Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - Montag 28-12-2015
by Daily end-of-shift report 28 Dec '15

28 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 23-12-2015 18:00 − Montag 28-12-2015 18:00 Handler: L. Aaron Kaplan Co-Handler: Stephan Richter *** Malware-Driven Card Breach at Hyatt Hotels *** --------------------------------------------- Hyatt Hotels Corporation said today it recently discovered malicious software designed to steal credit card data on computers that operate the payment processing systems for Hyatt-managed locations. --------------------------------------------- http://krebsonsecurity.com/2015/12/malware-driven-card-breach-at-hyatt-hote… *** Using WPScan: Finding WordPress Vulnerabilities *** --------------------------------------------- When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. The database at wpvulndb.com is used to check for vulnerable software and the WPScan team maintains the ever-growing list ofRead More The post Using WPScan: Finding WordPress Vulnerabilities appeared first on Sucuri Blog. --------------------------------------------- https://blog.sucuri.net/2015/12/using-wpscan-finding-wordpress-vulnerabilit… *** NSA und GCHQ nutzen seit Jahren Hintertüren in Juniper-Firewalls *** --------------------------------------------- Geheimes Dokument aus 2011 zeigt Zusammenarbeit der zwei Geheimdienste --------------------------------------------- http://derstandard.at/2000028055853 *** Victims of the Gomasom Ransomware can now decrypt their files for free *** --------------------------------------------- Fabian Wosar, security researcher at Emsisoft, created a tool for decrypting files locked by the Gomasom Ransomware. Ransomware are the most threatening cyber threats for end-users, but today I have a good news for victims of the Gomasom ransomware, victims can rescue their locked files. The news was spread by the security researcher Fabian Wosar that developed a... --------------------------------------------- http://securityaffairs.co/wordpress/43074/malware/decrypt-gomasom-ransomwar… *** Hacker zeigen massive Lücken bei Bankomatkarten *** --------------------------------------------- Vor Publikum PIN ausgelesen, Prepaid-Karte aufgeladen und Zahlungen umgeleitet --------------------------------------------- http://derstandard.at/2000028162750 *** 32C3: Hardware-Trojaner als unterschätzte Gefahr *** --------------------------------------------- Fest in IT-Geräte und Chips eingebaute Hintertüren stellten eine "ernste Bedrohung" dar, warnten Sicherheitsexperten auf der Hackerkonferenz. Sie seien zwar nur mit großem Einwand einzubauen, aber auch schwer zu finden. --------------------------------------------- http://heise.de/-3056452 *** 32C3: Dieselgate und die omninöse Akustik-Funktion *** --------------------------------------------- Kann die Manipulation der Abgaswerte bei Volkswagen wirklich das Werk einzelner Ingenieure sein? Auf dem CCC-Congress erteilten ein Insider und ein Hacker dieser Legende eine Absage. --------------------------------------------- http://heise.de/-3056438 *** 32C3: Automatische Zugsicherung und vernetzte Bahntechnik im Hackervisier *** --------------------------------------------- Eine Hackergruppe, die sich auf Industrieanlagen konzentriert, hat diverse Angriffsflächen rund um vernetzte Systeme zur Zugkontrolle ausgemacht. Veraltete Software sowie unsichere Passwörter seien dort "überall" zu finden. --------------------------------------------- http://heise.de/-3056484 *** DSA-3430 libxml2 - security update *** --------------------------------------------- Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an application using libxml2, would cause that application to use anexcessive amount of CPU, leak potentially sensitive information, orcrash the application. --------------------------------------------- https://www.debian.org/security/2015/dsa-3430 *** GIT git-remote-ext Helper URL Processing Lets Remote Users Execute Arbitrary Commands on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1034501 *** F5 Security Advisory: Apache vulnerability CVE-2010-0434 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/40/sol40284849.html?… *** EMC Secure Remote Services Virtual Edition Directory Traversal Flaw Lets Remote Authenticated Users View Files on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1034530 *** Cisco Jabber for Windows STARTTLS Downgrade Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Vuln: Dnsmasq CVE-2015-3294 Remote Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/74452 *** IDM 4.5 - 4.0.2 Midrange Driver Patch 4.0.2 *** --------------------------------------------- Abstract: Identity Manager Midrange: IBM i (i5/OS and OS/400) driver patch for the Identity Manager versions 4.0.2 or higher. Driver version will show i5os Driver Version 4.0.2 IDM 4.0.2 Build Date 20151207_1437IDM 4.5.x Build Date 201512071006 To see the version run I5OSDRV/I5OSDRV OPTION(*VERSION)Document ID: 5230811Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm45-402midrangepatch2.tar.gz (96.31 MB)Products:Identity Manager 4.0.2Identity Manager... --------------------------------------------- https://download.novell.com/Download?buildid=HsE3grsz-TU~ *** DFN-CERT-2015-1999: libvirt: Eine Schwachstelle ermöglicht die Manipulation von Dateien *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1999/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Websphere Liberty Profile (WLP) affect Power Management Console (CVE-2015-2017, CVE-2015-1927, CVE-2015-4938) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021040 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2015-7410) *** http://www.ibm.com/support/docview.wss?uid=swg21972676 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Linux-PAM affects PowerKVM (CVE-2015-3238) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022880 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in pam affect Power Management Console (CVE-2015-3238) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021041 --------------------------------------------- *** IBM Security Bulletin: A denial of service vulnerability affects IBM Sterling B2B Integrator (CVE-2014-0050) *** http://www.ibm.com/support/docview.wss?uid=swg21972944 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK including Logjam affect IBM PureApplication System. (CVE-2015-4000, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, and CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21973591 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931 and CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21973439 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM Integration Designer and WebSphere Integration Developer (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21972087 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-4962, CVE-2015-4946) *** http://www.ibm.com/support/docview.wss?uid=swg21973404 --------------------------------------------- *** IBM Security Bulletin: Malformed ECParameters causes infinite loop (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023038 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities affect AppScan Enterprise *** http://www.ibm.com/support/docview.wss?uid=swg21972830 --------------------------------------------- *** IBM Security Bulletin: Clickjack vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-1928) *** http://www.ibm.com/support/docview.wss?uid=swg21973200 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Content Manager Enterprise Edition (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21973416 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM Tivoli Storage Manager Client and IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, *** http://www.ibm.com/support/docview.wss?uid=swg21973383 --------------------------------------------- *** IBM Security Bulletin: Privilege escalation coverage gap in IBM SPSS Statistics (CVE-2015-7489) *** http://www.ibm.com/support/docview.wss?uid=swg21973502 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023034 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005474 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i. *** http://www.ibm.com/support/docview.wss?uid=nas8N1021047 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Monitoring clients (CVE-2015-2590 plus additional CVEs.) *** http://www.ibm.com/support/docview.wss?uid=swg21964027 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 23-12-2015
by Daily end-of-shift report 23 Dec '15

23 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 22-12-2015 18:00 − Mittwoch 23-12-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** 2015 Ransomware Wrap-Up *** --------------------------------------------- Heres a rundown of the innovative ransomware that frightened users and earned attackers big bucks this year. --------------------------------------------- http://www.darkreading.com/endpoint/2015-ransomware-wrap-up/d/d-id/1323424 *** 3-in-1 Malware Infection through Spammed JavaScript Attachments *** --------------------------------------------- Recently weve observed a massive uptick of malicious spam with JavaScript attachments with an intention to spread and infect Windows systems with variety of malicious executables. The spam usually contains a ZIP file attachment containing only one JavaScript file. The .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/3-in-1-Malware-Infectio… *** IT bloke: Crooks stole my bikes after cycling app blabbed my address *** --------------------------------------------- Brit suffers from GPS accuracy An IT manager in Manchester, England, says thieves stole his bikes after a smartphone cycling app pinpointed the location of his garage .. --------------------------------------------- www.theregister.co.uk/2015/12/22/it_manager_loses_bikes_after_cycling_app_p… *** Xen Project blunder blows own embargo with premature bug report *** --------------------------------------------- Malicious guest could eat your virtual rigs from the inside The Xen Project has reported a new bug, XSA-169, that means 'A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack.' .. --------------------------------------------- www.theregister.co.uk/2015/12/23/xen_blunder_blows_own_embargo_with_prematu… *** Expect Phishers to Up Their Game in 2016 *** --------------------------------------------- Expect phishers and other password thieves to up their game in 2016: Both Google and Yahoo! are taking steps to kill off the password as we know it.New authentication methods now offered by Yahoo! and to a beta group of Google users let customers log in just by supplying their email address, and then responding to a notification sent to their mobile device. --------------------------------------------- http://krebsonsecurity.com/2015/12/expect-phishers-to-up-their-game-in-2016 *** Why it's harder to forge a SHA-1 certificate than it is to find a SHA-1 collision *** --------------------------------------------- It's well known that SHA-1 is no longer considered a secure cryptographic hash function. Researchers now believe that finding a hash collision (two values that result in the same value when SHA-1 is applied) is inevitable and likely to happen in a matter of months. This poses a potential threat to trust on the web, as many websites use certificates that are digitally signed with algorithms that rely on SHA-1. Luckily for everyone, finding a hash collision is not enough to forge a digital --------------------------------------------- https://blog.cloudflare.com/why-its-harder-to-forge-a-sha-1-certificate-tha… *** Cyberangriffe auf türkische Internetserver *** --------------------------------------------- Unklare Hintergründe - Steckt Russland dahinter? Oder Anonymous? --------------------------------------------- http://derstandard.at/2000028013290 *** Hacker: Filmstars mit Problemen im Netz *** --------------------------------------------- Brandneue Spielfilme wie der jüngste Western von Quentin Tarantino sind im Internet aufgetaucht. Eine Reihe weiterer Stars hat ganz andere Probleme: Ein Hacker ist an Sexvideos und persönliche Daten von ihnen gelangt - er wurde allerdings nun verhaftet. --------------------------------------------- http://www.golem.de/news/hacker-filmstars-mit-problemen-im-netz-1512-118179… *** How a security director used a rootkit to rig the lottery and steal millions of dollars *** --------------------------------------------- Not too long ago, Eddie Tipton was convicted of hacking into the Multi-State Lottery Association's computer system in order to rig a nearly $17 million jackpot in Iowa. Now comes word that an investigation into Tipton's hacking activities is expanding to include a number of other states. Thus far, lottery officials from Colorado, Wisconsin and Oklahoma have indicated that Tipton may have also gamed lottery jackpots in their respective states. --------------------------------------------- https://bgr.com/2015/12/23/lottery-hacker-rootkit-stolen-numbers-investigat… *** Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for NTP daemon vulnerabilities in the Siemens RUGGEDCOM ROX-based devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01 Aufgrund der Weihnachtsfeiertage erscheint der nächste End-of-Shift Report erst am 28.12.2015.

1 0

Tageszusammenfassung - Dienstag 22-12-2015
by Daily end-of-shift report 22 Dec '15

22 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 21-12-2015 18:00 − Dienstag 22-12-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** IBM Security Bulletin: Blind SQL injection vulnerability in IBM OpenPages GRC Platform API (CVE-2015-5049) *** --------------------------------------------- A blind SQL injection vulnerability has been found in the OpenPages GRC Platform API that could allow retrival or manipulation of information in the database. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970590 *** Cisco IOS XE Software Packet Processing Denial of Service Vulnerability *** --------------------------------------------- The vulnerability is due to incorrect processing of packets that have a source MAC address of 0000:0000:0000. An attacker could exploit this vulnerability by sending a frame that has a source MAC address of all zeros to an affected device. A successful exploit could allow the attacker to cause the device to reload. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** [20151207] - Core - SQL Injection *** --------------------------------------------- Inadequate filtering of request data leads to a SQL Injection vulnerability. --------------------------------------------- https://developer.joomla.org/security-centre/640-20151207-core-sql-injectio… *** [20151206] - Core - Session Hardening *** --------------------------------------------- The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). This fixes the bug across all supported PHP versions. --------------------------------------------- https://developer.joomla.org/security-centre/639-20151206-core-session-hard… *** First Exploit Attempts For Juniper Backdoor Against Honeypot *** --------------------------------------------- We are detecting numerous login attempts against our ssh honeypots using the ScreenOSbackdoor password. Our honeypot doesnt emulate ScreenOS beyond the login banner, so we do not know what the attackers are up to, but some of the attacks appear to be manual in that we do see the attacker trying different .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20525 *** Protecting Your Sites from Apache.Commons Vulnerabilities *** --------------------------------------------- A few weeks ago, FoxGlove Security released this important blog post that includes several Proof-of-Concepts for exploiting Java unserialize vulnerabilities. A remote attacker can gain Remote Code Execution by sending specially crafted payload to any endpoint expecting a serialized .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Protecting-Your-Sites-f… *** Oracle muss Java-Updates nachbessern *** --------------------------------------------- Alte Java-Versionen müssen restlos von Computern verschwinden. Dafür muss Oracle sorgen. --------------------------------------------- http://heise.de/-3052761 *** Shopshifting: Sicherheitsforscher decken Lücken im elektronischen Zahlungsverkehr auf *** --------------------------------------------- Bezahl-Terminals sprechen übers Netz mit ihrer Kasse und dem Bezahldienstleister. Beide Kommunikationskanäle weisen Schwächen auf, die ein Angreifer nutzen kann, um Kunden oder Ladeninhaber auszuplündern. --------------------------------------------- http://heise.de/-3052165 *** rt-sa-2015-013 *** --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2015-013.txt *** Juniper backdoors *** --------------------------------------------- Juniper hat in einem Advisory (hier unsere unsere Warnung dazu) der Welt gesagt, dass sie bei einem Code-Audit zwei Hintertüren in ScreenOS gefunden haben.Die eine ist eine technisch ziemlich triviale Sache: ein konstantes Passwort erlaubt den Login per ssh oder telnet. Angeblich hat es nur 6 Stunden gebraucht, um dieses .. --------------------------------------------- http://www.cert.at/services/blog/20151222153859-1646.html *** IBM Security Bulletin: Multiple XSS Vulnerabilities in IBM UrbanCode Deploy (CVE-2015-7415) *** --------------------------------------------- IBM UrbanCode Deploy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker .. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970811 *** Bericht: Hacker haben Teile des US-Stromnetzes infiltriert *** --------------------------------------------- In rund zwölf Fällen sollen Cyberangriffe auf Kontrollzentren von Energieversorgern in den USA während der vergangenen zehn Jahre erfolgreich gewesen sein. Der Hack des Anbieters Calpine ging wohl vom Iran aus. --------------------------------------------- http://heise.de/-3054887 *** Call for Papers: VB2016 Prague *** --------------------------------------------- VB seeks submissions for the 26th Virus Bulletin Conference.Virus Bulletin is seeking submissions from those wishing to present papers at VB2016, which will take place 5 to 7 October 2016 at the Hyatt Regency Denver Hotel in Denver, Colorado, USA.Originally started as an annual gathering of anti-virus experts, the .. --------------------------------------------- http://www.virusbtn.com/blog/2015/12_22.xml

1 0

Tageszusammenfassung - Montag 21-12-2015
by Daily end-of-shift report 21 Dec '15

21 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 18-12-2015 18:00 − Montag 21-12-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Update für Crimeware Kit Microsoft Word Intruder *** --------------------------------------------- Über Sicherheitslücken in Microsoft Word kann ein Dateianhang schon beim Öffnen Windows-Systeme infizieren. Der Autor des im Untergrund beliebten Crimeware Kits MWI legt jetzt mit neuen Exploits nach. --------------------------------------------- http://heise.de/-3049547 *** VMSA-2015-0009 *** --------------------------------------------- VMware product updates address a critical deserialization vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2015-0009.html *** VMSA-2015-0003.15 *** --------------------------------------------- VMware product updates address critical information disclosure issue in JRE --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2015-0003.html *** Avira Registry Cleaner DLL Hijacking *** --------------------------------------------- avira_registry_cleaner_en.exe, available from <https://www.avira.com/en/download/product/avira-registry-cleaner> to clean up remnants the uninstallers of their snakeoil products fail to remove, is vulnerable: it loads and executes WTSAPI32.dll, UXTheme.dll and RichEd20.dll from its application directory (tested and verified under Windows XP SP3 and Windows 7 SP1). --------------------------------------------- https://cxsecurity.com/issue/WLB-2015120223 *** PUPs Masquerade as Installer for Antivirus and Anti-Adware *** --------------------------------------------- If youre looking for download sites of programs you wish to install onto your machine or simply try out, you, dear Reader, would be better off dropping by their official websites. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/12/pups-masquerade-as-in… *** Joomla 0-Day Exploited In the Wild (CVE-2015-8562) *** --------------------------------------------- A recent new 0-day in Joomla discovered by Sucuri (Sucuri Blog) has drawn a lot of attention from the Joomla community, as well as attackers. Using knowledge gained from our recent research on Joomla (CVE-2015-7857, SpiderLabs Blog Post) and information .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-0-Day-Exploited-… *** Google Chrome: Abschied von SHA-1-siginierten SSL-Zertifikaten *** --------------------------------------------- Ab Anfang nächsten Jahres wird Google Chrome keine neu ausgestellten SHA-1-signierten SSL-Zertifikate von öffentlichen CAs mehr akzeptieren. SHA-1 gilt seit zehn Jahren als unsicher, wird aber immer noch von HTTPS-Sites verwendet. --------------------------------------------- http://heise.de/-3049749 *** The EPS Awakens - Part 2 *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-t… *** Facebook hammers another nail into Flashs coffin *** --------------------------------------------- The Social NetworkTM bins Adobes malware-magnet for video, adopts HTML5 Facebook has hammered puts another nail in to the coffin of Adobe Flash, by switching from the bug-ridden plug-in to HTML5 for all videos on the site. --------------------------------------------- www.theregister.co.uk/2015/12/21/facebook_dumps_flash_for_video/ *** Hello Kitty: Kinderdaten ungeschützt im Netz *** --------------------------------------------- Eine MongoDB-Datenbank mit den privaten Informationen zahlreicher Hello-Kitty-Fans wurde veröffentlicht. Vor allem Kinder dürften davon betroffen sein - und sollten ihre Passwörter bei anderen Diensten überprüfen. --------------------------------------------- http://www.golem.de/news/security-hello-kitty-gehackt-1512-118123.html *** XXX is Angler EK *** --------------------------------------------- http://malware.dontneedcoffee.com/2015/12/xxx-is-angler-ek.html *** Schnüffelcode in Juniper-Netzgeräten: Weitere Erkenntnisse und Spekulationen *** --------------------------------------------- Die Analysen der ScreenOS-Updates fördern vogelwilde Dinge zu Tage. So gab es zwei unabhängige Hintertüren. Die SSH-Backdoor kann dank des veröffentlichten Passworts jeder ausnutzen; die komplexere VPN-Lücke beruht wohl auf einer bekannten NSA-Backdoor. --------------------------------------------- http://heise.de/-3051260 *** The many attacks on Zengge WiFi lightbulbs *** --------------------------------------------- In August I decided to check out the cool new Internet Of Things. I bought a WiFi-enabled colorful LED lightbulb. It was a cheap Chinese one that costs almost nothing on Alibaba, but I paid probably around $50 on Amazon. It's built by a company called Zengge. It turned out that my new lightbulb was a router, an HTTP server, an HTTP proxy, and a lot more. --------------------------------------------- http://blog.viktorstanchev.com/2015/12/20/the-many-attacks-on-zengge-wifi-l…

1 0

Tageszusammenfassung - Freitag 18-12-2015
by Daily end-of-shift report 18 Dec '15

18 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 17-12-2015 18:00 − Freitag 18-12-2015 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** JSA10713 - 2015-12 Out of Cycle Security Bulletin: ScreenOS: Multiple Security issues with ScreenOS (CVE-2015-7755) *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10713 *** JSA10712 - 2015-12 Out of Cycle Security Bulletin: ScreenOS: Crafted SSH negotiation may trigger system crash (CVE-2015-7754) *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10712 *** Cisco Model DPQ3925 Wireless Residential Gateway Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Schneider Electric Modicon M340 Buffer Overflow Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a buffer overflow vulnerability in Schneider Electric's Modicon M340 PLC product line. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01 *** Motorola MOSCAD SCADA IP Gateway Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for Remote File Inclusion and Cross-Site Request Forgery vulnerabilities in Motorola Solutions MOSCAD IP Gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-02 *** eWON Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for several vulnerabilities in the eWON sa industrial router. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03 *** Microsoft will stop trusting certificates from 20 Certificate Authorities *** --------------------------------------------- Starting on January 2016, Microsofts Trusted Root Certificate Program will no longer include twenty currently trusted CAs and will remove their root certificates removed from the Trusted .. --------------------------------------------- http://www.net-security.org/secworld.php?id=19252 *** Docker and Enterprise Security: Establishing Best Practices *** --------------------------------------------- Virtualization containers, with their extraordinarily efficient hardware utilization, can be like a dream come true for development teams. While containerization will probably .. --------------------------------------------- http://resources.infosecinstitute.com/docker-and-enterprise-security-establ… *** IBM Security Bulletins *** --------------------------------------------- *** Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2015-1947) *** http://www.ibm.com/support/docview.wss?uid=swg21967131 --------------------------------------------- *** IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050 and 5710 are affected by multiple vulnerabilities in OpenSSL *** http://www.ibm.com/support/docview.wss?uid=swg21971298 --------------------------------------------- *** Multiple vulnerabilities in current releases of IBM SDK for Node.js in IBM Bluemix *** http://www.ibm.com/support/docview.wss?uid=swg21973447 --------------------------------------------- *** Multiple Security Vulnerabilities affect IBM Security Privileged Identity Manager Virtual Appliance *** http://www.ibm.com/support/docview.wss?uid=swg21972496 --------------------------------------------- *** Multiple vulnerabilities in IBM Java SDK affect Rational Functional Tester (CVE-2015-4872, CVE-2015-4734, CVE-2015-5006) *** http://www.ibm.com/support/docview.wss?uid=swg21972844 --------------------------------------------- *** A vulnerability in lighttpd affects IBM Security Virtual Server Protection for VMware (CVE-2015-3200) *** http://www.ibm.com/support/docview.wss?uid=swg21973291 --------------------------------------------- *** IBM Multiple vulnerabilities in IBM Java SDK affect IBM API Management *** http://www.ibm.com/support/docview.wss?uid=swg21972828 --------------------------------------------- *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer that could, in certain configurations, allow a malicious administrator of a guest VM to compromise the host or obtain potentially sensitive information from other guest VMs. In addition, a vulnerability has been identified that would allow certain applications running on a guest to cause that guest to crash. --------------------------------------------- https://support.citrix.com/article/CTX203879 *** Vuln: Microsoft Windows Environment Variable Expansion in PATH Security Bypass Weakness *** --------------------------------------------- http://www.securityfocus.com/bid/44484 *** Cisco IOS and IOS XE Software IKEv1 State Machine Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** SSA-472334 (Last Update 2015-12-18): NTP Vulnerabilities in RUGGEDCOM ROX-based Devices *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-472334… *** SSA-396873 (Last Update 2015-12-18): TLS Vulnerability in Ruggedcom ROS- and ROX-based Devices *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-396873… *** iOS banking apps security still not good enough, says researcher *** --------------------------------------------- Repeat test throws up improved results from 2013 but problems remain The security of mobile banking apps has improved over the .. --------------------------------------------- www.theregister.co.uk/2015/12/18/ios_banking_app_audit/

1 0

Tageszusammenfassung - Donnerstag 17-12-2015
by Daily end-of-shift report 17 Dec '15

17 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-12-2015 18:00 − Donnerstag 17-12-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Press Backspace 28 times to own unlucky Grub-by Linux boxes *** --------------------------------------------- Integer underflow fault means you can get into rescue mode and rummage around A pair of researchers from the University of Valencias Cybersecurity research group have found that if you press backspace 28 times, its possible to bypass authentication during boot-up on some Linux machines. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/12/17/press_backs… *** Checklist - How to Secure Your WordPress Website *** --------------------------------------------- We know that you care about what you build and protecting it is incredibly important. Hacks happen, and it's your job to reduce their likelihood to the lowest probability possible. We built this checklist of best practices to help you harden your website and protect you and your users from hacks. --------------------------------------------- https://www.wordfence.com/learn/checklist-how-to-secure-your-wordpress-webs… *** Privileged Access Workstations *** --------------------------------------------- Privileged Access Workstations (PAWs) provide a dedicated operating system for sensitive tasks that is protected from Internet attacks and threat vectors. Separating these sensitive tasks and accounts from the daily use workstations and devices provides very strong protection from phishing attacks, application and OS vulnerabilities, various impersonation attacks, and credential theft attacks such as keystroke logging, Pass-the-Hash, and Pass-The-Ticket. --------------------------------------------- https://technet.microsoft.com/en-US/library/mt634654.aspx *** F-Secure: Sandboxed Execution Environment *** --------------------------------------------- Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors (Qemu, VirtualBox, LXC) can be employed to run the Test Environments. Plugins can be added to a Test Environment which provides an Event mechanism synchronisation for their interaction. Users can enable and configure the plugins through a JSON configuration file. --------------------------------------------- https://github.com/F-Secure/see *** How do you know if your smartphone has been compromised? *** --------------------------------------------- Signs that may indicate a mobile infection: Has your phone been compromised? #1: You notice the system or apps behaving strangely #2: Your call or message history includes some unknown entries ... --------------------------------------------- http://www.welivesecurity.com/2015/12/16/know-smartphone-compromised/ *** XSS, SQLi bugs found in several Network Management Systems *** --------------------------------------------- Network Management System (NMS) offerings by Spiceworks, Ipswitch, Opsview and Castle Rock Computing have been found sporting several cross-site scripting and SQL injection flaws that could be exploit... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/hQ6oQHF5luA/secworld.php *** POS Malware Families: An insight into the Behavior of POS Malware *** --------------------------------------------- In a previous blog, we discussed why Point of Sale (POS) devices remain such an attractive target and described some different attack methods. As you can see from the infographic below, retail and POS have been (pardon the pun) "Targets" on an ongoing basis for the past few years, and the trend doesn't appear to be reversing, even with technologies such as EMV and P2PE. In this blog, we describe some of the different families of POS malware. POS Malware Common Features... --------------------------------------------- https://feeds.feedblitz.com/~/128665939/0/alienvault-blogs~POS-Malware-Fami… *** Xen Security Advisories *** --------------------------------------------- XSA-155 - paravirtualized drivers incautious about shared memory contents http://xenbits.xen.org/xsa/advisory-155.html --------------------------------------------- XSA-157 - Linux pciback missing sanity checks leading to crash http://xenbits.xen.org/xsa/advisory-157.html --------------------------------------------- XSA-164 - qemu-dm buffer overrun in MSI-X handling http://xenbits.xen.org/xsa/advisory-164.html --------------------------------------------- XSA-165 - information leak in legacy x86 FPU/XMM initialization http://xenbits.xen.org/xsa/advisory-165.html --------------------------------------------- XSA-166 - ioreq handling possibly susceptible to multiple read issue http://xenbits.xen.org/xsa/advisory-166.html --------------------------------------------- *** DFN-CERT-2015-1948: Samba: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1948/ *** Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security Advisory: BIND vulnerability CVE-2015-8000 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/34/sol34250741.html?… *** Multiple SQL Injection Vulnerabilities in Citrix Command Center Web User Interface Java Servlets *** --------------------------------------------- A number of SQL Injection vulnerabilities have been identified in the Administration Web UI servlets used by Citrix Command Center. These vulnerabilities, if exploited, could allow an authenticated user to insert malicious SQL queries into the application, potentially causing the alteration or deletion of system data. --------------------------------------------- http://support.citrix.com/article/CTX203787 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM API Management (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21965259 --------------------------------------------- *** IBM Security Bulletin: Fix available for Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2015-7447) *** http://www.ibm.com/support/docview.wss?uid=swg21973152 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Content Manager Services for Lotus Quickr (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21973096 --------------------------------------------- *** IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by privilege escalation vulnerability (CVE-2015-7429) *** http://www.ibm.com/support/docview.wss?uid=swg21973087 --------------------------------------------- *** IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by unauthorized access vulnerability (CVE-2015-7420) *** http://www.ibm.com/support/docview.wss?uid=swg21973086 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) - IBM Java SDK updates October 2015 *** http://www.ibm.com/support/docview.wss?uid=swg21973355 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (IHS) affect IBM Security SiteProtector System (CVE-2015-1283, CVE-2015-3183 and CVE-2015-4947) *** http://www.ibm.com/support/docview.wss?uid=swg21972470 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Content Collector for SAP Applications (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21973147 --------------------------------------------- *** IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Cinder information disclosure vulneraility (CVE-2015-1851) *** http://www.ibm.com/support/docview.wss?uid=nas8N1020980 --------------------------------------------- *** IBM Security Bulletin: Infosphere BigInsights is affected by a vulnerability in DB2 that allows users to truncate any table even though the owner of the table has not granted any privilege to any user/role/group (CVE-2015-5020) *** http://www.ibm.com/support/docview.wss?uid=swg21967923 --------------------------------------------- *** IBM Security Bulletin: Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21970400 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Commons affects OpenPages GRC Platform with Application Server (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972345 --------------------------------------------- *** IBM Security Bulletin: IBM Curam Social Program Management is Vulnerable to Reflected Cross-Site Scripting (CVE-2015-7402) *** http://www.ibm.com/support/docview.wss?uid=swg21970661 --------------------------------------------- *** ZDI-15-641: Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/LfsseiLCccs/ *** ZDI-15-643: Foxit Reader Will Print Action Use-After-Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/28dKwkM6_5M/ *** ZDI-15-642: Foxit Reader Will Save Document Action Use-After-Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/uY-c98zZjQI/ *** ZDI-15-644: Foxit Reader FlateDecode Heap Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/s3waojIPu0E/

1 0

Tageszusammenfassung - Mittwoch 16-12-2015
by Daily end-of-shift report 16 Dec '15

16 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 15-12-2015 18:00 − Mittwoch 16-12-2015 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** IBM Security Bulletin *** --------------------------------------------- *** Multiple vulnerabilities in IBM Java SDK affect IBM Rational Connector for SAP Solution Manager *** http://www.ibm.com/support/docview.wss?uid=swg21967447 --------------------------------------------- *** IBM Security Bulletin: Security Vulnerability in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Configuration Manager *** http://www.ibm.com/support/docview.wss?uid=swg21972884 --------------------------------------------- *** IBM Security Bulletin: Openstack Cinder and Horizon vulnerabilities affect IBM Cloud Manager with OpenStack *** http://www.ibm.com/support/docview.wss?uid=isg3T1023146 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to path traversal attack. *** http://www.ibm.com/support/docview.wss?uid=swg21967647 --------------------------------------------- *** IBM Security Bulletin: A security vulnerability exist in the IBM SDK, Java Technology Edition provided with WebSphere DataPower XC10 Appliance *** http://www.ibm.com/support/docview.wss?uid=swg21972660 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Stored cross-site scripting. *** http://www.ibm.com/support/docview.wss?uid=swg21973175 --------------------------------------------- *** FireEye Exploitation: Project Zero's Vulnerability of the Beast *** --------------------------------------------- FireEye sell security appliances to enterprise and government customers. FireEye's flagship products are monitoring devices designed to be installed at egress points of large networks, i.e. where traffic flows from the intranet to the internet.To give a .. --------------------------------------------- http://googleprojectzero.blogspot.com/2015/12/fireeye-exploitation-project-… *** Security Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos *** --------------------------------------------- And now for something completely different.">Python">Subtitle: Captain Obvious Applies Chaos Theory Introduction This diary breaks a bit from our expected norms todiscussmanaging possible outcomes originating froma data breach .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20495 *** Security Advisory: Multiple MySQL vulnerabilities *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59010802.html?… *** VB2015 video: Making a dent in Russian mobile banking phishing *** --------------------------------------------- Sebastian Porst explains what Google has done to protect users from phishing apps targeting Russian banks.In the last few years, mobile malware has evolved from a mostly theoretical threat to a very serious one that affects many users. Indeed, several talks at VB2015 dealt with various aspects of mobile .. --------------------------------------------- http://www.virusbtn.com/blog/2015/12_16.xml *** Adcon Telemetry A840 Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for vulnerabilities in Adcon Telemetry's A840 Telemetry Gateway Base Station. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-349-01 *** Advantech EKI Vulnerabilities (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-15-344-01 Advantech EKI Vulnerabilities that was published December 10, 2015, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01 *** Sicherheitspaket UTM von Sophos löchrig *** --------------------------------------------- Das Unified-Threat-Management-Paket von Sophos ist bedroht und einem Sicherheitsforscher zufolge können Angreifer etwa die Firewall deaktivieren. Die Lücken sollen bereits gefixt sein; Patches sind aber noch nicht verfügbar. --------------------------------------------- http://heise.de/-3044717 *** DFN-CERT-2015-1937/">ISC BIND9: Zwei Schwachstellen ermöglichen einen Denial-of-Service-Angriff *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1937/ *** Driving an industry towards secure code *** --------------------------------------------- The German government made an unprecedented move this week by issuing requirements for all new vehicles' software to be made accessible to country regulators to ensure that emissions loopholes aren't ... --------------------------------------------- http://www.net-security.org/article.php?id=2431 *** Playing With Sandboxes Like a Boss *** --------------------------------------------- Last week, Guy wrote a nice diary to explain how to easily deploy IRMA to analyze suspicious files. Having a good tool to work on files locally is always interesting for multiple reasons. You are doing some independent research, you .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20501 *** Attacking WPA2 Enterprise *** --------------------------------------------- The widespread use of mobile and portable devices in the enterprise environment requires a proper implementation of the wireless network infrastructure to provide them connectivity and ensure the business functionality. WPA-Enterprise is .. --------------------------------------------- http://resources.infosecinstitute.com/attacking-wpa2-enterprise/ *** Open Source Network Security Tools for Newbies *** --------------------------------------------- With so many open source tools available to help with network security, it can be tricky to figure out where to start, especially if you are an IT generalist who has been tasked with security. We all have to start somewhere. The question is, where? The sheer number of open source tools available can make .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/open-source-network-se… *** [HTB23282]: RCE in Zen Cart via Arbitrary File Inclusion *** --------------------------------------------- High-Tech Bridge Security Research Lab discovered critical vulnerability in a popular e-commerce software Zen Cart, which can be exploited by remote non-authenticated attackers to compromise vulnerable system. A remote .. --------------------------------------------- https://www.htbridge.com/advisory/HTB23282 *** Crimeware / APT Malware Masquerade as Santa Claus and Christmas Apps *** --------------------------------------------- CloudSek was monitoring an underground hacking team, that was selling a Desktop malware in various underground forums. The desktop malware is specifically designed for jumping air-gapped systems , and given the type of documents the attackers are seeking , it was collecting classified data from software companies and government organisations. --------------------------------------------- https://www.cloudsek.com/announcements/blog/apt-malware-masquerade-as-chris…

1 0

Tageszusammenfassung - Dienstag 15-12-2015
by Daily end-of-shift report 15 Dec '15

15 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 14-12-2015 18:00 − Dienstag 15-12-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** 13 million MacKeeper users exposed after MongoDB door was left open *** --------------------------------------------- Expect more breaches in the future as 35,000 MongoDB installs are misconfigured. --------------------------------------------- http://arstechnica.com/security/2015/12/13-million-mackeeper-users-exposed-… *** Hack: Esa-Nutzer haben kurze Passwörter *** --------------------------------------------- Zahlreiche interne Datensätze der Europäischen Raumfahrtagentur Esa sind gehackt worden und jetzt im Internet einsehbar. Offenbar benutzen viele der Esa-Nutzer kurze und unsichere Passwörter. --------------------------------------------- http://www.golem.de/news/rocket-science-esa-nutzer-haben-kurze-passwoerter-… *** Vulnerability Details: Joomla! Remote Code Execution *** --------------------------------------------- The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected pretty much all versions of the platform up to 3.4.5. As soon as the patch was released, we were able to start our investigation and found that it was alreadyRead More The post Vulnerability Details: Joomla! Remote Code Execution appeared first on Sucuri Blog. --------------------------------------------- https://blog.sucuri.net/2015/12/joomla-remote-code-execution-the-details.ht… *** 4 Things to Consider When Assessing Device Posture for Effective Network Access Control *** --------------------------------------------- Guest blogger Benny Czarny explains one of the main reasons to have a NAC system in place is to keep risky devices from connecting to your organization's network. Unfortunately, simply purchasing a NAC solution is not going to guarantee your protection.Categories: Online SecurityTags: Anti-Malwareanti-virusencryptionendpointvulnerability(Read more...) --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/12/4-things-to-consider-… *** Protecting Windows Networks - Kerberos Attacks *** --------------------------------------------- MEDIA NOTE: This is not a new flaw, just a good write-up! I don't know why media reporting this as a new flaw. | Kerberos is an authentication protocol that is used by default in Windows networks and provide mutual authentication and authorization for clients and servers. It does not require you to send a password or a hash on the wire, it is instead rely on a trusted third party for handling all the details. | Although, it is considered a secure protocol, it has some flaws in Windows... --------------------------------------------- http://dfir-blog.com/2015/12/13/protecting-windows-networks-kerberos-attack… *** Kaspersky Security Bulletin 2015. Overall statistics for 2015 *** --------------------------------------------- In 2015, virus writers demonstrated a particular interest in exploits for Adobe Flash Player. The proportion of relatively simple programs used in mass attacks was growing. Attackers have mastered non-Windows platforms - Android and Linux: almost all types of malicious programs are created and used for these platforms. --------------------------------------------- http://securelist.com/analysis/kaspersky-security-bulletin/73038/kaspersky-… *** Oil and Gas Cyber Security - Interview *** --------------------------------------------- In the recent presentation at BlackHat, you mentioned that oil and gas is one of the industries most plagued by cyber-attacks. What makes oil and gas an attractive target? It's a juicy target for Cyberattacks as oil and gas companies are responsible for a great part of some countries' economies. Any interference in their work... --------------------------------------------- http://resources.infosecinstitute.com/oil-and-gas-cyber-security-interview/ *** Android.ZBot banking Trojan uses "web injections" to steal confidential data *** --------------------------------------------- December 15, 2015 The Trojans designed to steal money from bank accounts pose a serious threat to Android users. The Android.ZBot Trojan is one of these malicious programs. Its different modifications target mobile devices of Russian users from February 2015. This Trojan is interesting due to its ability to steal logins, passwords, and other confidential data by displaying fraudulent authentication forms on top of any applications. The appearance of such forms is generated on --------------------------------------------- http://news.drweb.com/show/?i=9754&lng=en&c=9 *** Security Afterworks: Wie man TLS-Hipster wird & Best of CCC *** --------------------------------------------- January 21, 2016 - 5:00 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien --------------------------------------------- https://www.sba-research.org/events/security-afterworks-wie-man-tls-hipster… *** ZDI-15-639: (0Day) Microsoft Office Excel Binary Worksheet Use-After-Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-639/ *** ZDI-15-638: (0Day) Apache TomEE Deserialization of Untrusted Data Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache TomEE. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-638/ *** Security Advisory: RSA-CRT key leak vulnerability CVE-2015-5738 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/91/sol91245485.html?… *** Cisco Unified Communications Manager Web Management Interface Cross-Site Scripting Filter Bypass Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IOS XE Software IPv6 Neighbor Discovery Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security Notice - Statement on NTP.org and CERT/CC Revealing Security Vulnerabilities in NTPd *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** TYPO3 CMS 6.2.16 and 7.6.1 released *** --------------------------------------------- The TYPO3 Community announces the versions 6.2.16 LTS and 7.6.1 LTS of the TYPO3 Enterprise Content Management System. Both versions are maintenance releases and contain bug and security fixes. In case the extension mediace is used, please make sure to upgrade to version 7.6.1. --------------------------------------------- http://www.typo3.org/news/article/typo3-cms-6216-and-761-released/ --------------------------------------------- *** Cross-Site Scripting in TYPO3 component Indexed Search *** http://www.typo3.org/news/article/cross-site-scripting-in-typo3-component-i… --------------------------------------------- *** TYPO3 is susceptible to Cross-Site Flashing *** http://www.typo3.org/news/article/typo3-is-susceptible-to-cross-site-flashi… --------------------------------------------- *** Multiple Cross-Site Scripting vulnerabilities in frontend *** http://www.typo3.org/news/article/multiple-cross-site-scripting-vulnerabili… --------------------------------------------- *** Cross-Site Scripting vulnerability in typolinks *** http://www.typo3.org/news/article/cross-site-scripting-vulnerability-in-typ… --------------------------------------------- *** Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend *** http://www.typo3.org/news/article/multiple-cross-site-scripting-vulnerabili… --------------------------------------------- *** Cross-Site Scripting in TYPO3 component Extension Manager *** http://www.typo3.org/news/article/cross-site-scripting-in-typo3-component-e… ---------------------------------------------

1 0

Tageszusammenfassung - Montag 14-12-2015
by Daily end-of-shift report 14 Dec '15

14 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 11-12-2015 18:00 − Montag 14-12-2015 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** IBM Security Bulletin *** --------------------------------------------- *** Vulnerability in Apache Commons affects WebSphere Message Broker and IBM Integration Bus (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972391 --------------------------------------------- ***Vulnerability in Apache Commons affects Tivoli Network Manager Transmission Edition (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971891 --------------------------------------------- ***Vulnerability in Apache Commons affects Rational Developer for System z (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971643 --------------------------------------------- ***Vulnerability in the IBM Installation Manager script (CVE-2015-7442) *** http://www.ibm.com/support/docview.wss?uid=swg21971295 --------------------------------------------- ***Vulnerability in Apache Commons affects Rational Software Architect, Rational Software Architect for WebSphere Software and Rational Software Architect RealTime (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972753 --------------------------------------------- ***Vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) *** http://www.ibm.com/support/docview.wss?uid=swg21972951 --------------------------------------------- ***A security vulnerability has been identified in IBM Maximo Asset Management which could allow an attacker to obtain sensitive information via REST API (CVE-2015-7452) *** http://www.ibm.com/support/docview.wss?uid=swg21972463 --------------------------------------------- ***IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2015-7451) *** http://www.ibm.com/support/docview.wss?uid=swg21972423 --------------------------------------------- ***IBM Security Network Intrusion Prevention System is affected by krb5 vulnerabilities (CVE-2014-4341, CVE-2013-1418 ) *** http://www.ibm.com/support/docview.wss?uid=swg21970321 --------------------------------------------- ***A vulnerability in OpenSSH affects IBM Security Network Intrusion Prevention System (CVE-2015-5600) *** http://www.ibm.com/support/docview.wss?uid=swg21969673 --------------------------------------------- ***A vulnerability in net-snmp affects IBM Security Network Intrusion Prevention System (CVE-2014-3565) *** http://www.ibm.com/support/docview.wss?uid=swg21972208 --------------------------------------------- ***Vulnerabilities in curl affect IBM Security Network Intrusion Prevention System *** http://www.ibm.com/support/docview.wss?uid=swg21968978 --------------------------------------------- ***A security vulnerability has been identified in IBM Rational ClearQuest (CVE-2015-4996) *** http://www.ibm.com/support/docview.wss?uid=swg21972331 --------------------------------------------- ***Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Provisioning Manager (CVE-2015-2601, CVE-2015-1931, CVE-2015-2625) *** http://www.ibm.com/support/docview.wss?uid=swg21972941 --------------------------------------------- ***Vulnerabilities in OpenSSL affect IBM Cognos Planning(CVE-2015-1789, CVE-2015-1790, CVE-2015-1792) *** http://www.ibm.com/support/docview.wss?uid=swg21971729 --------------------------------------------- *** Website Malware - Evolution of Pseudo Darkleech *** --------------------------------------------- Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and coordinates, iframes with No-IP host names, and random dimensions where the .. --------------------------------------------- https://blog.sucuri.net/2015/12/evolution-of-pseudo-darkleech.html *** iTunes 12.3.2 *** --------------------------------------------- https://support.apple.com/kb/HT205636 *** Security Advisory: Apache Groovy vulnerability CVE-2015-3253 *** --------------------------------------------- The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. (CVE-2015-3253) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/49/sol49233165.html *** Security Update 2015-006 Yosemite *** --------------------------------------------- https://support.apple.com/kb/HT205653 *** OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks *** --------------------------------------------- https://support.apple.com/kb/HT205637 *** OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks *** --------------------------------------------- https://support.apple.com/kb/HT205375 *** What Signs Are You Missing? *** --------------------------------------------- While recently listening to a presentation, I found my attention drawn to a metal water container at the center of the conference room table. Condensation was all around it and without ever having to interact with the container, I found .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20481 *** Google Bans Symantec Root Certificates *** --------------------------------------------- An anonymous reader writes: After in September Google discovered SSL certificates issued in its name by Symantec, and after in October the company discovered over 2,500 .. --------------------------------------------- http://tech.slashdot.org/story/15/12/12/2255212/google-bans-symantec-root-c… *** DSA-3416 libphp-phpmailer - security update *** --------------------------------------------- Takeshi Terada discovered a vulnerability in PHPMailer, a PHP library foremail transfer, used by many CMSs. The library accepted email addressesand SMTP commands containing line breaks, which can be abused by anattacker to inject messages. --------------------------------------------- https://www.debian.org/security/2015/dsa-3416 *** Memory-resident modular malware menaces moneymen *** --------------------------------------------- Latentbot avoids your HDD - and its been off the radar for two years A stealthy strain of malware resident only in memory has been quietly pwning victims around the world for two years. --------------------------------------------- www.theregister.co.uk/2015/12/14/latentbot_memory_resident_malware/ *** Lenovo/CSR: Bluetooth-Treiber installiert Root-Zertifikat *** --------------------------------------------- Ein Bluetooth-Treiber für Chips der Firma CSR installiert zwei Root-Zertifikate, mit denen der Besitzer des privaten Schlüssels HTTPS-Verbindungen angreifen könnte. Offenbar handelt es sich um Testzertifikate zur Treibersignierung während der Entwicklung. --------------------------------------------- http://www.golem.de/news/lenovo-csr-bluetooth-treiber-installiert-root-zert… *** Inside the German cybercriminal underground *** --------------------------------------------- Trend Micro investigated on German crime forums and concluded that Germany possesses the most advanced cybercrime ecosystem in the European Union. We have reported several times the news related to various criminal cybercriminal .. --------------------------------------------- http://securityaffairs.co/wordpress/42802/cyber-crime/german-cybercriminal-… *** [20151214] - Core - Remote Code Execution Vulnerability *** --------------------------------------------- Browser information are not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability. --------------------------------------------- https://developer.joomla.org/security-centre/630-20151214-core-remote-code-… *** [20151214] - Core - CSRF Hardening *** --------------------------------------------- Add additional CSRF hardening in com_templates. --------------------------------------------- https://developer.joomla.org/security-centre/633-20151214-core-csrf-hardeni… *** [20151214] - Core - Directory Traversal *** --------------------------------------------- Fails to properly sanitise input data from the XML install file located within the package archive. --------------------------------------------- https://developer.joomla.org/security-centre/634-20151214-core-directory-tr… *** Bugtraq: ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS *** --------------------------------------------- http://www.securityfocus.com/archive/1/537111 *** Bugtraq: [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/537109 *** Sicherheitsforscher: Datenleck bei Mackeeper erlaubt freien Zugriff auf Nutzerdaten *** --------------------------------------------- Die Datenbank der umstrittetenen Mac-Software Mackeeper sei frei zugänglich, erklärt ein Sicherheitsforscher. Er habe 13 Millionen Datensätze mit Nutzerinformationen ungehindert heruntergeladen. --------------------------------------------- http://heise.de/-3043720

1 0

Tageszusammenfassung - Freitag 11-12-2015
by Daily end-of-shift report 11 Dec '15

11 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 10-12-2015 18:00 − Freitag 11-12-2015 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** NIST will Feedback zur Absicherung von kritischer Infrastruktur *** --------------------------------------------- Die US-Standardisierungsbehörde möchte ihr Richtlinienpapier zur IT-Sicherheit von Kraftwerken und Industrieanlagen verbessern und bittet um Mithilfe. Allerdings ist das NIST bei Sicherheitsexperten momentan nicht gerade unumstritten. --------------------------------------------- http://heise.de/-3042666 *** New Spy Banker Trojan Telax abusing Google Cloud Servers *** --------------------------------------------- Introduction Zscaler ThreatLabZ has been closely monitoring a new Spy Banker Trojan campaign that has been targeting Portuguese-speaking users in Brazil. The malware authors are leveraging Google Cloud Servers to host the initial Spy Banker Downloader Trojan, which is responsible for downloading and installing Spy Banker Trojan Telax. --------------------------------------------- http://research.zscaler.com/2015/12/new-spy-banker-trojan-telax-abusing.html *** Open Automation Software OPC Systems NET DLL Hijacking Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a DLL Hijacking vulnerability in Open Automation Software's OPC Systems.NET application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-344-02 *** XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-15-342-01 XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability that was published December 8, 2015, on the NCCIC/ICS-CERT web site. This advisory provides mitigations details for a cross-site scripting vulnerability in XZERES's 442SR turbine generator operating system. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01 *** Everything old is new again - Blackhole exploit kit since November 2015, (Fri, Dec 11th) *** --------------------------------------------- Last month, the Malwarebytes blog posted an article about Blackhole exploit kit (EK) resurfacing in active drive-by campaigns from compromised websites. At the time, I hadnt noticed this trend, because the Windows hosts I was using to generate EK traffic were a bit too up-to-date. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20477&rss *** New SWITCH Security Report available - Invitation to take part in a Reader Survey *** --------------------------------------------- A new issue of our monthly SWITCH Security Report has just been released. --------------------------------------------- http://securityblog.switch.ch/2015/12/09/new-switch-security-report-availab… *** Zend Framework vulnerable to SQL injection *** --------------------------------------------- Zend Framework contains an SQL injection vulnerability (CWE-89) due to the argument of the ORDER BY clause. An attacker who can access the product may execute SQL commands. --------------------------------------------- http://jvn.jp/en/jp/JVN71730320/ *** Totgesagte leben länger: Facebook und Cloudflare setzen weiter auf SHA-1 *** --------------------------------------------- Mit SHA-1 signierte SSL/TLS-Zertifikate gelten schon lange als unsicher und es gibt seit einiger Zeit erste praktische Angriffe. Trotzdem wollen wichtige Dienstanbieter wie Facebook und Cloudflare auf unbestimmte Zeit an SHA-1 festhalten. --------------------------------------------- http://heise.de/-3041665 *** Advantech EKI Vulnerabilities *** --------------------------------------------- This advisory provides information regarding several vulnerabilities in Advantech's EKI devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01 *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager XSS Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Small Business RV Series and SA500 Series Dual WAN VPN Router Generated Key Pair Information Disclosure Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Emergency Responder Web Framework Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images - OpenSSL vulnerabilities (CVE-2015-1791, CVE-2015-1792, CVE-2015-1788, CVE-2015-1789,CVE-2015-1790) *** http://www.ibm.com/support/docview.wss?uid=swg21971248 --------------------------------------------- *** Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2014-0919) *** http://www.ibm.com/support/docview.wss?uid=swg21970398 --------------------------------------------- *** Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21972650 --------------------------------------------- *** Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21963120 --------------------------------------------- *** Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21971177 --------------------------------------------- *** Multiple vulnerabilities in OpenSSH, GNU C Library (glibc), and OpenSSL, including Logjam, affect Integrated Management Module II (IMM2) *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099032 --------------------------------------------- *** Vulnerabilities in openssh affect Power Hardware Management Console (CVE-2015-5600) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021006 --------------------------------------------- *** A vulnerability in Libxml affects IBM Security Network Protection (CVE-2015-1819) *** http://www.ibm.com/support/docview.wss?uid=swg21969664 --------------------------------------------- *** A vulnerability in GNU glibc affects IBM Security Network Protection (CVE-2014-8121) *** http://www.ibm.com/support/docview.wss?uid=swg21967169 --------------------------------------------- *** Multiple vulnerability fixes for Rational Lifecycle Integration Adapter for HP ALM (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21972785 --------------------------------------------- *** Multiple vulnerabilities in IBM Java SDK affect the IBM Installation Manager and IBM Packaging Utility (CVE-2015-2625 and CVE-2015-1931 ) *** http://www.ibm.com/support/docview.wss?uid=swg21972707 --------------------------------------------- *** Vulnerability in spice affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5261, CVE-2015-5260) *** http://www.ibm.com/support/docview.wss?uid=swg2C1000009 --------------------------------------------- *** Vulnerability in IBM Java Runtime affects IBM Content Classification CVE-2015-4844 *** http://www.ibm.com/support/docview.wss?uid=swg21971760 --------------------------------------------- *** Vulnerability in Apache Commons affects Rational Developer for i, Rational Developer for AIX and Linux and Rational Developer for Power Systems Software (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971814 --------------------------------------------- *** ´Vulnerability in Apache Commons affects IBM Rational Application Developer for WebSphere Software (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972565 --------------------------------------------- *** Multiple vulnerability in Product IBM Tivoli Common Reporting (CVE-2015-7436,CVE-2015-7435,CVE-2012-6153,CVE-2014-3577,CVE-2015-7450,CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21972799 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM Web Interface for Content Management (WEBi) (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972903 --------------------------------------------- *** Vulnerability in Apache Commons affects FileNet Collaboration Services/IBM FileNet Services for Lotus Quickr (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21972902 --------------------------------------------- *** Vulnerability in Apache Commons affects IBM Integration Designer (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21971371 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily