Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - Freitag 5-05-2017
by Daily end-of-shift report 05 May '17

05 May '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-05-2017 18:00 − Freitag 05-05-2017 18:00 Handler: Robert Waldner Co-Handler: Petr Sikuta *** Bondnet botnet goes after vulnerable Windows servers *** --------------------------------------------- A botnet consisting of some 2,000 compromised servers has been mining cryptocurrency for its master for several months now, "earning" him around $1,000 per day. GuardiCore researchers first spotted it in December 2016, and have been mapping it out and following its evolution since then. The've dubbed it Bondnet, after the handle its herder uses online [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/05/04/compromised-windows-servers/ *** Unpatched WordPress Password Reset Vulnerability Lingers *** --------------------------------------------- A zero day vulnerability exists in WordPress Core that in some instances, could allow an attacker to reset a users password and in turn, gain access to their account. --------------------------------------------- http://threatpost.com/unpatched-wordpress-password-reset-vulnerability-ling… *** 1 Million Gmail Users Impacted by Google Docs Phishing Attack *** --------------------------------------------- Researchers said good social engineering and users' trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday's Google Docs phishing attacks would spread quickly. --------------------------------------------- http://threatpost.com/1-million-gmail-users-impacted-by-google-docs-phishin… *** New Mac Malware Manages to Spy on Encrypted Browser Traffic *** --------------------------------------------- This blog was written by Douglas McKee. There's a new cyberattack targeted at Mac OS users'a malware program called OSX/Dok. Discovered late last week primarily in Europe, the program is capable of spying on encrypted browser traffic to steal sensitive information. You heard correctly: it can eavesdrop on all of your web browsing. How does [...] --------------------------------------------- https://securingtomorrow.mcafee.com/business/new-mac-malware-manages-spy-en… *** Dridex and Locky Return Via PDF Attachments in Latest Campaigns *** --------------------------------------------- Dridex and Locky, two prolific malware families that made waves in 2016 after being distributed in several high-volume spam campaigns, have returned after a brief hiatus. FireEye observed a decline in the volume of Dridex and Locky in the latter half of 2016, but we recently observed two new large campaigns. While the PDF downloader described in this post is responsible for spreading both Dridex and Locky, for the purposes of this blog, we will be discussing the PDF downloader and the Dridex [...] --------------------------------------------- http://www.fireeye.com/blog/threat-research/2017/05/dridex_and_lockyret.html *** Intel ME-Firmware: Hersteller kündigen Patches für Intel-Exploit an *** --------------------------------------------- Bald sollen die ersten Updates für die Schwachstelle in der Management Engine von Intel-Systemen erscheinen. Derweil gibt es Unklarheit über Details zu der Sicherheitslücke. --------------------------------------------- https://www.golem.de/news/intel-me-firmware-hersteller-kuendigen-patches-fu… *** Carbanak Attackers Devise Clever New Persistence Trick *** --------------------------------------------- Hackers behind the Carbanak criminal gang have devised a clever way to gain persistence on targeted systems to more effectively pull off financially motivated crimes. --------------------------------------------- http://threatpost.com/carbanak-attackers-devise-clever-new-persistence-tric… *** [SANS ISC] HTTP Headers' the Achilles' heel of many applications *** --------------------------------------------- When browsing a target web application, a pentester is looking for all "entry" or "injection" points present in the pages. Everybody knows that a static website with pure HTML code is less juicy compared to a [...] --------------------------------------------- https://blog.rootshell.be/2017/05/05/sans-isc-http-headers-achilles-heel-ma… *** Snake malware ported from Windows to Mac *** --------------------------------------------- Snake, also known as Turla and Uroburos, is backdoor malware that has been around and infecting Windows systems since at least 2008. It is thought to be Russian governmental malware and on Windows is highly-sophisticated. It was even seen infecting Linux systems in 2014. Now, it appears to have been ported to Mac.Categories: MacThreat analysisTags: Adobe Flash PlayerApplemacMac TrojanmalwareSnaketrojanTurlaUroburos [...] --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2017/05/snake-malware-ported-… *** More Android phones than ever are covertly listening for inaudible sounds in ads *** --------------------------------------------- Your Android phone may be listening to ultrasonic ad beacons without your knowledge. --------------------------------------------- https://arstechnica.com/security/2017/05/theres-a-spike-in-android-apps-tha… *** DFN-CERT-2017-0790: LibreSSL : Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0790/ *** Linux kernel vulnerability CVE-2017-7308 *** --------------------------------------------- Linux kernel vulnerability CVE-2017-7308. Security Advisory. Security Advisory Description. The packet_set_ring function ... --------------------------------------------- https://support.f5.com/csp/article/K82224417 *** Apache Tomcat vulnerability CVE-2017-5647 *** --------------------------------------------- Apache Tomcat vulnerability CVE-2017-5647. Security Advisory. Security Advisory Description. A bug in the handling of ... --------------------------------------------- https://support.f5.com/csp/article/K49000195 *** Hikvision Cameras *** --------------------------------------------- This advisory contains mitigation details for use of improper authentication and password in configuration file vulnerabilities in Hikvision's cameras. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 *** Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras *** --------------------------------------------- This advisory contains mitigation details for use of password hash instead of password for authentication and password in configuration file vulnerabilities in Dahua Technology Co., Ltd digital video recorders and IP cameras. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02 *** Advantech WebAccess *** --------------------------------------------- This advisory contains mitigation details for an absolute path traversal vulnerability in Advantech's WebAccess. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-03 *** Rockwell Automation ControlLogix 5580 and CompactLogix 5380 *** --------------------------------------------- This advisory was originally posted to the NCCIC Portal on April 4, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for use a resource exhaustion vulnerability in Rockwell Automations ControlLogix 5580 and CompactLogix 5380. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-094-05 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in bind affects SmartCloud Entry (CVE-2016-9147) *** http://www.ibm.com/support/docview.wss?uid=isg3T1025133 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in memcached affects SmartCloud Entry (CVE-2016-8704, CVE-2016-8705) *** http://www.ibm.com/support/docview.wss?uid=isg3T1025081 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One - Algo Risk Application (CVE-2016-8745) *** http://www.ibm.com/support/docview.wss?uid=swg22000781 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities affect IBM Rational Quality Manager and IBM Rational Team Concert with potential for security attacks *** http://www.ibm.com/support/docview.wss?uid=swg22002429 --------------------------------------------- *** IBM Security Bulletin: Cross Site Scripting (XSS) vulnerability affects Cognos Analytics *** https://www-01.ibm.com/support/docview.wss?uid=swg21999791 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in Net-SNMP affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-5621) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000624 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 4-05-2017
by Daily end-of-shift report 04 May '17

04 May '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-05-2017 18:00 − Donnerstag 04-05-2017 18:00 Handler: Olaf Schwarz Co-Handler: Petr Sikuta Co-Handler: Robert Waldner *** Researcher: "Baseless Assumptions" Exist About Intel AMT Vulnerability *** --------------------------------------------- Embedi, which is behind the Intel AMT vulnerability revealed Monday, seeks to clarify "baseless assumptions" being made about the flaw. --------------------------------------------- http://threatpost.com/researcher-baseless-assumptions-exist-about-intel-amt… *** Intel-ME-Sicherheitslücke: Erste Produktliste, noch keine Updates *** --------------------------------------------- Zu der am 1. Mai von Intel gemeldeten Sicherheitslücke in der Management Engine (ME) gibt es einige neue Informationen, aber noch keine Updates. --------------------------------------------- https://heise.de/-3703356 *** WordPress 4.6 Unauthenticated Remote Code Execution (RCE) PoC Exploit *** --------------------------------------------- This advisory reveals details of exploitation of the PHPMailer vulnerability (CVE-2016-10033) in WordPress Core which (contrary to what was believed and announced by WordPress security team) was affected by the vulnerability. --------------------------------------------- https://cxsecurity.com/issue/WLB-2017050014 *** Kazuar: Multiplatform Espionage Backdoor with API Access *** --------------------------------------------- Unit 42 researchers have uncovered Kazuar, a backdoor Trojan used in an espionage campaign.The post Kazuar: Multiplatform Espionage Backdoor with API Access appeared first on Palo Alto Networks Blog. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatf… *** A set of tutorials about code injection for Windows. *** --------------------------------------------- Injectopi is a set of tutorials that Ive decided to write down in order to learn about various injection techniques in the Windows environment. --------------------------------------------- https://github.com/peperunas/injectopi *** Master-Fingerabdruck: Forscher können fast alle Smartphones entsperren *** --------------------------------------------- Mithilfe von Maschinenlernen Trefferquote von 65 Prozent erreicht - Aktuelle Scanner zu niedrig aufgelöst --------------------------------------------- http://derstandard.at/2000056971421 *** Checker ATM Security: Sicherheitslücke ermöglicht Übernahme von Geldautomaten *** --------------------------------------------- Eine Sicherheitslücke in einer Sicherheitslösung für Geldautomaten konnte von Angreifern ausgenutzt werden, um illegal Geld auszuzahlen. Der Hersteller beschwichtigt und hat einen Patch bereitgestellt. --------------------------------------------- https://www.golem.de/news/checker-atm-security-sicherheitsluecke-ermoeglich… *** DFN-CERT-2017-0775/">LibTIFF: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- Mehrere Schwachstellen in LibTIFF ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes, die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe und das Ausspähen von Informationen mit Hilfe speziell präparierter Bilddateien. Betroffene Plattformen Debian Linux 8.7 Jessie Debian Linux 9.0 Stretch --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0775/ *** USB-Sticks: IBM liefert Installationsmedien mit Malware aus *** --------------------------------------------- Vom USB-Stick auf das Betriebssystem: Eine Schadsoftware verteilt sich von IBM-Produkten selbstständig. Betroffen sind die mitgelieferten Sticks mehrerer Storwize-Geräte. IBM rät, den USB-Stick zu formatieren oder gleich zu zerstören. --------------------------------------------- https://www.golem.de/news/usb-sticks-ibm-liefert-installationsmedien-mit-ma… *** Cisco Security Advisories *** --------------------------------------------- *** Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XR Software Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Wide Area Application Services SMART-SSL Accelerator Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco TelePresence ICMP Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco CallManager Express Unauthorized Access Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM QRadar Network Security XGS 7100 appliance (CVE-2016-8106) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002624 --------------------------------------------- *** IBM Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM Security Network Protection XGS 7100 appliance (CVE-2016-8106) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002507 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2017-5638) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001731 --------------------------------------------- *** IBM Security Bulletin: Potential security vulnerability in WebSphere Application Server Administrative Console (CVE-2017-1137) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998469 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications *** http://www.ibm.com/support/docview.wss?uid=swg22002517 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Network Controller (CVE-2016-7055) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002309 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Network Active Bypass (CVE-2016-7055) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002310 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSource ICU4C may affect IBM Streams (CVE-2016-6293, CVE-2016-7415) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002225 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-6153 ) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996590 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the BigFix Platform (CVE-2016-2177 CVE-2016-6304 CVE-2016-6305 CVE-2016-2182 CVE-2016-6306 CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002870 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 3-05-2017
by Daily end-of-shift report 03 May '17

03 May '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-05-2017 18:00 − Mittwoch 03-05-2017 18:00 Handler: Olaf Schwarz Co-Handler: Petr Sikuta Co-Handler: Stephan Richter *** Malware Hunter - Shodans new tool to find Malware C&C Servers *** --------------------------------------------- Rapidly growing, insecure internet-connected devices are becoming albatross around the necks of individuals and organizations with malware authors routinely hacking them to form botnets that can be further used as weapons in DDoS and other cyber attacks. But now finding malicious servers, hosted by attackers, that control botnet of infected machines gets a bit easier. Thanks to Shodan and [...] --------------------------------------------- https://thehackernews.com/2017/05/shodan-malware-hunter.html *** Disambiguate "Zero-Day" Before Considering Countermeasures *** --------------------------------------------- "Zero-day" is the all-powerful boogieman of the information security industry. Too many of us invoke it when discussing scary threats against which we feel powerless. We need to define and disambiguate this term before attempting to determine whether we've accounted for the associated threats when designing security programs. Avoid Zero-Day Confusion I've seen "zero-day" used to describe two related, but independent concepts. First,... Read more --------------------------------------------- https://zeltser.com/zero-day-terminology/ *** Outlook Forms and Shells *** --------------------------------------------- I set out to try and find another way to get a shell through Outlook, in the case of us having valid credentials[...] Fortunately for us, Outlook has a massive attack surface and provides several other interesting automation features. One of these is Outlook Forms. --------------------------------------------- https://sensepost.com/blog/2017/outlook-forms-and-shells/ *** Compromising Industrial Robots: The Fallacy of Industrial Routers in the Industry 4.0 Ecosystem *** --------------------------------------------- The increased connectivity of computer and robot systems in the industry 4.0. ecosystem, is, and will be exposing robots to cyber attacks in the future. Indeed, industrial robots - originally conceived to be isolated - have evolved, and are now exposed to corporate networks and the internet.While this provides synergy effects and higher efficiency in production, the security posture is not on par. In our latest report Rogue Robots: Testing the Limits of an Industrial Robot's [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6F0kroJASMA/ *** Steps to Stronger Passwords *** --------------------------------------------- A journey of password The utilization of passwords is known to be old. Sentries would challenge those wishing to enter a territory or moving toward it to supply a secret word, and would just enable a man or gathering to pass if they knew the secret key. In present day times, username and passwords are [...] --------------------------------------------- http://resources.infosecinstitute.com/steps-make-stronger-passwords/ *** Deutsche Bankkonten über UMTS-Sicherheitslücken ausgeräumt *** --------------------------------------------- Kriminelle Hacker haben Konten von deutschen Bankkunden über Sicherheitslücken im Mobilfunknetz ausgeräumt, die seit Jahren bekannt sind. Eigentlich wollten die Provider schon 2014 entsprechende Gegenmaßnahmen ergreifen. --------------------------------------------- https://heise.de/-3702194 *** Diskurs|Digital - Einblicke in gelebte Partizipation *** --------------------------------------------- May 23, 2017 - 6:00 pm - 8:00 pm SBA Research Favoritenstraße 16 1040 Wien --------------------------------------------- https://www.sba-research.org/events/diskursdigital-einblicke-in-gelebte-par… *** Linuxwochen gastieren wieder in Wien *** --------------------------------------------- Sowohl technische als auch netzpolitische Vorträge - Von Open Source bis Softwarepatenten --------------------------------------------- http://derstandard.at/2000056925982 *** DFN-CERT-2017-0755: Intel Active Management Technology (AMT), Intel Small Business Technology (SBT), Intel Standard Manageability (ISM): Eine Schwachstelle ermöglicht die komplette Systemübernahme *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0755/ *** Android Security Bulletin—May 2017 *** --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air (OTA) update. The Google device firmware images have also been released to the Google Developer site. Security patch levels of May 05, 2017 or later address all of these issues. Refer to the Pixel and Nexus update schedule to learn how to check a device's security patch level. --------------------------------------------- https://source.android.com/security/bulletin/2017-05-01 *** Schneider Electric Wonderware Historian Client *** --------------------------------------------- This advisory contains mitigation details for an improper XML parser configuration vulnerability in Schneider Electric's Wonderware Historian Client. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01 *** CyberVision Kaa IoT Platform *** --------------------------------------------- This advisory contains mitigation details for a code injection vulnerability in CyberVision's Kaa IoT Platform. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-122-02 *** Advantech B+B SmartWorx MESR901 *** --------------------------------------------- This advisory contains mitigation details for a use of client-side authentication vulnerability in the Advantech B+B SmartWorx MESR901 Modbus gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Open Redirect Vulnerability in IBM WebSphere Portal (CVE-2017-1156) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000153 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Identity Governance (CVE-2016-8610 CVE-2017-3731) *** http://www.ibm.com/support/docview.wss?uid=swg22002387 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM JAVA Runtime affect AppScan Source (CVE-2016-5547 CVE-2016-2183) *** http://www.ibm.com/support/docview.wss?uid=swg22002633 --------------------------------------------- *** IBM Security Bulletin: A Vulnerability in IBM Java SDK affects IBM Streams (CVE-2016-5597) *** http://www.ibm.com/support/docview.wss?uid=swg22002189 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker and IBM Integration Bus *** http://www.ibm.com/support/docview.wss?uid=swg22002242 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Open Source openSSL affect IBM Security Identity Governance Appliance *** http://www.ibm.com/support/docview.wss?uid=swg22002397 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Composite Application Manager for Transactions *** http://www-01.ibm.com/support/docview.wss?uid=swg22002374 --------------------------------------------- *** IBM Security Bulletin: Privilege escalation vulnerability affects IBM DB2 LUW (CVE-2017-1134) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002573 --------------------------------------------- *** IBM Security Bulletin: Cross Site Scripting vulnerability in IBM Marketing Platform (CVE-2016-0255) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001950 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 2-05-2017
by Daily end-of-shift report 02 May '17

02 May '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 28-04-2017 18:00 − Dienstag 02-05-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Exploiting .NET Managed DCOM *** --------------------------------------------- Posted by James Forshaw, Project ZeroOne of the more interesting classes of security vulnerabilities are those affecting interoperability technology. This is because these vulnerabilities typically affect any application using the technology, regardless of what the application actually does. Also in many cases they’re difficult .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/04/exploiting-net-managed-dcom.h… *** 2017 Verizon DBIR: Sex Sells, But the Basics Get It Done *** --------------------------------------------- This year’s Verizon Data Breach Investigations Report has been published, and as with its prior nine incarnations, the report is .. --------------------------------------------- https://www.beyondtrust.com/blog/2017-verizon-dbir-sex-sells-basics-get-don… *** DSA-3838 ghostscript - security update *** --------------------------------------------- Several vulnerabilities were discovered in Ghostscript, the GPLPostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-3838 *** 7 Reasons Why IoT Hacks Will Keep Happening *** --------------------------------------------- Hacks happen almost on a daily basis, if not every minute of every day. In fact, some say that .. --------------------------------------------- https://safeandsavvy.f-secure.com/2017/04/28/7-reasons-why-iot-device-hacks… *** DSA-3839 freetype - security update *** --------------------------------------------- Several vulnerabilities were discovered in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2017/dsa-3839 *** Forschern gelingt Autohack für 20 Euro *** --------------------------------------------- Billige Gadgets kopieren Entsperrsignal des Schlüssels – immer noch viele Autos betroffen --------------------------------------------- http://derstandard.at/2000056487404 *** Orange is the new Black: Hacker leaken Staffel 5 *** --------------------------------------------- Laut den Hackern ist dies nur der Vorgeschmack. Sie drohen damit weitere Filme und Serien zu veröffentlichen, die offiziell erst in Monaten erscheinen. --------------------------------------------- https://futurezone.at/digital-life/orange-is-the-new-black-hacker-leaken-st… *** "Dok": Neue Mac-Malware spioniert Browser aus *** --------------------------------------------- Kann gesamte Browser-Kommunikation belauschen – derzeit vor allem europäische User im Visier --------------------------------------------- http://derstandard.at/2000056812916 *** Carbanak Continues To Evolve: Quietly Creeping into Remote Hosts *** --------------------------------------------- Introduction I recently engaged in an investigation involving two new Carbanak campaigns targeting the hospitality .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Carbanak-Continues-To-E… *** Intels remote AMT vulnerablity *** --------------------------------------------- Intel just announced a vulnerability in their Active Management Technology stack. Heres what we know so far.Background Intel chipsets for some years have included a Management Engine, a small microprocessor that runs independently of the main CPU and operating .. --------------------------------------------- http://mjg59.dreamwidth.org/48429.html *** IBM Warns Customers That Some of Its USB Flash Drives May Contain Malware *** --------------------------------------------- IBM has issued a security alert last week, warning customers that some USB flash drives shipped with IBM Storwize products may contain malicious code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ibm-warns-customers-that-som… *** Sicherheitsupdates: Jenkins vielfältig angreifbar *** --------------------------------------------- Unter gewissen Voraussetzungen könnten Angreifer sich höhere Rechte erschleichen oder sogar Schadcode ausführen. --------------------------------------------- https://heise.de/-3700838 *** Spam and phishing in Q1 2017 *** --------------------------------------------- Although the beginning of Q1 2017 was marked by a decline in the amount of spam in overall global email traffic, in March the situation became more stable, and the average share of .. --------------------------------------------- http://securelist.com/analysis/quarterly-spam-reports/78221/spam-and-phishi… *** Cerber Version 6 Shows How Far the Ransomware Has Come (and How Far it’ll Go) *** --------------------------------------------- Cerber set itself apart from other file-encrypting malware when its developers commoditized the malware, adopting a business model where fellow cybercriminals can buy the ransomware as a service. The developers earn through commissions—as much as 40%—for every .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomwar… *** New Shodan Tool Can Find Malware Command and Control (C&C) Servers *** --------------------------------------------- Shodan and Recorded Future have launched today a search engine for discovering malware command-and-control (C&C) servers. Named Malware Hunter, this new tool is integrated into .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-shodan-tool-can-find-mal… *** Security Scoring and Grading for Containers and Images *** --------------------------------------------- We have just rolled out an update to the interface of the Red Hat Container Catalog that helps provide the answer to the question of whether or not a particular container image we provide .. --------------------------------------------- https://access.redhat.com/blogs/product-security/posts/container-security-s… *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security issues have been identified within Citrix XenServer. These issues could, if exploited, allow a malicious .. --------------------------------------------- https://support.citrix.com/article/CTX223291

1 0

Tageszusammenfassung - Freitag 28-04-2017
by Daily end-of-shift report 28 Apr '17

28 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-04-2017 18:00 − Freitag 28-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** GE Multilin SR Protective Relays *** --------------------------------------------- This advisory contains mitigation details for a weak cryptography for passwords vulnerability in GEs Multilin SR protective relays. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01 *** Chrome to Mark More HTTP Pages ‘Not Secure’ *** --------------------------------------------- Starting with Chrome 62, Google will start marking any HTTP page where users may enter data, .. --------------------------------------------- http://threatpost.com/chrome-to-mark-more-http-pages-not-secure/125255/ *** Russian-controlled telecom hijacks financial services’ Internet traffic *** --------------------------------------------- Visa, MasterCard, and Symantec among dozens affected by "suspicious" BGP mishap. --------------------------------------------- https://arstechnica.com/security/2017/04/russian-controlled-telecom-hijacks… *** DSA-3836 weechat - security update *** --------------------------------------------- It was discovered that weechat, a fast and light chat client, is proneto a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC. --------------------------------------------- https://www.debian.org/security/2017/dsa-3836 *** DSA-3837 libreoffice - security update *** --------------------------------------------- It was discovered that a buffer overflow in processing Windows Metafiles may result in denial of service or the execution of arbitrary code if a malformed document is opened. --------------------------------------------- https://www.debian.org/security/2017/dsa-3837 *** New MacOS Malware, Signed With Legit Apple ID, Found Spying On HTTPS Traffic *** --------------------------------------------- Many people believe that they are much less likely to be bothered by malware if they use a Mac computer, but is it really true? Unfortunately, No. According to the McAfee Labs, malware attacks on Apples Mac computers were up 744% in 2016, and its researchers .. --------------------------------------------- https://thehackernews.com/2017/04/apple-mac-malware.html *** Http 81 Botnet: the Comparison against MIRAI and New Findings *** --------------------------------------------- OverviewIn our previous blog, we introduced a new IoT botnet spreading over http 81. We will name it in this blog the http81 IoT botnet, while some anti-virus software name it Persirai, and some .. --------------------------------------------- http://blog.netlab.360.com/http-81-botnet-the-comparison-against-mirai-and-… *** Facebook und Google überwiesen Betrüger 100 Millionen Dollar *** --------------------------------------------- Litauer gab sich als Vertreter von Hardware-Zulieferer aus, Beträge zu großem Teil zurückgeholt --------------------------------------------- http://derstandard.at/2000056723656

1 0

Tageszusammenfassung - Donnerstag 27-04-2017
by Daily end-of-shift report 27 Apr '17

27 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 26-04-2017 18:00 − Donnerstag 27-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Picture this: Senate staffers’ ID cards have photo of smart chip, no security *** --------------------------------------------- https://arstechnica.com/information-technology/2017/04/picture-this-senate-… *** FIRST TC Amsterdam 2017 Wrap-Up *** --------------------------------------------- Here is my quick wrap-up of the FIRST Technical Colloquium hosted by Cisco in Amsterdam. This is my first participation to a FIRST event. FIRST is .. --------------------------------------------- https://blog.rootshell.be/2017/04/26/first-tc-amsterdam-2017-wrap/ *** A vigilante is putting a huge amount of work into infecting IoT devices *** --------------------------------------------- https://arstechnica.com/security/2017/04/a-vigilante-is-putting-huge-amount… *** Homebrew crypto SNAFU on electrical grid sees GE rush patches *** --------------------------------------------- Boffins turned up hard-coded password in ancient controllers General Electric is pushing patches for protection .. --------------------------------------------- www.theregister.co.uk/2017/04/27/ge_rushing_patches_to_grid_systems_ahead_o… *** DSA-3835 python-django - security update *** --------------------------------------------- Several vulnerabilities were discovered in Django, a high-level Pythonweb development framework. The Common .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3835 *** Cyberkriminalität: So machen Sie Ihr Unternehmen sicher *** --------------------------------------------- Bei der Roadshow "IT-Sicherheit und Datenschutz" der WKÖ und des BMI im Rahmen von "Gemeinsam.Sicher mit .. --------------------------------------------- https://futurezone.at/b2b/cyberkriminalitaet-so-machen-sie-ihr-unternehmen-… *** Peace in our time! Symantec says it can end Google cert spat *** --------------------------------------------- Its basically a promise to do better and not mess things up Symantec is hoping to get its certificates back on Googles trust list. --------------------------------------------- www.theregister.co.uk/2017/04/27/symantec_ca_proposal_for_google/ *** Ransomware up. Breaches up. What do hackers want? Research, prototypes... all your secrets *** --------------------------------------------- Verizon super depressing reports in Cyberespionage and ransomware attacks are on the increase, according .. --------------------------------------------- www.theregister.co.uk/2017/04/27/verizon_breach_report/ *** nomx: The worlds most (in)secure communications protocol *** --------------------------------------------- I was recently invited to take part in some research by BBC Click, alongside Professor Alan Woodward, to analyse a device that had quite a lot of people all excited. With slick marketing, .. --------------------------------------------- https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protoco… *** APT Trends report, Q1 2017 *** --------------------------------------------- Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations in over 80 countries. During the first quarter of 2017, there were 33 private .. --------------------------------------------- http://securelist.com/analysis/quarterly-malware-reports/78169/apt-trends-r… *** StringBleed ist kein zweites Heartbleed *** --------------------------------------------- Es wird mal wieder eine benamste Schwachstellen-Kuh durch die IT-Security Community getrieben. Der Name soll offensichtlich an Heartbleed erinnern, aber soweit wir das jetzt einschätzen können, .. --------------------------------------------- http://www.cert.at/services/blog/20170427115946-1972.html *** Cracking APT28 traffic in a few seconds *** --------------------------------------------- Security experts from security firm Redsocks published an interesting report on how to crack APT28 traffic in a few seconds. Introduction APT28 is a hacking group involved in many recent cyber incidents. The most recent attack allegedly .. --------------------------------------------- http://securityaffairs.co/wordpress/58435/apt/cracking-apt28-traffic.html *** Windows 10: Microsoft liefert Updates auch außerhalb des Patchdays *** --------------------------------------------- Microsoft will Windows 10 nach dem Creators Update nun auch außerhalb des Patchdays mit Updates versorgen. Allerdings .. --------------------------------------------- https://heise.de/-3698302 *** Broadcom-Sicherheitslücken: Samsung schützt Nutzer nicht vor WLAN-Angriffe *** --------------------------------------------- Googles Project Zero hat kürzlich in Broadcom-Chips und -Treibern zahlreiche kritische Sicherheitslücken gefunden, mit denen sich Smartphones übernehmen lassen. Wir haben .. --------------------------------------------- https://www.golem.de/news/broadcom-sicherheitsluecken-samsung-schuetzt-nutz…

1 0

Tageszusammenfassung - Mittwoch 26-04-2017
by Daily end-of-shift report 26 Apr '17

26 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 25-04-2017 18:00 − Mittwoch 26-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** FortiOS XSS via srcintf during Firewall Policy Creation *** --------------------------------------------- An XSS vulnerability caused by the scrintf parameter input during Firewall Policy Creation can be exploited to load and run a remote (malicious) Javascript in a logged in browser. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-017 *** Analyzing Cyber Insurance Policies *** --------------------------------------------- Theres a really interesting new paper analyzing over 100 different cyber insurance policies. From the abstract:In this research paper, we seek to answer .. --------------------------------------------- https://www.schneier.com/blog/archives/2017/04/analyzing_cyber.html *** Kritische Lücken: VMware sichert Anwendungen gegenüber Schadcode ab *** --------------------------------------------- Sicherheitsupdates schließen mehrere Schwachstellen in verschiedenen VMware-Anwendungen zum Umgang mit virtuellen Maschinen und für den Fernzugriff. Davon sind alle Betriebssysteme betroffen. --------------------------------------------- https://heise.de/-3696740 *** BrickerBot vs Mirai: Malware-Wettstreit um Internetkameras und Co. *** --------------------------------------------- Neue Generationen von BrickerBot versuchen schlecht geschützte Geräte zu beschädigen, und entziehen so Mirai die Grundlage --------------------------------------------- http://derstandard.at/2000056608656 *** Terror EK going ‘pro’? Not quite yet *** --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/04/terror-ek-going-pro-not-qu… *** AIT beim Citizen Science Award 2017 *** --------------------------------------------- [...] Im Rahmen des Citizen Science Awards 2017 sind Schulklassen der Unter- und Oberstufe sowie Einzelpersonen eingeladen, aktiv an der Erarbeitung möglicher Strategien gegen Cyberattacken mitzuwirken und gemeinsam das digitale Minispiel „Phishing Wars“ weiterzuentwickeln. Anhand dieses Spiels wird trainiert, worauf es beim Erkennen von Phishing-Mails ankommt, um nicht Opfer von Cyberattacken zu werden. --------------------------------------------- http://science.apa.at/site/kultur_und_gesellschaft/detail.html?key=SCI_2017… *** If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again), (Wed, Apr 26th) *** --------------------------------------------- Setting up a Microsoft SQL server with a stupid simple password like sa for the sa user is hard. First of all, Microsoft implemented a default password policy .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22346

1 0

Tageszusammenfassung - Dienstag 25-04-2017
by Daily end-of-shift report 25 Apr '17

25 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 24-04-2017 18:00 − Dienstag 25-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Frankreich-Wahl: Russische Hacker sollen Macron ins Visier nehmen *** --------------------------------------------- Experten bringen Gruppe mit russischen Militärgeheimdienst in Verbindung --------------------------------------------- http://derstandard.at/2000056465269 *** The Backstory Behind Carder Kingpin Roman Seleznev’s Record 27 Year Prison Sentence *** --------------------------------------------- Roman Seleznev, a 32-year-old Russian cybercriminal and prolific credit card thief, was sentenced Friday to 27 years in federal prison. That is a record .. --------------------------------------------- https://krebsonsecurity.com/2017/04/the-backstory-behind-carder-kingpin-rom… *** Analysis of the Shadow Z118 PayPal phishing site, (Mon, Apr 24th) *** --------------------------------------------- [This is a guest post submitted by Remco Verhoef. Got something interesting to share? Please use our contact form to suggest your topic] Today I got lucky walking around within a phishing site and found some left-over .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22338 *** Alert: If youre running SquirrelMail, Sendmail... why? And oh yeah, remote code vuln found *** --------------------------------------------- This is nuts Security researchers have uncovered a critical security hole in SquirrelMail, the open-source webmail project. --------------------------------------------- www.theregister.co.uk/2017/04/24/squirrelmail_vuln/ *** AV provider Webroot melts down as update nukes hundreds of legit files *** --------------------------------------------- https://arstechnica.com/security/2017/04/av-provider-webroot-melts-down-as-… *** BrickerBot, the permanent denial-of-service botnet, is back with a vengeance *** --------------------------------------------- https://arstechnica.com/security/2017/04/brickerbot-the-permanent-denial-of… *** Western Digital My Cloud 2.21.126 Authentication Bypass *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2017040164 *** Bis zu 100.000 Rechner mit geleakter NSA-Malware infiziert *** --------------------------------------------- Sicherheitsforscher finden "Doublepulsar" auf zigtausenden Maschinen, darunter auch Rechner in Österreich --------------------------------------------- http://derstandard.at/2000056481284 *** Angreifer könnten Drupal-Webseiten ausspionieren *** --------------------------------------------- Im Versionsstrang 8.x klafft eine als kritisch eingestufte Sicherheitslücke. Abgesicherte Versionen schließen die Schwachstelle. --------------------------------------------- https://heise.de/-3693082 *** Doskozil: Bundesheer soll Gegner im Cyberwar auch angreifen *** --------------------------------------------- Minister: Angriffe sollen nicht nur abgewehrt werden – Wöchentlich fünf bis sechs ernste Attacken --------------------------------------------- http://derstandard.at/2000056452452 *** Sicherheitspatches in Sicht: Zehn Lücken gefährden Linksys-Router *** --------------------------------------------- Verschiedene Modelle der Smart-Wi-Fi-Serie von Linksys sind laut Sicherheitsforschern angreifbar. Unter gewissen Voraussetzungen sollen Angreifer Befehle auf Routern ausführen können. --------------------------------------------- https://heise.de/-3693136 *** New IoT Botnet Rises Feeding on Vulnerable Security Cameras *** --------------------------------------------- A new botnet is slowly building critical mass on the back of unsecured webcams and IP cameras, .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/new-iot-botnet-rises-feeding… *** Hard Target: Fileless Malware *** --------------------------------------------- Researchers say fileless in-memory malware attacks have become a major nuisance to businesses and have become even harder to detect and defend. --------------------------------------------- http://threatpost.com/hard-target-fileless-malware/125054/ *** DSA-3833 libav - security update *** --------------------------------------------- Several security issues have been corrected in multiple demuxers anddecoders of the libav multimedia library. A full list of the changes is available .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3833 *** Ashley Madison users blackmailed again *** --------------------------------------------- Criminals are still trying to shake down users of the Ashley Madison dating/cheating online service. As you might remember, the service was hacked in 2015, and the attackers .. --------------------------------------------- https://www.helpnetsecurity.com/2017/04/25/ashley-madison-blackmail/ *** SAP NetWeaver durch Lücken gefährdet *** --------------------------------------------- In verschiedenen Komponenten der NetWeaver-Plattform klaffen Sicherheitslücken. Sicherheitsforschern zufolge könnten Angreifer über die Schlupflöcher unter anderem an Log-in-Daten kommen. --------------------------------------------- https://heise.de/-3693658 *** Security Bulletin Posted for ColdFusion (APSB17-14) *** --------------------------------------------- Adobe has published a Security Bulletin (APSB17-14) announcing the availability of hotfixes for ColdFusion versions 2016, 11 and 10. These hotfixes resolve an input validation .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1460 *** Hackers uncork experimental Linux-targeting malware *** --------------------------------------------- SSH... its Shishiga Hackers have unleashed a new malware strain that targets Linux-based systems. --------------------------------------------- www.theregister.co.uk/2017/04/25/linux_malware/ *** [2017-04-25] Portrait Display SDK Service privilege escalation *** --------------------------------------------- The Portrait Display SDK Service (PdiService.exe) configuration was found to be writable for every authenticated user in a default installation. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** [20170402] - Core - XSS Vulnerability *** --------------------------------------------- https://developer.joomla.org/security-centre/684-20170402-core-xss-vulnerab… *** [20170403] - Core - XSS Vulnerability *** --------------------------------------------- https://developer.joomla.org/security-centre/685-20170403-core-xss-vulnerab… *** [20170404] - Core - XSS Vulnerability *** --------------------------------------------- https://developer.joomla.org/security-centre/686-20170404-core-xss-vulnerab… *** [20170405] - Core - XSS Vulnerability *** --------------------------------------------- https://developer.joomla.org/security-centre/687-20170405-core-xss-vulnerab…

1 0

Tageszusammenfassung - Montag 24-04-2017
by Daily end-of-shift report 24 Apr '17

24 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-04-2017 18:00 − Montag 24-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Eingebauter Node.js-Server: Per Nvidia-Treiber lassen sich Schädlinge einschleusen *** --------------------------------------------- Nvidia-Treiber enthalten einen Node.js-Server - keine gute Idee: Damit lassen sich Sicherungsmechanismen wie Application Whitelisting umgehen. --------------------------------------------- https://heise.de/-3691119 *** OWASP Top 10: Die zehn wichtigsten Sicherheitsrisiken bekommen ein Update *** --------------------------------------------- Risiken durch Injections, Fehler beim Session Management und XSS bleiben weiterhin hoch. Im vorliegenden Entwurf finden sich neben bekannten Sicherheitslücken .. --------------------------------------------- https://www.golem.de/news/owasp-top-10-die-zehn-wichtigsten-sicherheitsrisi… *** SquirrelMail < 1.4.22 - Remote Code Execution *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2017040157 *** Shellcode Analysis- Basics *** --------------------------------------------- In this article, we will look at how what shellcode is, what is its purpose and various shellcode patterns, etc. Please note that this article will not cover how a shellcode is .. --------------------------------------------- http://resources.infosecinstitute.com/shellcode-analysis-basics/ *** FIN7 Evolution and the Phishing LNK *** --------------------------------------------- FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, .. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html *** Amazon: Phishing-Kampagne ködert mit Datenschutzgrundverordnung *** --------------------------------------------- Angebliche von Amazon versendete Mails sind derzeit häufig im E-Mail-Postfach zu finden. Nach gefälschten Umsatzsteuerrechnungen gibt es neuerdings eine Phishing-Kampagne, die .. --------------------------------------------- https://www.golem.de/news/amazon-phishing-kampagne-koedert-mit-datenschutzg… *** Sicherheitsupdate: Angreifer könnten Inhalte von Confluence-Wikis einsehen *** --------------------------------------------- Wer Confluence einsetzt, sollte eine der ab sofort verfügbaren abgesicherte Version installieren. --------------------------------------------- https://heise.de/-3692816

1 0

Tageszusammenfassung - Freitag 21-04-2017
by Daily end-of-shift report 21 Apr '17

21 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-04-2017 18:00 − Freitag 21-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** 20 Linksys Router Models Vulnerable To Attack *** --------------------------------------------- Researchers say more than 100,000 Linksys routers in use today could be vulnerable to 10 flaws found in 20 separate router models made by the company. --------------------------------------------- http://threatpost.com/20-linksys-router-models-vulnerable-to-attack/125085/ *** The History of Fileless Malware - Looking Beyond the Buzzword *** --------------------------------------------- What's the deal with "fileless malware"? Though many security professionals cringe when they hear this term, lots of articles and product brochures mention fileless malware in the context of threats that are difficult to resist and investigate. Below is my attempt to look beyond the buzzword, tracing the origins of this term and outlining the malware samples that influenced how we use... Read more --------------------------------------------- https://zeltser.com/fileless-malware-beyond-buzzword/ *** Archive.org Abused to Deliver Phishing Pages *** --------------------------------------------- The Internet Archive is a well-known website and more precisely for its "WaybackMachine" service. It allows you to search for and display old versions of websites. The current Alexa ranking is 262 which makes it a "popular and trusted" website. Indeed, like I explained in a recent SANS ISC diary, whitelists [...] --------------------------------------------- https://blog.rootshell.be/2017/04/20/archive-org-abused-deliver-phishing-pa… *** Analysis of a Maldoc with Multiple Layers of Obfuscation, (Fri, Apr 21st) *** --------------------------------------------- Thanks to our readers, we get often interesting samples to analyze. This time, Frederick sent us a malicious Microsoft Word document called Invoice_6083.doc (which was delivered in a zip archive). I had a quick look [...] --------------------------------------------- https://isc.sans.edu/diary/Analysis+of+a+Maldoc+with+Multiple+Layers+of+Obf… *** TLS-Interception: Sophos-Firewall wird von Chrome-Änderung überrascht *** --------------------------------------------- Nutzer, die den Chrome-Browser hinter einer Firewall von Sophos nutzen, sehen zur Zeit nur Zertifikatswarnungen. Die neue Chrome-Version ignoriert den sogenannten CommonName, der schon seit 17 Jahren als veraltet gilt. (Sophos, Browser) --------------------------------------------- https://www.golem.de/news/tls-interception-sophos-firewall-wurd-von-chrome-… *** Domain Fronting *** --------------------------------------------- In this article, we are going to learn about a very interesting and powerful technique known as Domain Fronting which is a circumvention technique based on HTTPS that hides the true destination from the censor. What is Domain Fronting? Domain fronting is a technique to circumvent the censorship employed for certain domains(censorship may be for [...] --------------------------------------------- http://resources.infosecinstitute.com/domain-fronting/ *** Top-ranked programming Web tutorials introduce vulnerabilities into software *** --------------------------------------------- Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials. The process The researchers identified popular tutorials by inputing search terms such as "mysql tutorial", [...] --------------------------------------------- https://www.helpnetsecurity.com/2017/04/21/programming-tutorials-vulnerabil… *** Security vulnerability in unmaintained Drupal contrib module puts 120000 sites at risk *** --------------------------------------------- [...] The module is currently used by over 120 000 individual Drupal installations, but is no longer maintained. The last update was done in February 2013. Unfortunately a critical security vulnerability in this references module has been reported by the Drupal core security team as SA-CONTRIB-2017-38: [...] --------------------------------------------- http://drupal.sh/vulnerable-drupal-contrib-module-puts-120000-sites-at-risk *** References - Unsupported - SA-CONTRIB-2017-38 *** --------------------------------------------- [...] Updates: 2017-04-18 -- This issue has been resolved with the release of references 7.x-2.2 --------------------------------------------- https://www.drupal.org/node/2869138 *** cURL/libcurl TLS Session Resumption Client Certificate Bug Lets Remote Users Bypass Security Restrictions on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1038341 *** SSHD vulnerability CVE-2017-6128 *** --------------------------------------------- https://support.f5.com/csp/article/K92140924 *** DFN-CERT-2017-0704: FreeType: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0704/ *** Security Advisory - Buffer Overflow vulnerability in the GaussDB *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170420-… *** Security updates available in Foxit Reader 8.3 and Foxit PhantomPDF 8.3 *** --------------------------------------------- Foxit has released Foxit Reader 8.3 and Foxit PhantomPDF 8.3, which address potential security and stability issues. --------------------------------------------- https://www.foxitsoftware.com/support/security-bulletins.php *** Vuln: Linux Kernel CVE-2017-7645 Multiple Denial of Service Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/97950 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274) *** http://www.ibm.com/support/docview.wss?uid=swg22002280 --------------------------------------------- *** IBM Security Bulletin: Plugin Uploads in IBM UrbanCode Deploy Vulnerable to XML Injection (CVE-2016-9007) *** http://www-01.ibm.com/support/docview.wss?uid=swg2C1000289 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM BigFix Remote Control. *** http://www-01.ibm.com/support/docview.wss?uid=swg22000544 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(CVE-2016-5556, CVE-2016-5597 and CVE-2016-5542) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996985 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerability in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2016-5597 CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000580 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM Marketing Software products suite (CVE-2014-3625) *** http://www.ibm.com/support/docview.wss?uid=swg22002110 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect InfoSphere Optim Performance Manager (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002204 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily