Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - Donnerstag 24-03-2016
by Daily end-of-shift report 24 Mar '16

24 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 23-03-2016 18:00 − Donnerstag 24-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** IBM Security Bulletin: IBM Forms Server vulnerability identified in Webform Server (CVE-2016-0223) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21977574 *** Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC5022 16Gb SAN and EN4023 10Gb Scalable Switches *** --------------------------------------------- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099273 *** Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for BladeCenter *** --------------------------------------------- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099272 *** Cisco Network Convergence System 6000 Series Routers SCP and SFTP Modules Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Zyxel MAX3XX Series Wimax CPEs Hardcoded Root Password *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016030135 *** Measuring SMTP STARTTLS Deployment Quality *** --------------------------------------------- At Yahoo, our users send and receive billions of emails everyday. We work to make Yahoo Mail easy to use, personalized, and secure for our hundreds of millions of users around the world. In line with our efforts to protect our users .. --------------------------------------------- https://yahoo-security.tumblr.com/post/141495385400/measuring-smtp-starttls… *** Kerberos Kadmind Null Pointer Dereference in process_db_args() Lets Remote Authenticated Users Execute Arbitrary Code on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1035399 *** CA Single Sign-On Agent Input Validation Flaws Let Remote Users Obtain Potentially Sensitive Information and Cause Denial of Service Conditions *** --------------------------------------------- http://www.securitytracker.com/id/1035389 *** Researchers find hole in SIP, Apple's newest protection feature *** --------------------------------------------- System Integrity Protection pwned Security researchers have discovered a vulnerability that creates a means for hackers to circumvent Apple's newest protection .. --------------------------------------------- www.theregister.co.uk/2016/03/24/macosx_security_bypass/ *** Nemucods CRYPTED Ransomware Can Be Neutralized with This Decrypter *** --------------------------------------------- Victims that had their computers locked by a ransomware that uses the CRYPTED file extension can now free their files using a special decrypter created by Emsisoft security .. --------------------------------------------- http://news.softpedia.com/news/nemucod-s-crypted-ransomware-can-be-neutrali… *** RCE flaw affects DVRs sold by over 70 different vendor *** --------------------------------------------- RSA security researcher Rotem Kerner has discovered a remote code execution vulnerability that affects digital video recorders (DVRs) sold by more than 70 different vendors around the world. --------------------------------------------- https://www.helpnetsecurity.com/2016/03/24/rce-flaw-dvrs-70-vendors/ *** Erpressungs-Trojaner Petya riegelt den gesamten Rechner ab *** --------------------------------------------- Eine neue Ransomware hat es aktuell auf deutschsprachige Windows-Nutzer abgesehen. Petya wird über Dropbox verteilt und manipuliert die Festplatte, wodurch das Betriebssystem nicht mehr ausgeführt werden kann. --------------------------------------------- http://www.heise.de/newsticker/meldung/Erpressungs-Trojaner-Petya-riegelt-d… *** VU#279472: Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities *** --------------------------------------------- http://www.kb.cert.org/vuls/id/279472 *** RedDoor: Erpresser drohen mit DDoS-Attacken auf deutsche Webseiten *** --------------------------------------------- Zahlt uns 3 Bitcoin oder wir legen eure Webseite lahm – mit dieser Drohung erpresst eine Gruppe gerade Firmen in Deutschland, Österreich und der Schweiz. Angeblich soll es sich dabei allerdings um einen Bluff handeln. --------------------------------------------- http://heise.de/-3151565 *** Emergency Java Patch Re-Issued for 2013 Vulnerability *** --------------------------------------------- Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. --------------------------------------------- http://threatpost.com/emergency-java-patch-re-issued-for-2013-vulnerability…

1 0

Tageszusammenfassung - Mittwoch 23-03-2016
by Daily end-of-shift report 23 Mar '16

23 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 22-03-2016 18:00 − Mittwoch 23-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** What was all that about a scary iMessage flaw? Your three-minute guide *** --------------------------------------------- On Sunday, we were warned that hackers could read our iMessages texts, photos and videos. Should I be worried? As it turns out: no. If youre even a little curious about cryptography and secure programming, though, it should interest and amuse you. --------------------------------------------- http://www.theregister.co.uk/2016/03/23/imessages_flaw_details/ *** Google publishes list of Certificate Authorities it doesnt trust *** --------------------------------------------- Thawte experiment aims to expose issuers of dodgy creds Googles announced another expansion to the security information offered in its transparency projects: its now going to track certificates you might not want to trust. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/03/23/google_now_… *** Abusing Oracles, (Wed, Mar 23rd) *** --------------------------------------------- No, no this has nothing to do with Oracle Corporation! This diary is about abusing encryption and decryption Oracles. First a bit of a background story. Most of the days I do web and mobile application penetration testing. While technical vulnerabilities, such as SQL Injection, XSS and similar are still commonly found, in last couple of years I would maybe dare to say that the Direct Object Reference (DOR) vulnerabilities have become prevalent. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20875&rss *** Libmcrypt - Incorrect S-Boxes for GOST cipher (2008, unfixed) *** --------------------------------------------- PHP just decided to abandon the trash fire that is libmcrypt. There were (are?) still other projects that use(d) it, so Im sharing this link in the interest of strongly encouraging projects to drop it like a lead balloon. This is far from the only problem with it ... --------------------------------------------- https://www.reddit.com/r/netsec/comments/4bl8xu/libmcrypt_incorrect_sboxes_… *** Microsoft Adds New Feature in Office 2016 That Can Block Macro Malware *** --------------------------------------------- Microsoft is finally addressing the elephant in the room in terms of security for Office users and has announced a new feature in the Office 2016 suite that will make it harder for attackers to exploit macro malware. ... Sysadmins can now block macros that connect to the Internet ... "This feature can be controlled via Group Policy and configured per application," Microsoft explains. "It enables enterprise administrators to block macros from running in Word, Excel and PowerPoint --------------------------------------------- http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-th… *** GroupWise 2014 R2 Hot Patch 1 - Windows Full Multilingual *** --------------------------------------------- Abstract: GroupWise 2014 R2 Hot Patch 1 has been released. Be aware that there are security fixes in this release. Please see the Security section for details. --------------------------------------------- https://download.novell.com/Download?buildid=AA7ZB93KAjc~ *** GroupWise 2014 R2 Hot Patch 1 - Windows Client Multilingual *** --------------------------------------------- Abstract: GroupWise 2014 R2 Hot Patch 1 has been released. Be aware that there are security fixes in this release. Please see the Security section for details. --------------------------------------------- https://download.novell.com/Download?buildid=dxd3rzvGvig~ *** GroupWise 2014 R2 Hot Patch 1 - Linux Full Multilingual *** --------------------------------------------- Abstract: GroupWise 2014 R2 Hot Patch 1 has been released. Be aware that there are security fixes in this release. Please see the Security section for details. --------------------------------------------- https://download.novell.com/Download?buildid=Wxix0_fCdmI~ *** sol51518670: Linux kernel vulnerability CVE-2015-2922 *** --------------------------------------------- The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. (CVE-2015-2922) --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/k/51/sol51518670.html *** F5 Security Advisory: Apache Tomcat 6.x vulnerabilities CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, and CVE-2016-0714 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/30/sol30971148.html?… --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** ZDI-16-210: IBM Informix portmap Service Privilege Escalation Vulnerability *** --------------------------------------------- This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- www.zerodayinitiative.com/advisories/ZDI-16-210/ *** ZDI-16-209: IBM Informix nsrexecd Service Privilege Escalation Vulnerability *** --------------------------------------------- This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-209/ *** ZDI-16-208: IBM Informix nsrd Service Privilege Escalation Vulnerability *** --------------------------------------------- This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-208/

1 0

Tageszusammenfassung - Dienstag 22-03-2016
by Daily end-of-shift report 22 Mar '16

22 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 21-03-2016 18:00 − Dienstag 22-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Moodle Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information and Bypass Security Restrictions and Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1035333 *** Libxml2 Memory Allocation Error in xmlStringGetNodeList() Lets Remote Users Consume Excessive Memory Resources *** --------------------------------------------- http://www.securitytracker.com/id/1035335 *** D-Link DWR-932 Authentication Bypass / Password Disclosure *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016030115 *** AsusTEK asio.sys MSR Manipulation *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016030116 *** Google slings critical patch at exploited Linux kernel root hole *** --------------------------------------------- Android re-installation ahoy to sink privilege elevation that opens avenue for rooting apps Google has shipped an out-of-band patch for Android shuttering a bug that is under active exploitation to root devices. --------------------------------------------- www.theregister.co.uk/2016/03/22/google_slings_critcial_patch_at_exploited_… *** IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affects IBM Rational DOORS Next Generation *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21978747 *** IBM Security Bulletin: Lotus Quickr 8.5 for WebSphere Portal January 2016 CPU (CVE-2016-0448) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21977579 *** Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2015-7575) *** --------------------------------------------- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099195 *** IBM Security Bulletin: Vulnerability in Apache Cordova affects IBM MobileFirst Platform Foundation (CVE-2015-5256) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg2C1000109 *** Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2015-5600) *** --------------------------------------------- http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098977 *** Samba-Entwickler warnen vor Lücke auch in Windows *** --------------------------------------------- Badlock heißt eine kritische Sicherheitslücke, die Samba-Entwickler in ihrer eigenen Software, aber auch in Windows entdeckt haben. Sie warnen die Betreiber solcher Server eindringlich, am 12. April Zeit für das Einspielen von Patches einzuplanen. --------------------------------------------- http://heise.de/-3148379 *** Deluge of Apple Patches Fix iMessage Crypto Bug, Much More *** --------------------------------------------- Apple deployed patches for nearly all of its products, including Safari, OS X, iOS, Apple TV's tvOS, and watchOS on Monday. --------------------------------------------- http://threatpost.com/deluge-of-apple-patches-fix-imessage-crypto-bug-much-… *** "E-ISAC and SANS Report On The Ukrainian Grid Attack" *** --------------------------------------------- Yesterday the SANS ICS team released its Defense Use Case (DUC) #5 analyzing the cyber-attack that impacted Ukraine on December 23, 2015. The paper is written from the perspective of what lessons that can be learned from the event. The .. --------------------------------------------- http://ics.sans.org/blog/2016/03/22/e-isac-and-sans-report-on-the-ukrainian… *** A look at Locky ransomware *** --------------------------------------------- The Locky ransomware was first spotted in the wild last month in February 2016. Locky came to limelight when it hit the Hollywood Hospital last month causing the hospital to pay bitcoins worth 17,000$ USD in ransom. Locky is known to .. --------------------------------------------- http://research.zscaler.com/2016/03/a-look-at-locky-ransomware.html

1 0

Tageszusammenfassung - Montag 21-03-2016
by Daily end-of-shift report 21 Mar '16

21 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 18-03-2016 18:00 − Montag 21-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Palo Alto Networks: VPN-Webinterface mit überlangen Benutzernamen angreifbar *** --------------------------------------------- Ein Sicherheitsforscher der Heidelberger Firma ERNW hat eine Remote-Code-Execution-Lücke auf einer Palo-Alto-Appliance gefunden. Verantwortlich dafür war ein fehlender Längencheck bei der Eingabe des Benutzernamens. --------------------------------------------- http://www.golem.de/news/palo-alto-networks-vpn-webinterface-mit-ueberlange… *** IBM Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server (CVE-2016-0283) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21978293 *** FreeBSD crushes system-crashing bug *** --------------------------------------------- Time to upgrade, Unix-like OS-havers Sysadmins ought to patch their FreeBSD systems after an irritating bug was found in the kernel .. --------------------------------------------- www.theregister.co.uk/2016/03/18/freebsd_bug_patched/ *** Unplanmäßiger Android-Patch und noch einmal Stagefright *** --------------------------------------------- Knapp drei Wochen nach dem planmäßigen März-Update schließt Google eine Sicherheitslücke in Android, mit der sich Angreifer Root-Rechte erschleichen können. Derweil wurde ein weiterer Stagefright-Exploit bekannt. --------------------------------------------- http://www.heise.de/newsticker/meldung/Unplanmaessiger-Android-Patch-und-no… *** Google offers binary comparison tool BinDiff for free *** --------------------------------------------- In case you missed it, Google announced on Friday that BinDiff, a comparison tool for binary files, can now be downloaded for free. The tool is used to spot differences and similarities in disassembled code, and is helpful for identifying and isolating fixes for vulnerabilities in vendor-supplied .. --------------------------------------------- https://www.helpnetsecurity.com/2016/03/21/binary-comparison-tool-bindiff-f… *** Exploiting a Leaked Thread Handle *** --------------------------------------------- Once in awhile you'll find a bug that allows you to leak a handle opened in a privileged process into a lower privileged process. I found just such a bug in the Secondary Logon service on Windows, which was fixed this month as .. --------------------------------------------- http://googleprojectzero.blogspot.co.at/2016/03/exploiting-leaked-thread-ha… *** Erpresser rüsten nach: Verschlüsselungs-Trojaner TeslaCrypt 4.0 gesichtet *** --------------------------------------------- Sicherheitsforscher warnen vor einer neuen Version der Ransomware TeslaCrypt, die Computer infiziert und Daten chiffriert. Für Opfer ist es nun noch schwerer herauszufinden, was mit ihren Dateien passiert ist. --------------------------------------------- http://heise.de/-3145559 *** NIST releases updated telework guidance *** --------------------------------------------- The National Institute of Standards and Technology (NIST) released draft guidance for telework protocol, an update to the federal agencys initial documents drafted in 2009. --------------------------------------------- http://www.scmagazine.com/nist-releases-updated-telework-guidance/article/4… *** iOS URI Schemes Abuse *** --------------------------------------------- A set of URI schemes bugs that lead Safari to crash/freeze. --------------------------------------------- https://github.com/pwnsdx/iOS-URI-Schemes-Abuse-PoC *** OS X Malware Samples Analyzed *** --------------------------------------------- A couple of months ago, as we rang in 2016, we thought it would be interesting to take a quick look back at some OSX malware from 2015 and 2014. As reported by the team at Bit9+Carbon Black [1], 2015 marked 'the most prolific year in history for OS X .. --------------------------------------------- https://www.alienvault.com/open-threat-exchange/blog/os-x-malware-samples-a… *** Office für Mac: Microsoft veröffentlicht Sicherheits-Updates *** --------------------------------------------- Microsoft hat Updates für die OS-X-Versionen von Office 2011 und Office 2016 veröffentlicht, die eine kritische Schwachstelle schließen sollen. Die neue Version der Office-Suite baut die Sprachen-Unterstützung aus. --------------------------------------------- http://heise.de/-3146389

1 0

Tageszusammenfassung - Freitag 18-03-2016
by Daily end-of-shift report 18 Mar '16

18 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 17-03-2016 18:00 − Freitag 18-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Online Banking Threats in 2015: The Curious Case of DRIDEX's Prevalence *** --------------------------------------------- The thing about takedowns is that these do not necessarily wipe out the cybercriminal operations. In 2014, the ZeroAccess takedown has affected the botnet's click fraud operation, but its infections continued to soar. DRIDEX's .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/curious-case-dri… *** Mitre Takes On Critics, Set To Revamp CVE Vulnerability Reporting *** --------------------------------------------- Mitre Corporation will introduce a pilot program for classifying CVEs in response to critics who contend the agency is failing to keep pace with a massive influx CVE number requests. --------------------------------------------- http://threatpost.com/mitre-takes-on-critics-set-to-revamp-cve-vulnerabilit… *** Server Security: Indicators of Compromised Behavior with OSSEC *** --------------------------------------------- We leverage OSSEC extensively here at Sucuri to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, rootkit detection, .. --------------------------------------------- https://blog.sucuri.net/2016/03/server-security-anomaly-behaviour-with-osse… *** No mas, Samas: What's in this ransomware's modus operandi? *** --------------------------------------------- We've seen how ransomware managed to become a threat category that sends consumers and enterprise reeling when it hits them. It has become a high-commodity malware that is used as payload to spam email, macro malware, and exploit kit campaigns. It also digs onto victims' pockets in exchange for .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/03/17/no-mas-samas-whats-in-t… *** ABB Panel Builder 800 DLL Hijacking Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a DLL Hijacking vulnerability in the ABB Panel Builder 800 Version 5.1 application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-077-01 *** Apache ActiveMQ Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1035328 *** Apache ActiveMQ Lets Remote Users Conduct Clickjacking Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1035327 *** Android adware infiltrates devices' firmware, Trend Micro apps *** --------------------------------------------- Dubbed Gmobi by Dr. Web researchers, the malware comes in the form of a software development kit (SDK), and has been found in several legitimate applications by well-known companies, as well as in firmware for nearly 40 mobile .. --------------------------------------------- https://www.helpnetsecurity.com/2016/03/18/android-adware-infiltrates-devic… *** SSA-151221 (Last Update 2016-03-18): Incorrect File Permissions in APOGEE Insight *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-151221… *** [HTB23293]: Remote Code Execution via CSRF in iTop *** --------------------------------------------- High-Tech Bridge Security Research Lab discovered a Remote Code Execution vulnerability in iTop that is exploitable via Cross-Site Request Forgery flaw that is also present .. --------------------------------------------- https://www.htbridge.com/advisory/HTB23293 *** Lets Encrypt tritt CA/Browser Forum bei *** --------------------------------------------- Der nächste Schritt hin zu einer anerkannten Zertifizierungsstelle ist getan: Als Mitglied im CA/Browser Forum bewegt sich Let's Encrypt nun auf Augenhöhe mit Comodo, Symantec & Co. --------------------------------------------- http://heise.de/-3144202 *** Auch DDR4-Speicher für Bitflips anfällig *** --------------------------------------------- Offenbar sind mehr Arbeitsspeicher-Varianten für den Rowhammer-Angriff verwundbar, als bislang gedacht. Forscher haben jetzt einen Angriff auf DDR4-Speicher vorgestellt, auch professionelle Serverspeicher sollen betroffen sein. --------------------------------------------- http://www.golem.de/news/rowhammer-auch-ddr4-speicher-fuer-bitflips-anfaell… *** Sicherheits-Updates für Symantecs Endpoint Protection *** --------------------------------------------- Drei Lücken schließt das aktuelle Update für Symantecs Endpoint Protection (SEP), darunter eine SQL Injection. --------------------------------------------- http://heise.de/-3144528 *** Biometrics not a magic infosec bullet for web banking, warns GCHQ bloke *** --------------------------------------------- You can change a password. You cant change fingerprints Around the world, banks are implementing biometric authentication systems for their customers as fraud cases increase - but experts warn biometrics should not be treated like a silver bullet for ID .. --------------------------------------------- www.theregister.co.uk/2016/03/18/biometrics_not_answer_online_banking_secur… *** Security: Neuer Stagefright-Exploit betrifft Millionen Android-Geräte *** --------------------------------------------- Stagefright bedroht viele nach wie vor ungepatchte Android-Geräte weltweit, gilt aber als schwierig auszunutzen. Eine neue Technik erfordert etwas Infrastruktur, dürfte aber größere praktische Relevanz haben. --------------------------------------------- http://www.golem.de/news/security-neuer-stagefright-exploit-betrifft-millio… *** DDoS-Attacken auf Schweizer Websites *** --------------------------------------------- In der Schweiz gab es in der vergangenen Woche eine Reihe von DDoS-Angriffen auf Online-Shops, die Schweizerischen Bundesbahnen und Finanzinstitute. In einem Fall wurden .. --------------------------------------------- http://heise.de/-3144854

1 0

Tageszusammenfassung - Donnerstag 17-03-2016
by Daily end-of-shift report 17 Mar '16

17 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-03-2016 18:00 − Donnerstag 17-03-2016 18:00 Handler: Robert Waldner Co-Handler: n/a *** Blundering ransomware uses backdoored crypto, unlock keys spewed *** --------------------------------------------- Hahah ... wait, what? A software developer whose example encryption code was used by a strain of ransomware has released the decryption keys for the malware. --------------------------------------------- http://www.theregister.co.uk/2016/03/16/locky_ransomware_undone_for_now/ *** Netgear CG3000v2 Password Change Bypass *** --------------------------------------------- I noticed a security issue in my Netgear CG3000v2 cable modem, as provided by Optus (an Australian phone/communications provider). The "admin password" can be changed on the web interface, without providing the current password. The page http://192.168.0.1/SetPassword.asp prompts for old and new passwords (and repeat of new), but in fact ignores the old password provided, and changes the password to the new one, regardless. --------------------------------------------- https://cxsecurity.com/issue/WLB-2016030089 *** 2015-12-10: POODLE Vulnerability in RTU500 Series *** --------------------------------------------- Affected Products: RTU500 series firmware of release 10 less than version 10.8.6 and of release 11 less than 11.2.1. RTU500 series releases 9 and less are not affected. Summary: A vulnerability has recently been published that affects the SSL protocol 3.0 and is commonly referred to as “POODLE”. The vulnerability affects the product versions listed above. --------------------------------------------- http://search.abb.com/library/Download.aspx?DocumentID=1KGT090264&LanguageC… *** ADAC: Autos mit Keyless-Schlüssel sehr leichter zu stehlen *** --------------------------------------------- Diebe können sich eine Sicherheitslücke in der Funkverbindung zunutze machen --------------------------------------------- http://derstandard.at/2000033077997 *** APT Attackers Flying More False Flags Than Ever *** --------------------------------------------- Investigators continue to focus on attack attribution, but Kaspersky researchers speaking at CanSecWest 2016 caution that attackers are manipulating data used to tie attacks to perpetrators. --------------------------------------------- http://threatpost.com/apt-attackers-flying-more-false-flags-than-ever/11681… *** sol06223540: F5 TCP vulnerability CVE-2015-8240 *** --------------------------------------------- Improper handling of TCP options under some circumstances may cause a denial-of-service (DoS) condition. (CVE-2015-8240) Versions known to be vulnerable: 11.6.0 HF5, 11.5.3 HF2, 11.4.1 HF9 on various BIG-IP products --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/k/06/sol06223540.html *** Metaphor - A (real) reallife Stagefright exploit *** --------------------------------------------- The team here at NorthBit has built a working exploit affecting Android versions 2.2 - 4.0 and 5.0 - 5.1, while bypassing ASLR on versions 5.0 - 5.1 (as Android versions 2.2 - 4.0 do not implement ASLR). --------------------------------------------- https://www.exploit-db.com/docs/39527.pdf *** Xen XSA-171: I/O port access privilege escalation in x86-64 Linux *** --------------------------------------------- User mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes (Denial of Service), or in-guest information leaks. --------------------------------------------- http://xenbits.xen.org/xsa/advisory-171.html *** BSI veröffentlicht Anforderungskatalog für Cloud Computing *** --------------------------------------------- Anhand des Katalogs können Kunden von Cloud-Dienstleistern herausfinden, wie es um die Informationssicherheit in einer Cloud steht. Aber auch Anbieter solcher Dienste können sich damit etwa auf eine anstehende Zertifizierung vorbereiten. --------------------------------------------- http://heise.de/-3141368 *** Introducing SHIPS - Centralized Password Management *** --------------------------------------------- The Shared Host Integrated Password System (SHIPS) is an open-source solution created by Geoff Walton from TrustedSec to provide unique and rotated local super user or administrator passwords for environments where it is not possible or not appropriate to disable these local accounts. Our goal is to make post exploitation more difficult and provide a simplistic way to manage multiple systems in an environment where Windows does not necessarily support an alternative. SHIPS supports both Linux --------------------------------------------- https://www.trustedsec.com/january-2015/introducing-ships-centralized-local… *** New NIST Encryption Guidelines *** --------------------------------------------- NIST has published a draft of their new standard for encryption use: "NIST Special Publication 800-175B, Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms." In it, the Escrowed Encryption Standard from the 1990s, FIPS-185, is no longer certified. And Skipjack, NSAs symmetric algorithm from the same period, will no longer be certified. --------------------------------------------- https://www.schneier.com/blog/archives/2016/03/new_nist_encryp.html *** Scores of Serial Servers Plagued by Lack of Authentication, Encryption *** --------------------------------------------- Thousands of serial servers connected to the internet arent password protected and lack encryption, leaving any data that transfers between them and devices theyre connected to open to snooping, experts warn. --------------------------------------------- http://threatpost.com/scores-of-serial-servers-plagued-by-lack-of-authentic… *** VU#897144: Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow *** --------------------------------------------- The Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2345 Solarwinds Dameware Remote Mini Controller is a software for assisting in remote desktop connections for helpdesk support. --------------------------------------------- http://www.kb.cert.org/vuls/id/897144 *** Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks *** --------------------------------------------- This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite. --------------------------------------------- https://mazinahmed.net/uploads/Bypassing%20NoScript%20Security%20Suite%20Us… *** Symantec Endpoint Protection Multiple Security Issues *** --------------------------------------------- Symantec Endpoint Protection (SEP) was susceptible to a number of security findings that could potentially result in an authorized but less privileged user gaining elevated access to the Management Console. SEP Client security mitigations can potentially be bypassed allowing arbitrary code execution on a targeted client. --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** IBM Security Bulletin *** --------------------------------------------- *** IBM Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities (CVE-2015-5345, CVE-2015-5351) *** http://www.ibm.com/support/docview.wss?uid=swg21978300 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2015-7575, CVE-2015-4872, CVE-2015-4893, CVE-2015-4803) *** http://www.ibm.com/support/docview.wss?uid=swg21976573 --------------------------------------------- *** IBM Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry (CVE-2015-7713, CVE-2015-5286) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023399 --------------------------------------------- *** IBM Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry(CVE-2015-5163 CVE-2015-3241 CVE-2015-5223) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023469 --------------------------------------------- *** IBM Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-5163 CVE-2015-3241 CVE-2015-5223) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023470 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 16-03-2016
by Daily end-of-shift report 16 Mar '16

16 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 15-03-2016 18:00 − Mittwoch 16-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Bugtraq: [security bulletin] HPSBGN03556 rev.1 - ArcSight ESM and ESM Express, Remote Arbitrary File Download, Local Arbitrary Command Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/537801 *** Exploit Kits in 2015: Scale and Distribution *** --------------------------------------------- In the first part of this series of blog posts, we discussed what new developments and changes in the exploit kit landscape were seen in 2015. In this post, we look at the scale of the exploit kit problem - how many users were affected, .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/exploit-kits-201… *** Apache Struts Input Validation Flaw in I18NInterceptor Lets Remote Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1035272 *** Apache Struts Double OGNL Evaluation Lets Remote Users Execute Arbitrary Code on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1035271 *** VMware vRealizes that vRealize has XSS bugs on Linux *** --------------------------------------------- Virtzillas also released first maintenance release for vRealize Automation A tricky Tuesday for VMwares vRealize products, which have received the first maintenance release for version 7 and also become the subject of a security alert. --------------------------------------------- www.theregister.co.uk/2016/03/16/vmware_vrealizes_that_vrealize_has_xss_bug… *** OpenSSH 7.2p1 xauth Command Injection / Bypass *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016030083 *** TeslaCrypt 3.1? New Ransomware Strain Removes ShadowCopies via WMI *** --------------------------------------------- The authors of TeslaCrypt 3.1 ransomware understood that the common ransomware action of deleting shadow copies by executing "vssadmin Delete Shadows /All /Quiet" draws the defenders attention, and so they worked around that by using WMI. --------------------------------------------- http://www.minerva-labs.com/ *** subsearch *** --------------------------------------------- subsearch is a command line tool designed to brute force subdomain names. It is aimed at penetration testers and bug bounty hunters and has been built with a focus on speed, stealth and reporting. --------------------------------------------- https://github.com/gavia/subsearch *** Git Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1035290 *** FortiOS open redirect vulnerability *** --------------------------------------------- The FortiOS webui accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. The redirect input parameter is also prone to a cross site scripting. --------------------------------------------- http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability *** IBM Security Bulletin: Vulnerabilities in java affect Power Hardware Management Console (CVE-2016-0448) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1021172 *** IBM Security Bulletin: Vulnerabilities in OpenSSH affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images (CVE-2016-0777, CVE-2016-0778) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21978487 *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ (CVE-2015-1788) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21972125 *** DDoSing with Other Peoples Botnets *** --------------------------------------------- While I was reverse engineering ZeroAccess in order to write a monitoring system, I had an idea which would allow me to use ZeroAccess C&C infrastructure to reflect and amplify a UDP based DDoS attack, which Id found to be beautifully ironic. After further analysis, I discovered it may even be possible to use non worker bots (which connect from behind NAT) to participate in the attack. --------------------------------------------- http://www.malwaretech.com/2016/03/ddosing-with-other-peoples-botnets.html *** DFN-CERT-2016-0461/">Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0461/ *** Nacktfotos von Prominenten: Verdächtiger gesteht Phishing-Angriff auf iCloud *** --------------------------------------------- Im Verfahren um die Veröffentlichung von privaten Promifotos hat sich der Verdächtige des Phishings schuldig bekannt. Doch mit der Veröffentlichung der Bilder will der Mann nichts zu tun haben. --------------------------------------------- http://www.golem.de/news/nacktfotos-von-prominenten-verdaechtiger-gesteht-p… *** HTTPS: 77 Prozent aller Google-Anfragen verschlüsselt *** --------------------------------------------- In seinem Transparenzbericht dokumentiert Google nun auch den Prozentsatz von Transportverschlüsselung bei seinen eigenen Diensten und Anfragen an Server der Suchmaschine. Vor allem der hohe Wert bei der Verteilung von Werbung überrascht. --------------------------------------------- http://heise.de/-3140351 *** Erpressungstrojaner auf Websites von New York Times und BBC *** --------------------------------------------- Potenziell Millionen Nutzer gefährdet, Sicherheitsforscher sehen Beleg für Schwächen des Werbenetzwerks --------------------------------------------- http://derstandard.at/2000033046874 *** AceDeceiver: iOS-Trojaner nutzt Schwachstellen in Apples DRM *** --------------------------------------------- Angreifern ist es einer Sicherheitsfirma zufolge gelungen, Schad-Software mehrfach ungehindert in den App Store zu bringen. Durch Schwachpunkte in Apples DRM FairPlay könne die Malware zudem auf iPhones gelangen - ohne Enterprise-Zertifikat. --------------------------------------------- http://heise.de/-3140627

1 0

Tageszusammenfassung - Dienstag 15-03-2016
by Daily end-of-shift report 15 Mar '16

15 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 14-03-2016 18:00 − Dienstag 15-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Typosquatters Target Mac Users With New '.om' Domain Scam *** --------------------------------------------- http://threatpost.com/typosquatters-target-apple-mac-users-with-new-om-doma… *** Juniper: Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) *** --------------------------------------------- On March 1, 2016, a cross-protocol attack was announced by OpenSSL that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800). --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722 *** Citrix XenApp and XenDesktop Hardening Guidance *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2016/03/citrix_xenapp_andxe.ht… *** Complete Tour of PE and ELF: Part 2 *** --------------------------------------------- We covered some important sections in Part 1 of this series. In this part, we will cover some more complex data structures covering some important concepts of binaries. Here is what we are looking at: If you can recall in Optional header, .. --------------------------------------------- http://resources.infosecinstitute.com/complete-tour-of-pe-and-elf-part-2/ *** Adrian Dabrowski @ Troopers TelcoSecDay 2016 *** --------------------------------------------- Today Adrian Dabrowski gives his talk 'Towards Carrier Based IMSI Catcher Detection' at the TelcoSecDay 2016. Abstract: In this presentation we discuss multiple detection capabilities of IMSI Catchers (aka Stingray) from the network .. --------------------------------------------- https://www.sba-research.org/2016/03/15/adrian-dabrowski-troopers-telcosecd… *** How broken is SHA-1 really? *** --------------------------------------------- SHA-1 collisions may be found in the next few months, but that doesnt mean that fake SHA-1-based certificates will be created in the near future. Nevertheless, it is time for everyone, and those working in security in particular, to move away from outdated hash functions. Read more --------------------------------------------- https://www.virusbulletin.com/blog/2016/march-2016/how-broken-sha-1-really/ *** BSI-Leitfaden zum Umgang mit Erpressungs-Trojanern *** --------------------------------------------- Das BSI informiert in einem knappen Leitfaden Behörden und Unternehmen über die Bedrohung durch Krypto-Trojaner und wie man sich im Ernstfall verhalten sollte. --------------------------------------------- http://heise.de/-3135866 *** From Stolen Wallet to ID Theft, Wrongful Arrest *** --------------------------------------------- Its remarkable how quickly a stolen purse or wallet can morph into full-blow identity theft, and possibly even result in the victims wrongful arrest. All of the above was visited recently on a fellow infosec professional whose admitted lapse in physical security lead to a mistaken early morning arrest in front of his kids. --------------------------------------------- http://krebsonsecurity.com/2016/03/from-stolen-wallet-to-id-theft-wrongful-…

1 0

Tageszusammenfassung - Montag 14-03-2016
by Daily end-of-shift report 14 Mar '16

14 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 11-03-2016 18:00 − Montag 14-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** VU#713312: DTE Energy Insight app vulnerable to information exposure *** --------------------------------------------- The DTE Energy Insight app API allows an authenticated user to obtain and query certain limited customer information from other customers. --------------------------------------------- http://www.kb.cert.org/vuls/id/713312 *** Mehr als zwei Jahre alter Java-Security-Patch von Oracle immer noch verwundbar *** --------------------------------------------- Geht es nach dem Sicherheitsexperten Adam Gowdiak hat Oracle vor mehr als zwei Jahren eine Sicherheitslücke falsch bewertet und zudem bei dem Patch gepfuscht, der den Fehler eigentlich hätte beseitigen sollen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Mehr-als-zwei-Jahre-alter-Java-Secur… *** The Source of All Major Android Banking Trojans Just Got Updated To V2 *** --------------------------------------------- An anonymous reader writes: Apparently, during the past months it has started coming to the surface the fact that most top-tier Android malware was actually related, coming from a common malware variant called GM Bot, and sold for only .. --------------------------------------------- http://news.slashdot.org/story/16/03/12/1556259/the-source-of-all-major-and… *** Google Chrome Extension Caught Stealing Bitcoin From Users *** --------------------------------------------- An anonymous reader writes: Bitcoin exchange portal Bitstamp is warning users of a Google Chrome extension that steals their Bitcoin when making a transfer. According to Bitstamp, this extension contains malicious code that is redirecting .. --------------------------------------------- http://news.slashdot.org/story/16/03/12/2328254/google-chrome-extension-cau… *** Armada Collective is back, extorting Financial Intuitions in Switzerland *** --------------------------------------------- These extortion emails usually originate from free email service providers (such as Gmail or Openmail) and are being sent to the info@ email address of the targeted financial institution. Unlike the extortion attempts conducted by Armada Collective in September 2015, we are not aware of .. --------------------------------------------- http://www.govcert.admin.ch/blog/19/armada-collective-is-back-extorting-fin… *** Auto vulnerability scanners turn up mostly false positives *** --------------------------------------------- Automated vulnerability scanners turn up mostly false positives, but even the wild goose chase that results can be cheaper for businesses than manual processes, according to NCC Group security engineer Clint Gibler. --------------------------------------------- http://www.theregister.co.uk/2016/03/14/cheap_auto_vulnerability_scanners_c… *** SSA-833048 (Last Update 2016-03-14): Vulnerability in SIMATIC S7-1200 CPUs prior to V4 *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-833048… *** IBM Security Bulletin: GNU C library (glibc) vulnerability affects TS4500 (CVE-2015-7547) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1005695 *** IBM Security Bulletin: glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1023395 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21975835 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry (CVE-2016-0475 CVE-2016-0448 CVE-2015-7575 CVE-2016-0466) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1023378 Botnets Plague the Web. This AI Is Out to Stop Them --------------------------------------------- A group of Israeli researchers believe they are the first to have discovered a way to locate botnets and identify who is behind them, by planting honeypots that gather information about attacks carried out by the network, and analyzing that data with machine learning programs. --------------------------------------------- https://motherboard.vice.com/read/botnets-plague-the-web-this-ai-is-out-to-… *** Broken 2013 Java Patch Leads to Sandbox Bypass *** --------------------------------------------- A patch for a critical 2013 Java vulnerability is incomplete, and exposes Java servers and clients to a sandbox bypass, researchers at Security Explorations of Poland said. --------------------------------------------- http://threatpost.com/broken-2013-java-patch-leads-to-sandbox-bypass/116757/

1 0

Tageszusammenfassung - Freitag 11-03-2016
by Daily end-of-shift report 11 Mar '16

11 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 10-03-2016 18:00 − Freitag 11-03-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Locky Ransomware Spreading in Massive Spam Attack *** --------------------------------------------- Researchers are tracking a massive spam campaign pelting inboxes with Locky ransomware downloaders in the form of JavaScript attachments. --------------------------------------------- http://threatpost.com/locky-ransomware-spreading-in-massive-spam-attack/116… *** Deinstallieren oder Aktualisieren: Adobe verteilt Notfall-Update für Flash *** --------------------------------------------- Es kommt nicht überraschend: Adobe veröffentlicht wieder ein Notfall-Update für den Flash-Player. Wer ihn nicht bereits deinstalliert hat, sollte das Update installieren. Auch die Digital Editions und der Adobe Reader werden versorgt. --------------------------------------------- http://www.golem.de/news/deinstallieren-oder-aktualisieren-adobe-rollt-notf… *** Security Afterworks Spezial: Secure your Enterprise - Innovative Microsoft-Security-Lösungen im Enterprise- & Mobility-Umfeld *** --------------------------------------------- April 18, 2016 - 3:00 pm - 5:00 pm Microsoft Österreich Am Europlatz 3 Wien --------------------------------------------- https://www.sba-research.org/events/security-afterworks-spezial-secure-your… *** Files compromised by ransomware Trojan for OS X can be decrypted by Doctor Web *** --------------------------------------------- March 11, 2016 At the beginning of March, numerous mass media, websites, and blogs announced about the emergence of the first ever ransomware for Mac computers. Doctor Web specialists examined this malicious program, which was named Mac.Trojan.KeRanger.2, and they have developed a method that can help to decrypt files affected by this Trojan. Mac.Trojan.KeRanger.2 was first detected in a compromised version of the installer for a popular OS X torrent client that was distributed as a DMG file. --------------------------------------------- http://news.drweb.com/show/?i=9877&lng=en&c=9 *** Cerber Ransomware - New, But Mature *** --------------------------------------------- We take a look at Cerber, Ransomware named after the mythical multi-headed dog...Categories: Malware AnalysisTags: cerberransomware(Read more...) --------------------------------------------- https://blog.malwarebytes.org/intelligence/2016/03/cerber-ransomware-new-bu… *** OpenSSH Security Advisory: x11fwd.adv *** --------------------------------------------- Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1). --------------------------------------------- http://www.openssh.com/txt/x11fwd.adv *** Cisco Gigabit Switch Router 12000 Series Routers Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Schneider Electric Telvent RTU Improper Ethernet Frame Padding Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a vulnerability caused by an Institute of Electrical and Electronics Engineers (IEEE) conformance issue involving improper frame padding in Schneider Electric's Telvent SAGE 2300 and 2400 remote terminal units. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-070-01 *** VU#270232: Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability *** --------------------------------------------- Vulnerability Note VU#270232 Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability Original Release date: 10 Mar 2016 | Last revised: 10 Mar 2016 Overview Quagga, version 0.99.24.1 and earlier, contains a buffer overflow vulnerability in bgpd with BGP peers enabled for VPNv4 that may leveraged to gain code execution. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2342Quagga is a software routing suite that implements numerous routing protocols for... --------------------------------------------- http://www.kb.cert.org/vuls/id/270232 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: GNU C library (glibc) vulnerability affects Tivoli Provisioning Manager for OS deployment and Tivoli Provisioning Manager for Images (CVE-2015-7547) *** http://www.ibm.com/support/docview.wss?uid=swg21978194 --------------------------------------------- *** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM DataPower Gateways (CVE-2015-7547) *** http://www.ibm.com/support/docview.wss?uid=swg21977460 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine (CVE-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=swg21978188 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in the GSKit component of IBM DataPower Gateways (CVE-2016-0201) *** http://www.ibm.com/support/docview.wss?uid=swg21974969 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in the GSKit component of IBM DB2 LUW (CVE-2016-0201, CVE-2015-7420 & CVE-2015-7421) *** http://www.ibm.com/support/docview.wss?uid=swg21977787 --------------------------------------------- *** IBM Security Bulletin: Cross-Site Scripting Vulnerability with the UML Vizualization tools *** http://www.ibm.com/support/docview.wss?uid=swg21978003 --------------------------------------------- *** Security Bulletin: Vulnerability in lighttpd affects IBM Integrated Management Module (IMM)(CVE-2015-3200) *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099226 --------------------------------------------- *** IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21978471 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily