Daily

daily@lists.cert.at

1 participants
3139 discussions

Tageszusammenfassung - Mittwoch 16-03-2016
by Daily end-of-shift report 16 Mar '16

16 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 15-03-2016 18:00 − Mittwoch 16-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Bugtraq: [security bulletin] HPSBGN03556 rev.1 - ArcSight ESM and ESM Express, Remote Arbitrary File Download, Local Arbitrary Command Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/537801 *** Exploit Kits in 2015: Scale and Distribution *… [View More]** --------------------------------------------- In the first part of this series of blog posts, we discussed what new developments and changes in the exploit kit landscape were seen in 2015. In this post, we look at the scale of the exploit kit problem - how many users were affected, .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/exploit-kits-201… *** Apache Struts Input Validation Flaw in I18NInterceptor Lets Remote Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1035272 *** Apache Struts Double OGNL Evaluation Lets Remote Users Execute Arbitrary Code on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1035271 *** VMware vRealizes that vRealize has XSS bugs on Linux *** --------------------------------------------- Virtzillas also released first maintenance release for vRealize Automation A tricky Tuesday for VMwares vRealize products, which have received the first maintenance release for version 7 and also become the subject of a security alert. --------------------------------------------- www.theregister.co.uk/2016/03/16/vmware_vrealizes_that_vrealize_has_xss_bug… *** OpenSSH 7.2p1 xauth Command Injection / Bypass *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2016030083 *** TeslaCrypt 3.1? New Ransomware Strain Removes ShadowCopies via WMI *** --------------------------------------------- The authors of TeslaCrypt 3.1 ransomware understood that the common ransomware action of deleting shadow copies by executing "vssadmin Delete Shadows /All /Quiet" draws the defenders attention, and so they worked around that by using WMI. --------------------------------------------- http://www.minerva-labs.com/ *** subsearch *** --------------------------------------------- subsearch is a command line tool designed to brute force subdomain names. It is aimed at penetration testers and bug bounty hunters and has been built with a focus on speed, stealth and reporting. --------------------------------------------- https://github.com/gavia/subsearch *** Git Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1035290 *** FortiOS open redirect vulnerability *** --------------------------------------------- The FortiOS webui accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. The redirect input parameter is also prone to a cross site scripting. --------------------------------------------- http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability *** IBM Security Bulletin: Vulnerabilities in java affect Power Hardware Management Console (CVE-2016-0448) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1021172 *** IBM Security Bulletin: Vulnerabilities in OpenSSH affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images (CVE-2016-0777, CVE-2016-0778) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21978487 *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ (CVE-2015-1788) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21972125 *** DDoSing with Other Peoples Botnets *** --------------------------------------------- While I was reverse engineering ZeroAccess in order to write a monitoring system, I had an idea which would allow me to use ZeroAccess C&C infrastructure to reflect and amplify a UDP based DDoS attack, which Id found to be beautifully ironic. After further analysis, I discovered it may even be possible to use non worker bots (which connect from behind NAT) to participate in the attack. --------------------------------------------- http://www.malwaretech.com/2016/03/ddosing-with-other-peoples-botnets.html *** DFN-CERT-2016-0461/">Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0461/ *** Nacktfotos von Prominenten: Verdächtiger gesteht Phishing-Angriff auf iCloud *** --------------------------------------------- Im Verfahren um die Veröffentlichung von privaten Promifotos hat sich der Verdächtige des Phishings schuldig bekannt. Doch mit der Veröffentlichung der Bilder will der Mann nichts zu tun haben. --------------------------------------------- http://www.golem.de/news/nacktfotos-von-prominenten-verdaechtiger-gesteht-p… *** HTTPS: 77 Prozent aller Google-Anfragen verschlüsselt *** --------------------------------------------- In seinem Transparenzbericht dokumentiert Google nun auch den Prozentsatz von Transportverschlüsselung bei seinen eigenen Diensten und Anfragen an Server der Suchmaschine. Vor allem der hohe Wert bei der Verteilung von Werbung überrascht. --------------------------------------------- http://heise.de/-3140351 *** Erpressungstrojaner auf Websites von New York Times und BBC *** --------------------------------------------- Potenziell Millionen Nutzer gefährdet, Sicherheitsforscher sehen Beleg für Schwächen des Werbenetzwerks --------------------------------------------- http://derstandard.at/2000033046874 *** AceDeceiver: iOS-Trojaner nutzt Schwachstellen in Apples DRM *** --------------------------------------------- Angreifern ist es einer Sicherheitsfirma zufolge gelungen, Schad-Software mehrfach ungehindert in den App Store zu bringen. Durch Schwachpunkte in Apples DRM FairPlay könne die Malware zudem auf iPhones gelangen - ohne Enterprise-Zertifikat. --------------------------------------------- http://heise.de/-3140627 [View Less]

1 0

Tageszusammenfassung - Dienstag 15-03-2016
by Daily end-of-shift report 15 Mar '16

15 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 14-03-2016 18:00 − Dienstag 15-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Typosquatters Target Mac Users With New '.om' Domain Scam *** --------------------------------------------- http://threatpost.com/typosquatters-target-apple-mac-users-with-new-om-doma… *** Juniper: Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800) *** --------------------------… [View More]------------------- On March 1, 2016, a cross-protocol attack was announced by OpenSSL that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800). --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10722 *** Citrix XenApp and XenDesktop Hardening Guidance *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2016/03/citrix_xenapp_andxe.ht… *** Complete Tour of PE and ELF: Part 2 *** --------------------------------------------- We covered some important sections in Part 1 of this series. In this part, we will cover some more complex data structures covering some important concepts of binaries. Here is what we are looking at: If you can recall in Optional header, .. --------------------------------------------- http://resources.infosecinstitute.com/complete-tour-of-pe-and-elf-part-2/ *** Adrian Dabrowski @ Troopers TelcoSecDay 2016 *** --------------------------------------------- Today Adrian Dabrowski gives his talk 'Towards Carrier Based IMSI Catcher Detection' at the TelcoSecDay 2016. Abstract: In this presentation we discuss multiple detection capabilities of IMSI Catchers (aka Stingray) from the network .. --------------------------------------------- https://www.sba-research.org/2016/03/15/adrian-dabrowski-troopers-telcosecd… *** How broken is SHA-1 really? *** --------------------------------------------- SHA-1 collisions may be found in the next few months, but that doesnt mean that fake SHA-1-based certificates will be created in the near future. Nevertheless, it is time for everyone, and those working in security in particular, to move away from outdated hash functions. Read more --------------------------------------------- https://www.virusbulletin.com/blog/2016/march-2016/how-broken-sha-1-really/ *** BSI-Leitfaden zum Umgang mit Erpressungs-Trojanern *** --------------------------------------------- Das BSI informiert in einem knappen Leitfaden Behörden und Unternehmen über die Bedrohung durch Krypto-Trojaner und wie man sich im Ernstfall verhalten sollte. --------------------------------------------- http://heise.de/-3135866 *** From Stolen Wallet to ID Theft, Wrongful Arrest *** --------------------------------------------- Its remarkable how quickly a stolen purse or wallet can morph into full-blow identity theft, and possibly even result in the victims wrongful arrest. All of the above was visited recently on a fellow infosec professional whose admitted lapse in physical security lead to a mistaken early morning arrest in front of his kids. --------------------------------------------- http://krebsonsecurity.com/2016/03/from-stolen-wallet-to-id-theft-wrongful-… [View Less]

1 0

Tageszusammenfassung - Montag 14-03-2016
by Daily end-of-shift report 14 Mar '16

14 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 11-03-2016 18:00 − Montag 14-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** VU#713312: DTE Energy Insight app vulnerable to information exposure *** --------------------------------------------- The DTE Energy Insight app API allows an authenticated user to obtain and query certain limited customer information from other customers. -----------------------------------------… [View More]---- http://www.kb.cert.org/vuls/id/713312 *** Mehr als zwei Jahre alter Java-Security-Patch von Oracle immer noch verwundbar *** --------------------------------------------- Geht es nach dem Sicherheitsexperten Adam Gowdiak hat Oracle vor mehr als zwei Jahren eine Sicherheitslücke falsch bewertet und zudem bei dem Patch gepfuscht, der den Fehler eigentlich hätte beseitigen sollen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Mehr-als-zwei-Jahre-alter-Java-Secur… *** The Source of All Major Android Banking Trojans Just Got Updated To V2 *** --------------------------------------------- An anonymous reader writes: Apparently, during the past months it has started coming to the surface the fact that most top-tier Android malware was actually related, coming from a common malware variant called GM Bot, and sold for only .. --------------------------------------------- http://news.slashdot.org/story/16/03/12/1556259/the-source-of-all-major-and… *** Google Chrome Extension Caught Stealing Bitcoin From Users *** --------------------------------------------- An anonymous reader writes: Bitcoin exchange portal Bitstamp is warning users of a Google Chrome extension that steals their Bitcoin when making a transfer. According to Bitstamp, this extension contains malicious code that is redirecting .. --------------------------------------------- http://news.slashdot.org/story/16/03/12/2328254/google-chrome-extension-cau… *** Armada Collective is back, extorting Financial Intuitions in Switzerland *** --------------------------------------------- These extortion emails usually originate from free email service providers (such as Gmail or Openmail) and are being sent to the info@ email address of the targeted financial institution. Unlike the extortion attempts conducted by Armada Collective in September 2015, we are not aware of .. --------------------------------------------- http://www.govcert.admin.ch/blog/19/armada-collective-is-back-extorting-fin… *** Auto vulnerability scanners turn up mostly false positives *** --------------------------------------------- Automated vulnerability scanners turn up mostly false positives, but even the wild goose chase that results can be cheaper for businesses than manual processes, according to NCC Group security engineer Clint Gibler. --------------------------------------------- http://www.theregister.co.uk/2016/03/14/cheap_auto_vulnerability_scanners_c… *** SSA-833048 (Last Update 2016-03-14): Vulnerability in SIMATIC S7-1200 CPUs prior to V4 *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-833048… *** IBM Security Bulletin: GNU C library (glibc) vulnerability affects TS4500 (CVE-2015-7547) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1005695 *** IBM Security Bulletin: glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1023395 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21975835 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry (CVE-2016-0475 CVE-2016-0448 CVE-2015-7575 CVE-2016-0466) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1023378 Botnets Plague the Web. This AI Is Out to Stop Them --------------------------------------------- A group of Israeli researchers believe they are the first to have discovered a way to locate botnets and identify who is behind them, by planting honeypots that gather information about attacks carried out by the network, and analyzing that data with machine learning programs. --------------------------------------------- https://motherboard.vice.com/read/botnets-plague-the-web-this-ai-is-out-to-… *** Broken 2013 Java Patch Leads to Sandbox Bypass *** --------------------------------------------- A patch for a critical 2013 Java vulnerability is incomplete, and exposes Java servers and clients to a sandbox bypass, researchers at Security Explorations of Poland said. --------------------------------------------- http://threatpost.com/broken-2013-java-patch-leads-to-sandbox-bypass/116757/ [View Less]

1 0

Tageszusammenfassung - Freitag 11-03-2016
by Daily end-of-shift report 11 Mar '16

11 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 10-03-2016 18:00 − Freitag 11-03-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Locky Ransomware Spreading in Massive Spam Attack *** --------------------------------------------- Researchers are tracking a massive spam campaign pelting inboxes with Locky ransomware downloaders in the form of JavaScript attachments. --------------------------------------------- http://threatpost.… [View More]com/locky-ransomware-spreading-in-massive-spam-attack/116… *** Deinstallieren oder Aktualisieren: Adobe verteilt Notfall-Update für Flash *** --------------------------------------------- Es kommt nicht überraschend: Adobe veröffentlicht wieder ein Notfall-Update für den Flash-Player. Wer ihn nicht bereits deinstalliert hat, sollte das Update installieren. Auch die Digital Editions und der Adobe Reader werden versorgt. --------------------------------------------- http://www.golem.de/news/deinstallieren-oder-aktualisieren-adobe-rollt-notf… *** Security Afterworks Spezial: Secure your Enterprise - Innovative Microsoft-Security-Lösungen im Enterprise- & Mobility-Umfeld *** --------------------------------------------- April 18, 2016 - 3:00 pm - 5:00 pm Microsoft Österreich Am Europlatz 3 Wien --------------------------------------------- https://www.sba-research.org/events/security-afterworks-spezial-secure-your… *** Files compromised by ransomware Trojan for OS X can be decrypted by Doctor Web *** --------------------------------------------- March 11, 2016 At the beginning of March, numerous mass media, websites, and blogs announced about the emergence of the first ever ransomware for Mac computers. Doctor Web specialists examined this malicious program, which was named Mac.Trojan.KeRanger.2, and they have developed a method that can help to decrypt files affected by this Trojan. Mac.Trojan.KeRanger.2 was first detected in a compromised version of the installer for a popular OS X torrent client that was distributed as a DMG file. --------------------------------------------- http://news.drweb.com/show/?i=9877&lng=en&c=9 *** Cerber Ransomware - New, But Mature *** --------------------------------------------- We take a look at Cerber, Ransomware named after the mythical multi-headed dog...Categories: Malware AnalysisTags: cerberransomware(Read more...) --------------------------------------------- https://blog.malwarebytes.org/intelligence/2016/03/cerber-ransomware-new-bu… *** OpenSSH Security Advisory: x11fwd.adv *** --------------------------------------------- Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1). --------------------------------------------- http://www.openssh.com/txt/x11fwd.adv *** Cisco Gigabit Switch Router 12000 Series Routers Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Schneider Electric Telvent RTU Improper Ethernet Frame Padding Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a vulnerability caused by an Institute of Electrical and Electronics Engineers (IEEE) conformance issue involving improper frame padding in Schneider Electric's Telvent SAGE 2300 and 2400 remote terminal units. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-070-01 *** VU#270232: Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability *** --------------------------------------------- Vulnerability Note VU#270232 Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability Original Release date: 10 Mar 2016 | Last revised: 10 Mar 2016 Overview Quagga, version 0.99.24.1 and earlier, contains a buffer overflow vulnerability in bgpd with BGP peers enabled for VPNv4 that may leveraged to gain code execution. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2342Quagga is a software routing suite that implements numerous routing protocols for... --------------------------------------------- http://www.kb.cert.org/vuls/id/270232 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: GNU C library (glibc) vulnerability affects Tivoli Provisioning Manager for OS deployment and Tivoli Provisioning Manager for Images (CVE-2015-7547) *** http://www.ibm.com/support/docview.wss?uid=swg21978194 --------------------------------------------- *** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM DataPower Gateways (CVE-2015-7547) *** http://www.ibm.com/support/docview.wss?uid=swg21977460 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine (CVE-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=swg21978188 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in the GSKit component of IBM DataPower Gateways (CVE-2016-0201) *** http://www.ibm.com/support/docview.wss?uid=swg21974969 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in the GSKit component of IBM DB2 LUW (CVE-2016-0201, CVE-2015-7420 & CVE-2015-7421) *** http://www.ibm.com/support/docview.wss?uid=swg21977787 --------------------------------------------- *** IBM Security Bulletin: Cross-Site Scripting Vulnerability with the UML Vizualization tools *** http://www.ibm.com/support/docview.wss?uid=swg21978003 --------------------------------------------- *** Security Bulletin: Vulnerability in lighttpd affects IBM Integrated Management Module (IMM)(CVE-2015-3200) *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099226 --------------------------------------------- *** IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21978471 --------------------------------------------- [View Less]

1 0

Tageszusammenfassung - Donnerstag 10-03-2016
by Daily end-of-shift report 10 Mar '16

10 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 09-03-2016 18:00 − Donnerstag 10-03-2016 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** First Principles for Network Defenders: A Unified Theory for Security Practitioners *** --------------------------------------------- Great thinkers like Aristotle, Descartes and Elon Musk have said that, in order to solve really hard problems, you have to get back to first principles. First … [View More]principles in a designated .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/03/first-principles-for-net… *** DSA-3509 rails - security update *** --------------------------------------------- Two vulnerabilities have been discovered in Rails, a web applicationframework written in Ruby. Both vulnerabilities affect Action Pack, whichhandles the web requests for Rails. --------------------------------------------- https://www.debian.org/security/2016/dsa-3509 *** Powershell Malware - No Hard drive, Just hard times, (Wed, Mar 9th) *** --------------------------------------------- ISC Reader Eric Volking submitted a very nice sample of some Powershell based malware. Lets take a look! The malware starts inthe traditional way, by launching itself with an .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20823 *** Bugtraq: [CORE-2016-0004] - SAP Download Manager Password Weak Encryption *** --------------------------------------------- http://www.securityfocus.com/archive/1/537746 *** Bugtraq: [CORE-2016-0003] - Samsung SW Update Tool MiTM *** --------------------------------------------- http://www.securityfocus.com/archive/1/537750 *** DSA-3512 libotr - security update *** --------------------------------------------- Markus Vervier of X41 D-Sec GmbH discovered an integer overflowvulnerability in libotr, an off-the-record (OTR) messaging library, inthe way how the sizes of portions of incoming messages were stored. Aremote attacker can exploit this .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3512 *** DSA-3511 bind9 - security update *** --------------------------------------------- https://www.debian.org/security/2016/dsa-3511 *** Security Advisory: BIND vulnerability CVE-2016-2088 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59692558.html *** Security Advisory: BIND vulnerability CVE-2016-1285 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/46/sol46264120.html *** Security Advisory: BIND vulnerability CVE-2016-1286 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/62/sol62012529.html *** Scald File - Critical - Remote Code Execution - SA-CONTRIB-2016-015 *** --------------------------------------------- When a PDF is uploaded in Scald File, various tools can be executed if theyre installed on the server, to try to generate a thumbnail out of that PDF.This is mitigated by the need to have the sufficient permissions to upload a file in Scald, .. --------------------------------------------- https://www.drupal.org/node/2684601 *** Ransomware: "Von Zahlungen ist abzuraten" *** --------------------------------------------- DDoS-Attacken, CEO-Frauds und Ransomware: Angriffe auf Firmen nehmen zu. Die futurezone hat den Sicherheitsexperten Michael Krausz dazu befragt. --------------------------------------------- http://futurezone.at/digital-life/ransomware-von-zahlungen-ist-abzuraten/18… *** Erpressungs-Trojaner: Time-Machine-Backups anfällig *** --------------------------------------------- Die Entwickler der OS-X-Ransomware KeRanger haben auch Time-Machine-Backups als Angriffsziel erwogen. Tatsächlich ist es möglich, selbst ohne Admin-Rechte Dokumente in der Datensicherung zu verändern. --------------------------------------------- http://heise.de/-3131762 *** TRUST 2016, organized by SBA Research *** --------------------------------------------- August 29, 2016 - August 30, 2016 - All Day Vienna University of Technology Gußhausstraße 27-29 Vienna --------------------------------------------- https://www.sba-research.org/events/trust-2016-organized-by-sba-research/ *** Kritische Lücke in Jabber-Verschlüsselung OTR *** --------------------------------------------- Das Protokoll Off-the-Record (OTR) und dessen Umsetzung galt als eigentlich als recht sicher. Doch jetzt entdeckten Forscher eine kritische Lücke, die es Angreifern erlaubt, eigenen Code einzuschleusen und auszuführen. Updates schließen das Loch. --------------------------------------------- http://heise.de/-3130396 *** PlugX malware: A good hacker is an apologetic hacker *** --------------------------------------------- Sometimes malware writers put messages in their malware. We found one such message in PlugX dropper. And it was pretty melodramatic .. --------------------------------------------- http://securelist.com/blog/virus-watch/74150/plugx-malware-a-good-hacker-is… *** [R4] OpenSSL 20160301 Advisory Affects Tenable Nessus *** --------------------------------------------- https://www.tenable.com/security/tns-2016-03 *** Apple Software Update 2.2 *** --------------------------------------------- Impact: An attacker in a privileged network position may be able to control the contents of the updates window --------------------------------------------- https://support.apple.com/en-us/HT206091 *** Vulnerabilities in multiple third party TYPO3 CMS extensions *** --------------------------------------------- It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to unsafe comparison of XSRF/CSRF token, multiple full path disclosure vulnerabilities, multiple XSS vulnerabilities, insecure password generation in JavaScript. --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… *** Security: Drown gefährdet weiterhin zahlreiche Webdienste *** --------------------------------------------- Wie schnell patchen Serverbetreiber die Drown-Sicherheitslücke? Offenbar zu langsam, sagen mehrere Sicherheitsfirmen. Bei Heartbleed lief es deutlich besser. --------------------------------------------- http://www.golem.de/news/security-drown-gefaehrdet-weiterhin-zahlreiche-web… *** Android mobile banking trojan uses layered defenses to avoid removal *** --------------------------------------------- Researchers at ESET have spotted a new Android banking trojan that camouflages itself as a legitimate mobile banking app, but instead of giving access to a persons bank account it steals login credentials. --------------------------------------------- http://www.scmagazine.com/android-mobile-banking-trojan-uses-layered-defens… *** Cisco Prime LAN Management Solution Default Decryption Key Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security Updates Available for Adobe Flash Player (APSB16-08) *** --------------------------------------------- A Security Bulletin (APSB16-08) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1327 [View Less]

1 0

Tageszusammenfassung - Mittwoch 9-03-2016
by Daily end-of-shift report 09 Mar '16

09 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 08-03-2016 18:00 − Mittwoch 09-03-2016 18:00 Handler: n/a Co-Handler: Stephan Richter *** Apple denies researchers claims of bypassing iOS passcode using Siri *** --------------------------------------------- Vulnerability Lab researchers claim to have spotted multiple passcode bypass vulnerabilities in the latest Apple iOS systems. --------------------------------------------- http://www.… [View More]scmagazine.com/researchers-says-ios-has-passcode-bypass-vulnerab… *** Microsoft-Patchday: Fünf kritische Lücken, alle Windows-Versionen betroffen *** --------------------------------------------- Microsoft verteilt diesen Monat insgesamt 13 Updates für WIndows, Office und seine beiden Browser Internet Explorer und Edge. Mehrere Lücken erlauben es, Windows-Rechner aus der Ferne zu kapern. --------------------------------------------- http://heise.de/-3131122 *** Trivial path for DDoS amplification attacks found by infosec bods *** --------------------------------------------- 600,000 servers are vulnerable to this little-known protocol Security researchers have discovered a new vector for DDoS amplification attacks - and its quite literally trivial. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/03/09/trivial_ddo… *** KeRanger Mac ransomware is a rewrite of Linux Encoder *** --------------------------------------------- KeRanger, the recently discovered first functional Mac ransomware, is a copy of Linux Encoder, the crypto-ransomware first unearthed and analyzed in November 2015 by Dr. Web researchers. "The encryption functions are identical and have same names: encrypt_file, recursive_task, currentTimestamp and createDaemon to only mention a few. The encryption routine is identical to the one employed in Linux.Encoder", explained Catalin Cosoi, Chief Security Strategist at Bitdefender. --------------------------------------------- https://www.helpnetsecurity.com/2016/03/09/keranger-mac-ransomware-rewrite-… *** A Wall Against Cryptowall? Some Tips for Preventing Ransomware, (Wed, Mar 9th) *** --------------------------------------------- A lot of attention has been paid lately to the Cryptowall / Ransomware family (as in crime family) of malware. What I get asked a lot by clients is how can I prepare / prevent an infection? Prepare is a good word in this case, it encompasses both prevention and setting up processes for dealing with the infection that will inevitably happen in spite of those preventative processes. Plus its the first step in the Preparation / Identification / Containment / Eradication / Restore Service / Lessons... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20821&rss *** Android-Sicherheitsupdates: Immer Ärger mit Stagefright *** --------------------------------------------- Google wird die Stagefright-Probleme nicht los. Auch das März-Update patcht mehrere kritische Lücken, die in den Multimedia-Diensten der Android-Geräte stecken. Updates für Nexus-Smartphones und -Tablets werden bereits verteilt. --------------------------------------------- http://heise.de/-3131138 *** RSA: Seven Attack Trends (March 3, 2016) *** --------------------------------------------- At the RSA Conference in San Francisco last week, SANS researchers described seven cyberattack trends that are likely to come up again and again over the course of this year: Weaponization of Windows PowerShell; Stagefright-like mobile vulnerabilities; Developer environment vulnerabilities like Xcode Ghost; Industrial Control System (ICS) attacks; Targeting unsecure third-party software components; Internet of (Evil) Things; and Ransomware... --------------------------------------------- http://www.sans.org/newsletters/newsbites/r/18/19/201 *** MS16-MAR - Microsoft Security Bulletin Summary for March 2016 - Version: 1.0 *** --------------------------------------------- V1.0 (March 8, 2016): Bulletin Summary published. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS16-MAR *** [R1] PHP < 5.6.18 / PCRE < 8.38 Vulnerabilities Affect Tenable SecurityCenter *** --------------------------------------------- http://www.tenable.com/security/tns-2016-04 *** Bugtraq: [security bulletin] HPSBHF03557 rev.1 - HPE Networking Products using Comware 7 (CW7) running NTP, Remote Denial of Service (DoS) *** --------------------------------------------- http://www.securityfocus.com/archive/1/537721 *** Persistent Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.x Web User Interface *** --------------------------------------------- This vulnerability could potentially be used to execute malicious client-side script in the same context as legitimate content from the web server; if this vulnerability is used to execute script in the browser of an authenticated administrator then the script may be able to gain access to the administrator's session or other potentially sensitive information. --------------------------------------------- https://support.citrix.com/article/CTX207499 *** Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Wireless Residential Gateway Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… [View Less]

1 0

Tageszusammenfassung - Dienstag 8-03-2016
by Daily end-of-shift report 08 Mar '16

08 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 07-03-2016 18:00 − Dienstag 08-03-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** PhishLabs on the growing sophistication of business email scams *** --------------------------------------------- At the 2016 RSA Conference, CSOs Steve Ragan chats with Joseph Opacki from PhishLabs about how cyber-criminals are becoming increasingly smarter about targeting specific high-end business users … [View More]to try and steal data or money. --------------------------------------------- http://www.cio.com/video/63026/phishlabs-on-the-growing-sophistication-of-b… *** Google plugs 19 holes in newest Android security update *** --------------------------------------------- In the March 2016 security update for the Android Open Source Project (AOSP), Google has fixed 19 security issues, seven of which are considered to be critical. Among these, and admittedly the most important to patch, are two remote code execution vulnerabilities in - yes, you've guessed it - Mediaserver. Mediaserver is a service in Android that allows the device to index media files that are located on it. The vulnerabilities in question (CVE-2016-0815, CVE-2016-0816)... --------------------------------------------- https://www.helpnetsecurity.com/2016/03/08/android-security-update/ *** Free and Commercial Tools to Implement the Center for Internet Security (CIS) Security Controls, Part 12: Controlled Use of Administrative Privileges *** --------------------------------------------- This is Part 12 of a How-To effort to compile a list of tools (free and commercial) that can help IT administrators comply with what was formerly known as the "SANS Top 20 Security Controls". It is now known as the Center for Internet Security (CIS) Security Controls. A summary of the previous posts is here: Part 1 - we looked at Inventory of Authorized and Unauthorized Devices. Part 2 - we looked at Inventory of Authorized and Unauthorized Software. Part 3 - we looked at Secure... --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/free-and-commercial-to… *** Cloud sellers who acted on Heartbleed sink when it comes to DROWN *** --------------------------------------------- An out-stretched arm slowly disappears... Response to the critical web-crypto-blasting DROWN vulnerability in SSL/TLS by cloud services has been much slower than the frantic patching witnessed when the Heartbleed vulnerability surfaced two years ago. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/03/08/drown_vulne… *** Erpressungs-Trojaner Keranger: Wie Sie Ihren Mac schützen *** --------------------------------------------- Erstmals zielt funktionstüchtige Ransomware auf OS-X-Nutzer ab. Nach der Infektion bleiben drei Tage, bis "Keranger" Dokumente verschlüsselt. Nutzer sollten prüfen, ob sie betroffen sind - und Gegenmaßnahmen ergreifen. --------------------------------------------- http://heise.de/-3130854 *** Security Bulletins Posted *** --------------------------------------------- Security Bulletins for Adobe Digital Editions (APSB16-06) as well as Adobe Acrobat and Reader (APSB16-09) have been published. Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant security bulletin. A security... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1322 *** DFN-CERT-2016-0402: ISC DHCP: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0402/ *** DFN-CERT-2016-0405: PuTTY: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0405/ *** DFN-CERT-2016-0400: BlackBerry powered by Android: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes mit den Rechten des Mediaservers *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0400/ *** Bugtraq: ESA-2016-012: EMC Documentum xCP - User Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/537712 *** [R3] OpenSSL 20160301 Advisory Affects Tenable Nessus *** --------------------------------------------- http://www.tenable.com/security/tns-2016-03 *** Security Advisory: Libpng vulnerability CVE-2015-8472 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/81/sol81903701.html?… *** Security Advisory: OpenSSL vulnerabilities CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23196136.html?… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: GNU C library (glibc) and OpenSSL vulnerabilities affect WebSphere Cast Iron. (CVE-2015-7547 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-1794) *** http://www.ibm.com/support/docview.wss?uid=swg21978339 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in current releases of IBM SDK for Node.js in IBM Bluemix (CVE-2015-3197, CVE-2016-2086, CVE-2016-2216) *** http://www.ibm.com/support/docview.wss?uid=swg21977242 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM XIV Gen2 (CVE-2016-0777, CVE-2016-0778) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005618 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM XIV Gen3 (CVE-2016-0777, CVE-2016-0778) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005619 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM XIV Gen3 systems and IBM XIV Management Tools (CVE-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005615 --------------------------------------------- [View Less]

1 0

Tageszusammenfassung - Montag 7-03-2016
by Daily end-of-shift report 07 Mar '16

07 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 04-03-2016 18:00 − Montag 07-03-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** When a WordPress Plugin Goes Bad *** --------------------------------------------- Last summer we shared a story about the SweetCaptcha WordPress plugin injecting ads and causing malvertising problems for websites that leveraged the plugin. When this plugin was removed from the official WordPress Plugin … [View More]

1 0

Tageszusammenfassung - Freitag 4-03-2016
by Daily end-of-shift report 04 Mar '16

04 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 03-03-2016 18:00 − Freitag 04-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Upcoming Security Updates for Adobe Acrobat and Reader (APSB16-09) *** --------------------------------------------- A prenotification Security Advisory has been posted regarding upcoming updates for Adobe Acrobat and Reader scheduled for Tuesday, March 8, 2016. We will continue to provide … [View More]updates on the upcoming release via the Security Advisory as well as the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1319 *** Open-Xchange Guard 2.2.0 / 2.0 Private Key Disclosure *** --------------------------------------------- The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its user- and context-ID. The "auth" parameter contains .. --------------------------------------------- https://cxsecurity.com/issue/WLB-2016030034 *** Kriminelle setzen oft auf Standard-Passwörter *** --------------------------------------------- Im Projekt Heisenberg haben Honeypots einen RDP-Port angeboten. Sicherheitsforscher werteten im weiteren Verlauf die Login-Daten von Angreifern aus. --------------------------------------------- http://www.heise.de/newsticker/meldung/Kriminelle-setzen-oft-auf-Standard-P… *** NCSC publishes factsheet Disable SSL 2.0 and upgrade OpenSSL *** --------------------------------------------- On 1 March, a group of researchers presented the DROWN attack methods for TLS. An attacker uses DROWN to abuse servers that still support SSL 2.0. Servers that run a vulnerable version of OpenSSL can be abused in the same way, regardless of whether they support SSL 2.0. An attacker who is able to intercept network traffic that is secured with TLS, may attempt to decrypt this traffic .. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/ncsc-publishes-factsheet-di… *** Mit Sicherheit - BSI-Magazin 2016/01 *** --------------------------------------------- in dieser Ausgabe des BSI-Magazins blicken wir zurück auf ein Vierteljahrhundert deutsche IT-Sicherheitsgeschichte, denn das Bundesamt für Sicherheit in der Informationstechnik feiert in diesem Jahr sein .. --------------------------------------------- https://www.bsi.bund.de/DE/Publikationen/BSI-Magazin/BSI-Magazin_node.html *** Amazon App Store verbreitet Android-Trojaner *** --------------------------------------------- Kann Nutzer umfassend ausspionieren – Lässt sich aber auch einfach deinstallieren .. --------------------------------------------- http://derstandard.at/2000032287420 *** Drown-Angriff: Server4You stellt tausende betroffene Kunden bloss *** --------------------------------------------- In einem Abuse-Ticket von Server4You an Kunden mit vom Drown-Angriff bedrohten Servern tauchen zehntausende IP-Adressen und Ports betroffener Server auf. Zudem stellt der Hoster den Kunden ein Ultimatum - rudert mittlerweile aber wieder zurück. --------------------------------------------- http://heise.de/-3128656 *** Amazon entfernt Verschlüsselungsfunktion aus Fire-Tablets *** --------------------------------------------- Weil die Kunden sie nicht benutzt hätten, hat Amazon die Android-Funktion zur Verschlüsselung des Speichers aus dem Betriebssystem seiner Fire-Tablets entfernt. So zumindest erklärt der Konzern den nun bekannt gewordenen Schritt. --------------------------------------------- http://heise.de/-3128844 *** Chaos Computer Club bekommt Schwesterverein in Wien *** --------------------------------------------- Mitgliederversammlung am Samstag - Hackertreffen Easterhegg findet in Salzburg statt --------------------------------------------- http://derstandard.at/2000032301583 [View Less]

1 0

Tageszusammenfassung - Donnerstag 3-03-2016
by Daily end-of-shift report 03 Mar '16

03 Mar '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 02-03-2016 18:00 − Donnerstag 03-03-2016 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** LibreSSL Unaffected By DROWN *** ---------------------------------------------… [View More] The OpenBSD people forked and heavily cleaned up OpenSSL to create LibreSSL due to dissatisfaction with the maintainance of OpenSSL, culminating in the heartbleed bug. The emphasis has been on cleaning up the code and improving security, which includes removing things such as SSL2 which has fundamental security flaws. As a result, LibreSSL is not .. --------------------------------------------- http://it.slashdot.org/story/16/03/02/1620221/libressl-unaffected-by-drown *** Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016 *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Prime Infrastructure Log File Remote Code Execution Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Schneider Electric Building Operation Automation Server Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a vulnerability in servers programmed with Schneider Electric's StruxureWare Building Operation software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-061-01 *** Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting Vulnerability *** --------------------------------------------- This advisory is a follow-up to the alert titled ICS-ALERT-15-225-01A Rockwell Automation 1766-L32 Series Vulnerability that was published August 13, 2015, on the NCCIC/ICS-CERT web site. This advisory contains mitigation details for a cross-site scripting vulnerability in Rockwell Automation's CompactLogix application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-061-02 *** Windows Built-In PDF Reader Exposes Edge Browser To Hacking *** --------------------------------------------- Edge, Microsofts new browser, uses the WinRT PDF library to automatically embed and present PDF files while navigating the web. This is what Java does with applets, and Flash with SWF files -- it unintentionally allows a hacker to append malicious code to PDF files and trigger drive-by attacks, which exploit WinRT .. --------------------------------------------- http://news.slashdot.org/story/16/03/02/2210256/windows-built-in-pdf-reader… *** Open-Xchange Guard Access Control Flaw Lets Remote Authenticated Users Obtain Private Keys in Certain Cases *** --------------------------------------------- http://www.securitytracker.com/id/1035174 *** Google Analytics Counter - Moderately Critical - CSRF - SA-CONTRIB-2016-011 *** --------------------------------------------- The Google Analytics Counter module provides total pageview counts for each page on a website. In that it is similar to the core Statistics module counter, but it is much lighter and ultimately faster because it draws on .. --------------------------------------------- https://www.drupal.org/node/2679515 *** Register now for the International NCSC One Conference 2016 *** --------------------------------------------- Protecting Bits & Atoms is the theme for our international One Conference 2016. It is especially timely given the increasingly connected physical and digital worlds and how information and communication technologies (ICT) have ingrained themselves into the very fabric of our society. The ONE conference will take place on Tuesday April 5 and Wednesday April 6 at the World Forum in The Hague, The Netherlands. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/register-now-for-the-intern… *** Wie Betrüger Apple Pay missbrauchen können *** --------------------------------------------- Apple Pay ist praktisch und gilt als sicher. Doch das System lässt sich von Kriminellen missbrauchen, um digitale Kreditkartenkopien zu erstellen. --------------------------------------------- http://www.golem.de/news/security-wie-betrueger-apple-pay-missbrauchen-koen… *** Java Deserialization Attacks with Burp *** --------------------------------------------- This blog is about Java deserialization and the Java Serial Killer Burp extension. If you want to download the extension and skip past all of this, head to the Github page here. The recent Java deserialization attack that was discovered has provided a large window of opportunity for penetration testers to gain access to the underlying systems that Java applications communicate with. --------------------------------------------- https://blog.netspi.com/java-deserialization-attacks-burp/ *** Valve informiert Steam-Nutzer über Weihnachts-Datenpanne *** --------------------------------------------- Fast drei Monate nach der massiven Datenpanne informiert Valve nun die betroffenen Nutzer. Die hatten das Problem in der Zwischenzeit wahrscheinlich längst vergessen. --------------------------------------------- http://heise.de/-3127829 [View Less]

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily