Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - Mittwoch 22-06-2016
by Daily end-of-shift report 22 Jun '16

22 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 21-06-2016 18:00 − Mittwoch 22-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Macro Malware Adds Tricks, Uses MaxMind to Avoid Detection *** --------------------------------------------- Macro malware continues to evolve and use new tricks to evade detection. This threat is responsible for downloading malicious Trojans such as Dridex and ransomware such as Locky. Recently McAfee Labs has encountered a new variant of macro .. --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/macro-malware-adds-tricks-uses-maxmind… *** Advantech WebAccess ActiveX Vulnerabilities *** --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 *** Schneider Electric PowerLogic PM8ECC Cross-site Scripting Vulnerability *** --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-173-02 *** DHL Packstation: Sicherheitslücke begünstigt Missbrauch der fast 3000 Paketautomaten *** --------------------------------------------- Durch eine Sicherheitslücke konnten Online-Ganoven unnötig leicht auf die Paketfächer der rund acht Millionen Packstation-Nutzer zugreifen. Als DHL das Problem bestritt, hat c't es selbst versucht. --------------------------------------------- http://heise.de/-3243343 *** Hacker, Bromium donate $30,000 in bug bounty cash to charity *** --------------------------------------------- Google hacker Tavis Ormandy and security firm Bromium have handed Amnesty International US$30,000 in bug bounty cash awarded after the former broke the latters security controls. --------------------------------------------- www.theregister.co.uk/2016/06/22/hacker_bromium_donate_30000_in_bug_bounty_… *** ENISA discusses cyber challenges of the digital transformation *** --------------------------------------------- https://www.enisa.europa.eu/news/executive-news/enisa-discusses-cyber-chall… *** DNS-Sicherheitslücke bei Apple: Weitere Plattformen betroffen *** --------------------------------------------- Neben den AirPort-Basisstationen sind auch iOS, OS X und watchOS von einer kritischen Lücke betroffen .. --------------------------------------------- http://heise.de/-3244645 *** E-Mail-Verschlüsselung: EU-Kommission hat Angst vor verschlüsseltem Spam *** --------------------------------------------- PGP ist sicher, aber in der Handhabung oft kompliziert, gerade in grossen Unternehmen. Die EU-Kommission will die Technik in einem Pilotprojekt für alle Mitarbeiter einführen. Eine Angst geht dabei um: die vor verschlüsselten Spammails. --------------------------------------------- http://www.golem.de/news/e-mail-verschluesselung-eu-kommission-hat-angst-vo… *** KSN Report: Ransomware from 2014-2016 *** --------------------------------------------- The number of users attacked with ransomware is huge. But how big is it? Ransomware seems to be a global threat. But maybe there are regions at a higher risk of danger? There seem to be a lot of ransomware malware groups. But what are the most widespread and dangerous? --------------------------------------------- http://securelist.com/analysis/publications/75145/pc-ransomware-in-2014-201… *** Microsofts entrauscht homomorphe Krypto-Library SEAL *** --------------------------------------------- Das Rechnen mit verschlüsselten Daten rückt heran. Durch einen Wechsel des zugrundeliegenden Krypto-Systems will Microsoft die homomorphe Verschlüsselung auf eine neue Stufe heben. --------------------------------------------- http://heise.de/-3243299 *** Exploiting Public Information for OSINT *** --------------------------------------------- Open source intelligence is an act of finding the information using publicly available sources; these sources could be anything, for instance; newspaper, business directories, annual reports, etc. And the scope of OSINT is not only limited to .. --------------------------------------------- http://resources.infosecinstitute.com/exploiting-public-information-for-osi… *** Online-Backup-Anbieter Carbonite fordert Nutzer zu Passwort-Reset auf *** --------------------------------------------- Wegen einer vermehrten Anzahl von unautorisierten Zugriffen auf Accounts sollten Nutzer des Online-Backup-Services Carbonite ihr Passwort zurücksetzen. --------------------------------------------- http://heise.de/-3245465 *** Return of Locky *** --------------------------------------------- There's been a lot of discussion recently of the Necurs botnet being quiet. Today, Necurs activity resumed, and a new Locky malspam campaign began! Let's look at it! --------------------------------------------- https://malcat.moe/?p=53 *** Interview with a Craigslist scammer *** --------------------------------------------- Ever wondered what motivates people who swindle others on Craigslist? Read on for a fascinating look into the mind of a small-time .. --------------------------------------------- http://www.infoworld.com/article/3086304/cyber-crime/interview-with-a-craig… *** 105.386 Österreicher von LinkedIn-Datenleck betroffen *** --------------------------------------------- In der Datenbank des Karriere-Netzwerks LinkedIn befanden sich insgesamt 15.386 österreichische Mail-Adressen und 76.344 Passwörter. --------------------------------------------- http://futurezone.at/digital-life/105-386-oesterreicher-von-linkedin-datenl… *** Vulnerability Spotlight: Pidgin Vulnerabilities *** --------------------------------------------- Pidgin is a universal chat client that is used on millions of systems worldwide. The Pidgin chat client enables you to communicate on multiple chat networks simultaneously. Talos has identified multiple vulnerabilities in the way Pidgin handles the MXit .. --------------------------------------------- http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html

1 0

Tageszusammenfassung - Dienstag 21-06-2016
by Daily end-of-shift report 21 Jun '16

21 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 20-06-2016 18:00 − Dienstag 21-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Exploiting Recursion in the Linux Kernel *** --------------------------------------------- On June 1st, I reported an arbitrary recursion bug in the Linux kernel that can be triggered by a local user on Ubuntu if the system was installed with home directory encryption support. If you want to see the crasher, the exploit .. --------------------------------- http://googleprojectzero.blogspot.com/2016/06/exploiting-recursion-in-linux… *** USN-3012-1: Wget vulnerability *** --------------------------------------------- Dawid Golunski discovered that Wget incorrectly handled filenames whenbeing redirected from an HTTP to an FTP URL. --------------------------------------------- http://www.ubuntu.com/usn/usn-3012-1/ *** USN-3011-1: HAProxy vulnerability *** --------------------------------------------- Falco Schmutz discovered that HAProxy incorrectly handled the reqdenyfilter. --------------------------------------------- http://www.ubuntu.com/usn/usn-3011-1/ *** Reverse-engineering DUBNIUM's Flash-targeting exploit *** --------------------------------------------- The DUBNIUM campaign in December involved one exploit in-the-wild that affected Adobe Flash Player. In this blog, we're going to examine the technical details of the exploit that targeted vulnerability CVE-2015-8651. For .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/06/20/reverse-engineering-dub… *** Cisco Integrated Services Routers OpenSSH TCP Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco 8800 Series IP Phone Directory Traversal Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Red Line Drawn: China Recalculates Its Use of Cyber Espionage *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2016/06/red-line-drawn-china-e… *** Hacker erbeuten Kunden-Daten aus Acers Online-Shop *** --------------------------------------------- Unbekannte Datendiebe haben offensichtlich den nordamerikanischen Online-Shop von Acer geentert und Daten von Kunden kopiert. Darunter könnten dem Hersteller zufolge auch Kreditkarten-Daten inklusive Sicherheitscodes sein. --------------------------------------------- http://heise.de/-3242703 *** Unbefugte schleichen sich in GoToMyPC-Konten *** --------------------------------------------- Aufgrund unbefugter Zugriffe auf Nutzer-Konten, hat der Anbieter der Fernwartungs-Software GoToMyPC die Passwörter .. --------------------------------------------- http://heise.de/-3242747 *** Phishing mit gestohlenem iPhone *** --------------------------------------------- Kriminelle stehlen iPhones. Nach rund einer Woche melden sie sich bei ihren Opfern mit einer vermeintlich echten SMS von Apple. In ihr ist davon die Rede, dass das .. --------------------------------------------- https://www.watchlist-internet.at/phishing/phishing-mit-gestohlenem-iphone/ *** Apple: Mysteriöse Lücke in Airport-Router gepatcht *** --------------------------------------------- Der Airport-Router und Time-Capsule von Apple haben offenbar Probleme mit bestimmten DNS-Anfragen. Die Sicherheitslücke wurde jetzt geschlossen, möglicherweise konnten Angreifer das Netzwerk der Nutzer kompromittieren. --------------------------------------------- http://www.golem.de/news/apple-mysterioese-luecke-in-airport-router-gepatch… *** Poorly crafted LogMeIn password reset email looks phishy, but isn't *** --------------------------------------------- LogMeIn has been sending out password reset emails to some of its customers, to prevent account hijacking fuelled by the recent spate of massive login credential leaks. Unfortunately, their own legitimate email .. --------------------------------------------- https://www.helpnetsecurity.com/2016/06/21/poorly-crafted-logmein-password-… *** Zwei-Faktor-Authentifizierung: Smartphone als zweiter Schlüssel fürs Google-Konto *** --------------------------------------------- Wer die Zwei-Faktor-Authentifizierung für sein Google-Konto nutzt, muss ab sofort neben seinem Passwort keine Codes mehr eingeben, sondern kann direkt sein Smartphone zur Anmeldung nutzen. --------------------------------------------- http://heise.de/-3243338 *** Flash: Mac OS X blockiert wieder alte Versionen *** --------------------------------------------- Apples Browser Safari unterstützt das Flash-Plug-in nur noch, wenn es auf dem aktuellen Stand ist. Adobe hatte vor wenigen Tagen kritische Schwachstellen geschlossen, darunter eine Zero-Day-Lücke. --------------------------------------------- http://heise.de/-3243340 *** Finding Browser Extensions To Hunt Evil! *** --------------------------------------------- Browser extensions, sometimes called plug-ins or add-ons, provide all types of wondrous functionality on top of the web browser, some of which may be actually wanted by the user! These little gems, however, have also proved valuable .. --------------------------------------------- https://labs.opendns.com/2016/06/16/finding-browser-extensions-find-evil/

1 0

Tageszusammenfassung - Montag 20-06-2016
by Daily end-of-shift report 20 Jun '16

20 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 17-06-2016 18:00 − Montag 20-06-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Locky, Dridex, and Angler among cybercrime groups to experience fall in activity *** --------------------------------------------- There has been a sudden drop off in activity relating to a number of major malware families in recent weeks. Dridex (W32.Cridex), Locky (Trojan.Cryptolocker.AF), the Angler exploit kit and Necurs (Backdoor.Necurs), are among the threats who appear affected by this development. --------------------------------------------- http://www.symantec.com/connect/blogs/locky-dridex-and-angler-among-cybercr… *** Erpressungs-Trojaner RAA kommt mit Passwort-Dieb im Huckepack daher *** --------------------------------------------- Der Computer-Schädling RAA soll nicht nur Daten als Geisel nehmen und ein Lösegeld verlangen, sondern auch einen Trojaner mitbringen, der Passwörter abgreift. --------------------------------------------- http://heise.de/-3242139 *** You Acer holes! PC maker leaks payment cards in e-store hack *** --------------------------------------------- Lost info includes names, addresses, numbers and security codes Acers insecure customer database spilled peoples personal information - including full payment card numbers - into hackers hands for more than a year. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/06/17/what_a_pain… *** New Ransomware Written Entirely In JavaScript *** --------------------------------------------- An anonymous reader writes: Security researchers have discovered a new form of ransomware written entirely in JavaScript and using the CryptoJS library to encode a users files. Researchers say the file is being distributed through email attachments, according to SC Magazine, which reports that "Opening the attachment kicks off a series of steps that not only locks up the victims files, but also downloads some additional malware onto the target computer. ... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/MLUCGZ3AfdM/new-ransomware-… *** GoToMyPC remote desktop service resets all passwords in wake of attack *** --------------------------------------------- GoToMyPC, a remote computer administration service offered by Citrix, has forced a password reset for all customers in the wake of what they call a 'very sophisticated password attack.' Effective immediately, you will be required to reset your GoToMyPC password before you can login again, the company told customers via email on Sunday, and advised them to use their regular GoToMyPC login link to reset the password, or go through the 'Forgot Password' link --------------------------------------------- https://www.helpnetsecurity.com/2016/06/20/gotomypc-resets-passwords/ *** Understanding Critical Windows Artifacts and Their Relevance During Investigation-Part 1 *** --------------------------------------------- In this article, we will learn about critical Windows artifacts, what they mean, where they are located in the system, what can be inferred from them and how can they help in actual during the investigation. This will be a series of articles and in Part 1, we will learn about the NTFS timestamps which ... --------------------------------------------- http://resources.infosecinstitute.com/understanding-critical-windows-artifa… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL and a vulnerability in GNU glibc affect IBM Security Proventia Network Enterprise Scanner *** http://www-01.ibm.com/support/docview.wss?uid=swg21984794 --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2016-0399) *** http://www-01.ibm.com/support/docview.wss?uid=swg21984134 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2016-0341) *** http://www-01.ibm.com/support/docview.wss?uid=swg21985111 --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco IOS XE Software SNMP Subsystem Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco cBR-8 Series Converged Broadband Router SNMP Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 17-06-2016
by Daily end-of-shift report 17 Jun '16

17 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 16-06-2016 18:00 − Freitag 17-06-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** SAP patches three-year-old vulnerability, plus 20 more flaws *** --------------------------------------------- SAP this week patched 21 product vulnerabilities, including an information disclosure flaw that was originally disclosed more than three years ago. --------------------------------------------- http://www.scmagazine.com/sap-patches-three-year-old-vulnerability-plus-20-… *** X86 Shellcode Obfuscation - Part 3 *** --------------------------------------------- Last time, Ive added obfuscation support for most common x86 instructions, which allowed to process the obfuscation output several times in order to get even better results. The obfuscated code output now, while being pretty well obfuscated, still is pretty easy to navigate as the execution flow is not changed. I will fix it this episode as I explain methods of implementing full blown execution flow obfuscation by injecting dozens of jumps to make the code output unrecognizable. --------------------------------------------- https://breakdev.org/x86-shellcode-obfuscation-part-3/ *** ENISA: Free online tool for the notification of personal data breaches *** --------------------------------------------- The purpose of the tool is to allow data controllers to complete and submit online a personal data breach notification to the competent authority (DPA/NRA). The tool covers all types of personal data breaches and business sectors, whether public or private. Based on the input of the notification, the tool also provides to the competent authority an assessment of the severity of the breach. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/free-online-tool-for-the-notifi… *** GitHub: Anmeldeversuche mit auf anderen Sites gestohlenen Zugangsdaten *** --------------------------------------------- Das GitHub-Team hat zahlreiche Log-in-Versuche festgestellt, die teilweise erfolgreich waren. Offensichtlich haben Hacker versucht, sich mit auf anderen Sites gestohlenen Zugangsdaten anzumelden. --------------------------------------------- http://heise.de/-3240522 *** Kryptowährung: Einbrecher stehlen 56 Millionen US-Dollar in Ether - fast *** --------------------------------------------- Sicherheitslücke bei der Bitcoin-Alternative Ethereum: Angreifer konnten 3,5 Millionen Einheiten der Ether stehlen. Eine ungewöhnliche Maßnahme soll aber verhindern, dass das Geld auch wirklich ausgezahlt wird. --------------------------------------------- http://www.golem.de/news/kryptowaehrung-einbrecher-stehlen-56-millionen-us-… *** Security updates available for Adobe Flash Player (APSB16-18) and Adobe AIR (APSB16-23) *** --------------------------------------------- Adobe has published a Security Bulletin (APSB16-18) regarding security updates that address critical vulnerabilities in Adobe Flash Player. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1371 *** Bugtraq: [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player *** --------------------------------------------- http://www.securityfocus.com/archive/1/538699 *** Cisco Prime Network Registrar System Configuration Protocol Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Bugtraq: User enumeration in Skype for Business 2013 *** --------------------------------------------- http://www.securityfocus.com/archive/1/538697 *** Bugtraq: [SECURITY] [DSA 3604-1] drupal7 security update *** --------------------------------------------- http://www.securityfocus.com/archive/1/538696 *** Python urllib HTTP Header Injection *** --------------------------------------------- Topic: Python urllib HTTP Header Injection Risk: Low Text:Pythons built-in URL library ("urllib2" in 2.x and "urllib" in 3.x) is vulnerable to protocol stream injection attacks (a.k.a... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016060130 *** Solarwinds Virtualization Manager 6.3.1 Java Deserialization *** --------------------------------------------- Topic: Solarwinds Virtualization Manager 6.3.1 Java Deserialization Risk: High Text:Java Deserialization in Solarwinds Virtualization Manager 6.3.1 Product: Solarwinds Virtualization Manager Vendor: Solarwin... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016060126 *** Json2Html Cross Site Scripting *** --------------------------------------------- Topic: Json2Html Cross Site Scripting Risk: Low Text:# Exploit Title: Json2Html Javascript Library - Reflective/Persistant XSS # Date: 0 day # Exploit Author: David Silveiro # E... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016060123 *** Gemalto Sentinel License Manager 18.0.1 Directory Traversal *** --------------------------------------------- Topic: Gemalto Sentinel License Manager 18.0.1 Directory Traversal Risk: Medium Text:Gemalto Sentinel License Manager 18.0.1 Directory Traversal Vulnerability Vendor: Gemalto NV | SafeNet, Inc Product we... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016060121 *** Security Advisory - Insufficient Input Validation Vulnerability in the FusionInsight *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160617-… *** Moxa PT-7728 Series Switch Improper Authorization Vulnerability *** --------------------------------------------- This advisory contains mitigation details for an improper authorization vulnerability in Moxa's Industrial Ethernet Switch PT-7728 series. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-168-01 *** sol64505405: NTP vulnerability CVE-2016-4956 *** --------------------------------------------- This vulnerability can only be exposed if the ntp.conf file is manually edited to enable "broadcastclient" mode in network time protocol (NTP). --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/k/64/sol64505405.html *** sol14969: BIG-IP Edge and FirePass client information leakage vulnerability CVE-2013-6024 *** --------------------------------------------- The Edge Client components in F5 BIG-IP APM, BIG-IP Edge Gateway, and FirePass allow attackers to obtain sensitive information from process memory via unspecified vectors. (CVE-2013-6024) An attacker with sufficient local privileges on a client machine running Windows or Mac OS X may be able to gain access to a users APM password. Note: This vulnerability is limited to the BIG-IP Edge Client and FirePass legacy client for Windows and Mac OS X only; it does not impact the BIG-IP or FirePass host. --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/14000/900/sol14969.html *** sol82644737: NTP vulnerability CVE-2016-4954 *** --------------------------------------------- Impact: The NTP service may be disrupted. Security Issue Status: F5 Product Development has assigned ID 597023 (BIG-IP), ID 598184 (BIG-IQ), ID 598186 (Enterprise Manager), and LRS-60784 (LineRate) to this vulnerability. --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/k/82/sol82644737.html *** IBM Security Bulletin: Vulnerability identified in IBM Java SDK affect WebSphere Service Registry and Repository Studio (CVE-2016-3426) *** --------------------------------------------- A vulnerability in IBM SDK Java Technology Edition, Version 6 that is shipped with IBM WebSphere Service Registry and Repository Studio. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): CVE-2016-3426 Affected product(s) and affected version(s): WebSphere Service Registry and Repository Studio V8.5, V8.0, V7.5 and V7.0 are... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21985335 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) *** --------------------------------------------- OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors. IBM b-type SAN firmware has addressed the applicable CVEs. CVE(s): CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794 Affected product(s) and affected version(s): IBM b-type switches and directors running FOS versions prior to 7.4.1c are affected. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1006391

1 0

Tageszusammenfassung - Donnerstag 16-06-2016
by Daily end-of-shift report 16 Jun '16

16 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 15-06-2016 18:00 − Donnerstag 16-06-2016 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** Estonia - Cryptographic Algorithms Lifecycle Report 2016 published *** --------------------------------------------- Estonian Information System Authority (RIA) and Cybernetica have published the "Cryptographic Algorithms Lifecycle Report 2016". --------------------------------------------- https://www.enisa.europa.eu/about-enisa/structure-organization/national-lia… *** TLS Certificate Validation Vulnerability in Citrix iOS Receiver *** --------------------------------------------- A vulnerability has been identified in Citrix iOS Receiver that could result in TLS certificates being incorrectly validated. This vulnerability has been assigned the following CVE number: CVE-2016-5433: TLS Certificate Validation Vulnerability in Citrix iOS Receiver. This vulnerability affects all versions of Citrix iOS Receiver earlier than 7.0. This vulnerability does not affect Citrix Receivers on any other platforms. --------------------------------------------- http://support.citrix.com/article/CTX213998 *** Citrix XenServer Security Update for CVE-2016-5302 *** --------------------------------------------- A security vulnerability has been identified in XenServer 7.0 that may allow an attacker on the management network who is in possession of Active Directory credentials for an AD account that is not authorised to manage a XenServer host to compromise that host. The following vulnerability has been addressed: CVE-2016-5302 (Low): Incorrect host management AD authentication --------------------------------------------- http://support.citrix.com/article/CTX213549 *** Views - Less Critical - Access Bypass - SA-CONTRIB-2016-036 *** --------------------------------------------- Project: Views (third-party module) Version: 7.x Date: 2016-June-15 Security risk: 7/25 ( Less Critical) Vulnerability: Access bypass DescriptionAn access bypass vulnerability exists in the Views module, where users without the "View content count" permission can see the number of hits collected by the Statistics module for results in the view. --------------------------------------------- https://www.drupal.org/node/2749333 *** Trend Micro: Sicherheitsfirma findet trojanisierte Teamviewer-Versionen *** --------------------------------------------- Wurde Teamviewer gehackt oder nicht? In den vergangenen Wochen beschwerten sich Hunderte Nutzer über Kriminelle, die über Teamviewer Konten plünderten. Der Hersteller selbst verwies auf schlechte Passwörter - eine Sicherheitsfirma hat jetzt eine weitere Idee. --------------------------------------------- http://www.golem.de/news/trend-micro-sicherheitsfirma-findet-trojanisierte-… *** Deep Discovery Inspector vulnerable to remote code execution *** --------------------------------------------- Deep Discovery Inspector provided by Trend Micro Incorporated contains a remote code execution vulnerability. --------------------------------------------- http://jvn.jp/en/jp/JVN55428526/ *** Facebook Privacy & Security Guide: Everything You Need to Know [Updated] *** --------------------------------------------- Facebook grew in the past years to become the largest online social network in the world. It spread so much that even our parents, neighbors and distant relatives, even from remote areas of the country, now constantly use it. It's the place where everybody is active, from friends, family, work colleagues, old school friends to ... --------------------------------------------- https://heimdalsecurity.com/blog/facebook-security-privacy-guide/ *** Bugtraq: [security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information *** --------------------------------------------- [security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information --------------------------------------------- http://www.securityfocus.com/archive/1/538693 *** Bugtraq: [security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties *** --------------------------------------------- [security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties --------------------------------------------- http://www.securityfocus.com/archive/1/538692 *** Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-002 *** --------------------------------------------- Project: Drupal core Version: 7.x, 8.x Security risk: 11/25 ( Moderately Critical) Vulnerability: Access bypass, Multiple vulnerabilities Description Saving user accounts can sometimes grant the user all roles --------------------------------------------- https://www.drupal.org/SA-CORE-2016-002 *** Cisco Security Advisories *** --------------------------------------------- *** Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Cross-Site Request Forgery Vulnerability in IBM WebSphere Portal (CVE-2016-2901) *** http://www-01.ibm.com/support/docview.wss?uid=swg21983974 --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Application platform is vulnerable to a cross-site scripting attack. (CVE-2016-2883) *** http://www.ibm.com/support/docview.wss?uid=swg21985158 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in BeanShell affects IBM Leads (CVE-2016-2510) *** http://www.ibm.com/support/docview.wss?uid=swg21982167 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallAnywhere affects IBM InfoSphere Optim Performance Manager for DB2 on LUW and IBM InfoSphere Optim Configuration Manager on Windows Platform (CVE-2016-4560) *** http://www-01.ibm.com/support/docview.wss?uid=swg21984067 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager FastBack for Bare Machine Recovery (CVE-2016-2542) *** http://www.ibm.com/support/docview.wss?uid=swg21984184 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager FastBack (CVE-2016-2542) *** http://www.ibm.com/support/docview.wss?uid=swg21982809 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM Notes KeyView PDF Filters (CVE-2016-0301, CVE-2016-0278, CVE-2016-0279, CVE-2016-0277) *** http://www.ibm.com/support/docview.wss?uid=swg21982277 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 15-06-2016
by Daily end-of-shift report 15 Jun '16

15 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 14-06-2016 18:00 − Mittwoch 15-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Security Advisory posted for Adobe Flash Player (APSA16-03) *** --------------------------------------------- A Security Advisory (APSA16-03) has been published regarding a critical vulnerability (CVE-2016-4171) in Adobe Flash Player. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1367 *** Security Bulletins Posted *** --------------------------------------------- Adobe has published security bulletins for the Adobe DNG SDK (APSB16-19), Adobe Brackets (APSB16-20), Adobe Creative Cloud Desktop Application (APSB16-21) and ColdFusion (APSB16-22). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1361 *** MS16-JUN - Microsoft Security Bulletin Summary for June 2016 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS16-JUN *** DSA-3602 php5 - security update *** --------------------------------------------- Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development. --------------------------------------------- https://www.debian.org/security/2016/dsa-3602 *** Where's the Macro? Malware authors are now using OLE embedding to deliver malicious files *** --------------------------------------------- Recently, we've seen reports of malicious files that misuse the legitimate Office object linking and embedding (OLE) capability to trick users into enabling and downloading malicious content. Previously, we've seen macros used .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/06/14/wheres-the-macro-malwar… *** Mofang: A politically motivated information stealing adversary *** --------------------------------------------- Mofang is a threat actor that almost certainly operates out of China and is probably government-affiliated. It is highly likely that Mofang's targets are selected based on involvement with .. --------------------------------------------- https://blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-informati… *** Safari 10 blockiert Flash standardmäßig *** ---------------------------------------------- Ab Herbst gaukelt Apples Browser Webseiten in der Standardeinstellung vor, dass Plug-ins wie Flash, Silverlight oder Java gar nicht installiert seien. Der Schritt soll Strom sparen und für mehr Sicherheit sorgen. --------------------------------------------- http://heise.de/-3238170 *** VMSA-2016-0009 *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0009.html *** VMSA-2016-0005.4 *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0005.html *** VMSA-2015-0009.3 *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0009.html *** VMSA-2015-0007.6 *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0007.html *** iOS-Apps müssen ab 2017 HTTPS verwenden *** --------------------------------------------- Apple hat angekündigt, ab 1. Jänner 2017 HTTPS-Verbindungen für iOS-Apps zu verlangen. Daten sollen nur noch verschlüsselt übertragen werden. --------------------------------------------- http://futurezone.at/apps/ios-apps-muessen-ab-2017-https-verwenden/204.603.… *** Russische Spione hacken Computer von US-Demokraten *** --------------------------------------------- http://derstandard.at/2000038962384-406 *** Adobe-Patchday lässt kritische Flash-Lücke ungepatcht *** --------------------------------------------- Adobe schliesst Lücken in ColdFusion, der Creative Cloud, dem DNG Development Kit und seinem Texteditor Brackets. Nur eine kritische Flash-Lücke bleibt erst mal ungepatcht. --------------------------------------------- http://heise.de/-3238271 *** DSA-3603 libav - security update *** --------------------------------------------- Several security issues have been corrected in multiple demuxers anddecoders of the libav multimedia library. A full .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3603 *** Cross-Site Scripting in extension "Bootstrap Package" (bootstrap_package) *** --------------------------------------------- https://typo3.org/news/article/cross-site-scripting-in-extension-formhandle… *** Microsoft-Patchday: Uralt-Lücke aus Windows-95-Zeiten geschlossen *** --------------------------------------------- Microsoft hat für diesen Monat 16 Sicherheitsupdates herausgegeben. Fünf davon sind kritisch und eine wichtige Lücke namens "BadTunnel" betrifft alle Windows-Versionen seit Windows 95. --------------------------------------------- http://heise.de/-3238328 *** xDedic - the shady world of hacked servers for sale *** --------------------------------------------- Over the last two years, deep in the slums of the Internet, a different kind of underground market has flourished. The short, cryptic name perhaps doesnt say much about it: xDedic. However, on this obscure marketplace anyone can purchase more than 70,000 hacked servers from all around the Internet. --------------------------------------------- http://securelist.com/blog/research/75027/xdedic-the-shady-world-of-hacked-… *** Programmiersprache: Microsoft forscht an sicherer C-Erweiterung *** --------------------------------------------- Einige Modifikationen an Syntax, Compiler und Laufzeitumgebung sollen C-Programme vor typischen Fehlern der Programmiersprache schützen. Microsoft erforscht diese Technik gemeinsam mit Universitäten in einem Open-Source-Projekt. --------------------------------------------- http://www.golem.de/news/programmiersprache-microsoft-forscht-an-sicherer-c… *** Next Steps for Legacy Plug-ins *** --------------------------------------------- The web platform is capable of amazing things. Thanks to the ongoing hard work of standards bodies, browser vendors, and web developers, web standards are feature-rich and continuously improving. The WebKit project in particular .. --------------------------------------------- https://webkit.org/blog/6589/next-steps-for-legacy-plug-ins/ *** Forenbetreiber gehackt: 45 Millionen Nutzer betroffen *** --------------------------------------------- Cyberkriminelle haben 45 Millionen Datensätze von VerticalScope gestohlen. Die kanadische Firma hostet über 1.100 Webseiten und Online-Foren. --------------------------------------------- http://futurezone.at/digital-life/forenbetreiber-gehackt-45-millionen-nutze… *** TalkTalk-Kunden werden über TeamViewer-Zugänge angegriffen *** --------------------------------------------- Nicht genug, dass die Daten der TalkTalk-Kunden im Netz sind: Jetzt werden diese auch noch Opfer von Ganoven. Diese versuchen, .. --------------------------------------------- http://heise.de/-3238766

1 0

Tageszusammenfassung - Dienstag 14-06-2016
by Daily end-of-shift report 14 Jun '16

14 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 13-06-2016 18:00 − Dienstag 14-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** ATM Insert Skimmers In Action *** --------------------------------------------- KrebsOnSecurity has featured several recent posts on "insert skimmers," ATM skimming devices made to fit snugly and invisibly inside a cash machines card acceptance slot. Im revisiting the subject again because Ive recently .. --------------------------------------------- http://krebsonsecurity.com/2016/06/atm-insert-skimmers-in-action/ *** DSA-3601 icedove - security update *** --------------------------------------------- Multiple security issues have been found in Icedove, Debians version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors maylead to the execution of arbitrary code or denial of service. --------------------------------------------- https://www.debian.org/security/2016/dsa-3601 *** Virenscanner infiziert Systeme mit Sality-Virus *** --------------------------------------------- Durch ein Update landete des Virenscanners Rising landet eine infizierte Datei auf den Systeme, die sich dann daran macht, den Sality-Virus weiter zu verbreiten. --------------------------------------------- http://heise.de/-3237654 *** Vawtrak banking Trojan shifts to new targets *** --------------------------------------------- The Vawtrak banking Trojan (aka Snifula) is slowly but surely becoming a serious threat. With version 2, the malware has acquired the capability to target .. --------------------------------------------- https://www.helpnetsecurity.com/2016/06/14/vawtrak-banking-trojan-shifts-ne… *** Kritische Sicherheitslücke: Angreifer können Adminrechte in Oxid-E-Shop erlangen *** --------------------------------------------- Eine Sicherheitslücke im E-Shop-System Oxid ermöglicht Angreifern den Zugriff auf das Admininterface, es kann auch Code ins Frontend injiziert werden. Aktuelle Versionen werden mit einem Patch abgesichert, für ältere existiert lediglich ein Workaround. --------------------------------------------- http://www.golem.de/news/kritische-sicherheitsluecke-angreifer-koennen-admi… *** Aufregung um Linkedin-Hack in .at: Nutzer sollten dringend Passwort ändern *** --------------------------------------------- Vollständige Nutzerdatenbank aus dem Jahr 2012 kursiert, und sorgt nun auch hierzulande für Schlagzeilen. --------------------------------------------- http://derstandard.at/2000038935519 *** Weaponizing Nessus *** --------------------------------------------- Once in a blue moon we come across a client that has truly done security right (or at least, tried really hard to do so). All the low hanging fruit has .. --------------------------------------------- http://www.shellntel.com/blog/2016/6/7/weaponizing-nessus *** The PhotoMiner Campaign *** --------------------------------------------- Over the past few months, we've been following a new type of worm we named PhotoMiner. PhotoMiner features a unique infection mechanism, reaching endpoints by infecting websites hosted on FTP servers while making money by .. --------------------------------------------- https://www.guardicore.com/2016/06/the-photominer-campaign/ *** Finding pearls; fuzzing ClamAV *** --------------------------------------------- Previously, I wrote about the general workflow to follow if you wanted to seriously begin fuzzing applications, while covering fuzzing a small YAML library. In this post, we will cover taking that workflow and applying it in real life to the open-source antivirus project ClamAV. This fuzz job was .. --------------------------------------------- https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/ *** phpMyAdmin Project Successfully Completes Security Audit *** --------------------------------------------- Software Freedom Conservancy congratulates its phpMyAdmin project on succesfuly completing completing a thorough security audit, as part of Mozillas Secure Open Source Fund. No serious issues were found in the phyMyAdmin codebase. --------------------------------------------- https://www.phpmyadmin.net/news/2016/6/13/phpmyadmin-project-successfully-c… *** Netgear-Router dank festinstallierter Schlüssel einfach zu knacken *** --------------------------------------------- Die Router D6000 und D3600 können von Angreifern gekapert werden, da sie fest installierte Krypto-Schlüssel nutzen, die immer gleich sind. Ausserdem lässt sich das Administrator-Passwort sehr einfach auslesen. --------------------------------------------- http://heise.de/-3237907 *** Making Curl | Bash safe(r) *** --------------------------------------------- You know those software installation instructions that tell you to download and run a script directly from the internet, as root, using something like the following? --------------------------------------------- https://sysdig.com/blog/making-curl-bash-safer/

1 0

Tageszusammenfassung - Montag 13-06-2016
by Daily end-of-shift report 13 Jun '16

13 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 10-06-2016 18:00 − Montag 13-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Linux Kernel ROP - Ropping your way to # (Part 1) *** --------------------------------------------- Kernel ROP In-kernel ROP (Return Oriented Programming) is a useful technique that is often used to bypass restrictions associated with non-executable memory regions. For example, on default kernels1, it presents a practical approach for .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP---Ropp… *** Siemens SIMATIC S7-300 Denial-of-Service Vulnerability *** --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01 *** Is it the End of Angler ? *** --------------------------------------------- http://malware.dontneedcoffee.com/2016/06/is-it-end-of-angler.html *** Visual Studio 2015 stopft ungefragt Tracing-Code in C++-Programme *** --------------------------------------------- Microsofts aktuelle Entwicklungsumgebung baut ungefragt und automatisch Funktionsaufrufe in C++-Code ein, die dem Erfassen von Telemetrie-Daten dienen. Microsoft will das nun mit Updates abstellen. --------------------------------------------- http://heise.de/-3235676 *** Blackberry verteilt Nutzerdaten weltweit an Behörden *** --------------------------------------------- Blackberry entschlüsselt Nachrichten, die über seine Geräte verschickt und empfangen werden und teilt diese Informationen und andere Nutzerdaten mit Behörden in aller Welt. --------------------------------------------- http://futurezone.at/netzpolitik/blackberry-verteilt-nutzerdaten-weltweit-a… *** Petya and Mischa - Ransomware Duet (part 2) *** --------------------------------------------- After being defeated in April, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload - Mischa. Both are named after the satellites from the GoldenEye movie. They deploy .. --------------------------------------------- https://blog.malwarebytes.org/threat-analysis/2016/06/petya-and-mischa-rans… *** DNS Sinkhole ISO Version 2.0 *** --------------------------------------------- After 4 years (previous version 1.3 Jun 2012), I containing the following changes: - Updated to Slackware 14.1 with Linux kernel 3.10.17 - Added inetsim in the /opt directory as a limited alternative to collect redirected sinkhole .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21153 *** Symantec übernimmt Blue Coat für 4,65 Milliarden Dollar *** --------------------------------------------- Blue Coat wurde vom Sicherheitssoftwareanbieter Symantec gekauft und will sich fortan vor allem auf Anti-Viren-Software konzentrieren. --------------------------------------------- http://futurezone.at/b2b/symantec-uebernimmt-blue-coat-fuer-4-65-milliarden… *** Verschlüsselung: Lets Encrypt veröffentlicht 7.618 E-Mail-Adressen *** --------------------------------------------- Lets Encrypt will Verbindungen im Internet besser absichern und so die privaten Daten der Nutzer besser schützen. Doch jetzt hat das Projekt durch eine Panne selbst zahlreiche Mailadressen preisgegeben. --------------------------------------------- http://www.golem.de/news/verschuesselung-let-s-encrypt-verraet-7-618-e-mail… *** FLocker Mobile Ransomware Crosses to Smart TV *** --------------------------------------------- Using multiple devices that run on one platform makes life easier for a lot of people. However, if a malware affects one of these devices, the said malware may eventually affect the others, too. This appears to be the case when we came across an .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/flocker-ransomwa… *** Statt Backups: Britische Firmen horten Bitcoins für Erpressungstrojaner *** --------------------------------------------- Anstatt für regelmäßige Backups zu sorgen, scheinen viele britische Firmen lieber Kryptogeldreserven anzulegen, um Lösegeld für ihre Daten bezahlen zu können. Laut einer Befragung sind viele Firmen bereit, bis zu 50.000 Pfund zu zahlen. --------------------------------------------- http://heise.de/-3236563 *** Intel verankert Anti-Exploit-Technik in (CPU-)Hardware *** --------------------------------------------- Mit der "Control-flow Enforcement Technology" will Intel dem Ausnutzen von Sicherheitslücken eine weitere Hürde in den Weg legen. Wann CET jedoch in Prozessoren debüttiert, steht noch in den Sternen. --------------------------------------------- http://heise.de/-3236707 *** Microsoft kauft LinkedIn für 26,2 Milliarden Dollar *** --------------------------------------------- Das Karriere-Netzwerk LinkedIn wird von Microsoft übernommen. Der Xing-Konkurrent werde dabei insgesamt mit 26,2 Milliarden Dollar bewertet, teilten die Unternehmen mit. --------------------------------------------- http://futurezone.at/b2b/microsoft-kauf-linkedin-fuer-26-2-milliarden-dolla… *** Process Explorer: Part 2 *** --------------------------------------------- For Windows operating systems (OS), especially those up to and including Windows 7, Process Explorer is an excellent replacement for Task Manager. After publishing .. --------------------------------------------- https://blog.malwarebytes.org/101/2016/05/process-explorer-part-2/ *** Empfehlungen für Cybersicherheitsgesetz veröffentlicht *** --------------------------------------------- Ein Jahr lang haben Experten aus Wirtschaft, Wissenschaft und Behörden über das Cybersicherheitsgesetz diskutiert, das eine Meldepflicht bei Cyberangriffen bringen soll. --------------------------------------------- http://futurezone.at/netzpolitik/empfehlungen-fuer-cyberischerheitsgesetz-v…

1 0

Tageszusammenfassung - Freitag 10-06-2016
by Daily end-of-shift report 10 Jun '16

10 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 09-06-2016 18:00 − Freitag 10-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Reverse-engineering DUBNIUM *** --------------------------------------------- DUBNIUM (which shares indicators with what Kaspersky researchers have called DarkHotel) is one of the activity groups that has been very active in recent years, and has many distinctive features. We located multiple variants of multiple-stage droppers and payloads in the last few months, and although they are not really packed or obfuscated in a... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/06/09/reverse-engineering-dub… *** "Webseiten werden angreifbarer" *** --------------------------------------------- Alexander Mitter von nimbusec und Andreas Tomek von SBA Research über Sicherheits-Start-ups in Österreich, Bedrohungsszenarien und Viagra-Shops auf Unternehmenswebseiten. --------------------------------------------- http://futurezone.at/thema/start-ups/webseiten-werden-angreifbarer/203.199.… *** Offensive or Defensive Security? Both!, (Thu, Jun 9th) *** --------------------------------------------- Sometimes students ask me the best way to jump into the security world. I usually compare information security to medicine: You start with a common base (a strong knowledge in IT) then you must choose a specialization: auditor, architect, penetrationtester, reverse engineer, incident handler, etc. Basically, those specializations can be grouped in two categories: offensiveand defensive. Many people like the first one because it looks more funny and the portrait of the hacker as depicted in Hollywood... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21149&rss *** Secure Open Source: Mozilla stiftet Fonds für bessere Security *** --------------------------------------------- In dem Programm Secure Open Source (SOS) stellt Mozilla zunächst 500.000 US-Dollar bereit, um die Sicherheit von Open-Source-Software zu verbessern. Anders als bei der Linux Foundation soll das Geld explizit für Audits und einen sauberen Umgang mit Sicherheitslücken genutzt werden. --------------------------------------------- http://www.golem.de/news/secure-open-source-mozilla-stiftet-fonds-fuer-bess… *** Crysis ransomware fills vacuum left by TeslaCrypt *** --------------------------------------------- TeslaCrypt has reached the end of the road, and other ransomware is ready to fill the vacuum left behind it. A relative newcomer to the market, Crysis ransomware is already laying claim to parts of TeslaCrypt's territory. The Crysis ransomware family � not to be confused with the Crisis backdoor/spyware Trojan that targeted both Windows and Mac users some four years ago - is currently in its second iteration, and doesn't differ much from other... --------------------------------------------- https://www.helpnetsecurity.com/2016/06/10/crysis-ransomware/ *** An Interview With the Hacker Probably Selling Your Password Right Now *** --------------------------------------------- A conversation with the stolen-data wholesaler selling 800 million stolen passwords, and plaguing the security teams of LinkedIn, Twitter, and Tumblr. --------------------------------------------- http://www.wired.com/2016/06/interview-hacker-probably-selling-password/ *** Optimizing TLS over TCP to reduce latency *** --------------------------------------------- The layered nature of the Internet (HTTP on top of some reliable transport (e.g. TCP), TCP on top of some datagram layer (e.g. IP), IP on top of some link (e.g. Ethernet)) has been very important in its development. Different link layers have come and gone over... --------------------------------------------- https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/ *** EMC and VMware both suffer malicious user access messes *** --------------------------------------------- The wrong people can access data on Data Domain, NSX and vRealize VMware and EMC have each revealed security nasties. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/06/10/emc_and_vmw… *** VU#778696: Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass *** --------------------------------------------- Vulnerability Note VU#778696 Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass Original Release date: 10 Jun 2016 | Last revised: 10 Jun 2016 Overview The Netgear D6000 and D3600 routers are vulnerable to authentication bypass and contain hard-coded cryptographic keys embedded in their firmware. Description CWE-321: Use of Hard-coded Cryptographic Key -- CVE-2015-8288The firmware for these devices contains a hard-coded RSA private key,... --------------------------------------------- http://www.kb.cert.org/vuls/id/778696 *** USN-2995-1: Squid vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-2995-19th June, 2016squid3 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in Squid.Software description squid3 - Web proxy cache server DetailsYuriy M. Kaminskiy discovered that the Squid pinger utility incorrectlyhandled certain ICMPv6 packets. A remote attacker could use this issue tocause Squid to crash, resulting in a... --------------------------------------------- http://www.ubuntu.com/usn/usn-2995-1/ *** DSA-3599 p7zip - security update *** --------------------------------------------- Marcin Icewall Noga of Cisco Talos discovered an out-of-bound readvulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zrfile archiver with high compression ratio. A remote attacker can takeadvantage of this flaw to cause a denial-of-service or, potentially theexecution of arbitrary code with the privileges of the user runningp7zip, if a specially crafted UDF file is processed. --------------------------------------------- https://www.debian.org/security/2016/dsa-3599 *** Security Advisory: Java vulnerabilities CVE-2013-5825 and CVE-2013-5830 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/48/sol48802597.html?… *** Security Advisory: iControl REST vulnerability CVE-2016-5021 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/99/sol99998454.html?… *** Bugtraq: ESA-2016-062: EMC Data Domain Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538642 *** VMSA-2016-0008 *** --------------------------------------------- VMware vRealize Log Insight addresses important and moderate security issues. --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0008.html *** VMSA-2016-0007 *** --------------------------------------------- VMware NSX and vCNS product updates address a critical information disclosure vulnerability --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0007.html *** Bugtraq: [security bulletin] HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS) *** --------------------------------------------- http://www.securityfocus.com/archive/1/538640 *** [R2] OpenSSL 20160503 Advisory Affects Tenable Products *** --------------------------------------------- Nessus and SecurityCenter are potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed. Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included version of OpenSSL as a precaution, and to save time. [...] Advisory Timeline 2016-05-19 - [R1] Initial Release | 2016-06-09 - [R2] Security Center details added --------------------------------------------- https://www.tenable.com/security/tns-2016-10 *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-3705) *** --------------------------------------------- There is a vulnerability in libxml2 that is used by IBM BigFix Compliance Analytics. IBM BigFix Compliance has addressed this vulnerability. CVE(s): CVE-2016-3705 Affected product(s) and affected version(s): IBM BigFix Security Compliance Analytics 1.7 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21984773X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112885 --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21984773 *** IBM Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects IBM BigFix Compliance Analytics. (CVE-2016-0264) *** --------------------------------------------- There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 Service Refresh 2 Fixpack 11 that is used by IBM BigFix Compliance Analytics. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): CVE-2016-0264 Affected product(s) and affected version(s): IBM BigFix Security Compliance Analytics 1.8. Refer to... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21983689 *** IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Deploy (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351) *** --------------------------------------------- Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Deploy. CVE(s): CVE-2015-5345, CVE-2015-5346, CVE-2015-5351 Affected product(s) and affected version(s): IBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.2, 6.2.0.1,... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000126 *** IBM Security Bulletin: IBM Notes InstallShield vulnerable to DLL planting (CVE-2016-2542) *** --------------------------------------------- IBM Notes uses InstallShield which generates install executables that are vulnerable to a DLL-planting vulnerability. CVE(s): CVE-2016-2542 Affected product(s) and affected version(s): This vulnerability affects installers of following versions of IBM Notes... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21979808 *** IBM Security Bulletin: Vulnerability in Apache Standard Taglibs affects IBM WebSphere Application Server (CVE-2015-0254) *** --------------------------------------------- There is an XML External Entity Injection (XXE) vulnerability in the Apache Standard Taglibs that affects IBM WebSphere Application Server. CVE(s): CVE-2015-0254 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server Version 8.5.5 Full Profile and Liberty Version 8.5 Full Profile and Liberty Version 8.0 Version... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21978495

1 0

Tageszusammenfassung - Donnerstag 9-06-2016
by Daily end-of-shift report 09 Jun '16

09 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 08-06-2016 18:00 − Donnerstag 09-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** AVM warnt vor Telefonmissbrauch bei Routern mit älterer Firmware *** --------------------------------------------- Fritzboxen mit "seltenen Konfigurationen" und älterer Firmware könnten aktuell Opfer von Angreifern werden, die auf Telefonbetrug zielen. AVM rät zu Updates. --------------------------------------------- http://heise.de/-3232343 *** Unpatched D-Link Wi-Fi Camera Flaw Remotely Exploitable *** --------------------------------------------- D-Links DCS930L Wi-Fi camera is vulnerable to a stack overflow vulnerability that can be remotely exploited. --------------------------------------------- http://threatpost.com/unpatched-d-link-wi-fi-camera-flaw-remotely-exploitab… *** Skype being used to distribute malware *** --------------------------------------------- Skype being used to distribute QRAT malware to unsuspecting travelers looking for help on filling out U.S, travel documents. --------------------------------------------- http://www.scmagazine.com/skype-being-used-to-distribute-malware/article/50… *** Searching for malspam, (Thu, Jun 9th) *** --------------------------------------------- Introduction About a week ago, I stopped seeing the daily deluge of malicious spam (malspam) distributing Dridex banking trojans or Locky ransomware. Before this month, I generally noticed multiple waves of Dridex/Locky malspam almost every day. This malspam contains attachments with zipped .js files or Microsoft Office documents designed to download and install the malware. I havent found much discussion about the current absence of Dridex/Locky malspam. Since the actor(s) behind Dridex... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21145&rss *** Security: Locky- und Dridex-Botnetz ist spurlos verschwunden *** --------------------------------------------- Sicherheitsforscher haben einen massiven Rückgang von Infektionen der bekannten Malware-Familien Dridex und Locky beobachtet. Schuld sind offenbar Probleme beim verteilenden Botnetz. Für Locky gibt es keine neue Infrastruktur. Was mit Opfern passiert, ist derzeit offen. --------------------------------------------- http://www.golem.de/news/security-wo-ist-nur-das-botnetz-hin-1606-121396-rs… *** REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2016-033Project: REST/JSON (third-party module)Version: 7.xDate: 2016-June-08Security risk: 19/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Proof/TD:AllVulnerability: Access bypass, Information Disclosure, Multiple vulnerabilitiesDescriptionThis module enables you to expose content, users and comments via a JSON API.The module contains multiple vulnerabilities includingNode access bypassComment access bypassUser enumerationField access bypassUser registration... --------------------------------------------- https://www.drupal.org/node/2744889 *** Citrix XenServer Security Update for CVE-2016-5302 *** --------------------------------------------- A security vulnerability has been identified in XenServer 7.0 that may allow an attacker on the management network who is in possession of Active Directory credentials for an AD account that is not authorised to manage a XenServer host to compromise that host. --------------------------------------------- https://support.citrix.com/article/CTX213549 *** Bugtraq: ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/538634 *** Bugtraq: ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/538635 *** Security Advisory: Custom monitor privilege escalation vulnerability CVE-2016-5020 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/00/sol00265182.html?… *** Security Advisory: PHP vulnerability CVE-2016-4070 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/42/sol42065024.html?… *** SSA-526760 (Last Update 2016-06-08): Weak Credentials Protection in SIMATIC WinCC flexible *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760… *** SSA-818183 (Last Update 2016-06-08): Denial-of-Service Vulnerability in S7-300 CPU *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183… *** SSA-301706 (Last Update 2016-06-08): GNU C Library Vulnerability in Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706… *** Bugtraq: [security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery *** --------------------------------------------- http://www.securityfocus.com/archive/1/538630 *** Bugtraq: [security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands *** --------------------------------------------- http://www.securityfocus.com/archive/1/538629 *** Bugtraq: [security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538633 *** Bugtraq: [security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538632 *** Cisco Aironet 3800 Series Access Point Platforms ARP Request Handling Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Application Policy Infrastructure Controller Binary Files Privilege Escalation Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino *** http://www.ibm.com/support/docview.wss?uid=swg21984678 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in InstallShield/InstallAnywhere affects IBM Informix CSDK and Server installation on Windows(CVE-2016-2542, CVE-2016-4560) *** http://www-01.ibm.com/support/docview.wss?uid=swg21984231 --------------------------------------------- *** IBM Security Bulletin: IBM Client Application Access InstallShield vulnerable to DLL planting (CVE-2016-2542) *** http://www.ibm.com/support/docview.wss?uid=swg21981968 --------------------------------------------- *** IBM Security Bulletin: Secure Properties in IBM UrbanCode Deploy Vulnerable (CVE-2016-0267) *** http://www.ibm.com/support/docview.wss?uid=swg2C1000151 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience (CVE-2015-1794, CVE-2015-3194, CVE-2016-0702) *** http://www.ibm.com/support/docview.wss?uid=swg21981021 --------------------------------------------- *** IBM Security Bulletin: Security Bulletin: Vulnerabilities in OpenSSL and ReDoS vulnerability in semver module affect IBM SDK for Node.js in IBM Bluemix (CVE-2016-2107, CVE-2016-2105, CVE-2015-8855) *** http://www-01.ibm.com/support/docview.wss?uid=swg21983514 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection *** http://www.ibm.com/support/docview.wss?uid=swg21984424 --------------------------------------------- *** IBM Security Bulletin: An unspecified JMX component vulnerability affects IBM SPSS Analytic Server (CVE-2016-3427) *** http://www.ibm.com/support/docview.wss?uid=swg21984436 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily