Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - Freitag 8-04-2016
by Daily end-of-shift report 08 Apr '16

08 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 07-04-2016 18:00 − Freitag 08-04-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Schweizer News-Site verbreitet Schadcode: Behörden und Firmen reagieren *** --------------------------------------------- Weil darüber offenbar gehäuft Schadcode verbreitet wird, haben nun die Schweizer Bundesverwaltung und mehrere große Unternehmen des Landes den Zugang ihrer Mitarbeiter zu einer der größten News-Sites des Landes gesperrt. --------------------------------------------- http://heise.de/-3165287 *** Security Features Nobody Implements, (Thu, Apr 7th) *** --------------------------------------------- Nobody may be wording it a bit strong. But adoption of these security features is certainly not taking off. If you can think of any features I forgot, then please comment: DNSSEC That is probably my favorite issue. DNSSEC fixes on of the most important protocols. Without it, spoofing is always possible, and in some cases not even terribly hard. I think there are a number of reasons it is not implemented: If you implement it, there is a good chance that you make your domain non-reachable if you... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20921&rss *** Open-source vulnerabilities database shuts down *** --------------------------------------------- An open-source project dedicated to cataloguing a huge range of computer security flaws has closed its doors as of Tuesday, according to an announcement on the Open-Source Vulnerability Database's blog.The OSVDB, which was founded in 2002, was meant to be an independent repository for security information, allowing researchers to compare notes without oversight from large corporate software companies.One of its founders was HD Moore, a well-known hacker and security researcher, best known... --------------------------------------------- http://www.cio.com/article/3053695/open-source-tools/open-source-vulnerabil… *** SBA Research @ Cyber-Physical Systems Week 2016 *** --------------------------------------------- We will participate in the events of CPS Week 2016 (Vienna, Austria, April 11-14, 2016). On Monday (April 11), Johanna Ullrich presents our work on "The Quest for Privacy in the Consumer Internet of Things" at the International Workshop on Consumers and the Internet of Things (ConsIoT 2016). A live webcast by the IoEtv will... --------------------------------------------- https://www.sba-research.org/2016/04/08/sba-research-cyber-physical-systems… *** Adobe fixes CVE-2016-1019 Zero-Day exploited to serve ransomware *** --------------------------------------------- Cyber criminals are exploiting the Flash player zero-day vulnerability (CVE-2016-1019) affecting Flash Player 21.0.0.197 and earlier disclosed by Adobe. Cyber criminals are already exploiting the Flash player zero-day vulnerability (CVE-2016-1019) affecting Flash Player 21.0.0.197 and earlier (CVE-2016-1019) disclosed by Adobe this week. Researchers at security firm Proofpoint confirmed that cyber gangs are exploiting it to distribute a ransomware dubbed Cerber. --------------------------------------------- http://securityaffairs.co/wordpress/46107/malware/adobe-fixes-cve-2016-1019… *** Breaking Semantic Image CAPTCHAs *** --------------------------------------------- Interesting research: Suphannee Sivakorn, Iasonas Polakis and Angelos D. Keromytis, "I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs": Abstract: Since their inception, captchas have been widely used for preventing fraudsters from performing illicit actions. Nevertheless, economic incentives have resulted in an armsrace, where fraudsters develop automated solvers and, in turn, captcha services tweak their design to break the... --------------------------------------------- https://www.schneier.com/blog/archives/2016/04/breaking_semant.html *** Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access *** --------------------------------------------- The Lemur Vehicle Monitors BlueDriver is an aftermarket automotive device that connects to a vehicles OBD-II port and provides information about the vehicles performance. The BlueDriver does not require a PIN for Bluetooth access, which allows anyone in range to send arbitrary commands to the vehicles CAN bus. --------------------------------------------- https://www.kb.cert.org/vuls/id/615456 *** DSA-3545 cgit - security update *** --------------------------------------------- Several vulnerabilities were discovered in cgit, a fast web frontend forgit repositories written in C. A remote attacker can take advantage ofthese flaws to perform cross-site scripting, header injection or denialof service attacks. --------------------------------------------- https://www.debian.org/security/2016/dsa-3545 *** DSA-3544 python-django - security update *** --------------------------------------------- Several vulnerabilities were discovered in Django, a high-level Pythonweb development framework. The Common Vulnerabilities and Exposuresproject identifies the following problems: --------------------------------------------- https://www.debian.org/security/2016/dsa-3544 *** Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Symantec ITMS Inventory Solution Application Denial Functionality Bypass *** --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Security Updates Available for Adobe Flash Player (APSB16-10) *** --------------------------------------------- A Security Bulletin (APSB16-10) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin. Adobe... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1334 *** SSA-751155 (Last Update 2016-04-08): Denial-of-Service Vulnerability in SCALANCE S613 *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-751155… *** SSA-623229 (Last Update 2016-04-08): DROWN Vulnerability in Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229… *** SSA-301706 (Last Update 2016-04-08): GNU C Library Vulnerability in Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706… *** IBM Security Bulletins *** --------------------------------------------- *** Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Chassis Management Module (CMM) *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099307 --------------------------------------------- *** Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Chassis Management Module (CVE-2016-0777, CVE-2016-0778) *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099309 --------------------------------------------- *** Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260 --------------------------------------------- *** Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Master Data Management *** http://www.ibm.com/support/docview.wss?uid=swg21980207 --------------------------------------------- *** IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Standards Processing Engine and IBM Transformation Extender Advanced (CVE-2015-1283) *** http://www.ibm.com/support/docview.wss?uid=swg21977266&myns=swgother&mynp=O… --------------------------------------------- *** IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Standards Processing Engine and IBM Transformation Extender Advanced (CVE-2015-3183) *** http://www.ibm.com/support/docview.wss?uid=swg21977267&myns=swgother&mynp=O… ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 7-04-2016
by Daily end-of-shift report 07 Apr '16

07 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 06-04-2016 18:00 − Donnerstag 07-04-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Trojaner infiziert 3,2 Millionen Android-Geräte *** --------------------------------------------- Über 100 Apps im offiziellen Google Play Store wurden mit einem Trojaner ausgeliefert. Millionen Android-User sind laut Sicherheitsforschern betroffen. --------------------------------------------- http://futurezone.at/digital-life/trojaner-im-google-play-store-infiziert-3… *** Phishing Email That Knows Your Address *** --------------------------------------------- An anonymous reader writes: BBC is reporting about a new type of phishing email that includes the recipients home address. The publication, citing sources, claims that thousands of people have already received such malicious emails. Clicking on the email apparently installs malware such as Cryptlocker ransomware on the recipients computing device. From the report, "Members of the BBC Radio 4s You and Yours team were among those who received the scam emails, claiming they owed hundreds of --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/7bIiICdWlco/phishing-email-… *** Cisco warns of critical risks from web bugs and insecure SSH keys *** --------------------------------------------- Fresh round of network security patches served Cisco has released a fresh crop of security advisories, including warnings for critical flaws in the UCS, Prime Infrastructure and Evolved Programmable Network Manager (EPNM) that would allow an attacker to gain root access over its products. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/04/06/cisco_warns… *** IETF-Tagung: Neue Vorschläge zum Sichern des Mailtransports *** --------------------------------------------- Mailserver hinken sicherheitsmäßig immer noch hinter Webservern her, wie ein TLS-Check der IHK Stuttgart jüngst verdeutlichte. Mailprovider haben sich nun zusammengetan, um bei der IETF mit "Strict Transport Security" voranzukommen. --------------------------------------------- http://heise.de/-3163818 *** Boffins boost IETF crypto efforts *** --------------------------------------------- Nice elliptic curves, now show us your hardware so we can do this to TLS A pair of German engineers want to give a push to the adoption of new crypto in the IETF by pushing the curves in RFC 7748 into hardware. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/04/07/boffins_boo… *** Remote code execution found and fixed in Apache OpenMeetings *** --------------------------------------------- Password token snatch might explain that unexpected weirdo in your next online meeting Recurity Labs hacker Andreas Lindh has found four vulnerabilities, including a remote code execution hole, in Apache OpenMeetings. The flaws mean attackers could hijack installations of the popular virtual meetings and shared whiteboard application. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/04/07/apache_open… *** Panama Papers: Die katastrophale IT-Sicherheitspraxis von Mossack Fonseca *** --------------------------------------------- Der Panama-Leaks-Firma Mossack Fonseca ist offenbar nicht nur das Steuerrecht herzlich egal - sondern auch die IT-Security. Kein TLS, Drown und uralte Versionen von Drupal und Outlook Web Access machen es Angreifern leicht. --------------------------------------------- http://www.golem.de/news/panama-papers-die-katastrophale-it-sicherheitsprax… *** Bypassing Phone Security through Social Engineering *** --------------------------------------------- This works: Khan was arrested in mid-July 2015. Undercover police officers posing as company managers arrived at his workplace and asked to check his driver and work records, according to the source. When they disputed where he was on a particular day, he got out his iPhone and showed them the record of his work. The undercover officers asked to... --------------------------------------------- https://www.schneier.com/blog/archives/2016/04/bypassing_phone.html *** Complete Tour of PE and ELF: Section Headers *** --------------------------------------------- In the previous part, we have discussed the ELF and Program Header. In this article, we will cover the remaining part i.e. section headers. We will also see what effect packers have on binaries headers. Below is the structure of Section Header Sh_name: Remember in ELF Header we talked about string table. sh_name is an... --------------------------------------------- http://resources.infosecinstitute.com/complete-tour-of-pe-and-elf-part-5/ *** Kärntner Unternehmen wurde Opfer eines Verschlüsselungs-Trojaners *** --------------------------------------------- Produktionsmaschine fiel in der Folge für einen Tag aus --------------------------------------------- http://derstandard.at/2000034398697 *** EUROCRYPT 2016 - supported by SBA Research *** --------------------------------------------- May 08, 2016 - May 12, 2016 - All Day Aula der Wissenschaften Wollzeile 27A Vienna --------------------------------------------- https://www.sba-research.org/events/eurocrypt-2016-supported-by-sba-researc… *** ECRYPT-CSA Workshop on Cryptographic protocols for small devices - supported by SBA Research *** --------------------------------------------- May 13, 2016 - All Day TU Wien Karlsplatz 13 1040 Wien --------------------------------------------- https://www.sba-research.org/events/ecrypt-csa-workshop-on-cryptographic-pr… *** UPDATED: Security Advisory posted for Adobe Flash Player (APSA16-01) *** --------------------------------------------- A Security Advisory (APSA16-01) has been published regarding a critical vulnerability (CVE-2016-1019) in Adobe Flash Player. UPDATE: Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running *Windows 10 and earlier* with Flash Player... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1330 *** Juniper Networks Completes ScreenOS Update *** --------------------------------------------- As we committed to in our January 8, 2016 blog, we have replaced the cryptographic algorithm in the latest release of ScreenOS 6.3. --------------------------------------------- https://forums.juniper.net/t5/Security-Incident-Response/Juniper-Networks-C… *** Bugtraq: CVE-2016-3672 - Unlimiting the stack not longer disables ASLR *** --------------------------------------------- http://www.securityfocus.com/archive/1/537996 *** DFN-CERT-2016-0567: McAfee Email Gateway: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0567/ *** Panda Security URL Filtering Privilege Escalation *** --------------------------------------------- Topic: Panda Security URL Filtering Privilege Escalation Risk: Medium Text:* CVE: CVE-2015-7378 * Vendor: Panda Security * Reported by: Kyriakos Economou * Date of Release: 05/04/2016 * Affected Pro... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016040048 *** Panda Endpoint Administration Agent Privilege Escalation *** --------------------------------------------- Topic: Panda Endpoint Administration Agent Privilege Escalation Risk: Medium Text:* CVE: CVE-2016-3943 * Vendor: Panda Security * Reported by: Kyriakos Economou * Date of Release: 05/04/2016 * Affected Pro... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016040047 *** Security Advisory: Java vulnerabilities CVE-2016-0466 and CVE-2016-0483 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/50/sol50118123.html?… *** HP Security Bulletins *** --------------------------------------------- *** Bugtraq: [security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information *** http://www.securityfocus.com/archive/1/538003 --------------------------------------------- *** Bugtraq: [security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF) *** http://www.securityfocus.com/archive/1/538005 --------------------------------------------- *** HPE Universal Configuration Management Database Unspecified Flaw Lets Remote Users Obtain Information and Perform Redirect Attacks *** http://www.securitytracker.com/id/1035505 --------------------------------------------- *** HPSBNS03571 rev.1 - HPE NonStop Virtual TapeServer (VTS), Remote Arbitrary Code Execution, Denial of Service (DoS), Unauthorized Information Disclosure *** https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05073516 --------------------------------------------- *** HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection *** https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05073504 --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco UCS Invicta Default SSH Key Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM Pure Power Integration Manager (PPIM) (CVE-2016-0777, CVE-2016-0778) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023271 --------------------------------------------- *** IBM Security Bulletin: SLOTH - Weak MD5 Signature Hash vulnerability may affect DS8000 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005735 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21980641 --------------------------------------------- *** IBM Security Bulletin:A vulnerability in IBM Java SDK affects IBM Image Construction and Composition Tool. (CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21980640 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Workload Deployer. (CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21980638 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Internet Pass-Thru (CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21979712 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM PureApplication System. (CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21980639 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director (CVE-2015-4872 CVE-2015-4840 CVE-2015-4903 ) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023588 --------------------------------------------- *** IBM Security Bulletin: IBM InfoSphere Master Data Management Collaborative Edition affected by Privilege Escalation security vulnerabilities (CVE-2015-7424) *** http://www.ibm.com/support/docview.wss?uid=swg21971542 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities have been identified in IBM Business Process Manager, and bundled products shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise *** http://www.ibm.com/support/docview.wss?uid=swg2C1000112 --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Application Platform Cross Site Scripting Vulnerability (CVE-2016-0344) *** http://www.ibm.com/support/docview.wss?uid=swg21980234 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 6-04-2016
by Daily end-of-shift report 06 Apr '16

06 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 05-04-2016 18:00 − Mittwoch 06-04-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Security Advisory posted for Adobe Flash Player (APSA16-01) *** --------------------------------------------- A Security Advisory (APSA16-01) has been published regarding a critical vulnerability (CVE-2016-1019) in Adobe Flash Player. Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP with Flash Player version 20.0.0.306 and earlier. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1330 *** Security: Ungepatchte Flash-Lücke wird aktiv ausgenutzt *** --------------------------------------------- Es ist mal wieder Flash-Player-deinstallieren-Tag. Eine derzeit ungepatchte Sicherheitslücke wird aktiv ausgenutzt, immerhin existiert ein Workaround. Adobe will aber bald reagieren. --------------------------------------------- http://www.golem.de/news/security-ungepatchte-flash-luecke-wird-aktiv-ausge… *** Server software poses soft target for ransomware *** --------------------------------------------- An alternate method for infecting computers with ransomware signals a shift in tactics by cybercriminals that could put businesses at greater risk, according to Symantec.A type of ransomware called Samsam has been infecting organizations but is not installed in the usual way."Samsam is another variant in a growing number of variants of ransomware, but what sets it apart from other ransomware is how it reaches its intended targets by way of unpatched server-side software," Symantec... --------------------------------------------- http://www.cio.com/article/3052553/server-software-poses-soft-target-for-ra… *** SAP Security - Think Different *** --------------------------------------------- Today we will discuss how SAP Security differs from traditional IT security. While in most cases security is security, no matter what we discuss, in SAP area there are some unique features. First of all, it is the question of responsibility. It's not a secret that SAP is owned and managed by business, which, to... --------------------------------------------- http://resources.infosecinstitute.com/sap-security-think-different/ *** Gpg4win 2.3.1 released *** --------------------------------------------- New in Gpg4win Version 2.3.1 (2015-04-05) - GpgOL now has an option dialog where S/MIME can be disabled. - GpgOL now supports the 64 Bit version of Microsoft Outlook. - ... --------------------------------------------- https://lists.wald.intevation.org/pipermail/gpg4win-announce/2016-April/000… *** Researchers release PoC exploit for broken IBM Java patch *** --------------------------------------------- Polish firm Security Explorations has had enough of broken patches for security vulnerabilities it has reported to vendors. On Monday, the company's CEO Adam Gowdiak has published on the Full Disclosure mailing list the technical details and PoC code for exploiting a security issue in IBM Java that has been poorly patched by the vendor. The flaw was discovered by Security Explorations researchers in early 2013. This is the 6th instance of a broken patch... --------------------------------------------- https://www.helpnetsecurity.com/2016/04/06/broken-ibm-java-patch/ *** AdLoad: an advertisement bombarder *** --------------------------------------------- The AdLoad PUP is an infection that presents its victims with a great variation of advertisements, fake alerts, dubious offers, and even other PUPs. It targets users by location and OS.Categories: PUPs Threat analysisTags: adloadadvertisementfake alertMalwarebytesPieter ArntzPUPscam(Read more...) --------------------------------------------- https://blog.malwarebytes.org/threat-analysis/2016/04/adload-an-advertiseme… *** FBI Warns of Dramatic Increase in Business E-Mail Scams *** --------------------------------------------- FBI officials are warning potential victims of a dramatic rise in the business e-mail compromise scam or "B.E.C.", [...] Law enforcement globally has received complaints from victims in every U.S. state and in at least 79 countries. [...] This amounted to more than $2.3 billion in losses. --------------------------------------------- https://www.fbi.gov/phoenix/press-releases/2016/fbi-warns-of-dramatic-incre… *** Crypto ransomware targets called by name in spear-phishing blast *** --------------------------------------------- Once the domain of espionage, personalized scams embraced by profit-driven scammers. --------------------------------------------- http://arstechnica.com/security/2016/04/crypto-ransomware-targets-called-by… *** CONIKS *** --------------------------------------------- CONIKS is an new easy-to-use transparent key-management system: CONIKS is a key management system for end users capable of integration in end-to-end secure communication services. The main idea is that users should not have to worry about managing encryption keys when they want to communicate securely, but they also should not have to trust their secure communication service providers to... --------------------------------------------- https://www.schneier.com/blog/archives/2016/04/coniks.html *** DeepSec 2015 Videos (Youtube Playlist) *** --------------------------------------------- DeepSec 2015 IN-DEPTH SECURITY CONFERENCE - 17th to 20th November 2015 The Imperial Riding School Vienna, Austria --------------------------------------------- https://www.youtube.com/playlist?list=PLBA0WdWrcrCHpBtNgK-H64_S6-xBpzILR *** ICS/SCADA Threat Intelligence Sharing Portal (March 31, 2016) *** --------------------------------------------- The EastWest Institute and the US Department of Homeland Securitys ICS-CERT have launched a portal for operators of critical infrastructure around the world to share threat information... --------------------------------------------- http://www.sans.org/newsletters/newsbites/r/18/27/308 *** Von Moorhühnern, Autounfällen und veralteter Software *** --------------------------------------------- Peter fährt mit seinem Auto für dessen tourliche Untersuchung auf Fahrtüchtigkeit - kurz, Pickerl - zu seiner vertrauten Autowerkstatt. Nach rund einer halben Stunde sagt ihm der Mechaniker, dass die Bremsleitungen seines Autos stark korrodiert seien und es nur noch eine Frage der Zeit wäre, bis diese platzen und es folglich zu einem Ausfall der Bremsen käme. Peter schluckt: "Na, da hab ich... --------------------------------------------- http://www.cert.at/services/blog/20160406112228-1706.html *** VLC Media Player Buffer Overflow in Processing WAV Files Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1035456 *** Security Advisory: Java vulnerabilities CVE-2016-4066 and CVE-2016-0483 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/50/sol50118123.html?… *** DSA-3542 mercurial - security update *** --------------------------------------------- Several vulnerabilities have been discovered in Mercurial, a distributedversion control system. The Common Vulnerabilities and Exposures projectidentifies the following issues: --------------------------------------------- https://www.debian.org/security/2016/dsa-3542 *** DFN-CERT-2016-0556: Red Hat JBoss Enterprise Application Platform: Zwei Schwachstellen ermöglichen einen Denial-of-Service-Angriff *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0556/ *** Pro-face GP-Pro EX HMI Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for hard-coded credentials in Pro-face's GP-Pro EX HMI software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01 *** Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerabilities *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on March 1, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for vulnerabilities in Eaton Lighting Systems' EG2 Web Control application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-061-03 *** Rockwell Automation Integrated Architecture Builder Access Violation Memory Error *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on February 25, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for an access violation memory error in Rockwell Automation's Integrated Architecture Builder application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-056-01 *** Bugtraq: op5 v7.1.9 Remote Command Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/537992 *** Bugtraq: CA20160405-01: Security Notice for CA API Gateway *** --------------------------------------------- http://www.securityfocus.com/archive/1/537991 *** [HTB23286]: SQL Injection in SocialEngine *** --------------------------------------------- Product: SocialEngine v4.8.9Vulnerability Type: SQL Injection [CWE-89]Risk level: High Creater: WebligoAdvisory Publication: December 21, 2015 [without technical details]Public Disclosure: April 6, 2016 CVE Reference: Pending CVSSv2 Base Score: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L] Vulnerability Details: High-Tech Bridge Security Research Lab discovered SQL-Injection vulnerability in a popular social networking software SocialEngine. The vulnerability can be exploited to gain --------------------------------------------- https://www.htbridge.com/advisory/HTB23286 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Samba affect IBM i *** http://www.ibm.com/support/docview.wss?uid=nas8N1021200 --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Application Platform Privilege Escalation (CVE-2016-0342) *** http://www.ibm.com/support/docview.wss?uid=swg21980252 --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Application Platform Cross Site Request Forgery Vulnerability (CVE-2016-0346) *** http://www.ibm.com/support/docview.wss?uid=swg21980237 --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Application Platform Information disclosure (CVE-2016-0345) *** http://www.ibm.com/support/docview.wss?uid=swg21980233 --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Application Platform Information Disclosure (CVE-2016-0343) *** http://www.ibm.com/support/docview.wss?uid=swg21980229 --------------------------------------------- *** IBM Unauthenticated access to information in IBM TRIRIGA Application Platform (CVE-2016-0312) *** http://www.ibm.com/support/docview.wss?uid=swg21979762 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM BigFix Remote Control and IBM Endpoint Manager for Remote Control (CVE-2015-3194) *** http://www.ibm.com/support/docview.wss?uid=swg21978415 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702) *** http://www.ibm.com/support/docview.wss?uid=swg21978869 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4. *** http://www.ibm.com/support/docview.wss?uid=swg21978941 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM MQ Appliance *** http://www.ibm.com/support/docview.wss?uid=swg21979829 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2016-0800, CVE-2016-0705 and CVE-2016-0797) *** http://www.ibm.com/support/docview.wss?uid=swg21980451 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Netezza Host Management *** http://www.ibm.com/support/docview.wss?uid=swg21979983 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect Tivoli Workload Scheduler (CVE-2016-0705, CVE-2016-0702, CVE-2016-0800, CVE-2016-0701) *** http://www.ibm.com/support/docview.wss?uid=swg21979602 --------------------------------------------- *** IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment, Tivoli Provisioning Manager for Images *** http://www.ibm.com/support/docview.wss?uid=swg21979311 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704) *** http://www.ibm.com/support/docview.wss?uid=swg21978489 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 5-04-2016
by Daily end-of-shift report 05 Apr '16

05 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 04-04-2016 18:00 − Dienstag 05-04-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Chrome Extension Caught Hijacking Users Browsers *** --------------------------------------------- An anonymous reader writes: Google has intervened and banned the Better History Chrome extension from the Chrome Web Store after users reported that it started taking over their browsing experience and redirecting them to pages showing ads. As it turns out, the extension was sold off to an unnamed buyer who started adding malicious code that would redirect the users traffic through a proxy, showing ads and collecting analytics on the users traffic habits. This same malicious code has also been... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/4tdNNvCWAQs/chrome-extensio… *** Microsoft account-hijacking hole closed 48 hours after bug report *** --------------------------------------------- Token-harvesting attack meant one login could open doors to multiple Microsoft services British researcher Jack Whitton has reported a Microsoft account hijacking authentication bug that would have been another arrow in an attackers phishing quiver, save for the fact that Microsoft fixed it. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/04/05/microsoft_b… *** Sicherheitslücken: Angreifer können Open-Xchange Code unterjubeln *** --------------------------------------------- In Open-Xchange klaffen zwei Schwachstellen, über die Kriminelle im schlimmsten Fall Sessions kapern können. Sicherheitspatches wurden bereits verteilt. --------------------------------------------- http://heise.de/-3162127 *** Update your ManageEngine Password Manager Pro ASAP! *** --------------------------------------------- Security researcher Sebastian Perez has revealed eight serious security vulnerabilities in ManageEngine Password Manager Pro (PMP), a password management software for enterprises, and has released details and PoC code for each of them. The solution has already been updated with fixes, so if your enterprise is using it to control the access to shared administrative/privileged passwords, you should update to the latest version and build (v8.3, build 8303) as soon as possible (if you haven't... --------------------------------------------- https://www.helpnetsecurity.com/2016/04/05/update-manageengine-password-man… *** One Conference 2016 Protecting Bits and Atoms: Cyber security is a precondition for our future *** --------------------------------------------- Cyber security, and therefore being able to use all the possibilities that ICT offers, is a precondition for the undisturbed functioning of society and for our future. With these words, State secretary Dijkhoff (Security and Justice) emphasizes the importance of the international One Conference 2016 of the National Cyber Security Center (NCSC). We cant be passive on what is to come. The speed of the developments in the digital domain require a continuous effort of both public and private... --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/one-conference-2016-protect… *** Firefox Add-On Flaw Leaves Apple And Windows Computers Open To Attack *** --------------------------------------------- Researchers say reliance on an outdated Firefox extension platform opens the door for remote system attacks on Mac OS and Windows systems. --------------------------------------------- http://threatpost.com/firefox-add-on-flaw-leaves-apple-and-windows-computer… *** Keep Windows machines infected abusing Windows Desired State Configuration (DSC) *** --------------------------------------------- Two forensics experts have demonstrated how to abuse the Windows Desired State Configuration (DSC) feature to gain persistence on the compromised machine. At the last Black Hat Asia, the forensics experts Matt Hastings and Ryan Kazanciyan from Tanium have demonstrated how to abuse the Windows Desired State Configuration (DSC) feature to gain persistence on the compromised machine. The DSC... --------------------------------------------- http://securityaffairs.co/wordpress/46006/hacking/abusing-windows-dsc.html *** Complete Tour of PE and ELF: Part 4 *** --------------------------------------------- Since we have completed the PE structure, now it is time to look at the ELF structure which is somewhat easier to understand as compared to PE. For ELF structure, we will be looking at both the linking view and execution view of a binary. Sections are similar to what we saw in PE structure... --------------------------------------------- http://resources.infosecinstitute.com/complete-tour-of-pe-and-elf-part-4/ *** Passwort-Test von CNBC: Unverschlüsselt und unverantwortlich *** --------------------------------------------- In einem Artikel des Nachrichtensenders CNBC konnten Leser die Sicherheit ihrer Kennwörter testen. Was kann dabei schon schiefgehen? Eine ganze Menge, wie Sicherheitsforscher aufzeigen. --------------------------------------------- http://heise.de/-3162731 *** Google fixes 39 Android flaws, some allow hackers to take over your phone *** --------------------------------------------- Google has released one of the largest Android monthly security updates, fixing a total of 39 vulnerabilities - 15 rated critical, including four that can lead to a complete device compromise.The patches, which are included in new firmware images that were released Monday for the companys Nexus devices, will also be published to the Android Open Source Project over the next 24 hours.They include a fix for a vulnerability that Google warned about two weeks ago and which is already being... --------------------------------------------- http://www.cio.com/article/3052201/google-fixes-39-android-flaws-some-allow… *** About the security content of iOS 9.3 *** --------------------------------------------- This document describes the security content of iOS 9.3. --------------------------------------------- https://support.apple.com/en-us/HT206166 *** DFN-CERT-2016-0548: BlackBerry powered by Android: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0548/ *** DFN-CERT-2016-0549: Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Administratorrechten *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0549/ *** Sophos Cyberoam NG Series Multiple Cross-Site Scripting Vulnerabilities *** --------------------------------------------- Multiple reflected XSS issues were discovered in Cyberoam NG appliances. Input passed via the ipFamily, applicationname and username GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitised before being returned to the user. Adding arbitrary X-Forwarded-For HTTP header to a request makes the appliance also prone to a XSS issue. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5313.php *** DSA-3541 roundcube - security update *** --------------------------------------------- High-Tech Bridge Security Research Lab discovered that Roundcube, awebmail client, contained a path traversal vulnerability. This flawcould be exploited by an attacker to access sensitive files on theserver, or even execute arbitrary code. --------------------------------------------- https://www.debian.org/security/2016/dsa-3541 *** USN-2945-1: XChat-GNOME vulnerability *** --------------------------------------------- Ubuntu Security Notice USN-2945-14th April, 2016xchat-gnome vulnerabilityA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryXChat-GNOME could be made to expose sensitive information over the network.Software description xchat-gnome - simple and featureful IRC client for GNOME DetailsIt was discovered that XChat-GNOME incorrectly verified the hostname in anSSL certificate. An attacker could trick XChat-GNOME into trusting... --------------------------------------------- http://www.ubuntu.com/usn/usn-2945-1/ *** USN-2944-1: Libav vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-2944-14th April, 2016libav vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTSSummaryLibav could be made to crash or run programs as your login if it opened aspecially crafted file.Software description libav - Multimedia player, server, encoder and transcoder DetailsIt was discovered that Libav incorrectly handled certain malformed mediafiles. If a user were tricked into opening a crafted media file, anattacker could... --------------------------------------------- http://www.ubuntu.com/usn/usn-2944-1/ *** Bugtraq: [SE-2012-01] Broken security fix in IBM Java 7/8 *** --------------------------------------------- http://www.securityfocus.com/archive/1/537973 *** Open-Xchange Input Validation Flaws Let Remote Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1035469 *** Bugtraq: [security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information *** --------------------------------------------- http://www.securityfocus.com/archive/1/537977

1 0

Tageszusammenfassung - Montag 4-04-2016
by Daily end-of-shift report 04 Apr '16

04 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 01-04-2016 18:00 − Montag 04-04-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl Co-Handler: Stephan Richter *** SideStepper vulnerability in iOS 9 endangers companies that use MDM to distribute apps *** --------------------------------------------- Researchers are warning companies that the use of MDM technology opens up a loophole in protections added to Apples iOS 9 to help prevent employees from downloading malicious software posing as legit enterprise apps. --------------------------------------------- http://www.scmagazine.com/sidestepper-vulnerability-in-ios-9-endangers-comp… *** Analysis of the Locky infection process *** --------------------------------------------- In recent months, there has been a significant increase in the number of networks and users affected by ransomware known as Locky, which is used to encrypt a victim's files and then demand a ransom to be paid in bitcoins. But, how does this threat manage to infiltrate computer systems and hijack data? From the ESET Research Lab in Latin America, we can explain the steps and the methods used by cybercriminals to evade various layers of security. --------------------------------------------- http://www.welivesecurity.com/2016/04/04/analysis-of-the-locky-infection-pr… *** PayPal plugs phishing-enabling vulnerability, stumps up $500 *** --------------------------------------------- To the bug-splatter who found it. Not to you, dont get excited PayPal has patched a flaw which created a means for miscreants to abuse its platform to lend authenticity to fraudulent or otherwise malicious emails. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/04/01/paypal_plug… *** Steam hacker says more vulnerabilities will be found, but not by him *** --------------------------------------------- "It looks like their website hasnt been updated for years." --------------------------------------------- http://arstechnica.com/gaming/2016/04/steam-hacker-says-more-vulnerabilitie… *** New Heap-Spray Exploit Tied To LZH Archive Decompression *** --------------------------------------------- Researchers found a vulnerability in the classic compression standard Lhasa, once a mainstay for game developers in the mid-90s and still in use today. --------------------------------------------- http://threatpost.com/new-heap-spray-exploit-tied-to-lzh-archive-decompress… *** Magento e-commerce platform targeted with new ransomware KimcilWare *** --------------------------------------------- Users of the Magento e-commerce platform are being targeted with a new ransomware called KimcilWare. --------------------------------------------- http://www.scmagazine.com/magento-e-commerce-platform-targeted-with-new-ran… *** Magnitude EK Malvertising Campaign Adds Fingerprinting Gate *** --------------------------------------------- Threat actors refine a malvertising campaign leading to Magnitude EK.Categories: Cybercrime ExploitsTags: fingerprintingMagnitudemalvertising(Read more...) --------------------------------------------- https://blog.malwarebytes.org/cybercrime/2016/04/magnitude-ek-malvertising-… *** Continuous Integration: Jenkins sendet versehentlich anonyme Nutzungsdaten *** --------------------------------------------- Ein Bug in den Jenkins-Versionen 1.645 und 1.642.2 ignoriert die Einstellung zum Senden der Nutzungsstatistik. Ein Update soll das Problem beheben. Alternativ geben die Macher Tipps zur manuellen Abhilfe. --------------------------------------------- http://heise.de/-3161093 *** "Experience is a good school. But the fees are high." ENISA urges decision makers to take action before a major cyber crisis occurs in Europe *** --------------------------------------------- ENISA analysed the EU-level crisis management frameworks in five different sectors to make recommendations on more efficient cyber crisis cooperation and management. The report resulting from this study highlights the lessons that can be learnt from other sectors and that could be applicable in the cyber domain. The study concludes with a series of recommendations regarding EU-level priorities to alter the impact of potential cyber crises. More recently ENISA published a video related to this study that summarises the conclusions based on testimonials from experts in other sectors. --------------------------------------------- https://www.enisa.europa.eu/media/press-releases/201cexperience-is-a-good-s… *** Multiple vulnerabilities found in Quanta LTE routers (backdoor, backdoor accounts, RCE, weak WPS ...) *** --------------------------------------------- The Quanta LTE QDH Router device is a LTE router / access point overall badly designed with a lot of vulnerabilities. Its available in a number of countries to provide Internet with a LTE network. --------------------------------------------- https://pierrekim.github.io/blog/2016-04-04-quanta-lte-routers-vulnerabilit… *** Analysis of the Procedure of Penetration on a Hacked Host *** --------------------------------------------- On the morning of 14th, a colleague of mine reported that the CPU usage of a host reached up to 100%. Then Security Department embarked on investigation and concluded the followings:... --------------------------------------------- http://en.wooyun.io/2016/03/29/48.html *** Binärdateien vergleichen: BinDiff ab sofort (fast) gratis nutzen *** --------------------------------------------- Entwickler und Sicherheitsforscher können das Tool BinDiff zum Vergleichen von Binärdateien kostenlos herunterladen. Für die Nutzung ist aber ein kostenpflichtiger Disassembler nötig. --------------------------------------------- http://heise.de/-3161798 *** How Reporters Pulled Off the Panama Papers, the Biggest Leak in Whistleblower History *** --------------------------------------------- The 2.6 terabyte Panama Papers may be the first leak of their scale, but they wont be the last. --------------------------------------------- http://www.wired.com/2016/04/reporters-pulled-off-panama-papers-biggest-lea… *** DFN-CERT-2016-0539: Squid: Zwei Schwachstellen ermöglichen u.a. verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0539/ *** DSA-3539 srtp - security update *** --------------------------------------------- Randell Jesup and the Firefox team discovered that srtp, Ciscosreference implementation of the Secure Real-time Transport Protocol(SRTP), does not properly handle RTP header CSRC count and extensionheader length. A remote attacker can exploit this vulnerability to crashan application linked against libsrtp, resulting in a denial of service. --------------------------------------------- https://www.debian.org/security/2016/dsa-3539 *** DSA-3540 lhasa - security update *** --------------------------------------------- Marcin Noga discovered an integer underflow in Lhasa, a lzh archivedecompressor, which might result in the execution of arbitrary code ifa malformed archive is processed. --------------------------------------------- https://www.debian.org/security/2016/dsa-3540 *** Bugtraq: FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/537967 *** Bugtraq: ManageEngine Password Manager Pro Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/537969

1 0

Tageszusammenfassung - Freitag 1-04-2016
by Daily end-of-shift report 01 Apr '16

01 Apr '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 31-03-2016 18:00 − Freitag 01-04-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** ICONICS WebHMI Directory Traversal Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a directory traversal vulnerability in the ICONICS WebHMI V9 application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-091-01 *** Beware of Unverified TLS Certificates in PHP & Python *** --------------------------------------------- Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your website, or clear your CDN's cache. The HTTPS protocol is used to secure the connection with the API server. However, if your web app doesn't verify the TLS certificate, aRead More The post Beware of Unverified TLS Certificates in PHP & Python appeared first on Sucuri Blog. --------------------------------------------- https://blog.sucuri.net/2016/03/beware-unverified-tls-certificates-php-pyth… *** TA16-091A: Ransomware and Recent Variants *** --------------------------------------------- In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users' access to it until a ransom is paid to unlock it. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA16-091A *** How To Build Your Own Rogue GSM BTS For Fun And Profit *** --------------------------------------------- In this blog post Im going to explain how to create a portable GSM BTS which can be used either to create a private ( and vendor free! ) GSM network or for GSM active tapping/interception/hijacking ... yes, with some (relatively) cheap electronic equipment you can basically build something very similar to what the governments are using from years to perform GSM interception. --------------------------------------------- https://evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-f… *** About the security content of iBooks Author 2.4.1 *** --------------------------------------------- Available for: OS X Yosemite v10.10 or later Impact: Parsing a maliciously crafted iBooks Author file may lead to disclosure of user information Description: An XML external entity reference issue existed with iBook Author parsing. This issue was addressed through improved parsing. CVE-ID CVE-2016-1789 --------------------------------------------- https://support.apple.com/en-us/HT206224 *** Security: Apples Rootless-Konzept hat erhebliche Mängel *** --------------------------------------------- Apples Sicherheitsmechanismus Rootless soll verhindern, dass mit Rootrechten Systemdateien verändert werden können. Doch er lässt sich leicht austricksen und Apple scheint es nicht eilig zu haben, die Lücken zu schließen. --------------------------------------------- http://www.golem.de/news/security-apples-rootless-konzept-hat-erhebliche-ma… *** WebKitGTK+ Security Advisory WSA-2016-0003 *** --------------------------------------------- Several vulnerabilities were discovered in WebKitGTK+. CVE identifiers: CVE-2016-1778, CVE-2016-1779, CVE-2016-1781, CVE-2016-1782, CVE-2016-1783, CVE-2016-1785, CVE-2016-1786. --------------------------------------------- http://webkitgtk.org/security/WSA-2016-0003.html *** DFN-CERT-2016-0530 - PostgreSQL: Zwei Schwachstellen ermöglichen u.a. das Ausspähen von Informationen *** --------------------------------------------- Zwei Schwachstellen in PostgreSQL ermöglichen einem entfernten, einfach authentifizierten Angreifer das Ausspähen von Informationen, das Durchführen von Denial-of-Service-Angriffen sowie das Umgehen von Sicherheitsvorkehrungen und in der Folge die Manipulation von Daten. Die PostgreSQL Global Development Group stellt ein Sicherheitsupdate auf die Version 9.5.2 bereit, um die Schwachstellen zu beheben. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0530/ *** New Ransomware KimcilWare Targets Magento Websites *** --------------------------------------------- Ransomware dubbed KimcilWare is targeting websites running the e-commerce platform Magento and encrypting website files. --------------------------------------------- http://threatpost.com/new-ransomware-kimcilware-targets-magento-websites/11…

1 0

Tageszusammenfassung - Donnerstag 31-03-2016
by Daily end-of-shift report 31 Mar '16

31 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 30-03-2016 18:00 − Donnerstag 31-03-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Auch Google sollte für US-Behörden Smartphones entsperren *** --------------------------------------------- Alles dreht sich im aktuellen Streit um gesperrte Smartphones von mutmaßlichen Straftätern um Apple und das FBI - US-Behörden haben aber auch an Google zahlreiche derartiger Aufforderungen verschickt. Das hat die Bürgerrechtsvereinigung ACLU herausgefunden. --------------------------------------------- http://www.golem.de/news/nicht-nur-apple-auch-google-sollte-fuer-us-behoerd… *** Lücke bei SAP-Software: Hunderttausende Unternehmen gefährdet *** --------------------------------------------- Deutsche Behörden stufen die Mängel als "kritisch" ein, erst seit Oktober behoben --------------------------------------------- http://derstandard.at/2000033938536 *** Trend-Micro-Produkte öffneten triviale Hintertür *** --------------------------------------------- Antiviren-Software soll das System vor bösartiger Software schützen. Immer öfter stellt sich jedoch heraus, dass sie selbst als Einfallstor dienen kann. Ein Sicherheitsexperte demonstriert das zum wiederholten Mal mit Trend Micros Security-Produkten. --------------------------------------------- http://heise.de/-3159436 *** Automatisierte Medikamenten-Verteiler mit über 1400 Sicherheitslücken *** --------------------------------------------- Veraltete SupplyStation-Systeme sind nach wie vor in Krankenhäusern im Einsatz und haben tausende Sicherheitslücken. Das ICS-CERT in den USA warnt deswegen vor dem Sicherheitsrisiko durch diese Medikamenten-Verteiler. --------------------------------------------- http://heise.de/-3159439 *** Snort Covert Channels *** --------------------------------------------- Lab 3: Covert Channels Covert channels are used by outside attackers to establish communications with the compromised system, or by malicious insiders to secretly transfer data to unauthorized locations. There are various implementations .. --------------------------------------------- http://resources.infosecinstitute.com/snort-covert-channels/ *** Security best practices for git users *** --------------------------------------------- In recent years git has become one of most popular SCM/Version Control systems. Usage in some high-profile open-source projects like Linux or Raspberry Pi and support from vendors like GitHub and GitLab definitively helped to gain fame. As .. --------------------------------------------- http://resources.infosecinstitute.com/security-best-practices-for-git-users/ *** PowerWare 'Fileless Infection' Deepens Ransomware Conundrum for Healthcare Providers *** --------------------------------------------- The recent wave of ransomware attacks on healthcare institutions is not only raising questions about contingency planning, but also about whether healthcare is becoming the 'go-to' target for cyber extortionists looking to make quick .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/powerware-fileless-inf… *** DFN-CERT PGP-Schlüssel *** --------------------------------------------- https://www.dfn-cert.de/aktuell/dfn-cert-schluessel.html *** Cisco Firepower Malware Block Bypass Vulnerability *** --------------------------------------------- A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Let Me Get That Door for You: Remote Root Vulnerability in HID Door Controllers *** --------------------------------------------- If you've ever been inside an airport, university campus, hospital, government complex, or office building, you've probably seen one of HID's brand of card readers standing guard over a restricted area. HID is one of the world's largest .. --------------------------------------------- http://blog.trendmicro.com/let-get-door-remote-root-vulnerability-hid-door-… *** The Linux Remaiten malware is building a Botnet of IoT devices *** --------------------------------------------- Experts from the ESET firm have spotted a new threat in the wild dubbed Remaiten that targets embedded systems to recruit them in a botnet. ESET is actively monitoring malicious codes that target IoT systems such as routers, gateways .. --------------------------------------------- http://securityaffairs.co/wordpress/45820/iot/linux-remaiten-iot-botnet.html *** Ransomware Petya - a technical review *** --------------------------------------------- In March 24, researchers at G DATA received a sample of a new type of ransomware which was dubbed 'Petya'. Unlike other types of ransomware, Petya prevents the operating system from starting by manipulating the MBR and installing its own .. --------------------------------------------- https://blog.gdatasoftware.com/2016/03/28226-ransomware-petya-a-technical-r…

1 0

Tageszusammenfassung - Mittwoch 30-03-2016
by Daily end-of-shift report 30 Mar '16

30 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 29-03-2016 18:00 − Mittwoch 30-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** CareFusion Pyxis SupplyStation System Vulnerabilities *** --------------------------------------------- This medical advisory contains mitigation details for numerous third-party software vulnerabilities in end-of-life versions of CareFusion's Pyxis SupplyStation system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-16-089-01 *** Websites Hacked Redirect to Porn from PDF / DOC Links *** --------------------------------------------- We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. This time we'll tell you about yet another interesting blackhat SEO attack that we've been watching for the last year. Let's begin with .. --------------------------------------------- https://blog.sucuri.net/2016/03/pdf-doc-urls-redirect-to-porn.html *** CloudFlare <= 1.3.20 - Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8428 *** The Topology of Malicious Activity on IPv4 *** --------------------------------------------- There has been a great deal of academic and industry focus on identifying malicious activity across autonomous systems, and for good reasons. Over 50% of 'good' Internet traffic comes from large, ocean-like ASes pushing content from companies like Netflix, Google, Facebook, Apple and Amazon. However, .. --------------------------------------------- http://www.suchin.co/2016/03/23/Topology-Of-Malicious-Activity/ *** Betriebssystem: OpenBSD 5.9 filtert weitgehend Systemaufrufe *** --------------------------------------------- Die Funktion zum Filtern und Beschränken von Systemaufrufen ist in OpenBSD 5.9 um viele Anwendungen erweitert worden. Außerdem unterstützt das System nun neuere Laptops besser - dank UEFI und WLAN nach 802.11n. --------------------------------------------- http://www.golem.de/news/betriebssystem-openbsd-5-9-filtert-weitgehend-syst… *** Scammers Impersonate ISPs in New Tech Support Campaign *** --------------------------------------------- Scammers devise a new ploy to trick users into thinking their own ISP is warning them about malware. --------------------------------------------- https://blog.malwarebytes.org/threat-analysis/2016/03/scammers-impersonate-… *** [HTB23298]: Multiple Vulnerabilities in CubeCart *** --------------------------------------------- High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in popular open source shopping software CubeCart. The discovered vulnerabilities allow a remote attacker to compromise vulnerable website and its databases, and conduct sophisticated attacks against its users. --------------------------------------------- https://www.htbridge.com/advisory/HTB23298 *** System Integrity Protection: Apples rootfreie Zone ist gar nicht so rootfrei *** --------------------------------------------- Apple will mit El Capitan verhindern, dass böse Jungs mit Root-Rechten ihr System kaputt machen. Leider hat das auch als Rootless bekannte Sicherheitskonzept viele Lücken und funktioniert deswegen momentan nicht ganz. --------------------------------------------- http://heise.de/-3157130 *** Der Liebling aller Cyber-Kriminellen: Flash *** --------------------------------------------- In den Top-15 der am meisten genutzten Sicherheitslücken finden sich allein 13 Schwachstellen in Flash, berichten die Antiviren-Experten der finnischen Firma F-Secure. --------------------------------------------- http://heise.de/-3157553

1 0

Tageszusammenfassung - Dienstag 29-03-2016
by Daily end-of-shift report 29 Mar '16

29 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 25-03-2016 18:00 − Dienstag 29-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Deutsche Hoster vermehrt im Fokus von Cyberkriminellen *** --------------------------------------------- Immer stärker nutzen Cyberkriminelle die technisch hochentwickelten Internet-Infrastrukturen der ersten Welt. Immer beliebter werden bei ihnen deutsche Hoster zum Verteilen ihrer Schadsoftware. --------------------------------------------- http://heise.de/-3151832 *** Basic Snort Rules Syntax and Usage *** --------------------------------------------- In this series of lab exercises we will demonstrate various techniques in writing Snort rules, from basic rules syntax to writing rules aimed at detecting specific types of attacks. We will also examine some basic approaches .. --------------------------------------------- http://resources.infosecinstitute.com/snort-rules-workshop-part-one/ *** TWSL2016-006: Multiple XSS Vulnerabilities reported for Zen Cart *** --------------------------------------------- Today Trustwave released a vulnerability advisory in conjunction with Zen Cart. Researchers from the SpiderLabs Research team at Trustwave recently found multiple Cross-Site Scripting (XSS) vulnerabilities in the popular online open source shopping .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/TWSL2016-006--Multiple-… *** CVE-2016-1010 (??? - Flash up to 20.0.0.306) and Exploit Kits *** --------------------------------------------- http://malware.dontneedcoffee.com/2016/03/flash-up-to-2000306.html *** Neue Infektions-Masche: Erpressungs-Trojaner missbraucht Windows PowerShell *** --------------------------------------------- Die neu entdeckte Ransomware PowerWare bemächtigt sich der Windows PowerShell, um Computer zu infizieren und Daten zu verschlüsseln. --------------------------------------------- http://heise.de/-3151892 *** Every Tool in the Tool Box *** --------------------------------------------- When I teach people about reverse engineering, I often hear the following statement: "I got the right answer, but I cheated to get it". They are typically talking about using dynamic analysis to get an answer versus statically analyzing .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Every-Tool-in-the-Tool-Box/ *** DSA-3532 quagga - security update *** --------------------------------------------- Kostya Kortchinsky discovered a stack-based buffer overflowvulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIProuting daemon. A remote attacker can exploit this flaw to cause adenial of service (daemon crash), or potentially, execution of arbitrarycode, if bgpd is configured with BGP peers enabled for VPNv4. --------------------------------------------- https://www.debian.org/security/2016/dsa-3532 *** Improving Bash Forensics Capabilities *** --------------------------------------------- Bash is the default user shell in most Linux distributions. In case of incidents affecting a UNIX server, they are chances that a Bash shell will be .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20887 *** Life After the Isolated Heap *** --------------------------------------------- Over the past few months, Adobe has introduced a number of changes to the Flash Player heap with the goal of reducing the exploitability of certain types of vulnerabilities in Flash, especially use-after-frees. I wrote an exploit involving two bugs .. --------------------------------------------- http://googleprojectzero.blogspot.com/2016/03/life-after-isolated-heap.html *** APPLE-SA-2016-03-28-1 OS X: Flash Player plug-in blocked *** --------------------------------------------- http://prod.lists.apple.com/archives/security-announce/2016/Mar/msg00007.ht… *** DSA-3533 openvswitch - security update *** --------------------------------------------- Kashyap Thimmaraju and Bhargava Shastry discovered a remotelytriggerable buffer overflow vulnerability in openvswitch, a productionquality, multilayer virtual switch implementation. Specially craftedMPLS packets could overflow .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3533 *** "Collecting Serial Data for ICS Network Security Monitoring" *** --------------------------------------------- Below is a postby SANS ICS515 - ICS Active Defense and Incident Response instructor Mark Bristow. Adversaries across the capability spectrum are increasingly targeting Industrial Control System (ICS) environments. Malware such as .. --------------------------------------------- http://ics.sans.org/blog/2016/03/29/collecting-serial-data-for-ics-network-… *** Why PCI DSS cannot replace common sense and holistic risk assessment *** --------------------------------------------- Cybersecurity compliance is not designed to eliminate data breaches or stop cybercrime. --------------------------------------------- https://www.htbridge.com/blog/why-pci-dss-cannot-replace-common-sense-and-h… *** Printers all over the US 'hacked' to spew anti-Semitic fliers *** --------------------------------------------- Andrew 'Weev' Auernheimer, one of the two men who were prosecuted and convicted for harvesting e-mails and authentication IDs of 114,000 early-adopters of Apple's iPad from AT&T's .. --------------------------------------------- https://www.helpnetsecurity.com/2016/03/29/printers-us-hacked-anti-semitic-… *** Xen Security Advisory 172 (CVE-2016-3158, CVE-2016-3159) - broken AMD FPU FIP/FDP/FOP leak workaround *** --------------------------------------------- There is a workaround in Xen to deal with the fact that AMD CPUs dont load the x86 registers FIP (and possibly FCS), FDP (and possibly FDS), and FOP from memory (via XRSTOR or FXRSTOR) when there is no pending unmasked exception. (See XSA-52.) However, this workaround does not cover all possible input cases. --------------------------------------------- http://lists.xen.org/archives/html/xen-announce/2016-03/msg00001.html *** Google-Entwickler: NPM-Malware könnte sich als Wurm verbreiten *** --------------------------------------------- Wegen einiger Design-Prinzipien der Node-Paktverwaltung NPM könne sich ein schadhaftes Modul wie ein Wurm im gesamten System verbreiten, warnt ein Google-Entwickler. Gegen die Sicherheitslücke hilft vorerst nur Handarbeit. --------------------------------------------- http://www.golem.de/news/google-entwickler-npm-malware-koennte-sich-als-wur… *** Petya: Den Erpressungs-Trojaner stoppen, bevor er die Festplatten verschlüsselt *** --------------------------------------------- Die Ransomware Petya zielt auf deutschsprachige Opfer und sorgt dafür, dass deren Rechner nicht mehr starten. Der Trojaner verschlüsselt ausserdem die Festplatten, das kann man aber verhindern, wenn man ihn rechtzeitig stoppt. --------------------------------------------- http://heise.de/-3153388 *** Lücke in populärer Anrufer-ID-App Truecaller legt Nutzerdaten offen *** --------------------------------------------- http://derstandard.at/2000033814462

1 0

Tageszusammenfassung - Freitag 25-03-2016
by Daily end-of-shift report 25 Mar '16

25 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 24-03-2016 18:00 − Freitag 25-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** DFN-CERT-2016-0510/">Xen, QEMU: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0510/ *** USB Trojan Hides In Portable Applications, Targets Air-Gapped Systems *** --------------------------------------------- A Trojan program, dubbed USB Thief by researchers at security firm ESET, infects USB drives that contain portable installations of popular applications such as Firefox, NotePad++, or TrueCrypt, and it also seems to be designed to steal information from so-called air-gapped computers. "In the case we .. --------------------------------------------- https://it.slashdot.org/story/16/03/24/184255/usb-trojan-hides-in-portable-… *** F5: sol93122894: OpenSSL vulnerability CVE-2016-0705 *** --------------------------------------------- OpenSSL handling of malformed DSA private keys may cause memory corruption and possibly stop the handling process. --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/k/93/sol93122894.html *** Tenable: [R1] Log Correlation Engine (LCE) 4.8.0 Updates Libxml2 *** --------------------------------------------- The Log Correlation Engine (LCE) uses the third-party Libxml2 library for some XML parsing routines. A vulnerability was found and patched in Libxml2 recently. Tenable has not evaluated this vulnerability beyond acknowledging that user-supplied XML .. --------------------------------------------- http://www.tenable.com/security/tns-2016-06 *** Cogent DataHub Elevation of Privilege Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a privilege elevation vulnerability in the Cogent DataHub application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01 *** SQL Injection Cheat Sheet *** --------------------------------------------- What is an SQL Injection Cheat Sheet? An SQL injection cheat sheet is a resource in which you can find detailed technical information about the many different variants of the SQL Injection vulnerability. This cheat sheet is of good .. --------------------------------------------- https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ *** Erpressungstrojaner: "Petya" befällt deutschsprachiges Gebiet *** --------------------------------------------- Die Ransomware verbreitet sich über Dropbox und zwingt Windows-User, Geld für die Entsperrung ihres Computers zu zahlen. --------------------------------------------- http://derstandard.at/2000033657066

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily