Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - Mittwoch 11-11-2015
by Daily end-of-shift report 11 Nov '15

11 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 10-11-2015 18:00 − Mittwoch 11-11-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** November 2015 Security Update Release Summary *** --------------------------------------------- Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month's security updates and advisories can be found in the Security TechNet Library. MSRC Team --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2015/11/10/november-2015-security-u… *** MSRT November 2015: Detection updates *** --------------------------------------------- The Microsoft Malicious Software Removal Tool (MSRT) is updated monthly with new malware detections - so far this year we have added 29 malware families. This month we are updating our detections for some of the malware families already included in the tool. We choose the malware families we add to the MSRT each month using several criteria. One of the most common reasons is the prevalence of a family in the malware ecosystem. For example, in recent months we focused on... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/11/10/msrt-november-2015-detec… *** Patchday: Adobe pflegt den Flash-Patienten *** --------------------------------------------- Flash liegt mal wieder auf dem OP-Tisch und wird geflickt. Nutzer sollten ihren Flash-Patienten zügig behandeln, denn die Lücken gelten als kritisch. Exploits sollen aber noch nicht kursieren. --------------------------------------------- http://www.heise.de/newsticker/meldung/Patchday-Adobe-pflegt-den-Flash-Pati… *** What You Should Know about Triangulation Fraud and eBay *** --------------------------------------------- The increasing phenomenon of triangulation fraud on eBay has led to a published analysis on behalf of the company, as to how buyers should get informed and what they should pay attention to. Over the past few months, a new phenomenon has risen and its proportions have been growing exponentially. It seems that, even if... --------------------------------------------- http://securityaffairs.co/wordpress/41891/cyber-crime/triangulation-fraud-a… *** Symantec Endpoint Protection: Alte Sicherheitslücke bricht wieder auf *** --------------------------------------------- Eine totgeglaubte Schwachstelle ist wieder da, da ein älterer Patch nur Teile des Problems angegangen ist. Das aktuelle Update für Symantecs Endpoint Protection soll es nun richten und noch weitere Schwachstellen abdichten. --------------------------------------------- http://www.heise.de/newsticker/meldung/Symantec-Endpoint-Protection-Alte-Si… *** What Happens to Hacked Social Media Accounts *** --------------------------------------------- This article is going to look at a few reasons why a social media account is hacked. The goal is for you to understand why you will want to better protect your account, regardless of whether or not you see yourself as "important". --------------------------------------------- http://www.tripwire.com/state-of-security/security-awareness/what-happens-t… *** InstaAgent: Passwort-sammelnder Instagram-Client fliegt aus App Store und Google Play *** --------------------------------------------- Die App, die Nutzern verschiedene Zusatzinformationen zu ihrem Profil bei Facebooks populärem Foto-Dienst verspricht, sendete offenbar Instagram-Benutzernamen und Passwort im Klartext an einen Dritt-Server. --------------------------------------------- http://heise.de/-2917792 *** GasPot Integrated Into Conpot, Contributing to Open Source ICS Research *** --------------------------------------------- In August of this year, we presented at Blackhat our paper titled The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems. GasPot was a honeypot designed to mimic the behavior of the Guardian AST gas-tank-monitoring system. It was designed to look like no other existing honeypot, with each instance being unique to make fingerprinting by attackers impossible. These were deployed within networks located in various countries, to give us a complete picture of the attacks... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4jNwbTj60bk/ *** Questions are the answeres - How to avoid becoming the blamed victim *** --------------------------------------------- "You have to ask questions", I say. Questions before, during, and after a breach. If you ask the right questions at the right time, you'll be able to make better decisions than the knee-jerk ones you've been making. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/questions-are-the-answ… *** TA15-314A: Web Shells - Threat Awareness and Guidance *** --------------------------------------------- Original release date: November 10, 2015 Systems Affected Web servers that allow web shells Overview This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert outlines the threat and provides prevention, detection, and mitigation strategies.Consistent use of web shells by Advanced Persistent Threat (APT) and criminal groups has led to significant cyber incidents.This... --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA15-313A *** Bugtraq: [security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS) *** --------------------------------------------- http://www.securityfocus.com/archive/1/536877 *** Huawei HG630a / HG630a-50 Default SSH Admin Password *** --------------------------------------------- Topic: Huawei HG630a / HG630a-50 Default SSH Admin Password Risk: High Text:# Exploit Title: Huawei HG630a and HG630a-50 Default SSH Admin Password on Adsl Modems # Date: 10.11.2015 # Exploit Author: M... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110087 *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - Input Validation Vulnerability in Huawei VP9660 Products *** http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… --------------------------------------------- *** Security Advisory - Directory Traversal Vulnerability in Huawei AR Router *** http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… --------------------------------------------- *** Security Advisory - DoS Vulnerability in Huawei U2990 and U2980 *** http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… --------------------------------------------- *** Security Advisory - DoS Vulnerability in Huawei eSpace 8950 IP Phone *** http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… --------------------------------------------- *** Security Advisory - DoS Vulnerability in Huawei eSpace 7900 IP Phone *** http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… --------------------------------------------- *** ZDI-15-549: AlienVault Unified Security Management av-forward Deserialization of Untrusted Data Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/eDK-If3dTI8/ *** ZDI-15-548: AlienVault Unified Security Management Local Privilege Escalation Vulnerability *** --------------------------------------------- This vulnerability allows local attackers to escalate privileges to root on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/TpChWMSd5n0/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM FileNet eForms is affected by vulnerabilities in Apache HttpComponents(CVE-2012-6153 and CVE-2014-3577) *** http://www.ibm.com/support/docview.wss?uid=swg21962659 --------------------------------------------- *** IBM Security Bulletin: IBM Forms Server could be affected by a denial of service attack (CVE-2013-4517) *** http://www.ibm.com/support/docview.wss?uid=swg21962659 --------------------------------------------- *** IBM Security Bulletin: Fix Available for Denial of Service Vulnerability in IBM WebSphere Portal (CVE-2015-7419) *** http://www.ibm.com/support/docview.wss?uid=swg21969906 --------------------------------------------- *** IBM Security Bulletin: Additional Password Disclosure via application tracing in FlashCopy Manager on Windows, Data Protection for Exchange, and Data Protection for SQL CVE-2015-7404 *** http://www.ibm.com/support/docview.wss?uid=swg21969514 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in libuser affect Power Hardware Management Console (CVE-2015-3245 CVE-2015-3246) *** http://www.ibm.com/support/docview.wss?uid=nas8N1020961 --------------------------------------------- *** IBM Security Bulletin: IBM Cúram Social Program Management is vulnerable to a SQL injection attack *** http://www.ibm.com/support/docview.wss?uid=swg21967851 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Content Collector and IBM CommonStore for Lotus Domino (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21969654 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ *** http://www.ibm.com/support/docview.wss?uid=swg21970103 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Expeditor (CVE-2015-4000) *** http://www.ibm.com/support/docview.wss?uid=swg21959292 --------------------------------------------- *** Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director Storage Control *** http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098822 --------------------------------------------- *** IBM Security Bulletin: IBM FileNet eForms is affected by vulnerabilities in Apache HttpComponents(CVE-2012-6153 and CVE-2014-3577) *** http://www.ibm.com/support/docview.wss?uid=swg21970090 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 10-11-2015
by Daily end-of-shift report 10 Nov '15

10 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 09-11-2015 18:00 − Dienstag 10-11-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** The Internet of Bad Things, Observed *** --------------------------------------------- In his VB2015 keynote address, Ross Anderson described attacks against EMV cards.The VB2015 opening keynote by Ross Anderson could hardly have been more timely. In his talk "The Internet of Bad Things, Observed", the Cambridge professor looked at various attacks against the EMV standard for payment cards - attacks that have been used to steal real money from real people.Such cards, often called chip-and-PIN or chip-and-signature, are generally seen as better protected against... --------------------------------------------- http://www.virusbtn.com/blog/2015/11_10.xml?rss *** Linux.Encoder.1: Ransomware greift Magento-Nutzer an *** --------------------------------------------- Eine Malware für Linux verschlüsselt zurzeit die Daten von Nutzern des Magento-Shopsystems. Für die Entschlüsselung sollen die Opfer zahlen, doch die Angreifer haben geschlampt: Die Verschlüsselung lässt sich knacken. --------------------------------------------- http://www.golem.de/news/linux-encoder-1-ransomware-greift-magento-nutzer-a… *** Comodo fixes bug, revokes banned certificates *** --------------------------------------------- After reporting last week that it had issued banned certificates that could facilitate man in the middle (MitM) attacks, Comodo has fixed the "subtle bug" that the companys Senior Research and Development Scientist Rob Stradling wrote prompted the problem. --------------------------------------------- http://www.scmagazine.com/comodo-fixes-bug-revokes-banned-certificates/arti… *** Proof-of-concept threat is reminder OS X is not immune to crypto ransomware *** --------------------------------------------- Symantec analysis confirms that in the wrong hands, Mabouia ransomware could be used to attack Macs. Twitter Card Style: summary Analysis by Symantec has confirmed that the proof-of-concept (PoC) threat known as Mabouia works as described and could be used to create functional OS X crypto ransomware if it fell into the wrong hands.read more --------------------------------------------- http://www.symantec.com/connect/blogs/proof-concept-threat-reminder-os-x-no… *** Protecting Users and Enterprises from the Mobile Malware Threat, (Mon, Nov 9th) *** --------------------------------------------- With recent news of mobile malicious adware that roots smartphones, attention is again being paid to mobile security and the malware threat that is posed to it. While mobile ransomware is also a pervasive and growing threat, there are mobile RATs (such as JSocket and OmniRAT) that are also able to take full remote control of mobile devices. Some of the functionality of those tolls includes the ability to use the microphone to listen in on victims and to view whatever is in front of the camera... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20355&rss *** Cisco Connected Grid Network Management System Privilege Escalation Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 *** --------------------------------------------- A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host. ... --------------------------------------------- http://support.citrix.com/article/CTX202583 *** PowerDNS Security Advisory 2015-03: Packet parsing bug can lead to crashes *** --------------------------------------------- A bug was found using afl-fuzz in our packet parsing code. This bug, when exploited, causes an assertion error and consequent termination of the the pdns_server process, causing a Denial of Service. ... PowerDNS Authoritative Server 3.4.4 - 3.4.6 are affected. No other versions are affected. The PowerDNS Recursor is not affected. --------------------------------------------- https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/

1 0

Tageszusammenfassung - Montag 9-11-2015
by Daily end-of-shift report 09 Nov '15

09 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 06-11-2015 18:00 − Montag 09-11-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** ICYMI: Widespread Unserialize Vulnerability in Java, (Mon, Nov 9th) *** --------------------------------------------- On Friday, a blog post from Fox Glove Security was posted that details a widespread Java unserialize vulnerability that affects all the major flavors of middleware (WebSphere, WebLogic, et al). There is a lot of great details, including exploitation instructions for pentesters, in the post so go take a look. It didnt get much press because admittedly its complicated to explain. It also doesnt have a logo. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20353&rss *** SSH-Client PuTTY 0.66 schließt Sicherheitslücke *** --------------------------------------------- Die neue Version des SSH- und Telnet-Clients bringt ein paar kleine Verbesserungen und Fehlerkorrekturen. Zudem wurde eine Sicherheitslücke geschlossen. --------------------------------------------- http://www.heise.de/newsticker/meldung/SSH-Client-PuTTY-0-66-schliesst-Sich… *** Gratis-WLAN: Welche Risiken es gibt und wie man sich schützt *** --------------------------------------------- Ein öffentliches Netzwerk ist praktisch, Nutzer sollten sich aber nicht blindlings einloggen --------------------------------------------- http://derstandard.at/2000025293625 *** Guide to application whitelisting *** --------------------------------------------- The National Institute of Standards and Technology (NIST) has published a guide to deploying automated application whitelisting to help thwart malicious software from gaining access to organizations' computer systems. --------------------------------------------- http://www.net-security.org/secworld.php?id=19079 *** Dangerous bugs leave open doors to SAP HANA systems *** --------------------------------------------- The most serious software flaws ever have been found in SAPs HANA platform, the in-memory database platform that underpins many of the German companys products used by large companies.Eight of the flaws are ranked critical, the highest severity rating ... --------------------------------------------- http://www.cio.com/article/3003054/dangerous-bugs-leave-open-doors-to-sap-h… *** Vbulletin 5.1.X Unserialize Preauth RCE Exploit *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110060 *** Ransomware meets CMS / Linux *** --------------------------------------------- Ransomware am PC gibt es schon seit Jahren: Die Malware sperrt/verschlüsselt den infizierten PC und verlangt Lösegeld dafür, damit der User weiterarbeiten kann.Dass schlecht gewartete Webseiten mit Joomla, Wordpress, Drupal & co ein Fressen für Hacker sind, ist auch nichts neues. Wir sehen regelmäßig Wellen an Defacements und Exploitpacks, wenn mal wieder jemand das Ausnutzen einer Web-Schwachstelle automatisiert. --------------------------------------------- http://www.cert.at/services/blog/20151109095947-1618.html *** Google AdWords API client libraries - XML eXternal Entity Injection (XXE) *** --------------------------------------------- Confirmed in googleads-php-lib <= 6.2.0 for PHP, AdWords libraries: googleads-java-lib for Java, and googleads-dotnet-lib for .NET are also likely to be affected. --------------------------------------------- http://legalhackers.com/advisories/Google-AdWords-API-libraries-XXE-Injecti… *** Closing the Open Door of Java Object Serialization *** --------------------------------------------- If you can communicate with a JVM using Java object serialization using java.io.ObjectInputStream, then you can send a class that can execute commands against the OS from inside of the readObject method, and thereby get shell access. Once you have shell access, you can modify the Java server however you feel like. This is a class of exploit called 'deserialization of untrusted data', aka CWE-502. It's a class of bug that has been encountered from Python, PHP, and from Rails. --------------------------------------------- https://tersesystems.com/2015/11/08/closing-the-open-door-of-java-object-se… *** Protecting Windows Networks - Defeating Pass-the-Hash *** --------------------------------------------- Pass-the-hash is popular attack technique to move laterally inside the network that relies on two components - the NTLM authentication protocol and ability to gain password hashes. This attack allows you to log in on the systems via stolen hash instead of providing clear text password, so there is no need to crack those hashes. To make use of this attack, attacker already has to have admin rights on the box, which is a plausible scenario in a modern "assume breach" mindset. --------------------------------------------- https://dfirblog.wordpress.com/2015/11/08/protecting-windows-networks-defea… *** Security Notice - Statement about Path Traversal Vulnerability in Huawei HG532 Routers Disclosed by CERT/CC *** --------------------------------------------- It is confirmed that some customized versions of Huawei HG532, HG532e, HG532n, and HG532s have this vulnerability. Huawei has prepared a fixed version for affected carriers and is working with them to release the fixed version. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** No surprise here: Adobes Flash is a hackers favorite target *** --------------------------------------------- Adobe Systems Flash plugin gets no love from anyone in the security field these days. A new study released Monday shows just how much it is favored by cybercriminals to sneak their malware onto computers. --------------------------------------------- http://www.cio.com/article/3002668/no-surprise-here-adobes-flash-is-a-hacke… *** Joomla CMS - Bad Cryptography - Multiple Vulnerabilities *** --------------------------------------------- heres a complete enumeration of what Ive found: - JCrypt: Silent fallback to a weak, userspace PRNG (which is very bad for cryptography purposes) - JCryptCipherSimple: Homegrown weak cipher (XOR-ECB) - JCryptCipher: Chosen ciphertext attacks (no authentication) - JCryptCipher: Data corruption / padding oracle attack - JCryptCipher: Static IV for CBC mode (stored with JCryptKey under the misnomer property, "public") -- this sort of defeats the purpose of using CBC mode - JCryptPasswordSimple: PHP Non-Strict Type Comparison (a.k.a. Magic Hash vulnerability) --------------------------------------------- http://www.openwall.com/lists/oss-security/2015/11/08/1 *** HTTP Evasions Explained - Part 7 - Lucky Numbers *** --------------------------------------------- This is part seven in a series which will explain the evasions done by HTTP Evader. This part will be about using the wrong or even invalid status codes to evade the analysis. For 30% of the firewalls in the tests reports Ive got it is enough to use a status code of 100 instead of 200 to bypass analysis and at least Chrome, IE and Edge will download the data even with this wrong status code: --------------------------------------------- http://noxxi.de/research/http-evader-explained-7-lucky-number.html *** Security Advisory: Linux kernel vulnerability CVE-2014-9419 *** --------------------------------------------- F5 Product Development has assigned ID 530413 (BIG-IP), ID 530553 (BIG-IQ), ID 530554 (Enterprise Manager), ID 520651 (FirePass), ID 461496 (ARX), and INSTALLER-1299 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17551.htm… *** IBM Security Bulletins *** --------------------------------------------- *** Vulnerabilities in Qemu affect PowerKVM (Multiple Vulnerabilities) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022875 --------------------------------------------- *** IBM Smart Analytics System 5600 is affected by vulnerabilities in IBM GPFS (CVE-2015-4974, CVE-2015-4981) *** http://www.ibm.com/support/docview.wss?uid=swg21969198 --------------------------------------------- *** Authentication Bypass vulnerability found in IBM Sterling B2B Integrator (CVE-2015-5019) *** http://www.ibm.com/support/docview.wss?uid=swg21967781 --------------------------------------------- *** IBM Smart Analytics System 5600 is affected by a vulnerability in BIND (CVE-2015-5722) *** http://www.ibm.com/support/docview.wss?uid=swg21964962 --------------------------------------------- *** Vulnerability in Net-SNMP affects PowerKVM (CVE-2015-5621) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022903 --------------------------------------------- *** Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management, and IBM Emptoris Services Procurement. *** http://www.ibm.com/support/docview.wss?uid=swg21969875 --------------------------------------------- *** Multiple OpenSSL Vulnerabilities affect IBM WebSphere MQ 5.3 on HP NonStop (CVE-2015-1788) (CVE-2015-1789) (CVE-2015-1791) *** http://www.ibm.com/support/docview.wss?uid=swg21966723 --------------------------------------------- *** Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator *** https://www-304.ibm.com/support/docview.wss?uid=swg21969901 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 6-11-2015
by Daily end-of-shift report 06 Nov '15

06 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 05-11-2015 18:00 − Freitag 06-11-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** jQuery.min.php Malware Affects Thousands of Websites *** --------------------------------------------- Fake jQuery injections have been popular among hackers since jQuery itself went mainstream and became one of the most widely adopted JavaScript libraries. Every now and then we write about such attacks. Almost every week we see new fake jQuery domains and scripts that mimic jQuery. --------------------------------------------- https://blog.sucuri.net/2015/11/jquery-min-php-malware-affects-thousands-of… *** OmniRAT malware scurrying into Android, PC, Mac, Linux systems *** --------------------------------------------- Leverages Stagefright scare for installs As police across Europe crack down on the use of the DroidJack malware, a similar software nasty has emerged that can control not just Android, but also Windows, Mac, and Linux systems and is being sold openly at a fraction of the cost. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/06/omnirat_mal… *** Check Point Discovers Critical vBulletin 0-Day *** --------------------------------------------- As widely reported, the main vBulletin.org forum was compromised earlier this week and an exploit for a vBulletin 0-day was up for sale in online markets. A patch later released by vBulletin fixes the vulnerability reported, but fails to neither credit any reporting nor mention the appropriate CVE number. As the vulnerability is now fixed and an exploit exists in the wild with public analyses, we follow with the technical description as submitted to vBulletin. --------------------------------------------- http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulle… *** Peter Kieseberg @ 5th KIRAS Fachtagung *** --------------------------------------------- Today Peter Kieseberg (SBA Research) presented the results of the SCUDO-Project together with Alexander Szönyi (Thales Austria) and Wolfgang Rosenkranz (Repuco) at the 5th 'KIRAS Fachtagung' in the Austria Trend Hotel Savoyen Vienna. This project was focused on the development of a training process for defence simulation trainings in the area of critical infrastructures ... --------------------------------------------- https://www.sba-research.org/2015/11/05/peter-kieseberg-5th-kiras-fachtagun… *** Bundestag will Mitarbeitern Flash verbieten *** --------------------------------------------- Nach dem schweren Hackerangriff vor rund sechs Monaten will der Deutsche Bundestag mit einigen Maßnahmen die IT-Sicherheit erhöhen. Mitarbeiter und Abgeordnete sollen zu längeren Passwörtern und PINs mit mindestens acht Zeichen verpflichtet werden, außerdem werden Flash und andere Browsererweiterungen von den Rechnern verbannt, wie Spiegel Online unter Berufung auf ein internes Dokument der Bundestagsverwaltung berichtet. --------------------------------------------- http://www.golem.de/news/nach-hackerangriff-bundestag-will-flash-verbieten-… *** Slides from RUXCON, Oct. 24-25, Melbourne *** --------------------------------------------- * DNS as a Defense Vector, Paul Vixie * High Performance Fuzzing, Richard Johnson * MalwAirDrop: Compromising iDevices via AirDrop, Mark Dowd * Broadcasting Your Attack: Security Testing DAB Radio In Cars, Andy Davis * Windows 10: 2 Steps Forward, 1 Step Back, James Forshaw ... --------------------------------------------- https://ruxcon.org.au/slides/?year=2015 *** Tracking HTTP POST data with ELK, (Fri, Nov 6th) *** --------------------------------------------- The Apache webserver has a very modular logging system. It is possible to customize what to log and how. But it lacks in logging data submitted to the server via POST HTTP requests. Recently, I had to investigate suspicious HTTP traffic and one of the requirements was to analyze POST data. If you already have a solution which performs full packet capture, youre lucky but it could quickly become a pain to search for information across gigabytes of PCAP files. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20345&rss *** Encryption ransomware threatens Linux users *** --------------------------------------------- November 6, 2015 Doctor Web warns users about new encryption ransomware targeting Linux operating systems. Judging from the directories in which the Trojan encrypts files, one can draw a conclusion that the main target of cybercriminals is website administrators whose machines have web servers deployed on. Doctor Web security researchers presume that at least tens of users have already fallen victim to this Trojan. --------------------------------------------- http://news.drweb.com/show/?i=9686&lng=en&c=9 *** Advantech EKI Hard-coded SSH Keys Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a hard-coded SSH key vulnerability in Advantech's EKI-122X series products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01 *** ICIT Brief: Know Your Enemies - A Primer on Advanced Persistent Threat Groups *** --------------------------------------------- This primer provides an overview of the threat landscape, attack vectors, size and sophistication of threat actors. Some of the Groups and Platforms include: The Elderwood Platform, Topsec, Axiom, Hidden Lynx, Deep Panda, PLA Unit 61398, Putter Panda, Tarh Andishan, Ajax, Bureau 121, Energetic Bear, Uroburos, APT 28, Hammertoss, CrazyDuke, Sandworm, Syrian Electronic Army, Anonymous and Butterfly Group among others. --------------------------------------------- http://icitech.org/icit-brief-know-your-enemies-a-primer-on-advanced-persis… *** Security Advisory: NTP vulnerability CVE-2015-7704 *** --------------------------------------------- An off-path attacker can send a crafted Kiss of Death (KoD) packet to the client, which will increase the client's polling interval to a large value and effectively disable synchronization with the server. --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17566.htm… *** Security Advisory - DoS Vulnerability in GPU Driver of Huawei Products *** --------------------------------------------- Some Huawei products have a DoS vulnerability. An attacker may trick a user into installing a malicious application and use it to input invalid parameters into the GPU driver program of the products, which can crash the system of the device. (Vulnerability ID: HWPSIRT-2015-09017) This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-7740. Huawei has released software updates to fix these vulnerabilities. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Security Advisory - DoS Vulnerability in Camera Driver of Huawei Products *** --------------------------------------------- Some Huawei products have a DoS vulnerability. An attacker who has the system or camera permission can input invalid parameters into the camera driver program to crash the system. (Vulnerability ID: HWPSIRT-2015-09013) Huawei has released software updates to fix these vulnerabilities. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…

1 0

Tageszusammenfassung - Donnerstag 5-11-2015
by Daily end-of-shift report 05 Nov '15

05 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 04-11-2015 18:00 − Donnerstag 05-11-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** A Technical Look At Dyreza *** --------------------------------------------- Inside the core of Dyreza - a look at its malicious functions and their implementation.Categories: Malware AnalysisTags: dyrezamalware(Read more...) --------------------------------------------- https://blog.malwarebytes.org/intelligence/2015/11/a-technical-look-at-dyre… *** Malicious spam with links to CryptoWall 3.0 - Subject: Domain [name] Suspension Notice, (Thu, Nov 5th) *** --------------------------------------------- Introduction Since Monday 2015-10-26, weve noticed a particular campaign sending malicious spam (malspam) with links to download CryptoWall 3.0 ransomware. This campaign has been impersonating domain registrars. Conrad Longmore blogged about it last week [1], and Techhelplist.com has a good write-up on the campaign [2]. Several other sources have also discussed this wave of malspam [3, 4, 5, 6, 7, 8 to name a few]. For this diary, well take a closer look at the emails and associated CryptoWall --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20333&rss *** CryptoWall 4.0 Released with a New Look and Several New Features *** --------------------------------------------- The fourth member of the CryptoWall family of ransomware, CryptoWall 4.0, has just been released, complete with new features and a brand new look. We recently reported that CryptoWall 3.0 has allegedly caused over $325 million in annual damages. CryptoWall first emerged in April 2014. Its first major upgrade was dubbed CryptoWall 2.0, and first emerged in October... --------------------------------------------- http://securityaffairs.co/wordpress/41718/cyber-crime/cryptowall-4-0-releas… *** SSL-Zertifikate: Microsoft will sich schon nächstes Jahr von SHA-1 trennen *** --------------------------------------------- Die Firma überlegt ob der neuen Qualität von Angriffen auf den Hash-Algorithmus, diesen schon Mitte 2016 auf die verbotene Liste zu setzen. Google und Mozilla gehen ähnliche Wege. --------------------------------------------- http://heise.de/-2880134 *** Mabouia: The first ransomware in the world targeting MAC OS X *** --------------------------------------------- Rafael Salema Marques, a Brazilian researcher, published a PoC about the existence of Mabouia ransomware, the first ransomware that targets MAC OS X. Imagine this scenario: You received a ransom warning on your computer stating that all your personal files had been locked. In order to unlock the files, you would have to pay $500. --------------------------------------------- http://securityaffairs.co/wordpress/41755/cyber-crime/mabouia-ransomware-ma… *** Meet the Android rooting adware that cannot be removed *** --------------------------------------------- Researchers have identified a new strain of malicious adware that is impossible for affected Android device owners to uninstall. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/Prm6r3X3tzk/ *** No C&C server needed: Russia menaced by offline ransomware *** --------------------------------------------- Harder to take down, nyet? Miscreants have cooked up a new strain of ransomware that works offline and so might be more resistant to law enforcement takedown efforts as a result. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/05/offline_ran… *** Thousands of legitimate iOS apps discovered containing ad library backdoors *** --------------------------------------------- More than 2,000 iOS apps stocked in Apples legitimate App Store reportedly contained backdoored versions of an ad library, which could have allowed for surveillance without users knowledge. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/nxOb5Ac0sYo/ *** The Omnipresence of Ubiquiti Networks Devices on the Public Web *** --------------------------------------------- There are ongoing in the wild attacks against Ubiquiti Networks devices. Attackers are using default credentials to gain access to the affected devices via SSH. The devices are infected by a botnet client that is able to infect other devices.Further information about these attacks is available at:Krebs on Security: http://krebsonsecurity.com/2015/06/crooks-use-hacked-routers-to-aid-cyberhe… Research: https://www.incapsula.com/blog/ddos-botnet-soho-router.htmlCARISIRT --------------------------------------------- http://blog.sec-consult.com/2015/11/the-omnipresence-of-ubiquiti-networks.h… *** vBulletin Exploits in the Wild *** --------------------------------------------- The vBulletin team patched a serious object injection vulnerability yesterday, that can lead to full command execution on any site running on an out-of-date vBulletin version. The patch supports the latest versions, from 5.1.4 to 5.1.9. The vulnerability is serious and easy to exploit; it was used to hack and deface the main vBulletin.com website. As aRead More The post vBulletin Exploits in the Wild appeared first on Sucuri Blog. --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/NNlPrHaDARs/vbulletin-exploit… *** TalkTalk, Script Kids & The Quest for "OG" *** --------------------------------------------- So youve got two-step authentication set up to harden the security of your email account (you do, right?). But when was the last time you took a good look at the security of your inboxs recovery email address? That may well be the weakest link in your email security chain, as evidenced by the following tale of a IT professional who saw two of his linked email accounts recently hijacked in a bid to steal his Twitter identity.Earlier this week, I heard from Chris Blake, a longtime KrebsOnSecurity... --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/im8m6Imwfsk/ *** Connecting the Dots in Cyber Threat Campaigns, Part 2: Passive DNS *** --------------------------------------------- This is the second part of our series on "connecting the dots", where we investigate ways to link attacks together to gain a better understanding of how they are related. In Part 1, we looked... --------------------------------------------- http://feedproxy.google.com/~r/PaloAltoNetworks/~3/7x_ynKHJKns/ *** Xen Project 4.5.2 Maintenance Release Available *** --------------------------------------------- I am pleased to announce the release of Xen 4.5.2. Xen Project Maintenance releases are released roughly every 4 months, in line with our Maintenance Release Policy. We recommend that all users of the 4.5 stable series update to this point release. --------------------------------------------- https://blog.xenproject.org/2015/11/05/xen-project-4-5-2-maintenance-releas… *** Open-Xchange Input Validation Flaw in Printing Dialogs Lets Remote Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1034018 *** Bugtraq: [KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/536839 *** Bugtraq: [KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/536838 *** MIT Kerberos Multiple Bugs Let Remote Users Cause the Target Service to Crash *** --------------------------------------------- http://www.securitytracker.com/id/1034084 *** [2015-11-05] Insecure default configuration in Ubiquiti Networks products *** --------------------------------------------- Ubiquiti Networks products have remote administration enabled by default (WAN port). Additionally these products use the same certificates and private keys for administration via HTTPS. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2015… *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise ... --------------------------------------------- http://support.citrix.com/article/CTX202404 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ is affected by multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 5, 6 & 7 *** http://www.ibm.com/support/docview.wss?uid=swg21968485 --------------------------------------------- *** IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to Denial of Service Attack. (CVE-2014-0230) *** http://www.ibm.com/support/docview.wss?uid=swg21970036 --------------------------------------------- *** IBM Security Bulletin: Openstack Nova vulnerability affects IBM Cloud Manager with OpenStack (CVE-2015-2687) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022691 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM DB2 LUW (CVE-2015-0204) *** http://www.ibm.com/support/docview.wss?uid=swg21968869 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities identified in IBM Java SDK affect WebSphere Service Registry and Repository Studio (CVE-2015-2613 CVE-2015-2601 CVE-2015-2625 CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21969911 --------------------------------------------- *** PowerHA SystemMirror privilege escalation vulnerability (CVE-2015-5005) *** http://www.ibm.com/support/ --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to change work orders that the user should not have access to change (CVE-2015-7395 ) *** http://www.ibm.com/support/docview.wss?uid=swg21969072 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1022785 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Python affect PowerKVM (CVE-2013-5123, CVE-2014-8991) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022786 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSLP affects PowerKVM (CVE-2015-5177) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022876 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Python-httplib2 affects PowerKVM (CVE-2013-2037) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022877 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in lcms affects PowerKVM (CVE-2015-4276) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022834 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Libcrypt++ affects PowerKVM (CVE-2015-2141) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022879 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in lighttpd affects PowerKVM (CVE-2015-3200) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022837 --------------------------------------------- *** IBM Security Bulletin:Vulnerabilities in wpa_supplicant may affect PowerKVM (CVE-2015-1863 and CVE-2015-4142) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022832 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in libXfont affect PowerKVM (CVE-2015-1802, CVE-2015-1803, CVE-2015-1804) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022787 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Mozilla NSS affects PowerKVM (CVE-2015-2730) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022790 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability could expose user personal data in IBM WebSphere Commerce (CVE-2015-5015) *** http://www.ibm.com/support/docview.wss?uid=swg21969174 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager is affected by a vulnerability from FSM's use of strongswan: (CVE-2015-4171) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022817 --------------------------------------------- *** IBM Security Bulletin: IBM Netezza Host Management is vulnerable to a BIND 9 utility issue (CVE-2015-5722) *** http://www.ibm.com/support/docview.wss?uid=swg21966952 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 4-11-2015
by Daily end-of-shift report 04 Nov '15

04 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 03-11-2015 18:00 − Mittwoch 04-11-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Return of the EXIF PHP Joomla Backdoor *** --------------------------------------------- Our Remediation and Research teams are in constant communication and collaboration. It's how we stay ahead of the latest threats, but it also presents an opportunity to identify interesting threats that aren't new but may be reoccuring. Such as today's post, in which we explore a case we shared close to two years ago where... --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/VZAI0vVYGjI/exif-php-joomla-b… *** Researchers map out hard-to-kill, multi-layered spam botnet *** --------------------------------------------- A dropper component sent to the Akamai researchers led them to the discovery of a spamming botnet that consists of at least 83,000 compromised systems. The botnet is multi-layered, decentralized, a... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/B72jnhO-1Ds/secworld.php *** Nach Hack des Support-Forums: Mysteriöser vBulletin-Patch erschienen *** --------------------------------------------- Nach einem Angriff auf das offizielle Support-Forum der Forensoftware vBulletin ist ein Sicherheitsupdate erschienen. Ob dies die Lücke stopft, die bei dem Angriff ausgenutzt wurde, ist nicht ganz klar. --------------------------------------------- http://heise.de/-2869989 *** Internet Wide Scanners Wanted, (Wed, Nov 4th) *** --------------------------------------------- In our data, we often find researchers performing internet wide scans. To better identify these scans, we would like to add a label to these IPs identifying them as part of a research project. If you are part of such a project, or if you know of a project, please let me know. You can submit any information as a comment or via our contact form. If the IP addresses change often, then a URLs with a parseable list would be appreciated to facilitate automatic updates. --- Johannes B. Ullrich, Ph.D. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20337&rss *** GovRAT, the malware-signing-as-a-service platform in the underground *** --------------------------------------------- Security Experts at InfoArmor discovered GovRAT, a malware-signing-as-a-service platform that is offered to APT groups in the underground. In the past, I have explained why digital certificates are so attractive for crooks and intelligence agencies, one of the most interesting uses is the signature of malware code in order to fool antivirus. Naturally, digital certificates... --------------------------------------------- http://securityaffairs.co/wordpress/41714/cyber-crime/govrat-platform.html *** Confusing Convenience for Security: SSH Keys *** --------------------------------------------- Secure Shell (SSH) keys are a common part of accessing Unix systems, and you need to put some focus specifically on your organization's use of SSH keys. --------------------------------------------- http://blog.beyondtrust.com/confusing-convenience-for-security-ssh-keys *** Security Fixes in Firefox 42 *** --------------------------------------------- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firef… *** VU#391604: ZTE ZXHN H108N R1A routers contains multiple vulnerabilities *** --------------------------------------------- Vulnerability Note VU#391604 ZTE ZXHN H108N R1A routers contains multiple vulnerabilities Original Release date: 03 Nov 2015 | Last revised: 03 Nov 2015 Overview ZTE ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.h_PE, and ZXV10 W300 router, version W300V1.0.0f_ER1_PE, contain multiple vulnerabilities. Description CWE-200: Information Exposure - CVE-2015-7248 Multiple information exposure vulnerabilities enable an attacker to obtain credentials and other sensitive details about the ZXHN... --------------------------------------------- http://www.kb.cert.org/vuls/id/391604 *** Alcatel-Lucent Home Device Manager Spoofing *** --------------------------------------------- Topic: Alcatel-Lucent Home Device Manager Spoofing Risk: Low Text: ## # # SWISSCOM CSIRT ADVISORY - https://www.swisscom.ch/en/about/sustainability/digital- #switze... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110029 *** DSA-3391 php-horde - security update *** --------------------------------------------- It was discovered that the web-based administration interface in theHorde Application Framework did not guard against Cross-Site RequestForgery (CSRF) attacks. As a result, other, malicious web pages couldcause Horde applications to perform actions as the Horde user. --------------------------------------------- https://www.debian.org/security/2015/dsa-3391 *** DSA-3392 freeimage - security update *** --------------------------------------------- Pengsu Cheng discovered that FreeImage, a library for graphic imageformats, contained multiple integer underflows that could lead to adenial of service: remote attackers were able to trigger a crash bysupplying a specially crafted image. --------------------------------------------- https://www.debian.org/security/2015/dsa-3392 *** Bugtraq: [security bulletin] HPSBGN03425 rev.1 - HP ArcSight SmartConnectors, Remote Disclosure of Information, Local Escalation of Privilege *** --------------------------------------------- http://www.securityfocus.com/archive/1/536827 *** Bugtraq: [security bulletin] HPSBGN03386 rev.2 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, *** --------------------------------------------- http://www.securityfocus.com/archive/1/536824 *** Security Advisory - Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Security Notice - Statement on Venustech Revealing Heap Overflow Vulnerability in Huawei Smart Phone *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED] *** --------------------------------------------- http://www.securityfocus.com/archive/1/536833 *** Cisco Security Advisories *** --------------------------------------------- *** Cisco SocialMiner WeChat Page Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Mobility Services Engine Static Credential Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco AsyncOS TCP Flood Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Web Security Appliance Range Request Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Mobility Services Engine Privilege Escalation Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…

1 0

Tageszusammenfassung - Dienstag 3-11-2015
by Daily end-of-shift report 03 Nov '15

03 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 02-11-2015 18:00 − Dienstag 03-11-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** UK-US Cyberattack Simulation On Finance Sector Set For This Month *** --------------------------------------------- US-CERT and CERT-UK putting President and Prime Ministers earlier plans into action. --------------------------------------------- http://www.darkreading.com/operations/uk-us-cyberattack-simulation-on-finan… *** Latest Adobe Flash vulnerability now in Angler, Nuclear EKs *** --------------------------------------------- Malwarebytes is reporting that once again Adobe Flash Player has become a target as the recently patched zero-day exploit that was discovered and patched has become a part of several exploit kits (EK). --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/s2Q_P9QhW74/ *** WoW! Want to beat Microsofts Windows security defenses? Poke some 32-bit software *** --------------------------------------------- Compatibility tool hampers EMET anti-malware protections Two chaps claim to have discovered how to trivially circumvent Microsofts Enhanced Mitigation Experience Toolkit (EMET) using Redmonds own compatibility tools. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/03/32bit_softw… *** Web server secured? Good, now lets talk about e-mail *** --------------------------------------------- Its not just Hillary whose servers a spillory While Website owners may have noticed the need to get rid of old, buggy or weak crypto, those operating e-mail servers seem to be operating on autopilot. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/03/web_server_… *** Dev to Mozilla: Please dump ancient Windows install processes *** --------------------------------------------- Old habits die hard Security bod Stefan Kanthak is asking Mozilla to quit using Windows self-extracting installs. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/03/dev_to_mozi… *** The official website of the popular vBulletin forum has been hacked *** --------------------------------------------- The website of the vBulletin forum software is down for maintenance following a data breach that exposed personal information of hundreds of thousands users On Sunday, the vBulletin official website has been hacked by an attacker using the moniker "Coldzer0". The website has been defaced and the vBulletin forum was displaying the message "Hacked by Coldzer0." At the... --------------------------------------------- http://securityaffairs.co/wordpress/41656/cyber-crime/vbulletin-forum-hacke… *** Chimera crypto-ransomware is hitting German companies *** --------------------------------------------- A new piece of crypto-ransomware is targeting German companies: its called Chimera, and the criminals behind the scheme are threatening to release sensitive corporate data on the Internet if the targ... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/D53NfnuVrIM/malware_news.… *** KeyPass looter: The password plunderer to hose pwned sys admins *** --------------------------------------------- When youre owned, youre boned. Kiwi hacker Denis Andzakovic has developed an application that steals password vaults from the popular local storage vault KeyPass. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/03/keypass_loo… *** Security: Kommandozeilen-Zugriff auf Bankterminal dokumentiert *** --------------------------------------------- Ein deutscher Sicherheitsforscher hat eine Sicherheitslücke in Geldautomaten-Software gefunden. Die Schwachstelle ermöglichte den Zugriff auf die Kommandozeile des Geräts und das Auslesen zahlreicher kritischer Daten. --------------------------------------------- http://www.golem.de/news/security-kommandozeilen-zugriff-auf-bankterminal-d… *** OTA-Patch: Google verteilt Sicherheitsupdate für Android 6.0 *** --------------------------------------------- Die neue Android-Version 6.0 alias Marshmallow bekommt nach einem Monat ihre erste Sicherheitsaktualisierung. Grund sind insgesamt sieben Bedrohungen, von denen Google zwei als kritisch einstuft. --------------------------------------------- http://www.golem.de/news/ota-patch-google-verteilt-sicherheitsupdate-fuer-a… *** Kaspersky DDoS Intelligence Report Q3 2015 *** --------------------------------------------- In the third quarter of 2015 botnet-assisted DDoS attacks targeted victims in 79 countries around the world; 91.6% of targeted resources were located in 10 countries. The largest numbers of DDoS attacks targeted victims in China, the US and South Korea. The longest DDoS attack in Q3 2015 lasted for 320 hours. --------------------------------------------- http://securelist.com/analysis/quarterly-malware-reports/72560/kaspersky-dd… *** Wormhole-Schwachstelle: Backdoor in über 14.000 Android-Apps *** --------------------------------------------- Das Moplus SDK hält in zahlreichen Apps eine Hintertür für Angreifer auf, sodass diese etwa heimlich Dateien von Android-Gerät abziehen und SMS-Nachrichten versenden können. --------------------------------------------- http://www.heise.de/newsticker/meldung/Wormhole-Schwachstelle-Backdoor-in-u… *** A few things about Redis security *** --------------------------------------------- >From time to time I get security reports about Redis. It's good to get reports, but it's odd that what I get is usually about things like Lua sandbox escaping, insecure temporary file creation, and similar issues, in a software which is designed (as we explain in our security page here http://redis.io/topics/security) to be totally insecure if exposed to the outside world. Yet these bug reports are often useful since there are different levels of security concerning any software in... --------------------------------------------- http://antirez.com/news/96 *** How Carders Can Use eBay as a Virtual ATM *** --------------------------------------------- How do fraudsters "cash out" stolen credit card data? Increasingly, they are selling in-demand but underpriced products on eBay that they dont yet own. Once the auction is over, the auction fraudster uses stolen credit card data to buy the merchandise from an e-commerce store and have it shipped to the auction winner. Because the auction winners actually get what they bid on and unwittingly pay the fraudster, very often the only party left to dispute the charge is the legitimate... --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/E4QijbOr8i0/ *** ORX-Locker, a Web Platform to Create Ransomware *** --------------------------------------------- The only thing more dangerous than cryptolocker-type ransomware in the hands of a highly skilled hacker is the same ransomware offered as a service and made available to the general public. Similar to the private TOX RaaS (Ransomware as a Service) platform discovered in August, ORX-Locker is a free-to-use web platform where anyone can create and download malware that will encrypt a victim's file system and demand payment for recovery. This is one of the first public RaaS sites we've... --------------------------------------------- https://feeds.feedblitz.com/~/122089935/0/alienvault-blogs~ORXLocker-a-Web-… *** XcodeGhost S: A New Breed Hits the US *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2015/11/xcodeghost_s_a_new.html *** Enhancing pentesting recon with nmap, (Tue, Nov 3rd) *** --------------------------------------------- You might have used nmap several times for recon using the conventional portscan functionality (Connect scan, SYN Scan, FIN scan, UDP scan, ...) but for gathering extra info like HTTP directories, DNS host enumeration without performing zone transfer, Microsoft SQL Server enumeration and SMB device info people usually uses additional tools. I will show you how nmap can provide that information without use of extra tools: 1. HTTP Directories The http-enum script is able to test for the existence... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20331&rss *** VU#316888: MobaXterm server may allow arbitrary command injection due to missing X11 authentication *** --------------------------------------------- Vulnerability Note VU#316888 MobaXterm server may allow arbitrary command injection due to missing X11 authentication Original Release date: 02 Nov 2015 | Last revised: 02 Nov 2015 Overview The MobaXterm server prior to verion 8.3 is vulnerable to arbitrary command injection over port 6000 when using default X11 settings. Description CWE-306: Missing Authentication for Critical Function - CVE-2015-7244MobaXterm server prior to version 8.3 includes an X11 server listening on all IP addresses... --------------------------------------------- http://www.kb.cert.org/vuls/id/316888 *** Security Advisory - Local Permission Escalation Vulnerability in GPU of P7 Phones *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Cisco Unified Computing System Blade Server Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7852 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17516.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7850 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17528.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7701 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17517.htm… --------------------------------------------- *** Security Advisory: NTP vulnerabilities CVE-2015-7704 and CVE-2015-7705 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17527.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7703 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17529.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7848 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17526.htm… --------------------------------------------- *** Security Advisory: NTP vulnerabilities CVE-2015-7691, CVE-2015-7692, and CVE-2015-7702 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17530.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7871 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17518.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7849 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17521.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7854 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17524.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7853 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17525.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7855 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17515.htm… --------------------------------------------- *** Security Advisory: NTP vulnerability CVE-2015-7851 *** https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17522.htm… ---------------------------------------------

1 0

Tageszusammenfassung - Montag 2-11-2015
by Daily end-of-shift report 02 Nov '15

02 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 30-10-2015 18:00 − Montag 02-11-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** CoinVault and Bitcryptor Ransomware Victims Can Now Recover Their Files For Free *** --------------------------------------------- itwbennett writes: Researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained the last set of encryption keys from command-and-control servers that were used by CoinVault and Bitcryptor, writes Lucian Constantin. Those keys have been uploaded to Kasperskys ransomware decrypt or service that was originally set up in April with a set of around 750 keys recovered from servers hosted in the Netherlands. --------------------------------------------- http://yro.slashdot.org/story/15/10/30/2341230/coinvault-and-bitcryptor-ran… *** Disaster Recovery Starts with a Plan, (Mon, Nov 2nd) *** --------------------------------------------- One of the security questions being asked of security professionals, by business executives these days, from both internal and external entities, is What is the status of our Disaster Recovery plan? The driving force behind the question varies, from compliance and our business partners are asking to I read an article about an earthquake. A disaster recovery plan is one of those things that you dont want to define the requirements as you go, this is one that is truly about the *plan*. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20325&rss *** About Lenovo System Update Vulnerabilities and CVE-2015-6971 *** --------------------------------------------- Over the past seven months, a number of vulnerabilities in Lenovo System Update software have come to light. Lenovo patched the first of a batch of these vulnerabilities in spring of this year. I decided to take a deeper look... --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/About-Lenovo-System-Update-V… *** Useful tools for malware analysis *** --------------------------------------------- In early October, the international project 'Cyber Security in the Danube Region' organized training for security teams operating within the region. As sharing of information and knowledge are essential in the field of security, I decided to write a post ... --------------------------------------------- http://en.blog.nic.cz/2015/10/30/useful-tools-for-malware-analysis/ *** Debian: elasticsearch end-of-life (DSA 3389-1) *** --------------------------------------------- Security support for elasticsearch in jessie is hereby discontinued. The project no longer releases information on fixed security issues which allow backporting them to released versions of Debian and actively discourages from doing so. elasticsearch will also be removed from Debian stretch (the next stable Debian release), but will continue to remain in unstable and available in jessie-backports. --------------------------------------------- https://lists.debian.org/debian-security-announce/2015/msg00290.html *** PageFair: Halloween Security Breach *** --------------------------------------------- I want to take some time here to describe exactly what happened, how it may have affected some of your visitors, and what we are doing to prevent this from ever happening again. --------------------------------------------- http://blog.pagefair.com/2015/halloween-security-breach/ *** RWSPS: WPA/2 Cracking Using HashCat *** --------------------------------------------- We will cover the following topics: WPA/2 Cracking with Dictionary attack using Hashcat. WPA/2 Cracking with Mask attack using Hashcat. WPA/2 Cracking with Hybrid attack using Hashcat. WPA/2 Cracking Pause/resume in Hashcat (One of the best features) WPA/2 Cracking save sessions and restore. --------------------------------------------- http://www.rootsh3ll.com/2015/10/rwsps-wpa2-cracking-using-hashcat-cloud-ch… *** Protecting Windows Networks - Local administrative accounts management *** --------------------------------------------- There is a common problem in all environments with local administrative accounts, such as local Administrator account, root accounts or any kind of application specific built-in admin accounts set to a common password, shared across all systems. --------------------------------------------- https://dfirblog.wordpress.com/2015/11/01/protecting-windows-networks-local… *** new Windows 10 cumulative update (3105210) *** --------------------------------------------- Bulletin revised to announce the release of a new Windows 10 cumulative update (3105210) to address an additional vulnerability, CVE-2015-6045, which has been added to this bulletin. Only customers running Windows 10 systems need to install this new update. Earlier operating systems are either not affected or have received the fix in the original updates of October 13, 2015. --------------------------------------------- https://technet.microsoft.com/library/security/ms15-106 *** 5 signs your Web application has been hacked *** --------------------------------------------- When customers interact with your business, they most likely go through a Web application first. It's your company's public face -- and by virtue of that exposure, an obvious point of vulnerability.Most attacks against Web applications are stealthy and hard to spot. --------------------------------------------- http://www.csoonline.com/article/3000315/application-security/5-signs-your-… *** How Much is a Zero-Day Exploit for an SCADA/ICS System? *** --------------------------------------------- Current scenario How much is a zero-day for an industrial control system? Where is it possible to buy them and who are the main buyers of these commodities? I can tell you that there isn't a unique answer to the above questions, but first all let us try to understand the current scenario ... --------------------------------------------- http://resources.infosecinstitute.com/how-much-is-a-zero-day-exploit-for-an… *** Cisco Security Advisories *** --------------------------------------------- *** Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Unified Communications Domain Manager URI Enumeration Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco FireSIGHT Management Center HTML Injection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco ASR 5500 SAE Gateway BGP Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Prime Service Catalog SQL Injection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco ASA CX Context-Aware Security Web GUI Unauthorized Access Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Unified Border Element Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Secure Access Control Server SQL Injection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Wireless LAN Controller Client Disconnection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 30-10-2015
by Daily end-of-shift report 30 Oct '15

30 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 29-10-2015 18:00 − Freitag 30-10-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** WPScan Intro: WordPress Vulnerability Scanner *** --------------------------------------------- Have you ever wanted to run security tests on your WordPress website to see if it could be easily hacked? WPScan is a black box vulnerability scanner for WordPress sponsored by Sucuri and maintained by the WPScan Team, .. --------------------------------------------- https://blog.sucuri.net/2015/10/install-wpscan-wordpress-vulnerability-scan… *** Anonymisierungsdienst Tor stellt sicheren Messenger vor *** --------------------------------------------- Es soll sich um die am einfachsten zu nutzende Verschlüsselungssoftware handeln --------------------------------------------- http://derstandard.at/2000024778063 *** Advertising Brokers: A Background Information *** --------------------------------------------- Provides background information about advertisement brokers, the men and women that are in the middle of web advertising between sites and advertisers. --------------------------------------------- https://blog.malwarebytes.org/privacy-2/2015/10/advertising-brokers-backgro… *** DSA-3384 virtualbox - security update *** --------------------------------------------- Two vulnerabilities have been discovered in VirtualBox, an x86virtualisation solution. --------------------------------------------- https://www.debian.org/security/2015/dsa-3384 *** Bankomat: Diebstahl per USB-Stick *** --------------------------------------------- Unbekannter konnte in Deutschland mehrere Geräte manipulieren --------------------------------------------- http://derstandard.at/2000024796664 *** Paper on TLS usage for all email protocols, IPv4-wide is online *** --------------------------------------------- Today we've published our paper on TLS use in e-mail protocols (SMTP, IMAP, POP..) on the Internet. Our paper and the corresponding dataset are now publicly available, you can find the paper here. Our dataset is published at scans.io. Over the time of .. --------------------------------------------- https://www.sba-research.org/2015/10/30/paper-on-tls-usage-for-all-email-pr… *** Weaknesses in the PLAID Protocol *** --------------------------------------------- In 2009, the Australian government released the Protocol for Lightweight Authentication of Identity (PLAID) protocol. It was recently analyzed (original paper is from 2014, but was just updated), and its a security disaster. Matt .. --------------------------------------------- https://www.schneier.com/blog/archives/2015/10/weaknesses_in_t.html *** Pagetable-Sicherheitslücke: Ausbruch aus dem virtuellen Xen-Käfig *** --------------------------------------------- Eine Lücke im Xen-Hypervisor erlaubt einem Gastsystem, die Kontrolle über das komplette Host-System zu übernehmen. Hierfür wird die Speicherverwaltung ausgetrickst. Die Entwickler der Qubes-Distribution üben heftige Kritik an Xen. --------------------------------------------- http://www.golem.de/news/pagetable-sicherheitsluecke-ausbruch-aus-dem-virtu… *** Citrix NetScaler Service Delivery Appliance Multiple Security Updates *** --------------------------------------------- A number of vulnerabilities have been identified in Citrix Service Delivery Appliance (SDX) that could allow a malicious, unprivileged user to .. --------------------------------------------- http://support.citrix.com/article/CTX201794 *** Fatale Sicherheitslücken in Zwangsroutern von Vodafone/Kabel Deutschland *** --------------------------------------------- Bis zu 1,3 Millionen Router im Kabel-Netz von Vodafone sind über WLAN angreifbar. Der Provider verspricht, die Lücken mit Firmware-Updates zu schliessen. Das kann sich jedoch noch bis Jahresende hinziehen. --------------------------------------------- http://heise.de/-2866037 *** Breaches, traders, plain text passwords, ethical disclosure and 000webhost *** --------------------------------------------- It's a bit hard to even know where to begin with this one, perhaps at the start and then I'll try and piece all the bits together as best I can. As you may already know if you're familiar with this blog, I run the service Have I been pwned? (HIBP) which allows people to discover where their personal data has been compromised on .. --------------------------------------------- http://www.troyhunt.com/2015/10/breaches-traders-plain-text-passwords.html *** VMSA-2015-0003.14 *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0003.html

1 0

Tageszusammenfassung - Donnerstag 29-10-2015
by Daily end-of-shift report 29 Oct '15

29 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 28-10-2015 18:00 − Donnerstag 29-10-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Why Is the NSA Moving Away from Elliptic Curve Cryptography? *** --------------------------------------------- In August, I wrote about the NSAs plans to move to quantum-resistant algorithms for its own cryptographic needs. Cryptographers Neal Koblitz and Alfred Menezes just published a long paper speculating as to the governments real motives for doing this. They range from some new cryptanalysis of ECC to a political need after the DUAL_EC_PRNG disaster -- to the stated reason... --------------------------------------------- https://www.schneier.com/blog/archives/2015/10/why_is_the_nsa_.html *** New DDoS attacks misuse NetBIOS name server, RPC portmap, and Sentinel licensing servers *** --------------------------------------------- Akamai has observed three new reflection DDoS attacks in recent months: NetBIOS name server reflection, RPC portmap reflection, and Sentinel reflection. In a reflection DDoS attack, also called a D... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/g4MR874bgXg/secworld.php *** TLS-Zertifikate: Google greift gegen Symantec durch *** --------------------------------------------- Symantec hatte im September mehrere Tausend unberechtigte TLS-Zertifikate ausgestellt, verschweigt aber zunächst das Ausmaß des Vorfalls. Google zeigt dafür wenig Verständnis und stellt einige Bedingungen für den Verbleib der Symantec-Rootzertifikate im Chrome-Browser. (Symantec, Google) --------------------------------------------- http://www.golem.de/news/tls-zertifikate-google-greift-gegen-symantec-durch… *** Jackpotting: Geldautomaten in Deutschland mit USB-Stick ausgeräumt *** --------------------------------------------- Seit 2010 ist das Plündern von Geldautomaten per USB-Stick bekannt. In Deutschland wurde nun erstmals ein Täter dabei gefilmt, wie er zwei Automaten an einem Tag ausräumte. (Security, Black Hat) --------------------------------------------- http://www.golem.de/news/jackpotting-geldautomaten-in-deutschland-mit-usb-s… *** Security: Forscher stellen LTE-Angriffe mit 1.250-Euro-Hardware vor *** --------------------------------------------- LTE-Netzwerke galten bislang als deutlich sicherer als GSM- und 3G-Netzwerke. Anfang der Woche hat ein Team von Forschern jetzt verschiedene praktische Angriffe vorgestellt, die mit geringen Kosten und kommerzieller Hardware funktionieren sollen. (Security, Smartphone) --------------------------------------------- http://www.golem.de/news/security-forscher-stellen-lte-angriffe-mit-1-250-e… *** USB cleaning device for the masses, (Thu, Oct 29th) *** --------------------------------------------- For so long, USB keys have been a nice out-of-bandinfection vector. People like goodies and people like to plug those small pieces of plastic into their computers. Even if good solutions exists (like BitLocker- the standard solution provided by Microsoft), a lot of infrastructureare not protected against the use ofrogue USB keys for many good or obscure reasons. There are also multiple reasons to receive USB keys: from partners, customers, contractors, vendors, etc. The best practice should be... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20315&rss *** XEN Security Advisories *** --------------------------------------------- Advisory | Public release | Updated | Version | CVE(s) | Title XSA-153 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7972 | x86: populate-on-demand balloon size inaccuracy can crash guests XSA-152 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7971 | x86: some pmu and profiling hypercalls log without rate limiting XSA-151 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7969 | x86: leak of per-domain profiling-related vcpu pointer array XSA-150 | 2015-10-29 11:59 | 2015-10-29... --------------------------------------------- http://xenbits.xen.org/xsa/ *** Cisco ASR 5500 SAE Gateway Lets Remote Users Cause the Target BGP Process to Restart *** --------------------------------------------- http://www.securitytracker.com/id/1034024 *** IBM DB2 TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections *** --------------------------------------------- http://www.securitytracker.com/id/1033991 *** JBoss Operations Network Cassandra JMX/RMI Interface Lets Remote Users Execute Arbitrary Code on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1034002 *** DSA-3382 phpmyadmin - security update *** --------------------------------------------- https://www.debian.org/security/2015/dsa-3382 *** Security Notice - Statement About WormHole Vulnerability in Baidu Apps Preset in Huawei Phones *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** Security Advisory - UE Measurement Leak Vulnerability in Huawei P8 Phones *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Security Advisory: OpenSSH vulnerability CVE-2015-5352 *** --------------------------------------------- (SOL17461) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/17000/400/sol17461.htm… *** VU#573848: Qolsys IQ Panel contains multiple vulnerabilities *** --------------------------------------------- Vulnerability Note VU#573848 Qolsys IQ Panel contains multiple vulnerabilities Original Release date: 29 Oct 2015 | Last revised: 29 Oct 2015 Overview All firmware versions of Qolsys IQ Panel contain hard-coded cryptographic keys, do not validate signatures during software updates, and use a vulnerable version of Android OS. Description Qolsys IQ Panel is an Android OS-based touch screen controller for home automation devices and functions. All firmware versions contain the following --------------------------------------------- http://www.kb.cert.org/vuls/id/573848 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2015-2613 CVE-2015-2601 CVE-2015-2625 CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005435 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affects SAN Volume Controller and Storwize Family (CVE-2015-1789 CVE-2015-1791 CVE-2015-1788 ) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005434 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005314 *** IBM Security Bulletin: Weak file permissions vulnerability affects IBM Tivoli Monitoring for Tivoli Storage Manager (CVE-2015-4927) *** http://www.ibm.com/support/docview.wss?uid=swg21969340 *** IBM Security Bulletin: A security vulnerability in IBM WebSphere Application Server affects IBM Security Access Manager for Web version 7.0 software installations and IBM Tivoli Access Manager for e-business (CVE-2015-1946) *** http://www.ibm.com/support/docview.wss?uid=swg21969077 *** IBM Security Bulletin: Vulnerability in RC4 stream cipher affects N-series Data ONTAP (CVE-2015-2808) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005273 *** IBM Security Bulletin: Multiple vulnerabilities in Firefox, affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-4497, CVE-2015-4498) *** http://www.ibm.com/support/docview.wss?uid=swg21968836 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Access Manager for Mobile (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21963711

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily