Googled for a sleeping accommodation in "The Ardennes", a region of extensive forests in Southern Belgium. It wasnt surprised that by clicking on the fourth .. --------------------------------------------- https://www.uperesia.com/analyzing-rig-exploit-kit

1 0

Tageszusammenfassung - Freitag 21-10-2016
by Daily end-of-shift report 21 Oct '16

21 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-10-2016 18:00 − Freitag 21-10-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** iCloud Phishing Campaign Zycode Back From the Dead *** --------------------------------------------- http://threatpost.com/icloud-phishing-campaign-zycode-back-from-the-dead/12… *** EMC Avamar Data Store and Virtual Edition Unspecified Flaw Lets Remote Authenticated Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1037066 *** Hack.lu 2016 Wrap-Up Day #3 *** --------------------------------------------- The third day is already over! I’m just back at home so it’s time for a last quick wrap-up before recovering before BruCON which is organized next week! Damien .. --------------------------------------------- https://blog.rootshell.be/2016/10/20/hack-lu-2016-wrap-day-3/ *** Oracle Critical Patch Update Advisory - October 2016 *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html *** Moxa EDR-810 Industrial Secure Router Privilege Escalation Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a privilege escalation vulnerability in Moxa’s EDR-810 Industrial Secure Router. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01 *** “Most serious” Linux privilege-escalation bug ever is under active exploit (updated) *** --------------------------------------------- While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation .. http://arstechnica.com/security/2016/10/most-serious-linux-privilege-escala… *** CVE-2016-2848: A packet with malformed options can trigger an assertion failure in ISC BIND versions released prior to May 2013 *** --------------------------------------------- A packet with a malformed options section can be used to deliberately trigger an assertion .. --------------------------------------------- https://kb.isc.org/article/AA-01433/74/CVE-2016-2848 *** Nagios XI 5.2.9 Cross Site Scripting / Open Redirect *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016100203 *** Doctor Web examines new backdoor for Linux *** --------------------------------------------- October 20, 2016 Most backdoor Trojans are created for Microsoft Windows; however, a few of them can infect Linux devices. This rare type of Trojan .. --------------------------------------------- http://news.drweb.com/show/?i=10265&lng=en&c=9 *** Vuln: Multiple Synology DiskStation Products CVE-2016-6554 Insecure Default Password Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93805 *** Warnung vor gefälschter BAWAG PSK-Phishingmail *** --------------------------------------------- In einer gefälschten BAWAG PSK-Nachricht behaupten Kriminelle, dass es „einer dringenden .. --------------------------------------------- https://www.watchlist-internet.at/phishing/warnung-vor-gefaelschter-bawag-p… *** Dridex - an old dog is learning new tricks *** --------------------------------------------- A lot of things have been said and written about Dridex in the past few months. It has risen and fallen in prevalence and it was rumored that its makers collaborate .. --------------------------------------------- https://blog.gdatasoftware.com/2016/10/29261-dridex-an-old-dog-is-learning-… *** New ESET research paper puts Sednit under the microscope *** --------------------------------------------- Security researchers at ESET have released their latest research into the notorious Sednit .. --------------------------------------------- http://www.welivesecurity.com/2016/10/20/new-eset-research-paper-puts-sedni… *** SSA-296574 (Last Update 2016-10-21): Denial of Service in SICAM RTU Devices *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-296574… *** Hax0rs sow Discord by using VoIP service to sling malware at gamers *** --------------------------------------------- Not even playtimes safe these days Hackers abused a free VoIP service for gamers to distribute remote-access Trojans and other malware. --------------------------------------------- www.theregister.co.uk/2016/10/21/gaming_voip_service_malware_abuse/ *** DDoS on Dyn Impacts Twitter, Spotify, Reddit *** --------------------------------------------- Criminals this morning massively attacked Dyn, a company that provides core Internet services .. --------------------------------------------- https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-red…

1 0

Tageszusammenfassung - Donnerstag 20-10-2016
by Daily end-of-shift report 20 Oct '16

20 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 19-10-2016 18:00 − Donnerstag 20-10-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Cisco ASA Software Local Certificate Authority Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system.The vulnerability is due to improper handling of .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Firepower Detection Engine HTTP Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Meeting Server Information Disclosure Vulnerability *** --------------------------------------------- A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server.The vulnerability is due to missing bounds checks in the Web Bridge functionality. An .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Meeting Server Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability in the Identity Firewall feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Adult FriendFinder Vulnerability Leaves Millions Exposed *** --------------------------------------------- Security experts are reporting popular adult website Adult FriendFinder has been compromised by hackers who have gained access to the sites backend servers. --------------------------------------------- http://threatpost.com/adult-friendfinder-vulnerability-leaves-millions-expo… *** The new .LNK between spam and Locky infection *** --------------------------------------------- Just when it seems the Ransom:Win32/Locky activity has slowed down, our continuous monitoring of the ransomware family reveals a new workaround that the authors .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/10/19/the-new-lnk-between-spa… *** Hack.lu 2016 Wrap-Up Day #2 *** --------------------------------------------- I'm just back from the second day of hack.lu. The day started early with Patrice Auffret about Metabrik! Patrice is a Perl addict and developed lot of CPAN .. --------------------------------------------- https://blog.rootshell.be/2016/10/20/hack-lu-2016-wrap-day-2/ *** Researchers Bypass ASLR Protection On Intel Haswell CPUs *** --------------------------------------------- An anonymous reader writes: "A team of scientists from two U.S. universities has devised .. --------------------------------------------- https://news.slashdot.org/story/16/10/19/2358209/researchers-bypass-aslr-pr… *** OWASP ModSecurity CRS Version 3.0 RC2 Released *** --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/OWASP-ModSecurity-CRS-Versio… *** Novell: Storage Manager for eDirectory 5.0.0 *** --------------------------------------------- https://download.novell.com/Download?buildid=4x6-1FswplA~ *** Security research tool had security problem *** --------------------------------------------- Plugin for popular disassembler OllyDGB allowed man-in-the-middle diddle Security .. --------------------------------------------- www.theregister.co.uk/2016/10/20/ollydgb_vulnerability/ *** Can I spam from here: An Unusually Clever Spambot Tests Blacklists *** --------------------------------------------- Unit 42 researchers recently observed an unusually clever spambot's attempts to increase delivery efficacy by abusing reputation blacklist service .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/10/unit42-can-i-spam-from-h… *** Bugtraq: [security bulletin] HPSBGN03663 rev.1 - HPE ArcSight WINC Connector, Remote Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/539609 *** Skyping and Typing the Latest Threat to Privacy *** --------------------------------------------- Typing while using Skype or over other Voice over Internet Protocol (VoIP) services presents an opportunity for an attacker to record the conversation, separate .. --------------------------------------------- https://threatpost.com/skyping-and-typing-the-latest-threat-to-privacy/1213… *** The Kings In Your Castle Part #1 *** --------------------------------------------- In March 2016 I presented together with Raphael Vinot at this year�s Troopers conference in Heidelberg. The talk treated research of targeted malware, .. --------------------------------------------- https://cyber.wtf/2016/10/12/the-kings-in-your-castle-all-the-lame-threats-… *** Palo Alto PAN-OS Input Validation Flaw in Monitor Tab Lets Remote Authenticated Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037063

1 0

Tageszusammenfassung - Mittwoch 19-10-2016
by Daily end-of-shift report 19 Oct '16

19 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-10-2016 18:00 − Mittwoch 19-10-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Is it worth reporting ransomware? *** --------------------------------------------- Answer: yes. Police forces badly need more people to tell them about attacks. --------------------------------------------- https://nakedsecurity.sophos.com/2016/10/18/is-it-worth-reporting-ransomwar… *** Security Advisory: PHP vulnerability CVE-2015-8935 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/63/sol63712424.html?… *** PHP Buffer Overflow in php_pcre_replace_impl() Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A remote user can supply specially crafted data that, when processed by the target application, will trigger a heap overflow in php_pcre_replace_impl() in the PCRE component and execute arbitrary code on the target system. ... [Editor's note: The vendor indicates that these other memory errors require strings on the order of 2GB to exploit and that memory_limit and max_input_size values on the target system should prevent exploitation.] --------------------------------------------- http://www.securitytracker.com/id/1037033 *** Security Advisory: TIFF vulnerability CVE-2015-7554 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/38/sol38871451.html?… *** IDM 4.5 Midrange BiDirectional Driver 4.5 *** --------------------------------------------- https://download.novell.com/Download?buildid=sQgqe1Stbog~ *** Hack.lu 2016 Wrap-Up Day #1 *** --------------------------------------------- I'm back to Luxembourg for a new edition of hack.lu. In fact, I arrived yesterday afternoon to attend the MISP summit. It was a good opportunity to meet MISP users and to get fresh news about the project. --------------------------------------------- https://blog.rootshell.be/2016/10/18/hack-lu-2016-wrap-day-1/ *** Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges *** --------------------------------------------- Version(s): 6u121, 7u111, 8u102; Java SE Embedded: 8u101 Description: Multiple vulnerabilities were reported in Oracle Java SE. A remote user can access data on the target system. A remote user can modify data on the target system. A remote user can gain elevated privileges. --------------------------------------------- http://www.securitytracker.com/id/1037040 *** Oracle Database Multiple Flaws Let Remote and Local Users Access and Modify Data and Gain Elevated Privileges and Let Local Users Deny Service *** --------------------------------------------- Version(s): 11.2.0.4, 12.1.0.2 Description: Multiple vulnerabilities were reported in Oracle Database. A remote and local user can access data on the target system. A remote user can modify data on the target system. A local user can cause denial of service conditions on the target system. A local user can obtain elevated privileges on the target system. A remote authenticated user can gain elevated privileges. --------------------------------------------- http://www.securitytracker.com/id/1037035 *** Vuln: Oracle Fusion Middleware CVE-2016-5531 Remote Security Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93730 *** MySQL Multiple Bugs Let Remote Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Modify Data and Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1037050 *** Solaris Multiple Bugs Let Remote and Local Users Access Data and Deny Service and Let Local Users Modify Data and Deny Service *** --------------------------------------------- Version(s): 10, 11.3 Description: Multiple vulnerabilities were reported in Solaris. A remote or local user can access data on the target system. A remote or local user can cause denial of service conditions on the target system. A local user can modify data on the target system. A local user can obtain elevated privileges on the target system. --------------------------------------------- http://www.securitytracker.com/id/1037048 *** Installer of Evernote for Windows may insecurely load Dynamic Link Libraries *** --------------------------------------------- http://jvn.jp/en/jp/JVN03251132/ *** Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a hard-coded password vulnerability in Schneider Electric's PowerLogic PM8ECC device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01 *** Cisco Talos: Vulnerability Spotlight: Foxit PDF Reader JBIG2 Parser Information Disclosure *** --------------------------------------------- Talos has identified an information disclosure vulnerability in Foxit PDF Reader (TALOS-2016-0201/CVE-2016-8334). A wrongly bounded call to `memcpy`, while parsing jbig2 segments within a PDF file, can be triggered in Foxit PDF Reader causing an out-of-bounds heap memory to be read into a buffer. --------------------------------------------- http://blog.talosintel.com/2016/10/foxit-pdf-jbig2.html *** CAIDA: Spoofer *** --------------------------------------------- We have developed and support a new client-server system for Windows, MacOS, and UNIX-like systems that periodically tests a networks ability to both send and receive packets with forged source IP addresses (spoofed packets). We are (in the process of) producing reports and visualizations that will inform operators, response teams, and policy analysts. --------------------------------------------- https://www.caida.org/projects/spoofer/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Cloud Orchestrator, HTTP Server and bundling products shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg2C1000137 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK for Node.js in IBM Bluemix *** http://www.ibm.com/support/docview.wss?uid=swg21992427 --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Application Platform Reflected Cross-Site Scripting (XSS) (CVE-2016-5980) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991992 --------------------------------------------- *** IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-3092 *** http://www.ibm.com/support/docview.wss?uid=swg21992457 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability in IBM Websphere Application Server and IBM Websphere Application Server Liberty affects IBM BigFix Remote Control (CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991987 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in PCRE affects IBM Tivoli Network Manager IP Edition (CVE-2016-1283) *** http://www.ibm.com/support/docview.wss?uid=swg21991978 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 18-10-2016
by Daily end-of-shift report 18 Oct '16

18 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 17-10-2016 18:00 − Dienstag 18-10-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Security baseline for Windows 10 v1607 (“Anniversary edition”) and Windows Server 2016 *** --------------------------------------------- Microsoft is pleased to announce the release of the security configuration baseline settings for Windows 10 version 1607, also known as “Anniversary edition” .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-f… *** New-looking Sundown EK drops Smoke Loader, Kronos banker *** --------------------------------------------- In this post we take a quick glance at some changes made to the Sundown exploit kit. The landing page has been tweaked and uses various obfuscation techniques. Sundown is used in some smaller campaigns and in this particular case .. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2016/10/new-looking-sundown-e… *** Magento Credit Card Swiper Exports to Image *** --------------------------------------------- Over the past year we have seen a rash of credit card swipers in Magento and other ecommerce-based websites. In fact, we have been finding new variants nearly every week. It is no surprise that ecommerce sites are .. --------------------------------------------- https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.ht… *** ZDI-16-570: Novell NetIQ Sentinel Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetIQ Sentinel. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-570/ *** Security Advisory - Hardcoded SSH Key Vulnerability in Some Huawei Storage Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161017-… *** Audit sees VeraCrypt kils critical password recovery, cipher flaws *** --------------------------------------------- Patches slung at 11 bad bugs Security researchers have found eight critical, three medium, and 15 low .. --------------------------------------------- www.theregister.co.uk/2016/10/18/veracrypt_audit/ *** iOS 10.0.3 *** --------------------------------------------- https://support.apple.com/en-us/HT207263 *** Hajime: Analysis of a decentralized internet worm for IoT devices [PDF] *** --------------------------------------------- Though worms which target IoT devices are not new, they are rising in prominence lately due to the generally wea k security such devices have. What makes Hajime .. --------------------------------------------- https://security.rapiditynetworks.com/publications/2016-10-16/hajime.pdf *** Netzob: Reverse Engineering Communication Protocols *** --------------------------------------------- Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of .. --------------------------------------------- https://www.netzob.org/ *** Halfway there! Firefox users now visit over 50% of pages via HTTPS *** --------------------------------------------- Mozilla telemetry shows sites using HTTPS for more secure browsing now outnumber plain old HTTP. --------------------------------------------- https://nakedsecurity.sophos.com/2016/10/18/halfway-there-firefox-users-now… *** Malware verkauft: 22-Jähriger muss in Deutschland vor Gericht *** --------------------------------------------- Ein 22-Jähriger soll in 4.000 Fällen Trojaner, Viren und andere Malware verkauft haben. Jetzt muss er sich dafür vor Gericht verantworten. -------------------------------------------- - https://futurezone.at/digital-life/malware-verkauft-22-jaehriger-muss-in-de…

1 0

Tageszusammenfassung - Montag 17-10-2016
by Daily end-of-shift report 17 Oct '16

17 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-10-2016 18:00 − Montag 17-10-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** pseudoDarkleech Rig EK *** --------------------------------------------- Since Monday 2016-10-03, the pseudoDarkleech campaign has been using Rig exploit kit (EK) to distribute Cerber ransomware." /> Shown above: An infection chain of events. Let" /> Shown above:" /> Shown above: UDP traffic seen .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21595 *** Sierra Wireless Mitigations Against Mirai Malware *** --------------------------------------------- NCCIC/ICS-CERT received a technical bulletin from the Sierra Wireless company, outlining mitigations to secure Airlink Cellular Gateway devices affected by (or at risk of) the “Mirai” malware. While the Sierra Wireless .. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-286-01 *** Vuln: Magento CMS Multiple Cross-Site Request Forgery Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/93576 *** Vuln: Magento CMS Flash File Uploader Cross Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93575 *** Vuln: PHP password_verify() Function Out-of-Bounds Read Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93578 *** Maldoc VBA Anti-Analysis *** --------------------------------------------- I was asked for help with the analysis of sample 7c9505f2c041ba588bed854258344c43. Turns out this malicious Word document has some anti-analysis tricks (here is an older diary entry with other anti-analysis tricks). Here is the analysis with oledump.py: Stream 8 contains VBA .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21599 *** Symantec observed a surge of spam emails using malicious WSF files *** --------------------------------------------- Symantec observed a significant increase in the number of email-based attacks using malicious Windows Script File (WSF) attachments. Experts from Symantec are observing a significant increase in the number of email-based .. --------------------------------------------- http://securityaffairs.co/wordpress/52341/cyber-crime/spam-wsf-files.html *** Analyzing Office Maldocs With Decoder.xls, (Sun, Oct 16th) *** --------------------------------------------- In my last diary entry, I show how to decode VBA maldoc strings with Excel. A similar technique can be used to decode a payload (like shellcode). I explain .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21601 *** Outlook-on-Android alternative Nine leaked Exchange Server creds *** --------------------------------------------- Patches slung to fix popular third-party email app Staff logging into Exchange Server through a popular app could have placed their enterprise credentials at risk through a since-closed vulnerability. --------------------------------------------- www.theregister.co.uk/2016/10/17/outlook_app_slapped_in_maninthemiddle_didd… *** VMSA-2016-0016 *** --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0016.html *** IBM Security Bulletin:Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director (CVE-2016-0264, CVE-2016-3426) *** --------------------------------------------- There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version .. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024427 *** No More Ransom adds law enforcement partners from 13 new countries *** --------------------------------------------- Intel Security and Kaspersky Labs today announced that 13 law enforcement agencies have joined No More Ransom, a partnership between cybersecurity industry and law enforcement organizations to provide ransomware victims education and decryption tools through www.nomoreransom.org. Intel .. --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/no-ransom-adds-law-enforcement-partner…

1 0

Tageszusammenfassung - Freitag 14-10-2016
by Daily end-of-shift report 14 Oct '16

14 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 13-10-2016 18:00 − Freitag 14-10-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Gezinkte Primzahlen ermöglichen Hintertüren in Verschlüsselung *** --------------------------------------------- Ein Forscherteam hat aufgezeigt, dass man durch geschickte Konstruktion einer Primzahl eine Hintertür in Verschlüsselungsverfahren einbauen kann. Nicht auszuschließen, dass dies bei etablierten Verfahren längst passiert ist. --------------------------------------------- https://heise.de/-3347585 *** Security through Confusion – The FUD Factor *** --------------------------------------------- The FUD factor has been employed by sales and marketing teams from multiple industries for decades. It stands for fear, uncertainty and doubt (FUD) and first appeared in the 70’s as a tactic used by competitors in the computer .. --------------------------------------------- https://blog.sucuri.net/2016/10/security-confusion-fud-factor.html *** Cyber Europe 2016: the pan-European exercise to protect EU Infrastructures against coordinated cyber-attack *** --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/cyber-europe-2016 *** Floating Down .Stream (Shady TLD Research, Part 17) *** --------------------------------------------- The end of September means the leaves are starting to change -- and our quarterly Top Ten list of the shadiest TLDs is changing as well, with three newcomers since last time .. --------------------------------------------- https://www.bluecoat.com/security-blog/2016-10-13/floating-down-stream-shad… *** OSIsoft PI Web API 2015 R2 Service Account Permissions Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a permissions vulnerability in OSIsoft’s PI Web API. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-287-01 *** Siemens Automation License Manager Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for vulnerabilities in Siemen’s Automation License Manager (ALM). --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02 *** Rockwell Automation Stratix Denial-of-Service and Memory Leak Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for vulnerabilities contained in Rockwell Automation’s Allen-Bradley Stratix industrial switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04 *** Moxa ioLogik E1200 Series Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for vulnerabilities in Moxas ioLogik E1200 series application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05 *** Fatek Automation Designer Memory Corruption Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for a heap memory corruption and two stack buffer overflow vulnerabilities in Fatek’s Automation PM and FV Designer applications. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06 *** Kabona AB WDC Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for vulnerabilities in Kabona AB’s WebDatorCentral (WDC) application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07 *** Pork Explosion flaw splatters Foxconns Android phones *** --------------------------------------------- Full compromise over USB bacon-ed in to smartmobes Security researcher John Sawyer says a limited backdoor has been found in some Foxconn-manufactured Android phones, allowing attackers to root phones they have in hand. --------------------------------------------- www.theregister.co.uk/2016/10/14/pork_explosion_foxconn_flaw/ *** LockyDump - All Your Configs Are Belong To Us *** --------------------------------------------- This post will discuss a new Locky configuration extractor that Talos is releasing, which we are naming LockyDump. This is the first open source tool which can dump .. --------------------------------------------- http://blog.talosintel.com/2016/10/lockydump.html *** Quickly audit and adjust SSH server configurations with SSH-audit *** --------------------------------------------- SSH-audit is a standalone open source tool for auditing and fixing SSH server configurations. It has no dependencies and will run wherever Python is available. It supports OpenSSH, Dropbear SSH and libssh, and reports on every detail of the tested SSH server, including detailed information about .. --------------------------------------------- https://www.helpnetsecurity.com/2016/10/14/ssh-audit-fix-ssh-server-configu… *** Magento-Updates: Checkout-Prozess als Einfallstor für Angreifer *** --------------------------------------------- Sicherheits-Patches für das Shop-System schließen mehrere Lücken. Zwei davon gelten als kritisch. --------------------------------------------- https://heise.de/-3350195 *** Apache OpenOffice 4.1.3 *** --------------------------------------------- Apache OpenOffice 4.1.3 ist ein Release zur Fehlerbeseitigung, welches Sicherheitsprobleme beseitigt, Wörterbücher aktualisiert und einige sonstige bekannte Fehler korrigiert. Allen Benutzern von Apache Openoffice 4.1.2 oder älteren Versionen wird empfohlen zu aktualisieren. --------------------------------------------- https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=65873798 *** SSHowDowN: Zwölf Jahre alter OpenSSH-Bug gefährdet unzählige IoT-Geräte *** --------------------------------------------- Akamai warnt davor, dass Kriminelle unvermindert Millionen IoT-Geräte für DDoS-Attacken kapern. Die dafür ausgenutzte Lücke ist älter als ein Jahrzehnt. Viele Geräte sollen sich nicht patchen lassen. --------------------------------------------- https://www.heise.de/newsticker/meldung/SSHowDowN-Zwoelf-Jahre-alter-OpenSS… *** Cyber-attacks Against Nuclear Plants: A Disconcerting Threat *** --------------------------------------------- Introduction A cyber-attack against critical infrastructure could cause the paralysis of critical operations with serious consequences for a country and its population. In a worst case scenario, a cyber-attack could affect processes that in .. --------------------------------------------- http://resources.infosecinstitute.com/cyber-attacks-against-nuclear-plants-… *** Wosign und Startcom: Mozilla macht Ernst mit dem Rauswurf *** --------------------------------------------- Mozilla hat auf der Entwicklermailingliste angekündigt, Zertifikaten von Wosign und Startcom mit der übernächsten Firefox Version 51 nicht mehr zu vertrauen. Die Version ist für den kommenden Januar geplant. --------------------------------------------- http://www.golem.de/news/wosign-und-startcom-mozilla-macht-ernst-mit-dem-ra… *** GlobalSign annulliert versehentlich Zertifikate von vielen Webseiten *** --------------------------------------------- Aktuell warnen einige Webbrowser davor, dass Verbindungen zu Webseiten wie etwa Wikipedia nicht mehr gesichert sind, da mit dem Zertifikat der Seite etwas nicht stimmt. --------------------------------------------- https://heise.de/-3350544 *** IT-Experten des Bundesheeres finden kritische Lücke in Microsoft Office *** --------------------------------------------- Analyse eines Cyberangriffs – Schwachstelle wurde 11. Oktober mit einem Update beseitigt --------------------------------------------- http://derstandard.at/2000045921807

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily