=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 07-09-2016 18:00 − Donnerstag 08-09-2016 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
*** Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability ***
---------------------------------------------
A vulnerability in session identification management functionality of the web-based management interface for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to hijack a valid user session ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability in the web-based management interface of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an authenticated, remote attacker ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Return to libstagefright: exploiting libutils on Android ***
---------------------------------------------
I’ve been investigating different fuzzing approaches on some Android devices recently, and this turned up the following rather interesting bug (CVE 2016-3861 fixed in the most recent Android Security Bulletin), deep in the ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2016/09/return-to-libstagefright-expl…
*** [R1] LCE 4.8.1 Fixes Multiple Third-party Library Vulnerabilities ***
---------------------------------------------
http://www.tenable.com/security/tns-2016-14
*** Critical Flaws Found in Network Management Systems ***
---------------------------------------------
Four leading network management system providers patched nearly a dozen critical cross-site scripting vulnerabilities disclosed Wednesday by Rapid7.
---------------------------------------------
http://threatpost.com/critical-flaws-found-in-network-management-systems-2/…
*** Updated DShield Blocklist ***
---------------------------------------------
Earlier today, I updated how our block list is generated. The idea behind this is to avoid some false positives and to make the list more meaningful. As usual, ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21453&
*** Stealing login credentials from a locked PC or Mac just got easier ***
---------------------------------------------
20 seconds of physical access with a $50 device is all it takes.
---------------------------------------------
http://arstechnica.com/security/2016/09/stealing-login-credentials-from-a-l…
*** The Limits of SMS for 2-Factor Authentication ***
---------------------------------------------
A recent ping from a reader reminded me that Ive been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication ..
---------------------------------------------
http://krebsonsecurity.com/2016/09/the-limits-of-sms-for-2-factor-authentic…
*** Erpressungstrojaner: FBI hofft auf mehr Anzeigen ***
---------------------------------------------
Die Erpresser, die Computer kapern und verschlüsseln, werden immer professioneller. In den USA wünscht sich das FBI möglichst viele Anzeigen der Opfer, da jede Information im Kampf gegen die Verbrecher helfen könne.
---------------------------------------------
http://heise.de/-3316101
*** Ten-year-old Windows Media Player hack is the new black, again ***
---------------------------------------------
Why bother buying a zero-day when casual piracy and old code can p0wn thousands? Net scum are still finding ways to take down users with a decade-old Windows Media Player attack.
---------------------------------------------
www.theregister.co.uk/2016/09/08/windows_media_player_malware_drm_security/
*** WordPress 4.6.1 upgrades security, fixes 15 bugs ***
---------------------------------------------
WordPress 4.6.1 is now available. This is a security release for all previous versions and all users are strongly encouraged to update their sites immediately. The two ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/09/08/wordpress-4-6-1-upgrades-securit…
*** Netzwerkanalyse: Version 2.2 von Wireshark freigegeben ***
---------------------------------------------
Version 2.2 von Wireshark versteht eine Reihe neuer Protokolle. Zudem spricht es selbst inzwischen JSON und kann Pakete in diesem Format exportieren.
---------------------------------------------
http://heise.de/-3316297
*** Denial of Service in extension "Speaking URLs for TYPO3" (realurl) ***
---------------------------------------------
https://typo3.org/news/article/denial-of-service-in-extension-speaking-urls…
*** Xen Security Advisory CVE-2016-7154 / XSA-188 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-188.html
*** Xen Security Advisory CVE-2016-7094 / XSA-187 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-187.html
*** Xen Security Advisory CVE-2016-7093 / XSA-186 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-186.html
*** Xen Security Advisory CVE-2016-7092 / XSA-185 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-185.html
*** Citrix XenServer Multiple Security Updates ***
---------------------------------------------
A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious privileged code running within a guest VM to compromise the host.
---------------------------------------------
https://support.citrix.com/article/CTX216071
*** IBM Security Bulletin: A security vulnerability for cross-site scripting affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-2986) ***
---------------------------------------------
This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ..
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21989940
*** IBM Security Bulletin: A vulnerability in PostgreSQL affects IBM Security Access Manager version 9 (CVE-2016-0773) ***
---------------------------------------------
IBM Security Access Manager version 9 appliances are affected by a vulnerability in postgreSQL. CVE(s): CVE-2016-0773 Affected product(s) and affected version(s): IBM ..
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21989543
*** Urheberrecht: Datenpanne bei Abmahnsoftware ***
---------------------------------------------
Eine Kanzlei, die gegen unrechtmäßige Nutzung von Fotos vorgeht, nutzt offenbar Software, die nachlässig konfiguriert ist. Unberechtigte Nutzer konnten Daten zu Mandaten und Abmahnungen einsehen.
---------------------------------------------
http://www.golem.de/news/urheberrechte-datenpanne-bei-abmahnkanzlei-1609-12…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 06-09-2016 18:00 − Mittwoch 07-09-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Cleaning the Wp-Page Pharma Hack in WordPress ***
---------------------------------------------
Pharma hacks are common website infections categorized under SEO spam. With pharma hacks, the attacker exploits vulnerable websites to distribute pharmaceutical advertisements to visitors. Symptoms of a pharma hack include embedded links and anchor text on pages or modified listings in Search Engine Results Pages (SERPs). These attacks most often target search engines like Google...
---------------------------------------------
https://blog.sucuri.net/2016/09/cleaning-the-wp-page-pharma-hack-in-wordpre…
*** How to Set Up Your Own Malware Trap, (Tue, Sep 6th) ***
---------------------------------------------
I am sure what you really want is more malware ;-). But a few people asked for tricks to collect malware.Malware can be useful for a number of reasons: First of all, you could extract indicators of compromise from malware using various more or less automated methods. In addition, it is a good idea to keep an eye on what your users may be seeing, in particular if they receive e-mail from sources other then your corporate e-mail system. Sadly, many corporations these days switch to cloud...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21447&rss
*** Google stopft letzte QuadRooter-Lücken in Android ***
---------------------------------------------
Im Rahmen seines allmonatliche Android-Patches stopft Google 47 Sicherheitslücken im Betriebssystem. Sieben der Lücken gelten als kritisch.
---------------------------------------------
http://heise.de/-3315023
*** Ungepatchte Lücken in Load-Balancern von Fortinet ***
---------------------------------------------
Fortinet hat mit einem Update eine Sicherheitslücke in seinen Load-Balancern der FortiWAN-Serie geschlossen. Andere Lücken scheinen davon aber unbenommen, was es Angreifern erlauben würde, Admin-Kommandos ohne entsprechende Rechte auszuführen.
---------------------------------------------
http://heise.de/-3315178
*** Keine Bestätigung persönlicher Daten bei Amazon erforderlich ***
---------------------------------------------
In einer Phishingmail schreiben Kriminelle, dass Amazon das Benutzerkonto von Empfänger/innen zeitweise eingefroren habe. Aus diesem Grund sollen Kund/innen ihre persönlichen Daten bestätigen. Dazu müssen sie einen Link aufrufen und Zugangsdaten auf einer Website bekannt geben. Das dürfen Nutzer/innen nicht tun!
---------------------------------------------
https://www.watchlist-internet.at/phishing/keine-bestaetigung-persoenlicher…
*** Back-dooring PE Files on Windows ***
---------------------------------------------
Introduction: Portable Executable (PE) files are very commonly used today. Many people download these files from the internet or get it from a friend and run it on their systems without realizing the dangers involved in running these kind of files. It is very easy to add malicious code to these files and have it...
---------------------------------------------
http://resources.infosecinstitute.com/back-dooring-pe-files-windows/
*** The Missing Piece - Sophisticated OS X Backdoor Discovered ***
---------------------------------------------
In a nutshell Backdoor.OSX.Mokes.a is the most recently discovered OS X variant of a cross-platform backdoor which is able to operate on all major operating systems (Windows,Linux,OS X). Please see also our analysis on the Windows and Linux variants.
---------------------------------------------
http://securelist.com/blog/research/75990/the-missing-piece-sophisticated-o…
*** A bite of Python ***
---------------------------------------------
Being easy to pick up and progress quickly towards developing larger and more complicated applications, Python is becoming increasingly ubiquitous in computing environments. Though apparent language clarity and friendliness could lull the vigilance of software engineers and system administrators -- luring them into coding mistakes that may have serious security implications. In this article, which primarily targets people who are new to Python, a handful of security-related quirks are looked...
---------------------------------------------
https://access.redhat.com/blogs/766093/posts/2592591
*** OUCH! 2016 Newsletter ***
---------------------------------------------
September 2016: Email Dos and Donts
---------------------------------------------
https://securingthehuman.sans.org/resources/newsletters/ouch/2016
*** WordPress 4.6.1 Security and Maintenance Release ***
---------------------------------------------
https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance…
*** FortiWAN Multiple Vulnerabilities ***
---------------------------------------------
FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities.CVE-2016-4965 FortiWAN Non-administrative authenticated user having access privileges to the nslookup functionality can perform OS command injection in the root user contextCVE-20...
---------------------------------------------
http://fortiguard.com/advisory/fortiwan-multiple-vulnerabilities
*** [R5] PHP < 5.6.21 Vulnerabilities Affect Tenable SecurityCenter ***
---------------------------------------------
http://www.tenable.com/security/tns-2016-09
*** TA16-250A: The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations ***
---------------------------------------------
Original release date: September 06, 2016 Systems Affected Network Infrastructure Devices Overview The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat levels place more demands on security personnel and network administrators to protect information systems. Protecting the network infrastructure is critical to preserve the confidentiality, integrity, and availability of communication and...
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA16-250A
*** Security Advisory: Expat XML parser vulnerability CVE-2012-6702 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/65/sol65460334.html?…
*** Security Advisory: FreeType vulnerabilities CVE-2014-9746 and CVE-2014-9747 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/52/sol52439336.html?…
*** Bugtraq: Infoblox Cross-site scripting vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539367
*** Bugtraq: [CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539366
*** BMC BladeLogic Server Automation For Linux 8.7 Directory Dump ***
---------------------------------------------
Topic: BMC BladeLogic Server Automation For Linux 8.7 Directory Dump Risk: Medium Text:Title: Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation Affected Software: BMC Bla...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016090036
*** VU#282991: DEXIS Imaging Suite 10 contains hard-coded credentials ***
---------------------------------------------
Vulnerability Note VU#282991 DEXIS Imaging Suite 10 contains hard-coded credentials Original Release date: 07 Sep 2016 | Last revised: 07 Sep 2016 Overview DEXIS is a dental x-ray imaging software that manages patient records. DEXIS Imaging Suite 10 contains several hard-coded credentials allowing administrative or root access to the patient database. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6532 DEXIS Imaging Suite 10 contains several hard-coded database credentials...
---------------------------------------------
http://www.kb.cert.org/vuls/id/282991
*** VU#548399: Dentsply Sirona SchickTech CDR contains multiple hard-coded credentials ***
---------------------------------------------
Vulnerability Note VU#548399 Dentsply Sirona SchickTech CDR contains multiple hard-coded credentials Original Release date: 06 Sep 2016 | Last revised: 06 Sep 2016 Overview The Dentsply Sirona ShickTech CDR DICOM is software for managing medical dental records. CDR DICOM contains several hard-coded credentials allowing administrative or root access. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6530 ShickTech CDR DICOM version 5 and below contains several hard-coded database...
---------------------------------------------
http://www.kb.cert.org/vuls/id/548399
*** VU#619767: Open Dental contains hard-coded credentials ***
---------------------------------------------
Vulnerability Note VU#619767 Open Dental contains hard-coded credentials Original Release date: 06 Sep 2016 | Last revised: 06 Sep 2016 Overview Open Dental is a medical dental records management software. Open Dental contains hard-coded default credentials allowing administrative or root access to the patient database. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6531Open Dental contains a hard-coded default database credential. An unauthenticated remote attacker with...
---------------------------------------------
http://www.kb.cert.org/vuls/id/619767
*** VU#548399: Dentsply Sirona CDR DICOM contains multiple hard-coded credentials ***
---------------------------------------------
Vulnerability Note VU#548399 Dentsply Sirona CDR DICOM contains multiple hard-coded credentials Original Release date: 06 Sep 2016 | Last revised: 06 Sep 2016 Overview The Dentsply Sirona (previously known as Shick Technologies) CDR DICOM is software for managing medical dental records. CDR DICOM contains several hard-coded credentials allowing administrative or root access. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6530 Dentsply Sirona CDR DICOM version 5 and below...
---------------------------------------------
http://www.kb.cert.org/vuls/id/548399
*** Security Advisory - XML Bomb Vulnerability in AnyOffice ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160907-…
*** Security Advisory - Two Vulnerabilities in Huawei WS331a ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160907-…
*** Security Advisory - TCP Connection Hijack Vulnerability ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160907-…
*** Security Advisory - Information Leak Vulnerability in Certain Huawei Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2015/hw-455876
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in NTP affect AIX (CVE-2015-7974, CVE-2016-1550, CVE-2016-1551, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, CVE-2016-1547, CVE-2016-4957, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955) ***
http://http://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc
---------------------------------------------
*** IBM Security Bulletin: Two vulnerabilities in libvirt affect PowerKVM (CVE-2015-5313, CVE-2016-5008) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024185
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024229
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the Apache HTTP Server affects PowerKVM (CVE-2016-5387) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024017
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a Pluggable Authentication Module (PAM) vulnerability (CVE-2013-7041) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024221
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Struts v2 affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-1181, CVE-2016-1182 ***
http://www.ibm.com/support/docview.wss?uid=swg21988638
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control and Tivoli Storage Productivity Center April 2016 CPU (CVE-2016-3426) ***
http://www.ibm.com/support/docview.wss?uid=swg21988636
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in libssh2 affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2016-0787) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099450
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Rational Team Concert with potential for Cross-Site Scripting attack (CVE-2016-0331) ***
http://www.ibm.com/support/docview.wss?uid=swg21989899
---------------------------------------------
*** IBM Security Bulletin: OpenSource Apache Taglibs vulnerability affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2015-0254 ***
http://www.ibm.com/support/docview.wss?uid=swg21988644
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in MD5 Signature and Hash Algorithm, glibc and OpenSSL affect IBM Netezza Firmware Diagnostics Tools ***
http://www-01.ibm.com/support/docview.wss?uid=swg21980965
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 05-09-2016 18:00 − Dienstag 06-09-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops ***
---------------------------------------------
Whaling attackers fall for poison PDF invoices HITB Florian Lukavsky hacks criminals profiting from out of control multi-billion dollar CEO wire transfer scams and they hate him for it.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/09/06/hacker_hack…
*** House of Keys: 9 Months later... 40% Worse ***
---------------------------------------------
In November 2015 SEC Consult released the results of our study on hardcoded cryptographic secrets in embedded systems. Its time to summarize what has happened since.To accomplish the mammoth task of informing about 50 different vendors and various ISPs we teamed up with CERT/CC (VU#566724). We would really like to report that our efforts were successful, but as it turns out the number of devices on the web using known private keys for HTTPS server certificates has gone up by 40% in the last...
---------------------------------------------
http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.h…
*** Too many Cisco ASA boxes still open to an EXTRABACON attack ***
---------------------------------------------
Among the Equation Group exploits leaked by the Shadow Brokers, the one named EXTRABACON that targets Cisco ASA devices got the most attention from security researchers and attackers. It has been demonstrated that the original exploit can be easily modified to work on more recent versions of the Cisco ASA SSL VPN appliances, and researchers armed with honeypots noted that exploitation attempts started soon after the leak. You would think that news like this would...
---------------------------------------------
https://www.helpnetsecurity.com/2016/09/06/cisco-asa-still-open-extrabacon/
*** Digital Forensics According to the FORZA Model and Diamond Model for Intrusion Analysis ***
---------------------------------------------
The Bridge on the River Forza We can teach these barbarians a lesson in Western methods and efficiency that will put them to shame. -Colonel Nicholson (The Bridge on the River Kwai, 1957) Efficiency. Something we look to implement in everything we do, whether that be through the elimination of waste through Six Sigma, or other frameworks and methodologies, efficiency is what we strive for. When performing digital forensics, efficiency and rigor in our approach to ensure no stone left...
---------------------------------------------
https://feeds.feedblitz.com/~/192237180/0/alienvault-blogs~Digital-Forensic…
*** How False Positives can ruin your day - and how to stop them ***
---------------------------------------------
False positives can seriously ruin your day, and can cost enterprises serious money. Highlighted by a recent example, we share some key tips on how to mitigate false alerts.
---------------------------------------------
https://www.htbridge.com/blog/how-false-positives-can-ruin-your-day-and-how…
*** A week in security (Aug 28 - Sep 03) ***
---------------------------------------------
A compilation of notable security news and blog posts from August 28th to September 3rd. This week, we talked about browser-based fingerprinting; what was going on with the Mac app, Transmission; and a tech support scam that banked on an iPad error popping up on Windows systems.Categories: Security world Week in securityTags: recapweekly blog roundup(Read more...)
---------------------------------------------
https://blog.malwarebytes.com/security-world/2016/09/a-week-in-security-aug…
*** [2016-09-06] Private key for browser-trusted certificate embedded in multiple Aruba Networks / Alcatel-Lucent products ***
---------------------------------------------
A browser-trusted certificate including its private key is embedded in the firmware of several Aruba Networks/Alcatel-Lucent products. The certificate is used for providing user access to a captive portal via HTTPS as well as EAP connections for WPA2-Enterprise clients. An attacker can use this vulnerability to impersonate a captive portal or Wi-Fi AP and gain access to sensitive information.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016…
*** SSA-630413 (Last Update 2016-09-05): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413…
*** ArcServe UDP - Unquoted Service Path Privilege Escalation ***
---------------------------------------------
Topic: ArcServe UDP - Unquoted Service Path Privilege Escalation Risk: High Text:Title: ArcServe UDP - Unquoted Service Path Privilege Escalation CWE Class: CWE-427: Uncontrolled Search Path Element Date: 0...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016090024
*** ArcServe UDP - Download Manager/Setup - DLL Hijacking ***
---------------------------------------------
Topic: ArcServe UDP - Download Manager/Setup - DLL Hijacking Risk: Medium Text:Title: ArcServe UDP - Download Manager/Setup - DLL Hijacking CWE Class: CWE-427: Uncontrolled Search Path Element Date: 04/09...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016090030
*** ArcServe UDP - HTTP Installation MiTM ***
---------------------------------------------
Topic: ArcServe UDP - HTTP Installation MiTM Risk: Low Text:Title: ArcServe UDP - MiTM CWE Class: CWE-300: Channel Accessible by Non-Endpoint (Man-in-the-Middle) | CWE-319: Cleartext T...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016090029
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Network Security Services (NSS) affects the IBM FlashSystem model V9000 (CVE-2016-1978) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009104
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2016-1978) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009103
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Network Security Services (NSS) affects the IBM FlashSystem model V840 (CVE-2016-1978) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009102
---------------------------------------------
*** IBM Security Bulletin: BigInsights is affected by a vulnerability in DB2 (CVE-2014-0919, CVE-2016-0211) ***
http://www.ibm.com/support/docview.wss?uid=swg21987604
---------------------------------------------
*** IBM Security Bulletin: IBM Forms Viewer may be affected by an Apache Xerces-C XML Parser library vulnerability (CVE-2016-0729) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21988714
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in OpenSSL affects the IBM FlashSystem model V840 (CVE-2016-2107) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009106
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in OpenSSL affects the IBM FlashSystem models 840 and 900 (CVE-2016-2107) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009105
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 02-09-2016 18:00 − Montag 05-09-2016 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
*** DNS tunneling threat drills into nearly half of networks tested ***
---------------------------------------------
InfoBloxs new report showed nearly half of all networks tested to show signs of DNS tunnelling
---------------------------------------------
http://www.scmagazine.com/dns-tunneling-threat-drills-into-nearly-half-of-n…
*** Android Patch Fixes Nexus 5X Critical Vulnerability ***
---------------------------------------------
Google patched an undocumented vulnerability that allowed attackers to bypass Nexus 5X devices lock screen via a forced memory dump that exposed the device owners password.
---------------------------------------------
http://threatpost.com/android-patch-fixes-nexus-5x-critical-vulnerability/1…
*** Cisco IOS Software Point-to-Point Tunneling Protocol Server Information Disclosure Vulnerability ***
---------------------------------------------
A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) server functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to access data from a packet buffer that was previously ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Sundown EK – Stealing Its Way to the Top ***
---------------------------------------------
Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming exploit kits before it, this means that it is in under constant development. With ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Sundown-EK-%e2%80%93-St…
*** Mailman Access Control Flaw in User Options Page Lets Remote Users Conduct Cross-Site Request Forgery Attacks ***
---------------------------------------------
Mailman Access Control Flaw in User Options Page Lets Remote Users Conduct Cross-Site Request Forgery Attacks
---------------------------------------------
http://www.securitytracker.com/id/1036728
*** ‘Flash Hijacks’ Add New Twist to Muggings ***
---------------------------------------------
A frequent crime in Brazil is a scheme in which thieves kidnap people as theyre leaving a bank, and free them only after theyve visited a number of ATMs to withdraw ..
---------------------------------------------
http://krebsonsecurity.com/2016/09/flash-hijacks-add-new-twist-to-muggings/
*** Telnet is not dead – at least not on ‘smart’ devices ***
---------------------------------------------
Depending on your age, you either might or might not have used Telnet to connect to remote computers in the past. But ..
---------------------------------------------
http://en.blog.nic.cz/2016/09/01/telnet-is-not-dead-at-least-not-on-smart-d…
*** "Wenn Ihre Daten in der Cloud sind, hat sie auch die NSA" ***
---------------------------------------------
Der Kryptologe Bart Preneel im futurezone-Interview über Verschlüsselung in der Nach-Snowden-Ära, Hintertüren und Quantenkryptographie.
---------------------------------------------
https://futurezone.at/science/wenn-ihre-daten-in-der-cloud-sind-hat-sie-auc…
*** Microsoft thought of the children and decided to ban some browsers ***
---------------------------------------------
Redmonds Family Settings now block browsers-without-filters by default, but which ones? Microsoft has updated its family filters to block some rival ..
---------------------------------------------
www.theregister.co.uk/2016/09/05/microsoft_thought_of_the_children_and_deci…
*** Hintergrund: Analysiert: Ransomware meets Info-Stealer - RAA und das diebische Pony, Teil II ***
---------------------------------------------
Wie diese Analysiert:-Folge enthüllt, weist die scheinbar perfekte Verschlüsselung des RAA-Trojaners doch Lücken auf. Auch der von RAA gestartete Passwort-Dieb kann sich mit seinen Anti-Debugging-Tricks der Analyse nicht entziehen.
---------------------------------------------
http://heise.de/-3303401
*** Fake attacks by insiders to fool companies ***
---------------------------------------------
Famous cybercrime groups and hacktivists “brands” may be a smokescreen to cover sophisticated insider attacks.
---------------------------------------------
https://www.htbridge.com/blog/fake-attacks-by-insiders-to-fool-companies.ht…
*** Security Advisory - Information Leak Vulnerability in Huawei eSpace IAD ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160905-…
*** Security Advisory - Multiple Security Vulnerabilities in Huawei HiSuite ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160905-…
*** BKA geht mit SOKO Clavis gegen Ransomware vor ***
---------------------------------------------
Nachdem sich in den vergangenen Wochen die Fälle häufen, will das Bundeskriminalamt nun gezielt gegen Ransomware vorgehen. Eine SOKO soll die Täter ausfindig machen.
---------------------------------------------
https://futurezone.at/netzpolitik/bka-geht-mit-soko-clavis-gegen-ransomware…
*** Sophos Windows users face black screens after false positive snafu ***
---------------------------------------------
Black is the new BSOD Users of Sophos’s security software were confronted with a black screen on starting up ..
---------------------------------------------
www.theregister.co.uk/2016/09/05/sophos_black_screen_snafu/
*** Vuln: Inspircd SSL Certificate Spoofing Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/92737
*** Totgesagte leben länger: Adobe poliert NPAPI-Flash auf Linux auf ***
---------------------------------------------
Entgegen so manch einem Meinungsartikel ist Flash noch lange nicht am Ende. Das muss wohl auch Adobe einsehen und frischt nun die veraltete NPAPI-Version unter Linux auf.
---------------------------------------------
http://heise.de/-3314084
*** 800.000 Klartext-Passwörter der Pornoseite Brazzers veröffentlicht ***
---------------------------------------------
Wieder ist ein großer Hack mit kopierten Nutzerdaten bekannt geworden und wieder scheint der Einbruch in die Server 2012 stattgefunden zu haben.
---------------------------------------------
http://heise.de/-3314087
*** Malware Delivered via .pub Files ***
---------------------------------------------
While searching for new scenarios to deliver their malwares[1][2], attackers launched a campaignto deliver malicious code embedded in Microsoft Publisher[3] (.pub) files. The ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21443
*** Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems ***
---------------------------------------------
The Trend Micro Forward Looking Threat Research team recently obtained samples of a new rootkit family from one of our trusted partners. We are providing a ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-u…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 01-09-2016 18:00 − Freitag 02-09-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs ***
---------------------------------------------
http://threatpost.com/chrome-53-fixes-address-spoofing-vulnerability-32-oth…
*** Insecure Redis Instances at Core of Attacks Against Linux Servers ***
---------------------------------------------
Attackers are targeting insecure Redis instances, exposed to the internet, to access Linux servers and delete web files and folders in exchange for ransom.
---------------------------------------------
http://threatpost.com/insecure-redis-instances-at-core-of-attacks-against-l…
*** Security Update 2016-001 El Capitan and Security Update 2016-005 Yosemite ***
---------------------------------------------
https://support.apple.com/kb/HT207130
*** Safari 9.1.3 ***
---------------------------------------------
https://support.apple.com/kb/HT207131
*** IoT Home Router Botnet Leveraged in Large DDoS Attack ***
---------------------------------------------
We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is being distributed ..
---------------------------------------------
https://blog.sucuri.net/2016/09/iot-home-router-botnet-leveraged-in-large-d…
*** Wenn die Physik zur Sicherheitslücke wird ***
---------------------------------------------
Bei der Sicherheitskonferenz Usenix haben Hacker neue Möglichkeiten demonstriert, Systeme mit Angriffen auf die Hardware zu manipulieren.
---------------------------------------------
https://futurezone.at/science/wenn-die-physik-zur-sicherheitsluecke-wird/21…
*** DSA-3658 libidn - security update ***
---------------------------------------------
Hanno Boeck discovered multiple vulnerabilities in libidn, the GNUlibrary for Internationalized Domain Names (IDNs), allowing a remoteattacker to cause a denial of service against an application using thelibidn library (application crash).
---------------------------------------------
https://www.debian.org/security/2016/dsa-3658
*** Mutmaßlicher Angreifer auf Web-Infrastruktur des Linux Kernels festgenommen ***
---------------------------------------------
In den USA ist ein Hacker festgenommen worden, der für Angriffe auf die Linux Foundation und die Webseite kernel.org verantwortlich sein soll. Dabei handelt es sich wohl um den einschlägig bekannten Angriff von 2011.
---------------------------------------------
http://heise.de/-3312595
*** Over 40 million usernames, passwords from 2012 breach of Last.fm surface ***
---------------------------------------------
While Last.fm informed users in 2012, passwords were easily cracked.
---------------------------------------------
http://arstechnica.com/security/2016/09/over-40-million-usernames-passwords…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 31-08-2016 18:00 − Donnerstag 01-09-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** There are really only two effectively distinct settings for the UAC slider ***
---------------------------------------------
Theres a control panel that lets you specify how often you want to be prompted by UAC. You can set any of four levels: ... Although it looks like there are four settings, in a theoretical sense, there really are only two settings.
---------------------------------------------
https://blogs.msdn.microsoft.com/oldnewthing/20160816-00/?p=94105
*** Flag - Moderately Critical - Access Bypass - SA-CONTRIB-2016-050 ***
---------------------------------------------
https://www.drupal.org/node/2793115
*** So much for counter-phishing training: Half of people click anything sent to them ***
---------------------------------------------
Even people who claimed to be aware of risks clicked out of curiosity.
---------------------------------------------
http://arstechnica.com/security/2016/08/researchers-demonstrate-half-of-peo…
*** New Version of Cerber Ransomware Distributed via Malvertising ***
---------------------------------------------
Crber has become one of the most notorious and popular ransomware families to date. It now has a new variant that, while superficially similar to earlier variants, ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/new-version-cerb…
*** MMD-0056-2016 - Linux/Mirai, how an old ELF malcode is recycled.. ***
---------------------------------------------
Background From August 4th 2016 several sysadmin friends were starting to upload this malware files to our dropbox. The samples warent easy to retrieve, so there are good ones and also some broken ones, I listed in this post for the good ones. This threat is made by the ELF trojan backdoor, the ..
---------------------------------------------
http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html
*** Maxmind.com (Ab)used As Anti-Analysis Technique ***
---------------------------------------------
A long time ago I wrote a diary[1] about malware samples which use online geolocalization services. Such services are used to target only specific victims. If the malware detects that it is executed from a specific area, it just stops. This ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21435
*** Breaching a CA – Blind Cross-site Scripting (BXSS) in the GeoTrust SSL Operations Panel Using XSS Hunter ***
---------------------------------------------
This is a continuation of a series of blog posts which will cover blind cross-site scripting (XSS) and its impact on the internal systems which suffer from it. Previously, ..
---------------------------------------------
https://thehackerblog.com/breaching-a-ca-blind-cross-site-scripting-bxss-in…
*** Spotify: Einfach mal Passwörter ändern ***
---------------------------------------------
Schon wieder neue Passwörter: Einige Kunden von Spotify sollen sie als Vorsichtsmaßnahme ändern, der Hintergrund bleibt vage. Auch nach welchen Kriterien die Kunden ausgewählt wurden, ist nicht bekannt.
---------------------------------------------
http://www.golem.de/news/spotify-einfach-mal-passwoerter-aendern-1609-12301…
*** Bundeskriminalamt warnt vor Erpressungs-Trojaner in falschen Bewerbungsmails ***
---------------------------------------------
Computer wird verschlüsselt und Lösegeld gefordert
---------------------------------------------
http://derstandard.at/2000043687916
*** Unix: OpenBSD 6.0 erzwingt W^X für das Basissystem ***
---------------------------------------------
Das OpenBSD-Projekt sichert sein Basissystem ab, indem der genutzte Speicher entweder beschreibbar oder ausführbar (W^X) ist. Zudem verzichtet das Team auf VAX- und Linux-Support, hat aber die ARMv7-Unterstützung erweitert.
---------------------------------------------
http://www.golem.de/news/unix-openbsd-6-0-erzwingt-w-x-fuer-das-basissystem…
*** Darknet: Festnahme nach Drogenrazzia bei Chemical-Love-Kunden ***
---------------------------------------------
Bei einer bundesweiten Razzia konnten Ermittler größere Mengen Drogen sicherstellen, die die Verdächtigen zuvor im Darknet gekauft haben sollen. Die Beschuldigten sollen als Händler tätig gewesen sein.
---------------------------------------------
http://www.golem.de/news/darknet-festnahme-nach-drogenrazzia-bei-chemical-l…
*** Retefe-Trojaner in gefälschten Rechnungen ***
---------------------------------------------
In E-Mailpostfachen finden sich Nachrichten mit dem Betreff „Ihre Zahlung 631 EUR“, „167 EUR Bestellung“, „33 EUR Zahlung“ oder „81 EUR Rechnung“. Sie stammen angeblich von der ..
---------------------------------------------
https://www.watchlist-internet.at/gefaelschte-rechnungen/retefe-trojaner-in…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 30-08-2016 18:00 − Mittwoch 31-08-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Security Bulletin Posted for ColdFusion (APSB16-30) ***
---------------------------------------------
Adobe has published a Security Bulletin (APSB16-30) announcing the availability of hotfixes for ColdFusion versions 11 and 10. These hotfixes resolve a critical vulnerability ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1395
*** Inside the Demise of the Angler Exploit Kit ***
---------------------------------------------
Researchers at Kaspersky Lab today confirmed that the cybercriminals behind the Lurk Trojan were also responsible for the development and distribution of ..
---------------------------------------------
http://threatpost.com/inside-the-demise-of-the-angler-exploit-kit/120222/
*** BASHLITE Family Of Malware Infects 1 Million IoT Devices ***
---------------------------------------------
Over 1 million consumer web-connected video cameras and DVRs have have become the slaves to botnet herders that use the devices for DDoS and phishing attacks.
---------------------------------------------
http://threatpost.com/bashlite-family-of-malware-infects-1-million-iot-devi…
*** Ask Sucuri: How Modern Web Phishing Works ***
---------------------------------------------
Most of us have experienced some kind of phishing attempt in our online lives, and we have seen phishing grow in complexity. Usually, we notice that the login pages are ..
---------------------------------------------
https://blog.sucuri.net/2016/08/modern-web-phishing-works.html
*** Ursnif: Deep Technical Dive ***
---------------------------------------------
While attack tools around the world are stealthy and stay under the radar, we at Seculert examine many different malicious tools. This is done in order to stay at least one step ahead of the attackers, and improve our advanced analytics technology to detect their artistic evasive techniques.
---------------------------------------------
http://www.seculert.com/blogs/ursnif-deep-technical-dive
*** Das Ziel seien Banken: DDoS‑Erpresser fordern “nur” 1 Bitcoin und drohen Verschlüsselung an ***
---------------------------------------------
Die aktuelle Gruppe nennt sich „HACKER TEAM – Armada Collective“. Die Kriminellen haben laut Link11 mehreren ..
---------------------------------------------
http://www.it-finanzmagazin.de/ernstzunehmende-ddos-erpresser-fordern-nur-1…
*** Adobe stopft ColdFusion-Lücken vor dem Patchday ***
---------------------------------------------
Gut zwei Wochen vor dem regulären Patchday der Firma schließt Adobe zwei Lücken im Web-Application-Server ColdFusion. Das deutet darauf hin, dass Admins die Patches schnell einspielen sollten.
---------------------------------------------
http://heise.de/-3309658
*** Blockchain-Technologie: Ein Drittel aller Bitcoin-Börsen wurde gehackt ***
---------------------------------------------
Wie sicher sind Bitcoin bei Online-Börsen? Nicht besonders, wenn man einer aktuellen Studie Glauben schenkt. Demnach ..
---------------------------------------------
http://www.golem.de/news/blockchain-technologie-ein-drittel-aller-bitcoin-b…
*** [2016-08-31] Manipulation of pre-boot authentication in CryptWare CryptoPro Secure Disk for Bitlocker ***
---------------------------------------------
CryptoPro Secure Disk for Bitlocker contains multiple vulnerabilities which can be used by an attacker to manipulate the PBA (pre-boot authentication). This allows ..
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016…
*** DSA-3657 libarchive - security update ***
---------------------------------------------
Hanno Boeck and Marcin Noga discovered multiple vulnerabilities inlibarchive; processing malformed archives may result in denial ofservice or the execution of arbitrary code.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3657
*** Dropbox-Hack: Seit 2012 rund 68 Millionen Passwörter im Netz ***
---------------------------------------------
Datenbank konnte offenbar wegen LinkedIn-Hack gestohlen werden, wo Dropbox-Mitarbeiter gleiches Passwort nutzte
---------------------------------------------
http://derstandard.at/2000043625840
*** Swift spricht von weiteren Hackerattacken auf Banken ***
---------------------------------------------
http://derstandard.at/2000043626250
*** BitTorrent-Client Transmission brachte erneut Malware auf Macs ***
---------------------------------------------
Zum zweiten Mal konnten sich Nutzer durch den Download der populären BitTorrent-App Malware auf ihrem Mac ..
---------------------------------------------
http://heise.de/-3310446
*** Sicherheitslücken in Defibrillatoren: Investmentfirma spekulierte mit Hersteller-Börsenkurs ***
---------------------------------------------
Ein schwerer Vorwurf: Eine Sicherheitsfirma soll ein potenziell lebensbedrohliche Sicherheitslücken aufgebauscht und an eine Investmentfirma verraten haben, um dann an der Börse Geld zu scheffeln.
---------------------------------------------
http://heise.de/-3309906
*** Zertifizierungsstelle: Wosign stellt unberechtigtes Zertifikat für Github aus ***
---------------------------------------------
Eine ganze Reihe von Vorfällen bringt die Zertifizierungsstelle Wosign in Erklärungsnot. Verschiedene Sicherheitslücken ermöglichten die unberechtigte Ausstellung von ..
---------------------------------------------
http://www.golem.de/news/zertifizierungsstelle-wosign-stellt-unberechtigtes…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 29-08-2016 18:00 − Dienstag 30-08-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Browser-based fingerprinting: implications and mitigations ***
---------------------------------------------
This post covers the information disclosure bugs in Internet Explorer and Edge that we sometimes refer to as fingerprinting. We review past ..
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/exploits/2016/08/browser-based-fin…
*** Double-click me not: Malicious proxy settings in OLE Embedded Script ***
---------------------------------------------
Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigations investments in ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/08/29/double-click-me-not-mal…
*** Hintergrund: Analysiert: Ransomware meets Info-Stealer - RAA und das diebische Pony ***
---------------------------------------------
Im Rahmen unserer Analysiert:-Serie geht es diesmal einem Erpressungs-Trojaner an den Code: Olivia von Westernhagen untersucht den in JavaScript realisierte RAA-Trojaner, der gleich auch noch eine Passwort-Klau-Malware im Gepäck hat.
---------------------------------------------
http://heise.de/-3303113
*** Skurriles Motiv für Cyberangriff auf Präsidenten-Website in Sri Lanka ***
---------------------------------------------
17 Jahre alter Angreifer forderte Verschiebung der Abiturprüfungen
---------------------------------------------
http://derstandard.at/2000043545769
*** Linux-Paketmanager: RPM-Entwicklung verläuft chaotisch ***
---------------------------------------------
Unser Autor hat versucht, potenzielle Sicherheitslücken im Paketmanager RPM zu melden, der von Red Hat, Suse und weiteren Linux-Distributionen genutzt wird. Doch das war gar ..
---------------------------------------------
http://www.golem.de/news/linux-paketmanager-rpm-entwicklung-verlaeuft-chaot…
*** The Hunt for Lurk ***
---------------------------------------------
In June, 2016, the Russian police arrested the alleged members of the criminal group known as Lurk. The police suspected Lurk of stealing nearly three billion rubles. The story of Lurk gives some idea of the amount of work that has to be done to obtain enough evidence to arrest and prosecute suspects.
---------------------------------------------
http://securelist.com/analysis/publications/75944/the-hunt-for-lurk/
*** Ripper: Geldautomaten-Malware gibt bis zu 40 Scheine aus ***
---------------------------------------------
Sicherheitsforscher haben eine Schadsoftware entdeckt, die Geldautomaten gleich dreier Hersteller infizieren soll. Vieles deutet daraufhin, dass Kriminelle mit Hilfe der Malware in Thailand Geld im Wert von mehr als 300.000 Euro entwenden konnten.
---------------------------------------------
http://www.golem.de/news/ripper-geldautomaten-malware-gibt-bis-zu-40-schein…
*** Linux servers hit with FairWare ransomware – or is it just a scam? ***
---------------------------------------------
Users posting on Bleeping Computer’s forums have alerted the world to a new threat targeting Linux server admins: the FairWare ransomware. Whether the ransomware actually ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/08/30/linux-fairware-ransomware/
*** Sicherheit implantierbarer Medizintechnik: Herzschrittmacher von St. Jude Medical sollen hackbar sein ***
---------------------------------------------
Streit mit harten Bandagen: Der US-amerikanische Medizingerätehersteller St. Jude Medical zofft sich mit dem Sicherheitsspezialisten MedSec und der Investmentfirma Muddy Waters Capital über die Sicherheit von lebenswichtigen Geräten.
---------------------------------------------
http://heise.de/-3307510
*** 71,000 Minecraft World Map accounts leaked online after hack ***
---------------------------------------------
Dumped creds have been exposed since January Some 71,000 user accounts and IP addresses have been leaked from Minecraft fan website Minecraft World Map.
---------------------------------------------
www.theregister.co.uk/2016/08/30/71000_minecraft_world_map_accounts_leak/
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 26-08-2016 18:00 − Montag 29-08-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** VMSA-2016-0007.2 ***
---------------------------------------------
VMware NSX and vCNS product updates address a critical information disclosure vulnerability
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0007.html
*** Another Day - Another Ransomware Sample ***
---------------------------------------------
Catching ransomware is pretty easy these days. I setup a procmail filter that will extract all e-mails with compressed JavaScript attachments. Whatever is ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21413
*** QNAP QTS Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Overwrite Arbitrary Files, and Inject Commands ***
---------------------------------------------
http://www.securitytracker.com/id/1036699
*** Tips for Securing SSL Renegotiation ***
---------------------------------------------
A number of Internet connections require SSL renegotiation, a Secure Sockets Layer/Transport ..
---------------------------------------------
https://blogs.mcafee.com/mcafee-labs/tips-securing-ssl-renegotiation/
*** Amazon: Gehackte Händlerkonten locken mit Schnäppchen ***
---------------------------------------------
Bei besonders günstigen Artikeln im Amazon Marketplace versuchen die vermeintlichen Händler die Kaufabwicklung außerhalb des Shops vorzunehmen.
---------------------------------------------
http://futurezone.at/digital-life/amazon-gehackte-haendlerkonten-locken-mit…
*** Dropbox setzt Passwörter aus dem Jahr 2012 und davor zurück ***
---------------------------------------------
Der Cloud-Speicher-Dienst fordert aktuell einige Nutzer dazu auf, ihr Dropbox-Kennwort zurückzusetzen und neu zu vergeben. Hintergrund ist ein Datenleck aus dem Jahr 2012.
---------------------------------------------
http://heise.de/-3306240
*** Cybercriminals Select Insiders To Attack Telecom Providers ***
---------------------------------------------
An anonymous reader quotes a report from Help Net Security: Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, according to Kaspersky Lab. In addition, these ..
---------------------------------------------
https://tech.slashdot.org/story/16/08/27/0739204/cybercriminals-select-insi…
*** Opera warns Opera Sync users of possible security breach ***
---------------------------------------------
The Norwegian company warned the users that the Opera Sync service of a possible security breach that might have exposed their data. On Friday, Opera, published ..
---------------------------------------------
http://securityaffairs.co/wordpress/50690/data-breach/opera-sync-security-b…
*** Observatory: Mozilla bietet Sicherheitscheck für Websites ***
---------------------------------------------
Wie sicher ist die eigene Internetseite? Der Test mit einem neuen Tool von Browserhersteller Mozilla könnte für viele Betreiber ernüchternd sein.
---------------------------------------------
http://www.golem.de/news/observatory-mozilla-bietet-sicherheitscheck-fuer-w…
*** Ransomware: Trojaner Fantom gaukelt kritisches Windows-Update vor ***
---------------------------------------------
Ein Windows-Update wiegt die Nutzer in Sicherheit, haben sich die Hersteller des Erpressungstrojaners Fantom wohl gedacht. In diesem Fall ist jedoch besondere Vorsicht geboten.
---------------------------------------------
http://www.golem.de/news/ransomware-trojaner-fantom-gaukelt-kritisches-wind…
*** Exploits: Treiber der Android-Hersteller verursachen Kernel-Lücken ***
---------------------------------------------
Die Zahl der Angriffe auf den Linux-Kernel in Android wächst sehr stark. Der mit Abstand größte Teil der bekannten Sicherheitslücken findet sich dabei in den Gerätetreibern der Hersteller, die mit der Kernel-Pflege offenbar überfordert sind.
---------------------------------------------
http://www.golem.de/news/exploits-treiber-der-android-hersteller-verursache…
*** Wartungsarbeiten Donnerstag, 1. 9. 2016, nachmittags ***
---------------------------------------------
Am Donnerstag, 1. September 2016, werden wir ab etwa 13h notwendige Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu keinen Ausfällen der extern ..
---------------------------------------------
http://www.cert.at/services/blog/20160829150342-1783.html
*** l+f: Passwort-Safe mit Löchern ***
---------------------------------------------
Googles Security Crack Tavis Ormandy nimmt sich nach der Anitviren-Software jetzt Passwort-Safes zur Brust -- mit ähnlich erschreckenden Resultaten.
---------------------------------------------
http://heise.de/-3306993
*** ZDI-16-497: Apple OS X AppleHDA Buffer Overflow Privilege Escalation Vulnerability ***
---------------------------------------------
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-497/
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 25-08-2016 18:00 − Freitag 26-08-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** OpenSSL schützt vor Sweet32-Attacke und tanzt ChaCha20 ***
---------------------------------------------
Version 1.1.0 mistet alte, unsichere Krypto-Verfahren aus und unterstützt dafür modernere wie ChaCha20. Das Update stoppt zudem die Sweet32-Attacke auf SSL/TLS und OpenVPN.
---------------------------------------------
http://heise.de/-3305647
*** Hintergrund: Die iOS-Spyware Pegasus - eine Bestandsaufnahme ***
---------------------------------------------
Die Spionage-Software Pegasus erschüttert die iPhone-Welt. Wie kann ich mich schützen? Liegt das iOS-Sicherheitskonzept in Schutt und Asche? Ist das das Ende? Eine Analyse der bekannten Fakten schafft Klarheit.
---------------------------------------------
http://heise.de/-3305780
*** What's The Deal With Machine Learning? ***
---------------------------------------------
We've recently received quite a few questions regarding the use of machine learning techniques in cyber security. I figured it was time for a blog post. Interestingly, while I was writing this post, we got asked even more questions, so the timing couldn't be better. It seems that there are quite a few companies out...
---------------------------------------------
https://labsblog.f-secure.com/2016/08/26/whats-the-deal-with-machine-learni…
*** Floating Domains - Taking Over 20K DigitalOcean Domains via a Lax Domain Import System ***
---------------------------------------------
DigitalOcean is a cloud service provider similar to Amazon Web Services or Google Cloud. They offer cloud DNS hosting as one of their product lines - a nice guide on how to set up your domain to use their DNS can be found here. Take a moment to read it over and see if you can spot any potential issues with their domain name set up process.
---------------------------------------------
https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-dom…
*** 5 security practices hackers say make their lives harder ***
---------------------------------------------
Whether they identify as white hats, black hats or something in-between, a majority of hackers agree that no password is safe from them - or the government for that matter. Regardless of where they sit with respect to the law, hackers mostly agree that five key security measures can make it a lot harder to penetrate enterprise networks.At the Black Hat USA 2016 conference in Las Vegas earlier this month, Thycotic, a specialist in privileged account management (PAM) solutions, surveyed...
---------------------------------------------
http://www.cio.com/article/3112740/security/5-security-practices-hackers-sa…
*** iOS 9.3.5 ***
---------------------------------------------
This document describes the security content of iOS 9.3.5.
---------------------------------------------
https://support.apple.com/en-us/HT207107
*** F-Secure Policy Manager 12.00.67239 - Remote code execution by authenticated user ***
---------------------------------------------
The F-Secure Policy Manager client relies on Spring remoting to communicate with the server. Spring remoting uses Java serialization as transfer protocol. Spring internal mechanisms first deserialize before validating the deserialization class is authorized. That behavior leads to remote command execution if we are able to send objects present in the classpath that execute code when they are deserialized.
---------------------------------------------
https://remoteawesomethoughts.blogspot.com/2016/08/f-secure-policy-manager-…
*** PowerDNS Recursor 4.0.2 - Released August 26th 2016 ***
---------------------------------------------
This release fixes a regression in 4.x where CNAME records for DNSSEC signed domains were not sorted before the final answers, leading to some clients (notably some versions of Chrome) not being able to extract the required answer from the packet. [...] Further fixes and changes can be found below:...
---------------------------------------------
https://doc.powerdns.com/md/changelog/
*** VU#305607: Accellion Kiteworks contains multiple vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#305607 Accellion Kiteworks contains multiple vulnerabilities Original Release date: 26 Aug 2016 | Last revised: 26 Aug 2016 Overview The Accellion Kiteworks appliance prior to version kw2016.03.00 contains multiple vulnerabilities. Description CWE-276: Incorrect Default Permissions - CVE-2016-5662 The `/opt/bin/cli` script has setuid permissions by default, allowing an authenticated KiteWorks users to escalate privileges of commands to root. In practice, the user would...
---------------------------------------------
http://www.kb.cert.org/vuls/id/305607
*** AlienVault USM/OSSIM 5.2 conf/reload.php DOM-based XSS ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016080229
*** FreePBX 13.0.35 Remote command execution ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016080231
*** Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016080232
*** OpenBSD SMTP Processing Bug in rfc2822_parser_init() May Let Remote Users Bypass Security Restrictions on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1036691
*** DFN-CERT-2016-1391: OpenSSL: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen und Ausspähen von Informationen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1391/
*** OpenVPN Blowfish Cipher Block Collision Weakness Lets Remote Users Decrypt Data in Certain Cases ***
---------------------------------------------
http://www.securitytracker.com/id/1036695
*** DSA-3651 rails - security update ***
---------------------------------------------
Andrew Carpenter of Critical Juncture discovered a cross-site scriptingvulnerability affecting Action View in rails, a web applicationframework written in Ruby. Text declared as HTML safe will not havequotes escaped when used as attribute values in tag helpers.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3651
*** DSA-3654 quagga - security update ***
---------------------------------------------
Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routingdaemon.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3654
*** DSA-3653 flex - security update ***
---------------------------------------------
Alexander Sulfrian discovered a buffer overflow in theyy_get_next_buffer() function generated by Flex, which may result indenial of service and potentially the execution of code if operating ondata from untrusted sources.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3653
*** DSA-3652 imagemagick - security update ***
---------------------------------------------
This updates fixes many vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitisingmay result in denial of service or the execution of arbitrary code ifmalformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,PDB, DDS, DCM, EXIF, RGF or BMP files are processed.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3652