Daily

daily@lists.cert.at

1 participants
3190 discussions

Tageszusammenfassung - Donnerstag 6-10-2016
by Daily end-of-shift report 06 Oct '16

06 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 05-10-2016 18:00 − Donnerstag 06-10-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Symantec Web Gateway Management Console Interface Command Injection *** --------------------------------------------- Symantec has released an update to address a Symantec Web Gateway (SWG) Management Console Interface command injection issue bypassing validation restrictions to add an unauthorized whitelist entry. Highest severity issue: Medium --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** NIST: People have given up on cybersecurity - its too much hassle *** --------------------------------------------- To help change peoples mental models so that they will participate in cybersecurity, Theofanos said technology professionals have to do more work for the people using their products, so that people dont need to make too many decisions. "We need to make it easy for them to do the right thing," she said. "We need to make these things habits, so they dont really have to think about it." --------------------------------------------- http://www.theregister.co.uk/2016/10/06/go_ahead_steal_my_muffin_recipe/ *** Spotify: Gratis-Version lieferte Schadsoftware für Windows und Mac aus *** --------------------------------------------- Offensichtlich über Werbung von Dritten eingeschleust - Spotify bestätigt und entschuldigt sich bei Nutzern --------------------------------------------- http://derstandard.at/2000045458665 *** Malicious actions not necessarily focused on causing disruptions in TELECOM, but system failures still are *** --------------------------------------------- ENISA publishes its Annual Incidents report which gives the aggregated analysis of the security incidents causing severe outages in 2015. --------------------------------------------- https://www.enisa.europa.eu/news/malicious-actions-not-necessarily-focused-… *** Vorsicht vor Verteilung von Malware via Steam-Chat *** --------------------------------------------- Aktuell häufen sich Hinweise, dass Kriminelle verstärkt über gekaperte Steam-Accounts Links zu Webseiten mit Trojanern verschicken. --------------------------------------------- https://heise.de/-3342136 *** Denial of Service Vulnerability in Citrix License Server *** --------------------------------------------- A vulnerability has been identified in the Citrix License Server for Windows and Citrix License Server VPX that could allow a remote, unauthenticated attacker to crash the License Server. This vulnerability affects all versions of Citrix License Server for Windows and Citrix License Server VPX earlier than version 11.14.0.1. This vulnerability has been assigned the following CVE number: CVE-2016-6273 --------------------------------------------- http://support.citrix.com/article/CTX217430 *** Vulnerability in Citrix Linux VDA (formerly known as Linux Virtual Desktop) Could Result in Privilege Escalation *** --------------------------------------------- A vulnerability has been identified in the Linux Virtual Delivery Agent (VDA) component of Citrix XenDesktop that could allow a local user to execute commands as root on the Linux VDA. The vulnerability affects all versions of the Citrix Linux VDA earlier than version 1.4.0. This vulnerability has been assigned the following CVE number: CVE-2016-6276 --------------------------------------------- http://support.citrix.com/article/CTX216628 *** Sicherheits-Patches: Foxit beugt Angriffen auf Reader und PhantomPDF vor *** --------------------------------------------- Die Entwickler schließen mehrere kritische Lücken in den Linux-, OS-X- und Windows-Versionen. --------------------------------------------- https://heise.de/-3341878 *** Wave your false flags! *** --------------------------------------------- Targeted attackers are using an increasingly wide range of deception techniques to muddy the waters of attribution, planting "False Flag" timestamps, language strings, malware, among other things, and operating under the cover of non-existent groups. --------------------------------------------- http://securelist.com/analysis/publications/76273/wave-your-false-flags/ *** Announcing CERT Basic Fuzzing Framework Version 2.8 *** --------------------------------------------- Today we are announcing the release of the CERT Basic Fuzzing Framework Version 2.8 (BFF 2.8). Its been about three years since we released BFF 2.7. In this post, I highlight some of the changes weve made. --------------------------------------------- https://insights.sei.cmu.edu/cert/2016/10/announcing-cert-basic-fuzzing-fra… *** Palo Alto PAN-OS GlobalProtect Portal Web Interface Lets Remote Users Obtain Potentially Sensitive Information on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1036968 *** Erpressungs-Trojaner Cerber lernt dazu und verschlüsselt noch mehr *** --------------------------------------------- Sicherheitsforscher warnen vor einer neuen Version der Ransomware, die nun unter anderem auch bestimmte laufende Prozesse beenden kann, um so Datenbanken in ihre Fänge zu bekommen. --------------------------------------------- https://heise.de/-3341992 *** Cisco Security Advisories *** --------------------------------------------- *** Cisco ASA Software DHCP Relay Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Nexus 9000 Information Disclosure Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS XR Software Command-Line Interface Privilege Escalation Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Firepower Management Center Console Local File Inclusion Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Firepower Management Center Console Authentication Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Firepower Threat Management Console Remote Command Execution Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Host Scan Package Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS Software for Cisco Catalyst 6500 Series Switches and 7600 Series Routers ACL Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: A vulnerability in crypto++ affects PowerKVM (CVE-2016-3995) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024263 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Python affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024236 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in PHP affects PowerKVM (CVE-2016-5385) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024261 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024270 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2016 CPU (CVE-2016-3485) that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud. *** http://www-01.ibm.com/support/docview.wss?uid=swg21991149 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Tomcat affects SAN Volume Controller and Storwize Family (CVE-2016-3092) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009284 --------------------------------------------- *** IBM Security Bulletin: Vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-2947) *** http://www.ibm.com/support/docview.wss?uid=swg21991477 --------------------------------------------- *** IBM Security Bulletin: XStream XML information discloure vulnerability affects IBM Rational Quality Manager (CVE-2016-3674) *** http://www.ibm.com/support/docview.wss?uid=swg21991406 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components, Watson Content Analytics, and OmniFind Enterprise Edition (CVE-2016-0359, CVE-2016-3092, CVE-2016-3485) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990062 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in Open Source BeanShell has been addressed by IBM Kenexa LMS (CVE-2016-2510) *** http://www-01.ibm.com/support/docview.wss?uid=swg21987703 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in qemu affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024322 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in nagios affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024264 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in nginx affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024237 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in NRPE affects PowerKVM (CVE-2014-2913) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024235 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in lighttpd affects PowerKVM (CVE-2016-1000212) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024260 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in pigz affects PowerKVM (CVE-2015-1191) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024213 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in ganglia affects PowerKVM (CVE-2015-6816) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024262 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 5-10-2016
by Daily end-of-shift report 05 Oct '16

05 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 04-10-2016 18:00 − Mittwoch 05-10-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Security Advisory: XSS vulnerability in the BIG-IP and Enterprise Manager Configuration utilities CVE-2015-1470 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/16000/800/sol16838.htm… *** Android Security Bulletin October 2016 *** --------------------------------------------- The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air (OTA) update. --------------------------------------------- https://source.android.com/security/bulletin/2016-10-01.html *** Security Advisory: OpenSSL vulnerability CVE-2016-2183 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/13/sol13167034.html?… *** WordPress Hack Modifies Core Files to Share Spam *** --------------------------------------------- One of the worst feelings a website owner can experience is discovering that your site has been hacked. Without proper security measures in place, even website owners with the best intentions can lose control of their website. When hackers gain access to your site, they can use it to host phishing content, distribute malware, steal sensitive information and more. In this analysis, we look at a website that was unintentionally sharing spam content in the form of Windows keys. --------------------------------------------- https://blog.sucuri.net/2016/10/wordpress-hack-shares-spam-when-core-modifi… *** Researchers spot remote code execution flaw in FreeImage *** --------------------------------------------- Cisco Talos researchers spotted a remote code execution vulnerability in the FreeImage Library XMP Image Handling affecting version 3.17.0. --------------------------------------------- http://www.scmagazine.com/remote-code-execution-flaw-spotted-in-freeimage-l… *** Security Advisory: OpenSSL vulnerability CVE-2016-6303 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35543324.html?… *** INDAS Web SCADA Path Traversal Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a path traversal vulnerability in the INDAS Web SCADA application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-278-01 *** Beckhoff Embedded PC Images and TwinCAT Components Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for vulnerabilities in Beckhoff's Embedded PC Images and TwinCAT Components. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 *** Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities (Update B) *** --------------------------------------------- This updated advisory is a follow-up to the advisory update titled ICSA-16-208-01A Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities that was published August 16, 2016, on the NCCIC/ICS-CERT web site. This advisory contains mitigation details for two vulnerabilities in the Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-208-01 *** Lets not meet up with JPEG 2000 - researchers find security hole in image codec *** --------------------------------------------- Wont it be strange when were all fully pwned? Researchers are warning about a newly discovered security vulnerability in a popular open-source JPEG 2000 parser that could let corrupted image files trigger remote code execution. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/10/04/jpeg_2000_s… *** DressCode-Malware: 400 Trojaner-Apps infiltrieren Google Play *** --------------------------------------------- Sicherheitsforscher warnen vor getarnten Android-Spionage-Apps, die aus Firmen-Netzwerken Informationen absaugen sollen. --------------------------------------------- https://heise.de/-3340921 *** Xen Security Advisory CVE-2016-7777 / XSA-190 version 5: CR0.TS and CR0.EM not always honored for x86 HVM guests *** --------------------------------------------- A malicious unprivileged guest user may be able to obtain or corrupt sensitive information (including cryptographic material) in other programs in the same guest. --------------------------------------------- http://xenbits.xen.org/xsa/advisory-190.html *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Financial Transaction Manager for Corporate Payment Services (CVE-2016-5920) *** http://www.ibm.com/support/docview.wss?uid=swg21989062 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) and Rational Directory Administrator *** http://www.ibm.com/support/docview.wss?uid=swg21989495 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-3705) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990231 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-3627) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991063 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Open Source GNU glibc affect IBM Workload Deployer (CVE-2014-9761, CVE-2015-8778, CVE-2015-8779) *** http://www.ibm.com/support/docview.wss?uid=swg21991777 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Open Source GNU glibc affects IBM Workload Deployer. (CVE-2015-8776) *** http://www.ibm.com/support/docview.wss?uid=swg21991465 --------------------------------------------- *** IBM Security Bulletin: Cross-Site Scripting Vulnerability (CVE-2016-0243) Affects IBM Connections Mail *** http://www.ibm.com/support/docview.wss?uid=swg21991265 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium is affected by Cross-Site Scripting vulnerability (CVE-2016-0246) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990377 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 4-10-2016
by Daily end-of-shift report 04 Oct '16

04 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 03-10-2016 18:00 − Dienstag 04-10-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Cisco IOS and Cisco IOS XE Software TCP Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the handling of remote TCP connections in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to low memory.The vulnerability is due to the handling of out-of-order, or otherwise invalid, TCP packets on a remote connection to an affected device. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Vuln: SAP Security Audit Log CVE-2016-4551 Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93288 *** Security Advisory: Nginx vulnerability CVE-2016-4450 *** --------------------------------------------- os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. (CVE-2016-4450) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/08/sol08250500.html?… *** Researchers gut EMCs VMAX, vApp with five god mode hack holes *** --------------------------------------------- Complete compromise: DIY admin, or DoS your victim Researchers with Digital Defence have reported six dangerous vulnerabilities in EMCs VMAX product line that can grant remote attackers arbitrary command execution with root privileges. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/10/04/researchers… *** SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection *** --------------------------------------------- Topic: SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection Risk: High Text:Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTC_REFRESH_EXPORT_TAB_COMP 1. Impact on Business ... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016100025 *** SAP Netweaver 7.40 SP 12 SCTC_REFRESH_CHECK_ENV Command Injection *** --------------------------------------------- Topic: SAP Netweaver 7.40 SP 12 SCTC_REFRESH_CHECK_ENV Command Injection Risk: High Text:Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV 1. Impact on Business ... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016100024 *** SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection *** --------------------------------------------- Topic: SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection Risk: High Text:Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTC_TMS_MAINTAIN_ALOG 1. Impact on Business ... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016100023 *** NCCIC/ICS-CERT 2015 Assessment Report [PDF] *** --------------------------------------------- This report provides a year-end summary of the NCCIC/ICS-CERT security assessment activities. --------------------------------------------- https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/FY2015_Indu… *** Major security flaw in Samsung Knox could give hackers full control of your phone *** --------------------------------------------- Israeli researchers found three vulnerabilities in Samsung Knox - they have since been patched but out-of-date devices may still be at risk --------------------------------------------- http://www.wired.co.uk/article/samsung-knox-security-vulnerabilities *** Industrial control kit hackable, warn researchers *** --------------------------------------------- Plus: Ethernet I/O devices web app fails to sanitise user input Multiple vulnerabilities in MOXA ioLogik controllers placed industrial facilities at risk if they do not apply patches. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/10/04/ios_10_flaw/ *** Samsung Knox flaws open unpatched devices to compromise *** --------------------------------------------- Researchers from Viral Security Group have discovered three vulnerabilities in Samsung Knox, a security platform that allows users to maintain separate identities for work and personal use, and is built into some of the company's Android smartphones and tablets. Knox is meant to protect the integrity of the entire device - both hardware and software - but apparently there are ways to bypass some of those protections, specifically those offered by the Real-time Kernel --------------------------------------------- https://www.helpnetsecurity.com/2016/10/04/samsung-knox-flaws/ *** HPE KeyView SDK File Processing Flaw Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- Several vulnerabilities were reported in HPE KeyView SDK. A remote user can cause arbitrary code to be executed on the target system. A remote user can create a specially crafted file that, when processed by the target application using the HPE KeyView SDK, will execute arbitrary code on the target system. The code will run with the privileges of the target application. The specific impact depends on the application using the SDK. --------------------------------------------- http://www.securitytracker.com/id/1036935 *** Sicherheitspatches für VMAX-Storage-Systeme von Dell EMC *** --------------------------------------------- Die Enterprise-Storage-Systeme sind anfällig für Angriffe aus dem eigenen Netzwerk. Angreifer können die Kommunikation des Unisphere-Managers manipulieren und sich so vollen Zugriff zu den Netzwerkspeichern verschaffen. --------------------------------------------- https://heise.de/-3340322 *** Bugtraq: Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/539524 *** Bugtraq: ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/539526 *** Bugtraq: ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/539525 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Notes HarfBuzz is vulnerable to a denial of service information disclosure (CVE-2015-8947) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990410 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities affect IBM Sterling Secure Proxy Configuration Manager *** http://www.ibm.com/support/docview.wss?uid=swg21991278 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Apache POI affect Asset and Service Management *** http://www-01.ibm.com/support/docview.wss?uid=swg21989525 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Monitoring (CVE-2016-4472, CVE-2016-0718) *** http://www.ibm.com/support/docview.wss?uid=swg21990634 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Java Runtime affects: WebSphere Dashboard Framework (CVE-2016-3485) *** http://www.ibm.com/support/docview.wss?uid=swg21990404 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2016-3426) *** http://www.ibm.com/support/docview.wss?uid=swg21988437 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy (CVE-2016-3426) *** http://www.ibm.com/support/docview.wss?uid=swg21990945 --------------------------------------------- *** IBM Security Bulletin: IBM i Integrated Web Application Server version 8.5 is affected by multiple vulnerabilities. *** http://www-01.ibm.com/support/docview.wss?uid=nas8N1021649 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by SQL Injection vulnerability (CVE-2016-0249) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990363 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium is affected by Password in Clear Text vulnerability (CVE-2016-0247) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990368 --------------------------------------------- *** IBM Security Bulletin: FileNet Workplace XT and FileNet Workplace (Application Engine), can be affected by Cross Site Scripting vulnerabilities (CVE-2016-5981) *** http://www.ibm.com/support/docview.wss?uid=swg21990899 --------------------------------------------- *** IBM Security Bulletin: Cross Site Scripting vulnerability in IBM Business Process Manager (CVE-2016-5901) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990852 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Connect:Direct Browser User Interface (CVE-2016-3426, CVE-2016-3485) *** http://www.ibm.com/support/docview.wss?uid=swg21991387 --------------------------------------------- *** IBM Security Bulletin: HTML injection vulnerability in Business Space might affect IBM Business Process Manager (CVE-2016-3056) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990850 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2014-9748, CVE-2016-1669) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990841 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Struts might affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2016-1181, CVE-2016-1182, CVE-2015-0899) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990834 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Secure Proxy (CVE-2016-3426, CVE-2016-3485) *** http://www.ibm.com/support/docview.wss?uid=swg21991287 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling External Authentication Server (CVE-2016-3426, CVE-2016-3485) *** http://www.ibm.com/support/docview.wss?uid=swg21991289 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Execution with Unnecessary Privileges vulnerability (CVE-2016-0328) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990226 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium is affected by Application Error vulnerability (CVE-2016-0242) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990229 --------------------------------------------- *** IBM Security Bulletin: IBM Expeditor HarfBuzz is vulnerable to a denial of service information disclosure (CVE-2015-8947) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990412 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 3-10-2016
by Daily end-of-shift report 03 Oct '16

03 Oct '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 30-09-2016 18:00 − Montag 03-10-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Security Advisory: NAT64 vulnerability CVE-2016-5745 *** --------------------------------------------- BIG-IP devices using NAT64 are vulnerable to an unauthenticated remote attack that may allow modification of the BIG-IP system configuration. (CVE-2016-5745) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/64/sol64743453.html?… *** imagemagick mogrify global buffer overflow *** --------------------------------------------- Topic: imagemagick mogrify global buffer overflow Risk: High Text:Hi, imagemagick identify suffers of a global buffer overflow issue, which I reported and has been patched... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016100007 *** Ubiquiti UniFi Critical Vulnerability *** --------------------------------------------- Vulnerability Details: You are able to connect to the access points database, because of an broken authentication (OWASP TOP10). So you are able to modify the database and read the data. An possible scenario you'll find in PoC section. Risk: An attacker gets access to the database and for e.g. is able to change the admins password, like you see in PoC below. --------------------------------------------- https://cxsecurity.com/issue/WLB-2016100006 *** Bundeskriminalamt plant Mobilversion des Bundestrojaners *** --------------------------------------------- Das BKA will den Einsatz des Bundestrojaners auf Smartphones und Tablets ausweiten. Das geht aus Haushaltsunterlagen des Bundestages hervor, die Süddeutsche Zeitung, NDR und WDR einsehen konnten. --------------------------------------------- https://heise.de/-3339512 *** Source Code for IoT Botnet 'Mirai' Released *** --------------------------------------------- The source code that powers the "Internet of Things" (IoT) botnet responsible for launching the historically large distributed denial-of-service (DDoS) attack against KrebsOnSecurity last month has been publicly released, virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, DVRs and other easily hackable IoT devices. --------------------------------------------- https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-releas… *** cJSON buffer out of bound read *** --------------------------------------------- I would like to report a buffer out of bound read problem in cJSON, which is a embeddable JSON parser, used (I imagine) in embedded devices, or even bigger stuff like the ps4... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016100013 *** Default Credentials Considered Harmful *** --------------------------------------------- The use of default credentials by vendors is an outdated, dangerous throwback to 20th century practices that has no business being used in todays world. It is this specific antique practice that is directly responsible for the existence of the record-breaking denial-of-service botnet recently used to censor Brian Krebs and the similar attack on OVH - these botnets only exist because default credentials were implemented on devices, in flagrant violation of best-practices ... --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/default-credentials-co… *** The Short Life of a Vulnerable DVR Connected to the Internet, (Sun, Oct 2nd) *** --------------------------------------------- Most devices connected to the Internet these days arent maintained and monitored personal computers. Instead, they are devices who are often not understood as computers but as things, giving rise to the term Internet of Things or IoT. Over two years ago, we reported about how exploited DVRs are used to attack other devices across the internet. Back then, like today, the vulnerability was an open telnet server with a trivial default password. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21543&rss *** Researchers Break MarsJoke Ransomware Encryption *** --------------------------------------------- Victims infected with the MarsJoke ransomware can now decrypt their files; researchers cracked the encryption in the CTB-Locker lookalike last week. --------------------------------------------- http://threatpost.com/researchers-break-marsjoke-ransomware-encryption/1210… *** Security Design: Stop Trying to Fix the User *** --------------------------------------------- Every few years, a researcher replicates a security study by littering USB sticks around an organizations grounds and waiting to see how many people pick them up and plug them in, causing the autorun function to install innocuous malware on their computers. These studies are great for making security professionals feel superior. The researchers get to demonstrate their security expertise and use the results as "teachable moments" for others. "If only everyone was more security --------------------------------------------- https://www.schneier.com/blog/archives/2016/10/security_design.html *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i *** http://www.ibm.com/support/docview.wss?uid=nas8N1021643 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software (CVE-2016-3508, CVE-2016-3500, CVE-2016-3458, CVE-2016-3485) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991383 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects Web Experience Factory (CVE-2016-3485) *** http://www.ibm.com/support/docview.wss?uid=swg21990405 --------------------------------------------- *** IBM Security Bulletin: IBM B2B Advanced Communications is vulnerable to cross-site scripting due to the vulnerability of 10x (CVE-2016-5892) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991148 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM B2B Advanced Communications (CVE-2016-3092) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990424 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple libxml2 vulnerabilities *** http://www.ibm.com/support/docview.wss?uid=isg3T1024318 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple openssl vulnerabilities *** http://www.ibm.com/support/docview.wss?uid=isg3T1024319 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Runtime Environments Java Technology Edition, Versions 6, 7, 8 affect Transformation Extender Design Studio (CVE-2016-3426) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990356 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server *** http://www.ibm.com/support/docview.wss?uid=swg21990451 --------------------------------------------- *** IBM Security Bulletin: OpenStack Glance vulnerabilities affect IBM Cloud Manager with OpenStack (CVE-2016-0757) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024348 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 30-09-2016
by Daily end-of-shift report 30 Sep '16

30 Sep '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 29-09-2016 18:00 − Freitag 30-09-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** The Equation Groups Firewall Exploit Chain *** --------------------------------------------- There has been plenty of research on pieces of this exploit kit, but very little on the full exploit chain. We were interested in studying some of the command and control traffic used by this exploit kit for emulation in BreakingPoint. On the way, we figured out how a lot of the puzzle pieces fit together. What follows are our findings on how this kit gains persistent control of a Cisco firewall. We also identify some of the missing pieces that were not previously available. --------------------------------------------- https://www.ixiacom.com/company/blog/equation-groups-firewall-exploit-chain *** European Cyber Security Month: get in the driving seat of your own online security *** --------------------------------------------- October 2016 is European Cyber Security Month and this year October will bring plenty of opportunities for people to discover how to stay safe online and play an active role in their own security. Throughout European Cyber Security Month – which kicks-off today in Brussels - over 300 activities, including events, training sessions, tips and an online quiz, will take place across 27 countries. This year's Cyber Security Month will focus on security in banking, cyber safety, cyber training and mobile malware. --------------------------------------------- https://www.enisa.europa.eu/news/ecsm *** Lesser known tricks of spoofing extensions *** --------------------------------------------- It is a well-known fact that malware using social engineering tricks is designed to hide itself from being an obvious executable. In this short article, we will present two other less common tricks used to deceive users. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2016/09/lesser-known-tricks-of-spo… *** Backdoored D-Link Router Should be Trashed, Researcher Says *** --------------------------------------------- A researcher who found a slew of vulnerabilities in a popular router says it's so hopelessly broken that consumers who own them should throw them away. --------------------------------------------- http://threatpost.com/backdoored-d-link-router-should-be-trashed-researcher… *** Sentinel 7.4 SP3 (Sentinel 7.4.3.0) Build 2805 *** --------------------------------------------- This service pack resolves the following security vulnerabilities: Sentinel 7.4 SP3 resolves a Java deserialization (CVE-2016-1000031) vulnerability. --------------------------------------------- https://download.novell.com/Download?buildid=HXXzqDiAPd0~ *** [SANS ISC Diary] Another Day, Another Malicious Behaviour *** --------------------------------------------- I published the following diary on isc.sans.org: "Another Day, Another Malicious Behaviour". Every day, we are spammed with thousands of malicious emails and attackers always try to find new ways to bypass the security controls. Yesterday, I detected a suspicious HTTP GET request... --------------------------------------------- https://blog.rootshell.be/2016/09/30/sans-isc-diary-another-day-another-mal… *** Patch für Street Fighter V: Anti-Cheat-Tool als Rootkit missbrauchar *** --------------------------------------------- Ein aktueller Patch für die Windows-Version von Street Fighter V bringt Maßnahmen gegen Cheater mit, deaktiviert dafür aber einen essentiellen Sicherheits-Mechanismus von Computern. Mittlerweile soll ein Fix des Sicherheits-Problem aus der Welt schaffen. --------------------------------------------- https://heise.de/-3338614 *** Bugtraq *** --------------------------------------------- *** Bugtraq: Multiple exposures in Sophos UTM *** http://www.securityfocus.com/archive/1/539518 --------------------------------------------- *** Bugtraq: [SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345) *** http://www.securityfocus.com/archive/1/539517 --------------------------------------------- *** Bugtraq: Persistent XSS in Abus Security Center - CVSS 8.0 *** http://www.securityfocus.com/archive/1/539514 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 29-09-2016
by Daily end-of-shift report 29 Sep '16

29 Sep '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 28-09-2016 18:00 − Donnerstag 29-09-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Dangerous Linux Trojan family investigated by Doctor Web *** --------------------------------------------- September 27, 2016 Doctor Web’s security researchers have examined a Trojan named Linux.Mirai which is used by criminals to carry out DDoS attacks. Because virus specialists were familiar with earlier versions of this Trojan, they were able to find many features of the previous versions in this latest one, .. --------------------------------------------- http://news.drweb.com/show/?i=10218&lng=en&c=9 *** SSH Brute Force Compromises Leading to DDoS *** --------------------------------------------- A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We configured five cloud servers on Linode and Digital Ocean with the root password .. --------------------------------------------- https://blog.sucuri.net/2016/09/ssh-brute-force-compromises-leading-to-ddos… *** Introducing Her Royal Highness, the Princess Locker Ransomware *** --------------------------------------------- Today we bring you Princess Locker; the ransomware only royalty could love. First discovered by Michael Gillespie, Princess Locker encrypts a victims data and then demands a hefty ransom .. --------------------------------------------- http://www.bleepingcomputer.com/news/security/introducing-her-royal-highnes… *** Sicherheitsrisiko Baustellenampeln: Grüne Welle auf Knopfdruck *** --------------------------------------------- Es klingt wie ein Computerspiel oder ein Hackerfilm, ist aber leider Realität: Die Ampelanlagen eines deutschen Herstellers lassen sich fernsteuern. Obwohl das Unternehmen seit Monaten Kenntnis davon hat, ist bislang nichts geschehen. --------------------------------------------- http://www.golem.de/news/sicherheitsrisiko-baustellenampeln-gruene-welle-au… *** ManageEngine ServiceDesk Plus vulnerable to cross-site scripting *** --------------------------------------------- http://jvn.jp/en/jp/JVN50347324/ *** Rekord-DDoS-Attacke mit 1,1 Terabit pro Sekunde gesichtet *** --------------------------------------------- Höher, schneller, weiter: Ein stetig wachsendes Botnet soll die Server eines französischen Web-Hosters mit gewaltigen Datenmengen bombardiert haben. Dabei handelt es sich offensichtlich um den bisher größten dokumentierten DDoS-Angriff. --------------------------------------------- http://heise.de/-3336494 *** 500-Millionen-Hack: Yahoo sparte an der Sicherheit *** --------------------------------------------- Marissa Mayer verteilte bei Yahoo kostenfreie iPhones und teures Catering - an der Sicherheit wurde aber offenbar gespart. Außerdem bezweifelt eine Sicherheitsfirma, dass Yahoo wirklich von einem staatlichen Akteur gehackt wurde. --------------------------------------------- http://www.golem.de/news/500-millionen-hack-yahoo-sparte-an-der-sicherheit-… *** Multiple vulnerabilities in extension "phpMyAdmin" *** --------------------------------------------- https://typo3.org/news/article/multiple-vulnerabilities-in-extension-phpmya… *** Cisco patcht Hintertür weg und schließt weitere Lücken *** --------------------------------------------- Unter bestimmten Voraussetzungen sollen Angreifer ohne viel Aufwand Email Security Appliances kapern können. Cisco stuft die Sicherheitslücke mit dem höchsten Bedrohungsgrad ein. --------------------------------------------- http://heise.de/-3337464 *** Bundeskriminalamt: Bewusstsein für Cyberbedrohungen immer noch mangelhaft *** --------------------------------------------- Bundesheer und Bundeskriminalamt setzen auf Aufklärung und suchen technikaffine Kräfte --------------------------------------------- http://derstandard.at/2000045143087

1 0

Tageszusammenfassung - Mittwoch 28-09-2016
by Daily end-of-shift report 28 Sep '16

28 Sep '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 27-09-2016 18:00 − Mittwoch 28-09-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Warnung vor Rechnungen der "Austria Domain Hosting" *** --------------------------------------------- Aktuell erhalten zahlreiche InternetnutzerInnen per E-Mail vermeintliche Rechnungen der "Austria Domain Hosting". Zu zahlen sind 179,40 Euro für eine nie bestellte Registrierung einer Domain. In Wirklichkeit handelt es sich um einen Betrugsversuch! --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/warnung-vor-rechnu… *** Datenschützer decken schwere Mängel im Internet der Dinge auf *** --------------------------------------------- Das Global Privacy Network (GPEN) hat 314 vernetzte Geräte von Fitness-Trackern über Blutzuckermessgeräte bis zu Smart-TVs geprüft und ist auf große Lücken beim Datenschutz gestoßen. Selbst sensible Informationen würden kaum verschlüsselt. --------------------------------------------- http://www.heise.de/newsticker/meldung/Datenschuetzer-decken-schwere-Maenge… *** Back in Time Memory Forensics, (Tue, Sep 27th) *** --------------------------------------------- You might get into a case where you have only the disk image without having the memory image. Or even if you have the memory image but you wish If you have something back in time.With hibernation file (hiberfil.sys) ,PageFile (pageand crash dump that might be possible. And if you are lucky enough you might be able to recover them from volume shadow copy which is enabled by default in most of modern Windows OS . --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21527&rss *** Bugtraq: ESA-2016-127: EMC ViPR SRM Stored Cross-Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/539492 *** Vuln: libgd gd_webp.c Integer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93184 *** Security Advisory: BIND vulnerability CVE-2016-2776 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/18/sol18829561.html?… *** Vuln: Symantec Messaging Gateway CVE-2016-5312 Directory Traversal Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93148 *** Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 *** --------------------------------------------- On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as "Critical Severity" one as "Moderate Severity" and the other 12 as "Low Severity". Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Vuln: Apache Axis2 Document Type Declaration Processing Security Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/40976 *** Vuln: Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/91501 *** BIND Bug in buffer.c Constructing Query Responses Lets Remote Users Cause the Target Service to Crash *** --------------------------------------------- BIND Bug in buffer.c Constructing Query Responses Lets Remote Users Cause the Target Service to Crash --------------------------------------------- http://www.securitytracker.com/id/1036903 *** Security Advisory: libssh vulnerability CVE-2016-0739 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/57/sol57255643.html?… *** Security Advisory: TMM SSL/TLS virtual server vulnerability CVE-2016-6907 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/39/sol39508724.html?… *** EMC ViPR SRM Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- EMC ViPR SRM Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks --------------------------------------------- http://www.securitytracker.com/id/1036904 *** Security Advisory - Path Traversal Vulnerability in Multiple Huawei Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160928-… *** SSA-378531 (Last Update 2016-09-27): Vulnerabilities in SIMATIC WinCC, PCS 7 and WinCC Runtime Professional *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531… *** TP-Link Archer CR-700 Cross Site Scripting *** --------------------------------------------- n running the command above, it send a DHCP request to the router. On a DHCP request, the host name is sent to which we have forcibly set it to an XSS script <script>alert(5)</script> --------------------------------------------- https://cxsecurity.com/issue/WLB-2016090203 *** Bugtraq: Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...) *** --------------------------------------------- Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...) --------------------------------------------- http://www.securityfocus.com/archive/1/539502 *** ICS-CERT releases new tools for securing industrial control systems *** --------------------------------------------- The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has published newer versions of two tools that can help administrators with securing industrial control systems: the Cyber Security Evaluation Tool (CSET), and a whitepaper on recommended practices for improving ICS cybersecurity with defense-in-depth strategies. While the former has received many update through the years (this newer version is v8.0), the whitepaper is a 'modernized' version of a document .. --------------------------------------------- https://www.helpnetsecurity.com/2016/09/28/tools-securing-industrial-contro… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-3485) *** http://www.ibm.com/support/docview.wss?uid=swg21990448 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2016-3574, CVE-2016-3575, etc) *** http://www.ibm.com/support/docview.wss?uid=swg21988718 --------------------------------------------- *** IBM Security Bulletin: Security Vulnerability in Apache Commons FileUpload affects IBM WebSphere Dashboard Framework (CVE-2016-3092 ) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990386 --------------------------------------------- *** IBM Security Bulletin: Security Vulnerability in Apache Commons FileUpload affects IBM Web Experience Factory (CVE-2016-3092 ) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990394 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo Credit Limits (CVE-2016-3092) *** http://www.ibm.com/support/docview.wss?uid=swg21988584 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Rational BuildForge (CVE-2016-2107, CVE-2016-2176) *** http://www.ibm.com/support/docview.wss?uid=swg21988081 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in sblim-sfcb affects IBM Integrated Management Module (IMM) for System x & BladeCenter (CVE-2015-5185) *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099487 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Management Module (IMM) for System x & BladeCenter (CVE-2015-8710) *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099488 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 27-09-2016
by Daily end-of-shift report 27 Sep '16

27 Sep '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 26-09-2016 18:00 − Dienstag 27-09-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Sofacy APT Targeting OS X Machines with Komplex Trojan *** --------------------------------------------- APT gang Sofacy is targeting Mac OS X users with a Trojan that allows an attacker to execute remote commands on infected systems. --------------------------------------------- http://threatpost.com/sofacy-apt-targeting-os-x-machines-with-komplex-troja… *** Java-Deserialization-Cheat-Sheet *** --------------------------------------------- A cheat sheet for pentesters about Java Native Binary Deserialization vulnerabilities --------------------------------------------- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet *** Sicherheitsupdate für Django 1.8 und 1.9 veröffentlicht *** --------------------------------------------- Grund für das Update des Webframeworks ist eine Schwachstelle, die im Zusammenspiel mit Google Analytics Djangos CSRF-Schutz angreifbar macht. Das aktuelle Django 1.10 ist nicht betroffen, und ältere Varianten als 1.8 erhalten keine Security-Patches mehr. --------------------------------------------- http://heise.de/-3332611 *** Rotten Potato - Privilege Escalation from Service Accounts to SYSTEM *** --------------------------------------------- The idea behind this vulnerability is simple to describe at a high level: - Trick the 'NT AUTHORITY\SYSTEM' account into authenticating via NTLM to a TCP endpoint we control. - Man-in-the-middle this authentication attempt (NTLM relay) to locally negotiate a security token for the 'NT AUTHORITY\SYSTEM' account. This is done through a series of Windows API calls. - Impersonate the token we have just negotiated --------------------------------------------- https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-… *** Unsafe at any clock speed: Linux kernel security needs a rethink *** --------------------------------------------- Ars reports from the Linux Security Summit - and finds much work that needs to be done. --------------------------------------------- http://arstechnica.com/security/2016/09/linux-kernel-security-needs-fixing/ *** No wonder were being hit by Internet of Things botnets. Ever tried patching a Thing? *** --------------------------------------------- Akamai CSO laments pisspoor security design practices Internet of Things devices are starting to pose a real threat to security for the sensible part of the web, Akamais chief security officer Andy Ellis has told The Register. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/09/27/akamai_chie… *** CVE-2016-7543 -- bash SHELLOPTS+PS4 *** --------------------------------------------- The recent bash 4.4 patched an old attack vector regarding specially crafted SHELLOPTS+PS4 environment variables against bogus setuid binaries using system()/popen(). --------------------------------------------- http://seclists.org/oss-sec/2016/q3/617 *** Siemens SCALANCE M-800/S615 Web Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a web security vulnerability in Siemens SCALANCE M-800 and S615 modules. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-271-01 *** IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2015-8325, CVE-2016-6210, CVE-2016-6515) *** --------------------------------------------- http://aix.software.ibm.com/aix/efixes/security/java_july2016_advisory.asc

1 0

Tageszusammenfassung - Montag 26-09-2016
by Daily end-of-shift report 26 Sep '16

26 Sep '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 23-09-2016 18:00 − Montag 26-09-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Kein Erste Bank-Sicherheitszertifikat installieren *** --------------------------------------------- In einer gefälschten Erste Bank-Nachricht verlangen Kriminelle von Empfängern, dass diese ein Sicherheitszertifikat für ihr mobiles Endgerät installieren. Tun Adressaten das nicht, führt das angeblich zur Kontensperrung. Die Installation des Sicherheitszertifikats infiziert das Smartphone mit Schadsoftware. Mit dieser haben Kriminelle Zugriff auf das fremde Konto. Opfer verlieren Geld. --------------------------------------------- https://www.watchlist-internet.at/schadsoftware/kein-erste-bank-sicherheits… *** Geschwächte iTunes-Backup-Verschlüsselung: Apple stellt Fix in Aussicht *** --------------------------------------------- Eine Schwachstelle macht Brute-Force-Angriffe auf verschlüsselte iTunes-Backups von iOS-10-Geräten weniger zeitintensiv. Apple ist das Problem bekannt - und betont, dass iCloud-Backups davon nicht betroffen sind. --------------------------------------------- http://heise.de/-3331346 *** VBA and P-code, (Mon, Sep 26th) *** --------------------------------------------- I want to draw your attention to some great work Dr. Bontchev did. pcodedmp.py is a VBA P-code disassembler. Microsoft Office documents contain VBA macros in several forms. They contain the source code, but also compiled P-code. Dr. Bontchev created a proof-of-concept document that executes P-code and does not contain the corresponding source code. Here is the output from his pcodedmp.py tool for his PoC document: python pcodedmp.py -d poc2b.docProcessing file:... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21521&rss *** Leaking Beeps: Here's A Reason to Kick Pagers out of Hospitals *** --------------------------------------------- Today, Trend's FTR team released the paper Leaking Beeps: Unencrypted Pager Messages in the Healthcare Industry, on our research into pager technology. If are concerned about keeping your health information private, I would highly recommend you read through it. I, for one, was not expecting the findings we made. Pagers are secure, right? We've used them for decades, they are hard to monitor, and that's why some of our most trusted industries use them, including the healthcare... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/o-H15bX77W8/ *** OpenSSL Fixes Critical Bug Introduced by Latest Update *** --------------------------------------------- OpenSSL's most recent update introduced a critical vulnerability in the crypto library, forcing an emergency update today. --------------------------------------------- http://threatpost.com/openssl-fixes-critical-bug-introduced-by-latest-updat… *** OpenSSL Security Advisory [26 Sep 2016] *** --------------------------------------------- This security update addresses issues that were caused by patches included in our previous security update, released on 22nd September 2016. Given the Critical severity of one of these flaws we have chosen to release this advisory immediately to prevent upgrades to the affected version, rather than delaying in order to provide our usual public pre-notification. --------------------------------------------- https://www.openssl.org/news/secadv/20160926.txt *** Security Advisory: NodeJS vulnerability CVE-2016-2086 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15311661.html?… *** Security Notice - Statement on Elevation of Privilege Vulnerability in Huawei HG8247H Product Disclosed on THEZEDT Website *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20160924-01-… *** Security Notice - Statement on Elevation of Privilege Vulnerability in Huawei HG8247H Product Disclosed on TheZedt Website *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20160924-01-… *** Security Advisory - Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2015/hw-460347 *** Security Advisory - Privilege Escalation Vulnerability in Huawei Multiple Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160926-… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Expat XML Parser vulnerabilities in Prospect *** http://www-01.ibm.com/support/docview.wss?uid=swg21988817 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager for Web is affected by security vulnerabilities in libxml2 *** http://www.ibm.com/support/docview.wss?uid=swg21990838 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by security vulnerabilities in libxml2 *** http://www.ibm.com/support/docview.wss?uid=swg21990837 --------------------------------------------- *** IBM Security Bulletin: Multiple libarchive vulnerabilities affect Watson Explorer *** http://www-01.ibm.com/support/docview.wss?uid=swg21988311 --------------------------------------------- *** IBM Security Bulletin: A command injection vulnerability has been identified in IBM Security Access Manager for Web appliances (CVE-2016-3028) *** http://www.ibm.com/support/docview.wss?uid=swg21990317 --------------------------------------------- *** IBM Security Bulletin: A vulnerability associated with the default account lockout settings in IBM Security Access Manager for Web has been identified (CVE-2016-3025) *** http://www.ibm.com/support/docview.wss?uid=swg21990318 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Apache Struts affect SAN Volume Controller and Storwize Family *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009282 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Struts and Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1181, CVE-2016-1182, CVE-2016-3092) *** http://www.ibm.com/support/docview.wss?uid=swg21988198 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in Struts v2 affect IBM Opportunity Detect *** http://www.ibm.com/support/docview.wss?uid=swg21987854 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect SAN Volume Controller and Storwize Family (CVE-2016-2107 CVE-2016-2108) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009281 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 23-09-2016
by Daily end-of-shift report 23 Sep '16

23 Sep '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 22-09-2016 18:00 − Freitag 23-09-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** The era of big DDOS?, (Thu, Sep 22nd) *** --------------------------------------------- I have been tracking DDOSs for a number of years, and quite frankly, it has become boring. Dont get me wrong, I am not complaining, just stating a fact. A number of factors seem tohave contributed to its fall from mainstream consciousness. somewhat better filtering practices, more awareness of timely patching, and probably the most significant being the novelty has worn off. Occasionally I will still see a multi-Gbps DDOS, but mostly it has been relegated to booter traffic which is not even a... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21511&rss *** LGPO.exe v2.0 PRE-RELEASE: support for MLGPO and REG_QWORD *** --------------------------------------------- LGPO.exe is a command-line utility to automate the management of local group policy objects (LGPO). Version 1.0 was released last January. The PRE-RELEASE LGPO.exe v2.0 is attached to this blog post, and adds support for Multiple Local Group Policy Objects (MLGPO) and 64-bit REG_QWORD registry values. Full details are in the LGPO.pdf in the download. For more... --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2016/09/23/lgpo-exe-v2-0-pre-r… *** Gefälschte Sendungsverfolgungen der Post *** --------------------------------------------- Internet-Nutzer/innen erhalten eine angebliche Sendungsverfolgung der Österreichischen Post. Darin heißt es, dass das Unternehmen ein Paket zurückerhalten habe. Damit es Empfänger/innen erhalten können, sollen sie einen Link aufrufen und eine Datei ausführen. Sie beinhaltet Schadsoftware. Wer diese öffnet, erleidet einen Datenverlust. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-sendun… *** Nach DDoS-Attacken: Akamai nimmt Sicherheitsforscher Krebs vom Netz *** --------------------------------------------- Nach der Enttarnung eines israelischen DDoS-Anbieters ist der Sicherheitsexperte Krebs selbst Opfer eines ungewöhnlichen Angriffs geworden. Seine Website ist vom Netz genommen worden. --------------------------------------------- http://www.golem.de/news/nach-ddos-attacken-akamai-nimmt-sicherheitsforsche… *** A week to go for the European Cyber Security Month launch! *** --------------------------------------------- ENISA together with the European Commission, the European Baking Federation (EBF), Europol's European Cybercrime Centre (EC3), and its partners, are getting ready for the launch event of the European Cyber Security Month (ECSM), the EU advocacy campaign on cybersecurity which runs throughout October. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/a-week-to-go-for-the-european-c… *** Security Update for Microsoft Office (3185852) *** --------------------------------------------- V.2.0(September 22, 2016): Bulletin revised to announce the availability of the 14.6.8 update for Microsoft Office for Mac 2011 (3186805) and the 15.25 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS16-107 *** Cisco Email Security Appliance Internal Testing Interface Vulnerability *** --------------------------------------------- A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to obtain complete control of an affected device.The vulnerability is due to the presence of a Cisco internal testing and debugging interface (intended for use during product manufacturing only) on customer-available software releases. An attacker could exploit this vulnerability by connecting to this testing and debugging interface. An exploit could allow an... --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** IDM 4.5 Notes Driver Version 4.0.1.0 *** --------------------------------------------- Abstract: This patch is for Identity Manger Notes Driver. It can be installed on IDM 4.5. This patch will take the version of the Notes Driver to version 4.0.1.0.Document ID: 5255110Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:IDM45_Notes_4010.zip (1.12 MB)Products:Identity Manager 4.5Superceded Patches:IDM 4.5 Notes Driver Version 4.0.0.4 --------------------------------------------- https://download.novell.com/Download?buildid=aLUafJcAJps~ *** DSA-3674 firefox-esr - security update *** --------------------------------------------- Multiple security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, buffer overflows and otherimplementation errors may lead to the execution of arbitrary code orinformation disclosure. --------------------------------------------- https://www.debian.org/security/2016/dsa-3674 *** Microsoft Internet Explorer 11 CORS Disrespect *** --------------------------------------------- Topic: Microsoft Internet Explorer 11 CORS Disrespect Risk: Low Text:IE11 is not following CORS specification for local files like Chrome and Firefox. Ive contacted Microsoft and they say this i... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016090165 *** DFN-CERT-2016-1560/">LibreSSL: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1560/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2016-5983). *** http://www-01.ibm.com/support/docview.wss?uid=swg21990060 --------------------------------------------- *** IBM Security Bulletin: Security vulnerability has been identified in IBM WebSphere Portal (CVE-2016-5954) *** http://www-01.ibm.com/support/docview.wss?uid=swg21989993 --------------------------------------------- *** IBM Security Bulletin: IBM DB2 LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS (CVE-2016-2984, CVE-2016-2985). *** http://www-01.ibm.com/support/docview.wss?uid=swg21989842 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4483) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990364 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Algo Credit Manager (CVE-2016-3092) *** http://www-01.ibm.com/support/docview.wss?uid=swg21988586 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo Credit Administrator (CVE-2016-3092) *** http://www.ibm.com/support/docview.wss?uid=swg21988585 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Struts affects FileNet Content Manager and IBM Content Foundation (CVE-2016-1181, CVE-2016-1182) *** http://www.ibm.com/support/docview.wss?uid=swg21987189 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4447 CVE-2016-4448 CVE-2016-4449) *** http://www-01.ibm.com/support/docview.wss?uid=swg21986710 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Network Security (NSS) affects IBM SAN Volume Controller and Storwize Family (CVE-2016-1978) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009280 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-0377) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990525 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Tivoli LWI impacts pConsole and WebSM for AIX (CVE-2016-6038) *** http://http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.… --------------------------------------------- *** IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2016-2985 and CVE-2016-2984) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024336 --------------------------------------------- *** IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix *** http://www.ibm.com/support/docview.wss?uid=swg21990527 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in libpng affect NVIDIA Linux device drivers for System x, Flex and BladeCenter Systems (CVE-2015-8472, CVE-2015-7981, CVE-2015-8126) *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099471 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily