- Daily - CERT.at

Tageszusammenfassung - Montag 28-12-2015
by Daily end-of-shift report 28 Dec '15

28 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 23-12-2015 18:00 − Montag 28-12-2015 18:00 Handler: L. Aaron Kaplan Co-Handler: Stephan Richter *** Malware-Driven Card Breach at Hyatt Hotels *** --------------------------------------------- Hyatt Hotels Corporation said today it recently discovered malicious software designed to steal credit card data on computers that operate the payment processing systems for Hyatt-managed locations. --------------------------------------------- http://krebsonsecurity.com/2015/12/malware-driven-card-breach-at-hyatt-hote… *** Using WPScan: Finding WordPress Vulnerabilities *** --------------------------------------------- When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. The database at wpvulndb.com is used to check for vulnerable software and the WPScan team maintains the ever-growing list ofRead More The post Using WPScan: Finding WordPress Vulnerabilities appeared first on Sucuri Blog. --------------------------------------------- https://blog.sucuri.net/2015/12/using-wpscan-finding-wordpress-vulnerabilit… *** NSA und GCHQ nutzen seit Jahren Hintertüren in Juniper-Firewalls *** --------------------------------------------- Geheimes Dokument aus 2011 zeigt Zusammenarbeit der zwei Geheimdienste --------------------------------------------- http://derstandard.at/2000028055853 *** Victims of the Gomasom Ransomware can now decrypt their files for free *** --------------------------------------------- Fabian Wosar, security researcher at Emsisoft, created a tool for decrypting files locked by the Gomasom Ransomware. Ransomware are the most threatening cyber threats for end-users, but today I have a good news for victims of the Gomasom ransomware, victims can rescue their locked files. The news was spread by the security researcher Fabian Wosar that developed a... --------------------------------------------- http://securityaffairs.co/wordpress/43074/malware/decrypt-gomasom-ransomwar… *** Hacker zeigen massive Lücken bei Bankomatkarten *** --------------------------------------------- Vor Publikum PIN ausgelesen, Prepaid-Karte aufgeladen und Zahlungen umgeleitet --------------------------------------------- http://derstandard.at/2000028162750 *** 32C3: Hardware-Trojaner als unterschätzte Gefahr *** --------------------------------------------- Fest in IT-Geräte und Chips eingebaute Hintertüren stellten eine "ernste Bedrohung" dar, warnten Sicherheitsexperten auf der Hackerkonferenz. Sie seien zwar nur mit großem Einwand einzubauen, aber auch schwer zu finden. --------------------------------------------- http://heise.de/-3056452 *** 32C3: Dieselgate und die omninöse Akustik-Funktion *** --------------------------------------------- Kann die Manipulation der Abgaswerte bei Volkswagen wirklich das Werk einzelner Ingenieure sein? Auf dem CCC-Congress erteilten ein Insider und ein Hacker dieser Legende eine Absage. --------------------------------------------- http://heise.de/-3056438 *** 32C3: Automatische Zugsicherung und vernetzte Bahntechnik im Hackervisier *** --------------------------------------------- Eine Hackergruppe, die sich auf Industrieanlagen konzentriert, hat diverse Angriffsflächen rund um vernetzte Systeme zur Zugkontrolle ausgemacht. Veraltete Software sowie unsichere Passwörter seien dort "überall" zu finden. --------------------------------------------- http://heise.de/-3056484 *** DSA-3430 libxml2 - security update *** --------------------------------------------- Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an application using libxml2, would cause that application to use anexcessive amount of CPU, leak potentially sensitive information, orcrash the application. --------------------------------------------- https://www.debian.org/security/2015/dsa-3430 *** GIT git-remote-ext Helper URL Processing Lets Remote Users Execute Arbitrary Commands on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1034501 *** F5 Security Advisory: Apache vulnerability CVE-2010-0434 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/40/sol40284849.html?… *** EMC Secure Remote Services Virtual Edition Directory Traversal Flaw Lets Remote Authenticated Users View Files on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1034530 *** Cisco Jabber for Windows STARTTLS Downgrade Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Vuln: Dnsmasq CVE-2015-3294 Remote Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/74452 *** IDM 4.5 - 4.0.2 Midrange Driver Patch 4.0.2 *** --------------------------------------------- Abstract: Identity Manager Midrange: IBM i (i5/OS and OS/400) driver patch for the Identity Manager versions 4.0.2 or higher. Driver version will show i5os Driver Version 4.0.2 IDM 4.0.2 Build Date 20151207_1437IDM 4.5.x Build Date 201512071006 To see the version run I5OSDRV/I5OSDRV OPTION(*VERSION)Document ID: 5230811Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm45-402midrangepatch2.tar.gz (96.31 MB)Products:Identity Manager 4.0.2Identity Manager... --------------------------------------------- https://download.novell.com/Download?buildid=HsE3grsz-TU~ *** DFN-CERT-2015-1999: libvirt: Eine Schwachstelle ermöglicht die Manipulation von Dateien *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1999/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Websphere Liberty Profile (WLP) affect Power Management Console (CVE-2015-2017, CVE-2015-1927, CVE-2015-4938) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021040 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2015-7410) *** http://www.ibm.com/support/docview.wss?uid=swg21972676 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Linux-PAM affects PowerKVM (CVE-2015-3238) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022880 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in pam affect Power Management Console (CVE-2015-3238) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021041 --------------------------------------------- *** IBM Security Bulletin: A denial of service vulnerability affects IBM Sterling B2B Integrator (CVE-2014-0050) *** http://www.ibm.com/support/docview.wss?uid=swg21972944 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK including Logjam affect IBM PureApplication System. (CVE-2015-4000, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, and CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21973591 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931 and CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21973439 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM Integration Designer and WebSphere Integration Developer (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21972087 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-4962, CVE-2015-4946) *** http://www.ibm.com/support/docview.wss?uid=swg21973404 --------------------------------------------- *** IBM Security Bulletin: Malformed ECParameters causes infinite loop (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023038 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities affect AppScan Enterprise *** http://www.ibm.com/support/docview.wss?uid=swg21972830 --------------------------------------------- *** IBM Security Bulletin: Clickjack vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-1928) *** http://www.ibm.com/support/docview.wss?uid=swg21973200 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Content Manager Enterprise Edition (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21973416 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM Tivoli Storage Manager Client and IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, *** http://www.ibm.com/support/docview.wss?uid=swg21973383 --------------------------------------------- *** IBM Security Bulletin: Privilege escalation coverage gap in IBM SPSS Statistics (CVE-2015-7489) *** http://www.ibm.com/support/docview.wss?uid=swg21973502 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023034 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005474 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i. *** http://www.ibm.com/support/docview.wss?uid=nas8N1021047 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Monitoring clients (CVE-2015-2590 plus additional CVEs.) *** http://www.ibm.com/support/docview.wss?uid=swg21964027 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 23-12-2015
by Daily end-of-shift report 23 Dec '15

23 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 22-12-2015 18:00 − Mittwoch 23-12-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** 2015 Ransomware Wrap-Up *** --------------------------------------------- Heres a rundown of the innovative ransomware that frightened users and earned attackers big bucks this year. --------------------------------------------- http://www.darkreading.com/endpoint/2015-ransomware-wrap-up/d/d-id/1323424 *** 3-in-1 Malware Infection through Spammed JavaScript Attachments *** --------------------------------------------- Recently weve observed a massive uptick of malicious spam with JavaScript attachments with an intention to spread and infect Windows systems with variety of malicious executables. The spam usually contains a ZIP file attachment containing only one JavaScript file. The .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/3-in-1-Malware-Infectio… *** IT bloke: Crooks stole my bikes after cycling app blabbed my address *** --------------------------------------------- Brit suffers from GPS accuracy An IT manager in Manchester, England, says thieves stole his bikes after a smartphone cycling app pinpointed the location of his garage .. --------------------------------------------- www.theregister.co.uk/2015/12/22/it_manager_loses_bikes_after_cycling_app_p… *** Xen Project blunder blows own embargo with premature bug report *** --------------------------------------------- Malicious guest could eat your virtual rigs from the inside The Xen Project has reported a new bug, XSA-169, that means 'A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack.' .. --------------------------------------------- www.theregister.co.uk/2015/12/23/xen_blunder_blows_own_embargo_with_prematu… *** Expect Phishers to Up Their Game in 2016 *** --------------------------------------------- Expect phishers and other password thieves to up their game in 2016: Both Google and Yahoo! are taking steps to kill off the password as we know it.New authentication methods now offered by Yahoo! and to a beta group of Google users let customers log in just by supplying their email address, and then responding to a notification sent to their mobile device. --------------------------------------------- http://krebsonsecurity.com/2015/12/expect-phishers-to-up-their-game-in-2016 *** Why it's harder to forge a SHA-1 certificate than it is to find a SHA-1 collision *** --------------------------------------------- It's well known that SHA-1 is no longer considered a secure cryptographic hash function. Researchers now believe that finding a hash collision (two values that result in the same value when SHA-1 is applied) is inevitable and likely to happen in a matter of months. This poses a potential threat to trust on the web, as many websites use certificates that are digitally signed with algorithms that rely on SHA-1. Luckily for everyone, finding a hash collision is not enough to forge a digital --------------------------------------------- https://blog.cloudflare.com/why-its-harder-to-forge-a-sha-1-certificate-tha… *** Cyberangriffe auf türkische Internetserver *** --------------------------------------------- Unklare Hintergründe - Steckt Russland dahinter? Oder Anonymous? --------------------------------------------- http://derstandard.at/2000028013290 *** Hacker: Filmstars mit Problemen im Netz *** --------------------------------------------- Brandneue Spielfilme wie der jüngste Western von Quentin Tarantino sind im Internet aufgetaucht. Eine Reihe weiterer Stars hat ganz andere Probleme: Ein Hacker ist an Sexvideos und persönliche Daten von ihnen gelangt - er wurde allerdings nun verhaftet. --------------------------------------------- http://www.golem.de/news/hacker-filmstars-mit-problemen-im-netz-1512-118179… *** How a security director used a rootkit to rig the lottery and steal millions of dollars *** --------------------------------------------- Not too long ago, Eddie Tipton was convicted of hacking into the Multi-State Lottery Association's computer system in order to rig a nearly $17 million jackpot in Iowa. Now comes word that an investigation into Tipton's hacking activities is expanding to include a number of other states. Thus far, lottery officials from Colorado, Wisconsin and Oklahoma have indicated that Tipton may have also gamed lottery jackpots in their respective states. --------------------------------------------- https://bgr.com/2015/12/23/lottery-hacker-rootkit-stolen-numbers-investigat… *** Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for NTP daemon vulnerabilities in the Siemens RUGGEDCOM ROX-based devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01 Aufgrund der Weihnachtsfeiertage erscheint der nächste End-of-Shift Report erst am 28.12.2015.

1 0

Tageszusammenfassung - Dienstag 22-12-2015
by Daily end-of-shift report 22 Dec '15

22 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 21-12-2015 18:00 − Dienstag 22-12-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** IBM Security Bulletin: Blind SQL injection vulnerability in IBM OpenPages GRC Platform API (CVE-2015-5049) *** --------------------------------------------- A blind SQL injection vulnerability has been found in the OpenPages GRC Platform API that could allow retrival or manipulation of information in the database. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970590 *** Cisco IOS XE Software Packet Processing Denial of Service Vulnerability *** --------------------------------------------- The vulnerability is due to incorrect processing of packets that have a source MAC address of 0000:0000:0000. An attacker could exploit this vulnerability by sending a frame that has a source MAC address of all zeros to an affected device. A successful exploit could allow the attacker to cause the device to reload. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** [20151207] - Core - SQL Injection *** --------------------------------------------- Inadequate filtering of request data leads to a SQL Injection vulnerability. --------------------------------------------- https://developer.joomla.org/security-centre/640-20151207-core-sql-injectio… *** [20151206] - Core - Session Hardening *** --------------------------------------------- The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). This fixes the bug across all supported PHP versions. --------------------------------------------- https://developer.joomla.org/security-centre/639-20151206-core-session-hard… *** First Exploit Attempts For Juniper Backdoor Against Honeypot *** --------------------------------------------- We are detecting numerous login attempts against our ssh honeypots using the ScreenOSbackdoor password. Our honeypot doesnt emulate ScreenOS beyond the login banner, so we do not know what the attackers are up to, but some of the attacks appear to be manual in that we do see the attacker trying different .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20525 *** Protecting Your Sites from Apache.Commons Vulnerabilities *** --------------------------------------------- A few weeks ago, FoxGlove Security released this important blog post that includes several Proof-of-Concepts for exploiting Java unserialize vulnerabilities. A remote attacker can gain Remote Code Execution by sending specially crafted payload to any endpoint expecting a serialized .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Protecting-Your-Sites-f… *** Oracle muss Java-Updates nachbessern *** --------------------------------------------- Alte Java-Versionen müssen restlos von Computern verschwinden. Dafür muss Oracle sorgen. --------------------------------------------- http://heise.de/-3052761 *** Shopshifting: Sicherheitsforscher decken Lücken im elektronischen Zahlungsverkehr auf *** --------------------------------------------- Bezahl-Terminals sprechen übers Netz mit ihrer Kasse und dem Bezahldienstleister. Beide Kommunikationskanäle weisen Schwächen auf, die ein Angreifer nutzen kann, um Kunden oder Ladeninhaber auszuplündern. --------------------------------------------- http://heise.de/-3052165 *** rt-sa-2015-013 *** --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2015-013.txt *** Juniper backdoors *** --------------------------------------------- Juniper hat in einem Advisory (hier unsere unsere Warnung dazu) der Welt gesagt, dass sie bei einem Code-Audit zwei Hintertüren in ScreenOS gefunden haben.Die eine ist eine technisch ziemlich triviale Sache: ein konstantes Passwort erlaubt den Login per ssh oder telnet. Angeblich hat es nur 6 Stunden gebraucht, um dieses .. --------------------------------------------- http://www.cert.at/services/blog/20151222153859-1646.html *** IBM Security Bulletin: Multiple XSS Vulnerabilities in IBM UrbanCode Deploy (CVE-2015-7415) *** --------------------------------------------- IBM UrbanCode Deploy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker .. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970811 *** Bericht: Hacker haben Teile des US-Stromnetzes infiltriert *** --------------------------------------------- In rund zwölf Fällen sollen Cyberangriffe auf Kontrollzentren von Energieversorgern in den USA während der vergangenen zehn Jahre erfolgreich gewesen sein. Der Hack des Anbieters Calpine ging wohl vom Iran aus. --------------------------------------------- http://heise.de/-3054887 *** Call for Papers: VB2016 Prague *** --------------------------------------------- VB seeks submissions for the 26th Virus Bulletin Conference.Virus Bulletin is seeking submissions from those wishing to present papers at VB2016, which will take place 5 to 7 October 2016 at the Hyatt Regency Denver Hotel in Denver, Colorado, USA.Originally started as an annual gathering of anti-virus experts, the .. --------------------------------------------- http://www.virusbtn.com/blog/2015/12_22.xml

1 0

Tageszusammenfassung - Montag 21-12-2015
by Daily end-of-shift report 21 Dec '15

21 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 18-12-2015 18:00 − Montag 21-12-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Update für Crimeware Kit Microsoft Word Intruder *** --------------------------------------------- Über Sicherheitslücken in Microsoft Word kann ein Dateianhang schon beim Öffnen Windows-Systeme infizieren. Der Autor des im Untergrund beliebten Crimeware Kits MWI legt jetzt mit neuen Exploits nach. --------------------------------------------- http://heise.de/-3049547 *** VMSA-2015-0009 *** --------------------------------------------- VMware product updates address a critical deserialization vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2015-0009.html *** VMSA-2015-0003.15 *** --------------------------------------------- VMware product updates address critical information disclosure issue in JRE --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2015-0003.html *** Avira Registry Cleaner DLL Hijacking *** --------------------------------------------- avira_registry_cleaner_en.exe, available from <https://www.avira.com/en/download/product/avira-registry-cleaner> to clean up remnants the uninstallers of their snakeoil products fail to remove, is vulnerable: it loads and executes WTSAPI32.dll, UXTheme.dll and RichEd20.dll from its application directory (tested and verified under Windows XP SP3 and Windows 7 SP1). --------------------------------------------- https://cxsecurity.com/issue/WLB-2015120223 *** PUPs Masquerade as Installer for Antivirus and Anti-Adware *** --------------------------------------------- If youre looking for download sites of programs you wish to install onto your machine or simply try out, you, dear Reader, would be better off dropping by their official websites. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/12/pups-masquerade-as-in… *** Joomla 0-Day Exploited In the Wild (CVE-2015-8562) *** --------------------------------------------- A recent new 0-day in Joomla discovered by Sucuri (Sucuri Blog) has drawn a lot of attention from the Joomla community, as well as attackers. Using knowledge gained from our recent research on Joomla (CVE-2015-7857, SpiderLabs Blog Post) and information .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-0-Day-Exploited-… *** Google Chrome: Abschied von SHA-1-siginierten SSL-Zertifikaten *** --------------------------------------------- Ab Anfang nächsten Jahres wird Google Chrome keine neu ausgestellten SHA-1-signierten SSL-Zertifikate von öffentlichen CAs mehr akzeptieren. SHA-1 gilt seit zehn Jahren als unsicher, wird aber immer noch von HTTPS-Sites verwendet. --------------------------------------------- http://heise.de/-3049749 *** The EPS Awakens - Part 2 *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-t… *** Facebook hammers another nail into Flashs coffin *** --------------------------------------------- The Social NetworkTM bins Adobes malware-magnet for video, adopts HTML5 Facebook has hammered puts another nail in to the coffin of Adobe Flash, by switching from the bug-ridden plug-in to HTML5 for all videos on the site. --------------------------------------------- www.theregister.co.uk/2015/12/21/facebook_dumps_flash_for_video/ *** Hello Kitty: Kinderdaten ungeschützt im Netz *** --------------------------------------------- Eine MongoDB-Datenbank mit den privaten Informationen zahlreicher Hello-Kitty-Fans wurde veröffentlicht. Vor allem Kinder dürften davon betroffen sein - und sollten ihre Passwörter bei anderen Diensten überprüfen. --------------------------------------------- http://www.golem.de/news/security-hello-kitty-gehackt-1512-118123.html *** XXX is Angler EK *** --------------------------------------------- http://malware.dontneedcoffee.com/2015/12/xxx-is-angler-ek.html *** Schnüffelcode in Juniper-Netzgeräten: Weitere Erkenntnisse und Spekulationen *** --------------------------------------------- Die Analysen der ScreenOS-Updates fördern vogelwilde Dinge zu Tage. So gab es zwei unabhängige Hintertüren. Die SSH-Backdoor kann dank des veröffentlichten Passworts jeder ausnutzen; die komplexere VPN-Lücke beruht wohl auf einer bekannten NSA-Backdoor. --------------------------------------------- http://heise.de/-3051260 *** The many attacks on Zengge WiFi lightbulbs *** --------------------------------------------- In August I decided to check out the cool new Internet Of Things. I bought a WiFi-enabled colorful LED lightbulb. It was a cheap Chinese one that costs almost nothing on Alibaba, but I paid probably around $50 on Amazon. It's built by a company called Zengge. It turned out that my new lightbulb was a router, an HTTP server, an HTTP proxy, and a lot more. --------------------------------------------- http://blog.viktorstanchev.com/2015/12/20/the-many-attacks-on-zengge-wifi-l…

1 0

Tageszusammenfassung - Freitag 18-12-2015
by Daily end-of-shift report 18 Dec '15

18 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 17-12-2015 18:00 − Freitag 18-12-2015 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** JSA10713 - 2015-12 Out of Cycle Security Bulletin: ScreenOS: Multiple Security issues with ScreenOS (CVE-2015-7755) *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10713 *** JSA10712 - 2015-12 Out of Cycle Security Bulletin: ScreenOS: Crafted SSH negotiation may trigger system crash (CVE-2015-7754) *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10712 *** Cisco Model DPQ3925 Wireless Residential Gateway Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Schneider Electric Modicon M340 Buffer Overflow Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a buffer overflow vulnerability in Schneider Electric's Modicon M340 PLC product line. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01 *** Motorola MOSCAD SCADA IP Gateway Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for Remote File Inclusion and Cross-Site Request Forgery vulnerabilities in Motorola Solutions MOSCAD IP Gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-02 *** eWON Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for several vulnerabilities in the eWON sa industrial router. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03 *** Microsoft will stop trusting certificates from 20 Certificate Authorities *** --------------------------------------------- Starting on January 2016, Microsofts Trusted Root Certificate Program will no longer include twenty currently trusted CAs and will remove their root certificates removed from the Trusted .. --------------------------------------------- http://www.net-security.org/secworld.php?id=19252 *** Docker and Enterprise Security: Establishing Best Practices *** --------------------------------------------- Virtualization containers, with their extraordinarily efficient hardware utilization, can be like a dream come true for development teams. While containerization will probably .. --------------------------------------------- http://resources.infosecinstitute.com/docker-and-enterprise-security-establ… *** IBM Security Bulletins *** --------------------------------------------- *** Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2015-1947) *** http://www.ibm.com/support/docview.wss?uid=swg21967131 --------------------------------------------- *** IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050 and 5710 are affected by multiple vulnerabilities in OpenSSL *** http://www.ibm.com/support/docview.wss?uid=swg21971298 --------------------------------------------- *** Multiple vulnerabilities in current releases of IBM SDK for Node.js in IBM Bluemix *** http://www.ibm.com/support/docview.wss?uid=swg21973447 --------------------------------------------- *** Multiple Security Vulnerabilities affect IBM Security Privileged Identity Manager Virtual Appliance *** http://www.ibm.com/support/docview.wss?uid=swg21972496 --------------------------------------------- *** Multiple vulnerabilities in IBM Java SDK affect Rational Functional Tester (CVE-2015-4872, CVE-2015-4734, CVE-2015-5006) *** http://www.ibm.com/support/docview.wss?uid=swg21972844 --------------------------------------------- *** A vulnerability in lighttpd affects IBM Security Virtual Server Protection for VMware (CVE-2015-3200) *** http://www.ibm.com/support/docview.wss?uid=swg21973291 --------------------------------------------- *** IBM Multiple vulnerabilities in IBM Java SDK affect IBM API Management *** http://www.ibm.com/support/docview.wss?uid=swg21972828 --------------------------------------------- *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer that could, in certain configurations, allow a malicious administrator of a guest VM to compromise the host or obtain potentially sensitive information from other guest VMs. In addition, a vulnerability has been identified that would allow certain applications running on a guest to cause that guest to crash. --------------------------------------------- https://support.citrix.com/article/CTX203879 *** Vuln: Microsoft Windows Environment Variable Expansion in PATH Security Bypass Weakness *** --------------------------------------------- http://www.securityfocus.com/bid/44484 *** Cisco IOS and IOS XE Software IKEv1 State Machine Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** SSA-472334 (Last Update 2015-12-18): NTP Vulnerabilities in RUGGEDCOM ROX-based Devices *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-472334… *** SSA-396873 (Last Update 2015-12-18): TLS Vulnerability in Ruggedcom ROS- and ROX-based Devices *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-396873… *** iOS banking apps security still not good enough, says researcher *** --------------------------------------------- Repeat test throws up improved results from 2013 but problems remain The security of mobile banking apps has improved over the .. --------------------------------------------- www.theregister.co.uk/2015/12/18/ios_banking_app_audit/

1 0

Tageszusammenfassung - Donnerstag 17-12-2015
by Daily end-of-shift report 17 Dec '15

17 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-12-2015 18:00 − Donnerstag 17-12-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Press Backspace 28 times to own unlucky Grub-by Linux boxes *** --------------------------------------------- Integer underflow fault means you can get into rescue mode and rummage around A pair of researchers from the University of Valencias Cybersecurity research group have found that if you press backspace 28 times, its possible to bypass authentication during boot-up on some Linux machines. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/12/17/press_backs… *** Checklist - How to Secure Your WordPress Website *** --------------------------------------------- We know that you care about what you build and protecting it is incredibly important. Hacks happen, and it's your job to reduce their likelihood to the lowest probability possible. We built this checklist of best practices to help you harden your website and protect you and your users from hacks. --------------------------------------------- https://www.wordfence.com/learn/checklist-how-to-secure-your-wordpress-webs… *** Privileged Access Workstations *** --------------------------------------------- Privileged Access Workstations (PAWs) provide a dedicated operating system for sensitive tasks that is protected from Internet attacks and threat vectors. Separating these sensitive tasks and accounts from the daily use workstations and devices provides very strong protection from phishing attacks, application and OS vulnerabilities, various impersonation attacks, and credential theft attacks such as keystroke logging, Pass-the-Hash, and Pass-The-Ticket. --------------------------------------------- https://technet.microsoft.com/en-US/library/mt634654.aspx *** F-Secure: Sandboxed Execution Environment *** --------------------------------------------- Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors (Qemu, VirtualBox, LXC) can be employed to run the Test Environments. Plugins can be added to a Test Environment which provides an Event mechanism synchronisation for their interaction. Users can enable and configure the plugins through a JSON configuration file. --------------------------------------------- https://github.com/F-Secure/see *** How do you know if your smartphone has been compromised? *** --------------------------------------------- Signs that may indicate a mobile infection: Has your phone been compromised? #1: You notice the system or apps behaving strangely #2: Your call or message history includes some unknown entries ... --------------------------------------------- http://www.welivesecurity.com/2015/12/16/know-smartphone-compromised/ *** XSS, SQLi bugs found in several Network Management Systems *** --------------------------------------------- Network Management System (NMS) offerings by Spiceworks, Ipswitch, Opsview and Castle Rock Computing have been found sporting several cross-site scripting and SQL injection flaws that could be exploit... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/hQ6oQHF5luA/secworld.php *** POS Malware Families: An insight into the Behavior of POS Malware *** --------------------------------------------- In a previous blog, we discussed why Point of Sale (POS) devices remain such an attractive target and described some different attack methods. As you can see from the infographic below, retail and POS have been (pardon the pun) "Targets" on an ongoing basis for the past few years, and the trend doesn't appear to be reversing, even with technologies such as EMV and P2PE. In this blog, we describe some of the different families of POS malware. POS Malware Common Features... --------------------------------------------- https://feeds.feedblitz.com/~/128665939/0/alienvault-blogs~POS-Malware-Fami… *** Xen Security Advisories *** --------------------------------------------- XSA-155 - paravirtualized drivers incautious about shared memory contents http://xenbits.xen.org/xsa/advisory-155.html --------------------------------------------- XSA-157 - Linux pciback missing sanity checks leading to crash http://xenbits.xen.org/xsa/advisory-157.html --------------------------------------------- XSA-164 - qemu-dm buffer overrun in MSI-X handling http://xenbits.xen.org/xsa/advisory-164.html --------------------------------------------- XSA-165 - information leak in legacy x86 FPU/XMM initialization http://xenbits.xen.org/xsa/advisory-165.html --------------------------------------------- XSA-166 - ioreq handling possibly susceptible to multiple read issue http://xenbits.xen.org/xsa/advisory-166.html --------------------------------------------- *** DFN-CERT-2015-1948: Samba: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1948/ *** Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security Advisory: BIND vulnerability CVE-2015-8000 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/34/sol34250741.html?… *** Multiple SQL Injection Vulnerabilities in Citrix Command Center Web User Interface Java Servlets *** --------------------------------------------- A number of SQL Injection vulnerabilities have been identified in the Administration Web UI servlets used by Citrix Command Center. These vulnerabilities, if exploited, could allow an authenticated user to insert malicious SQL queries into the application, potentially causing the alteration or deletion of system data. --------------------------------------------- http://support.citrix.com/article/CTX203787 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM API Management (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21965259 --------------------------------------------- *** IBM Security Bulletin: Fix available for Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2015-7447) *** http://www.ibm.com/support/docview.wss?uid=swg21973152 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Content Manager Services for Lotus Quickr (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21973096 --------------------------------------------- *** IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by privilege escalation vulnerability (CVE-2015-7429) *** http://www.ibm.com/support/docview.wss?uid=swg21973087 --------------------------------------------- *** IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by unauthorized access vulnerability (CVE-2015-7420) *** http://www.ibm.com/support/docview.wss?uid=swg21973086 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) - IBM Java SDK updates October 2015 *** http://www.ibm.com/support/docview.wss?uid=swg21973355 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (IHS) affect IBM Security SiteProtector System (CVE-2015-1283, CVE-2015-3183 and CVE-2015-4947) *** http://www.ibm.com/support/docview.wss?uid=swg21972470 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Content Collector for SAP Applications (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21973147 --------------------------------------------- *** IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Cinder information disclosure vulneraility (CVE-2015-1851) *** http://www.ibm.com/support/docview.wss?uid=nas8N1020980 --------------------------------------------- *** IBM Security Bulletin: Infosphere BigInsights is affected by a vulnerability in DB2 that allows users to truncate any table even though the owner of the table has not granted any privilege to any user/role/group (CVE-2015-5020) *** http://www.ibm.com/support/docview.wss?uid=swg21967923 --------------------------------------------- *** IBM Security Bulletin: Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21970400 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Commons affects OpenPages GRC Platform with Application Server (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972345 --------------------------------------------- *** IBM Security Bulletin: IBM Curam Social Program Management is Vulnerable to Reflected Cross-Site Scripting (CVE-2015-7402) *** http://www.ibm.com/support/docview.wss?uid=swg21970661 --------------------------------------------- *** ZDI-15-641: Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/LfsseiLCccs/ *** ZDI-15-643: Foxit Reader Will Print Action Use-After-Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/28dKwkM6_5M/ *** ZDI-15-642: Foxit Reader Will Save Document Action Use-After-Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/uY-c98zZjQI/ *** ZDI-15-644: Foxit Reader FlateDecode Heap Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/s3waojIPu0E/

1 0

Tageszusammenfassung - Mittwoch 16-12-2015
by Daily end-of-shift report 16 Dec '15

16 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 15-12-2015 18:00 − Mittwoch 16-12-2015 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** IBM Security Bulletin *** --------------------------------------------- *** Multiple vulnerabilities in IBM Java SDK affect IBM Rational Connector for SAP Solution Manager *** http://www.ibm.com/support/docview.wss?uid=swg21967447 --------------------------------------------- *** IBM Security Bulletin: Security Vulnerability in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Configuration Manager *** http://www.ibm.com/support/docview.wss?uid=swg21972884 --------------------------------------------- *** IBM Security Bulletin: Openstack Cinder and Horizon vulnerabilities affect IBM Cloud Manager with OpenStack *** http://www.ibm.com/support/docview.wss?uid=isg3T1023146 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to path traversal attack. *** http://www.ibm.com/support/docview.wss?uid=swg21967647 --------------------------------------------- *** IBM Security Bulletin: A security vulnerability exist in the IBM SDK, Java Technology Edition provided with WebSphere DataPower XC10 Appliance *** http://www.ibm.com/support/docview.wss?uid=swg21972660 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Stored cross-site scripting. *** http://www.ibm.com/support/docview.wss?uid=swg21973175 --------------------------------------------- *** FireEye Exploitation: Project Zero's Vulnerability of the Beast *** --------------------------------------------- FireEye sell security appliances to enterprise and government customers. FireEye's flagship products are monitoring devices designed to be installed at egress points of large networks, i.e. where traffic flows from the intranet to the internet.To give a .. --------------------------------------------- http://googleprojectzero.blogspot.com/2015/12/fireeye-exploitation-project-… *** Security Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos *** --------------------------------------------- And now for something completely different.">Python">Subtitle: Captain Obvious Applies Chaos Theory Introduction This diary breaks a bit from our expected norms todiscussmanaging possible outcomes originating froma data breach .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20495 *** Security Advisory: Multiple MySQL vulnerabilities *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59010802.html?… *** VB2015 video: Making a dent in Russian mobile banking phishing *** --------------------------------------------- Sebastian Porst explains what Google has done to protect users from phishing apps targeting Russian banks.In the last few years, mobile malware has evolved from a mostly theoretical threat to a very serious one that affects many users. Indeed, several talks at VB2015 dealt with various aspects of mobile .. --------------------------------------------- http://www.virusbtn.com/blog/2015/12_16.xml *** Adcon Telemetry A840 Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for vulnerabilities in Adcon Telemetry's A840 Telemetry Gateway Base Station. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-349-01 *** Advantech EKI Vulnerabilities (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-15-344-01 Advantech EKI Vulnerabilities that was published December 10, 2015, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01 *** Sicherheitspaket UTM von Sophos löchrig *** --------------------------------------------- Das Unified-Threat-Management-Paket von Sophos ist bedroht und einem Sicherheitsforscher zufolge können Angreifer etwa die Firewall deaktivieren. Die Lücken sollen bereits gefixt sein; Patches sind aber noch nicht verfügbar. --------------------------------------------- http://heise.de/-3044717 *** DFN-CERT-2015-1937/">ISC BIND9: Zwei Schwachstellen ermöglichen einen Denial-of-Service-Angriff *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1937/ *** Driving an industry towards secure code *** --------------------------------------------- The German government made an unprecedented move this week by issuing requirements for all new vehicles' software to be made accessible to country regulators to ensure that emissions loopholes aren't ... --------------------------------------------- http://www.net-security.org/article.php?id=2431 *** Playing With Sandboxes Like a Boss *** --------------------------------------------- Last week, Guy wrote a nice diary to explain how to easily deploy IRMA to analyze suspicious files. Having a good tool to work on files locally is always interesting for multiple reasons. You are doing some independent research, you .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20501 *** Attacking WPA2 Enterprise *** --------------------------------------------- The widespread use of mobile and portable devices in the enterprise environment requires a proper implementation of the wireless network infrastructure to provide them connectivity and ensure the business functionality. WPA-Enterprise is .. --------------------------------------------- http://resources.infosecinstitute.com/attacking-wpa2-enterprise/ *** Open Source Network Security Tools for Newbies *** --------------------------------------------- With so many open source tools available to help with network security, it can be tricky to figure out where to start, especially if you are an IT generalist who has been tasked with security. We all have to start somewhere. The question is, where? The sheer number of open source tools available can make .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/open-source-network-se… *** [HTB23282]: RCE in Zen Cart via Arbitrary File Inclusion *** --------------------------------------------- High-Tech Bridge Security Research Lab discovered critical vulnerability in a popular e-commerce software Zen Cart, which can be exploited by remote non-authenticated attackers to compromise vulnerable system. A remote .. --------------------------------------------- https://www.htbridge.com/advisory/HTB23282 *** Crimeware / APT Malware Masquerade as Santa Claus and Christmas Apps *** --------------------------------------------- CloudSek was monitoring an underground hacking team, that was selling a Desktop malware in various underground forums. The desktop malware is specifically designed for jumping air-gapped systems , and given the type of documents the attackers are seeking , it was collecting classified data from software companies and government organisations. --------------------------------------------- https://www.cloudsek.com/announcements/blog/apt-malware-masquerade-as-chris…

1 0

Tageszusammenfassung - Dienstag 15-12-2015
by Daily end-of-shift report 15 Dec '15

15 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 14-12-2015 18:00 − Dienstag 15-12-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** 13 million MacKeeper users exposed after MongoDB door was left open *** --------------------------------------------- Expect more breaches in the future as 35,000 MongoDB installs are misconfigured. --------------------------------------------- http://arstechnica.com/security/2015/12/13-million-mackeeper-users-exposed-… *** Hack: Esa-Nutzer haben kurze Passwörter *** --------------------------------------------- Zahlreiche interne Datensätze der Europäischen Raumfahrtagentur Esa sind gehackt worden und jetzt im Internet einsehbar. Offenbar benutzen viele der Esa-Nutzer kurze und unsichere Passwörter. --------------------------------------------- http://www.golem.de/news/rocket-science-esa-nutzer-haben-kurze-passwoerter-… *** Vulnerability Details: Joomla! Remote Code Execution *** --------------------------------------------- The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected pretty much all versions of the platform up to 3.4.5. As soon as the patch was released, we were able to start our investigation and found that it was alreadyRead More The post Vulnerability Details: Joomla! Remote Code Execution appeared first on Sucuri Blog. --------------------------------------------- https://blog.sucuri.net/2015/12/joomla-remote-code-execution-the-details.ht… *** 4 Things to Consider When Assessing Device Posture for Effective Network Access Control *** --------------------------------------------- Guest blogger Benny Czarny explains one of the main reasons to have a NAC system in place is to keep risky devices from connecting to your organization's network. Unfortunately, simply purchasing a NAC solution is not going to guarantee your protection.Categories: Online SecurityTags: Anti-Malwareanti-virusencryptionendpointvulnerability(Read more...) --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/12/4-things-to-consider-… *** Protecting Windows Networks - Kerberos Attacks *** --------------------------------------------- MEDIA NOTE: This is not a new flaw, just a good write-up! I don't know why media reporting this as a new flaw. | Kerberos is an authentication protocol that is used by default in Windows networks and provide mutual authentication and authorization for clients and servers. It does not require you to send a password or a hash on the wire, it is instead rely on a trusted third party for handling all the details. | Although, it is considered a secure protocol, it has some flaws in Windows... --------------------------------------------- http://dfir-blog.com/2015/12/13/protecting-windows-networks-kerberos-attack… *** Kaspersky Security Bulletin 2015. Overall statistics for 2015 *** --------------------------------------------- In 2015, virus writers demonstrated a particular interest in exploits for Adobe Flash Player. The proportion of relatively simple programs used in mass attacks was growing. Attackers have mastered non-Windows platforms - Android and Linux: almost all types of malicious programs are created and used for these platforms. --------------------------------------------- http://securelist.com/analysis/kaspersky-security-bulletin/73038/kaspersky-… *** Oil and Gas Cyber Security - Interview *** --------------------------------------------- In the recent presentation at BlackHat, you mentioned that oil and gas is one of the industries most plagued by cyber-attacks. What makes oil and gas an attractive target? It's a juicy target for Cyberattacks as oil and gas companies are responsible for a great part of some countries' economies. Any interference in their work... --------------------------------------------- http://resources.infosecinstitute.com/oil-and-gas-cyber-security-interview/ *** Android.ZBot banking Trojan uses "web injections" to steal confidential data *** --------------------------------------------- December 15, 2015 The Trojans designed to steal money from bank accounts pose a serious threat to Android users. The Android.ZBot Trojan is one of these malicious programs. Its different modifications target mobile devices of Russian users from February 2015. This Trojan is interesting due to its ability to steal logins, passwords, and other confidential data by displaying fraudulent authentication forms on top of any applications. The appearance of such forms is generated on --------------------------------------------- http://news.drweb.com/show/?i=9754&lng=en&c=9 *** Security Afterworks: Wie man TLS-Hipster wird & Best of CCC *** --------------------------------------------- January 21, 2016 - 5:00 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien --------------------------------------------- https://www.sba-research.org/events/security-afterworks-wie-man-tls-hipster… *** ZDI-15-639: (0Day) Microsoft Office Excel Binary Worksheet Use-After-Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-639/ *** ZDI-15-638: (0Day) Apache TomEE Deserialization of Untrusted Data Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache TomEE. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-638/ *** Security Advisory: RSA-CRT key leak vulnerability CVE-2015-5738 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/91/sol91245485.html?… *** Cisco Unified Communications Manager Web Management Interface Cross-Site Scripting Filter Bypass Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IOS XE Software IPv6 Neighbor Discovery Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security Notice - Statement on NTP.org and CERT/CC Revealing Security Vulnerabilities in NTPd *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** TYPO3 CMS 6.2.16 and 7.6.1 released *** --------------------------------------------- The TYPO3 Community announces the versions 6.2.16 LTS and 7.6.1 LTS of the TYPO3 Enterprise Content Management System. Both versions are maintenance releases and contain bug and security fixes. In case the extension mediace is used, please make sure to upgrade to version 7.6.1. --------------------------------------------- http://www.typo3.org/news/article/typo3-cms-6216-and-761-released/ --------------------------------------------- *** Cross-Site Scripting in TYPO3 component Indexed Search *** http://www.typo3.org/news/article/cross-site-scripting-in-typo3-component-i… --------------------------------------------- *** TYPO3 is susceptible to Cross-Site Flashing *** http://www.typo3.org/news/article/typo3-is-susceptible-to-cross-site-flashi… --------------------------------------------- *** Multiple Cross-Site Scripting vulnerabilities in frontend *** http://www.typo3.org/news/article/multiple-cross-site-scripting-vulnerabili… --------------------------------------------- *** Cross-Site Scripting vulnerability in typolinks *** http://www.typo3.org/news/article/cross-site-scripting-vulnerability-in-typ… --------------------------------------------- *** Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend *** http://www.typo3.org/news/article/multiple-cross-site-scripting-vulnerabili… --------------------------------------------- *** Cross-Site Scripting in TYPO3 component Extension Manager *** http://www.typo3.org/news/article/cross-site-scripting-in-typo3-component-e… ---------------------------------------------

1 0

Tageszusammenfassung - Montag 14-12-2015
by Daily end-of-shift report 14 Dec '15

14 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 11-12-2015 18:00 − Montag 14-12-2015 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** IBM Security Bulletin *** --------------------------------------------- *** Vulnerability in Apache Commons affects WebSphere Message Broker and IBM Integration Bus (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972391 --------------------------------------------- ***Vulnerability in Apache Commons affects Tivoli Network Manager Transmission Edition (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971891 --------------------------------------------- ***Vulnerability in Apache Commons affects Rational Developer for System z (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971643 --------------------------------------------- ***Vulnerability in the IBM Installation Manager script (CVE-2015-7442) *** http://www.ibm.com/support/docview.wss?uid=swg21971295 --------------------------------------------- ***Vulnerability in Apache Commons affects Rational Software Architect, Rational Software Architect for WebSphere Software and Rational Software Architect RealTime (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972753 --------------------------------------------- ***Vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) *** http://www.ibm.com/support/docview.wss?uid=swg21972951 --------------------------------------------- ***A security vulnerability has been identified in IBM Maximo Asset Management which could allow an attacker to obtain sensitive information via REST API (CVE-2015-7452) *** http://www.ibm.com/support/docview.wss?uid=swg21972463 --------------------------------------------- ***IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2015-7451) *** http://www.ibm.com/support/docview.wss?uid=swg21972423 --------------------------------------------- ***IBM Security Network Intrusion Prevention System is affected by krb5 vulnerabilities (CVE-2014-4341, CVE-2013-1418 ) *** http://www.ibm.com/support/docview.wss?uid=swg21970321 --------------------------------------------- ***A vulnerability in OpenSSH affects IBM Security Network Intrusion Prevention System (CVE-2015-5600) *** http://www.ibm.com/support/docview.wss?uid=swg21969673 --------------------------------------------- ***A vulnerability in net-snmp affects IBM Security Network Intrusion Prevention System (CVE-2014-3565) *** http://www.ibm.com/support/docview.wss?uid=swg21972208 --------------------------------------------- ***Vulnerabilities in curl affect IBM Security Network Intrusion Prevention System *** http://www.ibm.com/support/docview.wss?uid=swg21968978 --------------------------------------------- ***A security vulnerability has been identified in IBM Rational ClearQuest (CVE-2015-4996) *** http://www.ibm.com/support/docview.wss?uid=swg21972331 --------------------------------------------- ***Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Provisioning Manager (CVE-2015-2601, CVE-2015-1931, CVE-2015-2625) *** http://www.ibm.com/support/docview.wss?uid=swg21972941 --------------------------------------------- ***Vulnerabilities in OpenSSL affect IBM Cognos Planning(CVE-2015-1789, CVE-2015-1790, CVE-2015-1792) *** http://www.ibm.com/support/docview.wss?uid=swg21971729 --------------------------------------------- *** Website Malware - Evolution of Pseudo Darkleech *** --------------------------------------------- Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and coordinates, iframes with No-IP host names, and random dimensions where the .. --------------------------------------------- https://blog.sucuri.net/2015/12/evolution-of-pseudo-darkleech.html *** iTunes 12.3.2 *** --------------------------------------------- https://support.apple.com/kb/HT205636 *** Security Advisory: Apache Groovy vulnerability CVE-2015-3253 *** --------------------------------------------- The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. (CVE-2015-3253) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/49/sol49233165.html *** Security Update 2015-006 Yosemite *** --------------------------------------------- https://support.apple.com/kb/HT205653 *** OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks *** --------------------------------------------- https://support.apple.com/kb/HT205637 *** OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks *** --------------------------------------------- https://support.apple.com/kb/HT205375 *** What Signs Are You Missing? *** --------------------------------------------- While recently listening to a presentation, I found my attention drawn to a metal water container at the center of the conference room table. Condensation was all around it and without ever having to interact with the container, I found .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20481 *** Google Bans Symantec Root Certificates *** --------------------------------------------- An anonymous reader writes: After in September Google discovered SSL certificates issued in its name by Symantec, and after in October the company discovered over 2,500 .. --------------------------------------------- http://tech.slashdot.org/story/15/12/12/2255212/google-bans-symantec-root-c… *** DSA-3416 libphp-phpmailer - security update *** --------------------------------------------- Takeshi Terada discovered a vulnerability in PHPMailer, a PHP library foremail transfer, used by many CMSs. The library accepted email addressesand SMTP commands containing line breaks, which can be abused by anattacker to inject messages. --------------------------------------------- https://www.debian.org/security/2015/dsa-3416 *** Memory-resident modular malware menaces moneymen *** --------------------------------------------- Latentbot avoids your HDD - and its been off the radar for two years A stealthy strain of malware resident only in memory has been quietly pwning victims around the world for two years. --------------------------------------------- www.theregister.co.uk/2015/12/14/latentbot_memory_resident_malware/ *** Lenovo/CSR: Bluetooth-Treiber installiert Root-Zertifikat *** --------------------------------------------- Ein Bluetooth-Treiber für Chips der Firma CSR installiert zwei Root-Zertifikate, mit denen der Besitzer des privaten Schlüssels HTTPS-Verbindungen angreifen könnte. Offenbar handelt es sich um Testzertifikate zur Treibersignierung während der Entwicklung. --------------------------------------------- http://www.golem.de/news/lenovo-csr-bluetooth-treiber-installiert-root-zert… *** Inside the German cybercriminal underground *** --------------------------------------------- Trend Micro investigated on German crime forums and concluded that Germany possesses the most advanced cybercrime ecosystem in the European Union. We have reported several times the news related to various criminal cybercriminal .. --------------------------------------------- http://securityaffairs.co/wordpress/42802/cyber-crime/german-cybercriminal-… *** [20151214] - Core - Remote Code Execution Vulnerability *** --------------------------------------------- Browser information are not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability. --------------------------------------------- https://developer.joomla.org/security-centre/630-20151214-core-remote-code-… *** [20151214] - Core - CSRF Hardening *** --------------------------------------------- Add additional CSRF hardening in com_templates. --------------------------------------------- https://developer.joomla.org/security-centre/633-20151214-core-csrf-hardeni… *** [20151214] - Core - Directory Traversal *** --------------------------------------------- Fails to properly sanitise input data from the XML install file located within the package archive. --------------------------------------------- https://developer.joomla.org/security-centre/634-20151214-core-directory-tr… *** Bugtraq: ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS *** --------------------------------------------- http://www.securityfocus.com/archive/1/537111 *** Bugtraq: [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/537109 *** Sicherheitsforscher: Datenleck bei Mackeeper erlaubt freien Zugriff auf Nutzerdaten *** --------------------------------------------- Die Datenbank der umstrittetenen Mac-Software Mackeeper sei frei zugänglich, erklärt ein Sicherheitsforscher. Er habe 13 Millionen Datensätze mit Nutzerinformationen ungehindert heruntergeladen. --------------------------------------------- http://heise.de/-3043720

1 0

Tageszusammenfassung - Freitag 11-12-2015
by Daily end-of-shift report 11 Dec '15

11 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 10-12-2015 18:00 − Freitag 11-12-2015 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** NIST will Feedback zur Absicherung von kritischer Infrastruktur *** --------------------------------------------- Die US-Standardisierungsbehörde möchte ihr Richtlinienpapier zur IT-Sicherheit von Kraftwerken und Industrieanlagen verbessern und bittet um Mithilfe. Allerdings ist das NIST bei Sicherheitsexperten momentan nicht gerade unumstritten. --------------------------------------------- http://heise.de/-3042666 *** New Spy Banker Trojan Telax abusing Google Cloud Servers *** --------------------------------------------- Introduction Zscaler ThreatLabZ has been closely monitoring a new Spy Banker Trojan campaign that has been targeting Portuguese-speaking users in Brazil. The malware authors are leveraging Google Cloud Servers to host the initial Spy Banker Downloader Trojan, which is responsible for downloading and installing Spy Banker Trojan Telax. --------------------------------------------- http://research.zscaler.com/2015/12/new-spy-banker-trojan-telax-abusing.html *** Open Automation Software OPC Systems NET DLL Hijacking Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a DLL Hijacking vulnerability in Open Automation Software's OPC Systems.NET application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-344-02 *** XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-15-342-01 XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability that was published December 8, 2015, on the NCCIC/ICS-CERT web site. This advisory provides mitigations details for a cross-site scripting vulnerability in XZERES's 442SR turbine generator operating system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01 *** Everything old is new again - Blackhole exploit kit since November 2015, (Fri, Dec 11th) *** --------------------------------------------- Last month, the Malwarebytes blog posted an article about Blackhole exploit kit (EK) resurfacing in active drive-by campaigns from compromised websites. At the time, I hadnt noticed this trend, because the Windows hosts I was using to generate EK traffic were a bit too up-to-date. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20477&rss *** New SWITCH Security Report available - Invitation to take part in a Reader Survey *** --------------------------------------------- A new issue of our monthly SWITCH Security Report has just been released. --------------------------------------------- http://securityblog.switch.ch/2015/12/09/new-switch-security-report-availab… *** Zend Framework vulnerable to SQL injection *** --------------------------------------------- Zend Framework contains an SQL injection vulnerability (CWE-89) due to the argument of the ORDER BY clause. An attacker who can access the product may execute SQL commands. --------------------------------------------- http://jvn.jp/en/jp/JVN71730320/ *** Totgesagte leben länger: Facebook und Cloudflare setzen weiter auf SHA-1 *** --------------------------------------------- Mit SHA-1 signierte SSL/TLS-Zertifikate gelten schon lange als unsicher und es gibt seit einiger Zeit erste praktische Angriffe. Trotzdem wollen wichtige Dienstanbieter wie Facebook und Cloudflare auf unbestimmte Zeit an SHA-1 festhalten. --------------------------------------------- http://heise.de/-3041665 *** Advantech EKI Vulnerabilities *** --------------------------------------------- This advisory provides information regarding several vulnerabilities in Advantech's EKI devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01 *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager XSS Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Small Business RV Series and SA500 Series Dual WAN VPN Router Generated Key Pair Information Disclosure Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Emergency Responder Web Framework Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images - OpenSSL vulnerabilities (CVE-2015-1791, CVE-2015-1792, CVE-2015-1788, CVE-2015-1789,CVE-2015-1790) *** http://www.ibm.com/support/docview.wss?uid=swg21971248 --------------------------------------------- *** Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2014-0919) *** http://www.ibm.com/support/docview.wss?uid=swg21970398 --------------------------------------------- *** Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21972650 --------------------------------------------- *** Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21963120 --------------------------------------------- *** Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21971177 --------------------------------------------- *** Multiple vulnerabilities in OpenSSH, GNU C Library (glibc), and OpenSSL, including Logjam, affect Integrated Management Module II (IMM2) *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099032 --------------------------------------------- *** Vulnerabilities in openssh affect Power Hardware Management Console (CVE-2015-5600) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021006 --------------------------------------------- *** A vulnerability in Libxml affects IBM Security Network Protection (CVE-2015-1819) *** http://www.ibm.com/support/docview.wss?uid=swg21969664 --------------------------------------------- *** A vulnerability in GNU glibc affects IBM Security Network Protection (CVE-2014-8121) *** http://www.ibm.com/support/docview.wss?uid=swg21967169 --------------------------------------------- *** Multiple vulnerability fixes for Rational Lifecycle Integration Adapter for HP ALM (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21972785 --------------------------------------------- *** Multiple vulnerabilities in IBM Java SDK affect the IBM Installation Manager and IBM Packaging Utility (CVE-2015-2625 and CVE-2015-1931 ) *** http://www.ibm.com/support/docview.wss?uid=swg21972707 --------------------------------------------- *** Vulnerability in spice affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5261, CVE-2015-5260) *** http://www.ibm.com/support/docview.wss?uid=swg2C1000009 --------------------------------------------- *** Vulnerability in IBM Java Runtime affects IBM Content Classification CVE-2015-4844 *** http://www.ibm.com/support/docview.wss?uid=swg21971760 --------------------------------------------- *** Vulnerability in Apache Commons affects Rational Developer for i, Rational Developer for AIX and Linux and Rational Developer for Power Systems Software (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971814 --------------------------------------------- *** ´Vulnerability in Apache Commons affects IBM Rational Application Developer for WebSphere Software (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972565 --------------------------------------------- *** Multiple vulnerability in Product IBM Tivoli Common Reporting (CVE-2015-7436,CVE-2015-7435,CVE-2012-6153,CVE-2014-3577,CVE-2015-7450,CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21972799 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM Web Interface for Content Management (WEBi) (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972903 --------------------------------------------- *** Vulnerability in Apache Commons affects FileNet Collaboration Services/IBM FileNet Services for Lotus Quickr (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972902 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM Integration Designer (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971371 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 10-12-2015
by Daily end-of-shift report 10 Dec '15

10 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 09-12-2015 18:00 − Donnerstag 10-12-2015 18:00 Handler: Taranis Admin Co-Handler: n/a *** Server Security: OSSEC Updated With GeoIP Support *** --------------------------------------------- We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Host-Based Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates .. --------------------------------------------- https://blog.sucuri.net/2015/12/ossec-with-geoip.html *** Cisco Unity Connection Cross-Site Request Forgery Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco TelePresence Video Communication Server Expressway Web Framework Code Unauthorized Access Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cybercrime News Results In Cybercrime Blues *** --------------------------------------------- FireEye Labs recently spotted a 2011 article on cybercrime from the news site theguardian[.]com that redirects users to the Angler Exploit Kit. Successful exploitation by Angler resulted in a malware infection for readers of the article. A spokesperson for the guardian[.]com responded that they "are aware of FireEye's claims and are working to rectify the issue in question as soon as possible." --------------------------------------------- https://www.fireeye.com/blog/threat-research/2015/12/cybercrime-news.html *** Inside Chimera Ransomware - the first 'doxingware' in wild *** --------------------------------------------- Ransomware have proven to be a good source of money for cybercriminals. The Chimera ransomware comes with several ideas that are novel and may slowly become a new trend. --------------------------------------------- https://blog.malwarebytes.org/intelligence/2015/12/inside-chimera-ransomwar… *** PuTTY ECH Integer Overflow Lets Remote Users Execute Arbitrary Code on the Target Users System *** --------------------------------------------- http://www.securitytracker.com/id/1034308 *** MS15-DEC - Microsoft Security Bulletin Summary for December 2015 - Version: 1.1 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS15-DEC *** American hacker duo throws pwns on IoT BBQs, grills open admin *** --------------------------------------------- Half-baked code a feast for attackers because Thing-builders are hopeless Kiwicon American hardware hackers have ruined Christmas cooks ups across Australia, revealing gaping .. --------------------------------------------- www.theregister.co.uk/2015/12/10/american_hacker_duo_throws_pwns_on_iot_bbq… *** Valve Software: 77.000 Nutzerkonten pro Monat auf Steam ausgeplündert *** --------------------------------------------- Um Nutzer vor dem Diebstahl virtueller Güter auf Steam zu schützen, führt Valve neue Regeln für den Verkauf ein. Das scheint nötig: Seitdem der Handel etwa mit Gegenständen aus Dota 2 möglich ist, sind immer mehr Nutzer ins Visier von Hackern geraten. --------------------------------------------- http://www.golem.de/news/valve-software-77-000-nutzerkonten-pro-monat-auf-s… *** Kaspersky Security Bulletin 2015. Evolution of cyber threats in the corporate sector *** --------------------------------------------- The data collected from Kaspersky Lab products shows that the tools used to attack businesses differ from those used against home users. Let's have a look back at the major incidents of 2015 and at the new trends we have observed in information security within the business environment. --------------------------------------------- http://securelist.com/analysis/kaspersky-security-bulletin/72969/kaspersky-… *** Finale Version vom Passwortmanager KeePassX 2.0 erschienen *** --------------------------------------------- KeePassX ist nach rund dreieinhalb Jahren Entwicklungszeit in der finalen Version 2.0 angekommen. --------------------------------------------- http://heise.de/-3038771 *** HTTPS: Cloudflare und Facebook wollen SHA1 weiternutzen *** --------------------------------------------- Eigentlich sollen mit SHA1 signierte TLS-Zertifikate bald der Vergangenheit angehören. Doch in Entwicklungsländern sind noch viele Geräte in Benutzung, die den besseren SHA256-Algorithmus nicht unterstützen. Facebook und Cloudflare wollen daher alten Browsern ein anderes Zertifikat ausliefern. --------------------------------------------- http://www.golem.de/news/https-cloudflare-und-facebook-wollen-sha1-weiternu… *** Cisco untersucht eigenes Portfolio auf gefährliche Java-Lücke *** --------------------------------------------- Die weit verbreitete Java-Bibliothek Apache Common Collections ist verwundbar. Cisco untersucht nun, ob die Lücken in seinen Anwendungen und Geräten klafft. Außerdem wurden weitere potentiell angreifbare Java-Bibliotheken entdeckt. --------------------------------------------- http://heise.de/-3039533 *** [2015-12-10] Skybox Platform Multiple Vulnerabilities *** --------------------------------------------- The Skybox platform contains multiple security vulnerabilities which can be exploited by an attacker to execute arbitrary code and to read arbitrary files from the file system. Moreover a SQL injection and various Cross-Site scripting vulnerabilities have been identified. Attackers can exploit these issues to completely compromise affected Skybox appliances. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2015… *** WordPress hosting biz confesses to breach, urgently contacts 30,000 users *** --------------------------------------------- We're 'proactively taking security measures' - WP Engine WordPress hosting outfit WP Engine has confessed to a security breach, prompting it to reset 30,000 customers passwords. --------------------------------------------- www.theregister.co.uk/2015/12/10/wordpress_hosting_biz_confesses_to_hack/

1 0

Tageszusammenfassung - Mittwoch 9-12-2015
by Daily end-of-shift report 09 Dec '15

09 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 07-12-2015 18:00 − Mittwoch 09-12-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Email Tracking for Dummies *** --------------------------------------------- Recently, I was involved in an incident handling mission to find how some confidential emails were being tracked. Let's imagine a first scenario: Alice sends a mail to Bob. Bob reads Alice's email and Alice gets notified. Nothing special, this is a standard feature offered by most commercial messaging .. --------------------------------------------- https://blog.rootshell.be/2015/12/07/email-tracking-for-dummies/ *** Another Brick in the FrameworkPoS *** --------------------------------------------- FrameworkPoS is a well-documented family of malware that targets Point of Sale (PoS) systems and has been attributed to at least one high profile retail breach. The malware author(s) have continued to improve upon the original malware, releasing .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Another-Brick-in-the-Fr… *** EU verschärft Regeln zur Cybersicherheit *** --------------------------------------------- Internetkonzerne müssen schwere Hackerangriffe künftig den Behörden melden - derstandard.at/2000027140552/EU-verschaerft-Regeln-zur-Cybersicherheit --------------------------------------------- http://derstandard.at/2000027140552 *** Bitcoin Extortionist Copycats on the Rise, Experts Say *** --------------------------------------------- Experts believe that the success tied to a recent spate of DDoS for hire groups may be because many are copycat collectives operating with a shorter lifespan. --------------------------------------------- http://threatpost.com/bitcoin-extortionist-copycats-on-the-rise-experts-say… *** Citrix NetScaler Service Delivery Appliance Multiple Security Updates *** --------------------------------------------- http://support.citrix.com/article/CTX202482 *** Day 2: UK research network Janet still being slapped by DDoS attack *** --------------------------------------------- DNS services appear to be targeted, switching may work Members of UKs academic community from freshers to senior academics are facing more connection issues today as a persistent and continuous DDoS attack against the academic computer network Janet continues to stretch resources. --------------------------------------------- www.theregister.co.uk/2015/12/08/uk_research_network_janet_ddos/ *** The German Underground: Buying and Selling Goods via Droppers *** --------------------------------------------- We have frequently talked about how the Deep Web is used as a venue for the illegal trade in weapons and drugs. This part of the cybercrime underground includes a German-speaking community. Our new research examines these sites in some detail. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/the-german-under… *** Authentifikation von McAfees Enterprise Security Manager löchrig *** --------------------------------------------- Angreifer können sich mit einem speziellen Nutzernamen und einem beliebigen Passwort beim Enterprise Security Manager von McAfee anmelden. Gefixte Versionen stehen bereit. --------------------------------------------- http://heise.de/-3036068 *** Security Updates Available for Adobe Flash Player (APSB15-32) *** --------------------------------------------- A security bulletin (APSB15-32) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1302 *** MS15-DEC - Microsoft Security Bulletin Summary for December 2015 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS15-DEC *** Apple Patches Everything, (Tue, Dec 8th) *** --------------------------------------------- And to not be outdone by Microsoft and Adobe, Apple just released patches for: iOS 9.2 A total of 50 vulnerabilities (CVE IDs) are addressed. About 10 of them affect WebKit and may lead to arbitrary code execution by visiting a malicious .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20465 *** Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** ZDI-15-624: Wireshark PCAPNG if_filter Arbitrary Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-624/ *** Adobe, Microsoft Each Plug 70+ Security Holes *** --------------------------------------------- Adobe and Microsoft today independently issued software updates to plug critical security holes in their software. Adobe released a patch that fixes a whopping 78 security vulnerabilities in its Flash Player software. Microsoft pushed a dozen patch bundles to address at least 71 flaws in various versions of the Windows operating system and associated software. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/RuUekEfVS0g/ *** XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability *** --------------------------------------------- This advisory provides mitigations details for a cross-site scripting vulnerability in XZERES's 442SR turbine generator operating system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01 *** LOYTEC Router Information Exposure Vulnerability *** --------------------------------------------- This advisory provides mitigations details for a password file vulnerability in LOYTEC's LIP-3ECTB routers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-342-02 *** Pacom 1000 CCU GMS System Cryptographic Implementation Vulnerabilities *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on December 3, 2015, and is being released to the ICS-CERT web site. This advisory provides mitigation details for crypto implementation flaws in the Pacom GMS system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-337-03 *** Rockwell Automation Micrologix 1100 and 1400 PLC Systems Vulnerabilities (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-15-300-03 Rockwell Automation MicroLogix 1100 and 1400 PLC Systems Vulnerabilities that was published October 27, 2015, on the NCCIC/ICS-CERT web site. This advisory provides mitigation details for vulnerabilities in the Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 programmable logic controller (PLC) systems. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03A *** Analyzing Bartalex - A Prolific Malware Distributor *** --------------------------------------------- Bartalex is a name that continues to appear in a cyberthief�s arsenal as one of the most popular mechanisms for distributing banking Trojans, ransomware, RATs, and other malware. The SANS ISC recently published a very interesting technical analysis of Bartalex. With this post, we hope to add a little more color and supplement what you already know about this prolific malware distributor. --------------------------------------------- https://blog.phishlabs.com/bartalex *** Blog of News Site 'The Independent' Hacked, Leads to TeslaCrypt Ransomware *** --------------------------------------------- The blog page of one of the leading media sites in the United Kingdom, 'The Independent' has been compromised, which may put its millions of readers at risk of getting infected with ransomware. We have already informed The Independent about this security incident and are working with them to contain the .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/blog-of-news-sit… *** Enforcing USB Storage Policy with PowerShell, (Wed, Dec 9th) *** --------------------------------------------- In a previous diary, I presented the CIRCLean (USB sanitizer) developed by the Luxembourg CERT (circl.lu). This tool is very useful to sanitize suspicious USBsticks but it lacks of control and enforcement. Nevertheless, .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20469 *** Epic failure of Phone House & Dutch telecom providers to protect personal data: How I could access 12+ million records #phonehousegate *** --------------------------------------------- On September 11, 2015 I visited Media Markt in Utrecht Hoog Catherijne, a well-known electronics shop in The Netherlands. Since summer 2014, the biggest independent Dutch phone retail company Phone House also operates (white labeled) from within Media Markt locations as a store-in-a-store .. --------------------------------------------- http://sijmen.ruwhof.net/weblog/608-personal-data-of-dutch-telecom-provider… *** Verschlüsselungstrojaner: Neue TeslaCrypt-Version grassiert *** --------------------------------------------- Ransomware ist der absolute Renner in der Crimeware-Szene. Seit einigen Tagen gibt es vermehrt Hinweise auf Infektionen durch eine neue Version des Verschlüsselungstrojaners TeslaCrypt, der Dateien verschlüsselt und mit der Endung .vvv versieht. --------------------------------------------- http://heise.de/-3037099 *** Audit und Web-Client: Kritik an SSL/TLS-Zertifizierungsstelle Lets Encrypt *** --------------------------------------------- Die Tätigkeit von Let's Encrypt als Zertifizierungsstelle wurde noch nicht der vorgeschriebenen Sicherheitsprüfung unterzogen. Trotzdem stellt die CA schon Zertifikate aus. --------------------------------------------- http://heise.de/-3031849 *** POS Security: What You Need To Know *** --------------------------------------------- October 1, 2015 marked the deadline set by credit card issuers to shift liability for fraudulent activity from card issuers or payment processors to the party that is the least Europay-Mastercard-Visa (EMV) compliant during a fraudulent .. --------------------------------------------- https://www.alienvault.com/open-threat-exchange/blog/pos-security-what-you-… *** Cisco Prime Collaboration Assurance Default Account Credential Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…

1 0

Tageszusammenfassung - Montag 7-12-2015
by Daily end-of-shift report 07 Dec '15

07 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 04-12-2015 18:00 − Montag 07-12-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** OpenSSL-Sicherheits-Update und Abschied von Altlasten *** --------------------------------------------- Im Rahmen eines Sicherheits-Updates verkündet das OpenSSL-Team, dass die Versionen 0.9.8 und 1.0.0 keine weiteren Updates mehr erhalten werden. Deren Nutzer sollten dringend auf neuere Versionen umsteigen. --------------------------------------------- http://heise.de/-3032678 *** Bundestags-Hacker greifen weitere Nato-Staaten an *** --------------------------------------------- Die professionellen Cyberattacken wurden mit hohem personellen und finanziellen Aufwand durchgeführt --------------------------------------------- http://derstandard.at/2000026983302 *** Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Botconf 2015 Wrap-Up Day #3 *** --------------------------------------------- And here is my wrap-up for the third day of the conference. Again a bunch of interesting talks. The first to join the floor was Yonathan Klijnsma who presented a nice history of the famous ransomware: Cryptowall. This ransomware has already .. --------------------------------------------- https://blog.rootshell.be/2015/12/04/botconf-2015-wrap-up-day-3/ *** Between a Rock and a Hard Link *** --------------------------------------------- In a previous blog post I described some of the changes that Microsoft has made to the handling of symbolic links from a sandboxed process. This has an impact on the exploitation of privileged file .. --------------------------------------------- http://googleprojectzero.blogspot.com/2015/12/between-rock-and-hard-link.ht… *** Microsoft assists law enforcement to help disrupt Dorkbot botnets *** --------------------------------------------- Law enforcement agencies from around the globe, aided by Microsoft security researchers, have today announced the disruption of one of the most widely distributed malware families - Win32/Dorkbot. This malware family has infected more than .. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/12/03/microsoft-assists-law-en… *** Variety Jones, Alleged Silk Road Mentor, Arrested in Thailand *** --------------------------------------------- Variety Jones, the alleged mentor and adviser to the Silk Roads creator, has finally been arrested in Thailand. --------------------------------------------- http://www.wired.com/2015/12/variety-jones-alleged-silk-road-mentor-arreste… *** A Micro-view of Macro Malware *** --------------------------------------------- Dridex is a botnet with multiple features, it is most known for stealing people's credentials on finance-related web sites. Despite the arrest of the gang behind the .. --------------------------------------------- http://labs.bromium.com/2015/12/03/a-micro-view-of-macro-malware/ *** Augen auf beim Weihnachts-Phish *** --------------------------------------------- In der Hoffnung auf satte Gewinne haben Kriminelle kräftig in ein möglichst authentisches Erscheinungsbild ihrer Phishing-Kampagnen investiert. Es wird immer schwieriger, nicht auf die zum Teil fast perfekten Fälschungen hereinzufallen. --------------------------------------------- http://heise.de/-3032829 *** Hello Barbie: Sicherheitsalbtraum im Kinderzimmer *** --------------------------------------------- Interaktive Puppe für Kinder nun auch mit Lücken im Server und in der App --------------------------------------------- http://derstandard.at/2000027045918 *** Netzwerk-Tools: Wireshark 2.0 und Nmap 7 veröffentlicht *** --------------------------------------------- Passwort-Cracker hashcat nun Open-Source --------------------------------------------- http://derstandard.at/2000027085336 *** GEOVAP Reliance 4 Control Server Unquoted Service Path Elevation Of Privilege *** --------------------------------------------- The application suffers from an unquoted search path issue impacting the service RelianceOpcDaWrapper for Windows deployed as part of Reliance 4 SCADA/HMI system installer including Reliance OPC Server. This could potentially allow an authorized .. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5285.php *** Web Analytics Service vulnerable to cross-site scripting *** --------------------------------------------- The JavaScript module for using Web Analytics Service which was provided by NTT DATA Smart Sourcing Corporation contains a cross-site scripting vulnerability. --------------------------------------------- http://jvn.jp/en/jp/JVN70083512/ *** Thriving Beyond The Operating System: Financial Threat Group TargetsVolume Boot Record *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-reco… *** Yahoo Mail: Webbrowser führten beliebigen Code in E-Mails aus *** --------------------------------------------- Nutzer, die mobil E-Mails von ihrem Yahoo-Konto abrufen, waren bedroht und Angreifer hätten ihnen ohne viel Aufwand Schadcode unterschieben können. --------------------------------------------- http://heise.de/-3033689 *** UK research network Janet under ongoing and persistent DDoS attack *** --------------------------------------------- Attackers seem to be adjusting methods in response to Tweets Publicly-funded academic computer network Janet has come under a persistent DDoS attack today, which hobbled multiple .. --------------------------------------------- www.theregister.co.uk/2015/12/07/janet_under_persistent_ddos_attack/ *** Security Advisory: AOL Desktop MiTM Remote File Write and Code Execution *** --------------------------------------------- AOL Desktop is "the all-in-one experience with mail, instant messaging, browsing, search, content, and dial-up connectivity". It is the direct successor of the old Windows AOL clients from the 1990s. Issues in AOL Desktop, version .. --------------------------------------------- http://lizardhq.org/2015/12/05/aol-desktop.html Aufgrund des Feiertages am morgigen Dienstag, den 08.12.2015, erscheint der nächste End-of-Shift Report erst am 09.12.2015.

1 0

Tageszusammenfassung - Freitag 4-12-2015
by Daily end-of-shift report 04 Dec '15

04 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 03-12-2015 18:00 − Freitag 04-12-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** No more security fixes for older OpenSSL branches *** --------------------------------------------- The OpenSSL Software Foundation has released new patches for the popular open-source cryptographic library, but for two of its older branches they will likely be the last security updates.This could spell trouble for some enterprise applications that bundle the 0.9.8 or 1.0.0 versions of OpenSSL and for older systems -- embedded devices in particular -- where updates are rare.OpenSSL 1.0.0t and 0.9.8zh, which were released Thursday, are expected to be the last updates because support for these... --------------------------------------------- http://www.cio.com/article/3011882/no-more-security-fixes-for-older-openssl… *** Automatic MIME Attachments Triage *** --------------------------------------------- [The post Automatic MIME Attachments Triage has been first published on /dev/random]A few weeks ago I posted a diary on the ISC SANS website about a script to automate the extraction and analyze of MIME attachments in emails. Being the happy owner of an old domain (15y), this domain is present in all spammer's mailing lists. I'm receiving a lot of spam and I like it. It helps me to collect interesting files and URLs. But... --------------------------------------------- https://blog.rootshell.be/2015/12/04/automatic-mime-attachments-triage/ *** Automating Phishing Analysis using BRO, (Fri, Dec 4th) *** --------------------------------------------- Determining the effectiveness of Phishing campaigns using metrics is great to be able to target awareness training for users and determining the effectiveness of your technical controls. The main questions you are trying to answer are : How many people were targeted by the phish? How many people replied? (If applicable) How many people visited the website in the email? How many people submitted credentials to the website? --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20441&rss *** "Bau keine eigenen Protokolle": Vodafone verletzt mit Secure E-Mail die erste Kryptoregel *** --------------------------------------------- Vodafones neuer E-Mail-Dienst Secure E-Mail soll den Austausch verschlüsselter E-Mails kinderleicht machen. Das Unternehmen macht jedoch in seiner Ankündigung kaum Angaben zur Sicherheit der verwendeten Verfahren. Deshalb haben wir nachgefragt - und sind verwirrt. --------------------------------------------- http://www.golem.de/news/bau-keine-eigenen-protokolle-vodafone-verletzt-mit… *** New edition of Windows 10 turns security nightmares into reality *** --------------------------------------------- Windows 10 IoT Core Pro lets thing-makers opt-out of security updates Microsofts released a new edition of Windows 10. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/12/04/new_version… *** An Introduction to Image File Execution Options *** --------------------------------------------- Image File Execution Options are used to intercept calls to an executable. Its in use for debugging, replacing and stopping specific executables.Categories: All Things DevTags: IFEOImage File Execution OptionsPieter ArntzregistrySecurity.hijack(Read more...) --------------------------------------------- https://blog.malwarebytes.org/development/2015/12/an-introduction-to-image-… *** Can you keep Linux-based ransomware from attacking your servers? *** --------------------------------------------- According to SophosLabs, Linux/Ransm-C ransomware is one example of the new Linux-based ransomware attacks, which in this case is built into a small command line program and designed to help crooks extort money through Linux servers. These Linux ransomware attacks are moving away from targeting end users and gravitating toward targeting Linux servers, web servers specifically, with a piece of software that encrypts data and is similar to what we've seen in previous years such as... --------------------------------------------- http://www.csoonline.com/article/3010996/application-security/can-you-keep-… *** Serverseitiges JavaScript: Node.js-Patch nun verfügbar *** --------------------------------------------- Das Update adressiert die letzte Woche gemeldete DoS-Schwachstelle und den Zugriffsfehler bei der JavaScript-Engine V8. Gleichzeitig umfasst es die ebenfalls diese Woche aktualisierten OpenSSL-Bibliotheken. --------------------------------------------- http://heise.de/-3031934 *** XML Secure Coding *** --------------------------------------------- ABSTRACT The XML (Extensible markup language) is a buzzword over the internet, rapidly maturing technology with powerful real world application, especially for management, organization, and exhibition of data. XML technology is solely concerned with the structure and description of data that are typically transported across the network in a bid for easily sharing between diverse... --------------------------------------------- http://resources.infosecinstitute.com/xml-secure-coding/ *** White hats, FBI and cops team up for Dorkbot botnet takedown *** --------------------------------------------- Your four-year reign of terror is (temporarily) over Operations of the Dorkbot botnet have been disrupted following an operation that brought together law enforcement agencies led by the FBI, Interpol and Europol, and various infosec firms. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/12/04/dorkbot_bot… *** Millions of smart TVs, phones and routers at risk from old vulnerability *** --------------------------------------------- A three-year-old vulnerability in a software component used in millions of smart TVs, routers and phones still hasnt been patched by many vendors, thus posing a risk, according to Trend Micro.Although a patch was issued for the component in December 2012, Trend Micro found 547 apps that use an older unpatched version of it, wrote Veo Zhang, a mobile threats analyst."These are very popular apps that put millions of users in danger; aside from mobile devices, routers, and smart TVs are all... --------------------------------------------- http://www.cio.com/article/3012073/security/millions-of-smart-tvs-phones-an… *** hashcat and oclHashcat have gone open source *** --------------------------------------------- https://hashcat.net/forum/thread-4880.html https://github.com/hashcat/ *** DSA-3413 openssl - security update *** --------------------------------------------- Multiple vulnerabilities have been discovered in OpenSSL, a SecureSockets Layer toolkit. The Common Vulnerabilities and Exposures projectidentifies the following issues: --------------------------------------------- https://www.debian.org/security/2015/dsa-3413 *** DFN-CERT-2015-1868: Redis: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1868/ *** Cisco Nexus 5000 Series USB Driver Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Standards Processing Engine (CVE-2015-7450) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21972329 *** IBM Security Bulletin: Vulnerability in Apache Commons affects Watson Explorer and Watson Content Analytics (CVE-2015-7450) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971733 *** IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by multiple vulnerabilities in OpenSSL including Logjam *** --------------------------------------------- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098960 *** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Tivoli Composite Application Manager for Application Diagnostics (CVE-2015-7450) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21972215 *** VU#294607: Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF *** --------------------------------------------- Vulnerability Note VU#294607 Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF Original Release date: 04 Dec 2015 | Last revised: 04 Dec 2015 Overview The Lenovo Solution Center application contains multiple vulnerabilities that can allow an attacker to execute arbitrary code with SYSTEM privileges. Description CWE-732: Incorrect Permission Assignment for Critical ResourceLenovo Solution Center creates a service called LSCTaskService, which runs with... --------------------------------------------- http://www.kb.cert.org/vuls/id/294607 *** SearchBlox File Exfiltration Vulnerability *** --------------------------------------------- This advisory provides mitigations details for a file exfiltration vulnerability in SearchBlox's web-based proprietary search engine application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-337-01 *** Honeywell Midas Gas Detector Vulnerabilities *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on November 5, 2015, and is being released to the ICS-CERT web site. This advisory provides mitigation details for two vulnerabilities in Honeywell's Midas gas detector. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02 *** WordPress Cool Video Gallery 1.9 Command Injection *** --------------------------------------------- Topic: WordPress Cool Video Gallery 1.9 Command Injection Risk: Low Text:Title: Command Injection in cool-video-gallery v1.9 Wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-11-29 ... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015120031

1 0

Tageszusammenfassung - Donnerstag 3-12-2015
by Daily end-of-shift report 03 Dec '15

03 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 02-12-2015 18:00 − Donnerstag 03-12-2015 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Botconf 2015 Wrap-Up Day #1 *** --------------------------------------------- [The post Botconf 2015 Wrap-Up Day #1 has been first published on /dev/random]Here we go for a new edition of the Botconf edition. Already the third one. This conference is moving every year across France and, after Nantes and Nancy, the organizers chose Paris and more precisely the Google France venue! --------------------------------------------- https://blog.rootshell.be/2015/12/02/botconf-2015-wrap-up-day-1/ *** ElasticZombie Botnet - Exploiting Elasticsearch Vulnerabilities *** --------------------------------------------- With the rise of inexpensive Virtual Servers and popular services that install insecurely by default, coupled with some juicy vulnerabilities (read: RCE - Remote Code Execution), like CVE-2015-5377 and CVE-2015-1427, this year will be an interesting one for Elasticsearch. --------------------------------------------- https://www.alienvault.com/open-threat-exchange/blog/elasticzombie-botnet-e… *** Industrial control system gateway fix opens Heartbleed, Shellshock *** --------------------------------------------- Metasploit module released to make 0day pwnage easy Rapid 7 security man Todd Beardsley says new firmware released to patch hardcoded SSH keys in Advantech EKI industrial control system gateways contains known brutal flaws including Shellshock, Heartbleed, and buffer overflows. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/12/03/industrial_… *** DSA-3411 cups-filters - security update *** --------------------------------------------- Michal Kowalczyk discovered that missing input sanitising in thefoomatic-rip print filter might result in the execution of arbitrarycommands. --------------------------------------------- https://www.debian.org/security/2015/dsa-3411 *** DFN-CERT-2015-1857/">Red Hat JBoss Enterprise Application Platform: Zwei Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1857/ *** 3G/4G cellural USB modems are full of critical security flaws, many 0-days *** --------------------------------------------- An analysis of popular 3G and 4G cellural USB modems and routers used around the world revealed a myriad of serious vulnerabilities in each of them. --------------------------------------------- http://www.net-security.org/secworld.php?id=19182 *** Kaspersky Security Bulletin 2015. Top security stories *** --------------------------------------------- The end of the year is traditionally a time for reflection - for taking stock of our lives before considering what lies ahead. We'd like to offer our customary retrospective of the key events that have shaped the threat landscape in 2015. --------------------------------------------- http://securelist.com/analysis/kaspersky-security-bulletin/72886/kaspersky-… *** A Case Study of Information Stealers: Part I *** --------------------------------------------- Introduction: A stealer is a type of malware that looks for passwords stored on the machine and sends them remotely (e.g. mail, HTTP) to an attacker. Most stealers use a web interface to facilitate browsing the data, especially if the targeted number of victims is important. --------------------------------------------- http://resources.infosecinstitute.com/a-case-study-of-information-stealers-… *** Report: Scripting languages most vulnerable, mobile apps need better crypto *** --------------------------------------------- According to an analysis of over 200,000 applications, PHP is the programming language with the most vulnerabilities, mobile apps suffer from cryptography problems, and developers are more likely to fix errors found with static instead of dynamic analysis. --------------------------------------------- http://www.cio.com/article/3011668/encryption/report-scripting-languages-mo… *** Botnetzbetreiber nutzen Dropbox als toten Briefkasten *** --------------------------------------------- Die Malware Lowball soll Dropbox-Accounts missbrauchen, um infizierte Rechner in einem Botnetz anzusteuern. So wollen Online-Kriminelle Ermittlern die Spurensuche erschweren. --------------------------------------------- http://heise.de/-3030993 *** Worldwide Cryptographic Products Survey: Edits and Additions Wanted *** --------------------------------------------- Back in September, I announced my intention to survey the world market of cryptographic products. The goal is to compile a list of both free and commercial encryption products that can be used to protect arbitrary data and messages. --------------------------------------------- https://www.schneier.com/blog/archives/2015/12/worldwide_crypt.html *** Week of Continuous Intrusion Tools - Day 4 - Common Abuse Set, Lateral Movement and Post Exploitation *** --------------------------------------------- Welcome to Day 4 of Week of Continuous Intrusion tools. We are discussing security of Continuous Integration (CI) tools in this series of blog posts. --------------------------------------------- http://www.labofapenetrationtester.com/2015/12/week-of-continuous-intrusion… *** Bugtraq: ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability *** --------------------------------------------- EMC NetWorker contains a resolution for a Denial-of-service vulnerability. The vulnerability when exploited may allow malicious users to disrupt NetWorker services on affected systems. --------------------------------------------- http://www.securityfocus.com/archive/1/537037 *** OpenSSL Security Advisory [3 Dec 2015] *** --------------------------------------------- BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) Certificate verify crash with missing PSS parameter (CVE-2015-3194) X509_ATTRIBUTE memory leak (CVE-2015-3195) Race condition handling PSK identify hint (CVE-2015-3196) --------------------------------------------- https://openssl.org/news/secadv/20151203.txt *** Security Advisory: Linux libuser vulnerability CVE-2015-3246 *** --------------------------------------------- libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges. (CVE-2015-3246) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/05/sol05770600.html?… *** Cisco SIP Phone 3905 Resource Limitation Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Unity Connection Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the HTTP web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IOS-XE 3S Platforms Series Root Shell License Bypass Vulnerability *** --------------------------------------------- A vulnerability in the way software packages are loaded in the Cisco IOS-XE Operating System for the Cisco IOS-XE 3S platforms could allow an authenticated, local attacker to gain restricted root shell access. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** IBM Security Bulletin *** --------------------------------------------- *** Vulnerability in Apache Commons affects IBM InfoSphere Discovery (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971529 --------------------------------------------- *** Vulnerabilities in GSKit affect IBM MQ Appliance (CVE-2015-7421, CVE-2015-7420) *** http://www.ibm.com/support/docview.wss?uid=swg21971500 --------------------------------------------- *** Vulnerabilities in GSKit 8 affect Tivoli Directory Server and IBM Security Directory Server (CVE-2015-7421, CVE-2015-7420) *** http://www.ibm.com/support/docview.wss?uid=swg21972076 --------------------------------------------- *** IBM Spectrum Scale (GPFS) Hadoop connector is affected by a security vulnerability (CVE-2015-7430) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022979 --------------------------------------------- *** IBM Spectrum Scale (GPFS) Hadoop connector is affected by a security vulnerability (CVE-2015-7430) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005461 --------------------------------------------- *** A vulnerability in IBM Java Runtime affects IBM Cognos Metrics Manager (CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21971753 --------------------------------------------- *** Multiple vulnerabilities in IBM Java Runtime affect IBM WebSphere Appliance Management Center (CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21971515 --------------------------------------------- *** Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime, affect IBM Endpoint Manager for Remote Control *** http://www.ibm.com/support/docview.wss?uid=swg21971798 --------------------------------------------- *** Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA (October 2015: CVE-2015-4872, CVE-2015-4911, CVE-2015-5006) *** http://www.ibm.com/support/docview.wss?uid=swg21972112 --------------------------------------------- *** Multiple vulnerabilities in IBM Java SDK affect Rational Method Composer (CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21971419 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM i (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021018 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM Lotus Mashups (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971925 --------------------------------------------- *** Infosphere BigInsights is affected by vulnerabilities in Apache HBase and Hive that could allow a remote attacker to gain unauthorized access to the system or authenticate with improper credentials (CVE-2015-1772, *** http://www.ibm.com/support/docview.wss?uid=swg21969546 --------------------------------------------- *** Vulnerability in Apache Commons affects RIT and RTCP in Rational Test Workbench, RTCP and RIT Agent in Rational Test Virtualization Server, and RIT Agent in Rational Performance Test Server (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971818 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management, and IBM Emptoris Services Procurement. (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971731 --------------------------------------------- *** Vulnerability in Apache Commons affects Enterprise Records *** http://www.ibm.com/support/docview.wss?uid=swg21971268 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM Sterling B2B Integrator (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971758 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM InfoSphere Information Server (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971410 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM WebSphere Service Registry and Repository (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971580 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM Algo Credit Administrator (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971240 --------------------------------------------- *** Vulnerability in Apache Commons Collections affects IBM Forms Experience Builder (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971536 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM Application Server on Cloud (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972179 --------------------------------------------- *** Multiple vulnerabilities in bundled components affects IBM SPSS Collaboration and Deployment Services (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971599 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM MQ Appliance (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971498 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM WebSphere Appliance Management Center (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971506 --------------------------------------------- *** IBM Vulnerability in Apache Commons affects IBM WebSphere Application Server Community Edition v3.0.0.4 (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972094 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM WebSphere Service Registry and Repository Studio (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971579 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM Cognos Metrics Manager (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971382 --------------------------------------------- *** Vulnerabilities in Apache Commons Collections and Apache Groovy affect IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns (CVE-2015-4852, CVE-2015-3253) *** http://www.ibm.com/support/docview.wss?uid=swg21971291 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM Tivoli Composite Application Manager Agent for WebSphere Applications (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972216 --------------------------------------------- *** Fix Available for Security Vulnerabilities in IBM WebSphere Portal (CVE-2015-4993, CVE-2015-4998, CVE-2015-5001, CVE-2015-7413) *** http://www.ibm.com/support/docview.wss?uid=swg21970176 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 2-12-2015
by Daily end-of-shift report 02 Dec '15

02 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 01-12-2015 18:00 − Mittwoch 02-12-2015 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** DSA-3408 gnutls26 - security update *** --------------------------------------------- It was discovered that GnuTLS, a library implementing the TLS and SSLprotocols, incorrectly validates the first byte of padding in CBC modes.A remote attacker can possibly take advantage of this flaw to perform apadding oracle attack. --------------------------------------------- https://www.debian.org/security/2015/dsa-3408 *** VU#630239: Epiphany Cardio Server version 3.3 is vulnerable to SQL and LDAP injection *** --------------------------------------------- The Epiphany Cardio Server prior to version 4.0 is vulnerable to SQL injection and LDAP injection, allowing an unauthenticated attacker to gain administrator rights. --------------------------------------------- http://www.kb.cert.org/vuls/id/630239 *** Cisco UCS Central Software Server-Side Request Forgery Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Saia Burgess Controls PCD Controller Hard-coded Password Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a hard-coded password vulnerability in Saia Burgess Controls's family of PCD controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-335-01 *** Schneider Electric ProClima ActiveX Control Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for remote code execution vulnerabilities in the Schneider Electric ProClima F1 Bookview ActiveX control application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-335-02 *** Siemens SIMATIC Communication Processor Vulnerability *** --------------------------------------------- This advisory provides mitigation details for an authentication bypass vulnerability in the Siemens SIMATIC Communication Processor devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-335-03 *** DSA-3409 putty - security update *** --------------------------------------------- A memory-corrupting integer overflow in the handling of the ECH (erasecharacters) control sequence was discovered in PuTTYs terminalemulator. A remote attacker can take advantage of this flaw to mount adenial of service or potentially to execute arbitrary code. --------------------------------------------- https://www.debian.org/security/2015/dsa-3409 *** Security Advisory - Privilege Escalation Vulnerability in Huawei LogCenter *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Security Advisory - DoS Vulnerability in Huawei LogCenter *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Entropy drought hits Raspberry Pi harvests, weakens SSH security *** --------------------------------------------- Hotfix posted online to shore up Raspbian key generation Raspberry Pis running Raspbian - a flavor of Debian GNU/Linux tuned for the credit-card-sized computers - apparently generate weak SSH host keys. --------------------------------------------- www.theregister.co.uk/2015/12/02/raspberry_pi_weak_ssh_keys/ *** DSA-3410 icedove - security update *** --------------------------------------------- Multiple security issues have been found in Icedove, Debians version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors,integer overflows, buffer overflows and other implementation errors maylead to the execution of arbitrary code or denial of service. --------------------------------------------- https://www.debian.org/security/2015/dsa-3410 *** Chrome für Linux: Google streicht 32-Bit-Version *** --------------------------------------------- Support endet März 2016 – Community kann weiterhin eigene Builds bauen --------------------------------------------- http://derstandard.at/2000026808558 *** BSides Vienna 2015 Slides *** --------------------------------------------- The slides of the BSides Vienna are available online and linked directly at the schedule page: https://bsidesvienna.at/talks/ You can also wget them: wget http://bsidesvienna.at/slides/2015/a_case_study_on_the_security_of_applicat… wget http://bsidesvienna.at/slides/2015/closing_slides.pdf wget http://bsidesvienna.at/slides/2015/crypto_wars_2.0.pdf wget http://bsidesvienna.at/slides/2015/digital_supply_chain_security.pdf wget --------------------------------------------- http://www.reddit.com/r/netsec/comments/3v50y7/bsides_vienna_2015_slides/ *** Security: Bug Bounty für Barbie-Puppen *** --------------------------------------------- Nicht nur Vtech-Spielzeug ist unsicher: Die umstrittene WLAN-Barbie von Mattel hält es mit der Sicherheit ebenfalls nicht so genau. Ein Hacker konnte aus der Puppe zahlreiche Informationen auslesen - und glaubt, auch die Serveranbindung manipulieren zu können. --------------------------------------------- http://www.golem.de/news/security-bug-bounty-fuer-barbie-puppen-1512-117769… *** Nessus and Powershell is like Chocolate and Peanut Butter!, (Wed, Dec 2nd) *** --------------------------------------------- In a typical security assessment, youll do authenticated scans of internal hosts, looking for vulnerabilities due to missed patches or configuration issues. I often use Nessus for this, but find that for a typical IT manager, the Nessus .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20431 *** Ponmocup *** --------------------------------------------- Ponmocup2. Dezember 2015Aktuell ist das Botnet, zu dem wir die meisten Infektionen gemeldet bekommen, immer noch Conficker. Weit abgeschlagen dahinter finden sich "gozi", "nymaim", "ZeuS" (incl. Varianten), "tinba" und "dyre". Die genauen Zahlen variieren stark, da ist die Konsistenz der Messungen nicht die beste.Jetzt haben wir einen neuen Namen hoch oben in der Liste: "Ponmocup". Die Malware selber ist nicht neu, manche setzten die --------------------------------------------- http://www.cert.at/services/blog/20151202163506-1641.html *** The Perils of Vendor Bloatware *** --------------------------------------------- In todays Stormcast, Johannes summarizes the current issue with some of the software that comes pre-installed on Dell Laptops. In short, Dell Foundation Services, which is used for remote management, allows unauthenticated WMI queries to be processed, .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20433 *** IBM Security Bulletin: A potential security vulnerability in WebSphere Liberty Profile affects InfoSphere Streams (CVE-2015-1927) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21967767 *** IBM Security Bulletin: IBM Cognos Business Intelligence Server 2015Q4 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21959874 *** IBM Security Bulletin: Multiple vulnerabilities in Apache HttpComponents affect IBM Cognos Metrics Manager (CVE-2012-6153, CVE-2014-3577) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970193 *** Dell verschlimmbessert die Foundation-Services-Lücke *** --------------------------------------------- Angreifer aus dem Web können bei bestimmten Dell-Rechnern den Service-Tag auslesen und die Nutzer so tracken. Dell hat diese Lücke nun geschlossen. Seit dem Update kann man allerdings unter anderem die gesamte Hardware-Konfiguration auslesen. --------------------------------------------- http://www.heise.de/security/meldung/Dell-verschlimmbessert-die-Foundation-…

1 0

Tageszusammenfassung - Dienstag 1-12-2015
by Daily end-of-shift report 01 Dec '15

01 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 30-11-2015 18:00 − Dienstag 01-12-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0 *** --------------------------------------------- Microsoft is aware of unconstrained digital certificates from Dell Inc. for which the private keys were inadvertently disclosed. [...] To help protect customers from potentially fraudulent use of these unconstrained digital certificates, the certificates have been deemed no longer valid by Dell Inc. and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of these certificates. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/3119884 *** SHA1 Phase Out Overview, (Mon, Nov 30th) *** --------------------------------------------- SHA1 (Secure Hashing Algorithm 1) has been in use for about 20 years. More recently, some weaknesses have been identified in SHA1, and in general, faster computing hardware makes it more and more likely that collisions willbe found. As a result, SHA2 starts to replace SHA1and you should see this impacting your users next year. Various software will stop trusting SHA1 signatures, and users may receive warnings about invalid signatures or certificates as a result. First a very quick primer on... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20423&rss *** Belkins N150 router is perfect for learning hacking skills - wait, what, its in production? *** --------------------------------------------- Practice your CSRF and DNS meddling exploits here Belkins home routers can be commandeered by hackers, thanks to a Telnet backdoor, a cross-site request forgery (CSRF) vulnerability and other bugs, were told. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/12/01/hole_in_bel… *** DDoS-Attacken gegen griechische Banken *** --------------------------------------------- Armada Collective weitet DDoS-Angriffe in Europa aus und erpresst nun Kreditinstitute in Griechenland. --------------------------------------------- http://www.heise.de/newsticker/meldung/DDoS-Attacken-gegen-griechische-Bank… *** Guest Talk: "Alice in the Sky - On Security of Air Traffic Control Communication" *** --------------------------------------------- January 14, 2016 - 2:00 pm - 4:45 pm SBA Research Favoritenstraße 16 1040 Wien --------------------------------------------- https://www.sba-research.org/events/guest-talk-alice-in-the-sky-on-security… *** Conficker, back from the undead, dominates malware threat landscape *** --------------------------------------------- Look out, ransomware is coming up on the rails Conficker was the most common malware used to attack UK and international organisations in October, accounting for 20 per cent of all attacks globally, according to security vendor Check Point. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/12/01/conficker_d… *** Nuclear Pack loads a fileless CVE-2014-4113 Exploit *** --------------------------------------------- http://malware.dontneedcoffee.com/2015/12/nuclear-pack-loading-fileless-cve… *** Reverse Engineering Intel DRAM Addressing and Exploitation *** --------------------------------------------- We demonstrate the power of such attacks by implementing a high speed covert channel that achieves transmission rates of up to 1.5Mb/s, which is three orders of magnitude faster than current covert channels on main memory. Finally, we show how our results can be used to increase the efficiency of the Rowhammer attack significantly by reducing the search space by a factor of up to 16384. --------------------------------------------- http://arxiv.org/abs/1511.08756 *** Dell Foundation Service ermöglicht Tracking von Nutzern *** --------------------------------------------- Im Dell Foundation Service zur Wartung von Computern klafft eine Schwachstelle, über die Angreifer die Service-Tag-Nummer auslesen können. Eine gefixte Version steht zum Download bereit. --------------------------------------------- http://heise.de/-3028416 *** "Crash Course - PCI DSS 3.1 is here. Are you ready?" Part II *** --------------------------------------------- Thanks to all who attended our recent webinar, "Crash Course - PCI DSS 3.1 is here. Are you ready?". During the stream, there were a number of great questions asked by attendees that didn't get answered due to the limited time. This blog post is a means to answer many of those questions. Still have... --------------------------------------------- https://blog.whitehatsec.com/crash-course-pci-dss-3-1-is-here-are-you-ready… *** l+f: Das Telegram-Protokoll macht Stalking einfach *** --------------------------------------------- Hat man die Telefonnummer eines Telegram-Nutzers, kann man relativ einfach dessen Online-Status überwachen. --------------------------------------------- http://heise.de/-3028550 *** Can you trust SSL encryption of your email provider? *** --------------------------------------------- Have you ever though how secure and reliable is your SSL/TLS connection to your email servers? A brief research about encryption implementation of the most popular free email providers. --------------------------------------------- https://www.htbridge.com/blog/can-you-trust-ssl-encryption-of-your-email-pr… *** Xen Heap Overflow in PC-Net II Emulator Lets Local Users on a Guest System Gain Elevated Privileges on the Host System *** --------------------------------------------- http://www.securitytracker.com/id/1034268 *** Security Notice - Statement on Pierre Kim Revealing Security Vulnerabilities in Huawei WiMAX Routers *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** Cisco ASR 1000 Series Root Shell License Bypass Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Cloud Services Router 1000V Command Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Web Security Appliance Native FTP Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security Advisory 2015-03: Vulnerability discovered in OTRS FAQ package *** --------------------------------------------- December 01, 2015 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security(a)otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2016-03-02] uid OTRS Security Team GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22... --------------------------------------------- https://www.otrs.com/security-advisory-2015-03-vulnerability-discovered-in-…

1 0

Tageszusammenfassung - Montag 30-11-2015
by Daily end-of-shift report 30 Nov '15

30 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 27-11-2015 18:00 − Montag 30-11-2015 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** IBM Security Bulletin: IBM Maximo Asset Management contains a vulnerability which could allow a user to log in with an expired password (CVE-2015-5017) *** --------------------------------------------- IBM Maximo Asset Management contains a vulnerability which could allow a user to log into the system with an expired password. This vulnerability could allow a local attacker to obtain sensitive information or compromise the integrity of the system. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21969052 *** IBM Security Bulletin: Security Bulletin: Vulnerability in Apache Commons affects IBM Endpoint Manager for Remote Control (CVE-2015-7450) *** --------------------------------------------- Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971490 *** Program:Win32/CompromisedCert.D *** --------------------------------------------- This threat is a Dell root certificate for which the private keys were leaked. This means a hacker can use this certificate to modify your browsing experience and steal sensitive information. --------------------------------------------- https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?na… *** Dell Root-CA-Desaster: Microsoft bringt Updates in Stellung *** --------------------------------------------- Mit einem Update für mehrere seiner Sicherheits-Tools will Microsoft zwei digitale Zertifikate entfernen, die auf Computern des Herstellers Dell zu Sicherheitsrisiken wurden. Erste Schadsoftware, die das Einfallstor nutzt, wurde bereits gefunden. --------------------------------------------- http://heise.de/-3025738 *** Turris Omnia Security Project protects home network users *** --------------------------------------------- The non-profit security research Turris Omnia project originating from the Czech Republic focuses on safety of SoHo users. The non-profit security research project originating from the Czech Republic, which focuses on safety of SoHo .. --------------------------------------------- http://securityaffairs.co/wordpress/42382/hacking/turris-omnia-router-proje… *** International NCSC One Conference 2016 *** --------------------------------------------- We are pleased to announce the fourth edition of our international One Conference 2016 that will take place at the World Forum in The Hague on April 5 and 6, 2016. Again the program will be informative and eye-opening offering something of interest to a wide variety of participants from private sectors, .. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/ncsc-one-conference-2016.ht… *** Lancom fixt Verschlüsselungsproblem in Routern *** --------------------------------------------- In verschiedenen Routern von Lancom klafft eine Schwachstelle, über die Angreifer verschlüsselte Verbindungen aufbrechen können. Workarounds sichern betroffene Geräte ab. --------------------------------------------- http://heise.de/-3026432 *** DFN-CERT-2015-1837: Xen: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1837/ *** Bugtraq: Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation *** --------------------------------------------- http://www.securityfocus.com/archive/1/537001 *** SSA-763427: Vulnerability in Communication Processor (CP) modules SIMATIC CP 343-1, TIM 3V-IE, TIM 4R-IE, and CP 443-1 *** --------------------------------------------- An authentication bypass vulnerability in Communication Processor (CP) module families SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 could allow unauthenticated users to perform administrative operations under certain conditions. --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427… *** Multiple serious vulnerabilities in RSI Videofied's alarm protocol *** --------------------------------------------- RSI Videofied are a French company that produce a series of alarm panels that are fairly unique in the market. They are designed to be battery powered and send videos from the detectors if the alarm is triggered. This is called video .. http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-vi… *** Forthcoming OpenSSL releases *** --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2e, 1.0.1q, 1.0.0t and 0.9.8zh. These releases will be made available on 3rd December between approx. 1pm and 5pm (UTC). They will fix a number of security defects, the highest of which is classified as "moderate" severity. --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2015-November/000045.html

1 0

Tageszusammenfassung - Freitag 27-11-2015
by Daily end-of-shift report 27 Nov '15

27 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 26-11-2015 18:00 − Freitag 27-11-2015 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter, Robert Waldner *** Reader's Digest and other WordPress Sites Compromised, Push Angler EK *** --------------------------------------------- Readers Digest is among the latest compromised sites pushing Angler EK. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/11/readers-digest-and-ot… *** Known 'Good' DNS, An Observation, (Thu, Nov 26th) *** --------------------------------------------- This has come up enough it seems worth noting for this U.S. Thanks Giving Holiday. The concept of public Domain Name Service (DNS) is not new, but worth discussing both the merits and pitfalls. Weve discussed DNS here quite a bit over the years, for a prospectus. There are a few (this is not an endorsement *quickly looks around for legal counsel and dodges them*) good services around that are known. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20419&rss *** DSA-3407 dpkg - security update *** --------------------------------------------- Hanno Boeck discovered a stack-based buffer overflow in the dpkg-debcomponent of dpkg, the Debian package management system. This flaw couldpotentially lead to arbitrary code execution if a user or an automatedsystem were tricked into processing a specially crafted Debian binarypackage (.deb) in the old style Debian binary package format. --------------------------------------------- https://www.debian.org/security/2015/dsa-3407 *** Apache Cordova vulnerable to improper application of whitelist restrictions *** --------------------------------------------- Apache Cordova contains a vulnerability where whitelist restrictions are not properly applied. --------------------------------------------- http://jvn.jp/en/jp/JVN18889193/ *** ManageEngine Firewall Analyzer fails to restrict access permissions *** --------------------------------------------- ManageEngine Firewall Analyzer provided by Zoho Corporation contains a vulerability where access permissions are not restricted. --------------------------------------------- http://jvn.jp/en/jp/JVN12991684/ *** ManageEngine Firewall Analyzer vulnerable to directory traversal *** --------------------------------------------- ManageEngine Firewall Analyzer provided by Zoho Corporation contains a directory traversal vulnerability. --------------------------------------------- http://jvn.jp/en/jp/JVN21968837/ *** Defending against Actual IT Threats *** --------------------------------------------- Roger Grimes has written an interesting paper: "Implementing a Data-Driven Computer Security Defense." His thesis is that most organizations dont match their defenses to the actual risks. His paper explains how it got to be this way, and how to fix it.... --------------------------------------------- https://www.schneier.com/blog/archives/2015/11/defending_again_4.html *** Adobe will Weiterverteilung von Flash Player einschränken *** --------------------------------------------- Ab Januar 2016 können nur noch Business-Anwender mit einer gültigen Lizenz den Flash Player zur Weiterverteilung herunterladen, verkündet Adobe. --------------------------------------------- http://heise.de/-3025473 *** Paper: Optimizing ssDeep for use at scale *** --------------------------------------------- Brian Wallace presents tool to optimize ssDeep comparisons.Malware rarely comes as a single file, and to avoid having to analyse each sample in a set individually, a fuzzy hashing algorithm tool like ssDeep can tell a researcherwhether two files are very similar - or not similar at all.When working with a large set of samples, the number of comparisons (which grows quadratically with the set size) may soon become extremely large though. To make this task more manageable, Cylance --------------------------------------------- http://www.virusbtn.com/blog/2015/11_27.xml?rss

1 0

Tageszusammenfassung - Donnerstag 26-11-2015
by Daily end-of-shift report 26 Nov '15

26 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 25-11-2015 18:00 − Donnerstag 26-11-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Verschlüsselung: Punkte auf der falschen elliptischen Kurve *** --------------------------------------------- Forscher der Ruhr-Universität Bochum haben einen schon lange bekannten Angriff auf Verschlüsselungsverfahren mit elliptischen Kurven in der Praxis umsetzen können. Verwundbar ist neben Java-Bibliotheken auch ein Hardware-Verschlüsselungsgerät von Utimaco. --------------------------------------------- http://www.golem.de/news/verschluesselung-punkte-auf-der-falschen-elliptisc… *** Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Shields up on potentially unwanted applications in your enterprise *** --------------------------------------------- Has your enterprise environment been bogged down by a sneaky browser-modifier which tricked you into installing adware from a seemingly harmless software bundle? Then you might have already experienced what a potentially unwanted application (PUA) can do. The good news is, the new opt-in feature for .. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/11/25/shields-up-on-potentiall… *** "Cyberangriffe werden besser und komplexer" *** --------------------------------------------- Vertreter österreichischer Unternehmen und Sicherheitsexperten diskutierten mit der futurezone über Trends in der Cyberkriminalität und den Schutz kritischer Infrastruktur. --------------------------------------------- http://futurezone.at/digital-life/cyberangriffe-werden-besser-und-komplexer… *** DSA-3405 smokeping - security update *** --------------------------------------------- Tero Marttila discovered that the Debian packaging for smokepinginstalled it in such a way that the CGI implementation of Apache httpd(mod_cgi) passed additional arguments to the smokeping_cgi program,potentially leading to arbitrary code execution in response to craftedHTTP requests. --------------------------------------------- https://www.debian.org/security/2015/dsa-3405 *** Serverseitiges JavaScript: Zwei offene Lücken in Node.js *** --------------------------------------------- Eine DoS-Schwachstelle und einen Out-of-Bounds-Zugriffsfehler bei der JavaScript-Engine V8 sind in unterschiedlichen Node.js-Versionen zu finden. Ein Patch soll nächste Woche veröffentlicht werden. --------------------------------------------- http://heise.de/-3022698 *** Ads on popular Search Engine are leading to Phishing Sites *** --------------------------------------------- The Reporting and Analysis Centre for Information Assurance (MELANI) and GovCERT.ch is aware of an ongoing phishing campaign that is targeting a large credit card issuer in Switzerland. What makes this phishing campaign somehow unique is the way how the phishers are advertising their phishing sites: while .. --------------------------------------------- http://www.govcert.admin.ch/blog/16/ads-on-popular-search-engine-are-leadin… *** Malware Researcher's Handbook (Demystifying PE File) *** --------------------------------------------- PE File Portable executable file format is a type of format that is used in Windows (both x86 and x64). As per Wikipedia, the portable executable (PE) format is a file format for executable, object code, DLLs, FON font files, and core dumps. The PE file .. --------------------------------------------- http://resources.infosecinstitute.com/2-malware-researchers-handbook-demyst… *** Smart Home: Sicherheitslücken im Zigbee-Protokoll demonstriert *** --------------------------------------------- Sicherheitsforscher haben auf der Sicherheitskonferenz Deepsec in Wien eklatante Mängel in der Sicherheit von Zigbee-Smart-Home-Geräten demonstriert. Es gelang ihnen, ein Türschloss zu übernehmen und zu öffnen. --------------------------------------------- http://www.golem.de/news/smart-home-sicherheitsluecken-im-zigbee-protokoll-… *** Windows Defender mit verstecktem Adware-Killer *** --------------------------------------------- Microsofts Virenschutz blokiert jetzt auch Adware. Eigentlich ist die nützliche Funktion für Unternehmensnetze gedacht – sie lässt sich aber auch auf gewöhnlichen Windows-Systemen freischalten, wie ein Test von heise Security zeigt. --------------------------------------------- http://heise.de/-3023579

1 0

Tageszusammenfassung - Mittwoch 25-11-2015
by Daily end-of-shift report 25 Nov '15

25 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 24-11-2015 18:00 − Mittwoch 25-11-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco Unified CallManager and Unified Presence Server ICMP Echo Request Handling Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-… *** A $10 Tool Can Guess (And Steal) Your Next Credit Card Number *** --------------------------------------------- A pattern in AmEx card numbers allows Samy Kamkars DIY gadget to predict and use new numbers for fraud as fast as the company can generate them. --------------------------------------------- http://www.wired.com/2015/11/samy-kamkar-10-dollar-tool-can-guess-and-steal… *** High-Security, Open-Source Router is a Hit on Indiegogo (Video) *** --------------------------------------------- The device is called the Turris Omnia, and its Indiegogo page says its a "hi-performance & open-source router." Their fundraising goal is $100,000. So far, 1,191 backers have pledged $248,446 (as of the moment this was typed), with 49 days left .. --------------------------------------------- http://linux.slashdot.org/story/15/11/24/1940251/high-security-open-source-… *** Hilton Acknowledges Credit Card Breach *** --------------------------------------------- Two months after KrebsOnSecurity first reported that multiple banks suspected a credit card breach at Hilton Hotel properties across the country, Hilton has acknowledged an intrusion involving malicious software found on some point-of-sale systems. --------------------------------------------- http://krebsonsecurity.com/?p=33068 *** Xen VPMU Feature May Let Local Users Deny Service, Obtain Information, and Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1034230 *** Unwanted Software and Harmful Programs *** --------------------------------------------- We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings including search engines, anti-virus programs, firewalls and and e-mail spam. Recently I came .. --------------------------------------------- https://blog.sucuri.net/2015/11/unwanted-software-and-harmful-programs.html *** Google kann nicht ohne weiteres geschützte Geräte entsperren *** --------------------------------------------- Ein Sicherheitsbericht des Bezirksstaatsanwalts von Manhattan berichtet von einer Hintertür, durch die Google auf richterlichen Beschluss in den USA auf bestimmte passwortgeschützte Android-Smartphones zugreifen können soll. Dem widerspricht jetzt ein Mitarbeiter des Android-Sicherheitsteams. --------------------------------------------- http://www.golem.de/news/android-sicherheit-google-kann-nicht-ohne-weiteres… *** House of Keys: Industry-Wide HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide *** --------------------------------------------- In the course of an internal research project we have analyzed the firmware images of more than 4000 embedded devices of over 70 vendors. The devices we have looked at include Internet gateways, routers, modems, IP cameras, VoIP phones, etc. We have specifically analyzed .. --------------------------------------------- http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html *** DSDTestProvider: Weiteres gefährliches Dell-Zertifikat entdeckt *** --------------------------------------------- Auf Dell-Computern ist ein weiteres CA-Zertifikat mitsamt privatem Schlüssel entdeckt worden. Damit kann jeder gültige Zertifikate ausstellen und die Verschlüsselung von Webseiten ad absurdum führen. Der Patch zum Löschen von eDellRoot ist verfügbar. --------------------------------------------- http://heise.de/-3020134 *** Internet Explorer: Microsoft stellt Support für fast alle Versionen ein *** --------------------------------------------- Ab Mitte Jänner wird nur mehr der IE11 mit Sicherheitsupdates versorgt – Fast ein Viertel der Web-Nutzer betroffen. --------------------------------------------- http://derstandard.at/2000026383964 *** Amazon.com setzt Passwörter von Kunden zurück *** --------------------------------------------- Einige Amazon-Kunden in den USA und Großbritannien müssen sich ein neues Passwort ausdenken. Amazon hat die Passwörter zurückgesetzt - eine reine Vorsichtsmaßnahme, wie es heißt. Doch das Statement von Amazon ist teilweise widersprüchlich und lässt viele Fragen offen. --------------------------------------------- http://www.golem.de/news/security-amazon-com-setzt-passwoerter-von-kunden-z… *** When Your CEO Won't Take Security Awareness Training *** --------------------------------------------- CEOs are often the busiest people in any organization. As security professionals, we should respect that: but what can we do when our CEO won't take security awareness training? This is not uncommon but it can be a hard nut for security .. --------------------------------------------- http://resources.infosecinstitute.com/when-your-ceo-wont-take-security-awar… *** Does prevalence matter? A different approach to traditional antimalware test scoring *** --------------------------------------------- Most well-known antimalware tests today focus on broad-spectrum malware. In other words, tests include malware that is somewhat indiscriminate (isnt necessarily targeted), at least somewhat prevalent and sometimes very prevalent. Typically,.. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/11/25/does-prevalence-matter-a… *** Moxa OnCell Central Manager Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for hardcoded credentials and authentication bypass vulnerabilities in the Moxa OnCell Central Manager Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-328-01 *** Tor-Betreiber starten Crowdfunding *** --------------------------------------------- Private Gelder sollen Abhängigkeit von US-Behörden reduzieren und Weiterentwicklung ermöglichen --------------------------------------------- http://derstandard.at/2000026409932 *** A Problem Shared *** --------------------------------------------- Information sharing has been a much discussed, but traditionally a hit-and-miss affair within the world of information security - after all, one's information can hardly be said to be secure if you're bandying it about to anyone who expresses .. --------------------------------------------- https://blog.team-cymru.org/2015/11/a-problem-shared/ *** Protecting Windows Networks - Dealing with credential theft *** --------------------------------------------- Credential theft is a huge problem, if you care to look at Verizon Data Breach reports over the years, you will see that use of stolen credentials was lingering at the top intrusion method for quite some time. They also prevalent in APT attacks. And why .. --------------------------------------------- https://dfirblog.wordpress.com/2015/11/24/protecting-windows-networks-deali… *** Ransomware Playbook - Guide for Handling Ransomware Infections *** --------------------------------------------- The following post demonstrates the writing process of a ransomware playbook for effective incident response and handling ransomware infections. --------------------------------------------- https://www.demisto.com/playbooks/playbook-for-handling-ransomware-infectio… *** Breach at IT Automation Firm LANDESK *** --------------------------------------------- LANDESK, a company that sells software to help organizations securely and remotely manage their fleets of desktop computers, servers and mobile devices, alerted employees last week that a data breach may have exposed their personal information. But LANDESK .. --------------------------------------------- http://krebsonsecurity.com/2015/11/breach-at-it-automation-firm-landesk

1 0

Tageszusammenfassung - Dienstag 24-11-2015
by Daily end-of-shift report 24 Nov '15

24 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 23-11-2015 18:00 − Dienstag 24-11-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Stealthy GlassRAT Spies on Commercial Targets *** --------------------------------------------- RSA has uncovered GlassRAT, a spy tool targeting commercial targets thats signed with a stolen certificate from a large developer in China. --------------------------------------------- http://threatpost.com/stealthy-glassrat-spies-on-commercial-targets/115453/ *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-… --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Multiple vulnerabilities in Apache Commons affecting IBM products *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971377 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971376 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971415 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971412 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971246 *** IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by operating system command vulnerability (CVE-2015-7426) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971484 *** IBM Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2015-7416 *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1020995 *** IBM Security Bulletin: IBM Smart Analytics System 5600 is affected by a vulnerability in IBM GPFS (CVE-2015-1788) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21969177 *** IBM Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect Sytem Storage DS8000 *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1005448 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect AppScan Standard (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970847 *** Security Advisory - Overflow Vulnerabilities in SNMPv3 *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Worlds most complex cash register malware plunders millions in US *** --------------------------------------------- ModPos kernel monster threatens haul during festive shopping blitz The worlds most complex sales till malware has been discovered ... after it ripped millions of bank cards from US retailers .. --------------------------------------------- www.theregister.co.uk/2015/11/24/modpos_point_of_sale_malware/ *** Break a dozen secret keys, get a million more for free *** --------------------------------------------- For many years NIST has officially claimed that AES-128 has "comparable strength" to 256-bit ECC, namely 128 "bits of security". Ten years ago, in a talk "Is 2255−19 big enough?", I disputed this claim. The underlying attack algorithms had already been known for years, and its not hard to see their impact on key-size selection; but somehow NIST hadnt gotten .. --------------------------------------------- http://blog.cr.yp.to/20151120-batchattacks.html *** Steam Weak File Permissions Privilege Escalation *** --------------------------------------------- A low privileged user could modify the steam.exe binary and obtain code execution with elevated privileges upon an administrator login or execution of steam.exe --------------------------------------------- http://www.securityfocus.com/archive/1/536961 *** Security Advisory - Memory Overflow Vulnerability in the Huawei Smartphone *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Root-CA-Zertifikat: Dell will eDellRoot über Update entfernen *** --------------------------------------------- Dell versichert, dass Besitzer eines Dell-Computers das vom Hersteller standardmäßig installierte gefährliche CA-Zertifikat über ein Update deinstallieren oder per Hand dauerhaft entfernen können. --------------------------------------------- http://heise.de/-3015616 *** 3 Attacks on Cisco TACACS+: Bypassing the Ciscos auth *** --------------------------------------------- I would like to tell the results of my little security research of TACACS+ protocol. --------------------------------------------- http://agrrrdog.blogspot.ca/2015/11/3-attacks-on-cisco-tacacs-bypassing.html *** Hackers do the Haka - Part 1 *** --------------------------------------------- Haka is an open source network security oriented language that allows writing security rules and protocol dissectors. In this first part of a two-part series, we will focus on writing security rules. --------------------------------------------- http://thisissecurity.net/2015/11/23/hackers-do-the-haka-part-1/ *** Heap Overflow in PCRE *** --------------------------------------------- There are two variants of PCRE, the classic one and PCRE2. PCRE2 is not affected. ... If you use PCRE with potentially untrusted regular expressions you should update immediately. There is no immediate risk if you use regular expressions from a trusted source with an untrusted input. --------------------------------------------- https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html *** Ermittlern gelingt Schlag gegen weltweit agierende Phisher-Bande *** --------------------------------------------- Das LKA Sachsen hat fünf Tatverdächtige verhaftet, die bandenmäßig mit Betrugsanrufen PIN-Codes für Online-Zahlungsgutscheine abgephisht haben sollen. --------------------------------------------- http://heise.de/-3016944 *** WP Page Widget <= 2.7 - Authenticated Reflected Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8317 *** Social Share Button <= 2.1 - Authenticated Persistent Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8326 *** Google kann Android-Geräte aus der Ferne entsperren *** --------------------------------------------- Google kann offensichtlich die Bildschirmsperren der meisten Android-Geräte auf Behördenanordnung zurücksetzen. Das geht aus dem Bericht eines New Yorker Bezirksstaatsanwalt hervor. Der einzige Schutz dagegen ist die Vollverschlüsselung. --------------------------------------------- http://heise.de/-3015984 *** WP Live Chat Support <= 4.3.5 - Unauthenticated Blind SQL Injection *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8343 *** WR ContactForm <= 1.1.9 - Authenticated SQL Injection *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8341

1 0

Tageszusammenfassung - Montag 23-11-2015
by Daily end-of-shift report 23 Nov '15

23 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 20-11-2015 18:00 − Montag 23-11-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Command and Control Server Detection: Methods & Best Practices *** --------------------------------------------- Botnet C&C servers issue commands in many ways Recently I discussed botnets and the way they represent an ongoing and evolving threat to corporate IT security. This time I'll be discussing .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/command-and-control-se… *** Cisco Networking Services Sensitive Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Deepsec: ZigBee macht Smart Home zum offenen Haus *** --------------------------------------------- ZigBee-Funknetze weisen nach neuen Erkenntnissen von Sicherheitsforschern eklatante Sicherheitsmängel auf. Die Technik wird beispielsweise bei der Steuerung von Türschlössern eingesetzt. --------------------------------------------- http://heise.de/-3010287 *** Blackberry Offers Lawful Device Interception Capabilities *** --------------------------------------------- An anonymous reader writes: Apple and Google have been vocal in their opposition to any kind of government regulation of cell phone encryption. BlackBerry, however, is taking a different stance, saying it specifically supports "lawful interception capabilities" .. --------------------------------------------- http://yro.slashdot.org/story/15/11/22/0048205/blackberry-offers-lawful-dev… *** JW Player 6 Plugin for Wordpress <= 2.1.14 - Authenticated Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8260 *** DSA-3401 openjdk-7 - security update *** --------------------------------------------- It was discovered that rebinding a receiver of a direct method handlemay allow a protected method to be accessed. --------------------------------------------- https://www.debian.org/security/2015/dsa-3401 *** Bugtraq: Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation *** --------------------------------------------- Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation --------------------------------------------- http://www.securityfocus.com/archive/1/536951 *** Data breach at firm that manages Cisco, Microsoft certifications *** --------------------------------------------- Pearson VUE says credentials manager product affected Cisco, IBM, Oracle and Microsofts certification management provider, Pearson VUE, has copped to a data breach following a malware .. --------------------------------------------- www.theregister.co.uk/2015/11/23/pearson_vue_data_breach_pcm/ *** Ist hier jemand Dell-Kunde? Die shippen anscheinend ... *** --------------------------------------------- Ist hier jemand Dell-Kunde? Die shippen anscheinend eine Backdoor-CA mit ihrem Windows.Aber, mal unter uns, wer sich irgendeinen PC kauft und nicht als erstes das Windows wegschmeisst und frisch neu installiert, dem ist eh nicht zu helfen.Daher war das ja .. --------------------------------------------- http://blog.fefe.de/?ts=a8adce6b *** WP Database Backup <= 3.3 - Authenticated Persistent Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8275 *** Pornography - A Favorite Costume For Android Malware *** --------------------------------------------- 30% of Internet traffic is in some way related to pornography and this is the primary reason why malware authors are using porn apps to infect large numbers of users. During recent data mining, we noticed an increasing volume of mobile malware using pornography (disguised as porn apps) to lure victims into different scams .. --------------------------------------------- http://research.zscaler.com/2015/11/pornography-favorite-costume-for.html

1 0

Tageszusammenfassung - Freitag 20-11-2015
by Daily end-of-shift report 20 Nov '15

20 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 19-11-2015 18:00 − Freitag 20-11-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** Trojanized adware family abuses accessibility service to install whatever apps it wants *** --------------------------------------------- Shedun does not exploit a vulnerability in the service, instead it takes advantage of the service's legitimate features. By gaining the permission to use the accessibility service, Shedun is able to read the text that appears on screen, determine if an application installation prompt is shown, scroll through the permission list, and finally, press the install button without any physical interaction from the user. --------------------------------------------- https://blog.lookout.com/blog/2015/11/19/shedun-trojanized-adware/ *** Tibbo AggreGate Platform Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for vulnerabilities in the Tibbo AggreGate SCADA/HMI package. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01 *** When Hunting BeEF, Yara rules. *** --------------------------------------------- BeEF, The Browser Exploitation Framework, is a penetration-testing tool focusing on web browsers. You can think of it as the Metasploit for web browsers security testing. In fact, it offers several modules that may allow the attacker to, for example, steal web login credentials, switch on microphone and camera, etc. --------------------------------------------- https://isc.sans.edu/diary/When+Hunting+BeEF%2C+Yara+rules./20395 *** HTTP Evasions Explained - Part 8 - Borderline Robustness *** --------------------------------------------- This is part eight in a series which explains the evasions done by HTTP Evader. This part looks into the excessive and inconsistent robustness attempts done by the browser vendors and how this can be used to evade firewalls. --------------------------------------------- http://noxxi.de/research/http-evader-explained-8-borderline-robustness.html *** Nmap 7 Released! *** --------------------------------------------- I encounter many folks at security conferences who havent heard about all the modern Nmap capabilities and still just use it as a simple port scanner. Folks who dont use (or at least know about) NSE, Ncat, Nping, Zenmap, Ndiff, version detection and IPv6 scanning are really missing out! --------------------------------------------- http://seclists.org/nmap-announce/2015/6 *** contrast-rO0 *** --------------------------------------------- A lightweight Java agent for preventing attacks against object deserialization like those discussed by @breenmachine and the original researchers @frohoff and @gebl, affecting WebLogic, JBoss, Jenkins and more. --------------------------------------------- https://github.com/Contrast-Security-OSS/contrast-rO0 *** Metasploit module: Chkrootkit Local Privilege Escalation *** --------------------------------------------- Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privsec. CVE: CVE-2014-0476 --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110179 *** ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting *** --------------------------------------------- ArcSight Management Center and ArcSight Logger contain a cross-site scripting vulnerability. --------------------------------------------- http://jvn.jp/en/jp/JVN51046809/ *** IBM Security Bulletin: IBM i Access for Windows affected by vulnerabilities CVE-2015-2023 and CVE-2015-7422 *** --------------------------------------------- IBM i Access for Windows is affected by vulnerabilities CVE-2015-2023 and CVE-2015-7422. These vulnerabilities affect the Windows system running the IBM i Access for Windows product. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1020996 *** IBM Security Bulletin: Multiple vulnerabilities in current releases of IBM WebSphere Real Time *** --------------------------------------------- Java SE issues disclosed in the Oracle October 2015 Critical Patch Update, plus CVE-2015-5006 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970978

1 0

Tageszusammenfassung - Donnerstag 19-11-2015
by Daily end-of-shift report 19 Nov '15

19 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 18-11-2015 18:00 − Donnerstag 19-11-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** GovCERT.ch zu den DDoS-Erpressungen *** --------------------------------------------- Die Kollegen aus der Schweiz haben ausführlich zu den aktuellen Erpressungsversuchen (DD4BC/Armada Collective) gebloggt und auch eine Zusammenfassung über Mitigations-Massnahmen geschrieben. --------------------------------------------- http://www.cert.at/services/blog/20151119115219-1633.html *** BSI veröffentlicht Bericht zur Lage der IT-Sicherheit in Deutschland 2015 *** --------------------------------------------- Der Bericht zur Lage der IT-Sicherheit in Deutschland beschreibt und analysiert die aktuelle IT-Sicherheitslage, die Ursachen von Cyber-Angriffen sowie die verwendeten Angriffsmittel und -methoden. Daraus abgeleitet thematisiert der Lagebericht Lösungsansätze zur Verbesserung der IT-Sicherheit in Deutschland. Der Lagebericht verdeutlicht, dass die Anzahl der Schwachstellen und Verwundbarkeiten in IT-Systemen weiterhin auf einem hohen Niveau liegt und ... --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2015/Lage_der_IT… *** ARRIS Cable Modem has a Backdoor in the Backdoor *** --------------------------------------------- While researching on the subject, I found a previously undisclosed backdoor on ARRIS cable modems, affecting many of their devices including TG862A, TG862G, DG860A. As of this writing, Shodan searches indicate that the backdoor affects over 600.000 externally accessible hosts and the vendor did not state whether its going to fix it yet. --------------------------------------------- https://w00tsec.blogspot.co.at/2015/11/arris-cable-modem-has-backdoor-in.ht… *** BSI veröffentlicht Sicherheitsstudie zu TrueCrypt *** --------------------------------------------- Im Auftrag des Bundesamtes für Sicherheit in der Informationstechnik (BSI) untersuchte das Fraunhofer-Institut für Sichere Informationstechnologie SIT die Verschlüsselungssoftware TrueCrypt auf Sicherheitslücken. ... Die Sicherheitsexperten kommen zu dem Ergebnis, dass TrueCrypt weiterhin für die Verschlüsselung von Daten auf Datenträgern geeignet ist. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2015/Sicherheits… *** ZDI-15-570: SQLite fts3_tokenizer Untrusted Pointer Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/U5RlY6kAls0/ *** Encrypt - Moderately Critical - Weak Encryption - SA-CONTRIB-2015-166 *** --------------------------------------------- This module enables you to encrypt data within Drupal using a user-configurable encryption method and key provider. The module did not sufficiently validate good configurations and api usage resulting in multiple potential weaknesses ... --------------------------------------------- https://www.drupal.org/node/2618362 *** Actors using exploit kits - How they change tactics, (Thu, Nov 19th) *** --------------------------------------------- Introduction Exploit kits (EKs) are used by criminals to infect unsuspecting users while they are browsing the web. EKs are hosted on servers specifically dedicated to the EK. How are the users computers directed to an EK? It happens through compromised websites. Threat actors compromise legitimate websites, and pages from these compromised servers have injected script that connects the users computer to an EK server. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20391&rss *** NVIDIA Driver Windows Control Panel Unquoted Search Path Lets Local Users Gain Elevated Privileges *** --------------------------------------------- The NVIDIA Control Panel executable Smart Maximize Helper (nvSmartMaxApp.exe) uses an unquoted path when launching process threads. A local user can place a specially crafted program in certain locations in the search path to cause arbitrary code to be executee with elevated privileges during Windows startup. --------------------------------------------- http://www.securitytracker.com/id/1034175 *** NVIDIA 3D Driver for Windows Named Pipe Access Control Flaw Lets Remote Authenticated Users Gain Elevated Privileges *** --------------------------------------------- The 3D Driver's 'Vision service' (nvSCPAPISvr.exe) creates a named pipe without proper access controls. A local user or a remote authenticated user can create a specially crafted run key entry to execute arbitrary command line statements with the privileges of the target user. In a Windows Domain environment, a remote authenticated user with access to a domain-joined system can exploit this flaw within the joined domain. --------------------------------------------- http://www.securitytracker.com/id/1034173 *** Microsoft Security Intelligence Report: Strontium *** --------------------------------------------- The Microsoft Security Intelligence Report (SIR) provides a regular snapshot of the current threat landscape, using data from more than 600 million computers worldwide. The latest report (SIRv19) was released this week and includes a detailed analysis of the actor group STRONTIUM - a group that uses zero-day exploits to collect the sensitive information of high-value targets in government and political organizations. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/11/18/microsoft-security-intel… *** NVIDIA NVAPI and Kernel Mode Driver Bugs Let Local Users Deny Service, Obtain Potentially Sensitive Information, and Gain Elevated Privielges *** --------------------------------------------- The NVAPI support layer of NVIDIA GPU graphics drivers does not properly validate user-supplied input. In addition, an integer overflow may occur in the kernel mode driver. A local user can exploit these vulnerabilities to potentially sensitive information, deny service, or execute arbitrary code on the target system with elevated privileges. --------------------------------------------- http://www.securitytracker.com/id/1034176 *** Open-Xchange Guard 2.0 Cross Site Scripting *** --------------------------------------------- Topic: Open-Xchange Guard 2.0 Cross Site Scripting Risk: Low Text:Product: Open-Xchange Guard Vendor: Open-Xchange GmbH Internal reference: 41466 (Bug ID) Vulnerability type: Cross-Site-Sc... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110166 *** Edgy online shoppers face Dyre Christmas as malware mutates *** --------------------------------------------- Bank-plundering code now hunts Windows 10 and its Edge browser VXers have cooked up Windows 10 and Edge support for the nasty Dyre or Dyreza banking trojan. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/19/edgy_online… *** Windows Sandbox Attack Surface Analysis *** --------------------------------------------- TL;DR; I've released my tools I use internally to test out sandboxed code and determine the likely attack surface exposed to an attacker if a sandboxed process is compromised. You can get the source code from https://github.com/google/sandbox-attacksurface-analysis-tools. This blog post will describe a few common use cases so that you can use them to do your own sandbox analysis. --------------------------------------------- http://googleprojectzero.blogspot.co.at/2015/11/windows-sandbox-attack-surf… *** Bugtraq: CVE-2015-8131: Kibana CSRF vulnerability *** --------------------------------------------- Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a CSRF attack. We have been assigned CVE 2015-8131 for this issue. CVSS Score: 4.0 Remediation: We recommend that all Kibana users upgrade to either 4.1.3, 4.2.1, or a later version. --------------------------------------------- http://www.securityfocus.com/archive/1/536935 *** Russian financial cybercrime: how it works *** --------------------------------------------- The Russian-language cybercrime market is known all over the world. Kaspersky Lab experts have been monitoring the Russian hacker underground since its emergence. In this review we analyze how financial cybercrime works. --------------------------------------------- http://securelist.com/analysis/publications/72782/russian-financial-cybercr… *** VMSA-2015-0008 *** --------------------------------------------- vCenter Server, vCloud Director, Horizon View information disclosure issue VMware products that use Flex BlazeDS may be affected by a flaw in the processing of XML External Entity (XXE) requests. A specially crafted XML request sent to the server could lead to unintended information be disclosed. ... The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-3269 to this issue. --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0008.html *** Cisco Unified Interaction Manager Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the web chat interface of Cisco Unified Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the chat on the affected system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-… *** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450) *** --------------------------------------------- An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by WebSphere Application Server and WebSphere Application Server Hypervisor Edition. This vulnerability does not affect the IBM HTTP Server or versions of WebSphere Application Server prior to Version 7.0. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970575

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily