- Daily - CERT.at

Tageszusammenfassung - Mittwoch 24-08-2016
by Daily end-of-shift report 24 Aug '16

24 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-08-2016 18:00 − Mittwoch 24-08-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** The SWEET32 Issue, CVE-2016-2183 *** --------------------------------------------- Today, Karthik Bhargavan and Gaetan Leurent from Inria have unveiled a new attack on Triple-DES, SWEET32, Birthday attacks on 64-bit block ciphers in TLS and OpenVPN. It has been assigned CVE-2016-2183. This post gives a bit of background and describes what OpenSSL is doing. For more details, see their website. --------------------------------------------- https://www.openssl.org/blog/blog/2016/08/24/sweet32/ *** "Wildfire" Ransomware Extinguished by Tool From NoMoreRansom; Unlock Files for Free *** --------------------------------------------- Intel Security and Kaspersky Lab, partners in the project NoMoreRansom, are pleased to announce today the availability of a decryption tool for victims of the Wildfire variant of ransomware. This tool is available following successful collaboration with the Dutch police and the European Cybercrime Centre. This strong public-private partnership has led to the seizure of... --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/wildfire-ransomware-extinguished-tool-… *** BSI veröffentlicht Update zu den Top 10 Bedrohungen für Industrial Control Systems *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) beobachtet die Bedrohungslage für Industrial Control Systems deshalb kontinuierlich. Die schwerwiegendsten Gefahren sowie passende Gegenmaßnahmen fasst das BSI seit 2012 im Dokument "Industrial Control System Security - Top 10 Bedrohungen und Gegenmaßnahmen" zusammen. Für das Jahr 2016 hat das Bundesamt nun ein Update des Papiers herausgegeben. --------------------------------------------- https://www.allianz-fuer-cybersicherheit.de/ACS/DE/_/infos/20160823_Update_… *** NSA-Exploit ExtraBacon soll deutlich mehr Cisco-Firewalls bedrohen *** --------------------------------------------- Untersuchungen von Sicherheitsforschern legen nahe, dass auch neuere Version der Cisco Adaptive Security Appliance (ASA) angreifbar sind. --------------------------------------------- http://heise.de/-3303629 *** Privilege Escalation on Linux with Live examples *** --------------------------------------------- Introduction One of the most important phase during penetration testing or vulnerability assessment is Privilege Escalation. During that step, hackers and security researchers attempt to find out a way (exploit, bug, misconfiguration) to escalate between the system accounts. Of course, vertical privilege escalation is the ultimate goal. For many security researchers, this is a fascinating... --------------------------------------------- http://resources.infosecinstitute.com/privilege-escalation-linux-live-examp… *** Forscher sehen Löcher in Apples iOS-Sandbox *** --------------------------------------------- Die iOS-Sandbox weist Wissenschaftlern zufolge "bedenkliche Sicherheitslücken" auf, die Apps den eigentlich verwehrten Zugriff auf Nutzerdaten ermöglichen - und Eingriff ins System. Apple will die Schwachstellen offenbar mit iOS 10 schließen. --------------------------------------------- http://heise.de/-3304068 *** VMSA-2016-0013 *** --------------------------------------------- VMware Identity Manager and vRealize Automation updates address multiple security issues --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0013.html *** Moxa OnCell Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for several vulnerabilities in Moxa's OnCell products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01 *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… --------------------------------------------- *** Security Advisory - Weak Encryption Algorithm Vulnerability in Huawei Servers *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… --------------------------------------------- *** Security Advisory - XXE Vulnerability in the E9000 *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… --------------------------------------------- *** Security Advisory - Uncontrolled Format String Vulnerability on Multiple Products *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… --------------------------------------------- *** Security Advisory - Reset Password and Information Leak Vulnerabilities in Huawei UMA *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… --------------------------------------------- *** Security Advisory - Two Command Injection Vulnerabilities in Huawei UMA *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… --------------------------------------------- *** Security Advisory - Information Leak Vulnerability in Huawei FusionSphere Product *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-… ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 23-08-2016
by Daily end-of-shift report 23 Aug '16

23 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 22-08-2016 18:00 − Dienstag 23-08-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Vuln: WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/92572 *** Juniper Acknowledges Equation Group Targeted ScreenOS *** --------------------------------------------- Juniper Networks on Friday acknowledged that implants contained in the ShadowBrokers data dump target NetScreen firewalls running ScreenOS. --------------------------------------------- http://threatpost.com/juniper-acknowledges-equation-group-exploits-target-s… *** Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities in IP Phones *** --------------------------------------------- Obihai Technology recently patched a slew of issues in its ObiPhone IP phone products that could have led to memory corruption, a buffer overflow, and denial of service conditions, among other outcomes. --------------------------------------------- http://threatpost.com/obihai-patches-memory-corruption-dos-csrf-vulnerabili… *** Vuln: PHP php_quot_print_encode() Function Integer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/92588 *** shellray. a php webshell detector *** --------------------------------------------- nimbusec shellray ist ein kostenloser Online Webshell Detector für .php-Dateien. --------------------------------------------- https://shellray.com/de/ *** Voice Message Notifications Deliver Ransomware *** --------------------------------------------- Bad guys need to constantly find new ways to lure their victims. If billing notifications were very common for a while, not all people in a company are working .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21397 *** Security Notice - Statement About Toolkit Released by Shadow Brokers *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20160823-01-… *** 'Sicherheits-Check' bei Bank Austria-Kunden *** --------------------------------------------- Eine falsche Bank Austria-Mail ist im Umlauf. Darin behaupten Kriminelle, dass Kund/innen einen Sicherheits-Check durchführen müssen. Aus diesem .. --------------------------------------------- https://www.watchlist-internet.at/phishing/sicherheits-check-bei-bank-austr… *** Sandscout: Angriff auf Apples Sandkasten *** --------------------------------------------- Im Sicherheitsvergleich mit Android schneidet iOS meist besser ab. In einem aktuellen Versuch gelang es Forschern aber, einen erfolgreichen Angriff auf die Sandboxing-Funktion von iOS-Apps durchzuführen. --------------------------------------------- http://www.golem.de/news/sandscout-angriff-auf-apples-sandkasten-1608-12285… *** Timing of Browser-Based Security Alerts Could Be Better *** --------------------------------------------- New academic research shows that security warnings should be better timed to pop up when computers users are less likely to be multitasking. --------------------------------------------- http://threatpost.com/timing-of-browser-based-security-alerts-could-be-bett…

1 0

Tageszusammenfassung - Montag 22-08-2016
by Daily end-of-shift report 22 Aug '16

22 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 19-08-2016 18:00 − Montag 22-08-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Shadow Brokers Release of Hacking Code *** --------------------------------------------- Juniper responds to hacking code released by The Shadow Brokers. --------------------------------------------- https://forums.juniper.net/t5/Security-Incident-Response/Shadow-Brokers-Rel… *** Cisco ASA SNMP Remote Code Execution Vulnerability, (Sun, Aug 21st) *** --------------------------------------------- Looking back through all the vulnerabilities announced this week, one caught my eye. CVE-2016-6366 is a vulnerability in the Cisco ASA products which could allow a remote attacker to remotely execute code. This vulnerability is part of the Equation Group disclosures and was not previously known by Cisco.The vulnerability is in the SNMP code on the ASA and would allow an attacker with knowledge of the SNMP community stringto send craftedIPv4SNMP traffic which could be used to reload the system... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21389&rss *** I got the power - over your IoT power-point *** --------------------------------------------- It never gets better, does it? The latest "your IoT security is rubbish" takes the world one step closer to "burn it all and try again": a "smart" electrical outlet thats actually a whole-of-network attack vector. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/08/22/i_got_the_p… *** How to get your network and security teams working together *** --------------------------------------------- Its not surprising that network and security teams arent always on the same page. After all, networks need to be fast and efficient, while security is about slowing things down and implementing extra steps to help meet security measures. While both teams are a part of the IT department, and need to work together in the event of a breach, each group has its own objectives and expectations. But when a data breach or security threat strikes, businesses need both teams working together to help get... --------------------------------------------- http://www.cio.com/article/3110264/careers-staffing/how-to-get-your-network… *** Threat intelligence report for the telecommunications industry *** --------------------------------------------- The telecoms sector is under fire on all sides - hit by direct attacks on organizations and networks, indirect attacks in search of subscribers, and collateral damage from unrelated, targeted campaigns. This report reveals the many layers of vulnerability. --------------------------------------------- http://securelist.com/analysis/publications/75846/threat-intelligence-repor… *** Open sourced: Cyber reasoning system that won third place in DARPA's Cyber Grand Challenge *** --------------------------------------------- Earlier this month, the DARPA-backed Cyber Grand Challenge (CGC) has shown that a future in which computer systems will (wholly or partially) replace bug hunters and patchers looms near. Now, the team that has won third place in the contest - Shellphish of Santa Barbara, California - has open sourced many of the components of its winning Mechanical Phish cyber reasoning system. But individuals and teams interested in testing and advancing the system will have... --------------------------------------------- https://www.helpnetsecurity.com/2016/08/22/cyber-reasoning-system/ *** Finding and Enumerating Processes within Memory-Part 3 *** --------------------------------------------- Continuing with the series, in this article, we will learn about enumeration of important structures like heaps, environment variables, DLLs pointed by main PEB. Just to recap in the previous two articles, we have looked at the way of finding the processes within memory and then enumerated structures like Page Tables, VADs, and PEB. Dynamic... --------------------------------------------- http://resources.infosecinstitute.com/finding-enumerating-processes-within-… *** Announcing the Heimdal Cyber Security Glossary *** --------------------------------------------- Not too long ago, I was a total newbie in the cyber security field. Although I understood some of the basics, there was an entire universe for me to explore, from concepts to how they translate into action. What I found most baffling in the beginning were some of the technical terms. Of course I... --------------------------------------------- https://heimdalsecurity.com/blog/heimdal-cyber-security-glossary/ *** Young European white hat hackers meet for the 2nd Cyber Security Challenge competition *** --------------------------------------------- On the 7th of November, young European white hat hackers will meet at Düsseldorf to measure their skills in attacking and defending computer systems. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/young-european-white-hat-hacker… *** Bugtraq: [security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/539280 *** Vuln: MatrixSSL Multiple Information Disclosure Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/91488 *** ZDI-16-487: AVG Internet Security avgtdix.sys Kernel Driver Untrusted Pointer Dereference Privilege Escalation Vulnerability *** --------------------------------------------- This vulnerability allows local attackers to escalate privileges on vulnerable installations of AVG Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-487/ *** Security Advisory: Linux file utility vulnerabilities CVE-2014-8116 and CVE-2014-8117 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16347.htm… *** Self Service Password Reset 3.3.1.6 *** --------------------------------------------- Abstract: These files contain all updates made to SSPR 3.3.1 since the release of SSPR 3.3.1. This is a complete build of SSPR. SSPR 3.3.1 Patch 6 includes several new fixes. It also includes a security fix which was originally included in SSPR 3.3.1 HF2. Without this fix SSPR is vulnerable to a cross-site-scripting (XSS) attack (CVE-2016-1599, reported by Tom Ravenscroft of Datacom TSS). For more details see TID # 7017399 at https://www.netiq.com/support/kb/doc.php?id=7017399. It is mandatory... --------------------------------------------- https://download.novell.com/Download?buildid=AYDcXUSlNzI~ *** WordPress 4.5.3 - Authenticated Denial of Service (DoS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8606 *** Newtec Satellite Modem MDM6000 2.2.5 Cross-Site Scripting Vulnerability *** --------------------------------------------- Newtec Satellite Modem MDM6000 suffers from multiple reflected cross-site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5359.php *** Sakai 10.7 Multiple Vulnerabilities *** --------------------------------------------- Sakai suffers from multiple reflected cross-site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site. Also there is a file disclosure vulnerability when calling custom tool script. It is not properly verified before being used to read files. This can be exploited to disclose... --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5358.php *** tcPbX - (tcpbx_lang) Local File Inclusion *** --------------------------------------------- Topic: tcPbX - (tcpbx_lang) Local File Inclusion Risk: Medium Text:Vulnerable hardware : tcpbx voip distro Vendor : www.tcpbx.org Author : Ahmed sultan (@0x4148) Email : 0x4148(a)gmail.com ... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016080196 *** ZYCOO IP Phone System - Remote Command Execution *** --------------------------------------------- Topic: ZYCOO IP Phone System - Remote Command Execution Risk: High Text:Vulnerable hardware : ZYCOO IP phone system Vendor : zycoo.com Author : Ahmed sultan (@0x4148) Email : 0x4148(a)gmail.com ... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016080195 *** C2S DVR Management Remote Credentials Disclosure & Authentication Bypass *** --------------------------------------------- Topic: C2S DVR Management Remote Credentials Disclosure & Authentication Bypass Risk: High Text:1. Advisory Information = Title : C2S DVR Management Remote Credentials Disclosure & Authentic... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016080192 *** IP-Camera Vulnerabilities *** --------------------------------------------- *** MESSOA NIC990 IP-Camera auth bypass configuration download *** https://cxsecurity.com/issue/WLB-2016080194 --------------------------------------------- *** TOSHIBA IK-WP41A IP-Camera auth bypass configuration download *** https://cxsecurity.com/issue/WLB-2016080193 --------------------------------------------- *** JVC IP-Camera (VN-T216VPRU) Remote Credentials Disclosure *** https://cxsecurity.com/issue/WLB-2016080191 --------------------------------------------- *** Vanderbilt IP-Camera (CCPW3025-IR + CVMW3025-IR) Remote Credentials Disclosure *** https://cxsecurity.com/issue/WLB-2016080190 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 19-08-2016
by Daily end-of-shift report 19 Aug '16

19 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 18-08-2016 18:00 − Freitag 19-08-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** 18 Jahre lang vorhersehbare Zufallszahlen bei GnuPG *** --------------------------------------------- Lange Zeit schlummerte eine Sicherheitslücke in Libgcrypt, der Krypto-Bibliothek des GnuPG-Projektes. Glücklicherweise scheint es so, als ob Nutzern ein großflächiger Austausch von PGP-Schlüsseln erspart bleiben wird. --------------------------------------------- http://heise.de/-3300159 *** Neues von Locky: Der Erpressungstrojaner greift jetzt massenhaft Krankenhäuser an *** --------------------------------------------- Die Drahtzieher hinter Locky verlegen sich von X-beliebigen Internetnutzern auf Firmen. Vor allem Krankenhäuser haben sich als lukratives Ziel erwiesen. --------------------------------------------- http://heise.de/-3300555 *** Doctor Web discovers self-spreading Linux Trojan that can create P2P botnets *** --------------------------------------------- August 19, 2016 The Linux operating system remains a major target for virus makers. Doctor Web's security researchers have examined yet another Trojan for Linux written in the Go programming language. This malware program attacks web servers that use various CMS, performs DDoS attacks, sends out spam messages, and distributes itself over networks. The new Trojan, named Linux.Rex.1, was first spotted by Kernelmode forum users who referred to this malware as "Drupal ransomware"... --------------------------------------------- http://news.drweb.com/show/?i=10157&lng=en&c=9 *** Erpressungs-Trojaner Cerber rüstet sich gegen Entschlüsselungs-Tools *** --------------------------------------------- Check Points und Trend Micros kostenlose Dechiffrierungs-Tools können Daten nicht mehr aus den Fängen der aktuellen Version des Verschlüsselungs-Trojaners Cerber befreien. --------------------------------------------- http://heise.de/-3300589 *** Schwerwiegende Lücke im Teamspeak-Server offengelegt *** --------------------------------------------- Angreifer können über die aktuelle Version des Teamspeak-Servers Schadcode einschleusen und auf dem Server ausführen. Da der Sicherheitsforscher, der die Lücke entdeckte, die Entwickler nicht vorher informiert hat, gibt es momentan keinen Patch. --------------------------------------------- http://heise.de/-3300608 *** Pixpocket: So hätte die NSA VPNs ausspionieren können *** --------------------------------------------- Der Shadow-Brokers-Datensatz liefert möglicherweise Informationen darüber, wie die NSA in der Lage war, VPN-Verbindungen abzuhören. Die Schwachstelle hat Ähnlichkeiten mit Heartbleed. --------------------------------------------- http://www.golem.de/news/pixpocket-so-haette-die-nsa-vpns-ausspionieren-koe… *** DFN-CERT-2016-1359: PHP: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1359/ *** Bugtraq: Horizontal Privilege Escalation/Code Injection in ownCloud's Windows Client *** --------------------------------------------- http://www.securityfocus.com/archive/1/539269 *** Cisco IOS and Cisco IOS XE Software OpenSSH TCP Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the handling of Secure Shell (SSH) TCP packets in the Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to low memory on the device.The vulnerability is due to the handling of out-of-order, or otherwise invalid, TCP packets on an SSH connection to the device. An attacker could exploit this vulnerability by connecting via SSH to the device and then crafting TCP packets which are out of --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Navis WebAccess SQL Injection Vulnerability *** --------------------------------------------- NCCIC/ICS-CERT is aware of a public report of an SQL Injection vulnerability with proof-of-concept (PoC) exploit code affecting Navis WebAccess application. This report was released by "bRpsd" without coordination with either the vendor or ICS-CERT. ICS-CERT has reached out to the affected vendor to validate the report. ICS-CERT is issuing this alert to provide notice of the report and to identify baseline mitigations for reducing risks to this and other cybersecurity attacks. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-230-01 *** IBM Security Bulletin: IBM Connections Security Update *** --------------------------------------------- IBM Connections Security Update for multiple CVEs. There are multiple vulnerabilities in IBM Connections, see details below for remediation information. CVE(s): CVE-2016-2995, CVE-2016-2997, CVE-2016-2998, CVE-2016-3005, CVE-2016-3010 Affected product(s) and affected version(s): The following versions of IBM Connections are impacted: IBM Connections 5.5 IBM Connections 5.0 IBM Connections 4.5 IBM Connections 4.0 Refer to the following... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21988991 *** IBM Security Bulletin: The IBM BigFix Platform has a Cross-Site Scripting vulnerability (CVE-2016-0293 ) *** --------------------------------------------- A .beswrpt can be injected/modified to contain malicious JavaScript CVE(s): CVE-2016-0293 Affected product(s) and affected version(s): 9.0, 9.1, 9.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21985743X-Force Database:... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21985743

1 0

Tageszusammenfassung - Donnerstag 18-08-2016
by Daily end-of-shift report 18 Aug '16

18 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 17-08-2016 18:00 − Donnerstag 18-08-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco Firepower Management Center Remote Command Execution Vulnerability *** --------------------------------------------- A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security Afterworks – Best of Summer of Security Conferences *** --------------------------------------------- https://www.sba-research.org/events/security-afterworks-best-of-summer-of-s… *** Cookie Parser Buffer Overflow Vulnerability *** --------------------------------------------- FortiGate firmware (FOS) released before Aug 2012 has a cookie parser buffer overflow vulnerability. This vulnerability, when exploited by a crafted HTTP request, can result .. --------------------------------------------- http://fortiguard.com/advisory/cookie-parser-buffer-overflow-vulnerability *** Browser Address Bar Spoofing Vulnerability Disclosed *** --------------------------------------------- Chrome, Firefox and likely other major browsers are afflicted by a vulnerability that allows attackers to spoof URLs in the address bar. --------------------------------------------- http://threatpost.com/browser-address-bar-spoofing-vulnerability-disclosed/… *** Panelizer - Moderately Critical - Access Bypass - SA-CONTRIB-2016-048 *** --------------------------------------------- https://www.drupal.org/node/2785687 *** Panels - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-047 *** --------------------------------------------- https://www.drupal.org/node/2785631 *** Hosting - Less Critical - Access bypass - SA-CONTRIB-2016-046 *** --------------------------------------------- https://www.drupal.org/node/2785531 *** Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the command-line interface (CLI) parser of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, local attacker to create a denial of service (DoS) condition or potentially .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Patches ASA Zero Days Exposed by ShadowBrokers *** --------------------------------------------- Cisco today patched two vulnerabilities in its Adaptive Security Appliance that were leaked in the ShadowBrokers data dump of Equation Group exploits. --------------------------------------------- http://threatpost.com/cisco-patches-asa-zero-days-exposed-by-shadowbrokers/… *** 1 compromised site - 2 campaigns, (Thu, Aug 18th) *** --------------------------------------------- Earlier today, I ran across a compromised website with injected script from both the pseudo-Darkleech campaign and the EITest campaign. This is similar to another compromised site I reported back in June .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21381 *** DSA-3649 gnupg - security update *** --------------------------------------------- Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute ofTechnology discovered a flaw in the mixing functions of GnuPGs randomnumber generator. An attacker who obtains 4640 bits from the RNG cantrivially predict the next 160 bits of output. --------------------------------------------- https://www.debian.org/security/2016/dsa-3649 *** Bitcoin targeted by state sponsored attackers says Bitcoin.org *** --------------------------------------------- Bitcoin Core devs dont know about threat, advise usual signatures and hash checks Update Bitcoin.org is warning that the Bitcoin Core, the as-close-to-official-as-it-gets version of .. --------------------------------------------- www.theregister.co.uk/2016/08/18/bitcoin_targeted_by_state_sponsored_attack… *** PayPal patches 2FA portal bug *** --------------------------------------------- Attacker could log in to account without triggering confirmation text PayPal has patched a two-factor authentication (2FA) bug that could have let an attacker bypass its login processes. --------------------------------------------- www.theregister.co.uk/2016/08/18/paypal_patches_2fa_portal_bug/ *** If this headline was a security warning 90% of you would ignore it *** --------------------------------------------- Boffins find interrupting users with pop-ups in the middle of things just doesnt work Developers, advertisers, and scammers be warned; boffins say your pop ups will be almost universally ignored if they interrupt users. --------------------------------------------- www.theregister.co.uk/2016/08/18/coding_pop_ups_hit_em_when_theyre_idling_u… *** Gefälschte Software: Bitcoin fühlt sich durch Staaten angegriffen *** --------------------------------------------- Manipulierte Bitcoin-Software? Davon geht das Projekt offenbar aus. In einem Blogpost warnen die Macher vor staatlichen Angriffen auf das kommende Release. Das Projekt gibt auch Hinweise an die Nutzer. --------------------------------------------- http://www.golem.de/news/gefaelschte-software-bitcoin-fuehlt-sich-durch-sta… *** Lets Encrypt ups rate limits *** --------------------------------------------- 20 is plenty Lets Encrypt has revised its rate limits to make life easier for large organisations and hosting providers who use its services. --------------------------------------------- www.theregister.co.uk/2016/08/18/lets_encrypt_clarifies_rate_limit_rules/ *** The Shadow Brokers EPICBANANAS and EXTRABACON Exploits *** --------------------------------------------- On August 15th, 2016, Cisco was alerted to information posted online by the “Shadow Brokers”, which claimed to possess disclosures from the Equation Group. The files included exploit code that can be used against multi-vendor devices, including the Cisco ASA and legacy Cisco PIX firewalls. --------------------------------------------- https://blogs.cisco.com/security/shadow-brokers *** Locky Targets Hospitals In Massive Wave Of Ransomware Attacks *** --------------------------------------------- A massive wave of Locky ransomware delivered via DOCM attachments is targeting the healthcare sector this month. --------------------------------------------- http://threatpost.com/locky-targets-hospitals-in-massive-wave-of-ransomware…

1 0

Tageszusammenfassung - Mittwoch 17-08-2016
by Daily end-of-shift report 17 Aug '16

17 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 16-08-2016 18:00 − Mittwoch 17-08-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** SQL Injection Vulnerability in Ninja Forms *** --------------------------------------------- As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, currently installed on 600,000+ websites. --------------------------------------------- https://blog.sucuri.net/2016/08/sql-injection-vulnerability-ninja-forms.html *** PMASA-2016-38 *** --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2016-38/ *** PMASA-2016-34 *** --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2016-34/ *** PMASA-2016-39 *** --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2016-39/ *** PMASA-2016-43 *** --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2016-43/ *** PMASA-2016-54 *** --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2016-54/ *** PGP admins: Kill short keys now, or Alice will become Chuck *** --------------------------------------------- Someones impersonating the likes of Linus Torvalds with attacks via keyservers The issue of short .. --------------------------------------------- www.theregister.co.uk/2016/08/17/pgp_admins_kill_short_keys_now_or_alice_wi… *** Snowden: NSA-Leak von Hackern ist "russische Botschaft" an USA *** --------------------------------------------- Der NSA-Whistleblower insinuiert, dass russische Hacker damit die Reaktion auf den Einbruch bei den Demokraten abmildern wollen --------------------------------------------- http://derstandard.at/2000042924155 *** Wartungsarbeiten Donnerstag, 18. 8. 2016, nachmittags *** --------------------------------------------- Am Donnerstag, 18. August 2016, nachmittags, müssen wir dringende Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu kurzen Ausfällen der extern erreichbaren Services (zB Email, Webserver, Mailinglisten) führen - es gehen dabei keine Daten (zb Emails) verloren, die .. --------------------------------------------- http://www.cert.at/services/blog/20160817111811-1777.html *** VxWorks: Execute My Packets *** --------------------------------------------- Earlier this year we reported 3 vulnerabilities in VxWorks to Wind River. Each of these vulnerabilities can be exploited by anonymous remote attackers on the same .. --------------------------------------------- https://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets/ *** Sicherheitsbedenken: Provider und Aktivisten vereint gegen Router-Lockdown *** --------------------------------------------- Auch in Österreich soll Routerfirmware künftig reguliert werden. Aktivisten und ISPs kritisieren die geplanten Regelungen. Diese gingen davon aus, dass es keine Sicherheitslücken bei Routern geben würde. --------------------------------------------- http://www.golem.de/news/sicherheitsbedenken-provider-und-aktivisten-verein… *** New wave of targeted attacks focus on industrial organizations *** --------------------------------------------- Kaspersky Lab researchers discovered a new wave of targeted attacks against the industrial and engineering sectors in 30 countries around the world. Dubbed Operation .. --------------------------------------------- https://www.helpnetsecurity.com/2016/08/17/operation-ghoul/

1 0

Tageszusammenfassung - Dienstag 16-08-2016
by Daily end-of-shift report 16 Aug '16

16 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 12-08-2016 18:00 − Dienstag 16-08-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Hacker veröffentlichte weitere Unterlagen der US-Demokraten *** --------------------------------------------- Darunter persönliche Handynummern und E-Mail-Adressen von fast 200 Parlamentariern --------------------------------------------- http://derstandard.at/2000042820320 *** Olympia: Hacker-Angriff auf Doping-Informantin Stepanowa *** --------------------------------------------- http://derstandard.at/2000042830707 *** CVE-2016-5696 and its effects on Tor *** --------------------------------------------- tl;dr: This vulnerability is quite serious, but it doesn't effect the Tor network any more than it effects the rest of the internet. In particular, the Tor-specific attacks mentioned in the paper will not work as described. --------------------------------------------- https://blog.patternsinthevoid.net/cve-2016-5696-and-its-effects-on-tor.html *** Forensik-Tool: Forscher stellen Inhalte von Whatsapp und Signal wieder her *** --------------------------------------------- Mit Hilfe einer App sollen Strafverfolgungsbehörden Inhalte von Messenger-Apps .. --------------------------------------------- http://www.golem.de/news/forensik-tool-forscher-stellen-inhalte-von-whatsap… *** Pokemon Go-Ransomware verschlüsselt, erpresst und schnüffelt *** --------------------------------------------- Hinter einer gefakten Version des Smartphone-Spiels PokemonGo für PCs steckt ein Erpressungs-Trojaner, der es auf Daten von Nutzern abgesehen hat. --------------------------------------------- http://heise.de/-3294543 *** Nutzer bringt Windows-Betrüger dazu, Ransomware zu installieren *** --------------------------------------------- User dreht den Spiess um und sorgt für Abschreckung bei Support-Fakern --------------------------------------------- http://derstandard.at/2000042856802 *** Verschlüsselung: Mails zu Veracrypt-Audit verschwinden spurlos *** --------------------------------------------- Ein Audit soll prüfen, ob der Truecrypt-Nachfolger Veracrypt Sicherheitslücken hat. Die Macher der Initiative berichten, dass der Versuch sabotiert werde - E-Mails würden unauffindbar verschwinden. --------------------------------------------- http://www.golem.de/news/geplanter-audit-mails-zu-veracrypt-audit-verschwin… *** Exploit kit shakedown: RIG EK grabs Neutrino EK campaigns *** --------------------------------------------- Something unusual happened in the exploit kit ecosystem. Two well-known malware distribution campaigns switched from Neutrino EK to RIG EK. A temporary .. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016… *** Hacker behaupten, Spionagetools der NSA gestohlen zu haben *** --------------------------------------------- Sicherheitsforscher gehen von einer Echtheit des Leaks aus, Hacker kündigen "Versteigerung" an --------------------------------------------- http://derstandard.at/2000042884275 *** BlackBerry stopft auch die vierte Quadrooter-Schwachstelle *** --------------------------------------------- Drei der auf der BlackHat USA bekannt gewordenen Schwachstellen waren bereits mit dem monatlichen Sicherheitsupdate repariert. Die vierte schliesst BlackBerry nun mit einem Hotfix. --------------------------------------------- http://heise.de/-3295312 *** The Shadow Brokers: Lifting the Shadows of the NSA's Equation Group? *** --------------------------------------------- This week a hacker group going by the name The Shadow Brokers has surfaced and appears to be auctioning off computer exploits it claims are stolen from the Equation .. --------------------------------------------- https://www.riskbasedsecurity.com/2016/08/the-shadow-brokers-lifting-the-sh… *** Shade: not by encryption alone *** --------------------------------------------- Malefactors continue to expand the features of ransomware as they try to extract maximum benefit from the compromise of infected computers. We recently found an interesting example of such an 'upgrade': a new logic in the latest .. --------------------------------------------- https://securelist.com/blog/research/75645/shade-not-by-encryption-alone/ *** Bewerbungen verbreiten Schadsoftware *** --------------------------------------------- Mit vermeintlichen Bewerbungsschreiben treten Kriminelle an Firmen heran und ersuchen die .. --------------------------------------------- https://www.watchlist-internet.at/schadsoftware/bewerbungen-verbreiten-scha… *** Secunia Research: Mit schlechten Statistiken zum falschen Sicherheitseindruck *** --------------------------------------------- Secunia Research schaute sich an, wie gut Anwender ihre Systeme pflegen. Die gute Nachricht: Windows wird in der Regel aktualisiert. Die schlechte: Bei .. --------------------------------------------- http://www.golem.de/news/secunia-research-mit-schlechten-statistiken-zum-fa… *** Microsoft stellt Patchsystem für ältere Windows-Versionen um *** --------------------------------------------- In Zukunft sollen Patch-Pakete einmal im Monat erscheinen und auch ältere Fixes enthalten --------------------------------------------- http://derstandard.at/2000042906045 *** Detection and Prevention of DNS Anomalies *** --------------------------------------------- Malware and Botnets have been a threat to systems and networks for several years. The usual methods of detecting a virus with a local virus scanner or their spreading with intrusion detection system (IDS) will not mitigate the .. --------------------------------------------- http://resources.infosecinstitute.com/detection-prevention-dns-anomalies/ *** P@55w0rd5 - Blessing or curse? *** --------------------------------------------- By now, everybody has passwords for something, just like keys to different doors. The more doors you have to unlock, the bigger your keychain is going to be. This in turn .. --------------------------------------------- https://blog.gdatasoftware.com/2016/28917-p-55w0rd5-blessing-or-curse *** Das Schnurren einer Festplatte verrät Geheimnisse *** --------------------------------------------- Indem Sicherheitsforscher die Geräusche der Zugriffe auf eine Festplatte auswerten, lesen sie Daten von einem Computer aus, auf den sie keinen direkten Zugriff haben. --------------------------------------------- http://heise.de/-3295965 *** Cerber ransomware earns $2.3mil with 0.3% response rate *** --------------------------------------------- The fast-growing Cerber ransomware earned nearly $200,000 in July despite a payment rate of just 0.3 percent as a result of its affiliate distribution model, according to a new report by Check Point and IntSights Cyber .. --------------------------------------------- http://www.cio.com/article/3108368/cyber-attacks-espionage/cerber-ransomwar… *** Microsoft Authenticator: Zweiwege-Authentifizierungs-App kommt für Android und iOS *** --------------------------------------------- Microsoft hat seine neue Autorisierungs-App Authenticator auch für Android und iOS veröffentlicht. Damit können Nutzer Anmeldungen auf einem PC zusätzlich absichern. Praktischerweise können mehrere Konten verwendet werden, auch von Diensten, die Microsoft nicht selbst anbietet. --------------------------------------------- http://www.golem.de/news/microsoft-authenticator-zweiwege-authentifizierung… *** CEO Fraud: Deutscher Autozulieferer Leoni um Millionensumme betrogen *** --------------------------------------------- Der deutsche Autozulieferer Leoni ist Opfer eines millionenschweren Betrugs geworden. Die bisher unbekannten Täter .. --------------------------------------------- http://derstandard.at/2000042922341-406

1 0

Tageszusammenfassung - Freitag 12-08-2016
by Daily end-of-shift report 12 Aug '16

12 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 11-08-2016 18:00 − Freitag 12-08-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** An ATM hack and a PIN-pad hack show chip cards aren't impervious to fraud *** --------------------------------------------- The good news? Hacks are limited for now. The bad news? Hackers will get better. --------------------------------------------- http://arstechnica.com/security/2016/08/an-atm-hack-and-a-pin-pad-hack-show… *** Four free tools for handling Amazon Web Services security incident response *** --------------------------------------------- Responding to security incidents that involve deployments within Amazon Web Services is a lot different from responding to incidents that happen on corporate-owned gear, and two researchers have come up with free tools to make that process easier.Obtaining forensic evidence is different, primarily because security pros can't obtain physical access to the machines on which their AWS instances are running.+More on Network World: Black Hat: 9 free security tools for defense... --------------------------------------------- http://www.cio.com/article/3106302/security/four-free-tools-for-handling-am… *** Looking for the insider: Forensic Artifacts on iOS Messaging App, (Thu, Aug 11th) *** --------------------------------------------- Most of the times we care about and focus on external threats, looking for actors that may attack us via phishing emails, vulnerable web services, misconfigured network devices, etc. However, sometimes the threat may come from the inside. In fact, it is not so uncommon to have disloyal/disgruntled employees exfiltrating information from the company (e.g. Intellectual Property to competitors, confidential information to the press, etc.). In such situations, a full forensics analysis of the... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21363&rss *** Decrypting Chimera ransomware *** --------------------------------------------- We take a technical look at validating the leaked Chimera ransomware keys as well as if we can decrypt files with these keys. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2016/08/decrypting-chimera-ransomw… *** Ransomware Decryption Tools *** --------------------------------------------- IMPORTANT! Before downloading and starting the solution, read the how-to guide. Make sure you remove the malware from your system first, otherwise it will repeatedly lock your system or encrypt files. --------------------------------------------- https://www.nomoreransom.org/decryption-tools.html *** Analyzing and Cleaning Hijacked Google SEO Spam Results *** --------------------------------------------- Blackhat SEO spam comes in many forms, and one of the most nefarious is hijacked search results. This happens when search engines crawl and display unwanted content in the title and description of infected web pages. The negative impact to the infected website cannot be understated. This harms the website's reputation with visitors and will... --------------------------------------------- https://blog.sucuri.net/2016/08/cleaning-hijacked-google-seo-spam-results.h… *** Microsofts compromised Secure Boot implementation *** --------------------------------------------- Theres been a bunch of coverage of this attack on Microsofts Secure Boot implementation, a lot of which has been somewhat confused or misleading. Heres my understanding of the situation.Windows RT devices were shipped without the ability to disable Secure Boot. Secure Boot is the root of trust for Microsofts User Mode Code Integrity (UMCI) feature, which is what restricts Windows RT devices to running applications signed by Microsoft. This restriction is somewhat inconvenient for developers, so... --------------------------------------------- http://mjg59.dreamwidth.org/44223.html *** Security-Fixes für Ruby on Rails verfügbar *** --------------------------------------------- Die Updates verhindern Cross-Site-Scritping-Attacken über html_safe in den Hauptversionen 3, 4 und 5 sowie die Möglichkeit, Queries in Rails 4.2.x zu manipulieren. --------------------------------------------- http://heise.de/-3293426 *** This is strictly a violation of the TCP specification *** --------------------------------------------- I was asked to debug another weird issue on our network. Apparently every now and then a connection going through CloudFlare would time out with 522 HTTP error. 522 error on CloudFlare indicates a connection issue between our edge server and the... --------------------------------------------- https://blog.cloudflare.com/this-is-strictly-a-violation-of-the-tcp-specifi… *** Finding and Enumerating Processes within Memory: Memory and Volatility *** --------------------------------------------- In this article series, we will learn about how processes reside in memory and various ways to find and enumerate them. I will be using Volatility plugins to find processes in memory. Once we know how to find processes within memory, in Part 2 we will see how to enumerate through them. Note: The scope... --------------------------------------------- http://resources.infosecinstitute.com/finding-and-enumerating-processes-wit… *** VU#301735: ZModo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials *** --------------------------------------------- Vulnerability Note VU#301735 ZModo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials Original Release date: 12 Aug 2016 | Last revised: 12 Aug 2016 Overview The ZModo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials and run telnet by default. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-5081According to the reporter, the Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain undocumented credentials for accessing the device via telnet. --------------------------------------------- http://www.kb.cert.org/vuls/id/301735 *** HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS) *** --------------------------------------------- A potential security vulnerability in JQuery was addressed by HPE Integrated Lights-Out 3. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05232730 *** HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution *** --------------------------------------------- A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed in the AdminUI of HP Operations Manager for Unix, Solaris and Linux. The vulnerability could be exploited remotely to allow remote code execution. --------------------------------------------- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr… *** IDM 4.5 SOAP Driver Version 4.0.0.4 *** --------------------------------------------- Abstract: Patch update for the Novell Identity Manager SOAP driver. The patch will take the driver version to 4.0.0.4. You must have IDM 4.0.2 or later to use this driver. Document ID: 5251690Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:IDM45_SOAP_4004.zip (161.66 kB)Products:Identity Manager 4.5Superceded Patches:IDM 4.5 SOAP Driver Version 4.0.0.3 --------------------------------------------- https://download.novell.com/Download?buildid=95cHErCKIOQ~ *** F5 Security Advisory: libssh2 vulnerability CVE-2016-0787 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/21/sol21531693.html?… *** F5 Security Advisory: TMM vulnerability CVE-2016-5023 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/19/sol19784568.html?… *** VU#332115: D-Link routers contain buffer overflow vulnerability *** --------------------------------------------- Vulnerability Note VU#332115 D-Link routers contain buffer overflow vulnerability Original Release date: 11 Aug 2016 | Last revised: 11 Aug 2016 Overview D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-5681A stack-based buffer overflow occurs in the function within the cgibin binary which validates the session cookie.This function is used by a service... --------------------------------------------- http://www.kb.cert.org/vuls/id/332115 *** Rockwell Automation MicroLogix 1400 SNMP Credentials Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a privileged simple network management protocol vulnerability in Rockwell Automation's MicroLogix 1400 programmable logic controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-224-01 *** DSA-3646 postgresql-9.4 - security update *** --------------------------------------------- Several vulnerabilities have been found in PostgreSQL-9.4, a SQLdatabase system. --------------------------------------------- https://www.debian.org/security/2016/dsa-3646 *** FortiVoice 5.0 Filter Bypass & Persistent Web Vulnerabilities *** --------------------------------------------- A vulnerablity in FortiVoice 5.0 web-application could allow malicious script being injected in the affected module; this potentially enables XSS attacks. --------------------------------------------- http://fortiguard.com/advisory/fortivoice-5-0-filter-bypass-persistent-web-… *** Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms ARP Request Handling Denial of Service Vulnerability *** --------------------------------------------- A vulnerability exists in Cisco Access Point (AP) platforms when processing Address Resolution Protocol (ARP) packets that could allow an unauthenticated, adjacent attacker to inject crafted entries into the ARP table and eventually cause a reload of the affected device.The vulnerability is due to improper processing of illegal ARP packets. An attacker could exploit this vulnerability by sending crafted ARP packets to be processed by an affected device. An exploit could allow the attacker to... --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in OpenSSL *** http://www.ibm.com/support/docview.wss?uid=swg21987903 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176). *** http://www-01.ibm.com/support/docview.wss?uid=swg21988350 --------------------------------------------- *** IBM Security Bulletin: Multiple security vulnerabilities have been identified in WebSphere Application Server and bundling products shipped with IBM Cloud Orchestrator (CVE-2016-3426, CVE-2016-3427) *** http://www-01.ibm.com/support/docview.wss?uid=swg2C1000178 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in OpenSSH (CVE-2016-3115, CVE-2016-1908) *** http://www.ibm.com/support/docview.wss?uid=swg21987636 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in OpenSSH (CVE-2016-3115, CVE-2016-1908) *** http://www.ibm.com/support/docview.wss?uid=swg21987638 --------------------------------------------- *** IBM Security Bulletin: IBM Netezza SQL Extensions is vulnerable to an OpenSource PCRE Vulnerability (CVE-2016-1283, CVE-2016-3191) *** http://www-01.ibm.com/support/docview.wss?uid=swg21985982 --------------------------------------------- Next End-of-Shift report: 2016-08-16

1 0

Tageszusammenfassung - Donnerstag 11-08-2016
by Daily end-of-shift report 11 Aug '16

11 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 10-08-2016 18:00 − Donnerstag 11-08-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Sicherheitsforscher kapern HTTP-Verbindungen von Linux *** --------------------------------------------- Eine Schwachstelle im Linux-Kernel gefährdet TCP-Verbindungen. Unter bestimmten Voraussetzungen konnten sich Sicherheitsforscher in Verbindungen einklinken und diese etwa lahmlegen und sogar manipulieren. --------------------------------------------- http://heise.de/-3292257 *** Bing.VC Hijacks Browsers Using Legitimate Applications *** --------------------------------------------- Browser hijackers are a type of malware that modifies a web browser's settings without the user's permission. Generally a browser hijacker injects unwanted advertising into the browser. It replaces the home page or search page with its own. It also steals cookies and can install a keylogger to fetch other sensitive information. McAfee Labs has recently... --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/bing-vc-hijacks-browser-using-legitima… *** Profiling SSL Clients with tshark, (Wed, Aug 10th) *** --------------------------------------------- Cisco recently published a paper showing how malicious SSL traffic sometimes uses very specific SSL options. Once you know what set of SSL options to look for, you will then be able to identify individual pieces of malware without having to decrypt the SSL traffic. (and before anybody complains: SSL does include TLS. I am just old fashioned that way) I wanted to see how well this applies to HTTPS traffic hitting the ISC website. I collected about 100 MB of traffic, which covered client hello... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21361&rss *** Python-based TLS tester tool *** --------------------------------------------- We at Oulu University Secure Programming Group, OUSPG for short, have been developing a neat little gadget called TryTLS. It is a systematic tester tool that checks the safety of TLS libraries. We think we have something of value here, as certificate handling is a very complex and overlooked issue. The tool and info on how to get started can be found here: https://github.com/ouspg/trytls We would really value your input if you could think of some good backends, tests or other resources that... --------------------------------------------- http://www.reddit.com/r/netsec/comments/4x1z36/pythonbased_tls_tester_tool/ *** Linux Trojan Mines For Cryptocurrency Using Misconfigured Redis Servers *** --------------------------------------------- An anonymous reader writes: In another installment of "Linux has malware too," security researchers have discovered a new trojan that targets Linux servers running Redis, where the trojan installs a cryptocurrency miner. The odd fact about this trojan is that it includes a wormable feature that allows it to spread on its own. The trojan, named Linux.Lady, will look for Redis servers that dont have an admin account password, access the database, and then download itself on the new... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/WKFxUVtVPG0/linux-trojan-mi… *** CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS *** --------------------------------------------- The HEIST vulnerability was presented at Black Hat USA 2016 by Mathy Vanhoef and Tom Van Goethem. In this presentation, new techniques were presented that enhanced previously presented padding oracle attacks on HTTPS, making them more practical. In a padding oracle attack, the attacker has partial control of part of a message that contains secret information, and is compressed, then encrypted before being sent over the network. An example of this is a web page... --------------------------------------------- https://www.helpnetsecurity.com/2016/08/11/compression-oracle-attacks-https/ *** Volkswagen-Hack: Mit dem Arduino 100 Millionen Autos öffnen *** --------------------------------------------- Mit einem Arduino und Hardware im Wert von 40 US-Dollar lassen sich fast alle Modelle der VW-Gruppe aus den vergangenen 15 Jahren öffnen - sagen Sicherheitsforscher. Das Unternehmen hat die Lücke eingeräumt. 14 weitere Autohersteller sind betroffen. --------------------------------------------- http://www.golem.de/news/hack-mit-dem-arduino-100-millionen-autos-oeffnen-1… *** Road Warriors: Beware of "Video Jacking" *** --------------------------------------------- A little-known feature of many modern smartphones is their ability to duplicate video on the devices screen so that it also shows up on a much larger display -- like a TV. However, new research shows that this feature may quietly expose users to a simple and cheap new form of digital eavesdropping. Dubbed "video jacking" by its masterminds, the attack uses custom electronics hidden inside what appears to be a USB charging station. As soon as you connect a vulnerable phone to the... --------------------------------------------- http://krebsonsecurity.com/2016/08/road-warriors-beware-of-video-jacking/ *** EyeLock nano NXT 3.5 Remote Root Exploit *** --------------------------------------------- EyeLocks nano NXT firmware latest version 3.5 (released 25.07.2016) suffers from multiple unauthenticated command injection vulnerabilities. The issue lies within the rpc.php script located in the /scripts directory and can be triggered when user supplied input is not correctly sanitized while updating the local time for the device and/or get info from remote time server. The vulnerable script has two REQUEST parameters timeserver and localtime that are called within a shell_exec() function for... --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5357.php *** EyeLock nano NXT 3.5 Local File Disclosure Vulnerability *** --------------------------------------------- nano NXT suffers from a file disclosure vulnerability when input passed thru the path parameter to logdownload.php script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5356.php *** EyeLock Myris 3.3.2 SDK Service Unquoted Service Path Privilege Escalation *** --------------------------------------------- The application suffers from an unquoted search path issue impacting the service MyrisService for Windows deployed as part of Myris solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application... --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5355.php *** Bugtraq: [CORE-2016-0006] - SAP CAR Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/539180 *** SSA-378531 (Last Update 2016-08-11): Vulnerabilities in SIMATIC WinCC, PCS 7 and WinCC Runtime Professional *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531… *** Security Advisory: BIG-IP file validation vulnerability CVE-2015-8022 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/12/sol12401251.html?… *** Security Advisory: BIG-IP IPsec IKE peer listener vulnerability CVE-2016-5736 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/10/sol10133477.html?… *** Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor (RP) of an affected device, which could cause the device to drop all control-plane protocols and lead to a denial of service condition (DoS) on a targeted system.The vulnerability is due to improper handling of crafted, fragmented packets that --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IP Phone 8800 Series Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the web application of the Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to perform a stored, cross-site scripting (XSS) attack.The vulnerability is due to insufficient sanitization of parameter values. An attacker could exploit this vulnerability by storing malicious code on a device and waiting for a user to access a web page that triggers execution of the code. An exploit could allow the attacker to execute arbitrary script code in the context of --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Connected Streaming Analytics Unauthorized Access Vulnerability *** --------------------------------------------- A vulnerability in the administrative web interface of Cisco Connected Streaming Analytics could allow an authenticated, remote attacker to obtain sensitive information.The vulnerability is due to the inclusion of sensitive information in a server response when certain pages of the administrative web interface are accessed. An authenticated attacker who can view the affected configuration page of an affected system could obtain a service password used for event and report notification. This --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Redirect HTTP traffic vulnerability may affect IBM HTTP Server (CVE-2016-5387) *** http://www-01.ibm.com/support/docview.wss?uid=swg21988019 --------------------------------------------- *** IBM Security Bulletin: IBM API Connect server credentials used for a specific restricted scenario may have been exposed (CVE-2016-3012) *** http://www-01.ibm.com/support/docview.wss?uid=swg21988212 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Common Reporting (TCR) 2016Q2 Security Updater : IBM Tivoli Common Reporting is affected by multiple vulnerabilities *** http://www-01.ibm.com/support/docview.wss?uid=swg21986669 --------------------------------------------- *** IBM Security Bulletin: Security Bulletin: IBM Connections Security Refresh for CVE-2016-0310 *** http://www.ibm.com/support/docview.wss?uid=swg21988338 --------------------------------------------- *** IBM Security Bulletin: IBM Connections Security Refresh for CVE-2016-0305, CVE-2016-0307,CVE-2016-0308 *** http://www.ibm.com/support/docview.wss?uid=swg21986770 --------------------------------------------- *** IBM Security Bulletin: Flexara InstallShield vulnerability affects IBM Mobile Connect (CVE-2016-2542) *** http://www.ibm.com/support/docview.wss?uid=swg21986258 --------------------------------------------- *** IBM Security Bulletin: IBM Active Content Filtering Vunerability impacts IBM Docs (CVE-2016-0243 ) *** http://www.ibm.com/support/docview.wss?uid=swg21986626 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 10-08-2016
by Daily end-of-shift report 10 Aug '16

10 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 09-08-2016 18:00 − Mittwoch 10-08-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Fixing an Internet Security Threat *** --------------------------------------------- A weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 enables attackers to hijack users' Internet communications completely remotely, researchers said. --------------------------------------------- http://www.isssource.com/fixing-an-internet-security-threat/ *** August 2016 security update release *** --------------------------------------------- Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month's security updates and advisories can be found in the Security TechNet Library. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2016/08/09/august-2016-security-up… *** Microsoft Patch Tuesday, August 2016, (Tue, Aug 9th) *** --------------------------------------------- Today, Microsoft released a total of 9 security bulletins. 5 of the bulletins are rated critical, the rest are rated important. You can find our usual summary here: https://isc.sans.edu/mspatchdays.html?viewday=2016-08-09(or via the API in various parsable formats) Some of the highlights: MS16-095/096: The usual Internet Explorer and Edge patches. Microsoft addresses nine vulnerabilities for Internet Explorer, and 8 for Edge. Note that there is a lot of overlap. Kind of makes you wonder how... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21357&rss *** MSRT August 2016 release adds Neobar detection *** --------------------------------------------- As part of our ongoing effort to provide better malware protection, the August 2016 release of the Microsoft Malicious Software Removal Tool (MSRT) includes detections for BrowserModifier: Win32/Neobar, unwanted software, and Win32/Rovnix, a trojan malware family. This blog discusses BrowserModifier:Win32/Neobar and its inclusion in MSRT supports our unwanted software family detections in Windows Defender, along... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/08/09/msrt-august-2016-releas… *** Kardinalfehler: Microsoft setzt aus Versehen Secure Boot Schachmatt *** --------------------------------------------- Durch eine vergessene Debug-Funktion hat Microsoft jedem Administrator die Möglichkeit gegeben, Secure Boot auch aus der Ferne abzuschalten. Damit aber nicht genug der Peinlichkeiten: Zwei Versuche, die Lücke zu stopfen, scheiterten bereits. --------------------------------------------- http://heise.de/-3291946 *** Google Chrome will beat Flash to death with a shovel: Why... wont... you... just... die! *** --------------------------------------------- Adobe plugin completely snubbed for HTML5 By the end of the year, Google Chrome will block virtually all Flash content and make whatevers left click-to-play by default. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/08/09/google_chro… *** Factsheet Use virtualisation wisely *** --------------------------------------------- Virtualisation of ICT services ensures more efficient and flexible use of hardware. This factsheet is about specific risks that arise when you use virtual servers to outsource ICT services. Your virtual server has an unknown number of virtual neighbours on the host. By using the newly discovered Flip Feng Shui attack method, an attacker can penetrate a virtual neighbour or have it install malware. To date, an attacker could only eavesdrop on the activity of virtual neighbours. The success... --------------------------------------------- https://www.ncsc.nl/english/current-topics/factsheets/factsheet-use-virtual… *** Research team presents Flip Feng Shui attack method at Usenix Security Symposium 2016 *** --------------------------------------------- Researchers of the Vrije Universiteit Amsterdam and the Katholieke Universteit Leuven discovered a new attack method, known as Flip Feng Shui. This is the first attack method that enables an attacker to change the contents of the memory of another virtual server. In this way, he can directly attack the virtual server. Previously discovered attack methods, so-called side channels, aim to eavesdrop on a virtual server on the same host, and gain access to confidential information. On August the --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/researchteam-presents-flip-… *** Verschlüsselung: Microsofts Edge und Internet Explorer 11 werfen RC4 über Bord *** --------------------------------------------- Ab sofort öffnen die Webbrowser Edge und Internet Explorer 11 keine Webseiten mehr, die auf das RC4-Verschlüsselungsverfahren setzen. Das dafür nötige Update verteilt Microsoft aktuell. --------------------------------------------- http://heise.de/-3291361 *** Verflixte Primzahlen: Eine subtile Hintertür im Diffie-Hellman-Schlüsselaustausch *** --------------------------------------------- Benutzt der Diffie-Hellman-Schlüsselaustausch an der richtigen Stelle die falschen Primzahlen, kann ein Angreifer unter Umständen an die geheimen Schlüssel kommen. Das würde ihm erlauben etwa SSL-Verbindungen aufzubrechen. --------------------------------------------- http://heise.de/-3289764 *** Determining the real economic impact of cyber-incidents: A mission (almost) impossible *** --------------------------------------------- Today ENISA publishes a systematic review of studies on the economic impact of cyber-security incidents on critical information infrastructures (CII). --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/determining-the-real-economic-i… *** IDG Contributor Network: Reach em and teach em--educating developers on application security *** --------------------------------------------- How are developers supposed to build security throughout the development lifecycle if they are not taught security at any stage of their education? Vulnerabilities exist because products made by developers who have close to no knowledge of security are hitting the market. Rather than accept the idea that software will never be 100 percent secure, academia and industry leaders can be more proactive and teach developers how to think about application security.In a white paper, "App-Sec... --------------------------------------------- http://www.csoonline.com/article/3105503/application-development/reach-em-a… *** Security Advisory - A Security Vulnerability of Using Insecure Random Numbers to Generate Self-signed Certificates in Huawei Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160810-… *** Security Advisory - Buffer Overflow Vulnerability in Huawei USG Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160810-… *** IBM Security Bulletin: XXE and XmlBomb vulnerability in FileNet Workplace (CVE-2016-3055) *** --------------------------------------------- FileNet Workplace is susceptible to the XXE and XmlBomb vulnerability. CVE(s): CVE-2016-3055 Affected product(s) and affected version(s): FileNet Workplace 4.0.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21987128X-Force Database:... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21987128 *** IBM Security Bulletin: IBM Forms Experience Builder vulnerable to CSRF when configured with non default settings (CVE-2016-2884) *** --------------------------------------------- A cross-site request forgery attack is possible when configured with non default settings, caused by improper validation of user-supplied input. CVE(s): CVE-2016-2884 Affected product(s) and affected version(s): IBM Forms Experience Builder 8.5 IBM Forms Experience Builder 8.5.1 IBM Forms Experience Builder 8.6.x Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin:... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21987252 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2016-3426) *** --------------------------------------------- There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 and Version 8. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Rational Service Tester is only affected by one of these vulnerabilities. CVE(s): CVE-2016-3426 Affected product(s) and affected version(s): Rational Service Tester versions 8.3, 8.5, 8.6,... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21988456 *** IBM Security Bulletin: A security vulnerability in IBM Java Runtime affects IBM Cognos Planning (CVE-2016-3427) *** --------------------------------------------- There are multiple vulnerabilities in IBM Runtime Environment Java Version 6 that is used by IBM Cognos Planning. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): CVE-2016-3427 Affected product(s) and affected version(s): IBM Cognos Planning 10.1 IBM Cognos Planning 10.1.1 Refer to the following reference URLs for... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21975745

1 0

Tageszusammenfassung - Dienstag 9-08-2016
by Daily end-of-shift report 09 Aug '16

09 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 08-08-2016 18:00 − Dienstag 09-08-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** "Cat-Loving" Mobile Ransomware Operates With Control Panel *** --------------------------------------------- Recently the McAfee Labs Mobile Malware Research team found a sample of ransomware for Android with botnet capabilities and a web-based control panel service. The malware is running on compromised legitimate servers. The payload of this malware can encrypt a victim's files, steal SMS messages, and block access to the device. In this variant the... --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/cat-loving-mobile-ransomware-operates-… *** Researcher warns of flaws in Samsung Pay tokenization and mag stripe features *** --------------------------------------------- A researcher claims to have found vulnerabilities in Samsung Pays tokenization mechanism and its magnetic secure transmission (MST) technology that could allow hackers to steal users tokens and make fraudulent purchases. --------------------------------------------- http://www.scmagazine.com/researcher-warns-of-flaws-in-samsung-pay-tokeniza… *** Samsung Calls Reports of Samsung Pay Security Flaw "Inaccurate" *** --------------------------------------------- Researcher finds a way to make fraudulent transactions via Samsung Pay, but Samsung denies any issues --------------------------------------------- http://news.softpedia.com/news/samsung-calls-reports-of-samsung-pay-securit… *** Anonymes Dokument: Angriffe auf den FreeBSD-Update-Prozess *** --------------------------------------------- Ein anonymes Dokument beschreibt detailliert Sicherheitslücken im FreeBSD-Update-System. Betroffen sind Portsnap, Libarchive und Bspatch. Fixes gibt es bislang nur für wenige der Bugs. Möglicherweise existieren ähnliche Angriffe auch auf Linux-Systemen. --------------------------------------------- http://www.golem.de/news/anonymes-dokument-angriffe-auf-den-freebsd-update-… *** Sicherheit: Hacker knacken 12 von 16 Smartlocks *** --------------------------------------------- Zwei Hacker haben drei Viertel der von ihnen untersuchten Bluetooth-Smartlocks knacken können - mit stellenweise haarsträubend einfachen Mitteln. Die Reaktion der Hersteller zeugt nicht von großem Interesse, an den Problemen etwas ändern zu wollen. --------------------------------------------- http://www.golem.de/news/sicherheit-hacker-knacken-12-von-16-smartlocks-160… *** DFRWS EU/IMF 2017 *** --------------------------------------------- DFRWS EU 2017 will be held in Überlingen, Lake Constance, Germany. This year brings together two premier research conferences in Europe, the DFRWS digital forensics conference (DFRWS EU 2017) and the International Conference on IT Security Incident Management & IT Forensics (IMF 2017). Established in 2001, DFRWS has become the premier digital forensics conference, dedicated to solving real world challenges, and pushing the envelope of what is currently possible in digital forensics. --------------------------------------------- http://www.dfrws.org/conferences/dfrws-eu-2017 *** Unechte PayLife-Nachricht: Ihre Kreditkarte wird vorläufig eingeschränkt *** --------------------------------------------- In einer E-Mail behaupten Kriminelle, dass PayLife-Kund/innen ihre persönlichen Daten bestätigen müssen. Tun sie das nicht, müssen sie angeblich 89,95 Euro bezahlen. Empfänger/innen, die der Aufforderung nachkommen, übermitteln sensible Kreditkarteninformationen an Verbrecher/innen. --------------------------------------------- https://www.watchlist-internet.at/phishing/unechte-paylife-nachricht-ihre-k… *** Windows 10 Anniversary Update is infested with bugs *** --------------------------------------------- Last month, I warned readers that Microsofts Windows 10 Anniversary Update would likely be somewhat buggy and suggested consumers should wait awhile before installing it. Unfortunately, my advice proved valid.Windows 10 Anniversary Update infestationThere are widespread reports of significant bugs in the update, and theyre causing systems to freeze, browsers to misbehave, and peripherals - including Xbox One controllers - to malfunction. Two major antivirus companies also warn that... --------------------------------------------- http://www.cio.com/article/3104774/windows-security/windows-10-anniversary-… *** QuadRooter vulnerability: 5 things to know about this Android security scare *** --------------------------------------------- Once again, its Android security scare season. This morning news broke of the latest collection of vulnerabilities, discovered by security firm Check Point and grouped together under the catchy monicker "QuadRooter." As usual, most of the reporting has focused on worst-case scenarios and a shockingly huge number of potentially vulnerable devices - in this case, an estimated 900 million. Were going to break down exactly whats going on, and just how vulnerable youre likely to be. --------------------------------------------- http://www.androidcentral.com/quadrooter-5-things-know-about-latest-android… *** IPv6 router bug: Juniper spins out hotfix to thwart DDoS attacks *** --------------------------------------------- Vulnerability common to devices routing IPv6; Cisco offered partial fix in July. --------------------------------------------- http://arstechnica.com/security/2016/08/ipv6-router-bug-juniper-cisco-ddos-… *** Security Bulletin Posted for Adobe Experience Manager (APSB16-27) *** --------------------------------------------- Adobe has published a Security Bulletin for Adobe Experience Manager(APSB16-27). Adobe recommends users apply the relevant hotfix to their product installation using the instructions referenced in the security bulletin. Adobe is not planning to issue a security update for Flash Player this... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1385 *** Cisco IOS and IOS XE Software Crafted Network Time Protocol Packets Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the processing of Network Time Protocol (NTP) packets by Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device.The vulnerability is due to insufficient checks on clearing the invalid NTP packets from the interface queue. An attacker could exploit this vulnerability by sending a number of crafted NTP packets to be processed by an affected device. An exploit... --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Foxit Reader Multiple Flaws Let Remote Users Obtain Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1036558 *** Vuln: OpenSSH CVE-2016-6515 Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/92212 *** Bugtraq: ESA-2016-070: RSA Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/539157 *** Bugtraq: [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 *** --------------------------------------------- http://www.securityfocus.com/archive/1/539159 *** Trend Micro Control Manager (TMCM) Multiple Vulnerabilities *** --------------------------------------------- https://esupport.trendmicro.com/solution/en-US/1114749.aspx *** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) Multiple Vulnerabilities *** --------------------------------------------- https://esupport.trendmicro.com/solution/en-US/1114746.aspx *** Trend Micro Smart Protection Server (Standalone) Multiple Vulnerabilities *** --------------------------------------------- https://esupport.trendmicro.com/solution/en-US/1114913.aspx *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: AppScan Source vulnerable to denial of service caused by an XML External Entity (CVE-2016-3033) *** http://www.ibm.com/support/docview.wss?uid=swg21987326 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Monitoring Buffer Overflow (CVE-2016-2946 ) *** http://www.ibm.com/support/docview.wss?uid=swg21984578 --------------------------------------------- *** IBM Security Bulletin: Lotus Protector for Mail Security affected by Cross Site Scripting (CVE-2016-2991) *** http://www-01.ibm.com/support/docview.wss?uid=swg21985280 --------------------------------------------- *** IBM Security Bulletin:Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-0729 CVE-2016-4463) *** http://www.ibm.com/support/docview.wss?uid=swg21987267 --------------------------------------------- *** IBM Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-7548, CVE-2015-8749 CVE-2015-1850) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024106 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 8-08-2016
by Daily end-of-shift report 08 Aug '16

08 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-08-2016 18:00 − Montag 08-08-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** F5 Security Advisory: glibc vulnerability CVE-2016-3706 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/06/sol06493172.html?… *** Smoke Loader - downloader with a smokescreen still alive *** --------------------------------------------- This time we will have a look at another payload from recent RIG EK campaign. It is Smoke Loader (also known as Dofoil), a bot created several years ago. One of its early versions was advertised on the black marker in 2011.Categories: Malware Threat analysisTags: DofoildownloaderRIG EKsmoke loader(Read more...) --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2016/08/smoke-loader-download… *** Docker Unspecified Flaw Lets Remote Authenticated Users Deny Service on the Target Swarm Cluster *** --------------------------------------------- http://www.securitytracker.com/id/1036548 *** Apple iOS Memory Corruption Error in IOMobileFrameBuffer Lets Applications Gain Elevated Privileges on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1036546 *** FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016080052 *** This PC monitor hack can manipulate pixels for malicious effect *** --------------------------------------------- Don't believe everything you see. It turns out even your computer monitor can be hacked.On Friday, researchers at DEF CON presented a way to manipulate the tiny pixels found on a computer display.Ang Cui and Jatin Kataria of Red Balloon Security were curious how Dell monitors worked and ended up reverse-engineering one.They picked apart a Dell U2410 monitor and found that the display controller inside can be used to change and log the pixels across the screen.During their DEF CON... --------------------------------------------- http://www.cio.com/article/3104974/this-pc-monitor-hack-can-manipulate-pixe… *** Angriff auf Geldautomaten mit Fernsteuerung *** --------------------------------------------- Ein Sicherheitsforscher hat auf der Blackhat-Konferenz demonstriert, wie sich trotz PIN-Absicherung Bargeld von fremden Konten ziehen lässt. Angeblich lässt sich dabei auch an modernen Geldautomaten die PIN abgreifen, ohne Spuren zu hinterlassen. --------------------------------------------- http://heise.de/-3289469 *** Externe Festplatten mit Verschlüsselung knackbar *** --------------------------------------------- Viele USB-Festplatten mit Vollverschlüsselung und PIN-Tastatur lassen sich vermutlich entschlüsseln, wenn man die Firmware des USB-SATA-Bridge-Chips austauscht. --------------------------------------------- http://heise.de/-3289530 *** Video surveillance recorders RIDDLED with 0-days *** --------------------------------------------- Kit from NUUO, Netgear has face-palm grade stoopid There are multiple Web interface vulnerabilities in a network video recorder under Netgears ReadyNAS brand and various devices by video recording company NUUO. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/08/07/nuuo_netgea… *** Strider: Cyberespionage group turns eye of Sauron on targets *** --------------------------------------------- Low-profile group uses Remsec malware to spy on targets in Russia, China, and Europe. Twitter Card Style: summary_large_image A previously unknown group called Strider has been conducting cyberespionage-style attacks against selected targets in Russia, China, Sweden, and Belgium. The group uses an advanced piece of malware known as Remsec (Backdoor.Remsec) to conduct its attacks.read more --------------------------------------------- http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-ey… *** Week in review: Black Hat USA 2016 coverage, QRLJacking, exposed SAP systems *** --------------------------------------------- Here's an overview of some of last week's most interesting news and articles: Black Hat USA 2016 Want to learn the news from Black Hat USA 2016? Get is all from our dedicated coverage page. QRLJacking: A new attack vector for hijacking online accounts We all know that scanning random QR codes is a risky proposition, but a newly detailed social engineering attack vector dubbed QRLJacking adds another risk layer to their use. 36000 SAP... --------------------------------------------- https://www.helpnetsecurity.com/2016/08/08/week-review-black-hat-usa-2016-c… *** Bugtraq: vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) *** --------------------------------------------- http://www.securityfocus.com/archive/1/539149 *** VMware product updates address multiple important security issues *** --------------------------------------------- VMware product updates address a DLL hijacking issue in Windows-based VMware Tools and an HTTP Header injection issue in vCenter Server and ESXi. Relevant Products: VMware vCenter Server VMware vSphere Hypervisor (ESXi) VMware Workstation Pro VMware Workstation Player VMware Fusion VMware Tools --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0010.html *** Remote Butler attack: APT groups' dream come true *** --------------------------------------------- Microsoft security researchers have come up with an extension of the "Evil Maid" attack that allows attackers to bypass local Windows authentication to defeat full disk encryption: "Remote Butler". Demonstrated at Black Hat USA 2016 by researchers Tal Be'ery and Chaim Hoch, the Remote Butler attack has one crucial improvement over Evil Maid: it can be effected by attackers who do not have physical access to the target Windows computer that has, at one time,... --------------------------------------------- https://www.helpnetsecurity.com/2016/08/08/remote-butler-attack/ *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM WebSphere Real Time *** --------------------------------------------- Java SE issues disclosed in the Oracle July 2016 Critical Patch Update CVE(s): CVE-2016-3598, CVE-2016-3511, CVE-2016-3485 Affected product(s) and affected version(s): These vulnerabilities affect IBM WebSphere Real Time Version 3 Service Refresh 9 Fix Pack 40 and earlier releases Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=swg21987762X-Force Database:... --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg21987762 *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition *** --------------------------------------------- Java SE issues disclosed in the Oracle July 2016 Critical Patch Update CVE(s): CVE-2016-3610, CVE-2016-3598, CVE-2016-3606, CVE-2016-3587, CVE-2016-3511, CVE-2016-3550, CVE-2016-3485 Affected product(s) and affected version(s): These vulnerabilities affect IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 26 and earlier releases These vulnerabilities affect IBM SDK, Java Technology Edition, Version 6R1 Service... --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg21986642 *** IBM Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry(CVE-2015-7548, CVE-2015-8749 CVE-2015-1850) *** --------------------------------------------- IBM SmartClound Entry is vulnerable to several Openstack Nova vulerabilities, which could allow a local authenticated attacker or a remote attacker to obtain sensitive information CVE(s): CVE-2015-8749, CVE-2015-7548, CVE-2015-1850 Affected product(s) and affected version(s): IBM SmartCloud Entry 3.2 through Appliance fix pack 21 IBM SmartCloud Entry 3.1 through Appliance fix pack 21 Refer to the... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1023865 *** VU#735416: UltraVNC repeater does not restrict IP addresses or ports by default *** --------------------------------------------- Vulnerability Note VU#735416 UltraVNC repeater does not restrict IP addresses or ports by default Original Release date: 08 Aug 2016 | Last revised: 08 Aug 2016 Overview UltraVNC repeater versions prior to ultravnc_repeater_1300 do not restrict usage by IP address by default and cannot restrict by ports, which may be leveraged to induce connections to arbitrary hosts using any port. Description CWE-16: Configuration - CVE-2016-5673UltraVNC repeater acts as a proxy to route remote desktop VNC... --------------------------------------------- http://www.kb.cert.org/vuls/id/735416 *** Neuer auftretender Verschlüsselungs-Trojaner (Ransomware) machen Daten unwiederbringlich unbrauchbar *** --------------------------------------------- [...] Die derzeit auftretenden Varianten der Ransomware benennen sich Vegclass(a)aol.com, Salazar-Slytherin10(a)yahoo.com, usw., der eigentliche Schadcode dürfte dabei jedoch auf die aus Russland stammende Ransomware "Troldesh" zurück zu führen sein. --------------------------------------------- http://www.bmi.gv.at/cms/bmi/_news/bmi.aspx?id=524B7A526E703148456D553D&pag… *** Malware mit Barcodes und Excel in abgeschottete Netze einschleusen *** --------------------------------------------- Ein Hacker bringt Malware auf einem Umweg in Netzwerke, bei denen weder USB noch optische Laufwerke oder Netzwerktransfers funktionieren. Er verwandelt die Software in 2D-Barcodes, die er dann mit Excel wieder in ausführbaren Code verwandelt. --------------------------------------------- http://heise.de/-3290119 *** Qualcomm-powered Android devices plagued by four rooting flaws *** --------------------------------------------- Hundreds of millions of Android devices based on Qualcomm chipsets are likely exposed to at least one of four critical vulnerabilities that allow non-privileged apps to take them over.The four flaws were presented by security researcher Adam Donenfeld from Check Point Software Technologies on Sunday at the DEF CON security conference in Las Vegas. They were reported to Qualcomm between February and April, and the chipset maker has since released fixes for the vulnerabilities after classifying... --------------------------------------------- http://www.cio.com/article/3104896/qualcomm-powered-android-devices-plagued… *** Data Breach At Oracle's MICROS Point-of-Sale Division *** --------------------------------------------- A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached more than 700 computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers appear to have compromised a customer support portal for companies using Oracles MICROS point-of-sale credit card payment systems. --------------------------------------------- http://krebsonsecurity.com/?p=35752

1 0

Tageszusammenfassung - Freitag 5-08-2016
by Daily end-of-shift report 05 Aug '16

05 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-08-2016 18:00 − Freitag 05-08-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** iPhone: Nach Diebstahl auf gezieltes Phishing achten *** --------------------------------------------- Diebe setzen auf nachgestellte Apple-Anschreiben, um Beklaute zur Eingabe der Zugangsdaten zu bewegen. Damit können sie die Aktivierungssperre aufheben und das gestohlene iPhone voll funktionsfähig verkaufen. --------------------------------------------- http://heise.de/-3288554 *** Microsoft Bounty Programs Expansion – Microsoft Edge Remote Code Execution (RCE) Bounty *** --------------------------------------------- I’m very happy to announce another addition to the Microsoft Bounty Programs. Microsoft will be hosting a .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2016/08/04/microsoft-bounty-progra… *** Pwnie Awards 2016: Die Oscars der Security-Szene gehen an … *** --------------------------------------------- Die süßen goldenen Pwnies gingen unter anderem an Tavis Ormandy, Charlie Miller, Juniper und Western Digital. Nicht .. --------------------------------------------- http://heise.de/-3288420 *** To Obfuscate, or not to Obfuscate *** --------------------------------------------- Introduction Malwares goal is to bypass computer defenses, infect a target, and often remain on the system as long as possible. A variety of techniques are used to accomplish .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/To-Obfuscate,-or-not-to… *** Apple will Hackern 200.000 Dollar für Bug-Entdeckung zahlen *** --------------------------------------------- Während Microsoft, Google und Co schon länger Bug Bounty-Programme betreiben, hielt sich Apple bislang zurück --------------------------------------------- http://derstandard.at/2000042391260 *** Cyber Grand Challenge: IT-Security könnte sich radikal ändern *** --------------------------------------------- Wenn Computer völlig autonom Sicherheitslücken suchen, finden und dann entweder stopfen oder ausnutzen, bleibt .. --------------------------------------------- http://heise.de/-3288820 *** WPAD: 20 Jahre altes Protokoll bringt Millionen Nutzer in Gefahr *** --------------------------------------------- Das Protokoll WPAD dient zum automatischen Konfigurieren von Proxies und stellt eine lange bekannte .. --------------------------------------------- http://heise.de/-3288801 *** Odd Packet: Any ideas where this comes from?, (Fri, Aug 5th) *** --------------------------------------------- Out reader submitted to us severalodd packets. Of course, I cant resist to figure out what is exactly going on here: The packets appearto include a lengthy pre-ample, but I .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21343 *** Frequent Password Changes is a Bad Security Idea *** --------------------------------------------- Ive been saying for years that its bad security advice, that it encourages poor passwords. Lorrie Cranor, now the FTCs chief technologist, agrees:By studying the data, the researchers identified common techniques .. --------------------------------------------- https://www.schneier.com/blog/archives/2016/08/frequent_passwo.html *** Nach Bitcoin-Hack: Bitfinex-Diebe wollen jetzt spenden *** --------------------------------------------- Nachdem Angreifer bei Bitfinex Bitcoin im Wert von rund 72 Millionen US-Dollar entwendet haben, wollen sie offenbar einen Teil davon spenden. Insgesamt 1.000 Bitcoin .. --------------------------------------------- http://www.golem.de/news/nach-bitcoin-hack-bitfinex-diebe-wollen-jetzt-spen…

1 0

Tageszusammenfassung - Donnerstag 4-08-2016
by Daily end-of-shift report 04 Aug '16

04 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-08-2016 18:00 − Donnerstag 04-08-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability *** --------------------------------------------- A vulnerability in the administrative web interface of Cisco TelePresence Video Communication Server Expressway could allow an authenticated, remote attacker to execute arbitrary commands on the affected system.The .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability *** --------------------------------------------- A vulnerability in the command-line interface (CLI) command parser of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Administration Views - Critical - Access bypass - SA-CONTRIB-2016-041 *** --------------------------------------------- https://www.drupal.org/node/2778501 *** Snitches get stitches: Little Snitch bugs were a blessing for malware *** --------------------------------------------- Now-patched kernel-level flaw in OS X app firewall will be revealed this week DEF CON Vulnerabilities in popular OS X security tool Little Snitch potentially granted malicious applications extra powers, undermining the protection offered by the software. --------------------------------------------- www.theregister.co.uk/2016/08/03/mac_firewall_littlesnitch/ *** A look into Neutrino EK’s jQueryGate *** --------------------------------------------- In the cybercrime landscape, Exploit Kits (EKs) are the tools of choice to infect endpoints by exploiting software vulnerabilities. However, a critical component EKs .. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016… *** [20160802] - Core - XSS Vulnerability *** --------------------------------------------- https://developer.joomla.org/security-centre/653-20160802-core-xss-vulnerab… *** [20160801] - Core - ACL Violation *** --------------------------------------------- https://developer.joomla.org/security-centre/652-20160801-core-core-acl-vio… *** [20160803] - Core - CSRF *** --------------------------------------------- https://developer.joomla.org/security-centre/654-20160803-core-csrf.html *** XML External Entity Injection Opens Door to Attacks, Theft *** --------------------------------------------- XML is a popular language for web developers, partially due to its software and hardware independence. Recently, however, XML security is under threat from XML external .. --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/xml-external-entity-injection-opens-do… *** A Plugin’s Expired Domain Poses a Security Threat to Websites *** --------------------------------------------- Do you keep all your website software (including all third-party themes, plugins and components) up-to-date? You should! We always recommend this to our .. --------------------------------------------- https://blog.sucuri.net/2016/08/plugin-expired-domain-security-threat.html *** DSA-3639 wordpress - security update *** --------------------------------------------- https://www.debian.org/security/2016/dsa-3639 *** Activity Log <= 2.3.2 - Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8584 *** HEIST: Timing- und Kompressionsangriff auf TLS *** --------------------------------------------- Durch die geschickte Kombination eines Timing-Angriffs in Javascript und der bereits bekannten BREACH-Attacke ist es möglich, Geheimnisse in TLS-Verbindungen zu entschlüsseln. Anders als früher ist dafür kein Man-in-the-Middle-Angriff nötig. --------------------------------------------- http://www.golem.de/news/heist-timing-und-kompressionsangriff-auf-tls-1608-… *** Activity Log <= 2.3.2 - Cross-Site Scripting (XSS) in page *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8585 *** Phishing-Studie: Neugier siegt über Sicherheitsbedenken *** --------------------------------------------- Allen Warnungen und Sicherheitsvorkehrungen zum Trotz: Nutzer lassen sich sehr leicht auf eine Webseite locken, wenn die Phishing-Mail verführerisch genug klingt. Das sollte Auswirkungen auf die Sicherheitsarchitektur haben, fordern Forscher. --------------------------------------------- http://www.golem.de/news/phishing-studie-neugier-siegt-ueber-sicherheitsbed… *** Social Engineering: Jeder zweite fällt auf USB-Sticks und Facebook-Nachrichten rein *** --------------------------------------------- Würden Sie einen gerade gefundenen USB-Stick anschließen? Würden Sie auf den Link in einer Facebook-Nachricht einer Ihnen unbekannten Person klicken? Laut zwei Studien beantworten dies viele mit nein – tun es aber trotzdem. --------------------------------------------- http://heise.de/-3287818 *** DSA-3640 firefox-esr - security update *** --------------------------------------------- https://www.debian.org/security/2016/dsa-3640 *** DSA-3638 curl - security update *** ---------------------------------------------- https://www.debian.org/security/2016/dsa-3638

1 0

Tageszusammenfassung - Mittwoch 3-08-2016
by Daily end-of-shift report 03 Aug '16

03 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-08-2016 18:00 − Mittwoch 03-08-2016 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** MICROSOFT LIVE ACCOUNT CREDENTIALS LEAKING FROM WINDOWS 8 AND ABOVE *** --------------------------------------------- Discovered in 1997 by Aaron Spangler and never fixed, the WinNT/Win95 Automatic Authentication Vulnerability (IE Bug #4) is certainly an excellent vintage. In Windows 8 and 10, the same bug has now been found to potentially leak the user's Microsoft Live account login and (hashed) password information, which is also used to access OneDrive, Outlook, Office, Mobile, Bing, Xbox Live, MSN and Skype (if used with a Microsoft account). --------------------------------------------- https://hackaday.com/2016/08/02/microsoft-live-account-credentials-leaking-… *** Internet-Telefonie: Datenschützer raten zu Perfect Forward Secrecy *** --------------------------------------------- Die Internationale Arbeitsgruppe zum Datenschutz in der Telekommunikation empfiehlt den Einsatz von sicherer Verschlüsselung bei Apps für VoIP oder Chats. Anbieter sollten möglichst wenig personenbezogene Informationen speichern. --------------------------------------------- http://heise.de/-3285356 *** SAP ASE file creation vulnerability (CVE-2016-6196) *** --------------------------------------------- Recently SAP released a patch for an Adaptive Server Enterprise vulnerability that allows legitimate database users to create files on disk where the server process can write to. This is useful when doing a chained database attack - first create... --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/SAP-ASE-file-creation-v… *** The Dark Side of Certificate Transparency, (Wed, Aug 3rd) *** --------------------------------------------- I am a big fan of the idea behind Certificate Transparency [1]. The real problem with SSL (and TLS... it really doesnt matter for this discussion) is not the weak ciphers or subtle issues with algorithms (yes, you should still fix it), but the certificate authority trust model. It has been too easy in the past to obtain a fraudulent certificate [2]. There was little accountability when it came to certificate authorities issuing test certificates, or just messing up, and validating the wrong... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21329&rss *** Windows 10 Anniversary Update fordert signierte Treiber schärfer ein *** --------------------------------------------- Seit der 64-Bit-Version von Windows Vista verlangt Microsoft digital signierte Treiber für PC-Komponenten; die jüngste Windows-10-Version 1607 (Redstone) schraubt die Anforderungen höher. --------------------------------------------- http://heise.de/-3285419 *** Unsichere SMS-Authentifizierung: Telegram-Accounts in Iran offenbar gehackt *** --------------------------------------------- Der Messengerdienst Telegram gilt vielen als sichere Alternative zu Whatsapp. Doch es ist durchaus möglich, Sicherheitsvorkehrungen auszuhebeln und an Accounts zu gelangen. --------------------------------------------- http://www.golem.de/news/unsichere-sms-authentifizierung-telegram-accounts-… *** FossHub kompromittiert: Software-Installer mit Malware infiziert *** --------------------------------------------- Die Download-Plattform FossHub ist gehackt worden. Die Hacker haben die Installer von verbreiteten Open-Source-Programmen mit Malware infiziert die den Bootloader überschreibt. --------------------------------------------- http://heise.de/-3286347 *** A brief introduction to Forensic Readiness *** --------------------------------------------- Introduction As defined in the RFC 2350 (Expectations for Computer Security Incident Response), the security incident is any adverse event which compromises some aspect of computer or network security. The definition of an incident may vary between organizations but generally is related to the compromise of confidentiality (i.e. document theft), integrity (i.e. alteration of the... --------------------------------------------- http://resources.infosecinstitute.com/a-brief-introduction-to-forensic-read… *** Finding and Enumerating Processes within Memory-Part 1 *** --------------------------------------------- In this article series, we will learn about how processes reside in memory and various ways to find and enumerate them. I will be using Volatility plugins to find processes in memory. Once we know how to find processes within memory, in Part 2 we will see how to enumerate through them. Note: The scope... --------------------------------------------- http://resources.infosecinstitute.com/finding-and-enumerating-processes-wit… *** Social Engineering: Wie man anderen mit Schokolade das Passwort entlocken kann *** --------------------------------------------- Wissenschafter belegen erschreckend leichtfertigen Umgang mit vertraulichen Daten --------------------------------------------- http://derstandard.at/2000042272093-406 *** Four high-profile vulnerabilities in HTTP/2 revealed *** --------------------------------------------- Imperva released a new report at Black Hat USA 2016, which documents four high-profile vulnerabilities researchers at the Imperva Defense Center found in HTTP/2, the new version of the HTTP protocol that serves as one of the main building blocks of the Worldwide Web. HTTP/2 introduces new mechanisms that effectively increase the attack surface of business critical web infrastructure which then becomes vulnerable to new types of attacks. Imperva researchers took an in-depth look at... --------------------------------------------- https://www.helpnetsecurity.com/2016/08/03/vulnerable-http2/ *** Stealing payment card data and PINs from POS systems is dead easy *** --------------------------------------------- Many of the large payment card breaches that hit retail and hospitality businesses in recent years were the result of attackers infecting point-of-sale systems with memory-scraping malware. But there are easier ways to steal this sort of data, due to a lack of authentication and encryption between card readers and the POS payment applications.POS systems are specialized computers. They typically run Windows and have peripherals like keyboards, touch screens, barcode scanners and card readers... --------------------------------------------- http://www.cio.com/article/3102922/stealing-payment-card-data-and-pins-from… *** Nagios Core Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1036513 *** Moxa SoftCMS SQL Injection Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a SQL injection vulnerability in Moxas SoftCMS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-215-01 *** Siemens SINEMA Server Privilege Escalation Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a privilege escalation vulnerability in the Siemens SINEMA Server. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-215-02

1 0

Tageszusammenfassung - Dienstag 2-08-2016
by Daily end-of-shift report 02 Aug '16

02 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 01-08-2016 18:00 − Dienstag 02-08-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Android Security Bulletin August 2016 *** --------------------------------------------- https://source.android.com/security/bulletin/2016-08-01.html *** Google Domain Enables HSTS Protection *** --------------------------------------------- Google ensures HTTPS connections to its domains with support for HTTP Strict Transport Security, or HSTS. --------------------------------------------- http://threatpost.com/google-domain-enables-hsts-protection/119597/ *** DSA-3637 chromium-browser - security update *** --------------------------------------------- https://www.debian.org/security/2016/dsa-3637 *** Slinging Hash: Speeding Cyber Threat Hunting Methodologies via Hash-Based Searching *** --------------------------------------------- Introduction The term "hash" is thrown around in casual IT conversation quite a bit nowadays, .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Slinging-Hash--Speeding… *** 36000 SAP systems exposed online, most open to attacks *** --------------------------------------------- ERPScan released the first comprehensive SAP Cybersecurity Threat Report, which covers three main angles: Product Security, Implementation Security, and Security Awareness. The company used its own scanning method to gather .. --------------------------------------------- https://www.helpnetsecurity.com/2016/08/02/sap-cybersecurity-report/ *** Im Darknet werden 200 Millionen Yahoo-Accounts verkauft *** --------------------------------------------- Login-Informationen zu rund 200 Millionen Yahoo-Accounts werden zum Verkauf angeboten. Und Yahoo weiß darüber Bescheid. --------------------------------------------- http://futurezone.at/digital-life/im-darknet-werden-200-millionen-yahoo-acc… *** FireEye admits filtering out legitimate emails in sniffer snafu *** --------------------------------------------- Benign messages frogmarched into quarantine FireEye has admitted that a snafu involving its email filtering technology meant harmless messages were shuffled off to quarantine for no good reason. --------------------------------------------- www.theregister.co.uk/2016/08/02/fireeye_filtering_snafu/ *** Kasperskys Herz für Hacker: 50.000 US-Dollar für gemeldete Bugs *** --------------------------------------------- Als zweiter AV-Hersteller führen die Russen ein Bug-Bounty-Programm ein. Sicherheitsforscher sollen nun Geld dafür bekommen, Schwachstellen in Kaspersky-Produkten zu finden. --------------------------------------------- http://heise.de/-3284172 *** Introducing the p0f BPF compiler *** --------------------------------------------- Two years ago we blogged about our love of BPF (BSD packet filter) bytecode.CC BY 2.0 image by jim simonsonThen we published a set of utilities we are using to generate the BPF .. --------------------------------------------- https://blog.cloudflare.com/introducing-the-p0f-bpf-compiler/ *** Timing Attacks in the Modern Web *** --------------------------------------------- Before you explore all the details of these browser-based timing attacks, head over to my laboratories to play around with these attacks yourself! --------------------------------------------- https://tom.vg/2016/08/browser-based-timing-attacks/

1 0

Tageszusammenfassung - Montag 1-08-2016
by Daily end-of-shift report 01 Aug '16

01 Aug '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 29-07-2016 18:00 − Montag 01-08-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Fake FreeDNS Used to Redirect Traffic to Malicious Sites *** --------------------------------------------- During the last couple of days we performed a few similar cleanup requests where sites occasionally redirected visitors to malicious sites that displayed ads, spam and malicious downloads. One of our security analysts, Andrey Kucherov, .. --------------------------------------------- https://blog.sucuri.net/2016/07/fake-freedns-used-to-redirect-traffic-to-ma… *** SwiftKey zeigt Vorschläge fremder Nutzer *** --------------------------------------------- Nutzer des alternativen Smartphone-Keyboards SwiftKey haben Wortvorschläge fremder Nutzer erhalten. Neben Wörtern in anderen Sprachen sollen auch fremde E-Mail-Adressen darunter gewesen sein. --------------------------------------------- http://heise.de/-3282177 *** DSA-3636 collectd - security update *** --------------------------------------------- Emilien Gaspar discovered that collectd, a statistics collection andmonitoring daemon, incorrectly processed incoming networkpackets. This resulted in a heap overflow, allowing a remote attackerto either cause a DoS via application crash, or potentially executearbitrary code. --------------------------------------------- https://www.debian.org/security/2016/dsa-3636 *** HTML-Injection-Lücke erlaubte Zertifikatsklau bei Comodo *** --------------------------------------------- Eine Lücke im Zertifikats-Bestellsystem der Certification Authority Comodo erlaubte es Angreifern, sich SSL-Zertifikate für fremde Websites ausstellen zu lassen, was Man-in-the-middle-Lauschangriffe auf deren Traffic ermöglicht. --------------------------------------------- http://heise.de/-3282183 *** Xen Vulnerability Allows Hackers To Escape Qubes OS VM And Own the Host *** --------------------------------------------- Slashdot reader Noryungi writes: Qubes OS certainly has an intriguing approach to security, but a newly discovered Xen vulnerability allows a hacker to escape a VM and own the host. If you are running Qubes, make sure you update .. --------------------------------------------- https://tech.slashdot.org/story/16/07/30/1552244/xen-vulnerability-allows-h… *** DSA-3634 redis - security update *** --------------------------------------------- It was discovered that redis, a persistent key-value database, did notproperly protect redis-cli history files: they were created by defaultwith world-readable permissions. --------------------------------------------- https://www.debian.org/security/2016/dsa-3634 *** Are you getting I-CANNED? *** --------------------------------------------- One year ago, I already covered the impact that ICANNs latest money grab was having on security, see https://isc.sans.edu/forums/diary/httpsyourfakebanksupport+TLD+confusion+st…. ICANN is the organization that .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21323 *** Booking Calendar <= 6.2 - SQL Injection *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8576 *** Booking Calendar <= 6.2 - Reflected Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8575 *** Pokémon GO Creators Twitter Account Hacked — Pika, Pikaaaa! *** --------------------------------------------- Twitter account of another high-profile CEO has been hacked! This time, its Niantic CEO John Hanke, the developer behind the worlds most popular game Pokémon GO. And it .. --------------------------------------------- https://thehackernews.com/2016/07/pokemon-go-hack.html *** Kaspersky DDoS Intelligence Report for Q2 2016 *** --------------------------------------------- In Q2 2016, the geography of DDoS attacks narrowed to 70 countries, with China accounting for 77.4% of attacks. In fact, 97.3% of the targeted resources were located in .. --------------------------------------------- http://securelist.com/analysis/quarterly-malware-reports/75513/kaspersky-dd… *** INTERPOL Arrests Business Email Compromise Scam Mastermind *** --------------------------------------------- Business Email Compromise (BEC) attacks have proven to be an effective tactic, with criminals stealing large amounts of money from various businesses. From 2013 to 2015, BEC-related damages were estimated at US$ 2.3 billion. Targeting .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/interpol-arrests… *** Sicherheitslücke: Millionen Daten von Flugreisenden jahrelang im Internet *** --------------------------------------------- Rechnungen, Namen und teilweise sogar die Bankdaten von Flugreisenden waren jahrelang ohne technische Hürden offen im Netz verfügbar - ohne, dass es jemandem aufgefallen wäre. Auch Kriminelle haben die Daten nach aktuellem Stand übersehen. --------------------------------------------- http://www.golem.de/news/sicherheitsluecke-millionen-daten-von-flugreisende…

1 0

Tageszusammenfassung - Freitag 29-07-2016
by Daily end-of-shift report 29 Jul '16

29 Jul '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 28-07-2016 18:00 − Freitag 29-07-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Long-running malvertising campaign infected thousands of computers per day *** --------------------------------------------- Security researchers have shut down a large-scale malvertising operation that used sophisticated techniques to remain undetected for months and served exploits to millions of computers.The operation, dubbed AdGholas, has been running since at least October 2015. According to security vendor Proofpoint, the gang behind it managed to distribute malicious advertisements through more than 100 ad exchanges, attracting between 1 million and 5 million page hits per day.The Proofpoint researchers... --------------------------------------------- http://www.cio.com/article/3101817/long-running-malvertising-campaign-infec… *** Would You Use This ATM? *** --------------------------------------------- One basic tenet of computer security is this: If you cant vouch for a networked things physical security, you also cannot vouch for its cybersecurity. Thats because in most cases, networked things really arent designed to foil a skilled and determined attacker who can freely connect his own devices. So you can imagine my shock and horror seeing a Cisco switch and wireless antenna sitting exposed atop of an ATM out in front of a bustling grocery store in my hometown of Northern Virginia. --------------------------------------------- http://krebsonsecurity.com/2016/07/would-you-use-this-atm/ *** Q2 DDoS activity up 83%, report *** --------------------------------------------- Nexusguard researchers noticed an 83 percent uptick in DDoS attacks in Q2 2016 compared to Q1. --------------------------------------------- http://www.scmagazine.com/q2-ddos-threat-report-notes-83-percent-uptick/art… *** Pwnie Express open sources IoT and Bluetooth security tools *** --------------------------------------------- Pwnie Express announced the availability of open sourced versions of its Blue Hydra and Android build system software. The release of these tools enable comprehensive Bluetooth detection and community based development of penetration testing Android devices. Bluetooth detection is critical for effective device threat detection and must cover both Low energy (LE) and Classic Bluetooth standards. Blue Hydra has also been integrated into Pwnie's monitoring platform, Pulse, to provide... --------------------------------------------- https://www.helpnetsecurity.com/2016/07/29/pwnie-express-iot-bluetooth-secu… *** Businesses need to protect data, not just devices *** --------------------------------------------- As organizations embrace the digital transformation of their business, they are increasingly facing new security concerns. More companies are moving away from device-centric, platform-specific endpoint security technologies toward an approach that secures their applications and data everywhere. A new Citrix Qualtrics survey revealed that: More than half of Citrix customers reported that they are changing the way their SecOps teams are operated because of the increase in ransomware, targeted... --------------------------------------------- https://www.helpnetsecurity.com/2016/07/29/protect-data-not-just-devices/ *** Virtually all business cloud apps lack enterprise grade security *** --------------------------------------------- Blue Coat Systems analyzed apps for their ability to provide compliance, data protection, security controls and more. Of the 15,000 apps analyzed, it was revealed that 99 percent do not provide sufficient security, compliance controls and features to effectively protect enterprise data in the cloud. Shadow data still a major threat Their report revealed that shadow data, unmanaged content employees store and share across cloud apps, continues to remain a major threat, with 23 percent... --------------------------------------------- https://www.helpnetsecurity.com/2016/07/29/business-cloud-apps-lack-enterpr… *** Elektronikversand Pollin bestätigt schwerwiegenden Hacker-Angriff *** --------------------------------------------- Nachdem die Kundendaten bereits für personalisierte Phishing-Angriffe missbraucht wurden, erklärte der Elektronik-Shop nun, dass seine Server angegriffen wurden. Die Täter haben viel mitgenommen, darunter auch offenbar die Bankverbindungen der Kunden. --------------------------------------------- http://heise.de/-3281324 *** Malicious RTF Files, (Fri, Jul 29th) *** --------------------------------------------- About a year ago I received RTF samples that I could not analyze with RTFScan or rtfobj (FYI: Philippe Lagadec has improved rtfobj.py significantly since then). So I started to write my own RTF analysis tool (rtfdump), but I was not satisfied enough with the way I presented the analysis result to warrant a release of my tool. Last week, I started analyzing new samples and updating my tool. I released it, and show how I analyze sample 07884483f95ae891845caf0d50ce507f in this diary entry. This... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21315&rss *** Unter Windows 10 Pro gelten bald nicht mehr alle Gruppenrichtlinien *** --------------------------------------------- Mit Windows 10, insbesondere dem "Anniversary Update", ändert Microsoft die Anwendungslogik von Gruppenrichtlinien. Künftig entscheidet nicht nur die Version des Betriebssystems (Windows 7/8/10), sondern auch die Edition (Pro, Enterprise). [...] Nach dem Update wird es mit Pro-Ausgaben von Windows 10 nicht mehr möglich sein, das Verhalten zentral zu steuern. Und ganz nebenbei werden auch Umwege verschlossen, zum Beispiel die Manipulation per Registry-Schlüssel. --------------------------------------------- http://www.heise.de/newsticker/meldung/Unter-Windows-10-Pro-gelten-bald-nic… *** Citrix NetScaler Service Delivery Appliance Multiple Security Updates *** --------------------------------------------- A number of vulnerabilities have been identified in the Citrix NetScaler Service Delivery Appliance (SDX) that could allow a malicious administrative user to crash the host or other VMs and execute arbitrary code on the SDX host. --------------------------------------------- https://support.citrix.com/article/CTX206006 *** iPrint Appliance 1.1 Patch 6 *** --------------------------------------------- Abstract: This patch includes bug fixes, security fixes and a consolidation of previously released patchesDocument ID: 5250978Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:iPrint-1.1.0.417.HP.zip (27.49 MB)iPrint-1.1.0.421.HP.zip (1,008.67 MB)Products:iPrint Appliance 1.1Superceded Patches:iPrint Appliance 1.1 Patch --------------------------------------------- https://download.novell.com/Download?buildid=vv7Z6imI7Js~ *** iPrint Appliance 2.0 Patch 2 *** --------------------------------------------- Abstract: This patch includes bug fixes, security fixes and a consolidation of previously released patchDocument ID: 5250983Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:iPrint-2.0.0.531.HP.zip (721.05 MB)Products:iPrint Appliance 2Superceded Patches:iPrint Appliance 2.0 --------------------------------------------- https://download.novell.com/Download?buildid=svMlzlyK0go~ *** Bugtraq: [SYSS-2016-046] Perixx PERIDUO-710W - Missing Protection against Replay Attacks *** --------------------------------------------- http://www.securityfocus.com/archive/1/539041 *** VU#217871: Intel CrossWalk project does not validate SSL certificates after first acceptance *** --------------------------------------------- Vulnerability Note VU#217871 Intel CrossWalk project does not validate SSL certificates after first acceptance Original Release date: 29 Jul 2016 | Last revised: 29 Jul 2016 Overview The Intel Crosswalk project is a framework for developing hybrid apps for Android and iOS. The Crosswalk project does not properly handle SSL certificate validation when a user accepts an invalid certificate, preventing the app for validating any future SSL certificates. Description CWE-356: Product UI does not --------------------------------------------- http://www.kb.cert.org/vuls/id/217871 *** Bugtraq: Vicon Network Cameras - Authentication Bypass *** --------------------------------------------- http://www.securityfocus.com/archive/1/539037 *** Bugtraq: [SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks *** --------------------------------------------- http://www.securityfocus.com/archive/1/539040 *** Bugtraq: [SYSS-2016-059] Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345) *** --------------------------------------------- http://www.securityfocus.com/archive/1/539045 *** Bugtraq: [SYSS-2016-047] Perixx PERIDUO-710W - Keystroke Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/539042

1 0

Tageszusammenfassung - Donnerstag 28-07-2016
by Daily end-of-shift report 28 Jul '16

28 Jul '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 27-07-2016 18:00 − Donnerstag 28-07-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Taking Steps to Fight Back Against Ransomware *** --------------------------------------------- Ransomware is an attack in which malware encrypts files and extorts money from victims. It has become a favorite among cybercriminals because it is easy to develop, simple to execute, and does a very good job of compelling users to pay to regain access to their precious files or systems. Almost anyone and every business... --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/taking-steps-to-fight-back-against-ran… *** Infection Monkey: Test a network from an attacker's point of view *** --------------------------------------------- Infection Monkey, a tool designed to test the resiliency of modern data centers against cyber attacks, was developed as an open source tool by GuardiCore's research group. "Traditional testing tools are no longer able to effectively detect vulnerabilities in today's data center networks as they cannot continuously exploit the weakest link and propagate in-depth, resulting in a very partial view of network vulnerabilities" said Pavel Gurvich, CEO of GuardiCore. How... --------------------------------------------- https://www.helpnetsecurity.com/2016/07/28/infection-monkey-test-network-at… *** Verifying SSL/TLS certificates manually, (Thu, Jul 28th) *** --------------------------------------------- I think that we can surely say that, with all its deficiencies, SSL/TLS is still a protocol we cannot live without, and basis of todays secure communication on the Internet.Quite often I get asked on how certificates are really verified by browsers or other client utilities. Sure, the canned answer that certificates get signed by CAs and a browser verifies if signatures are correct is always there, but more persistent questions on how it exactly works happen here and there as well. So, if you... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21311&rss *** Passwort Manager: Lastpass behebt kritische Lücke *** --------------------------------------------- Die gestern von Tavis Ormandy gemeldete kritische Schwachstelle im Passwort-Manager Lastpass ist nach Angaben des Unternehmens inzwischen geschlossen worden. Ein neue Lastpass-Version soll unter Firefox bereitstehen. --------------------------------------------- http://www.golem.de/news/passwort-manager-lastpass-bestaetigt-behebung-krit… *** Phishing-Angriff auf Pollin-Kunden *** --------------------------------------------- Bei heise Security haben sich mehrere Kunden des Elektronikhändlers Pollin gemeldet, die befürchten, dass ihre persönlichen Daten einschließlich Bankverbindung bei dem Händler kopiert wurden. --------------------------------------------- http://heise.de/-3280449 *** You cant turn off Cortana in the Windows 10 Anniversary Update *** --------------------------------------------- Microsoft made an interesting decision with Windows 10's Anniversary Update, which is now in its final stages of development before it rolls out on August 2. Cortana, the personal digital assistant that replaced Windows 10's search function and taps into Bing's servers to answer your queries with contextual awareness, no longer has an off switch. --------------------------------------------- http://www.pcworld.com/article/3100358/windows/you-cant-turn-off-cortana-in… *** Security Holes Exposed In Smart Lighting System *** --------------------------------------------- Sylvania Osram Lightify vulnerabilities could allow an attacker to turn out the lights or ultimately infiltrate the corporate network. --------------------------------------------- http://www.darkreading.com/cloud/security-holes-exposed-in-smart-lighting-s… *** Hintergrund: Windows 10 mit Schutz vor Pass-the-Hash-Angriffen *** --------------------------------------------- Mit Hilfe moderner Virtualisierungstechnik soll der Credential Guard eine der gefährlichsten Angriffstechniken für Windows-Netze entschärfen. --------------------------------------------- http://heise.de/-3280610 *** DSA-3633 xen - security update *** --------------------------------------------- Multiple vulnerabilities have been discovered in the Xen hypervisor. TheCommon Vulnerabilities and Exposures project identifies the followingproblems: --------------------------------------------- https://www.debian.org/security/2016/dsa-3633 *** DSA-3632 mariadb-10.0 - security update *** --------------------------------------------- Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.26. Please see the MariaDB 10.0 Release Notes for furtherdetails: --------------------------------------------- https://www.debian.org/security/2016/dsa-3632 *** Vuln: DBD::mysql my_login() Function Use After Free Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/92118 *** Vuln: QEMU hw/scsi/esp.c Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/92119 *** F5 Security Advisory: glibc vulnerability CVE-2016-4429 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/17/sol17075474.html?… *** AXIS Authenticated Remote Command Execution *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016070209 *** DFN-CERT-2016-1153: Apache Software Foundation HTTP-Server, Lighttpd: Eine "Schwachstelle" ermöglicht HTTP-Proxy-Umleitungen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1153/ *** DFN-CERT-2016-1216: Red Hat JBoss Operations Network: Mehrere Schwachstelle ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1216/ *** Xen Security Advisory CVE-2016-5403 / XSA-184 *** --------------------------------------------- A guest can submit virtio requests without bothering to wait for completion and is therefore not bound by virtqueue size. (This requires reusing vring descriptors in more than one request, which is incorrect but possible.) Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation controlled by the guest. --------------------------------------------- http://xenbits.xen.org/xsa/advisory-184.html *** Sentinel 7.3 SP3 (Sentinel 7.3.3.0) *** --------------------------------------------- Abstract: Sentinel 7.3.3 upgrade for Sentinel 7.3Document ID: 5250650Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_server-7.3.3.0-2205.x86_64.tar.gz.sha256 (109 bytes)sentinel_server-7.3.3.0-2205.x86_64.tar.gz (1.69 GB)Products:Sentinel 7.3.2Sentinel 7.1.1Sentinel 7.1Sentinel 7.3.1Sentinel 7.2Sentinel 7.2.1Sentinel 7.3Sentinel 7.2.2Sentinel 7.0Sentinel 7.0.1Sentinel 7.0.2Sentinel 7.0.3Sentinel 7.3.3Superceded Patches: None --------------------------------------------- https://download.novell.com/Download?buildid=aGwCXcABsl0~ *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Nexus 1000v Application Virtual Switch Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Wireless LAN Controller Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Videoscape Session Resource Manager Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Prime Service Catalog Reflected Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Email Security Appliance File Type Filtering Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 27-07-2016
by Daily end-of-shift report 27 Jul '16

27 Jul '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 26-07-2016 18:00 − Mittwoch 27-07-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Dridex Re-Mastered *** --------------------------------------------- Well, its been quite an eventful time since last I posted. I have so much in the works that it is hard to tell where to begin. It seems that we are seeing new flavors of ransomware every week and botnets seem to come and go with a frequency weve not seen in a while. This week, though, I promised Dridex, so Dridex it is. --------------------------------------------- http://www.scmagazine.com/dridex-re-mastered/article/511683/ *** Analyze of a Linux botnet client source code, (Wed, Jul 27th) *** --------------------------------------------- I like to play active-defense. Every day, I extract attackers IP addresses from my SSH honeypots and performa quick Nmap scan against them. The goal is to gain more knowledge about the compromised hosts. Most of the time, hosts are located behind a residential broadband connection. But sometimes, you find more interesting stuff. When valid credentials are found, the classic scenario is the installation of a botnet client that will be controlled via IRC to launchmultiple attacks or scans. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21305&rss *** Erpressungs-Trojaner: Malware-Entwickler spioniert bei der Konkurrenz - Opfer profitieren davon *** --------------------------------------------- Auf Pastebin sind tausende Schlüssel zum Dechiffrieren von Daten aufgetaucht, die vom Verschlüsselungs-Trojaner Chimera gefangengenommen wurden. --------------------------------------------- http://heise.de/-3279201 *** Kritische Lücke in Lastpass: Entwickler arbeiten an Lösung *** --------------------------------------------- Tavis Ormandy hat eine kritische Sicherheitslücke im Passwort-Manager Lastpass gefunden und über Twitter gemeldet. Die Entwickler der Software arbeiten demnach bereits an einer Lösung. --------------------------------------------- http://heise.de/-3279424 *** Black Hat 2016: Neuer Angriff schafft Zugriff auf Klartext-URLs trotz HTTPS *** --------------------------------------------- Besonders in öffentlichen Netzwerken schützen verschlüsselte HTTPS-Verbindungen davor, dass Admins oder gar andere Nutzer im gleichen Netz den eigenen Datenverkehr belauschen. Dieser Schutz ist offenbar löchrig - und zwar auf fast allen Browsern und Betriebssystemen. --------------------------------------------- http://www.golem.de/news/black-hat-2016-neuer-angriff-schafft-zugriff-auf-k… *** Free and Commercial Tools to Implement the Center for Internet Security (CIS) Security Controls, Part 16: Account Monitoring and Control *** --------------------------------------------- This is Part 16 of a How-To effort to compile a list of tools (free and commercial) that can help IT administrators comply with what was formerly known as the "SANS Top 20 Security Controls". It is now known as the Center for Internet Security (CIS) Security Controls. A summary of the previous posts is here: Part 1 - we looked at Inventory of Authorized and Unauthorized Devices. Part 2 - we looked at Inventory of Authorized and Unauthorized Software. Part 3 - we looked at Secure... --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/free-and-commercial-to… *** From Locky with love - reading malicious attachments *** --------------------------------------------- Read on to learn how the latest downloaders used to deliver Locky ransomware and show how to statically decipher their hidden URLs.Categories: Malware Threat analysisTags: downloaderLocky(Read more...) --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2016/07/from-locky-with-love-… *** httpoxy in Österreich *** --------------------------------------------- Wir haben vorige Woche eine Warnung zu httpoxy veröffentlicht, dabei geht es um: CGI ist ein Standard, mit dem Webseiten dynamisch mit Hilfe von Scripten serverseitig erstellt werden können. Dazu werden die Informationen über den Client und zur Anfrage in Umgebungsvariablen an das Script übergeben. Enthält der HTTP-Request einen Header "Proxy:", dann wird der Inhalt dieses Headers in die Umgebungsvariable HTTP_PROXY... --------------------------------------------- http://www.cert.at/services/blog/20160727173056-1764.html *** Iris ID IrisAccess iCAM4000/iCAM7000 Hardcoded Credentials Remote Shell Access *** --------------------------------------------- The Iris ID IrisAccess iCAM4000/7000 series suffer from a use of hard-coded credentials. When visiting the device interface with a browser on port 80, the application loads an applet JAR file ICAMClient.jar into users browser which serves additional admin features. In the JAR file there is an account rou with password iris4000 that has read and limited write privileges on the affected node. An attacker can access the device using these credentials starting a simple telnet session on port 23 --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5347.php *** Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution *** --------------------------------------------- The Iris ID IrisAccess ICU 7000-2 device suffers from an unauthenticated remote command execution vulnerability. The vulnerability exist due to several POST parameters in the /html/SetSmarcardSettings.php script not being sanitized when using the exec() PHP function while updating the Smart Card Settings on the affected device. Calling the $CommandForExe variable which is set to call the /cgi-bin/setsmartcard CGI binary with the affected parameters as arguments allows the attacker to execute --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5346.php *** Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities *** --------------------------------------------- The application is prone to multiple reflected cross-site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to the HidChannelID and HidVerForPHP POST parameters in the SetSmarcardSettings.php script. Attackers can exploit this issue to execute arbitrary HTML and script code in a users browser session. The application also allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5345.php *** F5 Security Advisory: MySQL vulnerability CVE-2016-2047 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/53/sol53729441.html?… *** Bugtraq: [security bulletin] HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using glibc, Remote Arbitrary Code Execution, Denial of Service (DoS) *** --------------------------------------------- http://www.securityfocus.com/archive/1/539015 *** Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for two vulnerabilities in the Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-208-01 *** Siemens SIMATIC NET PC-Software Denial-of-Service Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a denial-of-service vulnerability in the Siemens SIMATIC NET PC-Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-208-02 *** Siemens SINEMA Remote Connect Server Cross-site Scripting Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a cross-site scripting vulnerability in the Siemens SINEMA Remote Connect Server application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-208-03 *** Rockwell Automation FactoryTalk EnergyMetrix Vulnerabilities *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on June 21, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for authentication vulnerabilities in the Rockwell Automation FactoryTalk EnergyMetrix application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-173-03

1 0

Tageszusammenfassung - Dienstag 26-07-2016
by Daily end-of-shift report 26 Jul '16

26 Jul '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 25-07-2016 18:00 − Dienstag 26-07-2016 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** Devices with Qualcomm modems safe from critical ASN.1 telecom flaw *** --------------------------------------------- Despite initial concerns, smartphones equipped with Qualcomm modems are not vulnerable to a recently announced vulnerability that could potentially allow attackers to take over cellular network gear and consumer mobile .. --------------------------------------------- http://www.cio.com/article/3099688/devices-with-qualcomm-modems-safe-from-c… *** Patchwork cyberespionage group expands targets from governments to wide range of industries *** --------------------------------------------- Symantec finds that Patchwork now targets a variety of industries in the US, China, Japan, South East Asia, and the UK. --------------------------------------------- http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expand… *** Bugtraq: [security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/539001 *** Trump, DNC, RNC Flunk Email Security Test *** --------------------------------------------- Donald J. Trump has repeatedly bashed Sen. Hillary Clinton for handling classified documents on her private email server, even going so far as to suggest that anyone who is so lax with email security isn’t fit to become .. --------------------------------------------- http://krebsonsecurity.com/2016/07/trump-dnc-rnc-flunk-email-security-test/ *** Bugtraq: July 2016 - Bamboo Server - Critical Security Advisory *** --------------------------------------------- http://www.securityfocus.com/archive/1/539003 *** DFN-CERT-2016-1197/">Perl: Zwei Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1197/ *** Mobilfunk: Sicherheitslücke macht auch Smartphones angreifbar *** --------------------------------------------- Große Teile der Mobilfunkinfrastruktur sind laut Sicherheitsforschern über eine Lücke in einer Software-Bibliothek gefährdet. Ein Fix steht zwar bereit, doch Updates wird es für die meisten Geräte wohl nicht geben. --------------------------------------------- http://www.golem.de/news/mobilfunk-sicherheitsluecke-macht-auch-smartphones… *** Amazon Silk browser removes Google’s default encryption *** --------------------------------------------- Google’s good intentions of keeping searches made via its search engine protected through default encryption have been stymied by Amazon. A bug in the Amazon Silk .. --------------------------------------------- https://www.helpnetsecurity.com/2016/07/26/amazon-silk-bug-encryption/ *** 50+ vulnerabilities found in popular home gateway modems/routers *** --------------------------------------------- Researcher Gergely Eberhardt with Hungarian security testing outfit SEARCH Laboratory has unearthed over fifty vulnerabilities in five home gateway modems/routers used by Hungarian Cable TV operator UPC Magyarország, but also by many ISPs around the .. --------------------------------------------- https://www.helpnetsecurity.com/2016/07/26/home-gateway-modems-vulnerabilit… *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a PV guest VM to compromise or crash the host. --------------------------------------------- https://support.citrix.com/article/CTX214954 *** Low-cost wireless keyboards open to keystroke sniffing and injection attacks *** --------------------------------------------- Bastille Networks researcher Marc Newlin has discovered a set of security vulnerabilities in low-cost wireless keyboards that could be exploited to collect all passwords, security questions, sensitive personal, bank account and .. --------------------------------------------- https://www.helpnetsecurity.com/2016/07/26/keystroke-sniffing-wireless-keyb… *** DFN-CERT-2016-1199/">Xen: Zwei Schwachstellen ermöglichen u.a. das Erlangen von Administratorrechten *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1199/ *** Command and Control Channels Using "AAAA" DNS Records, (Tue, Jul 26th) *** --------------------------------------------- Dataexfiltration and command and control channels via DNS are nothing new exactly. In many ways, DNS is an ideal covert channel. Even well-protected systems usually can connect to a recursive name server that will forward queries .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21301 *** DFN-CERT-2016-1200/">Moodle: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1200/

1 0

Tageszusammenfassung - Montag 25-07-2016
by Daily end-of-shift report 25 Jul '16

25 Jul '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 22-07-2016 18:00 − Montag 25-07-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Gratis Entschlüsselungs-Tools nehmen es mit elf Erpressungs-Trojanern auf *** --------------------------------------------- AVG und Trend Micro haben ihre kostenlosen Tools aktualisiert, mit denen Opfer von diversen Verschlüsselungs-Trojanern unter Umständen wieder Zugriff auf ihre Daten bekommen können. --------------------------------------------- http://heise.de/-3277015 *** PowerWare Ransomware Masquerades as Locky to Intimidate Victims *** --------------------------------------------- PowerWare ransomware spoofs Locky malware family in an attempt to scare victims into paying up. --------------------------------------------- http://threatpost.com/ransomware-powerware-masquerades-as-locky-to-intimida… *** Cross-platform malware Adwind infects Mac *** --------------------------------------------- We examine a cross-platform malware with a Mac payload and found the hackers behind it really didnt put that much effort into making it work on the Mac.Categories: Mac Threat analysisTags: Applemacmalwarerat(Read more...) --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2016/07/cross-platform-malwar… *** Kovter becomes almost file-less, creates a new file type, and gets some new certificates *** --------------------------------------------- Trojan:Win32/Kovter is a well-known click-fraud malware which is challenging to detect and remove because of its file-less persistence on infected PCs. In this blog, we will share some technical details about the latest changes we have seen in Kovter's persistence method and some updates on their latest malvertising campaigns. New persistence method Since June 2016,... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/07/22/kovter-becomes-almost-f… *** It Is Our Policy, (Sat, Jul 23rd) *** --------------------------------------------- How many times have you heard someone say out loud our our security policy requires...?Many times we hear and are sometimes even threatened with the security policy. Security policy should set behavioral expectations and be the basis for every technical, administrative and physical control that is implemented. Unfortunately, solid security policies are often elusive for several key reasons. I regularly get the question, How many security policiesshould I have? My response is often found by... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21293&rss *** Nemucod dot dot..WSF *** --------------------------------------------- The latest Nemucod campaign shows the malware distributing a spam email attachment with a .wsf extension, specifically ..wsf (with a double dot) extension. It is a variation of what has been observed since last year (2015) - the TrojanDownloader:JS/Nemucod malware downloader using JScript. It still spreads through spam email attachment, typically inside a .zip file,... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/07/23/nemucod/ *** Europol will Opfern von Internet-Erpressung helfen *** --------------------------------------------- Mit der Website nomoreransom.org will die Europol Opfern von Krypto-Trojanern helfen, wieder Zugang zu ihren Daten zu bekommen. --------------------------------------------- http://futurezone.at/digital-life/europol-will-opfern-von-internet-erpressu… *** Stealing Bitcoin With Math - HOPE XI *** --------------------------------------------- by Filippo Valsorda Published July 23, 2016 in Programming Explaining Bitcoin and attacks old and new. WARNING: contains more than 15 math formulas. --------------------------------------------- https://speakerdeck.com/filosottile/stealing-bitcoin-with-math-hope-xi *** Bypassing UAC on Windows 10 using Disk Cleanup *** --------------------------------------------- Matt Graeber (@mattifestation) and I recently dug into Windows 10, and discovered a rather interesting method of bypassing User Account Control [...]. Currently, there are a couple of public UAC bypass techniques, most of which require a privileged file copy using the IFileOperation COM object or WUSA extraction to take advantage of a DLL hijack. [...] The technique covered in this post differs from the other methods and provides a useful alternative as it does not rely on a privileged file... --------------------------------------------- https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cle… *** Researchers discover 110 snooping Tor nodes *** --------------------------------------------- In a period spanning 72 days, two researchers from Northeastern University have discovered at least 110 "misbehaving" and potentially malicious hidden services directories (HSDirs) on the Tor anonymity network. What's an HSDir? An HSDir is a Tor node that receives descriptors for hidden services - servers configured to receive inbound connections only through Tor, meaning their IP address and network location remains hidden - and, upon request, directs users to... --------------------------------------------- https://www.helpnetsecurity.com/2016/07/25/snooping-tor-nodes/ *** DSA-3625 squid3 - security update *** --------------------------------------------- Several security issues have been discovered in the Squid caching proxy. --------------------------------------------- https://www.debian.org/security/2016/dsa-3625 *** DSA-3626 openssh - security update *** --------------------------------------------- Eddie Harari reported that the OpenSSH SSH daemon allows userenumeration through timing differences when trying to authenticateusers. When sshd tries to authenticate a non-existing user, it will pickup a fixed fake password structure with a hash based on the Blowfishalgorithm. If real users passwords are hashed using SHA256/SHA512, thena remote attacker can take advantage of this flaw by sending largepasswords, receiving shorter response times from the server fornon-existing users. --------------------------------------------- https://www.debian.org/security/2016/dsa-3626 *** DSA-3627 phpmyadmin - security update *** --------------------------------------------- Several vulnerabilities have been fixed in phpMyAdmin, the web-basedMySQL administration interface. --------------------------------------------- https://www.debian.org/security/2016/dsa-3627 *** [2016-07-25] Multiple vulnerabilities in Micro Focus (Novell) Filr appliance *** --------------------------------------------- The Micro Focus (Novell) Filr Appliance contains several vulnerabilities that, when combined, allow an unauthenticated attacker to execute arbitrary system commands as the user "root" or allow an authenticated attacker to hijack user and administrator sessions. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016… *** Filr 2.0 - Security Update 2 *** --------------------------------------------- Abstract: This patch provides a number of Security Updates for Filr, Search and MySQL 2.0.0 appliances including updated Java applets.Document ID: 5250090Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:Filr-2.0.0.465.HP.zip (204.82 MB)preinstall-filr20su2.zip (409 bytes)Search-2.0.0.414.HP.zip (24.96 MB)MySQL-2.0.0.195.HP.zip (24.2 MB)Products:Filr 2Superceded Patches: None --------------------------------------------- https://download.novell.com/Download?buildid=3V-3ArYN85I~ *** Filr 1.2 - Security Update 3 *** --------------------------------------------- Abstract: This patch provides a number of Security Updates for Filr, Search and MySQL 1.2 appliances including updated Java applets.Document ID: 5250470Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:MySQL-1.2.0.416.HP.zip (11 kB)Filr-1.2.0.871.HP.zip (153.52 MB)Search-1.2.0.1008.HP.zip (11.04 kB)Products:Filr 1.2Superceded Patches: None --------------------------------------------- https://download.novell.com/Download?buildid=BOTiHcBFfv0~ *** Bugtraq: CA20160721-01: Security Notice for CA eHealth *** --------------------------------------------- CA20160721-01: Security Notice for CA eHealth --------------------------------------------- http://www.securityfocus.com/archive/1/538982 *** Vuln: Objective Systems ASN1C CVE-2016-5080 Heap Based Buffer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/91836 *** Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products *** --------------------------------------------- A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: A vulnerability in the Linux kernel affects PowerKVM (CVE-2016-3044) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023969 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in ImageMagick affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1023934 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in ntp affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1023885 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in PCRE affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1023886 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in lcms affects PowerKVM (CVE-2013-7455) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023876 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallAnywhere affects IBM Tivoli Storage Manager Administration Center (CVE-2016-4560) *** http://www.ibm.com/support/docview.wss?uid=swg21985483 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallAnywhere affects IBM Tivoli Monitoring for Tivoli Storage Manager Server (CVE-2016-4560) *** http://www.ibm.com/support/docview.wss?uid=swg21984949 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 22-07-2016
by Daily end-of-shift report 22 Jul '16

22 Jul '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 21-07-2016 18:00 − Freitag 22-07-2016 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** 15 Vulnerabilities in SAP HANA Outlined *** --------------------------------------------- SAP recently fixed 15 different vulnerabilities that existed in the database management system HANA and subsequent communication channels. The bugs affect 10,000 users running the software. --------------------------------------------- http://threatpost.com/15-vulnerabilities-in-sap-hana-outlined/119406/ *** IDM 4.5 JDBC Fanout 1.0.1.0 *** --------------------------------------------- https://download.novell.com/Download?buildid=GfcX9EX05Hs~ *** DSA-3624 mysql-5.5 - security update *** --------------------------------------------- Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.50. Please see the MySQL 5.5 Release Notes and OraclesCritical Patch Update advisory for further details: --------------------------------------------- https://www.debian.org/security/2016/dsa-3624 *** CrypMIC ransomware is a CryptXXX copycat, with a few twists *** --------------------------------------------- CryptXXX ransomware has a doppelganger - its called CrypMIC. And the resemblance doesnt appear to be a coincidence. --------------------------------------------- http://www.scmagazine.com/crypmic-ransomware-is-a-cryptxxx-copycat-with-a-f… *** Security Notice - Statement on Heap Overflow Vulnerability in Code Generated by Objective Systems ASN1C *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20160722-01-… *** HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS) *** --------------------------------------------- A potential security vulnerability has been identified with HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons .. --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05204371 *** US-Polizei will Smartphone eines Toten mittels künstlichem Finger entsperren *** --------------------------------------------- Eine US-Polizeibehörde will mittels eines 3D-gedruckten Fingers das Smartphone eines Toten entsperren. Sie erhofft sich, so den Mörder des Smartphone-Besitzers zu fassen. --------------------------------------------- http://heise.de/-3276618 *** Sicherheitsfirma Quadsys hat Konkurrenten gehackt *** --------------------------------------------- Mitglieder des Managements einer britischen Security-Firma sollen die Datenbanken einer konkurrierenden Firma gehackt haben, um an Kundendaten zu gelangen. Das haben die Beschuldigten nun auch zugegeben. --------------------------------------------- http://heise.de/-3276742 *** STARTTLS: Keine Verschlüsselung mit der SPD *** --------------------------------------------- Der Mailanbieter Posteo hat die Möglichkeit eingeführt, E-Mails nur noch zu verschicken, wenn der Zielserver die STARTTLS-Verschlüsselung anbietet. Dabei fielen einige Mailserver auf, die den längst etablierten Verschlüsselungsstandard nicht unterstützen. --------------------------------------------- http://www.golem.de/news/starttls-keine-verschluesselung-mit-der-spd-1607-1… *** Decrypter for Locky-mimicking PowerWare ransomware released *** --------------------------------------------- Palo Alto Networks’ researchers have created a decrypter for the variant of the PoshCoder ransomware that imitates the Locky ransomware. Dubbed PowerWare by the researchers, the malware adds the “.locky” filename .. --------------------------------------------- https://www.helpnetsecurity.com/2016/07/22/powerware-ransomware-decrypter/ *** Promi-Mailaccounts gehackt: Gefängnisstrafe für US-Amerikaner *** --------------------------------------------- Ein junger US-Amerikaner spionierte unter anderem Hollywood-Stars aus, indem er sich per Phishing Zugriff auf über 360 Mailaccounts verschaffte. Dafür wurde er nun verurteilt. --------------------------------------------- http://heise.de/-3276992

1 0

Tageszusammenfassung - Donnerstag 21-07-2016
by Daily end-of-shift report 21 Jul '16

21 Jul '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 20-07-2016 18:00 − Donnerstag 21-07-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco Unified Computing System Performance Manager Input Validation Vulnerability *** --------------------------------------------- A vulnerability in the web framework of Cisco Unified Computing System (UCS) Performance Manager could allow an authenticated, remote attacker to execute arbitrary commands.The vulnerability is due to insufficient input validation performed on parameters .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** SoakSoak Botnets Now Pushing Neutrino Exploit Kit and CryptXXX Ransomware *** --------------------------------------------- Research spot SoakSoak botnets spreading the Neutrino Exploit Kit that in turn infect the unsuspecting with the CryptXXX ransomware. --------------------------------------------- http://threatpost.com/soaksoak-botnets-now-pushing-neutrino-exploit-kit-and… *** Everyones favorite infosec biz - Blue Coat - must cough up $40m to rival in patent rip-off row *** --------------------------------------------- >From SSL cert blowup to busted infringement appeal Blue Coat has lost its appeal challenging a nearly $40m patent infringement lawsuit brought by rival security company .. --------------------------------------------- www.theregister.co.uk/2016/07/20/blue_coat_finjan_lawsuit/ *** Tor Could Protect Your Smart Fridge From Spies and Hackers *** --------------------------------------------- There's a growing fear that the exploding internet of things - from baby cams to pacemakers - could be a goldmine for spies and criminal hackers alike. Tor could help protect them.The post Tor Could Protect Your Smart Fridge From Spies and Hackers appeared first on The Intercept. --------------------------------------------- https://theintercept.com/2016/07/20/tor-could-protect-your-smart-fridge-fro… *** Facebook malware - the missing piece *** --------------------------------------------- Recently we revealed that a threat actors exploited social networks to spread a Trojan that captures a victim's entire browser traffic. Approximately 10,000 Facebook users with Windows PCs were hit by malicious friend notifications. In this article we will explain the security issue and attack. --------------------------------------------- http://securelist.com/blog/research/75476/facebook-malware-the-missing-piec… *** Firefox blockiert bald Flash-Inhalte *** --------------------------------------------- Ab Version 48 folgt ein strengerer Umgang mit der sterbenden Web-Technologie --------------------------------------------- http://derstandard.at/2000041512429 *** Dell SonicWALL GSM comes with hidden default account *** --------------------------------------------- While developing new audit modules for the company's vulnerability scanning technology, Digital Defense researchers found six vulnerabilities in Dell's SonicWALL Global Management System, four of them deemed critical. SonicWALL GMS is a central control, .. --------------------------------------------- https://www.helpnetsecurity.com/2016/07/21/dell-sonicwall-gsm-backdoor/ *** Kritischer Fehler: Wichtiges Update für Mac-Netzwerkkontrolleur Little Snitch *** --------------------------------------------- Ein Bug ermöglicht einem Angreifer, den Netzwerkfilter der Mac-Software zu überlisten – die neu veröffentlichte Version soll das Problem ausräumen. Little Snitch überwacht ausgehende Netzwerkverbindungen in Mac OS X. --------------------------------------------- http://heise.de/-3275508 *** Ciscos Unified Computing System anfällig für Schad-Code *** --------------------------------------------- Im Unified Computing System Performance Manager klafft eine kritische Sicherheitslücke. Admins sollten die verfügbare abgesicherte Version zügig installieren. --------------------------------------------- http://heise.de/-3275609 *** Canadian Man Behind Popular 'Orcus RAT' *** --------------------------------------------- Far too many otherwise intelligent and talented software developers these days apparently think they can get away with writing, selling and supporting malicious software and then couching their commerce .. --------------------------------------------- http://krebsonsecurity.com/2016/07/canadian-man-is-author-of-popular-orcus-…

1 0

Tageszusammenfassung - Mittwoch 20-07-2016
by Daily end-of-shift report 20 Jul '16

20 Jul '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 19-07-2016 18:00 − Mittwoch 20-07-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** DDoS trends: Bigger, badder but not longer *** --------------------------------------------- 10Gbps is the new norm, warns Arbor Networks DDoS attacks once again escalated in both size and frequency during the first six months of 2016. --------------------------------------------- www.theregister.co.uk/2016/07/19/ddos_sitrep/ *** Critical Patch Update - July 2016 *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html *** Solaris Third Party Bulletin - July 2016 *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.h… *** Oracle Linux Bulletin - July 2016 *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090… *** Oracle VM Server for x86 Bulletin - July 2016 *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-309054… *** ASN.1 Anyone? CVE-2016-5080, (Tue, Jul 19th) *** --------------------------------------------- *Queue Back to the Future Music* Over more than a decade ago there was a major discovery in ASN.1 that contributed to arguably one of the worst vulnerabilities in a long time. Fast forward *Queue awful fast forward tape music* to .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21277 *** WordPress admin? Thinking of spending time with the family? Think again *** --------------------------------------------- P0wnage party pops plugins, providing plenty of party-pooping projects The Dutch hacking communitys Summer of Pwnage (SoP) has disclosed three vulnerabilities in WordPress plugins, including an XSS in the popular Ninja Forms. --------------------------------------------- www.theregister.co.uk/2016/07/20/wordpress_admin_thinking_of_spending_time_… *** Flaws found in security products from AVG, Symantec and McAfee *** --------------------------------------------- Patch frenzy imminent, say researchers, thanks to bad use of code hooking Hundreds of security products may not be up the job, researchers say, thanks to flawed uses of code hooking.… --------------------------------------------- www.theregister.co.uk/2016/07/20/hooks_cooked_hackers_crack_tonnes_of_secur… *** Ruining the Magic of Magentos Encryption Library *** --------------------------------------------- Lets look at how Magento implements cryptography, with a series of exhibits followed by an explanation of whats happening and why its dangerous: ... If you looked at the code, I promise this is every bit as bad as it looks at a glance. --------------------------------------------- http://www.openwall.com/lists/oss-security/2016/07/19/3 *** Hackers Allegedly Steal 1.4M Passwords From Mac Forums, Web Hosting Talk *** --------------------------------------------- A hacker or hackers has allegedly stolen more than 1.4 million passwords, email addresses, and other data from the databases of popular forums including Web Hosting Talk, and Mac Forums and HotScripts. --------------------------------------------- https://motherboard.vice.com/read/hackers-allegedly-steal-14m-passwords-fro… *** DNSSEC-Schlüsseltausch 2017 – die Vorbereitungen laufen *** --------------------------------------------- Wer am 11. Oktober 2017 meint, dass sein Internet kaputt ist, der sollte bei seinem Provider nachfragen, ob das mit dem DNSSEC-Schlüsseltausch zu tun hat. Bis dahin ist es zwar noch ein wenig hin, doch die Vorbereitungen laufen auf Hochtouren. --------------------------------------------- http://heise.de/-3273136 *** ICS Security Training In London *** --------------------------------------------- SANS ICS London takes place on September 19-25th, at the Grand Connaught Rooms. - Attend the one-day European ICS Security Summit on Monday 19th September. - Take ICS515: ICS Active Defence and Incident Response - a 5-day course, .. --------------------------------------------- https://www.sans.org/event/ics-london-2016 *** Vtiger CRM does not properly restrict access to application data *** --------------------------------------------- http://jvn.jp/en/jp/JVN01956993/ *** WordPress plugin "Nofollow Links" vulnerable to cross-site scripting *** --------------------------------------------- http://jvn.jp/en/jp/JVN13582657/ *** Petya Ransomware Analysis Part I *** --------------------------------------------- Introduction What makes Petya a special ransomware is that it doesn’t aim to encrypt each file individually, but aims for low-level disk encryption. In this series, we’ll be looking .. --------------------------------------------- http://resources.infosecinstitute.com/petya-ransomware-analysis-part-i/ *** Rekord-Quartals-Update: Oracle fixt 276 Sicherheitslücken in seinen Produkten *** --------------------------------------------- Die meisten Schwachstellen klaffen in Fusion Middleware und der Sun System Products Suite. Aber auch Java SE ist verwundbar und bekommt Sicherheits-Updates spendiert. --------------------------------------------- http://heise.de/-3273522 *** Unechte Bank Austria-Mails und Phishing-Apps im Umlauf *** --------------------------------------------- Mit unechten Bank Austria-Nachrichten oder der Phishing-App „Bank Austria SmsSecurity“ versuchen Kriminelle, an Zugangsdaten von Kunden des Unternehmens zu gelangen. Damit verfolgen sie das Ziel, auf fremde Kosten Transaktionen durchzuführen und sich zu bereichern. --------------------------------------------- https://www.watchlist-internet.at/phishing/unechte-bank-austria-mails-und-p…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily