=======================
= End-of-Shift report =
=======================
Timeframe: Montag 04-04-2016 18:00 − Dienstag 05-04-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Chrome Extension Caught Hijacking Users Browsers ***
---------------------------------------------
An anonymous reader writes: Google has intervened and banned the Better History Chrome extension from the Chrome Web Store after users reported that it started taking over their browsing experience and redirecting them to pages showing ads. As it turns out, the extension was sold off to an unnamed buyer who started adding malicious code that would redirect the users traffic through a proxy, showing ads and collecting analytics on the users traffic habits. This same malicious code has also been...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/4tdNNvCWAQs/chrome-extensio…
*** Microsoft account-hijacking hole closed 48 hours after bug report ***
---------------------------------------------
Token-harvesting attack meant one login could open doors to multiple Microsoft services British researcher Jack Whitton has reported a Microsoft account hijacking authentication bug that would have been another arrow in an attackers phishing quiver, save for the fact that Microsoft fixed it.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/05/microsoft_b…
*** Sicherheitslücken: Angreifer können Open-Xchange Code unterjubeln ***
---------------------------------------------
In Open-Xchange klaffen zwei Schwachstellen, über die Kriminelle im schlimmsten Fall Sessions kapern können. Sicherheitspatches wurden bereits verteilt.
---------------------------------------------
http://heise.de/-3162127
*** Update your ManageEngine Password Manager Pro ASAP! ***
---------------------------------------------
Security researcher Sebastian Perez has revealed eight serious security vulnerabilities in ManageEngine Password Manager Pro (PMP), a password management software for enterprises, and has released details and PoC code for each of them. The solution has already been updated with fixes, so if your enterprise is using it to control the access to shared administrative/privileged passwords, you should update to the latest version and build (v8.3, build 8303) as soon as possible (if you haven't...
---------------------------------------------
https://www.helpnetsecurity.com/2016/04/05/update-manageengine-password-man…
*** One Conference 2016 Protecting Bits and Atoms: Cyber security is a precondition for our future ***
---------------------------------------------
Cyber security, and therefore being able to use all the possibilities that ICT offers, is a precondition for the undisturbed functioning of society and for our future. With these words, State secretary Dijkhoff (Security and Justice) emphasizes the importance of the international One Conference 2016 of the National Cyber Security Center (NCSC). We cant be passive on what is to come. The speed of the developments in the digital domain require a continuous effort of both public and private...
---------------------------------------------
https://www.ncsc.nl/english/current-topics/news/one-conference-2016-protect…
*** Firefox Add-On Flaw Leaves Apple And Windows Computers Open To Attack ***
---------------------------------------------
Researchers say reliance on an outdated Firefox extension platform opens the door for remote system attacks on Mac OS and Windows systems.
---------------------------------------------
http://threatpost.com/firefox-add-on-flaw-leaves-apple-and-windows-computer…
*** Keep Windows machines infected abusing Windows Desired State Configuration (DSC) ***
---------------------------------------------
Two forensics experts have demonstrated how to abuse the Windows Desired State Configuration (DSC) feature to gain persistence on the compromised machine. At the last Black Hat Asia, the forensics experts Matt Hastings and Ryan Kazanciyan from Tanium have demonstrated how to abuse the Windows Desired State Configuration (DSC) feature to gain persistence on the compromised machine. The DSC...
---------------------------------------------
http://securityaffairs.co/wordpress/46006/hacking/abusing-windows-dsc.html
*** Complete Tour of PE and ELF: Part 4 ***
---------------------------------------------
Since we have completed the PE structure, now it is time to look at the ELF structure which is somewhat easier to understand as compared to PE. For ELF structure, we will be looking at both the linking view and execution view of a binary. Sections are similar to what we saw in PE structure...
---------------------------------------------
http://resources.infosecinstitute.com/complete-tour-of-pe-and-elf-part-4/
*** Passwort-Test von CNBC: Unverschlüsselt und unverantwortlich ***
---------------------------------------------
In einem Artikel des Nachrichtensenders CNBC konnten Leser die Sicherheit ihrer Kennwörter testen. Was kann dabei schon schiefgehen? Eine ganze Menge, wie Sicherheitsforscher aufzeigen.
---------------------------------------------
http://heise.de/-3162731
*** Google fixes 39 Android flaws, some allow hackers to take over your phone ***
---------------------------------------------
Google has released one of the largest Android monthly security updates, fixing a total of 39 vulnerabilities - 15 rated critical, including four that can lead to a complete device compromise.The patches, which are included in new firmware images that were released Monday for the companys Nexus devices, will also be published to the Android Open Source Project over the next 24 hours.They include a fix for a vulnerability that Google warned about two weeks ago and which is already being...
---------------------------------------------
http://www.cio.com/article/3052201/google-fixes-39-android-flaws-some-allow…
*** About the security content of iOS 9.3 ***
---------------------------------------------
This document describes the security content of iOS 9.3.
---------------------------------------------
https://support.apple.com/en-us/HT206166
*** DFN-CERT-2016-0548: BlackBerry powered by Android: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0548/
*** DFN-CERT-2016-0549: Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Administratorrechten ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0549/
*** Sophos Cyberoam NG Series Multiple Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
Multiple reflected XSS issues were discovered in Cyberoam NG appliances. Input passed via the ipFamily, applicationname and username GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitised before being returned to the user. Adding arbitrary X-Forwarded-For HTTP header to a request makes the appliance also prone to a XSS issue. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5313.php
*** DSA-3541 roundcube - security update ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered that Roundcube, awebmail client, contained a path traversal vulnerability. This flawcould be exploited by an attacker to access sensitive files on theserver, or even execute arbitrary code.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3541
*** USN-2945-1: XChat-GNOME vulnerability ***
---------------------------------------------
Ubuntu Security Notice USN-2945-14th April, 2016xchat-gnome vulnerabilityA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryXChat-GNOME could be made to expose sensitive information over the network.Software description xchat-gnome - simple and featureful IRC client for GNOME DetailsIt was discovered that XChat-GNOME incorrectly verified the hostname in anSSL certificate. An attacker could trick XChat-GNOME into trusting...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2945-1/
*** USN-2944-1: Libav vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-2944-14th April, 2016libav vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTSSummaryLibav could be made to crash or run programs as your login if it opened aspecially crafted file.Software description libav - Multimedia player, server, encoder and transcoder DetailsIt was discovered that Libav incorrectly handled certain malformed mediafiles. If a user were tricked into opening a crafted media file, anattacker could...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2944-1/
*** Bugtraq: [SE-2012-01] Broken security fix in IBM Java 7/8 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537973
*** Open-Xchange Input Validation Flaws Let Remote Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1035469
*** Bugtraq: [security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537977
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 01-04-2016 18:00 − Montag 04-04-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** SideStepper vulnerability in iOS 9 endangers companies that use MDM to distribute apps ***
---------------------------------------------
Researchers are warning companies that the use of MDM technology opens up a loophole in protections added to Apples iOS 9 to help prevent employees from downloading malicious software posing as legit enterprise apps.
---------------------------------------------
http://www.scmagazine.com/sidestepper-vulnerability-in-ios-9-endangers-comp…
*** Analysis of the Locky infection process ***
---------------------------------------------
In recent months, there has been a significant increase in the number of networks and users affected by ransomware known as Locky, which is used to encrypt a victim's files and then demand a ransom to be paid in bitcoins. But, how does this threat manage to infiltrate computer systems and hijack data? From the ESET Research Lab in Latin America, we can explain the steps and the methods used by cybercriminals to evade various layers of security.
---------------------------------------------
http://www.welivesecurity.com/2016/04/04/analysis-of-the-locky-infection-pr…
*** PayPal plugs phishing-enabling vulnerability, stumps up $500 ***
---------------------------------------------
To the bug-splatter who found it. Not to you, dont get excited PayPal has patched a flaw which created a means for miscreants to abuse its platform to lend authenticity to fraudulent or otherwise malicious emails.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/01/paypal_plug…
*** Steam hacker says more vulnerabilities will be found, but not by him ***
---------------------------------------------
"It looks like their website hasnt been updated for years."
---------------------------------------------
http://arstechnica.com/gaming/2016/04/steam-hacker-says-more-vulnerabilitie…
*** New Heap-Spray Exploit Tied To LZH Archive Decompression ***
---------------------------------------------
Researchers found a vulnerability in the classic compression standard Lhasa, once a mainstay for game developers in the mid-90s and still in use today.
---------------------------------------------
http://threatpost.com/new-heap-spray-exploit-tied-to-lzh-archive-decompress…
*** Magento e-commerce platform targeted with new ransomware KimcilWare ***
---------------------------------------------
Users of the Magento e-commerce platform are being targeted with a new ransomware called KimcilWare.
---------------------------------------------
http://www.scmagazine.com/magento-e-commerce-platform-targeted-with-new-ran…
*** Magnitude EK Malvertising Campaign Adds Fingerprinting Gate ***
---------------------------------------------
Threat actors refine a malvertising campaign leading to Magnitude EK.Categories: Cybercrime ExploitsTags: fingerprintingMagnitudemalvertising(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/cybercrime/2016/04/magnitude-ek-malvertising-…
*** Continuous Integration: Jenkins sendet versehentlich anonyme Nutzungsdaten ***
---------------------------------------------
Ein Bug in den Jenkins-Versionen 1.645 und 1.642.2 ignoriert die Einstellung zum Senden der Nutzungsstatistik. Ein Update soll das Problem beheben. Alternativ geben die Macher Tipps zur manuellen Abhilfe.
---------------------------------------------
http://heise.de/-3161093
*** "Experience is a good school. But the fees are high." ENISA urges decision makers to take action before a major cyber crisis occurs in Europe ***
---------------------------------------------
ENISA analysed the EU-level crisis management frameworks in five different sectors to make recommendations on more efficient cyber crisis cooperation and management. The report resulting from this study highlights the lessons that can be learnt from other sectors and that could be applicable in the cyber domain. The study concludes with a series of recommendations regarding EU-level priorities to alter the impact of potential cyber crises. More recently ENISA published a video related to this study that summarises the conclusions based on testimonials from experts in other sectors.
---------------------------------------------
https://www.enisa.europa.eu/media/press-releases/201cexperience-is-a-good-s…
*** Multiple vulnerabilities found in Quanta LTE routers (backdoor, backdoor accounts, RCE, weak WPS ...) ***
---------------------------------------------
The Quanta LTE QDH Router device is a LTE router / access point overall badly designed with a lot of vulnerabilities. Its available in a number of countries to provide Internet with a LTE network.
---------------------------------------------
https://pierrekim.github.io/blog/2016-04-04-quanta-lte-routers-vulnerabilit…
*** Analysis of the Procedure of Penetration on a Hacked Host ***
---------------------------------------------
On the morning of 14th, a colleague of mine reported that the CPU usage of a host reached up to 100%. Then Security Department embarked on investigation and concluded the followings:...
---------------------------------------------
http://en.wooyun.io/2016/03/29/48.html
*** Binärdateien vergleichen: BinDiff ab sofort (fast) gratis nutzen ***
---------------------------------------------
Entwickler und Sicherheitsforscher können das Tool BinDiff zum Vergleichen von Binärdateien kostenlos herunterladen. Für die Nutzung ist aber ein kostenpflichtiger Disassembler nötig.
---------------------------------------------
http://heise.de/-3161798
*** How Reporters Pulled Off the Panama Papers, the Biggest Leak in Whistleblower History ***
---------------------------------------------
The 2.6 terabyte Panama Papers may be the first leak of their scale, but they wont be the last.
---------------------------------------------
http://www.wired.com/2016/04/reporters-pulled-off-panama-papers-biggest-lea…
*** DFN-CERT-2016-0539: Squid: Zwei Schwachstellen ermöglichen u.a. verschiedene Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0539/
*** DSA-3539 srtp - security update ***
---------------------------------------------
Randell Jesup and the Firefox team discovered that srtp, Ciscosreference implementation of the Secure Real-time Transport Protocol(SRTP), does not properly handle RTP header CSRC count and extensionheader length. A remote attacker can exploit this vulnerability to crashan application linked against libsrtp, resulting in a denial of service.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3539
*** DSA-3540 lhasa - security update ***
---------------------------------------------
Marcin Noga discovered an integer underflow in Lhasa, a lzh archivedecompressor, which might result in the execution of arbitrary code ifa malformed archive is processed.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3540
*** Bugtraq: FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537967
*** Bugtraq: ManageEngine Password Manager Pro Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537969
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 31-03-2016 18:00 − Freitag 01-04-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** ICONICS WebHMI Directory Traversal Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a directory traversal vulnerability in the ICONICS WebHMI V9 application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-091-01
*** Beware of Unverified TLS Certificates in PHP & Python ***
---------------------------------------------
Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your website, or clear your CDN's cache. The HTTPS protocol is used to secure the connection with the API server. However, if your web app doesn't verify the TLS certificate, aRead More The post Beware of Unverified TLS Certificates in PHP & Python appeared first on Sucuri Blog.
---------------------------------------------
https://blog.sucuri.net/2016/03/beware-unverified-tls-certificates-php-pyth…
*** TA16-091A: Ransomware and Recent Variants ***
---------------------------------------------
In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. Ransomware is a type of malicious software that infects a computer and restricts users' access to it until a ransom is paid to unlock it.
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA16-091A
*** How To Build Your Own Rogue GSM BTS For Fun And Profit ***
---------------------------------------------
In this blog post Im going to explain how to create a portable GSM BTS which can be used either to create a private ( and vendor free! ) GSM network or for GSM active tapping/interception/hijacking ... yes, with some (relatively) cheap electronic equipment you can basically build something very similar to what the governments are using from years to perform GSM interception.
---------------------------------------------
https://evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-f…
*** About the security content of iBooks Author 2.4.1 ***
---------------------------------------------
Available for: OS X Yosemite v10.10 or later Impact: Parsing a maliciously crafted iBooks Author file may lead to disclosure of user information Description: An XML external entity reference issue existed with iBook Author parsing. This issue was addressed through improved parsing. CVE-ID CVE-2016-1789
---------------------------------------------
https://support.apple.com/en-us/HT206224
*** Security: Apples Rootless-Konzept hat erhebliche Mängel ***
---------------------------------------------
Apples Sicherheitsmechanismus Rootless soll verhindern, dass mit Rootrechten Systemdateien verändert werden können. Doch er lässt sich leicht austricksen und Apple scheint es nicht eilig zu haben, die Lücken zu schließen.
---------------------------------------------
http://www.golem.de/news/security-apples-rootless-konzept-hat-erhebliche-ma…
*** WebKitGTK+ Security Advisory WSA-2016-0003 ***
---------------------------------------------
Several vulnerabilities were discovered in WebKitGTK+.
CVE identifiers: CVE-2016-1778, CVE-2016-1779, CVE-2016-1781, CVE-2016-1782, CVE-2016-1783, CVE-2016-1785, CVE-2016-1786.
---------------------------------------------
http://webkitgtk.org/security/WSA-2016-0003.html
*** DFN-CERT-2016-0530 - PostgreSQL: Zwei Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ***
---------------------------------------------
Zwei Schwachstellen in PostgreSQL ermöglichen einem entfernten, einfach authentifizierten Angreifer das Ausspähen von Informationen, das Durchführen von Denial-of-Service-Angriffen sowie das Umgehen von Sicherheitsvorkehrungen und in der Folge die Manipulation von Daten.
Die PostgreSQL Global Development Group stellt ein Sicherheitsupdate auf die Version 9.5.2 bereit, um die Schwachstellen zu beheben.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0530/
*** New Ransomware KimcilWare Targets Magento Websites ***
---------------------------------------------
Ransomware dubbed KimcilWare is targeting websites running the e-commerce platform Magento and encrypting website files.
---------------------------------------------
http://threatpost.com/new-ransomware-kimcilware-targets-magento-websites/11…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 30-03-2016 18:00 − Donnerstag 31-03-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Auch Google sollte für US-Behörden Smartphones entsperren ***
---------------------------------------------
Alles dreht sich im aktuellen Streit um gesperrte Smartphones von mutmaßlichen Straftätern um Apple und das FBI - US-Behörden haben aber auch an Google zahlreiche derartiger Aufforderungen verschickt. Das hat die Bürgerrechtsvereinigung ACLU herausgefunden.
---------------------------------------------
http://www.golem.de/news/nicht-nur-apple-auch-google-sollte-fuer-us-behoerd…
*** Lücke bei SAP-Software: Hunderttausende Unternehmen gefährdet ***
---------------------------------------------
Deutsche Behörden stufen die Mängel als "kritisch" ein, erst seit Oktober behoben
---------------------------------------------
http://derstandard.at/2000033938536
*** Trend-Micro-Produkte öffneten triviale Hintertür ***
---------------------------------------------
Antiviren-Software soll das System vor bösartiger Software schützen. Immer öfter stellt sich jedoch heraus, dass sie selbst als Einfallstor dienen kann. Ein Sicherheitsexperte demonstriert das zum wiederholten Mal mit Trend Micros Security-Produkten.
---------------------------------------------
http://heise.de/-3159436
*** Automatisierte Medikamenten-Verteiler mit über 1400 Sicherheitslücken ***
---------------------------------------------
Veraltete SupplyStation-Systeme sind nach wie vor in Krankenhäusern im Einsatz und haben tausende Sicherheitslücken. Das ICS-CERT in den USA warnt deswegen vor dem Sicherheitsrisiko durch diese Medikamenten-Verteiler.
---------------------------------------------
http://heise.de/-3159439
*** Snort Covert Channels ***
---------------------------------------------
Lab 3: Covert Channels Covert channels are used by outside attackers to establish communications with the compromised system, or by malicious insiders to secretly transfer data to unauthorized locations. There are various implementations ..
---------------------------------------------
http://resources.infosecinstitute.com/snort-covert-channels/
*** Security best practices for git users ***
---------------------------------------------
In recent years git has become one of most popular SCM/Version Control systems. Usage in some high-profile open-source projects like Linux or Raspberry Pi and support from vendors like GitHub and GitLab definitively helped to gain fame. As ..
---------------------------------------------
http://resources.infosecinstitute.com/security-best-practices-for-git-users/
*** PowerWare 'Fileless Infection' Deepens Ransomware Conundrum for Healthcare Providers ***
---------------------------------------------
The recent wave of ransomware attacks on healthcare institutions is not only raising questions about contingency planning, but also about whether healthcare is becoming the 'go-to' target for cyber extortionists looking to make quick ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/powerware-fileless-inf…
*** DFN-CERT PGP-Schlüssel ***
---------------------------------------------
https://www.dfn-cert.de/aktuell/dfn-cert-schluessel.html
*** Cisco Firepower Malware Block Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
*** Let Me Get That Door for You: Remote Root Vulnerability in HID Door Controllers ***
---------------------------------------------
If you've ever been inside an airport, university campus, hospital, government complex, or office building, you've probably seen one of HID's brand of card readers standing guard over a restricted area. HID is one of the world's largest ..
---------------------------------------------
http://blog.trendmicro.com/let-get-door-remote-root-vulnerability-hid-door-…
*** The Linux Remaiten malware is building a Botnet of IoT devices ***
---------------------------------------------
Experts from the ESET firm have spotted a new threat in the wild dubbed Remaiten that targets embedded systems to recruit them in a botnet. ESET is actively monitoring malicious codes that target IoT systems such as routers, gateways ..
---------------------------------------------
http://securityaffairs.co/wordpress/45820/iot/linux-remaiten-iot-botnet.html
*** Ransomware Petya - a technical review ***
---------------------------------------------
In March 24, researchers at G DATA received a sample of a new type of ransomware which was dubbed 'Petya'. Unlike other types of ransomware, Petya prevents the operating system from starting by manipulating the MBR and installing its own ..
---------------------------------------------
https://blog.gdatasoftware.com/2016/03/28226-ransomware-petya-a-technical-r…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 29-03-2016 18:00 − Mittwoch 30-03-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** CareFusion Pyxis SupplyStation System Vulnerabilities ***
---------------------------------------------
This medical advisory contains mitigation details for numerous third-party software vulnerabilities in end-of-life versions of CareFusion's Pyxis SupplyStation system.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-16-089-01
*** Websites Hacked Redirect to Porn from PDF / DOC Links ***
---------------------------------------------
We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. This time we'll tell you about yet another interesting blackhat SEO attack that we've been watching for the last year. Let's begin with ..
---------------------------------------------
https://blog.sucuri.net/2016/03/pdf-doc-urls-redirect-to-porn.html
*** CloudFlare <= 1.3.20 - Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8428
*** The Topology of Malicious Activity on IPv4 ***
---------------------------------------------
There has been a great deal of academic and industry focus on identifying malicious activity across autonomous systems, and for good reasons. Over 50% of 'good' Internet traffic comes from large, ocean-like ASes pushing content from companies like Netflix, Google, Facebook, Apple and Amazon. However, ..
---------------------------------------------
http://www.suchin.co/2016/03/23/Topology-Of-Malicious-Activity/
*** Betriebssystem: OpenBSD 5.9 filtert weitgehend Systemaufrufe ***
---------------------------------------------
Die Funktion zum Filtern und Beschränken von Systemaufrufen ist in OpenBSD 5.9 um viele Anwendungen erweitert worden. Außerdem unterstützt das System nun neuere Laptops besser - dank UEFI und WLAN nach 802.11n.
---------------------------------------------
http://www.golem.de/news/betriebssystem-openbsd-5-9-filtert-weitgehend-syst…
*** Scammers Impersonate ISPs in New Tech Support Campaign ***
---------------------------------------------
Scammers devise a new ploy to trick users into thinking their own ISP is warning them about malware.
---------------------------------------------
https://blog.malwarebytes.org/threat-analysis/2016/03/scammers-impersonate-…
*** [HTB23298]: Multiple Vulnerabilities in CubeCart ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in popular open source shopping software CubeCart. The discovered vulnerabilities allow a remote attacker to compromise vulnerable website and its databases, and conduct sophisticated attacks against its users.
---------------------------------------------
https://www.htbridge.com/advisory/HTB23298
*** System Integrity Protection: Apples rootfreie Zone ist gar nicht so rootfrei ***
---------------------------------------------
Apple will mit El Capitan verhindern, dass böse Jungs mit Root-Rechten ihr System kaputt machen. Leider hat das auch als Rootless bekannte Sicherheitskonzept viele Lücken und funktioniert deswegen momentan nicht ganz.
---------------------------------------------
http://heise.de/-3157130
*** Der Liebling aller Cyber-Kriminellen: Flash ***
---------------------------------------------
In den Top-15 der am meisten genutzten Sicherheitslücken finden sich allein 13 Schwachstellen in Flash, berichten die Antiviren-Experten der finnischen Firma F-Secure.
---------------------------------------------
http://heise.de/-3157553
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 25-03-2016 18:00 − Dienstag 29-03-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Deutsche Hoster vermehrt im Fokus von Cyberkriminellen ***
---------------------------------------------
Immer stärker nutzen Cyberkriminelle die technisch hochentwickelten Internet-Infrastrukturen der ersten Welt. Immer beliebter werden bei ihnen deutsche Hoster zum Verteilen ihrer Schadsoftware.
---------------------------------------------
http://heise.de/-3151832
*** Basic Snort Rules Syntax and Usage ***
---------------------------------------------
In this series of lab exercises we will demonstrate various techniques in writing Snort rules, from basic rules syntax to writing rules aimed at detecting specific types of attacks. We will also examine some basic approaches ..
---------------------------------------------
http://resources.infosecinstitute.com/snort-rules-workshop-part-one/
*** TWSL2016-006: Multiple XSS Vulnerabilities reported for Zen Cart ***
---------------------------------------------
Today Trustwave released a vulnerability advisory in conjunction with Zen Cart. Researchers from the SpiderLabs Research team at Trustwave recently found multiple Cross-Site Scripting (XSS) vulnerabilities in the popular online open source shopping ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/TWSL2016-006--Multiple-…
*** CVE-2016-1010 (??? - Flash up to 20.0.0.306) and Exploit Kits ***
---------------------------------------------
http://malware.dontneedcoffee.com/2016/03/flash-up-to-2000306.html
*** Neue Infektions-Masche: Erpressungs-Trojaner missbraucht Windows PowerShell ***
---------------------------------------------
Die neu entdeckte Ransomware PowerWare bemächtigt sich der Windows PowerShell, um Computer zu infizieren und Daten zu verschlüsseln.
---------------------------------------------
http://heise.de/-3151892
*** Every Tool in the Tool Box ***
---------------------------------------------
When I teach people about reverse engineering, I often hear the following statement: "I got the right answer, but I cheated to get it". They are typically talking about using dynamic analysis to get an answer versus statically analyzing ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Every-Tool-in-the-Tool-Box/
*** DSA-3532 quagga - security update ***
---------------------------------------------
Kostya Kortchinsky discovered a stack-based buffer overflowvulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIProuting daemon. A remote attacker can exploit this flaw to cause adenial of service (daemon crash), or potentially, execution of arbitrarycode, if bgpd is configured with BGP peers enabled for VPNv4.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3532
*** Improving Bash Forensics Capabilities ***
---------------------------------------------
Bash is the default user shell in most Linux distributions. In case of incidents affecting a UNIX server, they are chances that a Bash shell will be ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20887
*** Life After the Isolated Heap ***
---------------------------------------------
Over the past few months, Adobe has introduced a number of changes to the Flash Player heap with the goal of reducing the exploitability of certain types of vulnerabilities in Flash, especially use-after-frees. I wrote an exploit involving two bugs ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2016/03/life-after-isolated-heap.html
*** APPLE-SA-2016-03-28-1 OS X: Flash Player plug-in blocked ***
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2016/Mar/msg00007.ht…
*** DSA-3533 openvswitch - security update ***
---------------------------------------------
Kashyap Thimmaraju and Bhargava Shastry discovered a remotelytriggerable buffer overflow vulnerability in openvswitch, a productionquality, multilayer virtual switch implementation. Specially craftedMPLS packets could overflow ..
---------------------------------------------
https://www.debian.org/security/2016/dsa-3533
*** "Collecting Serial Data for ICS Network Security Monitoring" ***
---------------------------------------------
Below is a postby SANS ICS515 - ICS Active Defense and Incident Response instructor Mark Bristow. Adversaries across the capability spectrum are increasingly targeting Industrial Control System (ICS) environments. Malware such as ..
---------------------------------------------
http://ics.sans.org/blog/2016/03/29/collecting-serial-data-for-ics-network-…
*** Why PCI DSS cannot replace common sense and holistic risk assessment ***
---------------------------------------------
Cybersecurity compliance is not designed to eliminate data breaches or stop cybercrime.
---------------------------------------------
https://www.htbridge.com/blog/why-pci-dss-cannot-replace-common-sense-and-h…
*** Printers all over the US 'hacked' to spew anti-Semitic fliers ***
---------------------------------------------
Andrew 'Weev' Auernheimer, one of the two men who were prosecuted and convicted for harvesting e-mails and authentication IDs of 114,000 early-adopters of Apple's iPad from AT&T's ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/03/29/printers-us-hacked-anti-semitic-…
*** Xen Security Advisory 172 (CVE-2016-3158, CVE-2016-3159) - broken AMD FPU FIP/FDP/FOP leak workaround ***
---------------------------------------------
There is a workaround in Xen to deal with the fact that AMD CPUs dont load the x86 registers FIP (and possibly FCS), FDP (and possibly FDS), and FOP from memory (via XRSTOR or FXRSTOR) when there is no pending unmasked exception. (See XSA-52.) However, this workaround does not cover all possible input cases.
---------------------------------------------
http://lists.xen.org/archives/html/xen-announce/2016-03/msg00001.html
*** Google-Entwickler: NPM-Malware könnte sich als Wurm verbreiten ***
---------------------------------------------
Wegen einiger Design-Prinzipien der Node-Paktverwaltung NPM könne sich ein schadhaftes Modul wie ein Wurm im gesamten System verbreiten, warnt ein Google-Entwickler. Gegen die Sicherheitslücke hilft vorerst nur Handarbeit.
---------------------------------------------
http://www.golem.de/news/google-entwickler-npm-malware-koennte-sich-als-wur…
*** Petya: Den Erpressungs-Trojaner stoppen, bevor er die Festplatten verschlüsselt ***
---------------------------------------------
Die Ransomware Petya zielt auf deutschsprachige Opfer und sorgt dafür, dass deren Rechner nicht mehr starten. Der Trojaner verschlüsselt ausserdem die Festplatten, das kann man aber verhindern, wenn man ihn rechtzeitig stoppt.
---------------------------------------------
http://heise.de/-3153388
*** Lücke in populärer Anrufer-ID-App Truecaller legt Nutzerdaten offen ***
---------------------------------------------
http://derstandard.at/2000033814462
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 24-03-2016 18:00 − Freitag 25-03-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** DFN-CERT-2016-0510/">Xen, QEMU: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0510/
*** USB Trojan Hides In Portable Applications, Targets Air-Gapped Systems ***
---------------------------------------------
A Trojan program, dubbed USB Thief by researchers at security firm ESET, infects USB drives that contain portable installations of popular applications such as Firefox, NotePad++, or TrueCrypt, and it also seems to be designed to steal information from so-called air-gapped computers. "In the case we ..
---------------------------------------------
https://it.slashdot.org/story/16/03/24/184255/usb-trojan-hides-in-portable-…
*** F5: sol93122894: OpenSSL vulnerability CVE-2016-0705 ***
---------------------------------------------
OpenSSL handling of malformed DSA private keys may cause memory corruption and possibly stop the handling process.
---------------------------------------------
https://support.f5.com/kb/en-us/solutions/public/k/93/sol93122894.html
*** Tenable: [R1] Log Correlation Engine (LCE) 4.8.0 Updates Libxml2 ***
---------------------------------------------
The Log Correlation Engine (LCE) uses the third-party Libxml2 library for some XML parsing routines. A vulnerability was found and patched in Libxml2 recently. Tenable has not evaluated this vulnerability beyond acknowledging that user-supplied XML ..
---------------------------------------------
http://www.tenable.com/security/tns-2016-06
*** Cogent DataHub Elevation of Privilege Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a privilege elevation vulnerability in the Cogent DataHub application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01
*** SQL Injection Cheat Sheet ***
---------------------------------------------
What is an SQL Injection Cheat Sheet? An SQL injection cheat sheet is a resource in which you can find detailed technical information about the many different variants of the SQL Injection vulnerability. This cheat sheet is of good ..
---------------------------------------------
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
*** Erpressungstrojaner: "Petya" befällt deutschsprachiges Gebiet ***
---------------------------------------------
Die Ransomware verbreitet sich über Dropbox und zwingt Windows-User, Geld für die Entsperrung ihres Computers zu zahlen.
---------------------------------------------
http://derstandard.at/2000033657066
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 23-03-2016 18:00 − Donnerstag 24-03-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** IBM Security Bulletin: IBM Forms Server vulnerability identified in Webform Server (CVE-2016-0223) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21977574
*** Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC5022 16Gb SAN and EN4023 10Gb Scalable Switches ***
---------------------------------------------
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099273
*** Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for BladeCenter ***
---------------------------------------------
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099272
*** Cisco Network Convergence System 6000 Series Routers SCP and SFTP Modules Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Zyxel MAX3XX Series Wimax CPEs Hardcoded Root Password ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016030135
*** Measuring SMTP STARTTLS Deployment Quality ***
---------------------------------------------
At Yahoo, our users send and receive billions of emails everyday. We work to make Yahoo Mail easy to use, personalized, and secure for our hundreds of millions of users around the world. In line with our efforts to protect our users ..
---------------------------------------------
https://yahoo-security.tumblr.com/post/141495385400/measuring-smtp-starttls…
*** Kerberos Kadmind Null Pointer Dereference in process_db_args() Lets Remote Authenticated Users Execute Arbitrary Code on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1035399
*** CA Single Sign-On Agent Input Validation Flaws Let Remote Users Obtain Potentially Sensitive Information and Cause Denial of Service Conditions ***
---------------------------------------------
http://www.securitytracker.com/id/1035389
*** Researchers find hole in SIP, Apple's newest protection feature ***
---------------------------------------------
System Integrity Protection pwned Security researchers have discovered a vulnerability that creates a means for hackers to circumvent Apple's newest protection ..
---------------------------------------------
www.theregister.co.uk/2016/03/24/macosx_security_bypass/
*** Nemucods CRYPTED Ransomware Can Be Neutralized with This Decrypter ***
---------------------------------------------
Victims that had their computers locked by a ransomware that uses the CRYPTED file extension can now free their files using a special decrypter created by Emsisoft security ..
---------------------------------------------
http://news.softpedia.com/news/nemucod-s-crypted-ransomware-can-be-neutrali…
*** RCE flaw affects DVRs sold by over 70 different vendor ***
---------------------------------------------
RSA security researcher Rotem Kerner has discovered a remote code execution vulnerability that affects digital video recorders (DVRs) sold by more than 70 different vendors around the world.
---------------------------------------------
https://www.helpnetsecurity.com/2016/03/24/rce-flaw-dvrs-70-vendors/
*** Erpressungs-Trojaner Petya riegelt den gesamten Rechner ab ***
---------------------------------------------
Eine neue Ransomware hat es aktuell auf deutschsprachige Windows-Nutzer abgesehen. Petya wird über Dropbox verteilt und manipuliert die Festplatte, wodurch das Betriebssystem nicht mehr ausgeführt werden kann.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Erpressungs-Trojaner-Petya-riegelt-d…
*** VU#279472: Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities ***
---------------------------------------------
http://www.kb.cert.org/vuls/id/279472
*** RedDoor: Erpresser drohen mit DDoS-Attacken auf deutsche Webseiten ***
---------------------------------------------
Zahlt uns 3 Bitcoin oder wir legen eure Webseite lahm – mit dieser Drohung erpresst eine Gruppe gerade Firmen in Deutschland, Österreich und der Schweiz. Angeblich soll es sich dabei allerdings um einen Bluff handeln.
---------------------------------------------
http://heise.de/-3151565
*** Emergency Java Patch Re-Issued for 2013 Vulnerability ***
---------------------------------------------
Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013.
---------------------------------------------
http://threatpost.com/emergency-java-patch-re-issued-for-2013-vulnerability…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 22-03-2016 18:00 − Mittwoch 23-03-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** What was all that about a scary iMessage flaw? Your three-minute guide ***
---------------------------------------------
On Sunday, we were warned that hackers could read our iMessages texts, photos and videos. Should I be worried? As it turns out: no. If youre even a little curious about cryptography and secure programming, though, it should interest and amuse you.
---------------------------------------------
http://www.theregister.co.uk/2016/03/23/imessages_flaw_details/
*** Google publishes list of Certificate Authorities it doesnt trust ***
---------------------------------------------
Thawte experiment aims to expose issuers of dodgy creds Googles announced another expansion to the security information offered in its transparency projects: its now going to track certificates you might not want to trust.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/03/23/google_now_…
*** Abusing Oracles, (Wed, Mar 23rd) ***
---------------------------------------------
No, no this has nothing to do with Oracle Corporation! This diary is about abusing encryption and decryption Oracles. First a bit of a background story. Most of the days I do web and mobile application penetration testing. While technical vulnerabilities, such as SQL Injection, XSS and similar are still commonly found, in last couple of years I would maybe dare to say that the Direct Object Reference (DOR) vulnerabilities have become prevalent.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20875&rss
*** Libmcrypt - Incorrect S-Boxes for GOST cipher (2008, unfixed) ***
---------------------------------------------
PHP just decided to abandon the trash fire that is libmcrypt. There were (are?) still other projects that use(d) it, so Im sharing this link in the interest of strongly encouraging projects to drop it like a lead balloon. This is far from the only problem with it ...
---------------------------------------------
https://www.reddit.com/r/netsec/comments/4bl8xu/libmcrypt_incorrect_sboxes_…
*** Microsoft Adds New Feature in Office 2016 That Can Block Macro Malware ***
---------------------------------------------
Microsoft is finally addressing the elephant in the room in terms of security for Office users and has announced a new feature in the Office 2016 suite that will make it harder for attackers to exploit macro malware. ... Sysadmins can now block macros that connect to the Internet ... "This feature can be controlled via Group Policy and configured per application," Microsoft explains. "It enables enterprise administrators to block macros from running in Word, Excel and PowerPoint
---------------------------------------------
http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-th…
*** GroupWise 2014 R2 Hot Patch 1 - Windows Full Multilingual ***
---------------------------------------------
Abstract: GroupWise 2014 R2 Hot Patch 1 has been released. Be aware that there are security fixes in this release. Please see the Security section for details.
---------------------------------------------
https://download.novell.com/Download?buildid=AA7ZB93KAjc~
*** GroupWise 2014 R2 Hot Patch 1 - Windows Client Multilingual ***
---------------------------------------------
Abstract: GroupWise 2014 R2 Hot Patch 1 has been released. Be aware that there are security fixes in this release. Please see the Security section for details.
---------------------------------------------
https://download.novell.com/Download?buildid=dxd3rzvGvig~
*** GroupWise 2014 R2 Hot Patch 1 - Linux Full Multilingual ***
---------------------------------------------
Abstract: GroupWise 2014 R2 Hot Patch 1 has been released. Be aware that there are security fixes in this release. Please see the Security section for details.
---------------------------------------------
https://download.novell.com/Download?buildid=Wxix0_fCdmI~
*** sol51518670: Linux kernel vulnerability CVE-2015-2922 ***
---------------------------------------------
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. (CVE-2015-2922)
---------------------------------------------
https://support.f5.com/kb/en-us/solutions/public/k/51/sol51518670.html
*** F5 Security Advisory: Apache Tomcat 6.x vulnerabilities CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, and CVE-2016-0714 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/30/sol30971148.html?…
---------------------------------------------
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** ZDI-16-210: IBM Informix portmap Service Privilege Escalation Vulnerability ***
---------------------------------------------
This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
www.zerodayinitiative.com/advisories/ZDI-16-210/
*** ZDI-16-209: IBM Informix nsrexecd Service Privilege Escalation Vulnerability ***
---------------------------------------------
This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-209/
*** ZDI-16-208: IBM Informix nsrd Service Privilege Escalation Vulnerability ***
---------------------------------------------
This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-208/
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 21-03-2016 18:00 − Dienstag 22-03-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Moodle Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information and Bypass Security Restrictions and Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1035333
*** Libxml2 Memory Allocation Error in xmlStringGetNodeList() Lets Remote Users Consume Excessive Memory Resources ***
---------------------------------------------
http://www.securitytracker.com/id/1035335
*** D-Link DWR-932 Authentication Bypass / Password Disclosure ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016030115
*** AsusTEK asio.sys MSR Manipulation ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016030116
*** Google slings critical patch at exploited Linux kernel root hole ***
---------------------------------------------
Android re-installation ahoy to sink privilege elevation that opens avenue for rooting apps Google has shipped an out-of-band patch for Android shuttering a bug that is under active exploitation to root devices.
---------------------------------------------
www.theregister.co.uk/2016/03/22/google_slings_critcial_patch_at_exploited_…
*** IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affects IBM Rational DOORS Next Generation ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21978747
*** IBM Security Bulletin: Lotus Quickr 8.5 for WebSphere Portal January 2016 CPU (CVE-2016-0448) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21977579
*** Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2015-7575) ***
---------------------------------------------
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099195
*** IBM Security Bulletin: Vulnerability in Apache Cordova affects IBM MobileFirst Platform Foundation (CVE-2015-5256) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg2C1000109
*** Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2015-5600) ***
---------------------------------------------
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098977
*** Samba-Entwickler warnen vor Lücke auch in Windows ***
---------------------------------------------
Badlock heißt eine kritische Sicherheitslücke, die Samba-Entwickler in ihrer eigenen Software, aber auch in Windows entdeckt haben. Sie warnen die Betreiber solcher Server eindringlich, am 12. April Zeit für das Einspielen von Patches einzuplanen.
---------------------------------------------
http://heise.de/-3148379
*** Deluge of Apple Patches Fix iMessage Crypto Bug, Much More ***
---------------------------------------------
Apple deployed patches for nearly all of its products, including Safari, OS X, iOS, Apple TV's tvOS, and watchOS on Monday.
---------------------------------------------
http://threatpost.com/deluge-of-apple-patches-fix-imessage-crypto-bug-much-…
*** "E-ISAC and SANS Report On The Ukrainian Grid Attack" ***
---------------------------------------------
Yesterday the SANS ICS team released its Defense Use Case (DUC) #5 analyzing the cyber-attack that impacted Ukraine on December 23, 2015. The paper is written from the perspective of what lessons that can be learned from the event. The ..
---------------------------------------------
http://ics.sans.org/blog/2016/03/22/e-isac-and-sans-report-on-the-ukrainian…
*** A look at Locky ransomware ***
---------------------------------------------
The Locky ransomware was first spotted in the wild last month in February 2016. Locky came to limelight when it hit the Hollywood Hospital last month causing the hospital to pay bitcoins worth 17,000$ USD in ransom. Locky is known to ..
---------------------------------------------
http://research.zscaler.com/2016/03/a-look-at-locky-ransomware.html