Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - Freitag 22-04-2016
by Daily end-of-shift report 22 Apr '16

22 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 21-04-2016 18:00 − Freitag 22-04-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco Patches Denial-of-Service Flaws Across Three Products *** --------------------------------------------- Cisco released software updates to address five separate denial of service vulnerabilities, all which the company considers either high or critical severity, across its product line this week. --------------------------------------------- http://threatpost.com/cisco-patches-denial-of-service-flaws-across-three-pr… *** New version of TeslaCrypt ups ante for ransomware *** --------------------------------------------- Two updates in TeslaCrypt illustrate that ransomware is not only spreading wider, but is also evolving with new capabilities. --------------------------------------------- http://www.scmagazine.com/new-version-of-teslacrypt-ups-ante-for-ransomware… *** Cybercrime as a business rampant, new study *** --------------------------------------------- Attacks are getting fiercer and attackers more sophisticated and organized, according to the "2016 Trustwave Global Security Report," released this week. --------------------------------------------- http://www.scmagazine.com/cybercrime-as-a-business-rampant-new-study/articl… *** South Korea no 1 origin point for DDoS attacks *** --------------------------------------------- According to a new report by Imperva, South Korea serves as the most prolific point of origin for global DDoS attacks. --------------------------------------------- http://www.scmagazine.com/south-korea-no-1-origin-point-for-ddos-attacks/ar… *** SpyEye duo behind bank-account-emptying malware banged up *** --------------------------------------------- Billion-dollar Russian Trojan team in the tank for quarter of a century in the US A two-man team responsible for spreading the SpyEye malware that caused more than a billion dollars in financial hardship is now starting extended .. --------------------------------------------- www.theregister.co.uk/2016/04/21/us_jails_spyeye_malware_duo/ *** DSA-3554 xen - security update *** --------------------------------------------- Multiple vulnerabilities have been discovered in the Xen hypervisor. TheCommon Vulnerabilities and Exposures project identifies the followingproblems: --------------------------------------------- https://www.debian.org/security/2016/dsa-3554 *** Core Windows Utility Can Be Used to Bypass AppLocker *** --------------------------------------------- A researcher has discovered that Windows' Regsvr32 can be used to download and run JavaScript and VBScript remotely from the Internet, bypassing AppLocker's whitelisting protections. --------------------------------------------- http://threatpost.com/core-windows-utility-can-be-used-to-bypass-applocker/… *** TeslaCrypt: New versions and delivery methods, no decryption tool *** --------------------------------------------- TeslaCrypt ransomware was first spotted and analyzed in early 2015, and soon enough researchers created a decryption tool for it. The malware has since reached versions 4.0 and 4.1 but, unfortunately, there is currently no way to decrypt the .. --------------------------------------------- https://www.helpnetsecurity.com/2016/04/22/teslacrypt-new-versions-no-decry… *** Your credentials at risk with Lansweeper 5 *** --------------------------------------------- As a penetration testers, we rarely have to find 'zero day' vulnerabilities or perform 'bug hunting' in order to compromise Windows Active Directory Domains. However, in one of these rare cases while performing an internal penetration test for a client, we had to do so. Lansweeper is .. --------------------------------------------- http://blog.gosecure.ca/2016/04/21/your-credentials-at-risk-with-lansweeper… *** Red Hat Product Security Risk Report: 2015 *** --------------------------------------------- This report takes a look at the state of security risk for Red Hat products for calendar year 2015. We look at key metrics, specific vulnerabilities, and the most common ways users of Red Hat products were affected by security issues. --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2262281 *** Hacking Nagios: The Importance of System Hardening *** --------------------------------------------- System hardening is important. Keeping systems in a hardened state is equally important. Good hardening should not only including keeping all the patches up-to-date, but also disabling all unnecessary services. The services that are necessary, must to be configured securely. All of this is .. --------------------------------------------- https://blog.anitian.com/hacking-nagios/ *** Hackerangriff: Drucker an deutschen Unis spuckten Nazi-Botschaften aus *** --------------------------------------------- Angriff auf vernetzte Kopierer und Drucker offenbar aus den USA - Sicherheitsleck behoben --------------------------------------------- http://derstandard.at/2000035504034 *** [2016-04-22] Insecure credential storage in my devolo Android app *** --------------------------------------------- The Android app of devolo Home Control suffers from insecure credential storage. Attackers can be able to recover sensitive information from stolen/lost devices. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016… *** [2016-04-22] Multiple vulnerabilities in Digitalstrom Konfigurator *** --------------------------------------------- Multiple design and implementation flaws within the smart home system Digitalstrom enable an attacker to control arbitrary devices connected to the system and execute JavaScript code in the users browser. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016… *** SEC Consult Study on Smart Home Security in Germany - a first silver lining on the horizon of IoT? *** --------------------------------------------- http://blog.sec-consult.com/2016/04/smart-home-security.html *** 1 Million Menschen nutzen Facebook über Tor *** --------------------------------------------- Lohnt es sich, einen eigenen Tor-Hidden-Service anzubieten? Facebook schreibt jetzt, dass die Zahl der aktiven Tor-Nutzer sich seit dem letzten Sommer verdoppelt hat. --------------------------------------------- http://www.golem.de/news/privatsphaere-1-million-menschen-nutzen-facebook-u… *** Snap: Ubuntus neues Paketformat ist unter X11 unsicher *** --------------------------------------------- Das neue Snap-Paketformat von Ubuntu soll nicht nur Installationen und Updates vereinfachen, sondern auch Anwendungen besser absichern. Unter X11 sei letzteres aber ein falsches Versprechen, sagt Sicherheitsforscher Matthew Garrett. überraschend ist das nicht. --------------------------------------------- http://www.golem.de/news/snap-ubuntus-neues-paketformat-ist-unter-x11-unsic… *** Why Hackers Love Your LinkedIn Profile *** --------------------------------------------- An employee opens an attachment from someone who claims to be a colleague in a different department. The attachment turns out to be malicious. The company network? Breached. If you follow the constant news about data breaches, you read this stuff all the .. --------------------------------------------- http://safeandsavvy.f-secure.com/2016/04/22/why-hackers-love-your-linkedin-… *** Nuclear Exploit-Kit bombardiert hunderttausende Rechner mit Locky *** --------------------------------------------- Ransomware wird im großen Stil über Exploit-Kits verteilt. Sicherheitsforschern ist es jetzt gelungen, ins Backend einer solchen Schadcode-Schleuder einzudringen und Statistiken über die Verbreitung der Trojaner zu sammeln. --------------------------------------------- http://heise.de/-3181696 *** JSA10727 - 2016-04 Security Bulletin: Junos Space: Multiple privilege escalation vulnerabilities in Junos Space (CVE-2016-1265) *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10727

1 0

Tageszusammenfassung - Donnerstag 21-04-2016
by Daily end-of-shift report 21 Apr '16

21 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 20-04-2016 18:00 − Donnerstag 21-04-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Angebliche Paket-Verständigung von der "Post" kann Ihre Daten durch Verschlüsselung unbrauchbar machen *** --------------------------------------------- Modus Operandi Kaum ist die Bedrohung durch angebliche E-Mails von DHL im Abklingen, erreicht uns eine neue Welle von E-Mails mit gefährlichem Inhalt. Nunmehr gibt die Mail vor von der "Post" zu stammen und informiert über eine nicht erfolgreich durchgeführte Zustellung. Die weitere Vorgehensweise bleibt dabei gleich; der Empfänger wird aufgefordert den Versandschein über einen Link in der Mail herunter zu laden. --------------------------------------------- http://www.bmi.gv.at/cms/BK/betrug/files/Cryptolocker_Ransomware_Post.pdf *** Decoding Pseudo-Darkleech (#1), (Thu, Apr 21st) *** --------------------------------------------- Im currently going through a phase of WordPress dPression. Either my users are exceptionally adept at finding hacked and subverted WordPress sites, or there are just so many of these sites out there. This weeks particular fun seems to be happening on restaurant web sites. Inevitably, when checking out the origin of some crud, I discover a dPressing installation that shows signs of being owned since months. The subverted sites currently lead to Angler Exploit Kit (Angler EK), and are using... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20969&rss *** SpyEye botnet kit developer sentenced to long jail term *** --------------------------------------------- Aleksandr Andreevich Panin, the Russian developer of the SpyEye botnet creation kit, and an associate were on Wednesday sentenced to prison terms by a court in Atlanta, Georgia, for their role in developing and distributing malware that is said to have caused millions of dollars in losses to the financial sector.Panin, who set out to develop SpyEye as a successor to the Zeus malware that affected financial institutions since 2009, was sentenced by the court to nine and half years in prison,... --------------------------------------------- http://www.cio.com/article/3059554/spyeye-botnet-kit-developer-sentenced-to… *** Looking Into a Cyber-Attack Facilitator in the Netherlands *** --------------------------------------------- A small webhosting provider with servers in the Netherlands and Romania has been a hotbed of targeted attacks and advanced persistent threats (APT) since early 2015. Starting from May 2015 till today we counted over 100 serious APT incidents that originated from servers of this small provider. Pawn Storm used the servers for at least 80 high profile attacks against various governments in the US, Europe, Asia, and the Middle East. Formally the Virtual Private Server (VPS) hosting company is... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/MKFUpCeHi9s/ *** FBI warns farming industry about equipment hacks, data breaches *** --------------------------------------------- As Internet-connected equipment is increasingly used in many industry sectors, alerts like the latest one issued by the FBI to US farmers will likely become a regular occurrence. While precision agriculture technology (a.k.a. smart farming) reduces farming costs and increases crop yields, farmers need to be aware of and understand the associated cyber risks to their data and ensure that companies entrusted to manage their data, including digital management tool and application developers... --------------------------------------------- https://www.helpnetsecurity.com/2016/04/21/farming-cyber-risks/ *** Lab - Cryptographic Algorithms *** --------------------------------------------- For this lab we'll be using GPG, OpenSSL to demonstrate symmetric and asymmetric encryption/decryption and MD5, SHA1 to demonstrate hash functions. Virtual Machine Needed: Kali Before starting the lab here are some definitions: In all symmetric crypto algorithms (also called Secret Key encryption) a secret key is used for both encrypt plaintext and decrypt the... --------------------------------------------- http://resources.infosecinstitute.com/lab-cryptographic-algorithms/ *** Fremdenfeindliche Ausdrucke: "Hackerangriff" auf Universitätsdrucker *** --------------------------------------------- Hackerangriff oder doch nur eine falsche Druckerkonfiguration: In verschiedenen Universitäten in Deutschland sind in den Druckern Dokumente mit fremdenfeindlichem Hintergrund gefunden worden. --------------------------------------------- http://www.golem.de/news/fremdenfeindliche-ausdrucke-hackerangriff-auf-univ… *** Security update available for the Adobe Analytics AppMeasurement for Flash Library *** --------------------------------------------- A Security Bulletin (APSB16-13) has been published regarding a security update for the Adobe Analytics AppMeasurement for Flash Library. This update resolves an important vulnerability in the AppMeasurement for Flash library that could be abused to conduct DOM-based cross-site scripting attacks... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1341 *** DFN-CERT-2016-0655: Squid: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0655/ *** [R2] Nessus < 6.6 Fixes Two Vulnerabilities *** --------------------------------------------- http://www.tenable.com/security/tns-2016-08 *** Moxa NPort Device Vulnerabilities (Update A) *** --------------------------------------------- This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS-ALERT-16-099-01 Moxa NPort Device Vulnerabilities that was published April 8, 2016, on the ICS-CERT web page. ICS-CERT is aware of a public report of vulnerabilities affecting multiple models of the Moxa NPort device. ICS-CERT has notified Moxa of the report, and Moxa has validated all five of the reported vulnerabilities. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-099-01 *** Hyper-V - vmswitch.sys VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow *** --------------------------------------------- Topic: Hyper-V - vmswitch.sys VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow Risk: High Text:/* This function is reachable by sending a RNDIS Set request with OID 0x01010209 (OID_802_3_MULTICAST_LIST) from the Guest to... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016040133 *** Avast SandBox Escape via IOCTL Requests *** --------------------------------------------- Topic: Avast SandBox Escape via IOCTL Requests Risk: Medium Text:* CVE: CVE-2016-4025 * Vendor: Avast * Reported by: Kyriakos Economou * Date of Release: 19/04/2016 * Affected Products: Mu... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016040134 *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Wireless LAN Controller Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Multiple Cisco Products libSRTP Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: A vulnerability in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2016-0800) *** http://www.ibm.com/support/docview.wss?uid=swg21980721 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in libcURL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2015-3237) *** http://www.ibm.com/support/docview.wss?uid=swg21980719 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2015-3197, CVE-2015-4000) *** http://www.ibm.com/support/docview.wss?uid=swg21980716 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196) *** http://www.ibm.com/support/docview.wss?uid=swg21980714 --------------------------------------------- *** IBM Security Bulletin: Current Releases of IBM® SDK for Node.js™ are affected by CVE-2015-8851 *** http://www.ibm.com/support/docview.wss?uid=swg21981528 --------------------------------------------- *** IBM Security Bulletin: IBM Spectrum Scale, with the Spectrum Scale GUI installed, is affected by a security vulnerability (CVE-2016-0361) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005742 --------------------------------------------- *** Drupal Security Advisories for Third-Party Modules *** --------------------------------------------- *** EPSA Crop - Image Cropping - Critical -XSS - SA-CONTRIB-2016-024 - Unsupported *** https://www.drupal.org/node/2710247 --------------------------------------------- *** Organic groups - Moderately Critical - Access bypass - DRUPAL-SA-CONTRIB-2016-023 *** https://www.drupal.org/node/2710115 --------------------------------------------- *** Search API - Moderately Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-022 *** https://www.drupal.org/node/2710063 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 20-04-2016
by Daily end-of-shift report 20 Apr '16

20 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 19-04-2016 18:00 − Mittwoch 20-04-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Oracle critical updates released, (Wed, Apr 20th) *** --------------------------------------------- Oracle has released their critical updates list. Looking through it there is a very wide range of products, including java that require a fix. Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay. There are quite a few remotely exploitable, no auth required issues that are addressed by these patches. You may want to peruse the list to see if some of your products are affected. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20965&rss *** Java: Neue JDK-Versionen bringen strengere Sicherheitsvorgaben *** --------------------------------------------- Die Updates JDK 8u91 und 8u92 adressieren erneut vor allem das Thema Security: Unter anderem gilt der MD5-Algorithmus nun als unsicher, und die JVM bekommt Einstellungen zur Behandlung von Speicherüberlauffehlern. --------------------------------------------- http://heise.de/-3178164 *** Hacking and manipulating traffic sensors *** --------------------------------------------- With the advent of the Internet of Things, we're lucky to have researchers looking into these devices and pointing out the need for securing them better. One of these researchers is Kaspersky Lab's Denis Legezo, who took it upon himself to map the traffic sensors in Moscow and see whether they could be tampered with. The answer to that question is yes, they can be manipulated, and consequently lead to poor traffic management and annoyance... --------------------------------------------- https://www.helpnetsecurity.com/2016/04/20/hacking-manipulating-traffic-sen… *** PoS Malware Steals Credit Card Numbers via DNS Requests *** --------------------------------------------- A new version of the NewPosThings PoS malware is using a clever technique to extract data from infected PoS terminals that almost no security solution monitors for malware activity. --------------------------------------------- http://news.softpedia.com/news/pos-malware-steals-credit-card-numbers-via-d… *** Using a Braun Shaver to Bypass XSS Audit and WAF *** --------------------------------------------- TL;DR: Sometimes you just need to spend a couple of months to exploit a XSS with a hygiene product. --------------------------------------------- https://blog.bugcrowd.com/guest-blog-using-a-braun-shaver-to-bypass-xss-aud… *** Encryption everywhere? *** --------------------------------------------- This article discusses opportunistic encryption (OE), ways to set up systems so that they will automatically encrypt whenever they can rather than just whenever the user requests it. Many types of encryption require a choice by the user - encrypt with PGP rather than sending email in the clear, log into a remote system with... --------------------------------------------- http://resources.infosecinstitute.com/encryption-everywhere/ *** Towards Generic Ransomware Detection *** --------------------------------------------- Im not claiming these ideas are novel, nor unbeatable. My goal is simply to raise awareness about alternate means to help stymie the ransomware epidemic. Plus, attempting to write a tool that could generically protect my computer against OS X ransomware, seemed like a fun challenge! Finally, both this research and tool are version 1.0, meaning, likely room for improvement - so feedback is welcome :) --------------------------------------------- https://objective-see.com/blog/blog_0x0F.html *** DRAM bitflipping exploits that hijack computers just got easier *** --------------------------------------------- Approach relies on already installed code, including widely used glibc library. --------------------------------------------- http://arstechnica.com/security/2016/04/dram-bitflipping-exploits-that-hija… *** Panama Papers - How Hackers Breached the Mossack Fonseca Firm *** --------------------------------------------- Introduction The Panama Papers are a huge trove of high confidential documents stolen from the computer systems of the Panamanian law firm Mossack Fonseca that was leaked online during recently. It is considered the largest data leaks ever, the entire archive contains more than 11.5 Million files including 2.6 Terabytes of data related the activities of offshore... --------------------------------------------- http://resources.infosecinstitute.com/panama-papers-how-hackers-breached-th… *** Kippo and dshield , (Tue, Apr 19th) *** --------------------------------------------- In this diary I will talk about how to configure kippo honeypot and how to submit your kippos log to SANS Dshield --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20963&rss *** Security Update for Microsoft Graphics Component (3148522) Version: 2.0 *** --------------------------------------------- V2.0 (April 19, 2016): To comprehensively address CVE-2016-0145, Microsoft re-released security update 3144432 for affected editions of Microsoft Live Meeting 2007 Console. Customers running Microsoft Live Meeting 2007 Console should install the update to be fully protected from the vulnerability. See Microsoft Knowledge Base Article 3144432 for more information. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS16-039 *** Bugtraq: ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/538133 *** Cisco IOS and Cisco IOS XE ntp Subsystem Unauthorized Access Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** F5 Security Advisory: glibc vulnerability CVE-2015-8779 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/39/sol39250133.html?… *** VMSA-2016-0002.1 *** --------------------------------------------- VMware product updates address a critical glibc security vulnerability --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0002.html *** VMSA-2015-0009.2 *** --------------------------------------------- VMware product updates address a critical deserialization vulnerability --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0009.html

1 0

Tageszusammenfassung - Dienstag 19-04-2016
by Daily end-of-shift report 19 Apr '16

19 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 18-04-2016 18:00 − Dienstag 19-04-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Touch ID: 90 Prozent der iPhone-Nutzer setzen jetzt auf Code-Sperre *** --------------------------------------------- Seit der Einführung des Fingerabdruckscanners hat sich laut Apple der Anteil der Nutzer verdoppelt, die ihr iPhone mit einem Gerätecode schützen und damit die Daten verschlüsseln. --------------------------------------------- http://heise.de/-3177095 *** JavaScript-toting spam emails: What should you know and how to avoid them? *** --------------------------------------------- We have recently observed that spam campaigns are now using JavaScript attachments aside from Office files. The purpose of the code is straightforward. It downloads and runs other malware. Some of the JavaScript downloaders .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/04/18/javascript-toting-spam-… *** Google Alerts, Direct Webmaster Communication Get Bugs Fixed Quickly *** --------------------------------------------- Google determined that Safe Browsing warnings correlate with quicker remediation times, though not as quick as direct contact with webmasters who have registered with Google Search Console. --------------------------------------------- http://threatpost.com/google-alerts-direct-webmaster-communication-get-bugs… *** Magnitude EK Activity At Its Highest Via AdsTerra Malvertising *** --------------------------------------------- The Magnitude exploit kit is maximizing its leads via a large and uninterrupted malvertising campaign.Categories: ExploitsTags: adsterramagnitude EKmalvertisingterraclicks(Read more...) --------------------------------------------- https://blog.malwarebytes.org/threat-analysis/exploits-threat-analysis/2016… *** iPrint Appliance 2.0 Patch 1 *** --------------------------------------------- Abstract: Patch 1 for the iPrint Appliance 2.0 includes bug fixes.Document ID: 5240661Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:iPrint-2.0.0.530.HP.zip (594.99 MB)Products:iPrint Appliance 2Superceded Patches:iPrint Appliance 2.0 FTF --------------------------------------------- https://download.novell.com/Download?buildid=W46YTfqEGiQ~ *** Symantec Messaging Gateway Multiple Security Issues *** --------------------------------------------- Revisions None Severity Severity (CVSS version 2 and CVSS Version 3) CVSS2 Base Score .. --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Python-Based PWOBot Targets European Organizations *** --------------------------------------------- We have discovered a malware family named 'PWOBot' that is fairly unique because it is written entirely in Python, and compiled via PyInstaller to generate a Microsoft Windows .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/04/unit42-python-based-pwob… *** Zahlen, bitte! Täglich 390.000 neue Schadprogramme *** --------------------------------------------- Momentan hat man das Gefühl, in jedem Mail-Anhang und hinter jedem Link versteckt sich irgendeine Malware. Antiviren-Hersteller und Test-Labore verstärken diesen Eindruck noch durch irrwitzig hohe Zahlen neuer Schadprogramme. --------------------------------------------- http://heise.de/-3177141 *** 2015 über 550 Millionen Datensätze von Sicherheitslecks betroffen *** --------------------------------------------- Anzahl bekannt gewordener Zero-Day-Lücken mehr als verdoppelt – Entwickler werden schneller beim Ausmerzen --------------------------------------------- http://derstandard.at/2000035195204 *** How-To Disable Windows Script Host *** --------------------------------------------- Numerous spam campaigns are pushing various crypto-ransomware families (and backdoors) via .zip file attachments. And such .zip files typically contain a JScript (.js/.jse) file that, if clicked, will be run via Windows Script Host. Do yourself a favor and edit your Windows Registry .. --------------------------------------------- https://labsblog.f-secure.com/2016/04/19/how-to-disable-windows-script-host/ *** Exploit kit writers turn away from Java, go all-in on Adobe Flash *** --------------------------------------------- 312% increase in Flash vulns over 2014, says study Exploit kit writers are no longer fussed about Java vulnerabilities, focusing their attention almost entirely on Adobe Flash. --------------------------------------------- www.theregister.co.uk/2016/04/19/exploit_kit_writers_love_flash/ *** Homeland Security: Open Source dient der inneren Sicherheit *** --------------------------------------------- Die Offenlegung von Code habe Vorteile bei der "Cybersicherheit" und werde helfen, die Nation vor Gefahren zu schützen, meint der Technikchef der zuständigen US-Behörde. Außerdem könnten Bürger die Behörde dank Open Source besser überwachen, glauben Entwickler. --------------------------------------------- http://www.golem.de/news/homeland-security-open-source-dient-der-inneren-si… *** Tools *** --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer. The following vulnerabilities have been addressed: ... --------------------------------------------- http://support.citrix.com/article/CTX209443 *** Perfides PayPal-Phishing mit angeblicher Eventim-Rechnung *** --------------------------------------------- Eine überdurchschnittlich gut gemachte Phishing-Mail soll PayPal-Kunden in die Datenfalle locken. Die Absender haben sogar beim Header getrickst. --------------------------------------------- http://heise.de/-3177745

1 0

Tageszusammenfassung - Montag 18-04-2016
by Daily end-of-shift report 18 Apr '16

18 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 15-04-2016 18:00 − Montag 18-04-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Bugtraq: [SECURITY] [DSA 3550-1] openssh security update *** --------------------------------------------- http://www.securityfocus.com/archive/1/538099 *** Out-of-date apps put 3 million servers at risk of crypto ransomware infections *** --------------------------------------------- 1,600 schools, governments, and aviation companies already backdoored. --------------------------------------------- http://arstechnica.com/security/2016/04/3-million-servers-are-sitting-ducks… *** Chrome extensions will soon have to tell you what data they collect *** --------------------------------------------- Google is about to make it harder for Chrome extensions to collect your browsing data without letting you know about it, according to a new policy announced Friday.Starting in mid-July, developers releasing Chrome extensions .. --------------------------------------------- http://www.cio.com/article/3057259/chrome-extensions-will-soon-have-to-tell… *** How to Write Phishing Templates That Work *** --------------------------------------------- Phish Me Once Phishing isn't hard. Despite all the frightening news reports about ransomware and millions of stolen dollars and identities, people still happily click .. --------------------------------------------- http://resources.infosecinstitute.com/how-to-write-phishing-templates-that-… *** ZDI-16-244: Hewlett Packard Enterprise Vertica validateAdminConfig Remote Command Injection Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Vertica. Authentication is not required to exploit this vulnerability. --------------------------------------------- www.zerodayinitiative.com/advisories/ZDI-16-244/ *** ZDI-16-243: Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability *** --------------------------------------------- This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-243/ *** Splunk Enterprise Multiple Flaws Let Remote Users Bypass Security and Deny Service and Remote Authenticated Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1035578 *** 'Blackhole' Exploit Kit Author Gets 7 Years *** --------------------------------------------- A Moscow court this week convicted and sentenced seven hackers for breaking into countless online bank accounts -- including "Paunch," the nickname used by the author of the infamous "Blackhole" exploit kit. Once an extremely .. --------------------------------------------- http://krebsonsecurity.com/2016/04/blackhole-exploit-kit-author-gets-8-year… *** DSA-3551 fuseiso - security update *** --------------------------------------------- It was discovered that fuseiso, a user-space implementation of theISO 9660 file system based on FUSE, contains several vulnerabilities. --------------------------------------------- https://www.debian.org/security/2016/dsa-3551 *** leenk.me <= 2.5.0 - XSS and CSRF *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8457 *** DSA-3552 tomcat7 - security update *** --------------------------------------------- Multiple security vulnerabilities have been discovered in the Tomcatservlet and JSP engine, which may result in information disclosure,the bypass of CSRF protections and bypass of the SecurityManager. --------------------------------------------- https://www.debian.org/security/2016/dsa-3552 *** FAQ WD <= 1.0.14 - Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8455 *** e-search <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8458 *** Hacking Team hacker explains how he did it *** --------------------------------------------- Some nine moths ago, a hacker that calls himself Phineas Fisher managed to breach the systems and networks of Hacking Team, the (in)famous Italian company that provides offensive intrusion and surveillance software to .. --------------------------------------------- https://www.helpnetsecurity.com/2016/04/18/hacking-team-hacker-explains/ *** Abhörsicherheit: Web.de sichert Mail-Transport zusätzlich per DANE ab *** --------------------------------------------- Der Schritt ist bedeutsam, weil Web.de nicht nur einer der großen deutschen Freemail-Dienste ist, sondern, weil der Mutterkonzern United Internet auch zur Initiative "E-Mail made in Germany" gehört – um die es zuletzt freilich still geworden ist. --------------------------------------------- http://heise.de/-3175333 *** Remote code execution, git, and OS X *** --------------------------------------------- Sometimes I think about all of those pictures which show a bunch of people in startups. They have their office space, which might be big, or it might be small, but they tend to have Macs. Lots of Macs. A lot of them also use git to .. --------------------------------------------- https://rachelbythebay.com/w/2016/04/17/unprotected/ *** Oracle Critical Patch Update Pre-Release Announcement - April 2016 *** --------------------------------------------- This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for April 2016, which will be released on Tuesday, April 19, 2016. While this Pre-Release Announcement is as accurate .. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html *** Idiot millennials are saving credit card PINs on their mobile phones *** --------------------------------------------- Cleartext passwords are bad, kids, mmmkay? More than one in five 18-24 year olds (21 per cent) store PINs for credit or debit cards on their smartphones, tablets or laptops, according to research conducted by Equifax in conjunction with Gorkana. --------------------------------------------- www.theregister.co.uk/2016/04/18/storing_passwords_smartphone_bad_mkay/ *** Implementation of a Virtual IDS Device in Passive Mode *** --------------------------------------------- The arrival of server, desktop and network virtualization has brought along enormous flexibility in configuration options and a huge drop in installation and operating costs of IT networks. Due .. --------------------------------------------- http://resources.infosecinstitute.com/implementation-of-a-virtual-ids-devic… *** Academic network Janet clobbered with DDoS attacks - again *** --------------------------------------------- Funny how it always gets targeted at the end of term... Blightys government-funded educational network Janet has once again been hit by a cyber attack, with a fresh .. --------------------------------------------- www.theregister.co.uk/2016/04/18/janet_clobbered_with_ddos_attacks_again/ *** Oberösterreichische Firma bei Traktorenkauf auf Internetbetrüger reingefallen *** --------------------------------------------- 40.000 Euro Schaden - Homepage von englischem Anbieter "gefakt" --------------------------------------------- http://derstandard.at/2000035121122

1 0

Tageszusammenfassung - Freitag 15-04-2016
by Daily end-of-shift report 15 Apr '16

15 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 14-04-2016 18:00 − Freitag 15-04-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco Unified Computing System Platform Emulator Command Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Unified Computing System Platform Emulator Filename Argument Handling Buffer Overflow Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Vorgebliches Flash-Update installiert unerwünschte Mac-Programme *** --------------------------------------------- Erneut ist ein als Flash-Aktualisierung getarnter Installer im Umlauf, der ungewollte OS-X-Programme einspielt. Ein Entwickler-Zertifikat stellt die Schutzfunktion Gatekeeper ruhig. --------------------------------------------- http://heise.de/-3174793 *** Bedep has raised its game vs Bot Zombies *** --------------------------------------------- http://malware.dontneedcoffee.com/2016/04/bedepantiVM.html *** Xen hugetlbfs Support Lets Local Users on a Guest System Cause Denial of Service Conditions on the Guest System *** --------------------------------------------- http://www.securitytracker.com/id/1035569 *** Banking Trojans Nymaim, Gozi Merge to Steal $4M *** --------------------------------------------- 'Double-headed beast' Trojan, GozNym, drains $4 million from banks in past two weeks. --------------------------------------------- http://threatpost.com/banking-trojans-nymaim-gozi-merge-to-steal-4m/117412/ *** Ransomware authors use the bitcoin blockchain to deliver encryption keys *** --------------------------------------------- Ransomware authors are using the bitcoin blockchain, which serves as the cryptocurrencys public transaction ledger, to deliver decryption keys to victims.The technique, which removes the burden of maintaining a reliable website-based .. --------------------------------------------- http://www.cio.com/article/3056604/ransomware-authors-use-the-bitcoin-block… *** VMSA-2016-0004 *** --------------------------------------------- VMware product updates address a critical security issue in the VMware Client Integration Plugin --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0004.html *** HTTP Public Key Pinning: How to do it right, (Thu, Apr 14th) *** --------------------------------------------- [Thanks to Felix aka @nexusnode for inspiring this post. Also, see his blog post [1] for more details] One of the underutilizedsecurity measures I mentioned recently was HTTP Public Key Pinning, or HPKP. First again, what is HPKP: HPKP adds a special header to the HTTP response. This header lists hashes .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20943 *** Researchers Crack Microsoft and Google's Shortened URLs to Spy on People *** --------------------------------------------- They were even able to identify a young woman whod sought Google Maps directions to a Planned Parenthood clinic. --------------------------------------------- http://www.wired.com/2016/04/researchers-cracked-microsoft-googles-shortene… *** Russia sends exploit kit author to the GULAG for seven years *** --------------------------------------------- ♫ Mothers, dont let your babies grow up to be hackers ♫ The author of the infamous "Blackhole" exploit kit has been sentenced to seven years in a Russian penal colony, local media report. --------------------------------------------- www.theregister.co.uk/2016/04/15/blackhole_paunch_sentence/ *** OGH: Unternehmer bei "Phishing"-Attacke vom Konto selbst schuld *** --------------------------------------------- http://derstandard.at/2000034923248-406 *** AJAX Random Post <= 2.00 - Unauthenticated Reflected Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8450 *** HDW WordPress Video Gallery <= 1.2 - Unauthenticated Reflected Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8449 *** Blackberry: Kanadische Polizei besitzt seit 2010 Zentralschlüssel *** --------------------------------------------- Wurde genutzt um über die Jahre Millionen BBM-Nachrichten mitzulesen --------------------------------------------- http://derstandard.at/2000034940341 *** Sierra Wireless ACEmanager Information Exposure Vulnerability *** --------------------------------------------- This advisory contains mitigation details for an exposure of sensitive information vulnerability in the Sierra Wireless ACEmanager application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-105-01 *** Accuenergy Acuvim II Series AXM-NET Module Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for authentication bypass vulnerabilities in Accuenergy's Acuvim II Series AXM-NET module. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02 *** QuickTime unter Windows deinstallieren - JETZT! *** --------------------------------------------- Da zwei kritische Lücken in QuickTime für Windows klaffen und Apple die Anwendung nicht mehr unterstützt, .. --------------------------------------------- http://heise.de/-3175518

1 0

Tageszusammenfassung - Donnerstag 14-04-2016
by Daily end-of-shift report 14 Apr '16

14 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 13-04-2016 18:00 − Donnerstag 14-04-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** JSA10733 - 2016-04 Security Bulletin: ScreenOS: Multiple Vulnerabilities in OpenSSL *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10733&actp=RSS *** JSA10747 - 2016-04 Security Bulletin: QFX Series: PFE panic while processing VXLAN packets (CVE-2016-1274) *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10747&actp=RSS *** JSA10735 - 2016-04 Security Bulletin: CTP Series: Multiple vulnerabilities in CTP Series *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10735&actp=RSS *** Cisco Catalyst Switches Network Mobility Services Protocol Port Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Juniper bleeding data and money: slaps Band-Aids all over Junos OS and warns markets *** --------------------------------------------- Security fixes for privilege escalation, DoS, TLS spoofing and more Junipers code reviewers have been hard at work, and have shipped a bunch of security bug-fixes. --------------------------------------------- www.theregister.co.uk/2016/04/14/juniper_drops_a_bunch_of_junos_os_security… *** Hackers hacking hackers to knacker white hat cracker trackers *** --------------------------------------------- These Russians speak really good Farsi and other signs thieves lack honour ACSC2016 Malware writers are selling each other out to white hats and hacking through each others infrastructure to frame rivals, Shadowservers Richard Perlotto says. --------------------------------------------- www.theregister.co.uk/2016/04/14/there_is_no_honour_among_thieves/ *** Entschlüsselungs-Tool verfügbar? Webseite identifiziert Erpressungs-Trojaner *** --------------------------------------------- Opfer von Verschlüsselungs-Trojanern können auf der Webseite ID Ransomware den Schädling identifizieren und unter anderem Infos zur Möglichkeit einer kostenlosen Entschlüsselung abrufen. --------------------------------------------- http://heise.de/-3173463 *** "Der Bundestrojaner ist staatliche Schadsoftware" *** --------------------------------------------- Für den IT-Experten Rene Pfeiffer ist die staatliche Spionagesoftware kein taugliches Mittel zur .. --------------------------------------------- http://derstandard.at/2000034779830 *** Hacker bringt "Flappy Bird" auf die E-Zigarette *** --------------------------------------------- Ist mit kleinem OLED-Bildschirm ausgestattet - Firmware zum Download gestellt --------------------------------------------- http://derstandard.at/2000034841151 *** Boost - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-021 *** --------------------------------------------- This module provides static page caching for Drupal enabling a very significant performance and scalability boost for sites that receive mostly anonymous traffic.The module doesnt prevent form cache from leaking between anonymous users which .. --------------------------------------------- https://www.drupal.org/node/2705765 *** Features - Less Critical - Denial of Service (DoS) - SA-CONTRIB-2016-020 *** --------------------------------------------- This module enables you to organize and export configuration data.The module doesnt sufficiently protect the admin/structure/features/cleanup path with a token. If an attacker can trick an admin with the .. --------------------------------------------- https://www.drupal.org/node/2705637 *** Badlock: A Lateral Concern *** --------------------------------------------- Yesterday, what seems like the entire InfoSec industry was underwhelmed when Badlock was finally disclosed and, apparently, didn't live up to its billing. While we agree that the month-long buildup to the disclosure, and flashy logo were unnecessary, we'd like to explain why we think this vulnerability will end up providing malicious actors with a .. --------------------------------------------- https://labsblog.f-secure.com/2016/04/14/badlock-a-lateral-concern/ *** Snort Lab: Custom SCADA Protocol IDS Signatures *** --------------------------------------------- In this lab, you are going to learn how to create custom Snort signatures for the Modbus/TCP protocol. First, let's take some time to examine the Modbus TCP Target system. Start the Modbus TCP PLC Target VM. This target simulates .. --------------------------------------------- http://resources.infosecinstitute.com/snort-lab-custom-scada-protocol-ids-s… *** East European Criminal Fastflux Infrastructure *** --------------------------------------------- Fast flux networks allow miscreants to make their network more resistant against takedowns. By updating and changing the A records of a domain rapidly, there is a constant changing list of IPs hosting the domain involved, .. --------------------------------------------- https://blog.team-cymru.org/2016/04/east-european-criminal-fastflux-infrast… *** USB: Digitale Signaturen schützen vor bösartigen oder schlechten Geräten *** --------------------------------------------- USB-Geräte mit Typ-C-Anschluss sollen sich künftig mit kryptografischen Zertifikaten ausweisen, um Malware-Angriffe und Probleme durch inkompatible Netzteile zu vermeiden. --------------------------------------------- http://heise.de/-3173701

1 0

Tageszusammenfassung - Mittwoch 13-04-2016
by Daily end-of-shift report 13 Apr '16

13 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 12-04-2016 18:00 − Mittwoch 13-04-2016 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** [R1] Nessus < 6.6 Fixes Two Vulnerabilities *** --------------------------------------------- Tenable recently worked with Synacktiv to perform security testing for Nessus, as part of an ongoing initiative to proactively address security issues. During the test, their team found two issues that may impact a Nessus vulnerability scanner. Both issues require user authentication to exploit: CVE-2016-82012 - Stored XSS CVE-2016-82013 - XML External Entity (XXE) Expansion DoS --------------------------------------------- http://www.tenable.com/security/tns-2016-08 *** UPDATE: Security Updates Available for Adobe Flash Player (APSB16-10) *** --------------------------------------------- A Security Bulletin (APSB16-10) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1334 *** Security Bulletins Posted *** --------------------------------------------- Security Bulletins for the Adobe Creative Cloud Desktop Application (APSB16-11) as well as RoboHelp Server (APSB16-12) have been published. Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant security bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1336 *** MS16-APR - Microsoft Security Bulletin Summary for April 2016 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS16-APR *** ZeuS Banking Trojan Resurfaces As Atmos Variant *** --------------------------------------------- Atmos banking malware has perilous pedigree that includes Citadel and ZeuS. --------------------------------------------- http://threatpost.com/zeus-banking-trojan-resurfaces-as-atmos-variant/11734… *** Website Ransomware - CTB-Locker Goes Blockchain *** --------------------------------------------- During the last couple of years, website ransomware has become one of the most actively developing types of malware. After infamous fake anti-viruses, this it the second most prominent wave of malware that makes money by directly selling 'malware removal' services to users of infected computers. --------------------------------------------- https://blog.sucuri.net/2016/04/website-ransomware-ctb-locker-goes-blockcha… *** Badlock Vulnerability Falls Flat Against Its Hype *** --------------------------------------------- The much anticipated Badlock vulnerability wasn't in the SMB protocol after all, but in SAM and LSAD and exposed Windows machines to privilege escalation. --------------------------------------------- http://threatpost.com/badlock-vulnerability-falls-flat-against-its-hype/117… *** Cisco Unity Connection Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** MSRT April release features Bedep detection *** --------------------------------------------- As part of our ongoing effort to provide better malware protection, the Microsoft Malicious Software Removal Tool (MSRT) release this April will include detections for: Win32/Bedep, Trojan family Win32/Upatre, Trojan family Ransom:MSIL/Samas [...] In this blog, we'll focus on the Bedep family of trojans. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/04/12/msrt-april-release-feat… *** S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8442 *** Patchday: Microsoft stopft 13 Lücken, Adobe lässt es ruhig angehen *** --------------------------------------------- Microsoft stellt Sicherheitspatches für sechs als kritisch und sieben als wichtig eingestufte Schwachstellen in Windows & Co. bereit. Adobe flickt diesen Monat lediglich jeweils eine kritische und wichtige Lücke. --------------------------------------------- http://heise.de/-3171881 *** Badlock *** --------------------------------------------- Gestern abend haben Microsoft und das Samba-Projekt Patches zum lange angekündigten (und mancherorts medial auch gut aufgebauschten) sog. "Badlock"-Bug (CVE-2016-0128) veröffentlicht [...] Inhaltlich ist das nicht wirklich tragisch - ein "Man-in-the-middle" könnte eine SMB-Verbindung übernehmen. Da SMB-Verbindungen normalerweise nur in lokalen Netzen oder via VPN aufgebaut werden, hält sich der Impact in Grenzen. --------------------------------------------- http://www.cert.at/services/blog/20160413110435-1730.html *** Siemens Industrial Products glibc Library Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a buffer overflow vulnerability in the glibc library affecting several of the Siemens industrial products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01 *** Siemens SCALANCE S613 Denial-of-Service Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a resource exhaustion vulnerability that causes a denial-of-service condition in the Siemens SCALANCE S613 device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-103-02 *** Siemens Industrial Products DROWN Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a DROWN attack that can affect some Siemens industrial products under certain conditions. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-103-03 *** Honeywell Uniformance PHD Denial Of Service *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on March 10, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for a denial-of-service vulnerability in the Uniformance Process History Database (PHD). --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-070-02 *** Broken IBM Java Patch Prompts Another Disclosure *** --------------------------------------------- Current versions of IBM SDK 7 and SDK 8 remain vulnerable to a 2013 Java vulnerability. Security Explorations discovered the original patch is broken and disclosed details on the flaw and a proof-of-concept exploit. --------------------------------------------- http://threatpost.com/broken-ibm-java-patch-prompts-another-disclosure/1173… *** DFN-CERT-2016-0601/">NVIDIA GPU-Treiber: Mehrere Schwachstellen ermöglichen u.a. Privilegieneskalation *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0601/

1 0

Tageszusammenfassung - Dienstag 12-04-2016
by Daily end-of-shift report 12 Apr '16

12 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 11-04-2016 18:00 − Dienstag 12-04-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Manamecrypt - a ransomware that takes a different route *** --------------------------------------------- Hardly a week passes these days without a new family of ransomware making the headlines. This week our analysts are taking apart Manamecrypt, also referred to as CryptoHost. Basically, Manamecrypt is a ransomware Trojan horse, but it differs from other ransomware families in a number of aspects. For .. --------------------------------------------- https://blog.gdatasoftware.com/2016/04/28234-manamecrypt-a-ransomware-that-… *** Von IP-Adressen, Kloschüsseln und einer abgelegenen Farm *** --------------------------------------------- Kansas ist das Herz des Cybercrime - zumindest wenn man einer Anwendung glauben schenkt, die IP-Adressen auf einer Karte verortet. Tatsächlich leben dort unschuldige Menschen, die nun viele wütende Anrufe und Kloschüsseln bekommen. --------------------------------------------- http://www.golem.de/news/skurrile-belaestigungen-von-ip-adressen-kloschuess… *** KickassTorrent touts adoption of two-factor authentication *** --------------------------------------------- A torrent site has added an extra layer of security for users logging in. --------------------------------------------- http://www.scmagazine.com/kickasstorrent-touts-adoption-of-two-factor-authe… *** Rokku Ransomware shows possible link with Chimera *** --------------------------------------------- Rokku is yet another ransomware, discovered in recent weeks. Currently, it's most common distribution method is spam where a malicious executable is dropped by a VB script attached to an e-mail. The building blocks .. --------------------------------------------- https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/ *** Ramdo click-fraud malware uses evasive maneuvers to draw first blood from researchers *** --------------------------------------------- A thorough dissection of the click-fraud malware Ramdo shows a constantly evolving threat whose capabilities now include traffic encryption, random domain generation and improved virtualization detection. --------------------------------------------- http://www.scmagazine.com/ramdo-click-fraud-malware-uses-evasive-maneuvers-… *** Websites take control of USB devices: Googlers propose WebUSB API *** --------------------------------------------- What could possibly go wrong? Wait, what could possibly go right Two Google engineers have drafted a .. --------------------------------------------- www.theregister.co.uk/2016/04/11/google_posts_usb_devices_tool/ *** Half of people plug in USB drives they find in the parking lot *** --------------------------------------------- Why do we even bother with security software? A new study has found that almost half the people who pick up a USB stick they happen across in a parking lot plug said drives into their PCs. --------------------------------------------- www.theregister.co.uk/2016/04/11/half_plug_in_found_drives/ *** DSA-3547 imagemagick - security update *** --------------------------------------------- Several vulnerabilities were discovered in Imagemagick, a program suite forimage manipulation. This update fixes a large number of potential securityproblems such as null-pointer access and buffer-overflows that might leadto memory leaks or denial of service. None of these security problems havea CVE number assigned. --------------------------------------------- https://www.debian.org/security/2016/dsa-3547 *** Atmos, the Citadel Trojan successor is in the wild *** --------------------------------------------- Security experts from the Heimdal Security firm are issuing an alert on the Atmos malware which is the successor of the dreaded Citadel Trojan. Months ago, the author of the dreaded Citadel malware was sentenced to prison, but in .. --------------------------------------------- http://securityaffairs.co/wordpress/46252/malware/atmos-trojan.html *** TYPO3 CMS 6.2.20, 7.6.5 and 8.0.1 released *** --------------------------------------------- https://typo3.org/news/article/typo3-cms-6220-765-and-801-released/ *** Snort Lab: Payload Detection Rules (PCRE) *** --------------------------------------------- Until now, when we used Snort to look for certain content within the payload, we've always looked for some specific values. What if we wanted to look for something that we .. --------------------------------------------- http://resources.infosecinstitute.com/snort-lab-payload-detection-rules-pcr… *** Kernel: Oracle startet eigene Sammlung von Linux-Sicherheitspatches *** --------------------------------------------- Um Updates leichter einspielen zu können, will Oracle Zweige des Linux-Kernel pflegen, die ausschließlich Patches für Sicherheitslücken enthalten. Was gut klingt, ist aber eine kontroverse Idee, da die Auswirkungen von Kernel-Fehlern schwer zu beurteilen sind. --------------------------------------------- http://www.golem.de/news/kernel-oracle-startet-eigene-sammlung-von-linux-si…

1 0

Tageszusammenfassung - Montag 11-04-2016
by Daily end-of-shift report 11 Apr '16

11 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 08-04-2016 18:00 − Montag 11-04-2016 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** Mumblehard takedown ends army of Linux servers from spamming *** --------------------------------------------- One year after the release of the technical analysis of the Mumblehard Linux botnet, we are pleased to report that it is no longer active. ESET, in cooperation with the Cyber Police of Ukraine and CyS Centrum LLC, have taken down the Mumblehard botnet, stopping all its spamming activities since February 29th, 2016. --------------------------------------------- http://www.welivesecurity.com/2016/04/07/mumblehard-takedown-ends-army-of-l… *** Improvements to Safe Browsing Alerts for Network Administrators *** --------------------------------------------- [...] Today, to provide Network Admins with even more useful information for protecting their users, we're adding URLs related to Unwanted Software, Malicious Software, and Social Engineering to the set of information we share. Here's the full set of data we share with network administrators:[...] --------------------------------------------- https://security.googleblog.com/2016/04/improvements-to-safe-browsing-alert… *** Ransomware: Locky, TeslaCrypt, Other Malware Families Use New Tool To Evade Detection *** --------------------------------------------- Today we identified a new tool actively being used by the Locky ransomware family to evade detection and potentially infect endpoints. Unit 42 identified slight changes in Locky detonations through the AutoFocus threat intelligence service,... --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/04/unit42-ransomware-locky-… *** FBI: $2.3 Billion Lost to CEO Email Scams *** --------------------------------------------- The U.S. Federal Bureau of Investigation (FBI) this week warned about a "dramatic" increase in so-called "CEO fraud," e-mail scams in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters. The FBI estimates that these scams have cost organizations more than $2.3 billion in losses over the past three years. --------------------------------------------- http://krebsonsecurity.com/2016/04/fbi-2-3-billion-lost-to-ceo-email-scams/ *** If only hackers could stop slurping test and dev databases. Wait, our phone is ringing ... *** --------------------------------------------- Delphix thinks it has a solution Exposure and loss of sensitive data is happening everywhere these days. One attack surface, as the jargon has it, is sensitive production data used in internal testing and development systems. --------------------------------------------- http://www.theregister.co.uk/2016/04/08/delphix_data_breach_prevention/ *** Hikvision Digital Video Recorder Cross-Site Request Forgery *** --------------------------------------------- The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5315.php *** The Open-source vulnerabilities database (OSVDB) shuts down permanently *** --------------------------------------------- The Open Sourced Vulnerability Database (OSVDB) shut down permanently in response to the lack of assistance from the industry. The Open Sourced Vulnerability Database (OSVDB) shut down permanently, the news was reported in a blog post published by the maintainers of the project. The decision was made in response to the lack of assistance from the industry. --------------------------------------------- http://securityaffairs.co/wordpress/46129/security/osvdb-shuts-down.html *** Windows XP ist nicht totzukriegen: 11 Prozent Marktanteil *** --------------------------------------------- 15 Jahre nach der Veröffentlichung und zwei Jahre nach Support-Ende durch Microsoft ist Windows XP weiterhin das dritthäufigste Betriebssystem im Desktop-Bereich. --------------------------------------------- http://futurezone.at/produkte/windows-xp-ist-nicht-totzukriegen-11-prozent-… *** Hacker-Angriff auf DuMont Mediengruppe: Zeitungsportale betroffen *** --------------------------------------------- Systeme aus Sicherheitsgründen abgeschaltet --------------------------------------------- http://derstandard.at/2000034558622 *** Moxa NPort Device Vulnerabilities *** --------------------------------------------- NCCIC/ICS-CERT is aware of a public report of vulnerabilities affecting Moxa NPort 6110, 5100 series, and 6000 series devices. The Moxa NPort 6110 device is a Modbus/TCP to serial communication gateway. Moxa NPort 5100 series and 6000 series devices are serial-to-Ethernet converters. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-099-01 *** Learning from Bait and Switch Mobile Ransomware *** --------------------------------------------- Porn and mobile malware; two things that can illicit the response "I didn't know how it got there" when someone finds them. We have recently caught sight of a mobile ransomware distributed by fake adult websites. However, much like a lot of things in the adult industry, this malware doesn't seem very logical.This piece showcases an incident that can help users understand mobile threats and aims to boost user awareness to these threats. We believe that securing knowledge --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/learning-from-ba… *** Mindless Flash masses saved as exploit kit devs go astray with 0day *** --------------------------------------------- Since-patched flaw was imperfectly targeted by incompetent crimeware Malwarebytes hacker Jerome Segura says black hats have made a mess of efforts to unleash an Adobe Flash zero day vulnerability as part of their popular exploit kit, reducing the pool of potential victims. --------------------------------------------- http://www.theregister.co.uk/2016/04/11/mindless_flash_masses_saved_as_magn… *** Vista: Das letzte Jahr für die viel gehasste Windows-Version *** --------------------------------------------- Am 11. April 2017 wird der Support eingestellt - Baldiges Update empfohlen --------------------------------------------- http://derstandard.at/2000034590249 *** New Threat Report *** --------------------------------------------- Our latest threat report (PDF) is now available. The report discusses trends from the most prevalent cybersecurity threats we've seen during the year 2015. The Chain of Compromise (CoC) model is also introduced along with exploit kits, ransomware and more. Get it and more from:f-secure.com/labs --------------------------------------------- https://labsblog.f-secure.com/2016/04/11/new-threat-report/ *** Erpressungs-Trojaner Petya geknackt, Passwort-Generator veröffentlicht *** --------------------------------------------- Ein kostenloses Tool soll das zum Entschlüsseln nötige Passwort innerhalb weniger Sekunden generieren können, verspricht der Macher des Werkzeugs. Erste Erfolgsberichte von Petya-Opfern liegen bereits vor. --------------------------------------------- http://heise.de/-3167064 *** Nuclear Drops Tor Runs and Hides *** --------------------------------------------- Yesterday we observed a new technique in the Nuclear kit and found a new payload and technique we've not seen before. --------------------------------------------- http://blog.talosintel.com/2016/04/nuclear-tor.html *** iMessage-Schwachstelle ermöglicht Zugriff auf alle Nachrichten im Klartext *** --------------------------------------------- Eine Sicherheitslücke in der Nachrichten-App erlaubt einem Angreifer, die Datenbank mit sämtlicher Kommunikation des Opfers auszulesen, sobald dieses einen zugesendeten Link anklickt. Apple hat die Schwachstelle in OS X 10.11.4 beseitigt. --------------------------------------------- http://www.heise.de/newsticker/meldung/iMessage-Schwachstelle-ermoeglicht-Z… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Netezza Host Management (CVE-2016-2842) *** http://www.ibm.com/support/docview.wss?uid=swg21980927 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in RubyOnRails affects IBM BigFix Compliance Analytics. (CVE-2016-2097, CVE-2016-2098) *** http://www.ibm.com/support/docview.wss?uid=swg21979720 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2015-7560) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005727 --------------------------------------------- *** IBM Security Bulletin: Potential security vulnerability in IBM WebSphere Application Server if FIPS 140-2 is enabled (CVE-2016-0306) *** http://www.ibm.com/support/docview.wss?uid=swg21979231 --------------------------------------------- *** Multiple vulnerabilities in OpenSSL affect AIX CVE-2016-0800 CVE-2016-0799 CVE-2016-0798 CVE-2016-0797 CVE-2016-0705 CVE-2016-0702 *** http://www.ibm.com/support/ --------------------------------------------- *** IBM Security Bulletin: Cross-site scripting vulnerability in Liberty for Java for IBM Bluemix (CVE-2016-0283) *** http://www.ibm.com/support/docview.wss?uid=swg21980429 --------------------------------------------- *** IBM Security Bulletin: IBM InfoSphere Information Governance Catalog is vulnerable to XXE Injection Attack (CVE-2016-0250) *** http://www.ibm.com/support/docview.wss?uid=swg21977152 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images (CVE-2016-0701, CVE-2015-3197) *** http://www.ibm.com/support/docview.wss?uid=swg21979209 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in RubyOnRails affects IBM BigFix Compliance Analytics. (CVE-2015-7581, CVE-2016-0751, CVE-2016-0752, CVE-2016-0753) *** http://www.ibm.com/support/docview.wss?uid=swg21979514 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Algorithmics Algo Risk Application and Counterparty Credit Risk (CVE-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=swg21979757 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM BigFix Compliance Analytics. (CVE-2015-7575, CVE-2016-0466) *** http://www.ibm.com/support/docview.wss?uid=swg21979412 --------------------------------------------- *** IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services Access Control: Information Disclosure - Dojo Readmes (CVE-2016-0232) *** http://www.ibm.com/support/docview.wss?uid=swg21977163 --------------------------------------------- *** IBM Security Bulletin: IBM DB2 LUW contains a denial of service vulnerability in which a malformated DRDA message may cause the DB2 server to terminate abnormally (CVE-2016-0211) *** http://www.ibm.com/support/docview.wss?uid=swg21979984 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2015-8317) *** http://www.ibm.com/support/docview.wss?uid=swg21979515 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500) *** http://www.ibm.com/support/docview.wss?uid=swg21979513 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily