Daily

daily@lists.cert.at

1 participants
3086 discussions

Tageszusammenfassung - Montag 24-04-2017
by Daily end-of-shift report 24 Apr '17

24 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-04-2017 18:00 − Montag 24-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Eingebauter Node.js-Server: Per Nvidia-Treiber lassen sich Schädlinge einschleusen *** --------------------------------------------- Nvidia-Treiber enthalten einen Node.js-Server - keine gute Idee: Damit lassen sich Sicherungsmechanismen wie Application Whitelisting umgehen. --------------------------------------------- https://heise.de/-3691119 *** OWASP Top 10: Die zehn wichtigsten Sicherheitsrisiken bekommen ein Update *** --------------------------------------------- Risiken durch Injections, Fehler beim Session Management und XSS bleiben weiterhin hoch. Im vorliegenden Entwurf finden sich neben bekannten Sicherheitslücken .. --------------------------------------------- https://www.golem.de/news/owasp-top-10-die-zehn-wichtigsten-sicherheitsrisi… *** SquirrelMail < 1.4.22 - Remote Code Execution *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2017040157 *** Shellcode Analysis- Basics *** --------------------------------------------- In this article, we will look at how what shellcode is, what is its purpose and various shellcode patterns, etc. Please note that this article will not cover how a shellcode is .. --------------------------------------------- http://resources.infosecinstitute.com/shellcode-analysis-basics/ *** FIN7 Evolution and the Phishing LNK *** --------------------------------------------- FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html *** Amazon: Phishing-Kampagne ködert mit Datenschutzgrundverordnung *** --------------------------------------------- Angebliche von Amazon versendete Mails sind derzeit häufig im E-Mail-Postfach zu finden. Nach gefälschten Umsatzsteuerrechnungen gibt es neuerdings eine Phishing-Kampagne, die .. --------------------------------------------- https://www.golem.de/news/amazon-phishing-kampagne-koedert-mit-datenschutzg… *** Sicherheitsupdate: Angreifer könnten Inhalte von Confluence-Wikis einsehen *** --------------------------------------------- Wer Confluence einsetzt, sollte eine der ab sofort verfügbaren abgesicherte Version installieren. --------------------------------------------- https://heise.de/-3692816

1 0

Tageszusammenfassung - Freitag 21-04-2017
by Daily end-of-shift report 21 Apr '17

21 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-04-2017 18:00 − Freitag 21-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** 20 Linksys Router Models Vulnerable To Attack *** --------------------------------------------- Researchers say more than 100,000 Linksys routers in use today could be vulnerable to 10 flaws found in 20 separate router models made by the company. --------------------------------------------- http://threatpost.com/20-linksys-router-models-vulnerable-to-attack/125085/ *** The History of Fileless Malware - Looking Beyond the Buzzword *** --------------------------------------------- What's the deal with "fileless malware"? Though many security professionals cringe when they hear this term, lots of articles and product brochures mention fileless malware in the context of threats that are difficult to resist and investigate. Below is my attempt to look beyond the buzzword, tracing the origins of this term and outlining the malware samples that influenced how we use... Read more --------------------------------------------- https://zeltser.com/fileless-malware-beyond-buzzword/ *** Archive.org Abused to Deliver Phishing Pages *** --------------------------------------------- The Internet Archive is a well-known website and more precisely for its "WaybackMachine" service. It allows you to search for and display old versions of websites. The current Alexa ranking is 262 which makes it a "popular and trusted" website. Indeed, like I explained in a recent SANS ISC diary, whitelists [...] --------------------------------------------- https://blog.rootshell.be/2017/04/20/archive-org-abused-deliver-phishing-pa… *** Analysis of a Maldoc with Multiple Layers of Obfuscation, (Fri, Apr 21st) *** --------------------------------------------- Thanks to our readers, we get often interesting samples to analyze. This time, Frederick sent us a malicious Microsoft Word document called Invoice_6083.doc (which was delivered in a zip archive). I had a quick look [...] --------------------------------------------- https://isc.sans.edu/diary/Analysis+of+a+Maldoc+with+Multiple+Layers+of+Obf… *** TLS-Interception: Sophos-Firewall wird von Chrome-Änderung überrascht *** --------------------------------------------- Nutzer, die den Chrome-Browser hinter einer Firewall von Sophos nutzen, sehen zur Zeit nur Zertifikatswarnungen. Die neue Chrome-Version ignoriert den sogenannten CommonName, der schon seit 17 Jahren als veraltet gilt. (Sophos, Browser) --------------------------------------------- https://www.golem.de/news/tls-interception-sophos-firewall-wurd-von-chrome-… *** Domain Fronting *** --------------------------------------------- In this article, we are going to learn about a very interesting and powerful technique known as Domain Fronting which is a circumvention technique based on HTTPS that hides the true destination from the censor. What is Domain Fronting? Domain fronting is a technique to circumvent the censorship employed for certain domains(censorship may be for [...] --------------------------------------------- http://resources.infosecinstitute.com/domain-fronting/ *** Top-ranked programming Web tutorials introduce vulnerabilities into software *** --------------------------------------------- Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials. The process The researchers identified popular tutorials by inputing search terms such as "mysql tutorial", [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/04/21/programming-tutorials-vulnerabil… *** Security vulnerability in unmaintained Drupal contrib module puts 120000 sites at risk *** --------------------------------------------- [...] The module is currently used by over 120 000 individual Drupal installations, but is no longer maintained. The last update was done in February 2013. Unfortunately a critical security vulnerability in this references module has been reported by the Drupal core security team as SA-CONTRIB-2017-38: [...] --------------------------------------------- http://drupal.sh/vulnerable-drupal-contrib-module-puts-120000-sites-at-risk *** References - Unsupported - SA-CONTRIB-2017-38 *** --------------------------------------------- [...] Updates: 2017-04-18 -- This issue has been resolved with the release of references 7.x-2.2 --------------------------------------------- https://www.drupal.org/node/2869138 *** cURL/libcurl TLS Session Resumption Client Certificate Bug Lets Remote Users Bypass Security Restrictions on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1038341 *** SSHD vulnerability CVE-2017-6128 *** --------------------------------------------- https://support.f5.com/csp/article/K92140924 *** DFN-CERT-2017-0704: FreeType: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0704/ *** Security Advisory - Buffer Overflow vulnerability in the GaussDB *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170420-… *** Security updates available in Foxit Reader 8.3 and Foxit PhantomPDF 8.3 *** --------------------------------------------- Foxit has released Foxit Reader 8.3 and Foxit PhantomPDF 8.3, which address potential security and stability issues. --------------------------------------------- https://www.foxitsoftware.com/support/security-bulletins.php *** Vuln: Linux Kernel CVE-2017-7645 Multiple Denial of Service Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/97950 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274) *** http://www.ibm.com/support/docview.wss?uid=swg22002280 --------------------------------------------- *** IBM Security Bulletin: Plugin Uploads in IBM UrbanCode Deploy Vulnerable to XML Injection (CVE-2016-9007) *** http://www-01.ibm.com/support/docview.wss?uid=swg2C1000289 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM BigFix Remote Control. *** http://www-01.ibm.com/support/docview.wss?uid=swg22000544 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(CVE-2016-5556, CVE-2016-5597 and CVE-2016-5542) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996985 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerability in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2016-5597 CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000580 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM Marketing Software products suite (CVE-2014-3625) *** http://www.ibm.com/support/docview.wss?uid=swg22002110 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect InfoSphere Optim Performance Manager (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002204 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 20-04-2017
by Daily end-of-shift report 20 Apr '17

20 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 19-04-2017 18:00 − Donnerstag 20-04-2017 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** DFN-CERT-2017-0683/">GnuTLS: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0683/ *** Cisco Security Advisories *** --------------------------------------------- *** Cisco ASA Software DNS Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Network Registrar DNS Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco FindIT Network Probe Information Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Integrated Management Controller Arbitrary Code Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Integrated Management Controller User Session Hijacking Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Integrated Management Controller Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Integrated Management Controller Command Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASA Software SSL/TLS Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASA Software IPsec Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Bereiten Sie sich schon 2017 auf die Datenschutz-Grundverordnung vor: Wichtige Fragen *** --------------------------------------------- Die neue Datenschutz-Grundverordnung wird in diesem Jahr in vielen Branchen bei Entscheidungen zu Sicherheitslösungen eine wichtige Rolle spielen. Die Höhe der möglichen Geldbußen .. --------------------------------------------- https://securingtomorrow.mcafee.com/languages/german/bereiten-sie-sich-scho… *** Drupal Core - Critical - Access Bypass - SA-CORE-2017-002 *** --------------------------------------------- https://www.drupal.org/SA-CORE-2017-002 *** Organizations are not effectively dealing with open source security threats *** --------------------------------------------- Black Duck conducts hundreds of open source code audits annually, primarily related to Merger & Acquisition transactions. Its Center for Open Source Research & Innovation .. --------------------------------------------- https://www.helpnetsecurity.com/2017/04/20/open-source-security-threats/ *** DNS Query Length... Because Size Does Matter, (Thu, Apr 20th) *** --------------------------------------------- In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass securitycontrols. DNS tunnelling is a common way to establish .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22326 *** Malware: Schadsoftware bei 1.200 Holiday-Inn- und Crown-Plaza-Hotels *** --------------------------------------------- Wer im vergangenen Jahr auf Geschäftsreise oder im Urlaub in den USA gewesen ist, sollte seine Kreditkartenabrechnungen prüfen: Zahlungsterminals zahlreicher .. --------------------------------------------- https://www.golem.de/news/malware-schadsoftware-bei-1-200-holiday-inn-und-c… *** Spyware Disguised as System Update Survived on Play Store for Almost Three Years *** --------------------------------------------- An Android app named "System Update" that secretly contained a spyware family named SMSVova, survived on the official .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/spyware-disguised-as-system-… *** [R2] Tenable Appliance 4.5.0 Fixes Multiple Vulnerabilities *** --------------------------------------------- On 2017-04-18, security researcher "agix" published an exploit for the remote command execution flaw (VulnDB 153135). As such, customers are more strongly encouraged to upgrade immediately. --------------------------------------------- https://www.tenable.com/security/tns-2017-07 *** Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) *** --------------------------------------------- In the last few months, I have been testing several Trend Micro products with Steven Seeley (@steventseeley). Together, we have found more than 200+ RCE (Remote Code Execution) vulnerabilities .. --------------------------------------------- http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-se… *** Stealing sensitive browser data with the W3C Ambient Light Sensor API *** --------------------------------------------- In this post we describe and demonstrate a neat trick to exfiltrate sensitive information from your // --------------------------------------------- https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c… *** Combating a spate of Java malware with machine learning in real-time *** --------------------------------------------- In recent weeks, we have seen a surge in emails carrying fresh malicious Java (.jar) malware that use new techniques to evade antivirus protection. But with our research team’s automated expert .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/04/20/combating-a-wave-of-jav… *** Browser-Updates für Chrome und Firefox stopfen kritische Lücken *** --------------------------------------------- Sowohl Google als auch Mozilla haben kritische Sicherheitslücken in ihren Web-Browsern gestopft. Diese können von Angreifern für Drive-By-Attacken missbraucht werden. --------------------------------------------- https://heise.de/-3689571 *** Abusing NVIDIAs node.js to bypass application whitelisting *** --------------------------------------------- Application WhitelistingApplication whitelisting is an important security concept which can be found in many environments during penetration testing. The basic idea is to create a .. --------------------------------------------- http://blog.sec-consult.com/2017/04/application-whitelisting-application.ht… *** DNSSEC: ISC läutet Schlüsseltausch für BIND9 ein *** --------------------------------------------- Das Update ist für alle BIND9-Betreiber wichtig, die die Software zum Validieren von signierten DNS-Antworten einsetzen, aber kein automatisches Schlüssel-Update eingerichtet haben. --------------------------------------------- https://heise.de/-3689170

1 0

Tageszusammenfassung - Mittwoch 19-04-2017
by Daily end-of-shift report 19 Apr '17

19 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-04-2017 18:00 − Mittwoch 19-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Trojaner greift gezielt österreichische Banken-Apps an *** --------------------------------------------- Eine kürzlich im Play Store entdeckte Malware versucht Bankdaten von 400 Apps abzugreifen, darunter Bawag, Erste Bank und Volksbank. --------------------------------------------- https://futurezone.at/digital-life/trojaner-greift-gezielt-oesterreichische… *** Hajime IoT worm infects devices to head off Mirai *** --------------------------------------------- Mirai is the name of the worm that has taken control of many IoT devices around the world and used them to mount DDoS attacks, the most high-profile of which was directed against US-based DNS provider Dyn and resulted in many websites and online services being inaccessible for hours on end. Its source code was leaked by the author, which lead to the creation of more botnets, and an increased fear that [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/04/19/hajime-iot-worm/ *** Firmware-Status von AVM-Routern checken: Kritisches Sicherheitsloch in Fritzbox-Firmware gestopft *** --------------------------------------------- Durch eine kritische Sicherheitslücke in FritzOS könnten Angreifer beliebte Fritzbox-Modelle wie die 7490 aus der Ferne kapern. AVM hat die Lücke in den Routern bereits mit Firmware-Version 6.83 geschlossen - allerdings ohne es zu wissen. --------------------------------------------- https://heise.de/-3687437 *** Hunting for Malicious Excel Sheets, (Wed, Apr 19th) *** --------------------------------------------- Recently, I found a malicious Excel sheet which contained a VBA macro. One particularity of this file was that useful information was stored in cells. The VBA macro read and used them to download the malicious PE file. The Excel file looked classic, asking the user to enable macros: But below, around the 1000th row, some cells were hidden: Once expanded, they revealed interesting values: The macro code used the contain of those cells: [...] --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22322&rss *** Owncloud/Nextcloud: Passwörter im Bugtracker *** --------------------------------------------- Wer bei Owncloud oder Nextcloud einen Bugreport melden möchte, wird nach dem Inhalt seiner Konfigurationsdatei gefragt. Viele Nutzer kamen dem nach - und gaben damit ihre Passwörter öffentlich preis. --------------------------------------------- https://www.golem.de/news/owncloud-nextcloud-passwoerter-im-bugtracker-1704… *** A Remote Attack on the Bosch Drivelog Connector Dongle *** --------------------------------------------- In this blog post, I discuss the vulnerabilities of the Bosch Drivelog Connector OBD-II dongle found by the Argus Research Team. The vulnerabilities allowed us to stop the engine of a moving vehicle using the Drivelog platform. --------------------------------------------- https://argus-sec.com/remote-attack-bosch-drivelog-connector-dongle/ *** Internet routing weakness could cost Bitcoin users *** --------------------------------------------- A flaw in the underlying design of the Internet could be very expensive for Bitcoin users, researchers find. --------------------------------------------- https://nakedsecurity.sophos.com/2017/04/18/internet-routing-weakness-could… *** Meet PINLogger, the drive-by exploit that steals smartphone PINs *** --------------------------------------------- Sensors in phones running both iOS and Android reveal all kinds of sensitive info. --------------------------------------------- https://arstechnica.com/security/2017/04/meet-pinlogger-the-drive-by-exploi… *** BrickerBot Permanent Denial-of-Service Attack (Update A) *** --------------------------------------------- This updated alert is a follow-up to the original alert titled ICS-ALERT-17-102-01A BrickerBot Permanent Denial-of-Service Attack that was published April 12, 2017, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of open-source reports of "BrickerBot" attacks, which exploit hard-coded passwords in IoT devices in order to cause a permanent denial of service (PDoS). This family of botnets, which consists of BrickerBot.1 and BrickerBot.2, was described in a Radware Attack Report. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-102-01A *** Cryptographic security risks are amplified in DevOps settings *** --------------------------------------------- Cryptographic security risks are amplified in DevOps settings, where compromises in development or test environments can spread to production systems and applications, according to a study conducted by Dimensional Research. According to the study, many organizations fail to enforce vital cryptographic security measures in their DevOps environments. These problems are especially acute among organizations that are in the midst of adopting DevOps practices, but even organizations that say their [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/04/19/devops-settings/ *** What is File Integrity Monitoring and Why You Need It *** --------------------------------------------- The news is rife with stories of successful attacks against servers, point-of-sale (POS) systems, IoT devices and more where an attacker has gained access to an organization's IT assets and changed or inserted new files and data to do something malicious. Just a search on malware highlights a seemingly-endless list of variants including the recent exposure of NSA-backed malware that exploits Windows systems, the re-emergence of Dridex (designed to capture banking credentials), new malware [...] --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/what-is-file-integrity… *** HPESBGN03734 rev.1 - HPE Vertica Analytics Platform, Remote Gain Privileged Access *** --------------------------------------------- A potential security vulnerability has been identified in HPE Vertica Analytics Platform. This vulnerability could be remotely exploited to gain privileged access. --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn037… *** VMSA-2017-0008 *** --------------------------------------------- VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0008.html *** Oracle Critical Patch Update - April 2017 *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html *** Solaris Third Party Bulletin - April 2017 *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/bulletinapr2017-3680911.h… *** Oracle Linux Bulletin - April 2017 *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2017-3664… *** Oracle VM Server for x86 Bulletin - April 2017 *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/ovmbulletinapr2017-366462… *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-… --------------------------------------------- *** Security Advisory - OpenSSL Montgomery multiplication may produce incorrect results Vulnerability *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-… --------------------------------------------- *** Security Advisory - DoS Vulnerability in Some Huawei Products *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-… --------------------------------------------- *** Security Advisory - Input Validation Vulnerability in Multiple Huawei Products *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-… --------------------------------------------- *** Security Advisory - Plaintext Storage of Users' Safe Passwords in the Files APP in Huawei Mobile Phones *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in zlib affect IBM SDK for Node.js (CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843) *** http://www.ibm.com/support/docview.wss?uid=swg22001567 --------------------------------------------- *** IBM Security Bulletin: Privilege escalation vulnerability affects IBM Security Guardium (CVE-2017-1122) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997868 --------------------------------------------- *** IBM Security Bulletin: Fix available for Sensitive Data Exposure Vulnerability in IBM Cúram Social Program Management (CVE-2016-9978) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001782 --------------------------------------------- *** IBM Security Bulletin: Fix available for DOM based Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2016-9979) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001780 --------------------------------------------- *** IBM Security Bulletin: Fix available for Reflected Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2016-9980) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001779 --------------------------------------------- *** IBM Security Bulletin: Fix available for a Privilege Escalation Vulnerability in IBM Cúram Social Program Management (CVE-2016-8923) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001774 --------------------------------------------- *** IBM Security Bulletin: Access Manager Client in IBM DataPower Gateways is vulnerable to a denial of service attack. *** http://www.ibm.com/support/docview.wss?uid=swg22001789 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem models 840 and 900 *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010111 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem model V840 *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010112 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 18-04-2017
by Daily end-of-shift report 18 Apr '17

18 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-04-2017 18:00 − Dienstag 18-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Protecting customers and evaluating risk *** --------------------------------------------- Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched. Below is our update on the investigation. When a potential vulnerability is reported to... --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-an… *** Ab sofort keine Updates mehr für Windows 7 und 8.1-Nutzer mit neuer Hardware *** --------------------------------------------- Es bleibt den Usern somit nur mehr das Upgrade auf Windows 10 --------------------------------------------- http://derstandard.at/2000056017223 *** Mysterious Microsoft patch killed 0-days released by NSA-leaking Shadow Brokers *** --------------------------------------------- Microsoft fixed critical vulnerabilities in uncredited update released in March. --------------------------------------------- https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-wer… *** Warnung - Betrugsversuche *** --------------------------------------------- Wir weisen darauf hin, dass E-Mails im Umlauf sind, die von gefälschten OeNB-Absende-Adressen aus verschickt werden. [...] Die versendeten E-Mails beinhalten Schadsoftware [...] --------------------------------------------- https://www.oenb.at/Ueber-Uns/Rechtliche-Grundlagen/warnung-betrugsversuche… *** Email Tracking Pixels Used for Pre-Hack Info Gathering *** --------------------------------------------- A simple email marketing trick is also abused by cyber-criminals, who are employing a technique known as "pixel tracking" to gather information on possible targets or to improve the efficiency of phishing attacks. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/email-tracking-pixels-used-f… *** FIRST releases twenty years of conference materials *** --------------------------------------------- The leading association of incident response and security teams publishes its repository of twenty years of incident response learnings. --------------------------------------------- https://www.first.org/newsroom/releases/20170418 *** Edge Plagued by Various Security Flaws, Not as Secure as Microsoft Boasts *** --------------------------------------------- Microsoft never shied away from claiming that Edge is a much more secure browser than Chrome. Even some third-party tests have sustained its claims. Nonetheless, there are currently three different issues affecting Edge, which Microsoft might not like you knowing about. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/edge-plagued-by-various-secu… *** Wartungsarbeiten Donnerstag, 20. 4. 2017 *** --------------------------------------------- Am Donnerstag, 20. April 2017, ab etwa 19h, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu kurzen Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen,... --------------------------------------------- http://www.cert.at/services/blog/20170418151642-1969.html *** VU#676632: IBM Lotus Domino server IMAP EXAMINE command stack buffer overflow *** --------------------------------------------- Vulnerability Note VU#676632 IBM Lotus Domino server IMAP EXAMINE command stack buffer overflow Original Release date: 17 Apr 2017 | Last revised: 17 Apr 2017 Overview IBM Lotus Domino server, versions IMAP service contains a stack-based buffer overflow vulnerability in the EXAMINE command. This can allow a remote, authenticated attacker to execute arbitrary code with the privileges of the Domino server Description IBM Lotus Domino includes an IMAP server. This server contains a stack buffer... --------------------------------------------- http://www.kb.cert.org/vuls/id/676632 *** NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control *** --------------------------------------------- ProSAFE Plus Configuration Utility is vulnerable to improper access control. --------------------------------------------- http://jvn.jp/en/jp/JVN08740778/ *** Security Notice - Statement on Command Injection Vulnerability in Huawei HG532n Product *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170418-01-… *** 2107-04 Security Bulletin: Multiple Vulnerabilities in NorthStar Controller Application before version 2.1.0 Service Pack 1. *** --------------------------------------------- Multiple vulnerabilities have been resolved in the NorthStar Controller Application starting from version 2.1.0 Service Pack 1 and all subsequent releases. --------------------------------------------- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10783&cat=SIRT_1… *** cURL and libcurl vulnerabilities in F5 products *** --------------------------------------------- https://support.f5.com/csp/article/K84940705 https://support.f5.com/csp/article/K85235351 https://support.f5.com/csp/article/K17742627 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Tealeaf Customer Experience (CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000439 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-8610 and CVE-2017-3731 ) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021869 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Systems Director Platform Agent (CVE-2017-3731, CVE-2017-3732) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1025103 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA (CVE-2016-5597, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000386 --------------------------------------------- *** IBM Security Bulletin: IBM Connections Docs is Vulnerable to a Denial of Service (CVE-2016-4483) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001680 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010105 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010106 --------------------------------------------- *** IBM Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On *** http://www-01.ibm.com/support/docview.wss?uid=swg22000445 --------------------------------------------- *** IBM Security Bulletin: Multiple ZLIB vulnerabilities affect IBM Mobile Connect *** http://www.ibm.com/support/docview.wss?uid=swg22000094 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products. *** http://www-01.ibm.com/support/docview.wss?uid=swg22000816 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2016-2183) *** http://www.ibm.com/support/docview.wss?uid=swg22001712 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900 *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010012 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Campaign, IBM Contact Optimization *** http://www.ibm.com/support/docview.wss?uid=swg21992598 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 14-04-2017
by Daily end-of-shift report 14 Apr '17

14 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 13-04-2017 18:00 − Freitag 14-04-2017 18:02 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Zero Day Exploit: Magento-Onlineshops sind wieder gefährdet *** --------------------------------------------- Wer eine Magento-basierte Onlineshop-Lösung verwendet, sollte dringend seine Einstellungen überprüfen. Ein Sicherheitslücke erlaubt die Kompromittierung der Installation und bringt die Kunden in Gefahr. Der Hersteller arbeitet wohl an einem Patch, kommuniziert dies jedoch nicht vernünftig. --------------------------------------------- https://www.golem.de/news/zero-day-exploit-magento-onlineshops-sind-wieder-… *** Exploit Kit Activity Quiets, But Is Far From Silent *** --------------------------------------------- Here are the exploit kits to watch for over the next three to six months. --------------------------------------------- http://threatpost.com/exploit-kit-activity-quiets-but-is-far-from-silent/12… *** Shadow Brokers Release New Batch of Files Containing Windows and SWIFT Exploits *** --------------------------------------------- On Good Friday and ahead of the Easter holiday, the Shadow Brokers have dumped a new collection of files, containing what appears to be exploits and hacking tools targeting Microsofts Windows OS and the SWIFT banking system. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/shadow-brokers-release-new-b… *** BSI definiert Mindeststandard für sichere Web-Browser *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat Mindestanforderungen für sichere Web-Browser veröffentlicht. In einer Tabelle vergleicht die Behörde vier aktuelle Browser - einer wies demnach eine schwerwiegende Einschränkung auf. --------------------------------------------- https://heise.de/-3686044 *** Phishing with Unicode Domains *** --------------------------------------------- If I told you this could be a phishing site, would you believed me? tl;dr: check out the proof-of-concept --------------------------------------------- https://www.xudongz.com/blog/2017/idn-phishing/ *** Critical Patch Update - April 2017 - Pre-Release Announcement *** --------------------------------------------- Critical Patch Update - April 2017 - Pre-Release Announcement --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html *** 2017-04 Security Bulletin: EX Series: Crafted IPv6 NDP packet causing a slow memory leak on EX Series Switches (CVE-2017-2315) *** --------------------------------------------- A vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switches to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. --------------------------------------------- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10781 *** Heap Overflow Vulnerability in Citrix NetScaler Gateway Could Result in Arbitrary Code Execution *** --------------------------------------------- A heap overflow vulnerability has been identified in Citrix NetScaler Gateway that could allow a remote, authenticated user to execute arbitrary commands on the NetScaler Gateway appliance as a root user. --------------------------------------------- https://support.citrix.com/article/CTX222657 *** cURL and libcurl vulnerability CVE-2016-8622 *** --------------------------------------------- cURL and libcurl vulnerability CVE-2016-8622. Security Advisory. Security Advisory Description. ** RESERVED ** This candidate ... --------------------------------------------- https://support.f5.com/csp/article/K23391972 *** VMSA-2017-0007 *** --------------------------------------------- VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0007.html *** Wecon Technologies LEVI Studio HMI Editor *** --------------------------------------------- This advisory contains mitigation details for heap-based buffer overflow and stack-based buffer overflow vulnerabilities in the Wecon Technologies LEVI Studio HMI Editor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-103-01 *** Schneider Electric Modicon M221 PLCs and SoMachine Basic *** --------------------------------------------- This advisory contains mitigation details for use of hard-coded cryptographic key and protection mechanism failure vulnerabilities in Schneider Electric's Modicon M221 PLCs and SoMachine Basic. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-103-02 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services potential Cross Site Scripting vulnerabilities (CVE-2017-1160) *** http://www.ibm.com/support/docview.wss?uid=swg22001574 --------------------------------------------- *** IBM Security Bulletin: IBM API Connect Developer Portal is vulnerable to unauthenticated remote code execution (CVE-2017-1161) *** http://www.ibm.com/support/docview.wss?uid=swg22000316 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services *** http://www.ibm.com/support/docview.wss?uid=swg22001536 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by tar vulnerabilities (CVE-2010-0624 CVE-2016-6321) *** http://www.ibm.com/support/docview.wss?uid=isg3T1025085 --------------------------------------------- *** IBM Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2016-6816) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998864 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight *** http://www.ibm.com/support/docview.wss?uid=swg21999652 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 *** http://www.ibm.com/support/docview.wss?uid=swg21999649 --------------------------------------------- *** IBM Security Bulletin: Unvalidated redirection URL vulnerability in IBM Marketing Platform (CVE-2016-0228) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001952 --------------------------------------------- Next End-of-Shift report: 2017-04-18

1 0

Tageszusammenfassung - Donnerstag 13-04-2017
by Daily end-of-shift report 13 Apr '17

13 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 12-04-2017 18:00 − Donnerstag 13-04-2017 18:02 Handler: Alexander Riepl Co-Handler: n/a *** BrickerBot Permanent Denial-of-Service Attack *** --------------------------------------------- NCCIC/ICS-CERT is aware of open-source reports of “BrickerBot” attacks, which exploit hard-coded passwords in IoT devices in order to cause a permanent denial of .. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-102-01 *** India to world+dog: Go ahead, please hack our elections ... if you can *** --------------------------------------------- Не волнуйтесь. Мы уже это сделали, товарищи Following demands for an investigation into the security of Indias electronic voting machines, the countrys .. --------------------------------------------- www.theregister.co.uk/2017/04/12/india_electronic_election_hacking/ *** Hintergrund: Forensik-Tools patzen bei neuer Windows-Kompression *** --------------------------------------------- Mit Hilfe einer noch weitgehend unbekannten Dateikompression namens 'Compact OS' könnten sich Schad-Programme und andere Beweismittel einer forensischen Untersuchung eines PCs entziehen. Wir haben sechs Standard-Forensik-Tools getestet. --------------------------------------------- https://heise.de/-3676075 *** WordPress plugin "WP Statistics" vulnerable to cross-site scripting *** --------------------------------------------- http://jvn.jp/en/jp/JVN62392065/ *** SAP schließt kritische Lücke in der Search Engine TREX *** --------------------------------------------- TREX ist in über einem Dutzend SAP-Produkten verbaut und erlaubte fast zwei Jahre das Einschleusen und Ausführen von Code. Diese und 14 weitere Lücken schließt der Hersteller im Rahmen des April-Patchdays. --------------------------------------------- https://heise.de/-3685632 *** Akamai reports UDP DDOS Using C-LDAP reaching 24Gbps, (Thu, Apr 13th) *** --------------------------------------------- Akamai researchers Jose Arteaga Wilber Mejia have posted details on a new reflected DDOS apprach, using the Connectionless LDAP protocol (on udp/389). Reflected UDP attacks arent new, but using CLDAP seems to be. Which made me wonder who are the folks that decided that their AD (or other LDAP directory) .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22300 *** Samsung: Keine Sicherheitslücken in Smart-TVs *** --------------------------------------------- Der Elektronikkonzern will die Sicherheit seines in die Kritik geratenen Betriebssystems Tizen ins rechte Licht rücken und verkündet, dass weder Smart TVs noch Smartwatches .. --------------------------------------------- https://heise.de/-3685732

1 0

Tageszusammenfassung - Mittwoch 12-04-2017
by Daily end-of-shift report 12 Apr '17

12 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 11-04-2017 18:00 − Mittwoch 12-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Fake News at Work in Spam Kingpin’s Arrest? *** --------------------------------------------- Over the past several days, many Western news media outlets have predictably devoured thinly-sourced reporting from a Russian publication that the arrest last week of a Russian spam kingpin in Spain was related to hacking attacks linked to last year’s U.S. election. While there .. --------------------------------------------- https://krebsonsecurity.com/2017/04/fake-news-at-work-in-spam-kingpins-arre… *** Schneider Electric Modicon Modbus Protocol *** --------------------------------------------- This advisory contains mitigation details for authentication bypass by capture-replay and violation of secure design principles vulnerabilities in Schneider Electric’s Modicon Modbus protocol. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01 *** Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2) *** --------------------------------------------- Posted by Gal Beniamini, Project ZeroIn this blog post well continue our journey into gaining remote kernel code execution, by means of Wi-Fi communication alone. Having previously developed a remote code execution exploit .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms… *** CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler *** --------------------------------------------- FireEye recently detected malicious Microsoft Office RTF documents that leverage CVE-2017-0199, a previously undisclosed vulnerability. This vulnerability .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handl… *** Patchday: Adobe stopft kritische Lücken in Acrobat, Reader, Flash und Photoshop *** --------------------------------------------- Kritische Lücken in Flash sowie in Adobe Acrobat und Reader benötigen sofortige Aufmerksamkeit. Auf ungepatchten Systemen können Angreifer Schadcode aus der Ferne ausführen. Photoshop ist diesmal auch mit Sicherheitslücken beim Patchday dabei. --------------------------------------------- https://heise.de/-3682970 *** Malicious Image Defacement Hidden from Search Engines *** --------------------------------------------- After carefully designing a theme and images that represent your brand, nothing is worse than seeing a malicious image suddenly associated with your business or website. In a recent blog post, we discussed a case in which a .. --------------------------------------------- https://blog.sucuri.net/2017/04/malicious-image-defacement-hidden-from-sear… *** JSA10753 - 2016-07 Security Bulletin: SRX Series: Upgrades using partition option may allow unauthenticated root login (CVE-2016-1278) *** --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10753 *** Sundown EK gone missing, Terror EK flavours seen in active drive-by campaigns *** --------------------------------------------- With another player out at the moment, we take a look at a rebranded exploit kit in current malware .. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2017/04/sundown-ek-gone-missi… *** IT-Sicherheit: Wie ich mein Passwort im Stack Trace fand *** --------------------------------------------- Unser Autor hat versehentlich das MySQL-Passwort seiner Webseite veröffentlicht. Hier schreibt er, wie es dazu kam. Er berichtet, warum Fehler selbst dann passieren, wenn .. --------------------------------------------- https://www.golem.de/news/it-sicherheit-wie-ich-mein-passwort-im-stack-trac… *** Patchday: Microsoft sichert Office gegen aktive Angriffe ab *** --------------------------------------------- Im April verteilt Microsoft zwölf Sicherheitsupdates und stopft mehrere als kritisch eingestufte Schwachstellen. Aktuell haben es Angreifer gezielt auf eine Office-Lücke abgesehen. --------------------------------------------- https://heise.de/-3683358 *** Investigation Finds Inmates Built Computers, Hid Them In Prison Ceiling *** --------------------------------------------- An anonymous reader quotes a report from WRGB: The discovery of two working computers hidden in a ceiling at the Marion Correctional Institution prompted an investigation by the state into how inmates got access. In late .. --------------------------------------------- https://hardware.slashdot.org/story/17/04/12/0328239/investigation-finds-in… *** Kelihos.E *** --------------------------------------------- Kelihos.E Botnet – Law Enforcement Takedown On Monday April 10th 2017, The US Department of Justice (DOJ) announced a successful operation to take down the Kelihos Botnet and arrest the suspected botnet operator. The .. --------------------------------------------- http://blog.shadowserver.org/2017/04/12/kelihos-e/ *** New NAS Vulnerabilities are as Bad as they Get *** --------------------------------------------- If you have a QNAP network attached storage (NAS) device, you’d better make sure the firmware is updated. Earlier this year, F-Secure Senior Security .. --------------------------------------------- https://safeandsavvy.f-secure.com/2017/04/12/new-nas-vulnerabilities-are-pr…

1 0

Tageszusammenfassung - Dienstag 11-04-2017
by Daily end-of-shift report 11 Apr '17

11 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 10-04-2017 18:00 − Dienstag 11-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Longhorn: Tools used by cyberespionage group linked to Vault 7 *** --------------------------------------------- Spying tools and operational protocols detailed in the recent Vault 7 leak have been used in cyberattacks against at least 40 targets in 16 different countries by a group Symantec calls Longhorn. Symantec has been protecting its .. --------------------------------------------- https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-g… *** Mirai Botnet Temporarily Adds Bitcoin Mining Component, Removes It After a Week *** --------------------------------------------- For around a week at the end of March, one of the many versions of the Mirai malware was spotted delivering a Bitcoin-mining module to its infected .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mirai-botnet-temporarily-add… *** Support-Ende erreicht: Tschüss, Vista *** --------------------------------------------- Am heutigen 11. April endet der Support für Windows Vista. Eine Träne wird deswegen wohl kaum jemand vergießen, dabei steckten viele tolle Neuerungen darin. --------------------------------------------- https://heise.de/-3675983 *** Understanding and Discovering Open Redirect Vulnerabilities *** --------------------------------------------- One of the most common and largely overlooked vulnerabilities by web developers is Open Redirect (also known as "Unvalidated Redirects and Forwards"). A website is vulnerable to .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Understanding-and-Disco… *** Microsoft Word 0day used to push dangerous Dridex malware on millions *** --------------------------------------------- Blast could give a boost to Dridex, one of the Internets worst bank-fraud threats. --------------------------------------------- https://arstechnica.com/security/2017/04/microsoft-word-0day-used-to-push-d… *** Malware belauscht Sensoren und knackt Handysperre *** --------------------------------------------- Von Forschern geschriebener Schädling nutzt Browserleck und neuronales Netzwerk, um Sperrcode zu errechnen --------------------------------------------- http://derstandard.at/2000055738573 *** Breaking Signal: A Six-Month Journey *** --------------------------------------------- Researchers spent six months poking holes in Signal and urge a bigger spotlight on security testing. --------------------------------------------- http://threatpost.com/breaking-signal-a-six-month-journey/124888/ *** DSA-3828 dovecot - security update *** --------------------------------------------- It was discovered that the Dovecot email server is vulnerable to adenial of service attack. When the dict passdb and userdb are usedfor user authentication, the .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3828 *** Security Bulletins posted *** --------------------------------------------- Adobe has published security bulletins for Adobe Campaign (APSB17-09), Adobe Flash Player (APSB17-10), Adobe Acrobat and Reader (APSB17-11), Adobe Photoshop (APSB17-12) and the Creative Cloud Desktop Application (APSB17-13). Adobe recommends users update their product installations to the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1457 *** Nach Hacker-Festnahme: FBI will Kelihos-Botnetz endgültig stilllegen *** --------------------------------------------- Schon kurz nachdem der mutmaßlich verantwortliche Cyberkriminelle in Spanien festgenommen wurde, haben US-Behörden offenbar mehrere Maßnahmen eingeleitet, um das Botnetz Kelihos ein für alle mal außer Gefecht zu setzen. --------------------------------------------- https://heise.de/-3682746

1 0

Tageszusammenfassung - Montag 10-04-2017
by Daily end-of-shift report 10 Apr '17

10 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 07-04-2017 18:00 − Montag 10-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Sicherheitsforscher: IoT-Hersteller machen es Bugjägern unnötig schwer *** --------------------------------------------- Ein Sicherheitsexperte hat nicht nur diverse Bugs in Kameras, NAS-Laufwerken, mobilen Routern oder einem Retinascanner gefunden, sondern auch dokumentiert, wie wenig die betroffenen Hersteller mit solchen Meldungen anfangen können. --------------------------------------------- https://heise.de/-3678493 *** Apache Struts 2 Exploits Installing Cerber Ransomware *** --------------------------------------------- Attackers are attempting to exploit the recent Apache Struts vulnerability on Windows servers and the payload is a variant of the Cerber ransomware. --------------------------------------------- http://threatpost.com/apache-struts-2-exploits-installing-cerber-ransomware… *** Matrix Ransomware Spreads to Other PCs Using Malicious Shortcuts *** --------------------------------------------- The Matrix Ransomware gears up for higher distribution by using EITest, the Rig Exploit kit, while .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/matrix-ransomware-spreads-to… *** Baseband Zero Day Exposes Millions of Mobile Phones to Attack *** --------------------------------------------- A previously undisclosed baseband vulnerability impacting Huawei smartphones, laptop WWAN modules .. --------------------------------------------- http://threatpost.com/baseband-zero-day-exposes-millions-of-mobile-phones-t… *** Malware auf Zerstörungsjagd: BrickerBot legt unsichere IoT-Geräte still *** --------------------------------------------- Unsichere IoT-Geräte werden meist im Stillen gekapert und als Hilfsarmee für DDoS-Attacken eingesetzt. Jetzt .. --------------------------------------------- https://heise.de/-3678861 *** A quick look at the Ikea Trådfri lighting platform *** --------------------------------------------- Ikea recently launched their Trådfri smart lighting platform in the US. The idea of Ikea plus internet security together at last seems like a pretty terrible one, but having taken a look its surprisingly competent. Hardware-wise, .. --------------------------------------------- http://mjg59.dreamwidth.org/47803.html *** Equation Group: Die Shadow Brokers veröffentlichen NSA-Geheimnisse *** --------------------------------------------- Die Shadow Brokers haben keine Lust mehr - oder sind von Donald Trump wirklich enttäuscht. Das Passwort zum verschlüsselten Archiv ist jetzt im Netz. Die Gruppe hatte Exploits .. --------------------------------------------- https://www.golem.de/news/equation-group-die-shadow-brokers-veroeffentliche… *** Apple finally teaches Android music app to validate certificates *** --------------------------------------------- Cupertinos so keen on Android it took eight months to repair interception bug If youre so .. --------------------------------------------- www.theregister.co.uk/2017/04/10/apple_music_vulnerability/ *** Hackers set off Dallas’ 156 emergency sirens over a dozen times *** --------------------------------------------- https://arstechnica.com/security/2017/04/hackers-set-off-dallas-156-emergen… *** Alleged Spam King Pyotr Levashov Arrested *** --------------------------------------------- Authorities in Spain have arrested a Russian computer programmer thought to be one of the worlds most notorious spam kingpins. Spanish police arrested Pyotr .. --------------------------------------------- https://krebsonsecurity.com/2017/04/alleged-spam-king-pyotr-levashov-arrest… *** WP Statistics <= 12.0.4 - Reflected Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8794 *** Telekom Austria war von NSA-Angriff betroffen *** --------------------------------------------- Laut Daten der Hackergruppe Shadow Brokers hat die NSA vor Jahren Rechner der Telekom Austria unter ihre Kontrolle gebracht. Die Telekom untersucht dies. --------------------------------------------- https://futurezone.at/digital-life/telekom-austria-war-von-nsa-angriff-betr… *** Schwerwiegende Microsoft Word-Lücke erlaubt Fremdzugriff *** --------------------------------------------- McAfee berichtet von Exploit, mit dem Angreifer Code auf Zielcomputer ausführen kann --------------------------------------------- http://derstandard.at/2000055670310 *** SQL Injection in extension "Event management and registration" (sf_event_mgt) *** --------------------------------------------- https://typo3.org/news/article/sql-injection-in-extension-event-management-… *** SQL Injection in extension "News system" (news) *** --------------------------------------------- https://typo3.org/news/article/sql-injection-in-extension-news-system-news/ *** Hacker nehmen zunehmend Amazon-Händler ins Visier *** --------------------------------------------- Drittanbieter auf der Handelsplattform Amazon geraten zunehmend ins Visier von Cyber-Betrügern. --------------------------------------------- https://futurezone.at/digital-life/hacker-nehmen-zunehmend-amazon-haendler-… *** Notes on Windows Uniscribe Fuzzing *** --------------------------------------------- Posted by Mateusz Jurczyk of Google Project ZeroAmong the total of 119 vulnerabilities with CVEs fixed by Microsoft in the March Patch Tuesday a few weeks ago, .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/04/notes-on-windows-uniscribe-fu… *** Symantec dokumentiert Verbindung zwischen angeblichen CIA-Tools und weltweiten Attacken *** --------------------------------------------- In mindestens 16 Ländern attackierte eine Gruppe namens Longhorn Firmen, Organisationen und Regierungen. Und Longhorn nutzte dabei die jetzt von Wikileaks als Vault 7 veröffentlichten, angeblichen CIA-Tools, stellt Symantec fest. --------------------------------------------- https://heise.de/-3680265

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily