=======================
= End-of-Shift report =
=======================
Timeframe: Montag 03-08-2015 18:00 − Dienstag 04-08-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Thunderstrike 2: Mac-Firmware-Wurm soll sich über Thunderbolt-Adapter verbreiten ***
---------------------------------------------
Weitere EFI-Schwachstellen ermöglichen nach Angabe von Sicherheitsforschern die Modifikation der Firmware mobiler Macs. Ein Angreifer könne dadurch einen Schädling einschleusen, der sich über Thunderbolt-Adapter und Peripherie fortpflanzt.
---------------------------------------------
http://heise.de/-2767994
*** DYLD_PRINT_TO_FILE exploit found in the wild ***
---------------------------------------------
Last month, Stefan Esser blogged about a zero-day vulnerability in OS X, without having informed Apple about the problem first. Unfortunately, today has brought the discovery of the first known exploit. (Read more...)
---------------------------------------------
https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-…
*** Hackers use cartons with sticks, may be foiled by watermelons ***
---------------------------------------------
Translation from Russian hack-slang: Credit card, PayPal and secure server Gaining an invite to the best of the nearly 60 websites powering the cybercrime underground is only half the fight for researchers; they also need to know that credit cards are called cartons, PayPal a stick, and bulletproof servers watermelons.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/russian_cyb…
*** Android-Schwachstelle: Stagefright-Exploits wohl bald aktiv ***
---------------------------------------------
Erste Nachweise, dass die wohl gravierende Sicherheitslücke in Android ausnutzbar ist, sind bereits im Umlauf. Patches gibt es bereits für Android und Cynanogenmod. Bis die Hersteller sie bereitstellen, könnte Stagefright aber millionenfach missbraucht worden sein.
---------------------------------------------
http://www.golem.de/news/android-schwachstelle-stagefright-exploits-wohl-ba…
*** Android MediaServer Bug Traps Phones in Endless Reboots ***
---------------------------------------------
We have discovered a new vulnerability that allows attackers to perform denial of service (DoS) attacks on Android's mediaserver program. This causes a device's system to reboot and drain all its battery life. In more a severe case, where a related malicious app is set to auto-start, the device can be trapped in an endless reboot...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/w1VZWbnfA4c/
*** Your Password is Too Damn Short ***
---------------------------------------------
Im a little tired of writing about passwords. But like taxes, email, and pinkeye, theyre not going away any time soon. Heres what I know to be true, and backed up by plenty of empirical data:
---------------------------------------------
http://blog.codinghorror.com/your-password-is-too-damn-short/
*** Yahoo! ads! caught! spreading! CryptoWall! ransomware! AGAIN! ***
---------------------------------------------
Unpatched Flash holes exploited to inject file-scrambling nasty Yahoo!s ad network is still being used to spread ransomware to Windows PCs a year after the last big outbreak.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/yahoo_malwa…
*** Open source tool for deploying SSL public key pinning in iOS, OS X apps ***
---------------------------------------------
At Black Hat USA 2015, Data Theorem and Yahoo! will be unveiling TrustKi, a new, open source security toolkit that helps developers easily include complex mobile security functionality, known as SSL p...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/jxmlYG4OZVA/secworld.php
*** Cybersecurity Policy and Threat Assessment for the Energy Sector ***
---------------------------------------------
INTRODUCTION: A wake-up call An HP Enterprise Security's 2014 Global Report on the Cost of Cyber Crime by the Ponemon Institute reveals some astounding aspects of the cyber-attacks on the energy utilities. First, these assets suffered the highest average annual losses from cybercrimes ($13, 2 million), closely followed by the losses caused by computer attacks...
---------------------------------------------
http://resources.infosecinstitute.com/cybersecurity-policy-and-threat-asses…
*** Symantec Endpoint Protection: Gefährlicher Sicherheitslücken-Cocktail ***
---------------------------------------------
Über verschiedene Schwachstellen in Symantecs End Point Protection 12.1 können sich Angreifer in Netzwerke schleichen, beliebigen Code und Befehle ausführen und anschließend ganze Systemverbunde kapern.
---------------------------------------------
http://heise.de/-2768461
*** MatrixSSL Tiny: A TLS software implementation for IoT devices ***
---------------------------------------------
INSIDE Secure announced the availability of MatrixSSL Tiny, the world's smallest Transport Layer Security (TLS) software implementation, to allow companies to affordably secure IoT devices with string...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/mnlQoZJr0zU/secworld.php
*** Bugtraq: Mozilla extensions: a security nightmare ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536133
*** WordPress 4.2.4 Security and Maintenance Release ***
---------------------------------------------
August 4, 2015 | WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise...
---------------------------------------------
https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance…
*** Security Advisory: Apache vulnerability CVE-2012-0053 ***
---------------------------------------------
(SOL15273)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/200/sol15273.htm…
*** DSA-3327 squid3 - security update ***
---------------------------------------------
Alex Rousskov of The Measurement Factory discovered that Squid3, a fullyfeatured web proxy cache, does not correctly handle CONNECT method peerresponses when configured with cache_peer and operating on explicitproxy traffic. This could allow remote clients to gain unrestrictedaccess through a gateway proxy to its backend proxy.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3327
*** SSA-504631 (Last Update 2015-08-04): Incorrect Certificate Validation in COMPAS Mobile App ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affected IBM Workflow for Bluemix July 2015 ***
http://www.ibm.com/support/docview.wss?uid=swg21963428
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791) ***
http://www.ibm.com/support/docview.wss?uid=swg21960633
*** IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities ***
http://www.ibm.com/support/docview.wss?uid=swg21962726
*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Rational ClearQuest(CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21962816
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2015-0488, CVE-2015-0478, CVE-2015-1916) ***
http://www.ibm.com/support/docview.wss?uid=swg21902824
*** IBM Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM MobileFirst Platform Foundation and IBM Worklight ***
http://www.ibm.com/support/docview.wss?uid=swg21961179
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 31-07-2015 18:00 − Montag 03-08-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** One font vulnerability to rule them all #1: Introducing the BLEND vulnerability ***
---------------------------------------------
Posted by Mateusz Jurczyk of Google Project ZeroLast month, I presented parts of my PostScript font security research at the REcon security conference in Montreal, in a talk titled "One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced exploitation". This talk discussed the exploitation process of a vulnerability found in the implementation of a BLEND Charstring instruction, discovered in a user-mode Adobe Reader's CoolType...
---------------------------------------------
http://googleprojectzero.blogspot.com/2015/07/one-font-vulnerability-to-rul…
*** Schwachstellen: Fernzugriff öffnet Autotüren ***
---------------------------------------------
Einem Hacker ist es gelungen, sich in die Software Onstar Remotelink des US-Autoherstellers General Motors einzuklinken. Damit lässt sich das Fahrzeug entriegeln und sogar starten. Wegfahren konnte er mit dem gehackten Fahrzeug aber nicht.
---------------------------------------------
http://www.golem.de/news/schwachstellen-fernzugriff-oeffnet-autotueren-1508…
*** Angriff auf Dell-Firmware nach Tiefschlaf ***
---------------------------------------------
Nach dem Aufwachen aus dem Standby vergisst die Firmware einiger Dell-Rechner, sich selbst vor Schreibzugriffen zu schützen. So könnten Angreifer Schadcode in die Firmware schleusen.
---------------------------------------------
http://heise.de/-2766940
*** Sicherheitslücken im Android-Multimedia-System eskalieren ***
---------------------------------------------
Die Schwachstellen im Multimedia-System sind gefährlicher als zuerst vermutet: Mit manipulierten MP4-Videos könnten Angreifer Kontrolle übers Smartphone erlangen.
---------------------------------------------
http://heise.de/-2766925
*** Your Security Policy Is So Lame, (Sun, Aug 2nd) ***
---------------------------------------------
Every person should avoid lame security policies because of the lack of clarity they leave behind. Often times we find ourselves forced into creating security policies due to compliance requirements. Is there a way to lean into this requirement and get value beyond the checkbox? I certainly think so and would like to share some ideas on how you can do this as well. ">I personally avoided being the policy guy">">The following are several tips and tricks you can use to
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19991&rss
*** Microsoft Windows 10 spies on you by default ***
---------------------------------------------
While Microsoft is offering for free it new Windows 10 OS, security experts argue that the cost for user privacy is much higher. Microsoft Windows 10 is the new operating system of the IT giant, the newborn already reached more than 14 million downloads in just two days. The experts who have already analyzed Windows 10...
---------------------------------------------
http://securityaffairs.co/wordpress/39042/digital-id/windows-10-privacy.html
*** BIND9 - Denial of Service Exploit in the Wild ***
---------------------------------------------
BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and is used by most DNS providers. A week ago, the Internet Systems Consortium (ISC) team released a patch for a serious denial of service vulnerability (CVE-2015-5477) that allows a remote...
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/RmxRTNcW95o/bind9-denial-of-s…
*** Chrome extensions crocked with simple attack ***
---------------------------------------------
Security-enhancer HTTPS Everywhere switched off with this one weird trick Detectify researcher Mathias Karlsson says attackers can remove Google Chrome extensions, including the popular HTTPS Everywhere extension, if users do nothing else but visit a web page.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/03/detectify_d…
*** Hijacking Satellite Communications with a $1,000 Device ***
---------------------------------------------
A security researcher demonstrated how to hack a satellite tracking technology with a $1,000 device made of off the shelf components. Colby Moore, a security expert from security firm Synack, will present in a talk at the next Black Hat Conference how to hack satellite tracking technology by using a $1,000 device made of off...
---------------------------------------------
http://securityaffairs.co/wordpress/39051/digital-id/hijacking-satellite-co…
*** Researchers Create First Firmware Worm That Attacks Macs ***
---------------------------------------------
The common wisdom is that Apple computers are more secure than PCs. It turns out this isnt true.
---------------------------------------------
http://www.wired.com/2015/08/researchers-create-first-firmware-worm-attacks…
*** Anonymisierung: Weiterer Angriff auf das Tor-Netzwerk beschrieben ***
---------------------------------------------
Forscher haben eine weitere Möglichkeit entdeckt, Benutzerzugriffe auf Tors Hidden Services zu entlarven. Ihr Angriff benötige aber eine gehörige Portion Glück, schreiben sie. Auch die Tor-Betreiber wiegeln ab.
---------------------------------------------
http://www.golem.de/news/anonymisierung-weiterer-angriff-auf-das-tor-netzwe…
*** Your SSH Server On Port 8080 Is No Longer "Hidden" Or "Safe", (Mon, Aug 3rd) ***
---------------------------------------------
I am seeing some scanning for SSH servers on port 8080 in web server logs for web servers that listen on this port. So far, I dont see any scans like this for web servers listening on port 80. In web server logs, the scan is reflected as an Invalid Method (error 501) as the web server only sees the banner provided by the SSHclient, and of course can not respond. For example: 222.186.21.180 - - [03/Aug/2015:08:31:55 +0000] SSH-2.0-libssh2_1.4.3 501 303 - - This IP address in this example is for...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19995&rss
*** Designing the Perfect Security Awareness Newsletter ***
---------------------------------------------
Even in smaller organizations, a regular security awareness newsletter can support effective, participative security. While your organization's editorial rules could be a creative break on a really great newsletter, the following tips can help you build up an effective one that will be welcomed by associates and be an asset to the organization's security. Do...
---------------------------------------------
http://resources.infosecinstitute.com/designing-the-perfect-security-awaren…
*** Windows 10 Upgrade Spam Carries CTB-Locker Ransomware ***
---------------------------------------------
Spam messages spoofing Microsoft and promising a free Windows 10 upgrade instead drop the CTB-Locker crypto-ransomware on compromised machines.
---------------------------------------------
http://threatpost.com/windows-10-upgrade-spam-carries-ctb-locker-ransomware…
*** Google Android Buffer Overflows in DHCP Let Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1033124
*** D-Link DCS-2103 1.20 CSRF / Cross Site Scripting ***
---------------------------------------------
Topic: D-Link DCS-2103 1.20 CSRF / Cross Site Scripting Risk: Medium Text:Hello list! There are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in D-Link DCS-2103 (IP camera). ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015080016
*** VU#360431: Chiyu Technology fingerprint access control contains multiple vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#360431 Chiyu Technology fingerprint access control contains multiple vulnerabilities Original Release date: 31 Jul 2015 | Last revised: 31 Jul 2015 Overview Multiple models of Chiyu Technology fingerprint access control devices contain a cross-site scripting (XSS) vulnerability and an authentication bypass vulnerability. Description CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - CVE-2015-2870According to the reporter, tags are...
---------------------------------------------
http://www.kb.cert.org/vuls/id/360431
*** Juniper Pulse Secure TCP Hardware Acceleration Flaw Lets Remote Users Access Data on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1033166
*** FortiSandbox WebUI Multiple XSS vulnerabilities ***
---------------------------------------------
Topic: FortiSandbox WebUI Multiple XSS vulnerabilities Risk: Low Text:[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/a...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015080004
*** DSA-3322 ruby-rack - security update ***
---------------------------------------------
Tomek Rabczak from the NCC Group discovered a flaw in thenormalize_params() method in Rack, a modular Ruby webserver interface.A remote attacker can use this flaw via specially crafted requests tocause a `SystemStackError` and potentially cause a denial of servicecondition for the service.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3322
*** DSA-3326 ghostscript - security update ***
---------------------------------------------
William Robinet and Stefan Cornelius discovered an integer overflow inGhostscript, the GPL PostScript/PDF interpreter, which may result indenial of service or potentially execution of arbitrary code if aspecially crafted file is opened.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3326
*** DSA-3325 apache2 - security update ***
---------------------------------------------
Several vulnerabilities have been found in the Apache HTTPD server.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3325
*** DSA-3323 icu - security update ***
---------------------------------------------
Several vulnerabilities were discovered in the International Componentsfor Unicode (ICU) library.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3323
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) - IBM Java SDK updates July 2015 ***
http://www.ibm.com/support/docview.wss?uid=swg21963354
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Intrusion Prevention System ***
http://www.ibm.com/support/docview.wss?uid=swg21962039
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web ***
http://www.ibm.com/support/docview.wss?uid=swg21963096
*** IBM Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects IBM Security Network Intrusion Prevention System (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21962045
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack (CVE-2015-0486 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-2808 ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022548
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry (CVE-2015-0486 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-2808 ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022550
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business ***
http://www.ibm.com/support/docview.wss?uid=swg21963126
*** IBM Security Bulletin: Multiple vulnerabilities in the unzip utility affect IBM Security Access Manager for Web ***
http://www.ibm.com/support/docview.wss?uid=swg21963094
*** IBM Security Bulletin: Vulnerabilities in unzip affect IBM Security Network Intrusion Prevention System (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, and CVE-2014-9636 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21962038
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 30-07-2015 18:00 − Freitag 31-07-2015 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** Derelict TrueCrypt Russia portal is command hub for Ukraine spying op ***
---------------------------------------------
Backdoored code slung at officials, journos etc Malware used to attack Ukrainian government, military, and major news agencies in the country, was distributed from the Russian portal of encryption utility TrueCrypt, new research has revealed.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/07/30/truecrypt_r…
*** Username Enumeration against OpenSSH-SELinux with CVE-2015-3238 ***
---------------------------------------------
I recently disclosed a low-risk vulnerability in Linux-PAM < 1.2.1 , which allows attackers to conduct username enumeration and denial of service attacks. Below I will provide more technical details about this vulnerability. The Past Time-based username enumeration is an...
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-ag…
*** Flash Threats: Not Just In The Browser ***
---------------------------------------------
July has been a fairly poor month for Adobe Flash Player security, to say the least. Three separate zero-day vulnerabilities (all courtesy of the Hacking Team dump) have left many people concerned about Flash security, with many (including this blog) calling for it to go away. Some sort of reaction from Adobe to improve Flash...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6YRcRVFMKYg/
*** Bundestags-Hack: Reparatur des Bundestagsnetzes soll vier Tage dauern ***
---------------------------------------------
Das Netzwerk des Bundetages soll zwischen dem 13. und 17. August 2015 neu aufgesetzt werden. In dieser Zeit wird es komplett abgeschaltet. Auch E-Mails können dann nicht mehr empfangen oder versendet werden.
---------------------------------------------
http://www.golem.de/news/bundestags-hack-reparatur-des-bundestagsnetzes-sol…
*** Compromised site serves Nuclear exploit kit together with fake BSOD ***
---------------------------------------------
Support scammers not lying about a malware infection for a change.During our work on the development of the VBWeb tests, which will be started soon, we came across an interesting case of an infected website that served not only the Nuclear exploit kit, but also a fake blue screen of death (BSOD) that attempted to trick the user into falling for a support scam.When a (legitimate) website includes (legitimate) advertisements, these ads themselves are rarely included in the HTML code. Rather, the...
---------------------------------------------
http://www.virusbtn.com/blog/2015/07_31.xml?rss
*** MMS Not the Only Attack Vector for "Stagefright" ***
---------------------------------------------
Earlier this week Zimperium zLabs revealed an Android vulnerability which could be used to install malware on a device via a simple multimedia message. This vulnerability, now known as Stagefright, has gained a lot of attention for the potential attacks it can cause. Stagefright makes it possible, for example, for an attacker to install a spyware app...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fiKsjboNusw/
*** Real World Ramifications of Cyber Attacks ***
---------------------------------------------
Warning: the following blog contains gratuitous use of sarcasm and hyperbole from the start. Reader discretion is advised. And so, ladies and gentlemen, it has finally happened. The Internet-of-Things has risen up, Skynet style, and we are doomed. This much prophesied event finally came to pass with reports of hackers disabling cars from miles away, and altering rifle trajectories. At last, it seems, the crossover has been made from the digital world to the physical one; the end is nigh. Then...
---------------------------------------------
https://blog.team-cymru.org/2015/07/real-world-ramifications-of-cyber-attac…
*** Symantec Endpoint Protection Multiple Issues ***
---------------------------------------------
Revisions None Severity CVSS2 Base Score ...
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se…
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Prime Central Hosted Collaboration Solution Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40214
*** Cisco IM and Presence Service Reflected Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40217
*** Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40175
*** Cisco Unified Communications Manager Prime Collaboration Deployment Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40223
*** Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Password Storage Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a password storage vulnerability in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
*** ZDI-15-372: IBM Tivoli Storage Manager FastBack Server Opcode 4755 Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/lONzWRepYUI/
*** ZDI-15-373: IBM Tivoli Storage Manager FastBack Server Opcode 1365 Files Restore Agents Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Np2gm5rVOXQ/
*** ZDI-15-374: IBM Tivoli Storage Manager FastBack Server Opcode 1365 Volumes Restore Agents Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/zJI4EVNVvMM/
*** ZDI-15-375: IBM Tivoli Storage Manager FastBack Server Opcode 4115 Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/x0uVs7pbpJo/
*** ZDI-15-376: IBM Tivoli Storage Manager FastBack Server Opcode 8192 Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/L9RNtcsUYnU/
*** More IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 29-07-2015 18:00 − Donnerstag 30-07-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Der Stagefright Bug ***
---------------------------------------------
Bald ist die Blackhat Konferenz in Vegas und der Schwachstellen-Zirkus rundherum ist im vollen Gange. Aktuell sind eine Reihe von Verwundbarkeiten in der Stagefright Library von Android groß im Gespräch. Was steckt da ..
---------------------------------------------
http://www.cert.at/services/blog/20150730175038-1560.html
*** Anatomy of a Scamware Network - MultiPlug ***
---------------------------------------------
While examining our cloud sandbox data recently, we uncovered a large MultiPlug network that caught our attention due to its use pattern of code signing certificates and the breadth of its hosting infrastructure. Overview of the Scamware ..
---------------------------------------------
http://research.zscaler.com/2015/07/anatomy-of-scamware-network-multiplug.h…
*** Tsar Team Microsoft Office Zero Day CVE-2015-2424 ***
---------------------------------------------
After the publication of Flash and IE zero days following the Hacking Team leak, researchers have discovered the use of another zero-day vulnerability by the Tsar Team sometimes ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Tsar-Team-Microsoft-Off…
*** Telefonanlage gehackt – 14.000 Euro Schaden für Firma in Oberwart ***
---------------------------------------------
Der Fall einer Firma, deren Telefonanlage von Unbekannten gehackt worden ist, beschäftigt Kriminalisten in Oberwart: Dem Unternehmer flatterten Rechnungen über insgesamt 14.000 Euro ins Haus. Wie der Schaden entstehen konnte, sei noch Gegenstand von Ermittlungen, teilte die Landespolizeidirektion Burgenland mit.
---------------------------------------------
http://derstandard.at/2000019966507
*** Android: Video-Attacke kann Geräte unbenutzbar machen ***
---------------------------------------------
Die Sicherheit von Googles mobilem Betriebssystem Android kommt einmal mehr unter Beschuss: Nur wenige Tage nachdem Zimperium vor mehreren Lücken im Media Framework Stagefright gewarnt hat, meldet sich nun auch Trend Micro zu Wort. In einem Blog-Eintrag warnt der Sicherheitsdienstleister vor zwei weiteren Fehlern in Stagefright, durch die ein Android-Gerät vorübergehend keinen Laut mehr von sich gibt. Auch reagiert ein solcherart angegriffenes Geräte kaum bis gar nicht mehr.
---------------------------------------------
http://derstandard.at/2000019966485
*** Windows 10 speichert Festplattenverschlüsselungs-Keys in der Cloud ***
---------------------------------------------
Mit Windows 10 steht seit kurzem die neueste Betriebssystemgeneration von Microsoft zur Verfügung. Die ersten Tests kommen zu überwiegende positiven Urteilen, und doch steht der Softwarehersteller nun einmal mehr in der Kritik – und zwar von Sicherheitsexperten.
---------------------------------------------
http://derstandard.at/2000019972950
*** Throwback Thursday: Riotous Assembly ***
---------------------------------------------
This Throwback Thursday, we turn the clock back to January 1994, shortly after Cyber Riot had emerged as the first virus capable of infecting the Windows kernel.Today, malware that affects the Windows kernel is ubiquitous - the ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/07_30.xml
*** Beginners Guide to "Use after free Exploits #IE 6 0-day #Exploit Development" ***
---------------------------------------------
Last week a friend asked few queries regarding use after free vulnerabilities, . Its been a while I wrote a tutorial so taught of cooking a beginners guide this week end. I wanted a live target for the tutorial so my plans were to ..
---------------------------------------------
http://garage4hackers.com/content.php?r=143-Beginners-Guide-to-Use-after-fr…
*** Admin-Oberfläche Froxlor verrät Datenbank-Passwörter ***
---------------------------------------------
Das Server-Management-Panel Froxlor ist verwundbar und Angreifer können unter Umständen das Datenbank-Passwort aus der Ferne auslesen. Eine gefixte Version ist aber noch nicht für alle Linux-Distributionen verfügbar.
---------------------------------------------
http://heise.de/-2765508
*** OpenBSD patch Lets Remote Users Execute Arbitrary Commands on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1033126
*** CVE-2015-0097 Exploited in the Wild ***
---------------------------------------------
In March 2015, Microsoft patched a remote code execution (RCE) vulnerability (CVE-2015-0097) in Microsoft Office. In July 2015, Eduardo Prado released a Proof of Concept (PoC) exploit for this vulnerability here. It did not take long for attackers to repackage this PoC and use it in attacks ..
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-0097_exploi.h…
*** l+f: Smarter Safe lässt sich clever ausrauben ***
---------------------------------------------
Präparierten USB-Stick anstecken, 60 Sekunden warten und schon öffnen sich die Tresor-Türen: Mehr als 10.000 in den USA installierte vermeintlich smarte Tresore sollen sich so knacken lassen. Die Spuren lassen sich dabei restlos verwischen.
---------------------------------------------
http://heise.de/-2765663
*** Why is Passive Mixed Content so serious? ***
---------------------------------------------
One of the most important tools in web security is Transport Layer Security (TLS). It not only protects sensitive information during transit, but also verifies that ..
---------------------------------------------
https://blog.whitehatsec.com/why-is-passive-mixed-content-so-serious/
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 28-07-2015 18:00 − Mittwoch 29-07-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** New RC4 Attack ***
---------------------------------------------
New research: "All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS," by Mathy Vanhoef and Frank Piessens: Abstract: We present new biases in RC4, break the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP), and design a practical ..
---------------------------------------------
https://www.schneier.com/blog/archives/2015/07/new_rc4_attack_1.html
*** Cisco UCS Central Software File Access Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40151
*** Cisco AnyConnect Secure Mobility Client Local Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40176
*** SweetCAPTCHA Returns Hijacking Another Plugin ***
---------------------------------------------
Yesterday we observed a strange short return of the SweetCaptcha plugin to WordPress.org repository. In June we reported that SweetCaptcha injected third-party ad code to their scripts which lead to malvertising problems on the ..
---------------------------------------------
https://blog.sucuri.net/2015/07/sweetcaptcha-returns-hijacking-another-plug…
*** CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure ***
---------------------------------------------
An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.
---------------------------------------------
https://kb.isc.org/article/AA-01272
*** Trend Micro Discovers Vulnerability That Renders Android Devices Silent ***
---------------------------------------------
We have discovered a vulnerability in Android that can render a phone apparently dead - silent, unable to make calls, with a lifeless screen. This vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-disc…
*** Hackers Can Disable a Sniper Rifle - Or Change Its Target ***
---------------------------------------------
If a hacker attacks your TrackingPoint smart gun over its Wi-Fi connection, you may find the weapon is aiming at a different target than you think.
---------------------------------------------
http://www.wired.com/2015/07/hackers-can-disable-sniper-rifleor-change-targ…
*** Eigene Keys zum Verschlüsseln der Google Cloud Platform ***
---------------------------------------------
Nutzer der Google Cloud Platform können ihre Umgebung nun mit eigenen Keys verschlüsseln. So sollen weder Betreiber noch Externe Zugriff auf die Daten erhalten.
---------------------------------------------
http://heise.de/-2764751
*** Phishing: Betrüger zocken Nutzer mit "WhatsApp Gold" ab ***
---------------------------------------------
Fake-Angebot lockt mit "besserer Audioqualität" und größeren Gruppen – bringt aber nur Werbung
---------------------------------------------
http://derstandard.at/2000019919056
*** A third of workers admit theyd leak sensitive biz data for peanuts ***
---------------------------------------------
And three per cent of employees would consider offers as low as 100 pound. A third of employees would sell information on company patents, financial records and customer credit card details ..
---------------------------------------------
www.theregister.co.uk/2015/07/29/third_workers_would_leak_data_cash/
*** Die Git-Stolperfalle: Viele Webseiten geben sensible Daten preis ***
---------------------------------------------
Wenn Web-Admins beim Hochladen von Projekten nicht aufpassen, stellen sie unter Umständen ohne es mitzubekommen Passwort-Datenbanken und weitere schützenswerte Daten zum Abruf für jedermann bereit.
---------------------------------------------
http://heise.de/-2764756
*** Remote code execution via serialized data ***
---------------------------------------------
Most programming languages contain powerful features, that used correctly are incredibly powerful, but used incorrectly can be incredibly dangerous. Serialization (and deserialization) is one such feature available in most modern programming ..
---------------------------------------------
https://securityblog.redhat.com/2015/07/29/remote-code-execution-via-serial…
*** Analyzing VUPEN's CVE-2012-1856 ***
---------------------------------------------
Quite some time ago (more than a year before the HackingTeam leaks) I came across a number of interesting exploit samples that make use of CVE-2012-1856. With the recent HackingTeam leaks a ..
---------------------------------------------
http://blog.ropchain.com/2015/07/27/analyzing-vupens-cve-2012-1856/
*** Sicherheitsupdate von Chrysler gefährlicher als Hack ***
---------------------------------------------
Zum Schließen einer Sicherheitslücke, die eine Fernsteuerung des Autos ermöglichen könnte, bot Chrysler den Download von ".exe"- und ".zip"-Dateien für die Autoelektronik an.
---------------------------------------------
http://fm4.orf.at/stories/1761148/
*** Windows 10 Shares Your Wi-Fi With Contacts ***
---------------------------------------------
Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giants latest operating system -- Windows 10. But theres a very important security caveat that users should know about before transitioning to the ..
---------------------------------------------
http://krebsonsecurity.com/2015/07/windows-10-shares-your-wi-fi-with-contac…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 27-07-2015 18:00 − Dienstag 28-07-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Cisco Firepower 9000 Series Unauthenticated Web Page Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40136
*** Cisco Email Security Appliance AsyncOS Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40172
*** Angler Exploit Kit Used to Find and Infect PoS Systems ***
---------------------------------------------
An attack aiming to infect PoS systems was found using the Angler Exploit Kit to push a PoS reconnaissance Trojan,This Trojan, detected as TROJ_RECOLOAD.A, checks for multiple conditions in the infected system like if it is a PoS machine or part of a PoS ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/angler-exploit-k…
*** PHP File Manager hat gravierende Sicherheitslücken ***
---------------------------------------------
Seit Jahren ungepatchte Schwachstellen im PHP File Manager gefährden zahlreiche Server, darunter auch von großen Unternehmen. Der Hersteller reagiert nicht auf Anfragen
---------------------------------------------
http://www.golem.de/news/security-php-file-manager-hat-gravierende-sicherhe…
*** 2. Konferenz zur Cyber Security Challenge: Das Programm steht ***
---------------------------------------------
Die Gefahren und andererseits die Möglichkeiten zum Schutz und der Prävention vor Cyberangriffen sind das zentrale Thema der 2. Konferenz zur Cyber Security Challenge Germany Mitte September in Berlin.
---------------------------------------------
http://heise.de/-2761878
*** [2015-07-28] McAfee Application Control multiple vulnerabilities ***
---------------------------------------------
McAfee Application Control contains multiple vulnerabilities which can be used by an attacker to bypass the provided application whitelisting protection and attack availability of the system. Moreover, the identified vulnerabilities negatively affect the security of the underlying operating system.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2015…
*** IMI 2015 - IT meets Industry 29.-30. September 2015 ***
---------------------------------------------
Interconnecting IT and Automation offers great opportunities for the operation of industrial production sites. However, this may carry along some complex risks. With the title “IT meets Industry” IMI 2015 brings together the ICS- and IT-Community. The goal: make the most of opportunities – and minimise risks.
---------------------------------------------
https://it-meets-industry.de/
*** Honeynet-Projekt analysiert Gefahren für Industrie 4.0 ***
---------------------------------------------
Acht Monate lang beobachteten Experten des TÜV SÜD, welche Angriffe von wo aus auf ihr simuliertes Wasserwerk erfolgten. Ihre Erkenntnisse sollten arglose Unternehmen spätestens jetzt wachrütteln.
---------------------------------------------
http://heise.de/-2763978
*** Aaron Zauner presented preliminary results on TLS usage in email ***
---------------------------------------------
Aaron Zauner presented our preliminary results on the usage of TLS in the email ecosystem at the IETF meeting last week. As part of our project TLSiP we are actively scanning the Internet (/0) for TLS configurations as well as its problems with it. As ..
---------------------------------------------
https://www.sba-research.org/2015/07/28/aaron-zauner-presented-preliminary-…
*** The Russian Underground - Revamped ***
---------------------------------------------
When big breaches happen and hundreds of millions of credit card numbers and SSNs get stolen, they resurface in other places. The underground now offers a vast landscape of shops, where criminals can buy credit cards and other things at irresistible prices. Million dollar breaches News and media coverage ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/the-russian-unde…
*** Cisco 2015 Midyear Security Report [PDF] ***
---------------------------------------------
http://www.cisco.com/web/offers/pdfs/cisco-msr-2015.pdf
*** Security: Apples App Store als Einfallstor für Schadcode ***
---------------------------------------------
Über eine Schwachstelle in der Verarbeitung von Belegen für Einkäufe in Apples App Store lässt sich Code auf fremden Rechnern einschleusen.
---------------------------------------------
http://www.golem.de/news/security-apples-app-store-als-einfallstor-fuer-sch…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 24-07-2015 18:00 − Montag 27-07-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Multiple Cisco Products LDAP Server SSL Certificate Validation Vulnerability ***
---------------------------------------------
A vulnerability in SSL certificate validation of multiple Cisco products could allow an unauthenticated, remote attacker to stage a man-in-the-middle attack. The vulnerability is due to lack of SSL certificate validation for secure LDAP. An attacker could exploit this vulnerability to stage a man-in-the-middle attack when ..
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40137
*** IT-Sicherheit bei smarten Autos "viel zu lange ignoriert" ***
---------------------------------------------
Nach dem Hack eines Jeeps gibt es Einigung darüber, dass noch viel Nachholbedarf besteht
---------------------------------------------
http://derstandard.at/2000019712190
*** DSA-3317 lxc - security update ***
---------------------------------------------
Several vulnerabilities have been discovered in LXC, the LinuxContainers userspace tools. Roman Fiedler discovered a directory traversal flaw in LXC when creating lock files. A local attacker could exploit this flaw to create an arbitrary ..
---------------------------------------------
https://www.debian.org/security/2015/dsa-3317
*** Hacking Team: "Wir sind das Opfer" ***
---------------------------------------------
Der Hersteller von aggressiver Überwachungs-Software sieht sich als einziges Opfer in der Affäre um die Veröffentlichung von Daten, die die Zusammenarbeit des Unternehmens mit autoritären Staaten belegen sollen.
---------------------------------------------
http://heise.de/-2763077
*** WP Statistics <= 9.4 - SQL Injection ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8116
*** WP Slimstat <= 4.1.5.2 - Referer Header Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8117
*** Password Hashing Competition: Hashfunktion Argon2 gewinnt Wettbewerb ***
---------------------------------------------
In einem Wettbewerb ist nach neuen Hashfunktionen gesucht worden, die sich für das Hashen von Passwörtern eignen. Jetzt steht der Gewinner fest: Argon2, entwickelt von einem Team an der Universität Luxemburg.
---------------------------------------------
http://www.golem.de/news/password-hashing-competition-hashfunktion-argon2-g…
*** Security: Zahlreiche Steam-Konten gehackt ***
---------------------------------------------
Die Steam-Konten mehrerer Twitch-Streamer wurden offenbar von Unbekannten übernommen. Sie nutzen einen Fehler in der Anmeldefunktion aus. Valve hat bereits ein Update bereitgestellt.
---------------------------------------------
http://www.golem.de/news/security-zahlreiche-steam-konten-gehackt-1507-1154…
*** Advertising hijacking made by Invisible rogue mobile apps are wasting petabytes of data a day ***
---------------------------------------------
Mobile Malware is growing and crooks are targeting the advertising industry to redirect users to ad pages in a sort of Advertising hijacking. Mobile Malware is growing and crooks are targeting the advertising industry with malicious ..
---------------------------------------------
http://securityaffairs.co/wordpress/38885/cyber-crime/mobile-advertising-hi…
*** Citrix XenServer Multiple Security Updates ***
---------------------------------------------
A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to crash the host ...
---------------------------------------------
http://support.citrix.com/article/CTX201145
*** ManageEngine Exchange Reporter Plus Auth Bypass / Arbitrary SQL Statement Execution ***
---------------------------------------------
The ManageEngine Exchange Reporter product installs a JBoss server which listens on default port 8181 (tcp/http) for incoming requests. It offers an admin panel on that port. Without authorization/authentication it is possible to ..
---------------------------------------------
https://blogs.securiteam.com/index.php/archives/2533
*** Experts Found a Unicorn in the Heart of Android ***
---------------------------------------------
Gaining remote code execution privileges merely by having access to the mobile number? Enter Stagefright. The targets for this kind of attack can be anyone from Prime ministers, govt. officials, company executives, security officers to IT managers.
---------------------------------------------
http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 23-07-2015 18:00 − Freitag 24-07-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Four Zero Days Disclosed in Internet Explorer Mobile ***
---------------------------------------------
[...] The four vulnerabilities originally were reported to Microsoft as affecting IE on the desktop, and later on it was discovered that they also affected IE Mobile on Windows Phones. Microsoft has patched all of the vulnerabilities in the desktop version of the browser, but the bugs remain open on IE Mobile. ZDI’s original advisories on these flaws said that they were zero days on Internet Explorer, as well. The company updated the advisories late Thursday to reflect the fact that the bugs only affect IE Mobile.
---------------------------------------------
http://threatpost.com/four-zero-days-disclosed-in-internet-explorer/113911
*** Fixing hundreds of websites in one day ***
---------------------------------------------
Remedying Angler infections in Switzerland In recent weeks the Angler exploit kit has become the dominating tool for DriveBy attacks. Cleaning Angler compromised web servers is a challenge which has been well mastered in Switzerland, thanks to the close collaboration...
---------------------------------------------
http://securityblog.switch.ch/2015/07/24/fixing-hundreds-of-websites-in-one…
*** The OpenSSH Bug That Wasnt ***
---------------------------------------------
Much has been written about a purported OpenSSH vulnerability. On closer inspection, the reports actually got most of their facts wrong. Read on for the full story.It all started with a blog post dated July 16, 2015, titled OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass), where the TL;DR is that its possible to get an almost infinite number of tries at authentication -- good for bruteforce password guessing, for example -- if you only tickle the...
---------------------------------------------
http://bsdly.blogspot.com/2015/07/the-openssh-bug-that-wasnt.html
*** Malicious Google Analytics Referral Spam ***
---------------------------------------------
Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your comment systems and crawling for vulnerable websites to attack, bots can also cause a lot of confusion in your website traffic reporting systems. If you use analytics software on yourRead More The post Malicious Google Analytics Referral Spam appeared first on Sucuri Blog.
---------------------------------------------
https://blog.sucuri.net/2015/07/malicious-google-analytics-referral-spam.ht…
*** libuser vulnerabilities ***
---------------------------------------------
It was discovered that the libuser library contains two vulnerabilities which, in combination, allow unprivileged local users to gain root privileges. libuser is a library that provides read and write access to files like /etc/passwd, which constitute the system user...
---------------------------------------------
https://securityblog.redhat.com/2015/07/23/libuser-vulnerabilities/
*** Emerging Web Infrastructure Threats ***
---------------------------------------------
A secure cloud relies on some weak Internet infrastructure with some new BGP vulnerabilities that will be disclosed at Black Hat USA.
---------------------------------------------
http://www.darkreading.com/cloud/emerging-web-infrastructure-threats/d/d-id…
*** Boffins sting spooks with HORNET onion router ***
---------------------------------------------
Spies eyss will water with effort as they try to slice into 93 Gb/s Tor cousin Five academics have developed a Tor alternative network that can handle up to 93 Gb/s of traffic while maintaining privacy.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/07/24/hornet_high…
*** SANS ICS Amsterdam 2015 - 22-28 September, 2015 ***
---------------------------------------------
SANS ICS Amsterdam 2015 remains open for registration. This dedicated event for those tasked with securing Industrial Control Systems will be led by SANS ICS/SCADA Instructors and subject-matter experts from across the globe.
---------------------------------------------
https://www.sans.org/event/ics-amsterdam-2015
*** IT-Sicherheitsgesetz tritt in Kraft ***
---------------------------------------------
Das "Gesetz zur Erhöhung der Sicherheit informationstechnischer Systeme" bringt zunächst verschärfte Anforderungen für Serveradmins und Meldepflichten für Provider sowie Kernkraftwerksbetreiber mit sich.
---------------------------------------------
http://www.heise.de/newsticker/meldung/IT-Sicherheitsgesetz-tritt-in-Kraft-…
*** How to manage PCI DSS 3.1 Requirement 6.6 for your web applications ***
---------------------------------------------
One of the PCI DSS 3.1 requirements is Requirement 6.6 dedicated to web application security. In this blog post we will try to understand how to comply with the requirement in cost-efficient manner.
---------------------------------------------
https://www.htbridge.com/blog/how-to-manage-pci-dss-3-1-requirement-6-6-for…
*** SweetCaptcha Returns Hijacking Another Plugin ***
---------------------------------------------
Yesterday we observed a strange short return of the SweetCaptcha plugin to WordPress.org repository. In June we reported that SweetCaptcha injected third-party ad code to their scripts which lead to malvertising problems on the sites that used this CAPTCHA service. After that incident, the SweetCaptcha WordPress plugin had been removed from the official plugin repository.Read More The post SweetCaptcha Returns Hijacking Another Plugin appeared first on Sucuri Blog.
---------------------------------------------
https://blog.sucuri.net/2015/07/sweetcaptcha-returns-hijacking-another-plug…
*** DSA-3314 typo3-src - end of life ***
---------------------------------------------
Upstream security support for Typo3 4.5.x ended three months ago and thesame now applies to the Debian packages as well.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3314
*** userhelper/libuser Multiple vulns ***
---------------------------------------------
Topic: userhelper/libuser Multiple vulns Risk: Medium Text:Qualys Security Advisory CVE-2015-3245 userhelper chfn() newline filtering CVE-2015-3246 libuser passwd file handling ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015070115
*** Siemens RuggedCom ROS and ROX-based Devices TLS POODLE Vulnerability (UPDATE A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-15-202-03 Siemens RuggedCom ROS and ROX-based Devices TLS POODLE Vulnerability that was published July 22, 2015 on the ICS-CERT web site. This advisory provides mitigation details for a Transport Layer Security Padding Oracle On Downgraded Legacy Encryption vulnerability in the web interface of the Siemens RuggedCom ROS and ROX-based devices.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 22-07-2015 18:00 − Donnerstag 23-07-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Flash zero-day monster Angler dominates exploit kit crime market ***
---------------------------------------------
If only you could buy shares SophosLabs researcher Fraser Howard says the Angler exploit kit is dominating the highly-competitive underground malware market, growing from exploding a quarter to 83 percent of market share within nine months .
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/07/23/sophos_angl…
*** Hintergrund: Das Geschäft mit den Zero Days ***
---------------------------------------------
Der Verkauf von bisher unbekannten Sicherheitslücken, sogenannten Zero Days, scheidet die Geister. Manche halten dieses Geschäft für unmoralisch, andere sagen, es sollte illegal sein. Vor allem ist es aber wohl sehr lukrativ.
---------------------------------------------
http://heise.de/-2757303
*** Security: Schwachstelle erlaubt lokale Rechteausweitung in OS X 10.10 ***
---------------------------------------------
Ein Fehler in Apples OS X 10.10.4 erlaubt es, sich administrative Privilegien zu verschaffen. Die Schwachstelle kann nur lokal ausgenutzt werden und wurde in der Beta von OS X 10.11 bereits behoben.
---------------------------------------------
http://www.golem.de/news/security-schwachstelle-erlaubt-lokale-rechteauswei…
*** 3 important questions raised by Wired's car hack ***
---------------------------------------------
Wired.com broke a shocking but hardly surprising story on July 21st. The reporter was driving his Jeep on the highway when strange things started to happen. First the fan and radio went on and later the whole car came to a stop. On the highway! Andy Greenburg was not in control of the car anymore.
---------------------------------------------
http://safeandsavvy.f-secure.com/2015/07/23/3-important-questions-raised-by…
*** Löchrige VMs: Den PGP-Schlüssel des Nachbarn klauen ***
---------------------------------------------
Teilt man sich auf einem virtuellen Server die gleiche Hardware mit anderen VMs, kann man diese ausspionieren. Dabei lassen sich auf überraschend vielen Wegen Side-Channel-Angriffe durchführen.
---------------------------------------------
http://heise.de/-2760695
*** Hacking Team: a zero-day market case study ***
---------------------------------------------
This article documents Hacking Teams third-party acquisition of zero-day (0day) vulnerabilities and exploits. The recent compromise of Hacking Teams email archive offers one of the first public case studies of the market for 0days. Because of its secretive nature, this market has been the source of endless debates on the ethics of its participants. The archive also offers insight into the capabilities and limits of offensive-intrusion software developers. Hacking Team was seriously exploit...
---------------------------------------------
http://tsyrklevich.net/2015/07/22/hacking-team-0day-market/
*** Securing Cookies using HTTP Headers ***
---------------------------------------------
In the previous articles in this series on defending against web attacks using HTTP headers, we have seen the usage of X-Frame-Options and X-XSS-Protection headers. In this article, we will see some HTTP headers to secure cookies. Introduction: Cookies are one of the most sensitive items during a user's session. An authentication cookie is as...
---------------------------------------------
http://resources.infosecinstitute.com/defending-against-web-attacks-using-h…
*** Another Day, Another Patch ***
---------------------------------------------
FreeBSD users were treated this week to an interesting new denial of service attack vector. All supported versions of the OS are affected by the bug, which has now been patched. Junos OS, which is based on FreeBSD, is also affected. If you're a FreeBSD admin and you haven't patched, feel free to disappear now and do so. Don't worry, we'll be here when you're done - Right, now that's out of the way, we can peruse the vulnerability at our leisure. The bug...
---------------------------------------------
https://blog.team-cymru.org/2015/07/another-day-another-patch/
*** SBA Afterworks Summer Special: Hacking Team Hacked? => Lessons Learned! ***
---------------------------------------------
August 06, 2015 - 5:00 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien
---------------------------------------------
https://www.sba-research.org/events/security-afterworks-hacking-team-hacked…
*** Sicherheitsupdate für WordPress ***
---------------------------------------------
WordPress 4.2.3 stopft unter anderem ein Sicherheitsloch, durch die Nutzer mit bestimmten Rechten die gesamte Site kompromittieren können.
---------------------------------------------
http://heise.de/-2761788
*** Microsofts Advanced Threat Analytics soll Firmennetze schützen ***
---------------------------------------------
Microsoft will Firmennetze mit Advanced Threat Analytics gegen Angriffe und Eindringlinge wappnen. Die Software setzt am Active Directory an, soll lernfähig sein und präsentiert Verdächtiges in einer Zeitleiste.
---------------------------------------------
http://heise.de/-2761360
*** Cisco IOS Software TFTP Server Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Application Policy Infrastructure Controller Access Control Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco IOS XR LPTS Network Stack Remote Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40068
*** Security Advisory: PCRE library vulnerability CVE-2015-2325 ***
---------------------------------------------
(SOL16983)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/900/sol16983.htm…
*** Security Advisory: Multiple PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026 ***
---------------------------------------------
(SOL16993)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/900/sol16993.htm…
*** DSA-3312 cacti - security update ***
---------------------------------------------
Multiple SQL injection vulnerabilities were discovered in cacti, a webinterface for graphing of monitoring systems.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3312
*** DSA-3313 linux - security update ***
---------------------------------------------
Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a privilege escalation or denial of service.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3313
*** EMC Avamar Lets Remote Users Traverse the Directory to View Files on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1033026
*** USN-2676-1: NBD vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-2676-122nd July, 2015nbd vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in NBD.Software description nbd - Network Block Device protocol DetailsIt was discovered that NBD incorrectly handled IP address matching. Aremote attacker could use this issue with an IP address that has a partialmatch and bypass access restrictions. This...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2676-1/
*** Time Tracker - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-135 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-135Project: Time Tracker (third-party module)Version: 7.xDate: 2015-July-22Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Scripting, Multiple vulnerabilitiesDescriptionThis module enables you to track time on entities and comments.The module doesnt sufficiently filter notes added to time entries, leading to an XSS/JavaScript injection vulnerability. This vulnerability is mitigated by...
---------------------------------------------
https://www.drupal.org/node/2537866
*** OSF for Drupal - Critical - Multiple vulnerabilities - SA-CONTRIB-2015-134 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-134Project: OSF for Drupal (third-party module)Version: 7.xDate: 2015-July-22Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Scripting, Access bypass, Cross Site Request ForgeryDescriptionThe Open Semantic Framework (OSF) for Drupal is a middleware layer that allows structured data (RDF) and associated vocabularies (ontologies) to "drive" tailored tools and data displays within...
---------------------------------------------
https://www.drupal.org/node/2537860
*** FTC Uconnect Vulnerability ***
---------------------------------------------
NCCIC/ICS-CERT is aware of a public report and video of researchers demonstrating remote exploits on a magazine reporter's automobile. The report and video focus on unauthorized remote access to the Fiat Chrysler Automobile (FCA) Connect automotive infotainment system. ICS-CERT is issuing this alert to provide notice of this report and video, and that a patch is available from the FCA.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-203-01
*** WordPress 4.2.3 Security and Maintenance Release ***
---------------------------------------------
July 23, 2015
---------------------------------------------
https://wordpress.org/news/2015/07/wordpress-4-2-3/
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in current releases of IBM WebSphere Real Time ***
http://www.ibm.com/support/docview.wss?uid=swg21962496
*** IBM Security Bulletin: Current Release of IBM SDK for Node.js in IBM Bluemix is affected by CVE-2015-5380 ***
http://www.ibm.com/support/docview.wss?uid=swg21962754
*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tealeaf Customer Experience (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21959030
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2015-4000, CVE-2015-0478, CVE-2015-1916). ***
http://www.ibm.com/support/docview.wss?uid=swg21962216
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK (CVE-2015-0478, CVE-2015-0488, and CVE-2015-1916) and with Diffie-Hellman ciphers (CVE-2015-4000) may affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID) ***
http://www.ibm.com/support/docview.wss?uid=swg21961812
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron (CVE-2015-0478, CVE-2015-0488) ***
http://www.ibm.com/support/docview.wss?uid=swg21961728
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Workload Deployer (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293) ***
http://www.ibm.com/support/docview.wss?uid=swg21962334
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool (CVE-2015-0410 and CVE-2014-6593) ***
http://www.ibm.com/support/docview.wss?uid=swg21962370
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 21-07-2015 18:00 − Mittwoch 22-07-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** WP-CLI Guide: Secure WordPress Backup and Update ***
---------------------------------------------
Welcome to our second post in the series on WP-CLI for WordPress management over SSH. In our previous post, we discussed how to get your SSH credentials and use WP-CLI to connect to your website over the command line. Before we get into changing anything, we'll show you how to back up your database and compress...
---------------------------------------------
https://blog.sucuri.net/2015/07/wp-cli-guide-secure-wordpress-backup-update…
*** Exclusive: Visa application portal closed following SC Magazine investigation ***
---------------------------------------------
VFS Global closes visa application portal following SC Magazine investigation. Editable Schengen visa application forms accessed FOUR DAYS after operating company VFS Global said a vulnerability had been fixed.
---------------------------------------------
http://www.scmagazine.com/exclusive-visa-application-portal-closed-followin…
*** Free security tools help detect Hacking Team malware ***
---------------------------------------------
Vulnerabilities and other threats exposed in the Hacking Team leaks has spurred Rook Security and Facebook to each release free security tools.
---------------------------------------------
http://www.scmagazine.com/rook-security-facebook-release-free-security-tool…
*** "Super-Spion": Android-Überwachungssoftware von Hacking Team nutzt allerhand schmutzige Tricks ***
---------------------------------------------
Eine Analyse der Spionage-App RCSAndroid zeigt umfassende Ausspähfunktionen auf. Die Infektion erfolgt über Exploits - und möglicherweise auch Google Play.
---------------------------------------------
http://heise.de/-2759365
*** Introduction to Alternate Data Streams ***
---------------------------------------------
In this post, we defined what is an alternate data stream (ADS), showed how it can be created and read, and how one can remove unwanted ADS.Categories: All Things DevTags: adsalternate data streamsPieter Arntzpowershellstreams(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/development/2015/07/introduction-to-alternate…
*** Think your website isn't worth anything to hackers? Think again ***
---------------------------------------------
Have you ever thought about the cost of your website compromise?
---------------------------------------------
https://www.htbridge.com/blog/think-your-website-isn-t-worth-anything-to-ha…
*** l+f: Falsche Microsoft-Techniker simulieren falsche Bluescreens ***
---------------------------------------------
Die Telefonabzocker, die sich als Microsoft-Techniker ausgeben, haben sich eine neue Masche überlegt - und sind jetzt auch telefonisch erreichbar.
---------------------------------------------
http://heise.de/-2760509
*** DFN-CERT-2015-1107: FreeBSD, Transmission Control Protocol (TCP): Eine Schwachstelle erlaubt einen Denial-of-Service-Angriff ***
---------------------------------------------
Eine Schwachstelle im Transmission Control Protocol (TCP) der TCP/IP Protocol Suite ermöglicht einem entfernten, nicht authentisierten Angreifer einen kompletten Denial-of-Service-Zustand zu bewirken.
Von der Schwachstelle sind alle derzeit unterstützten FreeBSD-Versionen betroffen. Sicherheitsupdates stehen bereit.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1107/
*** IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us
*** Cisco IOS XR Concurrent Data Management Replication Process BGP Process Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40067
*** Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40021
*** [R1] PHP < 5.4.43 Vulnerability Affects Tenable SecurityCenter ***
---------------------------------------------
http://www.tenable.com/security/tns-2015-09
*** Hospira Symbiq Infusion System Vulnerability ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on June 23, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory provides compensating measures for a vulnerability in the Hospira Symbiq Infusion System.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01
*** Counter-Strike 1.6 GameInfo Query Reflection DoS ***
---------------------------------------------
Topic: Counter-Strike 1.6 GameInfo Query Reflection DoS Risk: Medium Text:#!/usr/bin/perl # # Counter-Strike 1.6 GameInfo Query Reflection DoS # Proof Of Concept # # Copyright 2015 (c) Todor ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015070103