Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - Dienstag 7-06-2016
by Daily end-of-shift report 07 Jun '16

07 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 06-06-2016 18:00 − Dienstag 07-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Gezielte Trojaner-Mails mit persönlichen Daten aus dem LinkedIn-Hack *** --------------------------------------------- Aktuell kursieren gefälschte Rechnungen mit Trojaner im Gepäck, die sich LinkedIn-Daten zunutze machen und deswegen plausibel wirken. --------------------------------------------- http://heise.de/-3228473 *** Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript *** --------------------------------------------- This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks, McAfee Labs has observed a huge increase in spam related to Locky, a new ransomware threat spread via spam campaigns. The contents of the spam email are carefully crafted to lure victims using social engineering... --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/locky-ransomware-hides-under-multiple-… *** Threat Actors Employ COM Technology in Shellcode to Evade Detection *** --------------------------------------------- COM (Component Object Model) is a technology in Microsoft Windows that enables software components to communicate with each other; it is one of the fundamental architectures in Windows. From the security point of view, several "features" built into COM have lead to many security vulnerabilities. These features include ActiveX (an Internet Explorer plug-in technology), the... --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/threat-actors-employ-com-technology-sh… *** FastPOS malware exfiltrates data immediately after harvesting it *** --------------------------------------------- POS malware might have taken a backseat when ransomware became the go-to malware for many cyber crooks, but stealing payment card information to effect fraudulent transactions is still a lucrative business. Trend Micro researchers have recently analyzed a new POS malware family sporting some interesting functionalities. One of these is what made them dub the threat FastPOS: the malware does not wait to collect a batch of data and then send it periodically to the... --------------------------------------------- https://www.helpnetsecurity.com/2016/06/07/fastpos-malware/ *** Check your BITS, because deleting malware might not be enough *** --------------------------------------------- Attackers are abusing the Windows Background Intelligent Transfer Service (BITS) to re-infect computers with malware after theyve been already cleaned by antivirus products.The technique was observed in the wild last month by researchers from SecureWorks while responding to a malware incident for a customer. The antivirus software installed on a compromised computer detected and removed a malware program, but the computer was still showing signs of malicious activity at the network level. --------------------------------------------- http://www.cio.com/article/3080016/check-your-bits-because-deleting-malware… *** Android gets patches for serious flaws in hardware drivers and media server *** --------------------------------------------- The June batch of Android security patches addresses nearly two dozen vulnerabilities in system drivers for various hardware components from several chipset makers.The largest number of critical and high severity flaws were patched in the Qualcomm video driver, sound driver, GPU driver, Wi-Fi driver, and camera driver. Some of these privilege escalation vulnerabilities could allow malicious applications to execute malicious code in the kernel leading to a permanent device compromise. Similar... --------------------------------------------- http://www.csoonline.com/article/3079726/security/android-gets-patches-for-… *** Android Security Bulletin - June 2016 *** --------------------------------------------- [...] The most severe issue is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files. --------------------------------------------- https://source.android.com/security/bulletin/2016-06-01.html *** BlackBerry powered by Android Security Bulletin - June 2016 *** --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available build, as outlined in the Available Updates section. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?articleNumber=000038209 *** NTP.org ntpd is vulnerable to denial of service and other vulnerabilities *** --------------------------------------------- NTP.orgs reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTPs security advisory listing and in the individual links below. --------------------------------------------- https://www.kb.cert.org/vuls/id/321640 *** DFN-CERT-2016-0840: IPv6-Protokoll: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff *** --------------------------------------------- Version 1 (2016-05-26 11:34) Neues Advisory Version 2 (2016-05-27 09:49) Cisco aktualisiert die referenzierte Sicherheitsmeldung [...] Version 3 (2016-06-01 11:36) Cisco aktualisiert die referenzierte Sicherheitsmeldung [...] Version 4 (2016-06-03 14:31) Cisco aktualisiert cisco-sa-20160525-ipv6 und weist darauf hin, dass es sich nicht um einen Cisco spezifischen Fehler handelt, [...] Version 5 (2016-06-06 15:12) Juniper Networks informiert darüber, dass EX4300, EX4600, QFX3500 und QFX5100... --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0840/ *** Bugtraq: [security bulletin] HPSBGN03620 rev.1 - HPE Helion OpenStack using OpenSSL and QEMU, Remote Unauthorized Data Access *** --------------------------------------------- http://www.securityfocus.com/archive/1/538612 *** Bugtraq: [security bulletin] HPSBGN03619 rev.1 - HPE Discovery and Dependency Mapping Inventory (DDMi) using Java Deserialization, remote Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/538611 *** Bugtraq: [security bulletin] HPSBGN03442 rev.2 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/538610 *** IBM Security Bulletin: Path Traversal affects IBM Security Guardium Database Activity Monitor (CVE-2016-0298) *** --------------------------------------------- IBM Security Guardium Database Activity Monitor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to view arbitrary files on the system. CVE(s): CVE-2016-0298 Affected product(s) and affected version(s): IBM Security Guardium Database Activity Monitor V10 Refer to the following reference URLs for remediation and... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21981749 *** IBM Security Bulletin: Using Components with Known Vulnerabilities affects IBM Security Guardium (multiple CVEs) *** --------------------------------------------- IBM Security Guardium is vulnerable to several possible remote attacks CVE(s): CVE-2015-4881, CVE-2015-7181, CVE-2015-7981, CVE-2013-1981, CVE-2015-3416, CVE-2015-2730, CVE-2015-7704, CVE-2015-3238, CVE-2015-5312, CVE-2015-5288 Affected product(s) and affected version(s): IBM Security Guardium V10 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21981747X-Force Database:... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21981747 *** IBM Security Bulletin: Cacheable SSL Page vulenrability affects IBM Security Guardium Database Activity Monitor (CVE-2016-0237) *** --------------------------------------------- IBM Security Guardium Database Activity Monitor contains locally cached browser data, that could allow a local attacker to obtain sensitive information. CVE(s): CVE-2016-0237 Affected product(s) and affected version(s): IBM Security Guardium Database Activity Monitor V10 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21981631X-Force Database:... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21981631 *** IBM Security Bulletin: Use of Hard-coded Cryptographic Key vulenrability affects IBM Security Guardium Database Activity Monitor (CVE-2016-0235) *** --------------------------------------------- IBM Security Guardium Database Activity Monitor uses a hard-coded password for the which is available to the administrator or a user with root access. This password could be used across other GRUB systems. CVE(s): CVE-2016-0235 Affected product(s) and affected version(s): IBM Security Guardium Database Activity Monitor V10 Refer to the following reference URLs for remediation... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21981748 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Streams (CVE-2016-0466, CVE-2016-0448) *** --------------------------------------------- There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 Service Refresh 2 Fix Pack 11 and earlier releases, Version 7R1 Service Refresh 3 Fix Pack 31 and earlier releases, and Version 6 Service Refresh 16 Fix Pack 21 and earlier releases. If you run your own Java code using the IBM Java... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21983436 *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM InfoSphere Streams. (CVE-2015-8317) *** --------------------------------------------- There is a vulnerability in libxml2 that is used by IBM InfoSphere Streams. IBM InfoSphere Streams has addressed this vulnerability. CVE(s): CVE-2015-8317 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 1.2.1.0 IBM InfoSphere Streams Version 2.0.0.4 and earlier IBM InfoSphere Streams Version 3.0.0.5 and earlier IBM InfoSphere Streams Version 3.1.0.7 and earlier IBM InfoSphere... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21983370 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ AMS (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196) *** --------------------------------------------- OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM MQ Advanced Message Security (AMS) on IBM i. IBM MQ has addressed the applicable CVEs. CVE(s): CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 Affected product(s) and affected version(s): IBM MQ 8.0 Advanced Message Security (AMS) on IBM i only Fix Pack 8.0.0.4... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21983823 *** IBM Security Bulletin: A vulnerability in XML processing affects IBM InfoSphere Streams (CVE-2015-1819) *** --------------------------------------------- IBM InfoSphere Streams may be vulnerable to a denial of service attack due to the use of Libxml2 (CVE-2015-1819) CVE(s): , CVE-2015-1819 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 1.2.1.0 IBM InfoSphere Streams Version 2.0.0.4 and earlier IBM InfoSphere Streams Version 3.0.0.5 and earlier IBM InfoSphere Streams Version 3.1.0.7 and earlier IBM InfoSphere... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21981066 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM BigFix Remote Control (CVE-2016-2107) *** --------------------------------------------- OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM BigFix Remote Control. IBM BigFix Remote Control has addressed the applicable CVEs. CVE(s): CVE-2016-2107 Affected product(s) and affected version(s): IBM BigFix Remote Control version 9.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin:... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21984111

1 0

Tageszusammenfassung - Montag 6-06-2016
by Daily end-of-shift report 06 Jun '16

06 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 03-06-2016 18:00 − Montag 06-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Magento Credit Card Stealer for Braintree Extension *** --------------------------------------------- We regularly find and write about malware that steals credit card details from Magento sites because attackers discover new techniques to obtain sensitive data daily. This time, the malicious code is specifically designed for Magento sites that use the Braintree extension. This extension connects a Magento store with the Braintree payment processing service that is... --------------------------------------------- https://blog.sucuri.net/2016/06/magento-credit-card-stealer-braintree-exten… *** WordPress Sites Under Attack From New Zero-Day In WP Mobile Detector Plugin *** --------------------------------------------- An anonymous reader writes: A large number of websites have been infected with SEO spam thanks to a new zero-day in the WP Mobile Detector plugin that was installed on over 10,000 websites. The zero-day was used in real-world attacks since May 26, but only surfaced to light on May 29 when researchers notified the plugins developer. Seeing that the developer was slow to react, security researchers informed Automattic, who had the plugin delisted from WordPress.orgs Plugin Directory on May 31. In... --------------------------------------------- https://tech.slashdot.org/story/16/06/03/2243238/wordpress-sites-under-atta… https://blog.sucuri.net/2016/06/wp-mobile-detector-vulnerability-being-expl… *** Whats Going on With libtiff?, (Sun, Jun 5th) *** --------------------------------------------- libtiff, as the name implies, is a library used to parse TIFF formatted images. While you dont run into TIFF images on the web every day, the format is quite popular for higher-resolution/high qualityapplications like printing. TIFF allows the user to select between lossless or lossycompression depending on the preferences of the user. While the library is very popular, a reader wrote in last week asking if the library is still maintained. Currently, there are three security issues listed in... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21131&rss *** Destructive BadBlock ransomware can be foiled *** --------------------------------------------- If you have been hit with ransomware, you want that malware to be BadBlock - but only if you haven't restarted your computer. This particular malware is a lacklustre attempt to create something on par with more popular ransomware, and that allowed Emsisoft security researcher Fabian Wosar to create a decrypter tool for it. The tool can be downloaded for free, and Bleeping Computer has offered instructions on how to use it. But, aside from... --------------------------------------------- https://www.helpnetsecurity.com/2016/06/06/destructive-badblock-ransomware-… *** Researchers hack the Mitsubishi Outlander SUV, shut off alarm remotely *** --------------------------------------------- Mitsubishi Outlander, a popular hybrid SUV sold around the world, can be easily broken into by attackers exploiting security weaknesses in the setup that allows the car to be remotely controlled via an app. The weaknesses were discovered by Pen Test Partners, and include: The mobile app connects to the car through a Wi-Fi access point on it, instead via a web service and GSM module, making it impossible to use if one is not... --------------------------------------------- https://www.helpnetsecurity.com/2016/06/06/researchers-hack-mitsubishi-outl… *** Dangerous self-spreading successor of Zeus and Carberp discovered *** --------------------------------------------- June 3, 2016 In June, Doctor Web security researchers examined a new dangerous virus targeting Russian bank clients. The virus is designed to steal money from bank accounts and monitor user activity. It has borrowed a lot of features from its predecessors Zeus (Trojan.PWS.Panda) and Carberp. Yet, unlike them, it can be spread without any user intervention infecting executable files. Besides, curing of the infected computer is rather complicated and may take several hours. Due to the ability to... --------------------------------------------- http://news.drweb.com/show/?i=9999&lng=en&c=9 *** Firmware Analysis for IoT Devices *** --------------------------------------------- Introduction This is the second post in the IoT Exploitation and Penetration Testing series. In this post, we are going to have a look at a key component in an IoT device architecture - Firmware. Any IoT device you use, you will be interacting with firmware, and this is because firmware can be thought of... --------------------------------------------- http://resources.infosecinstitute.com/firmware-analysis-for-iot-devices/ *** Widespread exploits evade protections enforced by Microsoft EMET *** --------------------------------------------- Its bad news for businesses. Hackers have launched large-scale attacks that are capable of bypassing the security protections added by Microsofts Enhanced Mitigation Experience Toolkit (EMET), a tool whose goal is to stop software exploits.Security researchers from FireEye have observed Silverlight and Flash Player exploits designed to evade EMET mitigations such as Data Execution Prevention (DEP), Export Address Table Access Filtering (EAF) and Export Address Table Access Filtering Plus --------------------------------------------- http://www.cio.com/article/3079747/widespread-exploits-evade-protections-en… *** Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** JSA10749 - IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability (CVE-2016-1409) *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10749&actp=RSS *** Security Advisory: NTP vulnerability CVE-2016-1548 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/63/sol63675293.html?… *** DSA-3595 mariadb-10.0 - security update *** --------------------------------------------- Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.25. Please see the MariaDB 10.0 Release Notes for furtherdetails: --------------------------------------------- https://www.debian.org/security/2016/dsa-3595 *** Bugtraq: [security bulletin] HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access *** --------------------------------------------- http://www.securityfocus.com/archive/1/538597 *** DFN-CERT-2016-0908: VideoLAN VLC Media Player: Eine Schwachstelle ermöglicht u.a. die Ausführung beliebigen Programmcodes mit Benutzerrechten *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0908/ *** Citrix NetScaler Gateway Lets Remote Users Hijack the Target Users Login Form Credentials *** --------------------------------------------- http://www.securitytracker.com/id/1036020

1 0

Tageszusammenfassung - Freitag 3-06-2016
by Daily end-of-shift report 03 Jun '16

03 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 02-06-2016 18:00 − Freitag 03-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Trillium Exploit Kit Update Offers 'Security Tips' *** --------------------------------------------- McAfee Labs has previously blogged about the Trillium Exploit Kit Version 3.0, which is commonly used to create and distribute malware. Last week, Version 4.0 appeared on several underground forums. We have analyzed the new version of the tool .. --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/trillium-exploit-kit-update-offers-sec… *** DSA-3593 libxml2 - security update *** --------------------------------------------- Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3593 *** GE MultiLink Series Hard-coded Credential Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a hard-coded credential vulnerability in GE's MultiLink series managed switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01 *** WP Mobile Detector <= 3.5 - Arbitrary File Upload *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8505 *** Understanding Angler Exploit Kit - Part 1: Exploit Kit Fundamentals *** --------------------------------------------- Generally speaking, criminal groups use two methods for widespread distribution of malware. The most common method is malicious spam (malspam). This is a fairly direct mechanism, usually through an email attachment or .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/06/unit42-understanding-ang… *** MySQL is YourSQL *** --------------------------------------------- Its The End of the World and We Know It If you listen to the press - those purveyors of doom, those nattering nabobs of negativism - you arrive at a single, undeniable conclusion: The worldis going to hell in a hand-basket. They .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21117 *** Nach Kontroversen: Teamviewer führte neue Accountsicherungen ein *** --------------------------------------------- Wenige Tage nach zahlreichen Nutzerbeschwerden über gehackte Accounts reagiert Teamviewer mit einem vorgezogenen Sicherheitsupdate. Wir haben mit dem Unternehmen darüber gesprochen. --------------------------------------------- http://www.golem.de/news/nach-kontroversen-teamviewer-fuehrte-neue-accounts…

1 0

Tageszusammenfassung - Donnerstag 2-06-2016
by Daily end-of-shift report 02 Jun '16

02 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 01-06-2016 18:00 − Donnerstag 02-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** DSA-3591 imagemagick - security update *** --------------------------------------------- Bob Friesenhahn from the GraphicsMagick project discovered a commandinjection vulnerability in ImageMagick, a program suite for imagemanipulation. An attacker with control on input image or the inputfilename can execute arbitrary commands with the privileges of the userrunning the application. --------------------------------------------- https://www.debian.org/security/2016/dsa-3591 *** Lenovo advises users to remove a vulnerable support tool preinstalled on their systems *** --------------------------------------------- PC maker Lenovo is recommending that users remove an application preloaded on their computers because it contains a high-severity flaw that could allow attackers to take over their systems.The vulnerable tool is called .. --------------------------------------------- http://www.csoonline.com/article/3077935/security/lenovo-advises-users-to-r… *** Opening hours - Moderately Critical - XSS - SA-CONTRIB-2016-031 *** --------------------------------------------- https://www.drupal.org/node/2738707 *** DSA-3592 nginx - security update *** --------------------------------------------- It was discovered that a NULL pointer dereference in the Nginx coderesponsible for saving client request bodies to a temporary file mightresult in denial of service: Malformed requests could crash workerprocesses. --------------------------------------------- https://www.debian.org/security/2016/dsa-3592 *** Researchers spot 35-fold increase in newly observed ransomware domains *** --------------------------------------------- A record 35-fold increase in newly observed ransomware domains compared to the fourth quarter of 2015 have been spotted by Infoblox researchers. --------------------------------------------- http://www.scmagazine.com/infoblox-researchers-spotted-a-huge-uptick-in-dns… *** Yahoo Publishes National Security Letters After FBI Drops Gag Orders *** --------------------------------------------- Yahoo just became the first company to disclose that it has received NSLs without having to go to court to do so. --------------------------------------------- http://www.wired.com/2016/06/yahoo-publishes-national-security-letters-fbi-… *** Docker Containers Logging *** --------------------------------------------- In a previous diary, Jim talked about forensic operations against Docker containers. To be able to perform investigations after an incident, we must have some .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21121 *** Die meisten Android-Virenscanner sind unsicher *** --------------------------------------------- Eigentlich sollte AV-Software das Smartphone vor Schadcode schützen. Wie Forscher nun festgestellt haben, weisen viele Virenjäger für Android allerdings selbst eklatante Sicherheitsmängel auf. --------------------------------------------- http://heise.de/-3225169 *** Trend Micro enterprise products multiple vulnerabilities *** --------------------------------------------- Multiple enterprise products provided by Trend Micro Incorporated contain multiple vulnerabilities. --------------------------------------------- http://jvn.jp/en/jp/JVN48847535/ *** Trend Micro Internet Security multiple vulnerabilities *** --------------------------------------------- Trend Micro Internet Security provided by Trend Micro Incorporated contains multiple vulnerabilities. --------------------------------------------- http://jvn.jp/en/jp/JVN48789425/ *** Mitnick Attack Reappears at GeekPwn Macau Contest *** --------------------------------------------- Cao Yue, a Ph.D. student from University of California, Riverside, delivered a stunning show at the GeekPwn 2016 Macau Contest on May 12 attended by top-caliber white hat hackers worldwide. Cao succeeded in remotely hijacking TCP connections at his random choice. --------------------------------------------- http://www.prnewswire.com/news-releases/mitnick-attack-reappears-at-geekpwn… *** Hacker Lexicon: What Is Fuzzing? *** --------------------------------------------- Sometimes hacking isnt about taking a program apart: Its about throwing random objects at it to see what breaks. --------------------------------------------- http://www.wired.com/2016/06/hacker-lexicon-fuzzing/ *** [2016-06-02] Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway *** --------------------------------------------- The firmware for the cable modem Ubee EVW3226 contains multiple critical vulnerabilities, which can be exploited to gain full system-level access to the device. This allows for inspection, modification and redirection of traffic. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016… *** IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activityon SCADA Systems *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2016/06/irongate_ics_malware.h… *** TeamViewer users claim accounts hacked *** --------------------------------------------- TeamViewer is a remote desktop connection software that allows users to share screens and allow remote access from anywhere in the world. In the past 24 hours, many customers .. --------------------------------------------- http://www.inquisitr.com/3156809/teamviewer-accounts-hacked-users-claim/ *** Erpresser-Mails drohen mit Rufschädigung über Social Media *** --------------------------------------------- Erpresser machen sich die Berichterstattung über aktuelle Hackerangriffe zunutze, um Droh-Mails zu verschicken, in denen sie den Opfern damit drohen, sensible Informationen auf deren Online-Konten zu veröffentlichen. --------------------------------------------- http://heise.de/-3225619 *** 93% Of Phishing Emails Are Now Ransomware *** --------------------------------------------- According to the latest data from security firm PhishMe, 93% of all phishing emails as of the end of March contained encryption ransomware. The numbers .. --------------------------------------------- https://tech.slashdot.org/story/16/06/02/1356241/93-of-phishing-emails-are-… *** How Russian cybercrime bosses crafted a ransomware empire out of an economic crisis *** --------------------------------------------- Amid a crashing ruble and shaken markets due to global sanctions over Russian president Vladimir Putins .. --------------------------------------------- http://www.neowin.net/news/how-russian-cybercrime-bosses-crafted-a-ransomwa… *** XSA-178 *** --------------------------------------------- http://xenbits.xen.org/xsa/advisory-178.html *** XSA-175 *** --------------------------------------------- http://xenbits.xen.org/xsa/advisory-175.html

1 0

Tageszusammenfassung - Mittwoch 1-06-2016
by Daily end-of-shift report 01 Jun '16

01 Jun '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 31-05-2016 18:00 − Mittwoch 01-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Tor Browser 6.0: Ditches SHA-1 Support, Uses DuckDuckGo For Default Search Results *** --------------------------------------------- The version 6.0 of Tor Browser, a free software for enabling anonymous communication, is now available to download. The new version introduces several changes, including disabling SHA-1 support, and removing .. --------------------------------------------- https://tech.slashdot.org/story/16/05/31/1643234/tor-browser-60-ditches-sha… *** Drupal SQLi (Drupalgeddon) Attack Trend CVE-2014-3704 / SA-CORE-2014-005 *** --------------------------------------------- It has been over 19 months since Drupalgeddon, which refers to Drupal's Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it .. --------------------------------------------- https://blog.sucuri.net/2016/05/drupal-sqli-drupalgeddon-attack-trend-cve-2… *** Finding Conditional Drupal Database Spam *** --------------------------------------------- Nobody likes spam. It's never fun (unless you're watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what we deal with since our inception, giving us some pretty good .. --------------------------------------------- https://blog.sucuri.net/2016/05/finding-conditional-drupal-database-spam.ht… *** Cluster of 'megabreaches' compromises a whopping 642 million passwords *** --------------------------------------------- MySpace, Tumblr, and Fling are the latest services to join discredited LinkedIn. --------------------------------------------- http://arstechnica.com/security/2016/05/cluster-of-megabreaches-compromise-… *** Moxa UC 7408-LX-Plus Firmware Overwrite Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a firmware overwrite vulnerability in Moxa's UC 7408-LX-Plus device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-152-01 *** ABB PCM600 Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for one use of password hash with insufficient computational effort and three insufficiently protected credentials vulnerabilities in ABB's PCM600. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-152-02 *** Unfalsifiability of security claims *** --------------------------------------------- There is an inherent asymmetry in computer security: things can be declared insecure by observation, but not the reverse. There is no observation that allows us to declare an arbitrary system or technique secure. We .. --------------------------------------------- http://research.microsoft.com/pubs/256133/unfalsifiabilityOfSecurityClaims.… *** Lücke in ImageMagick und GraphicsMagick ermöglicht erneute Angriffe *** --------------------------------------------- Manipulierte Dateinamen können Schadcode über die popen()-Funktion des Betriebssystems zur Ausführung bringen. Patches stehen bereit. --------------------------------------------- http://heise.de/-3223811 *** Scrum.org hacked, may have lost crypto keys and some user data *** --------------------------------------------- Dont go dissing DevOps: a supplier has fessed up to a website vuln Scrum.org, the Scrum certification .. --------------------------------------------- www.theregister.co.uk/2016/06/01/scrumorg_hacked_may_have_lost_crypto_keys_… *** Heikle Sicherheitslücken in vorinstallierter Laptop-Software *** --------------------------------------------- http://derstandard.at/2000038006783 *** Microsoft: Spamfilter für Hotmail und Outlook kaputt *** --------------------------------------------- Unternehmen arbeitet mit Hochdruck an Lösung, manche Nutzer sollen "extreme Menge" an Spam-Mails erhalten --------------------------------------------- http://derstandard.at/2000038023486 *** The impossible task of creating a 'Best VPNs' list today *** --------------------------------------------- Our writer set out to make a list of reliable VPNs; turns out the task is complicated. --------------------------------------------- http://arstechnica.com/security/2016/06/aiming-for-anonymity-ars-assesses-t… *** VB2015 paper: Economic Sanctions on Malware *** --------------------------------------------- Financial pressure can be a proactive and potentially very effective tool in making our computer ecosystems safer. By cleverly employing various trust metrics and technologies such as digital signing, watermarking, and .. --------------------------------------------- https://www.virusbulletin.com/blog/2016/06/economic-sanctions-malware/ *** DRIDEX Poses as Fake Certificate in Latest Spam Run *** --------------------------------------------- At a glance, it seems that DRIDEX has dwindled its activities or operation, appearing only for a few days this May. This is quite unusual given that in the past five months or so, this prevalent online banking threat .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/dridex-poses-as-… *** Security: LG muss Android-Firmware reparieren *** --------------------------------------------- Zwei Sicherheitslücken in LGs-Android Firmware ermöglichen eine Reihe von Angriffen, teilweise auch aus der Ferne. Nutzer sollten schnell reagieren, die Updates stehen bereit. --------------------------------------------- http://www.golem.de/news/security-lg-muss-android-firmware-reparieren-1606-… *** Kindernahrung: Mein Baby Club von Hipp wurde gehackt *** --------------------------------------------- Kopierte Nutzerdaten sind immer ein Ärgernis - besonders, wenn die persönlichen Informationen von Kindern betroffen sind. Der Hersteller Hipp hat seine Kunden jetzt über einen Einbruch in die eigenen Serversysteme des Mein Baby Clubs informiert --------------------------------------------- http://www.golem.de/news/kindernahrung-mein-baby-club-von-hipp-wurde-gehack…

1 0

Tageszusammenfassung - Dienstag 31-05-2016
by Daily end-of-shift report 31 May '16

31 May '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 30-05-2016 18:00 − Dienstag 31-05-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Abgeschlossen: Wartungsarbeiten Dienstag, 31. 5. 2016 *** --------------------------------------------- Abgeschlossen: Wartungsarbeiten Dienstag, 31. 5. 201625. Mai 2016Am Dienstag, 31. Mai 2016, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen, diese können jeweils .. --------------------------------------------- http://www.cert.at/services/blog/20160525113745-1748.html *** Österreichische Handy-Signatur anfällig für Phishing *** --------------------------------------------- Mit einer sogenannten Handy-Signatur können Österreicher auch Dokumente für Kommunikation Behörden rechtsverbindlich unterschreiben. Doch die digitale Unterschrift lässt sich mit einem einfachen Phishing-Angriff fälschen. --------------------------------------------- http://heise.de/-3222980 *** Vulnerability in Citrix Studio Could Result in Insecure Access Policy Configuration *** --------------------------------------------- A vulnerability has been identified in Citrix Studio that could allow Access Policy rules to be set insecurely on the Citrix XenDesktop Delivery Controller. --------------------------------------------- https://support.citrix.com/article/CTX213045 *** Nach Kritik: Pornhub überarbeitet sein Bounty-Programm *** --------------------------------------------- Mit ihrem Bug-Bounty-Programm hat eine Pornoseite Schlagzeilen gemacht. Doch die Kommunikation mit den Hackern und die gezahlten Bountys sorgten für viel Kritik. Das Unternehmen verspricht jetzt Besserung. --------------------------------------------- http://www.golem.de/news/nach-kritik-pornhub-ueberarbeitet-sein-bounty-prog… *** Twitter paid out $322,420 in bug bounties *** --------------------------------------------- Researchers have proven that bug bounties are a cheaper way for discovering vulnerabilities than hiring full-time bug hunters would be and, in the last few years, many Internet and tech companies have instituted such programs. The security community has praised those who have, and the .. --------------------------------------------- https://www.helpnetsecurity.com/2016/05/31/twitter-bug-bounty/ *** Neuer Tor Browser setzt bei der Suche auf DuckDuckGo *** --------------------------------------------- Die bisherige Standardsuche Disconnect habe auf von Google auf Bing umgestellt, mit katastrophalem Ergebnis, begründen die Entwickler ihre Entscheidung. Weitere Änderungen betreffen Mac-Nutzer und die Anzeige von YouTube-Videos. --------------------------------------------- http://heise.de/-3210346 *** Bloatware Insecurity Continues to Haunt Consumer, Business Laptops *** --------------------------------------------- High-severity vulnerabilities were found in pre-installed software updaters present in consumer and business laptops from vendors such as Dell, HP, Lenovo, Asus and Acer. --------------------------------------------- http://threatpost.com/bloatware-insecurity-continues-to-haunt-consumer-busi…

1 0

Tageszusammenfassung - Montag 30-05-2016
by Daily end-of-shift report 30 May '16

30 May '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 27-05-2016 18:00 − Montag 30-05-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Security baseline for Windows Server 2016 Technical Preview 5 (TP5) *** --------------------------------------------- Microsoft is pleased to announce the draft release of the security configuration baseline settings for Windows Server 2016, corresponding to Technical .. --------------------------------------------- https://blogs.technet.microsoft.com/secguide/2016/05/27/security-baseline-f… *** New Locky ransomware campaign sets sights on Amazon customers *** --------------------------------------------- Amazon customers are the target of a wide-ranging phishing email scam intended to fool recipients into opening up a malicious attachment that results in the downloading of Locky ransomware. --------------------------------------------- http://www.scmagazine.com/new-locky-ransomware-campaign-sets-sights-on-amaz… *** How Attackers Use a Flash Exploit to Distribute Crimeware and Other Malware *** --------------------------------------------- Background Adobe Flash is multimedia software that runs on more than 1 billion systems worldwide. Its long list of security vulnerabilities and huge market presence .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/how-attackers-use-a-fl… *** VMSA-2016-0005.2 *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0005.html *** Security Advisory: Stored XSS in Jetpack *** --------------------------------------------- During regular research audits for our Sucuri Firewall (Cloud-based WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more than a million WordPress sites. The .. --------------------------------------------- https://blog.sucuri.net/2016/05/security-advisory-stored-xss-jetpack-2.html *** ZDI-16-361: (Pwn2Own) Apple OS X libATSServer Heap-based Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-361/ *** ZDI-16-360: (Pwn2Own) Apple OS X fontd Sandbox Escape Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-360/ *** Microsoft stattet Windows 10 mit doppelten Virenschutz aus *** --------------------------------------------- http://derstandard.at/2000037805637 *** Nach LinkedIn Datenleck auch bei MySpace *** --------------------------------------------- Der LinkedIn-Hacker hat laut eigenen Angaben auch 360 Millionen E-Mail-Adressen von MySpace-Nutzern und .. --------------------------------------------- http://futurezone.at/digital-life/nach-linkedin-datenleck-auch-bei-myspace/… *** Duqu 2.0 kernel exploitation technique analysis (part 1 of 2) *** --------------------------------------------- Out of the multiple components used in the sophisticated Duqu 2.0 cyberespionage attack, we had a chance to look into one of the kernel exploits used for its .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/05/29/%e2%80%8bduqu-2-0-kerne… *** CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename *** --------------------------------------------- All existing releases of GraphicsMagick and ImageMagick support a file open syntax where if the first character of the file specification is a |, then the remainder of the filename is passed to the shell for execution using the .. --------------------------------------------- http://permalink.gmane.org/gmane.comp.security.oss.general/19669 *** breaking into a wordpress site without knowing wordpress/php or infosec at all *** --------------------------------------------- This is a post about how I tried and broke into my colleges wordpress installation without having any prior knowledge of wordpress/php and without any experience with hacking web-servers. The attempts were spread out over a month, .. --------------------------------------------- https://notehub.org/5zo2v *** Saudi-Arabien soll Cyberangriffe gegen Iran gestartet haben *** --------------------------------------------- http://derstandard.at/2000037865736 *** Microsoft geht gegen zu einfache Passwörter vor *** --------------------------------------------- Künftig sollen Nutzer von Azure und anderen Diensten Warnungen erhalten, wenn ihr Kennwort .. --------------------------------------------- http://derstandard.at/2000037866342 *** Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the IP Version 6 (IPv6) packet processing functions of Cisco IOS XR Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Angreifer erbeuten Nutzerdaten von sz-magazin.de *** --------------------------------------------- Ein Unbefugter habe sich Mitte Mai rechtswidrig Zugriff auf einen Datenbankserver des SZ-Magazins verschafft. --------------------------------------------- http://heise.de/-3222586 *** Hintergrund: Zertifikate sperren - so gehts *** --------------------------------------------- Verkehrte Welt -- um ein Zertifikat zu sperren, muss man es erst installieren. Mit der folgenden Anleitung .. --------------------------------------------- http://heise.de/-3222308 *** Zum Weltnichtrauchertag: BSI warnt vor Malware in E-Zigaretten *** --------------------------------------------- Wer E-Zigaretten raucht, erspart seiner Lunge Teer, setzt aber die Gesundheit seines Rechners aufs Spiel - zumindest, wenn die E-Zigarette per USB aufgeladen wird. --------------------------------------------- http://www.golem.de/news/zum-weltnichtrauchertag-bsi-warnt-vor-malware-in-e…

1 0

Tageszusammenfassung - Freitag 27-05-2016
by Daily end-of-shift report 27 May '16

27 May '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 26-05-2016 18:00 − Freitag 27-05-2016 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** VU#482135: MEDHOST Perioperative Information Management System contains hard-coded database credentials *** --------------------------------------------- MEDHOST Perioperative Information Management System (PIMS) versions prior to 2015R1 contain hard-coded credentials that are used for customer database access. --------------------------------------------- http://www.kb.cert.org/vuls/id/482135 *** Environmental Systems Corporation Data Controllers Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for data controller vulnerabilities in the Environmental Systems Corporation (ESC) 8832 Data Controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01 *** Sixnet BT Series Hard-coded Credentials Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a hard-coded credential vulnerability in Sixnet's BT series routers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-147-02 *** Black Box AlertWerks ServSensor Credential Management Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a credential management vulnerability in Black Box's AlertWerks ServSensor devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03 *** Bugtraq: ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/538499 *** Up to a dozen banks are reportedly investigating potential SWIFT breaches *** --------------------------------------------- More banks have reportedly launched investigations into potential security breaches on their networks after hackers stole US$81 million from the Bangladesh .. --------------------------------------------- http://www.cio.com/article/3075448/up-to-a-dozen-banks-are-reportedly-inves… *** Cisco WebEx Meeting Center Site Access Control User Account Enumeration Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security Advisory: NTP vulnerability CVE-2016-2519 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/41/sol41613034.html *** Security Advisory: NTP vulnerability CVE-2016-2517 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/61/sol61200338.html *** Multiple Buffalo wireless LAN routers vulnerable to information disclosure *** --------------------------------------------- http://jvn.jp/en/jp/JVN75813272/ *** Multiple Buffalo wireless LAN routers vulnerable to directory traversal *** --------------------------------------------- http://jvn.jp/en/jp/JVN81698369/ *** Link (.lnk) to Ransom *** --------------------------------------------- We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior. This ransom leverages removable and network drives to propagate .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/ *** Spoofer *** --------------------------------------------- Seeking to minimize Internets susceptibility to spoofed DDoS attacks, we are developing and supporting open-source software tools to assess and report on the deployment of source address validation (SAV) best anti-spoofing practices. This .. --------------------------------------------- http://www.caida.org/projects/spoofer/ *** Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160527-… *** Path Traversal in extension "Media management" (media) *** --------------------------------------------- https://typo3.org/news/article/path-traversal-in-extension-media-management… *** Cross-Site Scripting in extension "Formhandler" (formhandler) *** --------------------------------------------- https://typo3.org/news/article/cross-site-scripting-in-extension-formhandle… *** Global companies arent quick to patch 'high' severity flaw in OpenSSL *** --------------------------------------------- Yet another Padding Oracle flaw (CVE-2016-2107), allowing decrypting TLS traffic in a MITM attack, remains exploitable on the most popular web and email servers. --------------------------------------------- https://www.htbridge.com/blog/CVE-2016-2107-padding-oracle-exploit.html *** TLS-Zertifikate: Google zieht Daumenschrauben der CAs weiter an *** --------------------------------------------- Ab Juni müssen alle Symantec-CAs ihre Aktivitäten via Certificate Transparency registrieren. Sonst werden die Zertifikats-Inhaber abgestraft. Das könnte auch andere CAs treffen. --------------------------------------------- http://heise.de/-3215053 *** Cisco Firepower Management Center Web Interface Code Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Android Banking Trojan 'SpyLocker' Targets More Banks in Europe *** --------------------------------------------- Since the discovery of the Android banking Trojan SpyLocker, Intel Security has closely monitored this threat. SpyLocker first appeared disguised as Adobe Flash Player and targeted customers of banks in Australia, New Zealand, and .. --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targe…

1 0

Tageszusammenfassung - Mittwoch 25-05-2016
by Daily end-of-shift report 25 May '16

25 May '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 24-05-2016 18:00 − Mittwoch 25-05-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** New Botnets Used for Low and Slow Credential Testing (May 23, 2016) *** --------------------------------------------- Botnets are being used to test account access credentials... --------------------------------------------- http://www.sans.org/newsletters/newsbites/r/18/41/306 *** Many Ubiquiti Wireless Devices Still Vulnerable (May 20 and 23, 2016) *** --------------------------------------------- Owners of Ubiquiti wireless devices are being urged to apply a patch that the company released last year; the flaw it fixes is being actively exploited... --------------------------------------------- http://www.sans.org/newsletters/newsbites/r/18/41/308 *** Nulled WordPress Themes: Malvertising and Black Hat SEO *** --------------------------------------------- If you have been following our blog for some time, you know that we regularly warn about risks associated with the use of third-party software on your site. A benign plugin may sneakingly inject ads into your site which cause malvertising problems for the site visitors (e.g. SweetCaptcha). Other plugins may be hijacked by hackers or... The post Nulled WordPress Themes: Malvertising and Black Hat SEO appeared first on Sucuri Blog. --------------------------------------------- https://blog.sucuri.net/2016/05/nulled-wordpress-themes-malvertising-black-… *** New Wekby Attacks Use DNS Requests As Command and Control Mechanism *** --------------------------------------------- We have observed an attack led by the APT group Wekby targeting a US-based organization in recent weeks. Wekby is a group that has been active for a number of years, targeting various industries such... --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks… *** SWIFT exec unveils info sharing plan, calls Bangladesh a watershed event *** --------------------------------------------- SWIFT CEO Gottfried Leibbrandt issued details of the messaging service companys information-sharing strategy. --------------------------------------------- http://www.scmagazine.com/swift-exec-unveils-info-sharing-plan-calls-bangla… *** Stop Using "internal" Top Level Domain Names, (Wed, May 25th) *** --------------------------------------------- Cert.org this week warned again that internal top level domain names can be used against you, if one of these domains happens to be registered as a new generic top level domain (gTLD). Currently, there are about 1200 approved gTLDs, and the number will only increase even though the initial gold rush seems to have leveled off somewhat [1] US-Cert just sent out a reminder again regarding the use of internal domain names for automatic proxy configuration via WPAD. If this internal, but not... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21095&rss *** CVE-2015-2545: overview of current threats *** --------------------------------------------- Cyberespionage attacks conducted by different groups across the Asia-Pacific (APAC) and Far East regions share one common feature: in order to infect their victims with malware, the attackers use an exploit for the CVE-2015-2545 vulnerability. --------------------------------------------- http://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of… *** Who's tracking you online, and how? *** --------------------------------------------- Armed with a tool that mimics a consumer browser but is actually bent on discovering all the ways websites are tracking visitors, Princeton University researchers have discovered several device fingerprinting techniques never before seen in the wild. The web privacy measurement tool is called OpenWPM, and has been open sourced. Its creators are the very same researchers who performed this latest study. They crawled and analyzed measurements collected from 1 million of the most popular... --------------------------------------------- https://www.helpnetsecurity.com/2016/05/25/whos-tracking-you-online/ *** The Answer is always the same: Layers of Security *** --------------------------------------------- There is a common misperception that now that containers support seccomp we no longer need SELinux to help protect our systems. WRONG. The big weakness in containers is the container possesses the ability to interact with the host kernel and the host file systems. Securing the container processes is all about shrinking the attack surface on the host OS and more specifically on the host kernel.seccomp does a great job of shrinking the attack surface on the kernel. The idea is to limit the number... --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2334141 *** Skimmers Found at Walmart: A Closer Look *** --------------------------------------------- Recent local news stories about credit card skimmers found in self-checkout lanes at some Walmart locations reminds me of a criminal sales pitch I saw recently for overlay skimmers made specifically for the very same card terminals. --------------------------------------------- http://krebsonsecurity.com/2016/05/skimmers-found-at-walmart-a-closer-look/ *** VMSA-2016-0006 *** --------------------------------------------- VMware vCenter Server updates address an important cross-site scripting issue --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2016-0006.html *** HPE Service Manager Unspecified Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1035954 *** Operation Technology ETAP 14.1.0 Multiple Stack Buffer Overrun Vulnerabilities *** --------------------------------------------- Multiple ETAP binaries are prone to a stack-based buffer overflow vulnerability because the application fails to handle malformed arguments. An attacker can exploit these issues to execute arbitrary code within the context of the application or to trigger a denial-of-service conditions. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5324.php *** Operation Technology ETAP 14.1.0 Local Privilege Escalation *** --------------------------------------------- ETAP suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the C flag (Change) for Authenticated Users group. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5323.php *** ZDI-16-354: (0Day) ActivePDF Toolkit ImageToPDF IAT Overwrite Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ActivePDF Toolkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-354/ *** Moxa MiiNePort Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for weak credential management, sensitive information not protected, and cross-site request forgery vulnerabilities in Moxa's MiiNePort serial device server module series. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01 *** Security Advisory: Java vulnerabilities CVE-2013-5802 and CVE-2013-5823 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/53/sol53316849.html?… *** Security Advisory: Multiple Java vulnerabilities *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/95/sol95313044.html?… *** Wartungsarbeiten Dienstag, 31.5.2016 *** --------------------------------------------- Wartungsarbeiten Dienstag, 31. 5. 2016 | 25. Mai 2016 | Am Dienstag, 31. Mai 2016, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen, diese können jeweils mehrere Minuten andauern. Es... --------------------------------------------- http://www.cert.at/services/blog/20160525113745-1748.html Next End-of-Shift report: 2016-05-27

1 0

Tageszusammenfassung - Dienstag 24-05-2016
by Daily end-of-shift report 24 May '16

24 May '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 23-05-2016 18:00 − Dienstag 24-05-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** DMA Locker 4.0 - Known Ransomware Preparing For A Massive Distribution *** --------------------------------------------- We take a look at the step towards maturity of DMA Locker how this will be spreading on a bigger scale.Categories: Malware Threat analysisTags: DMA Lockerransomware(Read more...) --------------------------------------------- https://blog.malwarebytes.org/threat-analysis/2016/05/dma-locker-4-0-known-… *** Beware of keystroke loggers disguised as USB phone chargers, FBI warns *** --------------------------------------------- Private industry notification comes 15 months after debut of KeySweeper. --------------------------------------------- http://arstechnica.com/security/2016/05/beware-of-keystroke-loggers-disguis… *** SWIFT to unveil new security plan after hackers heists *** --------------------------------------------- The SWIFT secure messaging service that underpins international banking said it plans to launch a new security program as it fights to rebuild its reputation in the wake of the Bangladesh Bank heist. [...] Users frequently do not inform SWIFT of breaches of their SWIFT systems and even now, the co-operative has not proposed any sanctions for clients who fail to pass on information, which SWIFT itself says is key to stopping future attacks. --------------------------------------------- http://www.reuters.com/article/us-cyber-banks-swift-idUSKCN0YE2S6 *** Kommentar: Allo, Google? Gehts noch? *** --------------------------------------------- Googles WhatsApp-Alternative Allo verschlüsselt nicht konsequent, sondern liest stattdessen aktiv mit. Was soll das? --------------------------------------------- http://heise.de/-3215729 *** WPAD name collision bug opens door for MitM attackers *** --------------------------------------------- A vulnerability in Web Proxy Auto-Discovery (WPAD), a protocol used to ensure all systems in an organization utilize the same web proxy configuration, can be exploited to mount MitM attacks from anywhere on the Internet, US-CERT warns. "With the New gTLD program, previously undelegated gTLD strings are now being delegated for public domain name registration. These strings may be used by private or enterprise networks, and in certain circumstances, such as when a work computer... --------------------------------------------- https://www.helpnetsecurity.com/2016/05/24/wpad-name-collision-bug/ *** Hacker finds flaw in teleconference tool used by US Army, NASA and CERN *** --------------------------------------------- Like we need another reason to hate videoconferences Sydney security tester Jamieson OReilly has reported a since-patched vulnerability in popular video platform Vidyo - used by the likes of the US Army, NASA and CERN - that could see videos leaked and systems compromised. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/05/19/popular_tel… *** Pastejacking im Browser: Codeausführung per Copy and Paste *** --------------------------------------------- Browser können den Inhalt der Zwischenablage selbstständig verändern. In einem Proof-of-Concept wird gezeigt, wie diese Funktion für Angriffe genutzt werden kann - und Nutzer sich recht einfach schützen können. --------------------------------------------- http://www.golem.de/news/pastejacking-im-browser-codeausfuehrung-per-copy-a… *** Bösartige Apps stellen heimlich teure Telefonverbindungen her *** --------------------------------------------- Warnung der Regulierungsbehörde --------------------------------------------- http://derstandard.at/2000037564561 *** Neben Erpressung nun auch DDoS: Verschlüsselungs-Trojaner Cerber lernt dazu *** --------------------------------------------- Mit einer neuen Version von Cerber wollen die Drahtzieher hinter der Ransomware noch mehr Profit generieren: Der Schädling nimmt persönliche Daten als Geisel und die Kriminellen können infizierte Computer für DDoS-Attacken missbrauchen. --------------------------------------------- http://heise.de/-3217254 *** The Anti-Ransomware Protection Plan You Need to Follow Today *** --------------------------------------------- Technology has made our lives both easier and more complicated - there's no denying that. Fast Internet access opened up a world of wisdom and all the distractions we can image. But the door is also open for cyber criminals with little to no scruples and a big appetite for money. And there's no better... --------------------------------------------- https://heimdalsecurity.com/blog/anti-ransomware-protection-plan/ *** Xen Security Advisory CVE-2014-3672 / XSA-180 *** --------------------------------------------- When the libxl toolstack launches qemu for HVM guests, it pipes the output of stderr to a file in /var/log/xen. This output is not rate-limited in any way. The guest can easily cause qemu to print messages to stderr, causing this file to become arbitrarily large. --------------------------------------------- http://xenbits.xen.org/xsa/advisory-180.html *** Pulse Connect Secure Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1035932 *** Missing Access Check in TYPO3 CMS *** --------------------------------------------- It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions. --------------------------------------------- https://typo3.org/news/article/missing-access-check-in-typo3-cms/ *** Missing Access Check in extension "Frontend User Registration" (sf_register) *** --------------------------------------------- It has been discovered that the extension "Frontend User Registration" (sf_register) lacks a proper access check. --------------------------------------------- https://typo3.org/news/article/missing-access-check-in-extension-frontend-u… *** Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco UCS Invicta Software Default GPG Key Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: GNU C Library (glibc) vulnerability CVE-2016-3075 *** https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15439022.html?… --------------------------------------------- *** Security Advisory: OpenSSH vulnerability CVE-2016-1907 *** https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35424631.html?… --------------------------------------------- *** Security Advisory: glibc vulnerability CVE-2016-3075 *** https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15439022.html?… --------------------------------------------- *** Security Advisory: Java vulnerabilities CVE-2013-5782 and CVE-2013-5803 *** https://support.f5.com:443/kb/en-us/solutions/public/k/14/sol14340611.html?… --------------------------------------------- *** Security Advisory: PHP Vulnerability CVE-2016-4539 *** https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35240323.html?… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Host On-Demand (CVE-2016-0264 ,CVE-2016-3449) *** http://www.ibm.com/support/docview.wss?uid=swg21983578 --------------------------------------------- *** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005812 --------------------------------------------- *** IBM Security Bulletin: IBM Connections Security Update (CVE-2016-0322) *** http://www.ibm.com/support/docview.wss?uid=swg21982611 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Tomcat may affect IBM WebSphere Application Server Community Edition (CVE-2015-5174) *** http://www.ibm.com/support/docview.wss?uid=swg21983128 --------------------------------------------- *** IBM Applicable countries and regions *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099367 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities have been identified in the versions of IBM WebSphere Application Server Community Edition bundled with Web Experience Factory 7.0.x and 8.0.x (CVE-2015-5345) (CVE-2016-0706) (CVE-2016-0714) *** http://www.ibm.com/support/docview.wss?uid=swg21981775 --------------------------------------------- *** IBM Security Bulletin: HTTP response splitting has been identified in IBM WebSphere Application Server Liberty Profile shipped with SmartCloud Cost Management and Tivoli Usage Accounting Manager (CVE-2015-2017) *** http://www.ibm.com/support/docview.wss?uid=swg2C1000121 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily