=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 19-10-2016 18:00 − Donnerstag 20-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Cisco ASA Software Local Certificate Authority Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system.The vulnerability is due to improper handling of ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Firepower Detection Engine HTTP Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Meeting Server Information Disclosure Vulnerability ***
---------------------------------------------
A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server.The vulnerability is due to missing bounds checks in the Web Bridge functionality. An ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Meeting Server Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability ***
---------------------------------------------
A vulnerability in the Identity Firewall feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Adult FriendFinder Vulnerability Leaves Millions Exposed ***
---------------------------------------------
Security experts are reporting popular adult website Adult FriendFinder has been compromised by hackers who have gained access to the sites backend servers.
---------------------------------------------
http://threatpost.com/adult-friendfinder-vulnerability-leaves-millions-expo…
*** The new .LNK between spam and Locky infection ***
---------------------------------------------
Just when it seems the Ransom:Win32/Locky activity has slowed down, our continuous monitoring of the ransomware family reveals a new workaround that the authors ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/10/19/the-new-lnk-between-spa…
*** Hack.lu 2016 Wrap-Up Day #2 ***
---------------------------------------------
I'm just back from the second day of hack.lu. The day started early with Patrice Auffret about Metabrik! Patrice is a Perl addict and developed lot of CPAN ..
---------------------------------------------
https://blog.rootshell.be/2016/10/20/hack-lu-2016-wrap-day-2/
*** Researchers Bypass ASLR Protection On Intel Haswell CPUs ***
---------------------------------------------
An anonymous reader writes: "A team of scientists from two U.S. universities has devised ..
---------------------------------------------
https://news.slashdot.org/story/16/10/19/2358209/researchers-bypass-aslr-pr…
*** OWASP ModSecurity CRS Version 3.0 RC2 Released ***
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/OWASP-ModSecurity-CRS-Versio…
*** Novell: Storage Manager for eDirectory 5.0.0 ***
---------------------------------------------
https://download.novell.com/Download?buildid=4x6-1FswplA~
*** Security research tool had security problem ***
---------------------------------------------
Plugin for popular disassembler OllyDGB allowed man-in-the-middle diddle Security ..
---------------------------------------------
www.theregister.co.uk/2016/10/20/ollydgb_vulnerability/
*** Can I spam from here: An Unusually Clever Spambot Tests Blacklists ***
---------------------------------------------
Unit 42 researchers recently observed an unusually clever spambot's attempts to increase delivery efficacy by abusing reputation blacklist service ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/10/unit42-can-i-spam-from-h…
*** Bugtraq: [security bulletin] HPSBGN03663 rev.1 - HPE ArcSight WINC Connector, Remote Code Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539609
*** Skyping and Typing the Latest Threat to Privacy ***
---------------------------------------------
Typing while using Skype or over other Voice over Internet Protocol (VoIP) services presents an opportunity for an attacker to record the conversation, separate ..
---------------------------------------------
https://threatpost.com/skyping-and-typing-the-latest-threat-to-privacy/1213…
*** The Kings In Your Castle Part #1 ***
---------------------------------------------
In March 2016 I presented together with Raphael Vinot at this year�s Troopers conference in Heidelberg. The talk treated research of targeted malware, ..
---------------------------------------------
https://cyber.wtf/2016/10/12/the-kings-in-your-castle-all-the-lame-threats-…
*** Palo Alto PAN-OS Input Validation Flaw in Monitor Tab Lets Remote Authenticated Users Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1037063
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 18-10-2016 18:00 − Mittwoch 19-10-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Is it worth reporting ransomware? ***
---------------------------------------------
Answer: yes. Police forces badly need more people to tell them about attacks.
---------------------------------------------
https://nakedsecurity.sophos.com/2016/10/18/is-it-worth-reporting-ransomwar…
*** Security Advisory: PHP vulnerability CVE-2015-8935 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/63/sol63712424.html?…
*** PHP Buffer Overflow in php_pcre_replace_impl() Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
A remote user can supply specially crafted data that, when processed by the target application, will trigger a heap overflow in php_pcre_replace_impl() in the PCRE component and execute arbitrary code on the target system.
...
[Editor's note: The vendor indicates that these other memory errors require strings on the order of 2GB to exploit and that memory_limit and max_input_size values on the target system should prevent exploitation.]
---------------------------------------------
http://www.securitytracker.com/id/1037033
*** Security Advisory: TIFF vulnerability CVE-2015-7554 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/38/sol38871451.html?…
*** IDM 4.5 Midrange BiDirectional Driver 4.5 ***
---------------------------------------------
https://download.novell.com/Download?buildid=sQgqe1Stbog~
*** Hack.lu 2016 Wrap-Up Day #1 ***
---------------------------------------------
I'm back to Luxembourg for a new edition of hack.lu. In fact, I arrived yesterday afternoon to attend the MISP summit. It was a good opportunity to meet MISP users and to get fresh news about the project.
---------------------------------------------
https://blog.rootshell.be/2016/10/18/hack-lu-2016-wrap-day-1/
*** Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges ***
---------------------------------------------
Version(s): 6u121, 7u111, 8u102; Java SE Embedded: 8u101
Description: Multiple vulnerabilities were reported in Oracle Java SE. A remote user can access data on the target system. A remote user can modify data on the target system. A remote user can gain elevated privileges.
---------------------------------------------
http://www.securitytracker.com/id/1037040
*** Oracle Database Multiple Flaws Let Remote and Local Users Access and Modify Data and Gain Elevated Privileges and Let Local Users Deny Service ***
---------------------------------------------
Version(s): 11.2.0.4, 12.1.0.2
Description: Multiple vulnerabilities were reported in Oracle Database. A remote and local user can access data on the target system. A remote user can modify data on the target system. A local user can cause denial of service conditions on the target system. A local user can obtain elevated privileges on the target system. A remote authenticated user can gain elevated privileges.
---------------------------------------------
http://www.securitytracker.com/id/1037035
*** Vuln: Oracle Fusion Middleware CVE-2016-5531 Remote Security Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93730
*** MySQL Multiple Bugs Let Remote Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Modify Data and Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1037050
*** Solaris Multiple Bugs Let Remote and Local Users Access Data and Deny Service and Let Local Users Modify Data and Deny Service ***
---------------------------------------------
Version(s): 10, 11.3
Description: Multiple vulnerabilities were reported in Solaris. A remote or local user can access data on the target system. A remote or local user can cause denial of service conditions on the target system. A local user can modify data on the target system. A local user can obtain elevated privileges on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1037048
*** Installer of Evernote for Windows may insecurely load Dynamic Link Libraries ***
---------------------------------------------
http://jvn.jp/en/jp/JVN03251132/
*** Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a hard-coded password vulnerability in Schneider Electric's PowerLogic PM8ECC device.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01
*** Cisco Talos: Vulnerability Spotlight: Foxit PDF Reader JBIG2 Parser Information Disclosure ***
---------------------------------------------
Talos has identified an information disclosure vulnerability in Foxit PDF Reader (TALOS-2016-0201/CVE-2016-8334). A wrongly bounded call to `memcpy`, while parsing jbig2 segments within a PDF file, can be triggered in Foxit PDF Reader causing an out-of-bounds heap memory to be read into a buffer.
---------------------------------------------
http://blog.talosintel.com/2016/10/foxit-pdf-jbig2.html
*** CAIDA: Spoofer ***
---------------------------------------------
We have developed and support a new client-server system for Windows, MacOS, and UNIX-like systems that periodically tests a networks ability to both send and receive packets with forged source IP addresses (spoofed packets). We are (in the process of) producing reports and visualizations that will inform operators, response teams, and policy analysts.
---------------------------------------------
https://www.caida.org/projects/spoofer/
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Cloud Orchestrator, HTTP Server and bundling products shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2015-1788) ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000137
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK for Node.js in IBM Bluemix ***
http://www.ibm.com/support/docview.wss?uid=swg21992427
---------------------------------------------
*** IBM Security Bulletin: IBM TRIRIGA Application Platform Reflected Cross-Site Scripting (XSS) (CVE-2016-5980) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991992
---------------------------------------------
*** IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-3092 ***
http://www.ibm.com/support/docview.wss?uid=swg21992457
---------------------------------------------
*** IBM Security Bulletin: Information disclosure vulnerability in IBM Websphere Application Server and IBM Websphere Application Server Liberty affects IBM BigFix Remote Control (CVE-2016-5986) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991987
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in PCRE affects IBM Tivoli Network Manager IP Edition (CVE-2016-1283) ***
http://www.ibm.com/support/docview.wss?uid=swg21991978
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 17-10-2016 18:00 − Dienstag 18-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Security baseline for Windows 10 v1607 (“Anniversary edition”) and Windows Server 2016 ***
---------------------------------------------
Microsoft is pleased to announce the release of the security configuration baseline settings for Windows 10 version 1607, also known as “Anniversary edition” ..
---------------------------------------------
https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-f…
*** New-looking Sundown EK drops Smoke Loader, Kronos banker ***
---------------------------------------------
In this post we take a quick glance at some changes made to the Sundown exploit kit. The landing page has been tweaked and uses various obfuscation techniques. Sundown is used in some smaller campaigns and in this particular case ..
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2016/10/new-looking-sundown-e…
*** Magento Credit Card Swiper Exports to Image ***
---------------------------------------------
Over the past year we have seen a rash of credit card swipers in Magento and other ecommerce-based websites. In fact, we have been finding new variants nearly every week. It is no surprise that ecommerce sites are ..
---------------------------------------------
https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.ht…
*** ZDI-16-570: Novell NetIQ Sentinel Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetIQ Sentinel. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-570/
*** Security Advisory - Hardcoded SSH Key Vulnerability in Some Huawei Storage Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161017-…
*** Audit sees VeraCrypt kils critical password recovery, cipher flaws ***
---------------------------------------------
Patches slung at 11 bad bugs Security researchers have found eight critical, three medium, and 15 low ..
---------------------------------------------
www.theregister.co.uk/2016/10/18/veracrypt_audit/
*** iOS 10.0.3 ***
---------------------------------------------
https://support.apple.com/en-us/HT207263
*** Hajime: Analysis of a decentralized internet worm for IoT devices [PDF] ***
---------------------------------------------
Though worms which target IoT devices are not new, they are rising in prominence lately due to the generally wea k security such devices have. What makes Hajime ..
---------------------------------------------
https://security.rapiditynetworks.com/publications/2016-10-16/hajime.pdf
*** Netzob: Reverse Engineering Communication Protocols ***
---------------------------------------------
Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of ..
---------------------------------------------
https://www.netzob.org/
*** Halfway there! Firefox users now visit over 50% of pages via HTTPS ***
---------------------------------------------
Mozilla telemetry shows sites using HTTPS for more secure browsing now outnumber plain old HTTP.
---------------------------------------------
https://nakedsecurity.sophos.com/2016/10/18/halfway-there-firefox-users-now…
*** Malware verkauft: 22-Jähriger muss in Deutschland vor Gericht ***
---------------------------------------------
Ein 22-Jähriger soll in 4.000 Fällen Trojaner, Viren und andere Malware verkauft haben. Jetzt muss er sich dafür vor Gericht verantworten.
--------------------------------------------
-
https://futurezone.at/digital-life/malware-verkauft-22-jaehriger-muss-in-de…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 14-10-2016 18:00 − Montag 17-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** pseudoDarkleech Rig EK ***
---------------------------------------------
Since Monday 2016-10-03, the pseudoDarkleech campaign has been using Rig exploit kit (EK) to distribute Cerber ransomware." /> Shown above: An infection chain of events. Let" /> Shown above:" /> Shown above: UDP traffic seen ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21595
*** Sierra Wireless Mitigations Against Mirai Malware ***
---------------------------------------------
NCCIC/ICS-CERT received a technical bulletin from the Sierra Wireless company, outlining mitigations to secure Airlink Cellular Gateway devices affected by (or at risk of) the “Mirai” malware. While the Sierra Wireless ..
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-286-01
*** Vuln: Magento CMS Multiple Cross-Site Request Forgery Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/93576
*** Vuln: Magento CMS Flash File Uploader Cross Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93575
*** Vuln: PHP password_verify() Function Out-of-Bounds Read Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93578
*** Maldoc VBA Anti-Analysis ***
---------------------------------------------
I was asked for help with the analysis of sample 7c9505f2c041ba588bed854258344c43. Turns out this malicious Word document has some anti-analysis tricks (here is an older diary entry with other anti-analysis tricks). Here is the analysis with oledump.py: Stream 8 contains VBA ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21599
*** Symantec observed a surge of spam emails using malicious WSF files ***
---------------------------------------------
Symantec observed a significant increase in the number of email-based attacks using malicious Windows Script File (WSF) attachments. Experts from Symantec are observing a significant increase in the number of email-based ..
---------------------------------------------
http://securityaffairs.co/wordpress/52341/cyber-crime/spam-wsf-files.html
*** Analyzing Office Maldocs With Decoder.xls, (Sun, Oct 16th) ***
---------------------------------------------
In my last diary entry, I show how to decode VBA maldoc strings with Excel. A similar technique can be used to decode a payload (like shellcode). I explain ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21601
*** Outlook-on-Android alternative Nine leaked Exchange Server creds ***
---------------------------------------------
Patches slung to fix popular third-party email app Staff logging into Exchange Server through a popular app could have placed their enterprise credentials at risk through a since-closed vulnerability.
---------------------------------------------
www.theregister.co.uk/2016/10/17/outlook_app_slapped_in_maninthemiddle_didd…
*** VMSA-2016-0016 ***
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0016.html
*** IBM Security Bulletin:Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director (CVE-2016-0264, CVE-2016-3426) ***
---------------------------------------------
There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version ..
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024427
*** No More Ransom adds law enforcement partners from 13 new countries ***
---------------------------------------------
Intel Security and Kaspersky Labs today announced that 13 law enforcement agencies have joined No More Ransom, a partnership between cybersecurity industry and law enforcement organizations to provide ransomware victims education and decryption tools through www.nomoreransom.org. Intel ..
---------------------------------------------
https://blogs.mcafee.com/mcafee-labs/no-ransom-adds-law-enforcement-partner…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 13-10-2016 18:00 − Freitag 14-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Gezinkte Primzahlen ermöglichen Hintertüren in Verschlüsselung ***
---------------------------------------------
Ein Forscherteam hat aufgezeigt, dass man durch geschickte Konstruktion einer Primzahl eine Hintertür in Verschlüsselungsverfahren einbauen kann. Nicht auszuschließen, dass dies bei etablierten Verfahren längst passiert ist.
---------------------------------------------
https://heise.de/-3347585
*** Security through Confusion – The FUD Factor ***
---------------------------------------------
The FUD factor has been employed by sales and marketing teams from multiple industries for decades. It stands for fear, uncertainty and doubt (FUD) and first appeared in the 70’s as a tactic used by competitors in the computer ..
---------------------------------------------
https://blog.sucuri.net/2016/10/security-confusion-fud-factor.html
*** Cyber Europe 2016: the pan-European exercise to protect EU Infrastructures against coordinated cyber-attack ***
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/cyber-europe-2016
*** Floating Down .Stream (Shady TLD Research, Part 17) ***
---------------------------------------------
The end of September means the leaves are starting to change -- and our quarterly Top Ten list of the shadiest TLDs is changing as well, with three newcomers since last time ..
---------------------------------------------
https://www.bluecoat.com/security-blog/2016-10-13/floating-down-stream-shad…
*** OSIsoft PI Web API 2015 R2 Service Account Permissions Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a permissions vulnerability in OSIsoft’s PI Web API.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-01
*** Siemens Automation License Manager Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for vulnerabilities in Siemen’s Automation License Manager (ALM).
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-02
*** Rockwell Automation Stratix Denial-of-Service and Memory Leak Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for vulnerabilities contained in Rockwell Automation’s Allen-Bradley Stratix industrial switches.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04
*** Moxa ioLogik E1200 Series Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for vulnerabilities in Moxas ioLogik E1200 series application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05
*** Fatek Automation Designer Memory Corruption Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for a heap memory corruption and two stack buffer overflow vulnerabilities in Fatek’s Automation PM and FV Designer applications.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06
*** Kabona AB WDC Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for vulnerabilities in Kabona AB’s WebDatorCentral (WDC) application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07
*** Pork Explosion flaw splatters Foxconns Android phones ***
---------------------------------------------
Full compromise over USB bacon-ed in to smartmobes Security researcher John Sawyer says a limited backdoor has been found in some Foxconn-manufactured Android phones, allowing attackers to root phones they have in hand.
---------------------------------------------
www.theregister.co.uk/2016/10/14/pork_explosion_foxconn_flaw/
*** LockyDump - All Your Configs Are Belong To Us ***
---------------------------------------------
This post will discuss a new Locky configuration extractor that Talos is releasing, which we are naming LockyDump. This is the first open source tool which can dump ..
---------------------------------------------
http://blog.talosintel.com/2016/10/lockydump.html
*** Quickly audit and adjust SSH server configurations with SSH-audit ***
---------------------------------------------
SSH-audit is a standalone open source tool for auditing and fixing SSH server configurations. It has no dependencies and will run wherever Python is available. It supports OpenSSH, Dropbear SSH and libssh, and reports on every detail of the tested SSH server, including detailed information about ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/10/14/ssh-audit-fix-ssh-server-configu…
*** Magento-Updates: Checkout-Prozess als Einfallstor für Angreifer ***
---------------------------------------------
Sicherheits-Patches für das Shop-System schließen mehrere Lücken. Zwei davon gelten als kritisch.
---------------------------------------------
https://heise.de/-3350195
*** Apache OpenOffice 4.1.3 ***
---------------------------------------------
Apache OpenOffice 4.1.3 ist ein Release zur Fehlerbeseitigung, welches Sicherheitsprobleme beseitigt, Wörterbücher aktualisiert und einige sonstige bekannte Fehler korrigiert. Allen Benutzern von Apache Openoffice 4.1.2 oder älteren Versionen wird empfohlen zu aktualisieren.
---------------------------------------------
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=65873798
*** SSHowDowN: Zwölf Jahre alter OpenSSH-Bug gefährdet unzählige IoT-Geräte ***
---------------------------------------------
Akamai warnt davor, dass Kriminelle unvermindert Millionen IoT-Geräte für DDoS-Attacken kapern. Die dafür ausgenutzte Lücke ist älter als ein Jahrzehnt. Viele Geräte sollen sich nicht patchen lassen.
---------------------------------------------
https://www.heise.de/newsticker/meldung/SSHowDowN-Zwoelf-Jahre-alter-OpenSS…
*** Cyber-attacks Against Nuclear Plants: A Disconcerting Threat ***
---------------------------------------------
Introduction A cyber-attack against critical infrastructure could cause the paralysis of critical operations with serious consequences for a country and its population. In a worst case scenario, a cyber-attack could affect processes that in ..
---------------------------------------------
http://resources.infosecinstitute.com/cyber-attacks-against-nuclear-plants-…
*** Wosign und Startcom: Mozilla macht Ernst mit dem Rauswurf ***
---------------------------------------------
Mozilla hat auf der Entwicklermailingliste angekündigt, Zertifikaten von Wosign und Startcom mit der übernächsten Firefox Version 51 nicht mehr zu vertrauen. Die Version ist für den kommenden Januar geplant.
---------------------------------------------
http://www.golem.de/news/wosign-und-startcom-mozilla-macht-ernst-mit-dem-ra…
*** GlobalSign annulliert versehentlich Zertifikate von vielen Webseiten ***
---------------------------------------------
Aktuell warnen einige Webbrowser davor, dass Verbindungen zu Webseiten wie etwa Wikipedia nicht mehr gesichert sind, da mit dem Zertifikat der Seite etwas nicht stimmt.
---------------------------------------------
https://heise.de/-3350544
*** IT-Experten des Bundesheeres finden kritische Lücke in Microsoft Office ***
---------------------------------------------
Analyse eines Cyberangriffs – Schwachstelle wurde 11. Oktober mit einem Update beseitigt
---------------------------------------------
http://derstandard.at/2000045921807
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 12-10-2016 18:00 − Donnerstag 13-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Gefälschte Finanzministerium-Phishingmail im Umlauf ***
---------------------------------------------
In E-Mailpostfächern findet sich eine vermeintliche Benachrichtigung des Bundesministerium für Finanzen. In dem Schreiben heißt es, dass das BMF Empfänger/innen die Überzahlung von 716,43 Euro zurückerstatte. Dafür sei es notwendig, dass diese ein "Steuer formular" im Anhang der E-Mail ausfüllen. Es handelt sich um einen Phishingversuch von Kriminellen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/gefaelschte-finanzministerium-ph…
*** Gratulation an unser milCERT ***
---------------------------------------------
Gestern war der monatliche Patchday von Microsoft und mitten in den Bugs, die Remote Code Execution erlauben findet sich auch folgendes: Acknowledgments - 2016 MS16-121 Microsoft Office Memory Corruption Vulnerability CVE-2016-7193 Austrian MilCERT | Wir gratulieren unseren Kollegen aus der Stiftskaserne zu dem Fund und erwarten die Details dazu demnächst über dem einen oder anderen Bier. Autor: Otmar Lendl
---------------------------------------------
http://www.cert.at/services/blog/20161012185042-1798.html
*** Everyone Loves Selfies, Including Malware! ***
---------------------------------------------
I was talking with some of my coworkers the other day about why I wanted to jump to the larger iPhone 7 Plus. For me it came down to the camera. I travel a lot for work and even though photography is something of a hobby of mine, I don't always have my "good camera"...
---------------------------------------------
https://blogs.mcafee.com/consumer/everyone-loves-selfies-including-malware/
*** A Look at the BIND Vulnerability: CVE-2016-2776 ***
---------------------------------------------
On September 27, the Internet Systems Consortium (ICS) announced the release of patches for a critical vulnerability that would allow attackers to launch denial-of-service (DoS) attacks using the Berkeley Internet Name Domain (BIND) exploits. The critical error was discovered during internal testing by the ISC. BIND is a very popular open-source software component that implements DNS protocols. It is also known as the de facto standard for Linux and other Unix-based systems, which means a...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/78QqkPE96mw/
*** WSF attachments are the latest malware delivery vehicle ***
---------------------------------------------
Most users have by now learned not to open executable (.EXE), various MS Office, RTF and PDF files delivered via unsolicited emails, but malware peddlers are always trying out new ways to trick users, email filters and AV software. Number of blocked emails containing malicious WSF attachments by month According to Symantec, Windows Script Files (WSFs) are the latest file types to be exploited to deliver malware via email.
---------------------------------------------
https://www.helpnetsecurity.com/2016/10/13/wsf-attachments-malware-delivery/
*** CryPy: ransomware behind Israeli lines ***
---------------------------------------------
A Tweet posted recently by AVG researcher, Jakub Kroustek, suggested that a new ransomware, written entirely in Python, had been found in the wild, joining the emerging trend for Pysomwares such as the latest HolyCrypt, Fs0ciety Locker and others.
---------------------------------------------
http://securelist.com/blog/research/76318/crypy-ransomware-behind-israeli-l…
*** IoT Devices as Proxies for Cybercrime ***
---------------------------------------------
Multiple stories published here over the past few weeks have examined the disruptive power of hacked "Internet of Things" (IoT) devices such as routers, IP cameras and digital video recorders. This post looks at how crooks are using hacked IoT devices as proxies to hide their true location online as they engage in a variety of other types of cybercriminal activity -- from frequenting underground forums to credit card and tax refund fraud.
---------------------------------------------
https://krebsonsecurity.com/2016/10/iot-devices-as-proxies-for-cybercrime/
*** 6000 Online-Shops angeblich mit Kreditkarten-Skimmern verseucht - Tendenz steigend ***
---------------------------------------------
Online-Kriminelle greifen derzeit vermehrt Kreditkarten-Daten auf Webseiten von Online-Shops ab, berichtet ein Sicherheitsforscher.
---------------------------------------------
https://heise.de/-3349185
*** What is MANRS and does your network have it? ***
---------------------------------------------
While the internet itself was first envisioned as a way of enabling robust, fault-tolerant communication, the global routing infrastructure that underlies it is relatively fragile. A simple error like the misconfiguration of routing information in one of the 7,000 to 10,000 networks central to global routing can lead to a widespread outage, and deliberate actions, like preventing traffic with spoofed source IP addresses, can lead to distributed denial of service (DDoS) attacks.
---------------------------------------------
http://www.cio.com/article/3130707/internet/what-is-manrs-and-does-your-net…
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco cBR-8 Converged Broadband Router vty Integrity Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Wide Area Application Services Central Manager Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Unified Communications Manager iFrame Data Clickjacking Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Prime Infrastructure and Evolved Programmable Network Manager Database Interface SQL Injection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Meeting Server Client Authentication Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Finesse Cross-Site Request Forgery Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Juniper Security Bulletins ***
---------------------------------------------
*** JSA10763 - 2016-10 Security Bulletin: Junos: Multiple privilege escalation vulnerabilities in Junos CLI (CVE-2016-4922) ***
http://kb.juniper.net/index?page=content&id=JSA10763&actp=RSS
---------------------------------------------
*** JSA10766 - 2016-10 Security Bulletin: vMX: Information leak vulnerability (CVE-2016-4924) ***
http://kb.juniper.net/index?page=content&id=JSA10766&actp=RSS
---------------------------------------------
*** JSA10767 - 2016-10 Security Bulletin: JUNOSe: Line Card Reset: processor exception 0x68616c74 (halt) task: scheduler, upon receipt of crafted IPv6 packet (CVE-2016-4925) ***
http://kb.juniper.net/index?page=content&id=JSA10767&actp=RSS
---------------------------------------------
*** JSA10764 - 2016-10 Security Bulletin: Junos J-Web: Cross Site Scripting Vulnerability (CVE-2016-4923) ***
http://kb.juniper.net/index?page=content&id=JSA10764&actp=RSS
---------------------------------------------
*** JSA10762 - 2016-10 Security Bulletin: Junos: IPv6 denial of service vulnerability due to resource exhaustion (CVE-2016-4921) ***
http://kb.juniper.net/index?page=content&id=JSA10762&actp=RSS
---------------------------------------------
*** JSA10761 - 2016-10 Security Bulletin: CTPView: Multiple vulnerabilities in CTPView ***
http://kb.juniper.net/index?page=content&id=JSA10761&actp=RSS
---------------------------------------------
*** JSA10760 - 2016-10 Security Bulletin: Junos Space: Multiple vulnerabilities ***
http://kb.juniper.net/index?page=content&id=JSA10760&actp=RSS
---------------------------------------------
*** JSA10759 - 2016-10 Security Bulletin: OpenSSL security updates ***
http://kb.juniper.net/index?page=content&id=JSA10759&actp=RSS
---------------------------------------------
*** Security Advisory: PCRE vulnerability CVE-2016-3191 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/51/sol51440224.html?…
*** Brocade NetIron MLX Line Card IPSec Processing Bug Lets Remote Users Cause the Target Line Card to Reset ***
---------------------------------------------
http://www.securitytracker.com/id/1037010
*** Fortinet FortiManager Input Validation Flaw in Advanced Settings Page Lets Remote Authenticated Administrative Users Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1036982
*** Fortinet FortiAnalyzer Input Validation Flaw in Advanced Settings Page Lets Remote Authenticated Administrative Users Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1036981
*** Palo Alto PAN-OS Range Header Null Pointer Dereference Lets Remote Users Cause the Target Service to Crash ***
---------------------------------------------
http://www.securitytracker.com/id/1037007
*** DFN-CERT-2016-1689: Ghostscript: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1689/
*** Vuln: SAP NetWeaver ABAP ST-PI Component SQL Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93506
*** Vuln: SAP BusinessObjects Unspecified Cross Site Request Forgery Vulnerability ***
--------------------------------------------
http://www.securityfocus.com/bid/93508
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM BigFix Remote Control (CVE-2016-2183, CVE-2016-6304, CVE-2016-2177, CVE-2016-2178, CVE-2016-6306) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991896
---------------------------------------------
*** IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to information disclosure (CVE-2016-5994) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21992171
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM BigFix Remote Control (CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991894
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Websphere that is used by IBM BigFix Remote Control. (CVE-2016-3092) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991866
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Websphere Application Server affects IBM BigFix Remote Control (CVE-2016-5983) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991902
---------------------------------------------
*** IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud has addressed (CVE-2016-5949) ***
http://www.ibm.com/support/docview.wss?uid=swg21992276
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Campaign, IBM Interact, IBM Distributed Marketing, IBM Marketing Operations (CVE-2016-3092) ***
http://www.ibm.com/support/docview.wss?uid=swg21991786
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Open Source Apache Tomcat , Commons FileUpload Vulnerabilities IBM Algorithmics Algo Risk Application ***
http://www.ibm.com/support/docview.wss?uid=swg21990262
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integrated Management Module (IMM) for System x & BladeCenter (CVE-2016-2177, CVE-2016-2178) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099492
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in Apache Struts affect IBM BigFix Remote Control (CVE-2016-1181, CVE-2016-1182) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991903
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 11-10-2016 18:00 − Mittwoch 12-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** VU#396440: MatrixSSL contains multiple vulnerabilities ***
---------------------------------------------
Heap-based Buffer Overflow - CVE-2016-6890The Subject Alt Name field of X.509 certificates is not properly parsed. A specially crafted certificate may result in a heap-based buffer overflow ..
---------------------------------------------
http://www.kb.cert.org/vuls/id/396440
*** October 2016 security update release ***
---------------------------------------------
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security ..
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2016/10/11/october-2016-security-u…
*** Security Advisory: Expat XML library vulnerability CVE-2015-1283 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15104541.html
*** Top of the Junk Pile (Shady TLD research part 16) ***
---------------------------------------------
[Sorry about neglecting the external blog during all of the Symantec excitement this summer, but we had a lot going on... This post is from our internal blog, back in July (7/08/2016), and we wanted to get it out on the site when we resumed blogging, since a lot of people have been ..
---------------------------------------------
https://www.bluecoat.com/2016-10-04/top-junk-pile-shady-tld-research-part-16
*** MSRT October 2016 release: Adding more unwanted software detections ***
---------------------------------------------
Unwanted software often piggy-backs on program downloads, delivered by software bundlers. These bundles, which you might have downloaded, can include software ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/10/11/msrt-october-2016-relea…
*** Four vulnerabilities found in Dell SonicWALL Email Security virtual appliance application ***
---------------------------------------------
Digital Defense (DDI) disclosed the discovery of four security vulnerabilities found in the Dell SonicWALL Email Security virtual appliance application. The appliance is frequently deployed as a perimeter device. Further, ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/10/12/sonicwall-email-security-vulnera…
*** Scan Ruby-based apps for security issues with Dawnscanner ***
---------------------------------------------
Dawnscanner is an open source static analysis scanner designed to review the security of web applications written in Ruby. Dawnscanner’s genesis Its developer, Paolo Perego, says that he was motivated to create it back in spring ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/10/12/scan-ruby-based-apps-dawnscanner/
*** WiFi Still Remains a Good Attack Vector ***
---------------------------------------------
WiFi networks areeverywhere! When we plan to visit a place or reserve ahotel for our holidays, we always check first if free WiFi is available (be honest, you do!). Oncewe connected our beloved devices to an external wireless ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21583
*** Security Advisory - Multiple Security Vulnerabilities in Driver of Huawei Smart Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161012-…
*** List of 2016 OWASP London Talks & Videos ***
---------------------------------------------
https://www.youtube.com/owasplondon
*** VMware vRealize Operations Lets Remote Authenticated Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1036999
*** Several Exploit Kits Now Deliver Cerber 4.0 ***
---------------------------------------------
We have tracked three malvertising campaigns and one compromised site campaign using Cerber ransomware after version 4.0 (detected as as Ransom_CERBER.DLGE) was ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/several-exploit-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 10-10-2016 18:00 − Dienstag 11-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Denial of Service Vulnerability in Citrix License Server ***
---------------------------------------------
A vulnerability has been identified in the Citrix License Server for Windows and Citrix License Server VPX that could allow a remote ...
---------------------------------------------
http://support.citrix.com/article/CTX217430
*** [2016-10-11] XXE vulnerability in RSA ECAT Client ***
---------------------------------------------
By exploiting the XXE vulnerability, an attacker can get read access to the filesystem of the users system using RSA ECAT client and thus obtain sensitive information from the system. It is also possible to scan ports of the internal hosts and cause DoS on the affected host.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016…
*** Erpressungs-Trojaner DXXD nimmt Windows-Server ins Visier ***
---------------------------------------------
Die Hintermänner der Ransomware haben ihren Schädling optimiert und das kostenlose Entschlüsselungs-Tool unbrauchbar gemacht. Zudem verspotten Sie Sicherheitsforscher öffentlich.
---------------------------------------------
https://heise.de/-3344979
*** Bugtraq: [SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539567
*** Nymaim: Deep Technical Dive - Adventures in Evasive Malware ***
---------------------------------------------
Nymaim is mostly known worldwide as a downloader, although it seems they evolved from former versions, now having new functionalities to obtain data on the machine with no need to download a new payload. Some of the exported ..
---------------------------------------------
http://www.seculert.com/blogs/nymaim-deep-technical-dive-adventures-in-evas…
*** Zertifizierungsstellen: Bei WoSign und StartCom rollen Köpfe ***
---------------------------------------------
Die beiden Kostenlos-CAs bekommen jeweils eine neue Firmenspitze und sollen komplett voneinander getrennt werden. Damit soll das verlorene Vertrauen zurückgewonnen werden.
---------------------------------------------
https://heise.de/-3344229
*** APT 28: Wie ein französischer Fernsehsender gehackt wurde ***
---------------------------------------------
Im Jahr 2015 ist der französische Fernsehsender TV5 nach einem Angriff auf die IT-Infrastruktur für Stunden lahmgelegt worden. Eine Untersuchung der französischen Polizei zeigt nun, wie planvoll die Angreifer vorgegangen sind.
---------------------------------------------
http://www.golem.de/news/apt-28-wie-ein-franzoesischer-fernsehsender-gehack…
*** Security Bulletins Posted ***
---------------------------------------------
Adobe has published security bulletins for Adobe Flash Player (APSB16-32), Adobe Acrobat and Reader (APSB16-33), and Adobe Creative Cloud Desktop Application (APSB16-34). Adobe recommends users update their product installations ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1409
*** DDOS: Was Cloudflare vom Mirai-Botnetz sieht ***
---------------------------------------------
Cloudflare hat sich die aktuellen DDoS-Angriffe genauer angeschaut - und berichtet, dass einige Angriffe 1,75 Millionen HTTP-Anfragen pro Sekunde erzeugen.
---------------------------------------------
http://www.golem.de/news/ddos-was-cloudflare-vom-mirai-botnetz-sieht-1610-1…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 07-10-2016 18:00 − Montag 10-10-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Europe to Push New Security Rules Amid IoT Mess ***
---------------------------------------------
The European Commission is drafting new cybersecurity requirements to beef up security around so-called Internet of Things (IoT) devices such as Web-connected security cameras, routers and digital video recorders (DVRs). News of the expected proposal comes as security firms are warning that a great many IoT devices are equipped with little or no security protections.
---------------------------------------------
https://krebsonsecurity.com/2016/10/europe-to-push-new-security-rules-amid-…
*** Mehr Sicherheit für das Internet der Dinge ***
---------------------------------------------
Die vernetzten Geräte des Internet of Things (IoT) sammeln und verarbeiten immer mehr Daten, versagen jedoch häufig beim Schutz dieser Daten. Ein ausführlicher Leitfaden will bei der Entwicklung sicherer Geräte helfen.
---------------------------------------------
https://heise.de/-3343482
*** Security Economics of the Internet of Things ***
---------------------------------------------
Brian Krebs is a popular reporter on the cybersecurity beat. He regularly exposes cybercriminals and their tactics, and consequently is regularly a target of their ire. Last month, he wrote about an online attack-for-hire service that resulted in the arrest of the two proprietors. In the aftermath, his site was taken down by a massive DDoS attack.In many ways, this is nothing new. Distributed denial-of-service attacks are a family of attacks that cause websites and other Internet-connected...
---------------------------------------------
https://www.schneier.com/blog/archives/2016/10/security_econom_1.html
*** Mirai: DDoS per IoT ***
---------------------------------------------
In den letzten Wochen wurde mal wieder ein neuer Rekord für den bisher stärksten gemessenen Distributed Denial of Service (DDoS) Angriff aufgestellt. Das ist soweit nicht überraschend, die verfügbare Bandbreite im Internet wächst immer noch stark, da ist klar, dass damit auch die Angriffsstärke zunehmen kann. Überraschend war aber, dass der Rekord nicht über einen "reflected DDoS" erreicht wurde. Diese Methode...
---------------------------------------------
http://www.cert.at/services/blog/20161010095630-1789.html
*** Strange Loop - IP Spoofing ***
---------------------------------------------
I recently gave a talk at the Strange Loop conference in St Louis. The recording and slides are available, but for easier consumption heres a transcript.
---------------------------------------------
https://idea.popcount.org/2016-09-20-strange-loop---ip-spoofing/
*** VMware stopft Informationsleck in Horizon View ***
---------------------------------------------
Wichtige Sicherheits-Updates sollen VMware Horizon View unter Windows sicherer machen.
---------------------------------------------
https://heise.de/-3343678
*** Radare2: rahash2, (Mon, Oct 10th) ***
---------------------------------------------
Radare2 is an open-source reverse-engineering framework. Some time ago I wrote about recovering ransomed pictures. By calculating the entropy of the ransomed files with my byte-stats tool, I could see that the file was not completely encrypted. rahash2 is one of the tools in the Radare2 framework. As it names implies, it calculates (cryptographic) hashes, but it is quite versatile. For example, it will also calculate entropy: And like my byte-stats.py tool, it can also split the file in blocks...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21577&rss
*** Remove ransomware infections from your PC using these free tools ***
---------------------------------------------
A how-to on finding out what ransomware is squatting in your PC -- and how to get rid of it.
---------------------------------------------
http://www.zdnet.com/article/remove-ransomware-infections-from-your-pc-usin…
*** Open-Source-Router: 1000 Turris Omnia ausgeliefert ***
---------------------------------------------
Nachdem es ursprünglich im Sommer losgehen sollte, lieferte der Hersteller cz.nic doch erst Ende September die ersten Turris-Omnia-Router aus. Vor ein paar Tagen wurde bereits das tausendste Exemplar verschickt.
---------------------------------------------
https://heise.de/-3344417
*** VU#338624: U by BB and T iOS banking application fails to properly validate SSL certificates ***
---------------------------------------------
Vulnerability Note VU#338624 U by BB&T iOS banking application fails to properly validate SSL certificates Original Release date: 30 Sep 2016 | Last revised: 06 Oct 2016 Overview U by BB&T for iOS, version 1.5.4 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. Description CWE-295: Improper Certificate Validation - CVE-2016-6550U by BB&T is a banking application. On iOS...
---------------------------------------------
http://www.kb.cert.org/vuls/id/338624
*** Vuln: GraphicsMagick CVE-2016-7997 NULL Pointer Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93467
*** DSA-3689 php5 - security update ***
---------------------------------------------
Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3689
*** Toshiba FlashAir does not require authentication in "Internet pass-thru Mode" ***
---------------------------------------------
FlashAir provided by Toshiba Corporation does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled.
---------------------------------------------
http://jvn.jp/en/jp/JVN39619137/
*** IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services: Clickjacking (CVE-2016-3060) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21992051
*** IBM Security Bulletin: HTTP Response Splitting in Liberty affects IBM MessageSight (CVE-2016-0359) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21991096
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1024350
*** IBM Security Bulletin: A security vulnerability in IBM Java Runtime affects IBM Systems Director Storage Control ( CVE-2015-4872) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1024349
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 06-10-2016 18:00 − Freitag 07-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Gefälschtes Bank Austria-Sicherheitszertifikat ist Schadsoftware ***
---------------------------------------------
In einer gefälschten Bank Austria-Nachricht mit dem Betreff "Sicherheitszertifikat" behaupten Kriminelle, dass Empfänger/innen ein Programm für ihr Smartphone installieren müssen. Das ist angeblich notwendig, damit sie ihr OnlineBanking-Konto nützen können. In Wahrheit handelt es sich bei dem Programm um Schadsoftware.
---------------------------------------------
https://www.watchlist-internet.at/schadsoftware/gefaelschtes-bank-austria-s…
*** Upcoming Security Updates for Adobe Acrobat and Reader (APSB16-33) ***
---------------------------------------------
A prenotification Security Advisory (APSB16-33) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, October 11, 2016. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the Adobe...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1405
*** 100+ online shops compromised with payment data-stealing code ***
---------------------------------------------
Since March 2016 (and possibly even earlier), someone has been compromising a variety of online shops and injecting them with malicious JavaScript code that exfiltrates payment card and other kinds of information users entered to pay for their shopping. According to RiskIQ and ClearSky researchers, the campaign - which they dubbed Magecart - is still ongoing, albeit at a reduced scope and pace. Since March, the threat actor behind it has compromised more than 100...
---------------------------------------------
https://www.helpnetsecurity.com/2016/10/07/payment-data-stealing-code/
*** Hintergrund: Analysiert: Werbekeule statt Glitzersteine - Android-Malware CallJam seziert ***
---------------------------------------------
Trotz verschiedener Sicherheits-Checks schleicht sich immer wieder Malware in Googles App Store. Eine davon gibt sich als vermeintliches Helferlein für das unfassbar erfolgreiche Spiel "Clash Royale" aus.
---------------------------------------------
https://heise.de/-3340267
*** Lovoo: Sicherheitslücke ermüglicht Erstellung von Bewegungsprofilen ***
---------------------------------------------
Über die Web-API des Dating-Dienstes ließen sich bis vor kurzem Informationen über Nutzer abrufen - auch ohne Login. Per Skript-Automatisierung können damit Bewegungsprofile erstellt werden.
---------------------------------------------
http://www.golem.de/news/lovoo-sicherheitsluecke-ermoeglicht-erstellung-von…
*** Positive Technologies: Security Trends & Vulnerabilities Review Industrial Control Systems (PDF) ***
---------------------------------------------
This study examines components of ICS from different vendors. In the period from 2012 to 2015, a total of 743 vulnerabilities were discovered in ICS components; most of them were detected in products from well-known companies: Siemens, Schneider Electric, and Advantech. Most vulnerabilities are of either high or medium risk (47% high, 47% medium). ... Summary: The study shows that the number of vulnerable ICS components is not reducing from year to year. Nearly half of identified...
---------------------------------------------
https://www.ptsecurity.com/upload/iblock/6bd/ics_vulnerability_2016_eng.pdf
*** An attachment that wasn't there ***
---------------------------------------------
By Slavo Greminger and Oli Schacher | On a daily basis we collect tons of Spam emails, which we analyze for malicious content. Of course, this is not done manually by our thousands of minions, but automated using some Python-fu. Python...
---------------------------------------------
https://securityblog.switch.ch/2016/10/07/an-attachment-that-wasnt-there/
*** Sicherheits-Updates: Angreifer können Cisco-Switches kapern ***
---------------------------------------------
Der Netzwerkausrüster kümmert sich um zwei als kritisch eingestufte Sicherheitslücken in Switches der Nexus-Serie und verteilt Sicherheits-Patches für 15 weitere Schwachstellen in verschiedenen Produkten.
---------------------------------------------
https://heise.de/-3342846
*** OS X El Capitan: Warten auf das große Sicherheitsupdate ***
---------------------------------------------
Mit Apples neuem Betriebssystem macOS Sierra werden zahlreiche Lücken gestopft, die in der Vorversion stecken. Doch ein eigenes Update für OS X El Capitan hat der Hersteller noch nicht publiziert.
---------------------------------------------
https://heise.de/-3342343
*** Malware könnte Video und Audio vom Mac aufzeichnen ***
---------------------------------------------
Der Sicherheitsforscher Patrick Wardle hat einen Demo-Exploit entwickelt, der Kamera- und Mikrofondaten mitschneiden kann, während Chats laufen.
---------------------------------------------
https://heise.de/-3342336
*** VMSA-2016-0015 VMware Horizon View updates address directory traversal vulnerability (CVE-2016-7087) ***
---------------------------------------------
Severity: Important VMware Horizon View contains a vulnerability that may allow for a directory traversal on the Horizon View Connection Server. Exploitation of this issue may lead to a partial information disclosure.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0015.html
*** IDM 4.5 One SSO Provider (OSP) 6.0.0.5 ***
---------------------------------------------
Abstract: This hotfix provides enhancements and software fixes for the One SSO Provider for Identity Manager. For more information about these updates, see the hotfix details.Document ID: 5256490Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:IDM45-OSP60-HF-5.zip (23.28 MB)Products:Identity Manager 4.5Access Review 1.1Access Review 1.5Superceded Patches:IDM 4.5 One SSO Provider (OSP)
---------------------------------------------
https://download.novell.com/Download?buildid=Z0jKqCEDM7k~
*** Atlassian HipChat Secret Key Disclosure ***
---------------------------------------------
Topic: Atlassian HipChat Secret Key Disclosure Risk: Medium Text:This email refers to the following advisory pages: * Bitbucket Server - https://confluence.atlassian.com/x/0QkcMg * Conflue...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016100066
*** DFN-CERT-2016-1653: KDE: Mehrere Schwachstellen in KMail ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1653/
*** GE Bently Nevada 3500/22M Improper Authorization Vulnerability ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on September 8, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for an improper authorization vulnerability in the GE Bently Nevada 3500/22M monitoring system.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-252-01
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM WebSphere Dashboard Framework is affected by a security vulnerability in Apache POI (CVE-2016-5000) ***
http://www.ibm.com/support/docview.wss?uid=swg21991850
---------------------------------------------
*** IBM Security Bulletin: IBM Web Experience Factory is affected by a security vulnerability in Apache POI (CVE-2016-5000) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991851
---------------------------------------------
*** IBM Security Bulletin: IBM WebSphere Dashboard Framework is affected by multiple security vulnerabilities in Apache POI ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991839
---------------------------------------------
*** IBM Security Bulletin: IBM Web Experience Factory is affected by multiple security vulnerabilities in Apache POI ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991845------------------…
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2016-3485) ***
http://www.ibm.com/support/docview.wss?uid=swg21991877
---------------------------------------------
*** IBM Security Bulletin: : Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2016-3485) ***
http://www.ibm.com/support/docview.wss?uid=swg21991879
---------------------------------------------
*** IBM Security Bulletin: IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-4463) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991111
---------------------------------------------
*** IBM Security Bulletin: IBM Streams is affected by Libxml2 vulnerabilities (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991061
---------------------------------------------
*** IBM Security Bulletin: IBM Streams may be impacted by a vulnerability in WebSphere Liberty (CVE-2016-2923) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991058
---------------------------------------------
*** IBM Security Bulletin: IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-0729) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991112
---------------------------------------------