=======================
= End-of-Shift report =
=======================
Timeframe: Montag 11-07-2016 18:00 − Dienstag 12-07-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Security updates available for Adobe Flash Player (APSB16-25) ***
---------------------------------------------
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Platform: Windows, Macintosh, Linux and ChromeOS
---------------------------------------------
https://helpx.adobe.com/security/products/flash-player/apsb16-25.html
*** Bugtraq: Persistent Cross-Site Scripting in WP Live Chat Support plugin ***
---------------------------------------------
A persistent Cross-Site Scripting (XSS) vulnerability has been found in
the WP Live Chat Support plugin. By using this vulnerability an attacker
can supply malicious code on behalf of a logged on WordPress user in
order to perform a wide variety of actions, such as stealing victims'
session tokens or login credentials, performing arbitrary actions on
their behalf, and logging their keystrokes.
---------------------------------------------
http://www.securityfocus.com/archive/1/538871
*** Serious flaw fixed in widely used WordPress plug-in ***
---------------------------------------------
If youre running a WordPress website and you have the hugely popular All in One SEO Pack plug-in installed, its a good idea to update it as soon as possible. The latest version released Friday fixes a flaw that could be used to hijack the sites admin account.The vulnerability is in the plug-ins Bot Blocker functionality and can be exploited remotely by sending HTTP requests with specifically crafted headers to the website.The Bot Blocker feature is designed to detect and block spam bots based
---------------------------------------------
http://www.csoonline.com/article/3093379/security/serious-flaw-fixed-in-wid…
*** Hiding in White Text: Word Documents with Embedded Payloads, (Wed, Jul 6th) ***
---------------------------------------------
This is a guest diary by Yaser Mansour. Due to the extensive use of images, please note that all the images are clickable to view them at full size. A PDF version of this diary is available here Malicious macros in Office documents are not new, and several samples have been analyzed here at the ISC Diary website. Usually, the macro script is used to drop the second stage malware either by reaching to the internet or by extracting a binary embedded in the Office document itself.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21227&rss
*** Jigsaw Ransomware Decrypted, Again ***
---------------------------------------------
Jigsaw ransomware's encryption has been thwarted by Check Point researchers that discover a fatal flaw.
---------------------------------------------
http://threatpost.com/jigsaw-ransomware-decrypted-again/119186/
*** [RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries ***
---------------------------------------------
The application basically offers a Cross-Site Request Forgery protection using the a Struts-based token called "token". While many administrative functionalities like adding new users are protected on this way, the following HTTP POST-based functions are missing this token and are therefore vulnerable to CSRF:
---------------------------------------------
http://www.securityfocus.com/archive/1/538877
*** [security bulletin] HPSBHF03608 rev.1 - HPE iMC PLAT and other Network Products using Apache Java Commons Collection (ACC), Remote Execution of Arbitrary Code ***
---------------------------------------------
Potential Security Impact: Remote Execution of Arbitrary Code VULNERABILITY SUMMARY: A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HPE iMC PLAT and other network products. The vulnerability could be exploited remotely to allow execution of arbitrary code.
---------------------------------------------
http://www.securityfocus.com/archive/1/538880
*** SSA-301706 (Last Update 2016-07-12): GNU C Library Vulnerability in Industrial Products ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706…
*** The July 2016 issue of our SWITCH Security Report is available! ***
---------------------------------------------
A new issue of our monthly SWITCH Security Report has just been released.
The topics covered in this report are:
* DAO-ism on the ethereal plane - hacker bags cryptocurrency worth USD 50 million
* Ransomware - smart, greedy and unkillable
* CANVAS ready to launch - bridging cybersecurity and ethics
* US border guards want to be your Facebook friend - and other news on anti-terror measures
The Security Report is available in both English and German.
---------------------------------------------
https://securityblog.switch.ch/2016/07/12/july-2016-issue-switch-security-r…
*** Erpressungs-Trojaner Ranscam schickt Daten unwiederbringlich ins digitale Nirwana ***
---------------------------------------------
Wie jede Ransomware behauptet auch Ranscam, alle als Geiseln genommenen persönlichen Daten nach einer Lösegeldzahlung freizugeben. In diesem Fall haben das die Drahtzieher aber grundsätzlich gar nicht vorgesehen, warnen Sicherheitsforscher.
---------------------------------------------
http://heise.de/-3265137
*** SFG: Furtim's Parent ***
---------------------------------------------
The Labs team at SentinelOne recently discovered a sophisticated malware campaign specifically targeting at least one European energy company.
---------------------------------------------
https://sentinelone.com/blogs/sfg-furtims-parent/
*** IBM Security Bulletins***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware (CVE-2016-2107 CVE-2016-2176) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099429
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in icu affects IBM Flex System Chassis Management Module (CVE-2014-9654) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099427
---------------------------------------------
*** IBM Security Bulletin: IBM Maximo Asset Management could expose sensitive information produced in log files of certain URLs (CVE-2016-0393) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986053
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986260
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 08-07-2016 18:00 − Montag 11-07-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Researchers Develop A Way To Stop Ransomware By Watching The Filesystem ***
---------------------------------------------
An anonymous reader quotes a report from Phys.Org: Ransomware -- what hackers use to encrypt your computer files and demand money in exchange for freeing those contents -- is an exploding global problem with few solutions, but a team of University of Florida researchers says it has developed a way to stop it dead in its tracks. The answer, they say, lies not in keeping it out of a computer but rather in confronting it once its there ...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Z6eYMxY95mo/researchers-dev…
*** BMWs ConnectedDrive ist löchrig ***
---------------------------------------------
Die eine Schwachstelle betrifft die Registrierung von Fahrzeugen anhand einer Fahrzeugnummer (VIN). Die dafür vorgesehene Überprüfung lässt sich überrumpeln, sodass Konfigurationsdaten anderer Fahrzeuge offen stehen. Damit sollen sich nicht nur Playlisten, E-Mail-Konten, Fahrrouten und Verkehrsinformationen manipulieren, sondern Fahrzeuge auch auf- und abschließen lassen.
---------------------------------------------
http://heise.de/-3262756
*** Researchers Find Over 6,000 Compromised Redis Installations ***
---------------------------------------------
An anonymous Slashdot reader writes: Security researchers have discovered over 6,000 compromised installations of Redis, the open source in-memory data structure server, among the tens of thousands of Redis servers indexed by Shodan. "By default, Redis has no authentication or security mechanism enabled, and any security mechanisms must be implemented by the end user."
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/UFahhS2H-bU/researchers-fin…
*** Polycom HDX 7000 Series Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
The web client does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser.
---------------------------------------------
http://www.securitytracker.com/id/1036261
*** Lessons Learned from Industrial Control Systems, (Sun, Jul 10th) ***
---------------------------------------------
However, like many of you, I have certain business-critical systems running on legacy hardware or requiring now-unsupported Operating Systems. These are the systems that you can't patch, or that even if they experience a compromise, you can't immediately shut them down. How to you secure networks with such constraints?
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21243&rss
*** Industrial cybersecurity threat landscape ***
---------------------------------------------
Expansion of the Internet makes ICS easier prey to attackers. The number of ICS components available over the Internet increases every year. Taking into account that initially many ICS solutions and protocols were designed for isolated environments, such availability often provides a malicious user with multiple capabilities to cause impact to the infrastructure behind the ICS due to lack of security controls.
---------------------------------------------
http://securelist.com/analysis/publications/75343/industrial-cybersecurity-…
*** System Management Mode (SMM) BIOS Vulnerability ***
---------------------------------------------
Lenovo Security Advisory: LEN-8324 Potential
Impact: Execution of code in SMM by an attacker with local administrative access
Severity: High
Scope of Impact: Industry-wide
Update as of 7/7/2016: The "Product Impact" section below of this advisory has been updated.
---------------------------------------------
https://support.lenovo.com/ch/en/solutions/LEN-8324
*** D-Link kündigt Sicherheits-Patch für einige Produkt-Serien an ***
---------------------------------------------
Sicherheitsforscher haben eine Lücke in einer Webcam von D-Link entdeckt, über die Angreifer das Administrator-Kennwort überschreiben können. Die Schwachstelle soll noch weitere Produkte des Herstellers bedrohen.
---------------------------------------------
http://heise.de/-3263433
*** Berichte über neue Erpressungswelle mit iPhone-Fernsperre ***
---------------------------------------------
Angreifer setzen offenbar erneut auf 'Mein iPhone suchen', um das Gerät aus der Ferne zu sperren. Die Freigabe des iPhones erfolge nur nach Zahlung einer Lösegeldsumme, so die Drohung.
---------------------------------------------
http://heise.de/-3263761
*** Cisco Adaptive Security Appliance Access Control List ICMP Echo Request Code Filtering Vulnerability ***
---------------------------------------------
A vulnerability in the Cisco Adaptive Security Appliance (ASA) Software implementation of access control list (ACL) permit and deny filters for ICMP Echo Reply messages could allow an unauthenticated, remote attacker to bypass ACL configurations for an affected device. ICMP traffic that should be denied may instead be allowed through an affected device.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect Rational Insight ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986564
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986563
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Apache Tomcat affects Rational Insight (CVE-2015-5174) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986559
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Apache Tomcat affects Rational Reporting for Development Intelligence (CVE-2015-5174) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986558
---------------------------------------------
*** IBM Security Bulletin: The IBM BigFix Platform has a cross-site scripting vulnerability (CVE-2016-0269) ***
http://www.ibm.com/support/docview.wss?uid=swg21985734
---------------------------------------------
*** IBM Security Bulletin: A security vulnerability has been identified in IBM Tivoli / Security Directory Server ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986452
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 07-07-2016 18:00 − Freitag 08-07-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Pentesters (and Attackers) Love Internet Connected Security Cameras!, (Wed, Jul 6th) ***
---------------------------------------------
A recent story making the rounds in both the infosec and public press is the recent use of internet-connected security cameras as a base for DDOS attacks. They dont have a lot of CPU, but theyre linux platforms that are easily hackable, never get updated and usually have good bandwidth available to them. This shouldnt come as any surprise to folks who are in the security business, or those who do any kind of a product eval before they plug new gear into their network. I see security cameras on...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21231&rss
*** D-Link Wi-Fi Camera Flaw Extends to 120 Products ***
---------------------------------------------
A software component that exposed D-Link Wi-Fi cameras to remote attacks is also used in more than 120 other products sold by the company.
---------------------------------------------
http://threatpost.com/d-link-wi-fi-camera-flaw-extends-to-120-products/1190…
*** Zero-day flaw lets hackers tamper with your car through BMW portal ***
---------------------------------------------
Researchers have disclosed zero-day vulnerabilities affecting the BMW web domain and ConnectedDrive portal which remain unpatched and open to attack. According to researchers from Vulnerability Labs, there are two main bugs both related to the BMW online service web app for ConnectedDrive, the connected car hub for new, internet-connected vehicles produced by the automaker.
---------------------------------------------
http://www.zdnet.com/article/hackers-can-tamper-with-car-registration-throu…
*** CryptXXX, Cryptobit Ransomware Spreading Through Campaign ***
---------------------------------------------
Researchers have spotted several types of ransomware, including CryptXXX and a fairly new strain, Cryptobit, being pushed through the same shady series of domains.
---------------------------------------------
http://threatpost.com/cryptxxx-cryptobit-ransomware-spreading-through-campa…
*** BMW ConnectedDrive flaws could be misused to tamper with car settings ***
---------------------------------------------
Security researcher Benjamin Kunz Mejri has found two vulnerabilities in the BMW ConnectedDrive web portal/web application. About the vulnerabilities in BMW ConnectedDrive The first one is a client-side cross site scripting web vulnerability that could be exploited by a remote attacker without a privileged account to inject his own malicious script codes to the client-side of the affected module context. Minimal user interaction is needed for this attack to work.
---------------------------------------------
https://www.helpnetsecurity.com/2016/07/08/bmw-connecteddrive-flaws/
*** BSI-Lagedossier erklärt Krypto-Trojaner ***
---------------------------------------------
Das BSI erklärt auf 35 Seiten, was es mit Ransomware auf sich hat, welche Familien wie verbreitet sind und wie man sich die Dinger vom Hals hält.
---------------------------------------------
http://heise.de/-3262333
*** Keydnap: Mac-Malware will Passwörter aus Schlüsselbund klauen ***
---------------------------------------------
Der als harmlose Datei getarnte Schädling versucht mit einem Trick, das Passwort des Nutzers zu erlangen. Mit Root-Rechten geht Keydnap dann auf die Jagd nach den im Schlüsselbund von OS X abgelegten Kennwörtern.
---------------------------------------------
http://heise.de/-3262501
*** 1,025 Wendy's Locations Hit in Card Breach ***
---------------------------------------------
At least 1,025 Wendys locations were hit by a malware-driven credit card breach that began in the fall of 2015, the nationwide fast-food chain said Thursday. The announcement marks a significant expansion in a data breach that is costing banks and credit unions plenty: Previously, Wendys had said the breach impacted fewer than 300 locations.
---------------------------------------------
http://krebsonsecurity.com/2016/07/1025-wendys-locations-hit-in-card-breach/
*** Dropping Elephant APT Targets Old Windows Flaws ***
---------------------------------------------
Dropping Elephant, an advanced persistent threat group, is using old exploits to target unpatched version of Windows in highly effective cyber espionage campaign.
---------------------------------------------
http://threatpost.com/dropping-elephant-apt-targets-old-windows-flaws/11912…
*** Initiative im Bundesrat: Härteres Vorgehen gegen Botnetz-Kriminalität ***
---------------------------------------------
Wer in ein Haus einbricht, kann wegen Hausfriedensbruch oder Diebstahl zur Verantwortung gezogen werden. Wer sich Zugang zu einem fremden Rechner verschafft, soll laut einer Gesetzesinitiative ähnliches zu erwarten haben.
---------------------------------------------
http://heise.de/-3262684
*** Security Advisories Relating to Symantec Products - Symantec Client IDS Driver PE File Memory Corruption Denial of Service ***
---------------------------------------------
Symantecs Client Intrusion Detection System (CIDS) driver may cause a system crash when interacting with a specifically-crafted Portable Executable file.
---------------------------------------------
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=s…
*** Security Advisories Relating to Symantec Products - Symantec Workspace Streaming and Workspace Virtualization Path Traversal and Arbitrary File Read ***
---------------------------------------------
Symantec Workspace Streaming (SWS) and Workspace Virtualization (SWV) management consoles were susceptible to a path traversal in a file download configuration file that could allow a malicious user who could access the vulnerable file to view unauthorized application files of specific file types. An authenticated console user could manipulate this same file to read any file on the host system. This could potentially provide additional information for staging additional attacks on the...
---------------------------------------------
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=s…
*** WECON LeviStudio Buffer Overflow Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for buffer overflow vulnerabilities in WECON's LeviStudio software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01
*** Moxa Device Server Web Console Authorization Bypass Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an authorization bypass vulnerability in Moxa's Device Server Web Console.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02
*** Security Advisory - Two Buffer Overflow Vulnerabilities in Wi-Fi Driver of Huawei Smart Phone ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160708-…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects ProtecTIER (CVE-2016-2108) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007982
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM MessageSight ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986473
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Oracle Outside In Technology affects IBM Rational DOORS Next Generation (CVE-2016-3455) ***
http://www.ibm.com/support/docview.wss?uid=swg21985994
---------------------------------------------
*** IBM Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available ***
http://www-01.ibm.com/support/docview.wss?uid=swg21985736
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099423
---------------------------------------------
*** IBM Security Bulletin: Vulnerability affects IBM Rational Team Concert GIT Integration (CVE-2016-2865 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21985865
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Libcurl affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2016-0755) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099424
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099425
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 06-07-2016 18:00 − Donnerstag 07-07-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** New Mac backdoor malware: Eleanor ***
---------------------------------------------
This new malware is only the second piece of true Mac malware spotted so far in 2016, with the first being the KeRanger ransomware.
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/2016/07/new-mac-backdoor-malware-e…
*** CryptXXX ransomware updated, (Wed, Jul 6th) ***
---------------------------------------------
This morning, the decryption instructions for CryptXXX ransomware looked different. A closer examination indicates CryptXXX has been updated.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21229&rss
*** [webapps] - OpenFire 3.10.2 - 4.0.1 - Multiple Vulnerabilities ***
---------------------------------------------
Several vulnerabilities have been discovered between 2015, October and 2016, February. Reported vulnerabilities are similar to those previously discovered by hyp3rlinx, although they concern different pages.
In brief, the flaws are of the following kinds: CSRF, XSS (reflected and stored), file upload and information disclosure. Most vulnerabilities need an administration access to the web application and may lead to personal information leakage or account take-over.
---------------------------------------------
https://www.exploit-db.com/exploits/40065
*** Realstatistics Malware Campaign Leads To Ransomware ***
---------------------------------------------
Our Incident Response Team (IRT) has been tracking a mass infection campaign over the last 2 weeks ( codenamed 'Realstatistics'). This campaign has compromised thousands of websites built on the Joomla! and WordPress Content Management System (CMS). We have codenamed the campaign 'Realstatistics' because of the domain being used by the attackers.
---------------------------------------------
https://blog.sucuri.net/2016/07/joomla-wordpress-affected-by-realstatistics…
*** EMC Avamar Backup Restoration Flaw Lets Remote Authenticated Users Read and Delete Files on the Target System ***
---------------------------------------------
A vulnerability was reported in EMC Avamar. A remote authenticated user can read and delete files on the target system.
A remote authenticated user can exploit a flaw in the backup restoration component to read and delete files on the target system.
EMC Avamar Data Store and Avamar Virtual Edition are affected.
---------------------------------------------
http://www.securitytracker.com/id/1036235
*** Androids July security bulletin patches 20 critical flaws ***
---------------------------------------------
Google releases Android security bulletin, providing updates for 89 critical and high severity vulnerabilities affecting software and hardware components including Mediaserver, OpenSSL, BoringSSL, Bluetooth, Qualcomm, and numerous drivers.
---------------------------------------------
http://www.scmagazine.com/androids-july-security-bulletin-patches-20-critic…
*** mimikittenz ***
---------------------------------------------
mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes.
---------------------------------------------
https://github.com/putterpanda/mimikittenz
*** Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648) ***
---------------------------------------------
The Acer Portal Android application (version 3.9.3.2006 and below), installed by the manufacturer on all Acer branded Android devices, does not validate the SSL certificate it receives when connecting to the mobile application login server.
---------------------------------------------
http://www.securityfocus.com/archive/1/538851
*** Upcoming Security Updates for Adobe Acrobat and Reader (APSB16-26) ***
---------------------------------------------
A prenotification Security Advisory (APSB16-26) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, July 12, 2016.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1374
*** Insecure Unserialize in extension "Page path" (pagepath) ***
---------------------------------------------
It has been discovered that the extension "Page path" (pagepath) is susceptible to Insecure Unserialize.
---------------------------------------------
https://typo3.org/news/article/insecure-unserialize-in-extension-page-path-…
*** Cross-Site Scripting in extension "CCDebug" (cc_debug) ***
---------------------------------------------
It has been discovered that the extension "CCDebug" (cc_debug) is susceptible to Cross-Site Scripting.
---------------------------------------------
https://typo3.org/news/article/cross-site-scripting-in-extension-ccdebug-cc…
*** ZDI-16-407: Eaton ELCSoft ELCSimulator Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. Authentication is not required to exploit this vulnerability.
---------------------------------------------
www.zerodayinitiative.com/advisories/ZDI-16-407/
*** ZDI-16-406: Novell NetIQ Sentinel Server ReportViewServlet fileName Directory Traversal Information Disclosure Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to disclose arbitrary file contents on vulnerable installations of Novell NetIQ Sentinel Server. Authentication is required to exploit this vulnerability but it can be bypassed using a separate flaw within the LogonFormController.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-406/
*** Cisco Video Communication Server and Expressway Trusted Certificate Authentication Bypass Vulnerability ***
---------------------------------------------
A vulnerability in certificate management and validation for the Mobile and Remote Access (MRA) feature for Cisco Expressway Series and TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to bypass authentication and access internal HTTP system resources.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco AMP Threat Grid Unauthorized Clean IP Access Vulnerability ***
---------------------------------------------
A vulnerability in the virtual network stack of the Cisco AMP Threat Grid Appliance could allow an unauthenticated, remote attacker to access internal interfaces within the appliance.
The vulnerability is due to insufficient isolation between the sandbox and other internal components. An attacker could exploit this vulnerability by submitting a malware sample crafted to exploit this flaw. An exploit could allow the attacker to intercept interprocess calls and allow them to access, modify, and delete information from the system.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Virtual Server Protection for VMware (CVE-2015-3195) ***
http://www.ibm.com/support/docview.wss?uid=swg21986312
---------------------------------------------
*** IBM Security Bulletin: IBM TRIRIGA Applications are vulnerable to a privilege escalation attack. (CVE-2016-2917) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984304
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Metrics Manager (CVE-2016-3427) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21985522
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM eDiscovery Analyzer ***
https://www-01.ibm.com/support/docview.wss?uid=swg21984496
---------------------------------------------
*** IBM Security Bulletin: Multiple Samba vulnerability issues in IBM Storwize V7000 Unified ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005814
---------------------------------------------
*** IBM Security Bulletin: Multiple Samba vulnerability issue on IBM SONAS. ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005813
---------------------------------------------
*** IBM Security Bulletin: Badlock Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2016-2118) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005816
---------------------------------------------
*** IBM Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2015-5252) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005810
---------------------------------------------
*** IBM Security Bulletin:Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2015-7560) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005805
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in openldap2 affects IBM Flex System Chassis Management Module (CVE-2015-6908) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099421
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM UrbanCode Release (CVE-2015-5174) ***
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000164
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 05-07-2016 18:00 − Mittwoch 06-07-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** EU-Parlament beschließt Cybersicherheitsgesetz mit Meldepflicht ***
---------------------------------------------
Die europäischen Abgeordneten haben den lange umstrittenen Richtlinienentwurf zur Netz- und Informationssicherheit verabschiedet. Damit kommen auf größere Online-Anbieter und Betreiber kritischer Infrastrukturen Auflagen zu.
---------------------------------------------
http://heise.de/-3258129
*** Encryption Bypass Vulnerability Impacts Half of Android Devices ***
---------------------------------------------
More than half of Android devices are vulnerable to encryption bypass attack, say researchers.
---------------------------------------------
http://threatpost.com/encryption-bypass-vulnerability-impacts-half-of-andro…
*** Nasty BIOS bug slugs Gigabyte, hackers say ***
---------------------------------------------
Vendors queue for punishment as ThinkPwn fallout spreads Gigabyte has been swept into turmoil surrounding low-level security vulnerabilities that allows attackers to kill flash protection, secure boot, and tamper with firmware on PCs by Lenovo and other vendors.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/07/06/nasty_bios_…
*** HP sichert Router gegen Fremdzugriffe ab ***
---------------------------------------------
Hewlett Packard Enterprise versorgt einige Netzwerk-Produkte mit Sicherheitsupdates für zum Teil zwei Jahre alten Lücken.
---------------------------------------------
http://heise.de/-3256913
*** Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016 ***
---------------------------------------------
CVE-2016-2108, CVE-2016-2107, CVE-2016-2106, CVE-2016-2105, CVE-2016-2109, CVE-2016-2176
Huawei has released software updates to fix this vulnerability.
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160706-…
*** Android-App verrät auch WLAN-Passwörter von A1-Routern ***
---------------------------------------------
Mit der Android-App RouterKeygen lassen sich auch WLAN-Passwörter von A1-Routern auslesen. Betroffen sind alte Router-Modelle aus dem Jahr 2011.
---------------------------------------------
http://futurezone.at/digital-life/android-app-verraet-auch-wlan-passwoerter…
*** Rexroth Bosch BLADEcontrol-WebVIS Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for an SQL injection vulnerability and a cross-site scripting vulnerability in the Rexroth Bosch BLADEcontrol-WebVIS.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-187-01
*** "Elanor": Getarnte Mac-Malware stiehlt Daten und steuert Webcam ***
---------------------------------------------
Backdoor verbirgt sich in Fake-App "EasyDoc", die auf Download-Seiten angeboten wird
---------------------------------------------
http://derstandard.at/2000040542729
*** Cisco Prime Infrastructure Administrative Web Interface HTML Injection Vulnerability ***
---------------------------------------------
A vulnerability in the administrative web interface of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the system. ...
Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM SDK for Node.js may be affected by CVE-2016-1669 ***
http://www.ibm.com/support/docview.wss?uid=swg21986383
---------------------------------------------
*** IBM Security Bulletin: IBM SDK for Node.js may be affected by CVE-2014-9748 ***
http://www.ibm.com/support/docview.wss?uid=swg21986384
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in ntp affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems (CVE-2015-5219) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099409
---------------------------------------------
*** IBM Security Bulletin: Lotus Protector for Mail Security Affected By Multiple Open Source NTP Vulnerabilities. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986167
---------------------------------------------
*** IBM Security Bulletin: Lotus Mail Security Affected By Multiple Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986391
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the Apache Xerces-C XML parser affects IBM Cognos Metrics Manager (CVE-2016-0729) ***
http://www.ibm.com/support/docview.wss?uid=swg21986259
---------------------------------------------
*** IBM Security Bulletin: Content Manager OnDemand for Multiplatforms is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-0729) ***
http://www.ibm.com/support/docview.wss?uid=swg21985363
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in OpenSSL affects IBM Cognos Metrics Manager (CVE-2016-2106, CVE-2016-2107, CVE-2016-2108) ***
http://www.ibm.com/support/docview.wss?uid=swg21977114
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Virtual Server Protection for VMware (CVE-2016-2176) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986313
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for Unix ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986123
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 04-07-2016 18:00 − Dienstag 05-07-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** EU: 450 Millonen Euro für Cyberkriminalitäts-Forschung ***
---------------------------------------------
Im Kampf gegen Cyberkriminalität will die EU-Kommission bis 2020 insgesamt 450 Millionen Euro an Forschungsausgaben bereitstellen.
---------------------------------------------
http://futurezone.at/digital-life/eu-450-millonen-euro-fuer-cyberkriminalit…
*** Word hole patched in 2012 is unchallenged king of Office exploits ***
---------------------------------------------
Its 2016, people, even the pirates have patched Possibly the most exploited unchallenged Microsoft Office vulnerability of the last decade was found and patched in 2012.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/07/05/magento_vul…
*** Getting ready for the European Cyber Security Month (ECSM) ***
---------------------------------------------
ENISA together with the European Commission and its partners are preparing for this year's cyber security month running across the EU during October, focusing each week on a different topic.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/getting-ready-for-the-european-…
*** Emulating and Exploiting Firmware binaries - Offensive IoT Exploitation series ***
---------------------------------------------
Welcome to the third post in the "Offensive IoT Exploitation" series. In the previous one, we learned about how we can get started with analyzing firmware and extracting file systems. In this post, we will take it a step further by analyzing individual binaries from firmware, and even exploiting commonly found vulnerabilities. There are two...
---------------------------------------------
http://resources.infosecinstitute.com/emulating-and-exploiting-firmware-bin…
*** Exploiting Format Strings: Getting the Shell ***
---------------------------------------------
In this article, we will have a look at how to exploit format String vulnerabilities to get a shell. Overview: In this article, we will briefly have a look at how to overwrite specific memory location, how to inject our shellcode in current memory of program and further overwrite the some desired memory address to...
---------------------------------------------
http://resources.infosecinstitute.com/exploiting-format-strings-getting-the…
*** 85 Millionen Android-Geräte von HummingBad-Malware befallen ***
---------------------------------------------
HummingBad rootet Geräte und klickt auf Werbebanner, warnen Sicherheitsforscher. Das bringe den Kriminellen 300.000 US-Dollar im Monat ein. In Deutschland sollen zehntausende Geräte infiziert sein.
---------------------------------------------
http://heise.de/-3254664
*** SSD Advisory - Wget Arbitrary Commands Execution ***
---------------------------------------------
A vulnerability in the way wget handles redirects allows attackers that are able to hijack a connection initiated by wget or compromise a server from which wget is downloading files from, would allow them to cause the user running wget to execute arbitrary commands.
---------------------------------------------
https://blogs.securiteam.com/index.php/archives/2701
*** Paper: New Keylogger on the Block ***
---------------------------------------------
In a new paper published by Virus Bulletin, Sophos researcher Gabor Szappanos takes a look at the KeyBase keylogger, sold as a commercial product and popular among cybercriminals who use it in Office exploit kits. Read more...
---------------------------------------------
https://www.virusbulletin.com/blog/2016/07/paper-new-keylogger-block/
*** Lenovo ThinkPwn UEFI exploit also affects products from other vendors ***
---------------------------------------------
A critical vulnerability that was recently found in the low-level firmware of Lenovo ThinkPad systems also reportedly exists in products from other vendors, including HP and Gigabyte Technology.An exploit for the vulnerability was published last week and can be used to execute rogue code in the CPUs privileged SMM (System Management Mode).This level of access can then be used to install a stealthy rootkit inside the computers Unified Extensible Firmware Interface (UEFI) -- the modern BIOS -- or...
---------------------------------------------
http://www.csoonline.com/article/3091753/security/lenovo-thinkpwn-uefi-expl…
*** Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979), (Tue, Jul 5th) ***
---------------------------------------------
Apache released an important update today to fix a vulnerability that affects servers that have http/2 enabled and use TLS client certificates for authentication. Apache 2.4.18-20 are vulnerable if: - TLS certificates are used for authenticating clients (look for the SSLVerifyClient require directive in your configuration file) - http/2 is enabled. (see if the Protocols line includes h2 and/or h2c).">tshark -Y ssl.handshake.extensions_alpn_str == h2 -n -i en0 \ -T fields -e ip.src -e...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21223&rss
*** Unechte Amazon-Nachricht: Rechnung uber Ihre Verkaeufergebuehren ***
---------------------------------------------
Kriminelle versenden vermeintliche Amazon-Benachrichtigungen. Darin behaupten sie, dass eine Steuerrechnung verfügbar sei. Interessenten, die diese einsehen wollen, sollen einen Dateianhang öffnen und ihre persönlichen Zugangsdaten bekannt geben. Dabei handelt es sich um einen Datendiebstahlsversuch.
---------------------------------------------
https://www.watchlist-internet.at/phishing/unechte-amazon-nachricht-rechnun…
*** (Windows) Syslog Server "npriority" field remote Denial of Service vulnerability ***
---------------------------------------------
Bug Description: Syslog Server 1.2.3 is a free syslog server for Windows systems. The syslog server cannot handle the content of the npriority field well, whereupon the server may be collapsed by receiving a customized packet.
---------------------------------------------
http://www.securityfocus.com/archive/1/538836
*** VU#690343: Acer Portal app for Android does not properly validate SSL certificates ***
---------------------------------------------
Vulnerability Note VU#690343 Acer Portal app for Android does not properly validate SSL certificates Original Release date: 05 Jul 2016 | Last revised: 05 Jul 2016 Overview The Acer Portal app for Android allows customers to connect to the Acer Cloud. The Acer Portal app, from version 3.9.3.2003 to 3.9.3.2006, does not properly validate SSL certificates when connecting to the Acer Cloud. Description CVE-2016-5648 - CWE-295: Improper Certificate ValidationThe Acer Portal app for Android, from
---------------------------------------------
http://www.kb.cert.org/vuls/id/690343
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Workload Scheduler (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176) ***
http://www.ibm.com/support/docview.wss?uid=swg21985850
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Tivoli Netcool/Reporter ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986007
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000114
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in NPM affects IBM API Connect (CVE-2016-3956, CVE-2016-2537, CVE-2016-2515) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986144
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 01-07-2016 18:00 − Montag 04-07-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Spotlight: WPBeginner's Approach to WordPress Security ***
---------------------------------------------
WPBeginner offers tutorials, tips, and tricks for WordPress beginners to improve their sites. With over 150K Twitter followers and almost 10 million monthly visitors, the website is undeniably popular. The high-quality content provided by WPBeginner helps WordPress users make better decisions and gain awareness of their options. Using research and thought leadership, WPBeginner offers guidance...
---------------------------------------------
https://blog.sucuri.net/2016/07/spotlight-wpbeginner-website-security.html
*** SQLite developers need to push the patch ***
---------------------------------------------
Tempfile permissions a can of worms SQLite has pushed out an update to fix a local tempfile bug, to address concerns that the bug could be exploitable beyond the merely local.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/07/04/sqlite_deve…
*** Verschlüsselung: Sicherheitslücke bei Start Encrypt ***
---------------------------------------------
Sicherheitsforscher haben im Client der Lets Encrypt-Alternative Start Encrypt zahlreiche Probleme gefunden, die die Ausstellung gültiger Zertifikate für beliebige URLs ermöglichte. Der Client hatte zudem zahlreiche weitere Probleme, die jetzt behoben sein sollen.
---------------------------------------------
http://www.golem.de/news/verschluesselung-sicherheitsluecke-bei-start-encry…
*** Zero-Day-Sicherheitslücke gefährdet Lenovo-Notebooks ***
---------------------------------------------
Durch eine schwerwiegende Zero-Day-Lücke in der Firmware von Lenovos Thinkpads kann unter Umständen beliebiger Programmcode auf dem System ausgeführt werden.
---------------------------------------------
http://futurezone.at/produkte/zero-day-sicherheitsluecke-gefaehrdet-lenovo-…
*** Gratis-Tools entschlüsseln Erpressungstrojaner ***
---------------------------------------------
Der Sicherheitssoftware-Hersteller AVG stellt kostenlose Werkzeuge zur Verfügung, mit denen man sich gegen diverse Verschlüsselungstrojaner wehren kann.
---------------------------------------------
http://futurezone.at/digital-life/gratis-tools-entschluesseln-erpressungstr…
*** Großes Sicherheits-Update für Foxit Reader und Phantom ***
---------------------------------------------
In dem PDF-Anzeigeprogramm Foxit Reader klaffen kritische Sicherheitslöcher, die das Update auf Version 8.0 stopft. Ebenfalls betroffen ist der PDF-Editor Phantom.
---------------------------------------------
http://heise.de/-3253936
*** UPC UBEE EVW3226 WPA2 Password Reverse Engineering ***
---------------------------------------------
TL;DR: We reversed default WPA2 password generation routine for UPC UBEE EVW3226 router. This blog contains firmware analysis, reversing writeup, function statistical analysis and proof-of-concept generator.
---------------------------------------------
https://deadcode.me/blog/2016/07/01/UPC-UBEE-EVW3226-WPA2-Reversing.html
*** Security Alert: Adwind RAT Spotted in Targeted Attacks with Zero AV Detection ***
---------------------------------------------
The malware economy is alive and well! And cyber criminals are making big money by using this business model. The re-emergence of Adwind RAT provides additional proof to support this. This Java-based malware has been spotted over the weekend in several targeted attacks against Danish companies. Given that the malicious email employed to deceive victims...
---------------------------------------------
https://heimdalsecurity.com/blog/security-alert-adwind-rat-targeted-attacks…
*** Bugtraq: HTTP session poisoning in EMC Documentum WDK-based applications causes arbitrary code execution and privilege elevation ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538819
*** DSA-3613 libvirt - security update ***
---------------------------------------------
Vivian Zhang and Christoph Anton Mitterer discovered that setting anempty VNC password does not work as documented in Libvirt, avirtualisation abstraction library. When the password on a VNC server isset to the empty string, authentication on the VNC server will bedisabled, allowing any user to connect, despite the documentationdeclaring that setting an empty password for the VNC server prevents allclient connections. With this update the behaviour is enforced bysetting the password expiration
---------------------------------------------
https://www.debian.org/security/2016/dsa-3613
*** DSA-3614 tomcat7 - security update ***
---------------------------------------------
The TERASOLUNA Framework Development Team discovered a denial of servicevulnerability in Apache Commons FileUpload, a package to make iteasy to add robust, high-performance, file upload capability to servletsand web applications. A remote attacker can take advantage of this flawby sending file upload requests that cause the HTTP server using theApache Commons Fileupload library to become unresponsive, preventing theserver from servicing other requests.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3614
*** Sierra Wireless AirLink Raven XE and XT Gateway Vulnerabilities ***
---------------------------------------------
NCCIC/ICS-CERT is aware of a public report of three vulnerabilities affecting the Sierra Wireless AirLink Raven XE and XT gateways. According to this report, the affected products allow unauthenticated access to directories on the system, which may allow remote file upload, download, and system reboot.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-182-01
*** ZDI-16-405: Trihedral VTScada Path Out-Of-Bounds Indexing Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-405/
*** ZDI-16-404: Trihedral VTScada Filter Bypass Information Disclosure Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-404/
*** ZDI-16-403: Trihedral VTScada Directory Traversal Information Disclosure Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-403/
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: : Multiple Vulnerabilities in OpenSSL affect IBM Security Guardium ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984609
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Notes Standard Client ***
http://www-01.ibm.com/support/docview.wss?uid=swg21983686
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Control Center (CVE-2016-3427 and CVE-2016-3426) ***
http://www.ibm.com/support/docview.wss?uid=swg21986174
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime Version 7 affect IBM Content Collector for SAP Applications (CVE-2016-3426 CVE-2016-0264) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21985957
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Guardium ***
http://www-01.ibm.com/support/docview.wss?uid=swg21985729
---------------------------------------------
*** IBM Security Bulletin: IBM Sterling Connect:Direct FTP+ for Windows installers are vulnerable to attack (CVE-2016-4560) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21982722
---------------------------------------------
*** IBM Security Bulletin: OpenSource Oracle MySQL Vulnerability affects IBM Security Guardium (CVE-2016-2047) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984605
---------------------------------------------
*** IBM Security Bulletin: : Vulnerabilities in OpenSSL affect IBM Security Guardium (CVE-2015-3197) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984601
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 30-06-2016 18:00 − Freitag 01-07-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** F5: Security Advisory: GraphicsMagick vulnerability CVE-2016-5118 ***
---------------------------------------------
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. (CVE-2016-5118)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/82/sol82747025.html?…
*** The Types of Penetration Testing ***
---------------------------------------------
Black Box/White Box/Gray Box Testing
Red/Blue/Purple Teams
---------------------------------------------
http://resources.infosecinstitute.com/the-types-of-penetration-testing/
*** Apache Xerces DTD Parsing Stack Overflow Lets Remote Users Cause the Target Application to Crash ***
---------------------------------------------
Apache Xerces DTD Parsing Stack Overflow Lets Remote Users Cause the Target Application to Crash
---------------------------------------------
http://www.securitytracker.com/id/1036211
*** Eaton ELCSoft Programming Software Memory Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for a heap-based memory corruption vulnerability and a stack buffer overflow vulnerability in Eaton's ELCSoft programming software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-182-01
*** Sofortmaßnahmen für Unternehmen bei Cyberangriffen ***
---------------------------------------------
Die ersten 72 Stunden nach einem Cyber-Angriff können für die Rechtsverfolgung entscheidend sein, erklärten Wolf Theiss-Rechtsexperten vor Journalisten.
---------------------------------------------
http://futurezone.at/b2b/sofortmassnahmen-fuer-unternehmen-bei-cyberangriff…
*** SSA-444217 (Last Update 2016-06-30): Information Disclosure Vulnerabilities in SICAM PAS ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217…
*** SSA-547990 (Last Update 2016-06-30): Information Disclosure Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-547990…
*** Security Advisory 2016-01: Security Update for OTRS FAQ package ***
---------------------------------------------
An attacker could access and manipulate the database with an HTTP request.
---------------------------------------------
https://www.otrs.com/security-advisory-2016-01-security-update-otrs-faq-pac…
*** Cracking Androids full-disk encryption is easy on millions of phones - with a little patience ***
---------------------------------------------
Just need a couple of common bugs, some GPUs and time Androids full-disk encryption on millions of devices can be cracked by brute-force much more easily than expected - and theres working code to prove it.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/07/01/turns_out_b…
*** Joomla com_smartformer 2.4.1 Shell Upload ***
---------------------------------------------
* @package SmartFormer
* @version 2.4.1 (J1.5 security fix)
poc:
1 - choose a site and open it
2 - Upload shell.php
3 - Go to :/components/com_smartformer/files/shell.php
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016070002
*** Process Hallowing ***
---------------------------------------------
In this article, we will learn what process hallowing is, how is it done, and how we can detect it while performing memory analysis.
---------------------------------------------
http://resources.infosecinstitute.com/process-hallowing/
*** Exploiting Format Strings (Part 1) ***
---------------------------------------------
Overview : In this article, we will learn what Format String Vulnerabilities is, how we exploit it to read specific values from the stack, further we will also have a look at how we can use different format specifiers to write arbitrary values to the stack.
---------------------------------------------
http://resources.infosecinstitute.com/exploiting-format-strings-part-1/
*** UEFAs Euro 2016 app is airing football fans' privates in public ***
---------------------------------------------
Offside! Lack of encryption bares usernames, passwords and more The official UEFA Euro 2016 app is leaking football fans' personal data, security researchers warn.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/07/01/euro_2016_a…
*** Cracking Locky's New Anti-Sandbox Technique ***
---------------------------------------------
This new trick may pose challenges for automated Locky tracking systems that utilize sandboxing due to the following considerations: New Locky binaries will not execute properly without the correct parameter. JavaScript downloaders may fail to download if the download locations are already down.
---------------------------------------------
https://blog.fortinet.com/2016/06/30/cracking-locky-s-new-anti-sandbox-tech…
*** Magento Re-Installation & Account Hijacking Vulnerabilities ***
---------------------------------------------
Before discovering my latest Magento RCE, I've found two different vulnerabilities, both resulting in the complete compromise of customer data and/or the server. As they are far less complicated, I'm presenting both of them in this single blog post for your convenience. Vulnerable Versions: Magento EE & CE 2.x.x before 2.0.6.
---------------------------------------------
http://netanelrub.in/2016/07/01/magento-re-installation-account-hijacking-v…
*** F5: Security Advisory: Cross Site Scripting (XSS) vulnerability in F5 WebSafe Dashboard CVE-2016-5235 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/48/sol48572812.html?…
*** A year of Windows kernel font fuzzing #2: the techniques ***
---------------------------------------------
Posted by Mateusz Jurczyk of Google Project ZeroIn part #1 of the series (see here), we discussed the motivation and outcomes of our year long fuzzing effort against the Windows kernel font engine, followed by an analysis of two bug collisions with Keen Team and Hacking Team that ensued as a result of this work. While the bugs themselves are surely amusing, what we find even more interesting are the techniques and decisions we made to make the project as effective as it turned out to be.
---------------------------------------------
http://googleprojectzero.blogspot.com/2016/07/a-year-of-windows-kernel-font…
*** Cisco Configuration Assistant Request Processing Unauthorized Access Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Lotus Protector for Mail Security Affected By Multiple Open Source PHP Vulnerabilities. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21985802
---------------------------------------------
*** IBM Security Bulletin: Cross-site Request Forgery (CSRF) security vulnerability in IBM WebSphere Commerce (CVE-2016-2863) ***
http://www.ibm.com/support/docview.wss?uid=swg21983626
---------------------------------------------
*** IBM Security Bulletin: HTTP response splitting attack in FastBack for Workstations Central Administration Console (CVE-2016-0359) ***
http://www.ibm.com/support/docview.wss?uid=swg21986310
---------------------------------------------
*** IBM Security Bulletin: InstallAnywhere Vulnerability affects Daeja ViewONE Professional, Standard & Virtual (CVE-2016-4560) ***
http://www.ibm.com/support/docview.wss?uid=swg21984799
---------------------------------------------
*** IBM Security Bulletin: OpenSource Apache Taglibs Vulnerability in FastBack for Workstations Central Administration Console (CVE-2015-0254) ***
http://www.ibm.com/support/docview.wss?uid=swg21986309
---------------------------------------------
*** IBM Security Bulletin: IBM Cognos Business Intelligence Server 2016Q2 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984323
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Open Source GNU glibc affects IBM OS Images for Red Hat Linux Systems. (CVE-2015-5277) ***
http://www.ibm.com/support/docview.wss?uid=swg21986400
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 28-06-2016 18:00 − Mittwoch 29-06-2016 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
*** How Red Hat uses CVSSv3 to Assist in Rating Flaws ***
---------------------------------------------
Humans have been measuring risk since the dawn of time. "Im hungry, do I go outside my awesome cave here and forage for food? There might be something bigger, scarier, and hungrier than me out there...maybe I should wait?" Successfully navigating through life is a series of Risk/Reward calculations made each and every day. Sometimes, ideally, the choices are small ("Do I want fries with that?") while others can lead to catastrophic outcomes if the scenario isnt fully
---------------------------------------------
https://access.redhat.com/blogs/766093/posts/CVSSv3
*** How to Compromise the Enterprise Endpoint ***
---------------------------------------------
Posted by Tavis Ormandy.Symantec is a popular vendor in the enterprise security market, their flagship product is Symantec Endpoint Protection. They sell various products using the same core engine in several markets, including a consumer version under the Norton brand. Today we're publishing details of multiple critical vulnerabilities that we discovered, including many wormable remote code execution flaws.These vulnerabilities are as bad as it gets.
---------------------------------------------
http://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-…
*** E-Mail-Verschlüsselung für jedermann: Volksverschlüsselung steht bereit ***
---------------------------------------------
Ab sofort können Windows-Nutzer die kostenlose Volksverschlüsselungs-Software nutzen, um E-Mails verschlüsselt über gängige Clients zu verschicken.
---------------------------------------------
http://heise.de/-3250728
*** Europäisches Konsortium für cloud-basierte Unterschriften und Siegel gegründet ***
---------------------------------------------
Zum Start der eIDAS-Verordnung haben euopäische Signatur-Dienstleister auf Initiative von Adobe das Cloud Signature Consortium (CSC) gegründet. Es soll einen offenen Standard für cloud-basierte Signaturen und Siegel erarbeiten.
---------------------------------------------
http://heise.de/-3250807
*** Malware gibt sich als WhatsApp aus und stiehlt Daten ***
---------------------------------------------
Auch andere Android-Apps wie Uber oder der Google Play Store wird von der Schadsoftware imitiert, um Kreditkartendaten zu erbeuten.
---------------------------------------------
http://futurezone.at/digital-life/malware-gibt-sich-als-whatsapp-aus-und-st…
*** Home security systems hacked with 1234 password - Update ***
---------------------------------------------
Many smart home security systems come with standard passwords. Potential intruders can deactivate them online and use them to spy on homes - the affected systems are in use in many countries globally.
---------------------------------------------
http://www.heise.de/ct/artikel/Home-security-systems-hacked-with-1234-passw…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: WebSphere Application Server Liberty API Discovery feature has potential vulnerability (CVE-2016-2945) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984502
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021361
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in java affect Power Hardware Management Console (CVE-2016-3426 ) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021385
---------------------------------------------
*** IBM Security Bulletin: Cross Site Scripting (XSS) security vulnerabilities in IBM WebSphere Commerce (CVE-2016-2862) ***
http://www.ibm.com/support/docview.wss?uid=swg21983625
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Productivity Center (CVE-2016-0363) ***
http://www.ibm.com/support/docview.wss?uid=swg21986168
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Open Source BeanShell has been addressed by IBM Kenexa LCMS Premier (CVE-2016-2510) ***
http://www.ibm.com/support/docview.wss?uid=swg21985108
---------------------------------------------
*** IBM Security Bulletin: IBM Tealeaf Customer Experience installers vulnerable to attack (CVE-2016-2542) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21981024
---------------------------------------------
*** IBM Security Bulletin: Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2 ***
http://www-01.ibm.com/support/docview.wss?uid=swg21985099
---------------------------------------------
*** Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109) ***
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021361
---------------------------------------------
*** Security Bulletin: Vulnerabilities in java affect Power Hardware Management Console (CVE-2016-3426 ) ***
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021385
---------------------------------------------