Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - Dienstag 7-07-2015
by Daily end-of-shift report 07 Jul '15

07 Jul '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 06-07-2015 18:00 − Dienstag 07-07-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Security Advisory: BIG-IQ remote authentication vulnerability CVE-2015-4637 *** --------------------------------------------- When remote authentication is configured on the BIG-IQ system for a LDAP server that allows anonymous BIND operations, a unauthenticated user may obtain an authentication token from the REST API for any known (or guessed) LDAP user account and will receive all the access and privileges of that user account for REST API calls. (CVE-2015-4637) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/16000/800/sol16861.htm… *** Fraudulent BatteryBot Pro App Yanked from Google Play *** --------------------------------------------- A malicious Android app spoofing the popular BatteryBot Pro app has been pulled from Google Play. Researchers at Zscaler reported the app, which had a package name of com.polaris.BatteryIndicatorPro. The app requested excessive permissions from the user in an attempt to get full control of an .. --------------------------------------------- http://threatpost.com/fraudulent-batterybot-pro-app-yanked-from-google-play… *** Malvertisement - A Nuclear EK Tale *** --------------------------------------------- Over the past couple of years delivering malware via advertisements, or "malvertisement," has become one of the most popular methods of distribution for exploit kits. Like most trends in the world of Internet security, the longer it endures - the .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Malvertisement-%e2%80%9… *** Social Engineering - A Case Study *** --------------------------------------------- In this article, I am going to illustrate a real life social engineering hack that I did it for my friend. My friend saw some property ads on internet. He filled the query form for that ad, and after a day he got a call fraudulent call .. --------------------------------------------- http://resources.infosecinstitute.com/social-engineering-a-case-study/ *** Two major IT-Security Myths debunked *** --------------------------------------------- There are two statements G DATA’s security experts hear and read time and again: “I do not surf on porn websites, my computer can’t get infected” as well as “my computer does not hold anything valuable and I have nothing to hide – why should I be a target?” It would be a pleasure to confirm this, but, unfortunately, we do not live in an ideal world. The company’s latest Malware Report underlines why such sentences should be regarded as myths and IT-Security is important for everyone. --------------------------------------------- https://blog.gdatasoftware.com/blog/article/two-major-it-security-myths-deb… *** NewStatPress <= 1.0.4 - Reflected Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8081 *** NewStatPress <= 1.0.4 - SQL Injection *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8080 *** Safer Internet *** --------------------------------------------- Anna is the director of a small kindergarten in Zurich. To give the kindergarten a home on the Internet, she registered a domain name and put up a website where parents can get up-to-date information about the kindergarten. A friend .. --------------------------------------------- http://securityblog.switch.ch/2015/07/07/safer-internet/ *** Kritischer OpenSSL-Patch voraus *** --------------------------------------------- Mit einer kurzen Notiz verkündet Mark J. Cox, dass man Donnerstag, den 9. Juli, ein Sicherheits-Update für OpenSSL veröffentlichen wolle. Dies sei der höchsten Sicherheitsstufe zuzurechnen (high). Das bedeutet, dass gängige Konfigurationen betroffen sind und die Lücke sich wahrscheinlich ausnutzen lässt, um Denial-of-Service-Angriffe durchzuführen, Daten zu klauen oder sogar betroffene System zu kapern. --------------------------------------------- http://heise.de/-2739804 *** Landeskriminalamt Salzburg warnt vor gefälschten Paketdienst-E-Mails *** --------------------------------------------- In Salzburg sind derzeit verstärkt Internet-Betrüger aktiv. Die Polizei warnt akut vor gefälschten E-Mails im Namen bekannter Paketdienste, die vorgeben, dass eine Postsendung unterwegs sei. Über einen Link könne man den aktuellen Paketstatus abrufen. Ein Klick darauf installiert in Wirklichkeit aber die Schadsoftware "CryptoLocker", welche die auf der Festplatte gespeicherten Daten verschlüsselt. --------------------------------------------- http://derstandard.at/2000018700461 *** Fuzzing: Auf Fehlersuche mit American Fuzzy Lop *** --------------------------------------------- Programme testweise mit massenhaft fehlerhaften Daten zu füttern, ist eine effektive Methode, um Fehler zu finden. Das sogenannte Fuzzing ist schon seit Jahrzehnten bekannt, doch bessere Tools und einige spektakuläre Funde von Sicherheitslücken haben zuletzt das Interesse daran erneut geweckt. --------------------------------------------- http://www.golem.de/news/fuzzing-auf-fehlersuche-mit-american-fuzzy-lop-150… *** New Android Malware Family Evades Antivirus Detection by Using Popular Ad Libraries *** --------------------------------------------- Unit 42 discovered a new family of Android malware that successfully evaded all antivirus products on the VirusTotal web service. We named this malware family 'Gunpoder' based on the main malicious component name, .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2015/07/new-android-malware-fami… *** Hacked Hacking Team *** --------------------------------------------- Wie ja seit gestern gross durch die diversen Medien getrommelt wird (siehe etwa heise.de, derstandard.at), wurde das Unternehmen "Hacking Team" anscheinend selbst Opfer eines Angriffs. In den dabei geleakten Daten sind auch etliche Hinweise auf bislang unbekannte Exploits ("0-days") zu finden. Leider fehlt uns die Kapazität, die gesamten geleakten Daten (gut 160.000 Dateien mit insg. rund 400GB!) in endlicher Zeit selbst zu analysieren, daher müssen wir uns dabei auf die Community verlassen. --------------------------------------------- http://www.cert.at/services/blog/20150707141314-1556.html *** Attack of the Zombie Orkut Phishing Pages *** --------------------------------------------- Sometimes long dead websites are targeted by phishing pages. When those sites made use of single sign-on, the danger will never quite go away. Orkut may be gone, but the fake login pages persist .. --------------------------------------------- https://blog.malwarebytes.org/fraud-scam/2015/07/attack-of-the-zombie-orkut…

1 0

Tageszusammenfassung - Montag 6-07-2015
by Daily end-of-shift report 06 Jul '15

06 Jul '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 03-07-2015 18:00 − Montag 06-07-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** [20150602] - Core - CSRF Protection *** --------------------------------------------- http://developer.joomla.org/security-centre/618-20150602-core-remote-code-e… *** [20150601] - Core - Open Redirect *** --------------------------------------------- http://developer.joomla.org/security-centre/617-20150601-core-open-redirect… *** This 20-year-old Student Has Written 100 Malware Programs in Two Years *** --------------------------------------------- Security firm Trend Micro has identified a 20-year-old Brazilian college student responsible for developing and distributing over 100 Banking Trojans selling each for around .. --------------------------------------------- http://thehackernews.com/2015/07/student-hacker.html *** A .BUP File Is An OLE File *** --------------------------------------------- Yesterday I mentioned that McAfee quarantine files on Windows (.BUP extension) are actually OLE files. Im going to write a couple of diary entries highlighting some file types that are OLE files, and .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19869 *** MMD-0036-2015 - KINS (or ZeusVM) v2.0.0.0 tookit (builder & panel) leaked. *** --------------------------------------------- The background KINS (or ZeusVM to be precised) v2.0.0.0 tookit (builder & panel) was leaked and spread all over the internet. On Jun 26th 2015 we were informed about this and after several internal discussion, considering that: "so .. --------------------------------------------- http://blog.malwaremustdie.org/2015/07/mmd-0036-2015-kins-or-zeusvm-v2000.h… *** A fileless Ursnif doing some POS focused reco *** --------------------------------------------- http://malware.dontneedcoffee.com/2015/07/a-fileless-ursnif-doing-some-pos.… *** BizCN gate actor changes from Fiesta to Nuclear exploit kit *** --------------------------------------------- Introduction An actor using gates registered through BizCN recently switched from Fiesta to Nuclear exploit kit (EK). This happened around last month, and we first noticed the change on 2015-06-15. I started writing about this actor in 2014 .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19875 *** Don't Be Fooled By Phony Online Reviews *** --------------------------------------------- The Internet is a fantastic resource for researching the reputation of companies with which you may wish to do business. Unfortunately, this same ease-of-use can lull the unwary into falling for marketing scams originally perfected .. --------------------------------------------- http://krebsonsecurity.com/2015/07/dont-be-fooled-by-phony-online-reviews/ *** Spionagefirma Hacking Team: "Feind des Internets" selbst gehackt *** --------------------------------------------- Die italienische Überwachungsfirma Hacking Team wurde selbst Opfer eines massiven Hacks: Eindringlinge konnten rund 480 GB an internen Daten übernehmen und diese als Download bereitstellen. Auch der Twitter-Account des Unternehmens wurde übernommen und in "Hacked Team" umbenannt. Die veröffentlichten Informationen .. --------------------------------------------- http://derstandard.at/2000018630550 *** Blue-Pill-Lücke in Xen geschlossen *** --------------------------------------------- In der langen Liste der Sicherheits-Verbesserungen von Xen 4.5.1 finden sich auch eine Lücke, die den Ausbruch aus einer virtuellen Maschine erlaubt - und ein geheimnisvoller, noch undokumentierte Eintrag. --------------------------------------------- http://heise.de/-2736158 *** ManageEngine Password Manager Pro 8.1 SQL Injection *** --------------------------------------------- An authenticated user (even the guest user) is able to execute arbitrary SQL code using a forged request to the SQLAdvancedALSearchResult.cc. The SQL query is build manually and is not escaped properly in the AdvanceSearch.class of AdventNetPassTrix.jar. --------------------------------------------- http://cxsecurity.com/issue/WLB-2015070020 *** Insider Threats Defined *** --------------------------------------------- According to the second annual SANS survey on the security of the financial services sector, the number one threat companies are concerned about doesn’t relate to nation-states, organised criminal gangs or ‘APTs’. Rather the main worry revolves around insider threats – but what exactly is an insider threat and what can be done to detect and respond to these threats? --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/insider-threats-defined *** How to Deal with Reverse Domain Name Hijacking *** --------------------------------------------- The fact that one owns a trademark which is identical or confusingly similar to a domain name does not necessarily mean that she is entitled to that domain name. For .. --------------------------------------------- http://resources.infosecinstitute.com/how-to-deal-with-reverse-domain-name-… *** Rätselaufgaben gegen DDoS-Angriffe auf TLS *** --------------------------------------------- Ein Akamai-Mitarbeiter beschreibt, wie mit einfachen Rechenaufgaben DDoS-Angriffe durch Clients auf TLS-Verbindungen minimiert werden könnten. Die Idee ist zwar noch ein Entwurf, könnte aber als Erweiterung für TLS 1.3 standardisiert werden. --------------------------------------------- http://www.golem.de/news/ietf-raetselaufgaben-gegen-ddos-angriffe-auf-tls-1… *** AWS Best Practices for DDoS Resiliency (PDF) *** --------------------------------------------- http://d0.awsstatic.com/whitepapers/DDoS_White_Paper_June2015.pdf *** No one expect command execution ! *** --------------------------------------------- Unix is a beautiful world where your shell gives you the power of launching any command you like. But sometimes, command can be used to launch another commands, and thats sometimes unexpected. --------------------------------------------- http://0x90909090.blogspot.fr/2015/07/no-one-expect-command-execution.html

1 0

Tageszusammenfassung - Freitag 3-07-2015
by Daily end-of-shift report 03 Jul '15

03 Jul '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 02-07-2015 18:00 − Freitag 03-07-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Security Advisory: PHP vulnerability CVE-2015-4024 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/16000/800/sol16826.html *** Angler Exploit Kit Evasion Techniques Keep Cryptowall Thriving *** --------------------------------------------- Since the Angler Exploit Kit began pushing the latest version of Cryptowall ransomware, the kit has gone to great lengths to evade detection from IDS and other security technologies. The latest tactic is an almost-daily change to URL patterns used by the kit in HTTP GET requests for the Angler landing .. --------------------------------------------- http://it.slashdot.org/story/15/07/02/1829244/angler-exploit-kit-evasion-te… *** Plex: Foren des Media Servers gehackt *** --------------------------------------------- Unbekannten Angreifern ist es offenbar gelungen das zum Service gehörige Forum zu hacken, und Zugriff auf sensible Daten zu erhalten. Neben Mail-Adressen sollen dabei auch Passwort-Hashes, private Nachrichten und IP-Adressen abgegriffen worden sein. ... So wurden alle betroffenen User mittlerweile per .. --------------------------------------------- http://derstandard.at/2000018475799/Plex-Foren-des-Media-Servers-gehackt *** Cisco Adaptive Security Appliance Software OSPFv2 Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39612 *** DSA-3299 stunnel4 - security update *** --------------------------------------------- Johan Olofsson discovered an authentication bypass vulnerability inStunnel, a program designed to work as an universal SSL tunnel fornetwork daemons. When Stunnel in .. --------------------------------------------- https://www.debian.org/security/2015/dsa-3299 *** REcon Recap: Here's What Caught My Eye *** --------------------------------------------- A few weeks ago I was fortunate enough to attend REcon in Montreal, Canada. This conference focuses on reverse engineering and exploitation techniques and has been .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2015/07/recon-recap/ *** WordPress File Upload <= 2.7.6 - Multiple Vulnerabilities *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8070 *** Sicherheitsrisiko: LGs Update-App für Smartphones ist anfällig *** --------------------------------------------- Smartphones von LG sind aufgrund einer schlecht umgesetzten SSL-Verschlüsselung anfällig für Man-in-the-Middle-Attacken. Offenbar weiß der Hersteller schon länger davon, ein Patch soll das Problem beheben - auf manchen Geräten ist dieser aber noch nicht angekommen. --------------------------------------------- http://www.golem.de/news/sicherheitsrisiko-lgs-update-app-fuer-smartphones-… *** Viele VPNs plaudern wahre Identität ihrer Nutzer aus *** --------------------------------------------- Forscher finden grobe Implementationsprobleme - IPv6 und DNS-Abfragen unterwandern Sicherheit --------------------------------------------- http://derstandard.at/2000018498920 *** Mozilla: Firefox 39 schmeisst alte Krypto raus *** --------------------------------------------- SSLv3 ist aus Firefox 39 endgültig entfernt worden, und RC4 ist nur noch temporär für einige wenige Seiten erlaubt. Das Mozilla-Team erweitert den Schutz des Browsers vor Malware, daneben gibt es noch viele kleinere Neuerungen. --------------------------------------------- http://www.golem.de/news/mozilla-firefox-39-schmeisst-alte-krypto-raus-1507… *** Kovter AdFraud is updating Flash Player (and Internet Explorer) *** --------------------------------------------- Checking my systems I noticed multiple VM trying to grab last version of Flash and thought they were not properly setup allowing Flash Player to auto-update (which we do not want obviously - we want to keep them exploitable and also avoid behavioural/network noise). --------------------------------------------- http://malware.dontneedcoffee.com/2015/07/kovter-adfraud-is-updating-flash-… *** l+f: Noch mehr Hintertüren bei Cisco *** --------------------------------------------- http://heise.de/-2734480 *** Apple: EFI-Sicherheits-Update nicht für ältere Macs *** --------------------------------------------- Das Sicherheits-Update, das eine mögliche Modifikation der Firmware verhindert, steht zwar für ältere OS-X-Versionen zur Verfügung – lässt sich jedoch nur auf jüngeren Macs installieren. --------------------------------------------- http://heise.de/-2735051

1 0

Tageszusammenfassung - Donnerstag 2-07-2015
by Daily end-of-shift report 02 Jul '15

02 Jul '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 01-07-2015 18:00 − Donnerstag 02-07-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Attackers Revive Deprecated RIPv1 Routing Protocol in DDoS Attacks *** --------------------------------------------- An advisory from Akamai warns of a recent reflection style DDoS attack in which the deprecated RIPv1 routing protocol was leveraged against targets. --------------------------------------------- http://threatpost.com/attackers-revive-deprecated-ripv1-routing-protocol-in… *** EMC Documentum D2 Input Validation Flaw Lets Remote Authenticated Users Obtain Potentially Sensitive Information *** --------------------------------------------- A remote authetnicated user can send specially crafted data to inject data query language (DQL) commands and obtain potentially sensitive information from the database on the target system. ... The D2CenterstageService.getComments method is affected [CVE-2015-0547]. ... The D2DownloadService.getDownloadUrls method is affected [CVE-2015-0548]. --------------------------------------------- http://www.securitytracker.com/id/1032769 *** Updated Point-to-Point Encryption standard now provides more flexibility *** --------------------------------------------- The Payment Card Industry Security Standards Council (PCI SSC) published an important update to one of its eight security standards, simplifying the development and use of Point-to-Point Encryption (P2PE) solutions that make payment card data unreadable and less valuable to criminals if stolen in a breach. --------------------------------------------- http://www.net-security.org/secworld.php?id=18581 *** Final Year Dissertation Paper Release: An Evaluation of the Effectiveness of EMET 5.1 *** --------------------------------------------- My paper covers three separate exploits that I converted to try bypass EMET 5.1s protections as best I could and the techniques that I used to do so as well as how successful EMET 5.1 was at preventing me from exploiting the vulnerable programs. --------------------------------------------- http://tekwizz123.blogspot.co.at/2015/07/final-year-dissertation-paper-rele… *** ENISA's Udo Helmbrecht at EPP Hearing on cybersecurity *** --------------------------------------------- ENISA's Udo Helmbrecht participated at the EPP Hearing on data driven security, which took place today 1st July 2015, at the European Parliament in Brussels. Topics discussed included: Session I: New trends in digital technology developments and cyber threats to security Session II: Fighting crime: use of new technologies and use of data Session III: Cyber Security: ensuring security and safety on state and individual levels --------------------------------------------- http://www.enisa.europa.eu/media/news-items/enisa2019s-udo-helmbrecht-at-ep… *** How safe is the Windows 10 Wi-Fi sharing feature? *** --------------------------------------------- ... what worries security experts is the fact that it allows users to share access to their password-protected Wi-Fi networks with their Outlook.com contacts, Skype contacts, and Facebook friends. ... While this feature can come very handy, it could also open users to security risks. --------------------------------------------- http://www.net-security.org/secworld.php?id=18584 *** Cisco Security Advisories/Vulnerability Alerts *** --------------------------------------------- Cisco Unified Communications Domain Manager Default Static Privileged Account Credentials http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- Cisco Adaptive Security Appliance SNMP Denial of Service Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=39611 --------------------------------------------- Cisco Nexus Operating System Devices Command Line Interface Local Privilege Escalation Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=39583 --------------------------------------------- Cisco Digital Content Manager Message Processing Denial of Service Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=39556 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 1-07-2015
by Daily end-of-shift report 01 Jul '15

01 Jul '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 30-06-2015 18:00 − Mittwoch 01-07-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** What is Wi-Fi Sense and Why Does It Want Your Facebook Account? *** --------------------------------------------- Wi-Fi Sense is a feature built into Windows 10. You may see a pop-up saying "Wi-Fi Sense needs permission to use your Facebook account." It also works with Outlook.com and Skype contacts. This feature allows you to share Wi-Fi login information - network names and passphrases - with your friends. It's designed to automatically connect Windows 10 devices to shared networks. ... Wi-Fi Sense was originally a Windows Phone 8.1 feature that made the jump to desktop PCs and tablets with Windows 10. --------------------------------------------- http://www.howtogeek.com/219700/what-is-wi-fi-sense-and-why-does-it-want-yo… *** EU-Kompromiss zu Meldepflichten bei Cyberangriffen steht *** --------------------------------------------- Betreiber "wesentlicher" Infrastrukturen und Dienste in der EU müssen bald Cyberangriffe melden, für Digitalplattformen wie soziale Netzwerke sollen abgestufte Regeln gelten. Darauf haben sich EU-Rat und Parlament geeinigt. --------------------------------------------- http://www.heise.de/newsticker/meldung/EU-Kompromiss-zu-Meldepflichten-bei-… *** Apple Patches Dozens of Flaws in iOS 8.4, OS X 10.10.4 *** --------------------------------------------- Apple has released new versions of iOS and OS X, both of which include a significant number of security patches, several for bugs that can lead to remote code execution and other serious issues. Version 8.4 of iOS contains fixes for more than 30 security vulnerabilities, including bugs in the iOS kernel, WebKit, and CoreText. --------------------------------------------- http://threatpost.com/apple-patches-dozens-of-flaws-in-ios-8-4-os-x-10-10-4… *** ZDI-15-275: (0Day) SolarWinds Storage Manager AuthenticationFilter Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Manager. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-275/ *** TYPO3 CMS 6.2.14 and 7.3.1 released *** --------------------------------------------- We are announcing the release of the following TYPO3 CMS updates: TYPO3 CMS 6.2.14 LTS TYPO3 CMS 7.3.1 Both versions are maintenance releases and contain bug and security fixes. --------------------------------------------- http://www.typo3.org/news/article/typo3-cms-6214-and-731-released/ *** Apple gets around to fixing those 77 security holes in OS X Yosemite *** --------------------------------------------- Your OS X box can still be owned by, well, just about everything Apple has released a series of security updates to address 77 CVE-listed security vulnerabilities in OS X Yosemite. --------------------------------------------- http://www.theregister.co.uk/2015/06/30/apple_finally_gets_around_to_fixing… *** A third of iThings open to VPN-hijacking, app-wrecking attacks *** --------------------------------------------- Masques off: Researchers detail five ways to wreck Apple stuff A trio of FireEye researchers have reported twin app-demolishing iOS vulnerabilities Apple has partially fixed in its latest update that could wreck core apps such as the App Store and Settings. --------------------------------------------- http://www.theregister.co.uk/2015/07/01/masque_attack_ios_fireeye/ *** June 2015 Android malware review from Doctor Web *** --------------------------------------------- PRINCIPAL TRENDS IN JUNE - Activity of banking Trojans - Emergence of new downloader - Trojans Emergence of new Android ransomware - Growing number of SMS Trojans --------------------------------------------- http://news.drweb.com/show/?i=9511&lng=en&c=9 *** Cisco Vulnerability Alerts *** --------------------------------------------- Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=39569 --------------------------------------------- Cisco Nexus Devices Python Subsystem Local Privilege Escalation Vulnerabilities http://tools.cisco.com/security/center/viewAlert.x?alertId=39571 --------------------------------------------- Cisco Unified MeetingPlace SQL Injection Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=39570 --------------------------------------------- Cisco Nexus 7000 Devices Virtual Device Context Privilege Escalation Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=39568 --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- IBM Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus (CVE-2015-4000) http://www.ibm.com/support/docview.wss?uid=swg21961048 --------------------------------------------- IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects PowerKVM (CVE-2015-4000) http://www.ibm.com/support/docview.wss?uid=isg3T1022395 --------------------------------------------- IBM Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus Registry Edition (CVE-2015-4000) http://www.ibm.com/support/docview.wss?uid=swg21961049 --------------------------------------------- IBM Security Bulletin: CICS Transaction Gateway for Multiplatforms http://www.ibm.com/support/docview.wss?uid=swg21903636 --------------------------------------------- IBM Security Bulletin: A security vulnerability in IBM WebSphere Application Server affects IBM Security Access Manager for Web version 7.0 software installations and IBM Tivoli Access Manager for e-business (CVE-2015-1920) http://www.ibm.com/support/docview.wss?uid=swg21960450 --------------------------------------------- IBM Security Bulletin: Multiple vulnerabilities in the FreeType library affect IBM Security Access Manager for Web http://www.ibm.com/support/docview.wss?uid=swg21960562 --------------------------------------------- IBM Security Bulletin: Multiple vulnerabilities in FreeType library affect IBM Security Access Manager for Mobile. http://www.ibm.com/support/docview.wss?uid=swg21958900 --------------------------------------------- IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web http://www.ibm.com/support/docview.wss?uid=swg21960668 --------------------------------------------- IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Access Manager for Mobile. http://www.ibm.com/support/docview.wss?uid=swg21958903 --------------------------------------------- IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Web (CVE-2013-7423) http://www.ibm.com/support/docview.wss?uid=swg21960456 --------------------------------------------- Vulnerabilities in NTPv4 affect AIX http://www.ibm.com/support/ --------------------------------------------- IBM Security Bulletin: Multiple cross-site scripting (XSS) vulnerabilities in IBM Dojo Toolkit affects IBM Case Manager (CVE-2014-8917) http://www.ibm.com/support/docview.wss?uid=swg21883851 --------------------------------------------- IBM Security Bulletin: PowerKVM is affected by a kexec-tools vulnerability (CVE-2015-0267) http://www.ibm.com/support/docview.wss?uid=isg3T1022407 --------------------------------------------- IBM Security Bulletin: Dual_EC_DRBG vulnerability and RC4 stream cipher vulnerability affect WebSphere Transformation Extender Secure Adapter Collection (CVE-2007-6755, CVE-2015-2808) http://www.ibm.com/support/docview.wss?uid=swg21959577 --------------------------------------------- IBM Security Bulletin: XSS vulnerability in Error dialog which can execute scripts injected into addressability and comments features that affects IBM Case Manager (CVE-2015-1979) http://www.ibm.com/support/docview.wss?uid=swg21959695 --------------------------------------------- IBM Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Sterling Connect:Express for UNIX (CVE-2015-4000, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792) http://www.ibm.com/support/docview.wss?uid=swg21959308 --------------------------------------------- IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Cognos Command Center (CVE-2015-4000) http://www.ibm.com/support/docview.wss?uid=swg21960508 --------------------------------------------- IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects the Enterprise Common Collector component of the IBM Tivoli zEnterprise Monitoring Agent (CVE-2015-4000) http://www.ibm.com/support/docview.wss?uid=swg21960019 --------------------------------------------- IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM InfoSphere Optim Performance Manager (CVE-2015-4000) http://www.ibm.com/support/docview.wss?uid=swg21959591 --------------------------------------------- IBM Security Bulletin: JavaScript evaluation vulnerability in IBM Business Process Manager (CVE-2015-1961) http://www.ibm.com/support/docview.wss?uid=swg21959052 --------------------------------------------- IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance affected by Java vulnerabilities (CVE-2015-0138 CVE-2015-0204 CVE-2015-1914 CVE-2015-2808 ) http://www.ibm.com/support/docview.wss?uid=swg21960515 --------------------------------------------- IBM Security Bulletin: Potential denial of service may affect IBM WebSphere Application Server shipped with IBM Tivoli Network Performance Manager (CVE-2015-1829) http://www.ibm.com/support/docview.wss?uid=swg21960364 --------------------------------------------- IBM Security Bulletin: PowerKVM is affected by a bind vulnerability (CVE-2015-1349) http://www.ibm.com/support/docview.wss?uid=isg3T1022295 --------------------------------------------- IBM Security Bulletin: PowerKVM is affected by a qemu vulnerability (CVE-2014-9718) http://www.ibm.com/support/docview.wss?uid=isg3T1022294 --------------------------------------------- IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Access Manager for Mobile (CVE-2015-0488, CVE-2015-0478, CVE-2015-1916) http://www.ibm.com/support/docview.wss?uid=swg21959597 --------------------------------------------- IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Mobile (CVE-2013-7423) http://www.ibm.com/support/docview.wss?uid=swg21959604 --------------------------------------------- IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Glance v2 API unrestricted path traversal (CVE-2014-9493, CVE-2015-1195) http://www.ibm.com/support/docview.wss?uid=nas8N1020785 --------------------------------------------- IBM Security Bulletin: IBM PowerVC is impacted by Apache Qpid security vulnerabilities (CVE-2015-0203, CVE-2015-0223, CVE-2015-0224) http://www.ibm.com/support/docview.wss?uid=nas8N1020787 --------------------------------------------- IBM Security Bulletin: A cross-site scripting vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-1966) http://www.ibm.com/support/docview.wss?uid=swg21959068 --------------------------------------------- IBM Security Bulletin: A cross-site scripting vulnerability affects IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway (CVE-2015-1966) http://www.ibm.com/support/docview.wss?uid=swg21959071 --------------------------------------------- IBM Security Bulletin: XSS Vulnerability in IBM Jazz Foundation affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-0130) http://www.ibm.com/support/docview.wss?uid=swg21960407 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 30-06-2015
by Daily end-of-shift report 30 Jun '15

30 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-06-2015 18:00 − Dienstag 30-06-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** Windows kerberos ticket theft and exploitation on other platforms *** --------------------------------------------- I decided to take a look at how the kerberos tickets can be dumped from a Windows target and re-used on Linux. It was surprisingly easy to accomplish. --------------------------------------------- https://mikkolehtisalo.wordpress.com/2015/06/29/copying-windows-kerberos-ti… *** Why vulnerability disclosure shouldn't be a marketing tool *** --------------------------------------------- So now we have three approaches to vulnerability disclosure: full disclosure, responsible disclosure, and marketing disclosure. My concern with the latter is that by its very nature it will get more coverage in both the IT industry and mainstream media. ... In the cases where the vulnerability does affect the organization, the security team is called into action to remediate it, but this remediation may be based more on the impact the vulnerability has had on the news headlines rather than on the impact it actually may have on the environment, This results in already overstretched security teams being distracted from other core tasks. --------------------------------------------- http://www.net-security.org/article.php?id=2318 *** DSA-3297 unattended-upgrades - security update *** --------------------------------------------- It was discovered that unattended-upgrades, a script for automaticinstallation of security upgrades, did not properly authenticatedownloaded packages when the force-confold or force-confnew dpkg optionswere enabled via the DPkg::Options::* apt configuration. --------------------------------------------- https://www.debian.org/security/2015/dsa-3297 *** How Malware Campaigns Employ Google Redirects and Analytics, (Tue, Jun 30th) *** --------------------------------------------- The email message sent to the bank employee claimed that the sender received a wire transfer from the recipients organization and that the sender wanted to confirm that the payment went through without issues. The victim was encouraged to click a link that many people would considersafe, in part because it began with https://www.google.com/. How would you examine the nature of this email? Examining MSG and EML Files on Linux One way to analyze the suspicious message saved as an Outlook .msg file --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19843&rss *** Tearing Apart a Datto *** --------------------------------------------- Datto devices are becoming a popular backup solution for small to medium sized businesses. They are easy to use and well equipped out of the box. We recently found ourselves in an engagement where one of these devices was accessible via the LAN. Gaining access to backups is a bit of a goldmine during an assessment; unrestricted access to file shares, configuration information, extracting hashes from the NTDS.dit file, and a multitude of other things. --------------------------------------------- http://silentbreaksecurity.com/tearing-apart-a-datto/ *** Vulnerability in Citrix NetScaler Application Deliver Controller and NetScaler Gateway Management Interface Could Result in Arbitrary Command Injection *** --------------------------------------------- A vulnerability has been identified in Citrix NetScaler Application Delivery Controller (ADC) and Citrix NetScaler Gateway Management Interface that could allow an authenticated malicious user to execute shell commands on the appliance. CVE: CVE-2015-5080 --------------------------------------------- http://support.citrix.com/article/CTX201149 *** Viele Android-Geräte über Debugger angreifbar *** --------------------------------------------- Über eine Schwachstelle im Debugger können Angreifer den Inhalt des Hauptspeichers von über 90 Prozent aller Android-Geräte auslesen und so weitere Attacken fahren. --------------------------------------------- http://www.heise.de/newsticker/meldung/Viele-Android-Geraete-ueber-Debugger… *** Analyzing a Facebook Clickbait Worm *** --------------------------------------------- Here at Sucuri we suspect everything, especially when your friends start to share content written in another language with clickbait headlines. If you are not familiar with the term, clickbait is when web content is created in a way that psychologically exploits the reader's curiosity using compelling headlines. When someone clicks on the article to read it, the service promoting the article generates online advertisement revenue. --------------------------------------------- https://blog.sucuri.net/2015/06/analyzing-a-facebook-clickbait-worm.html *** Vulnerabilities in Cisco products*** --------------------------------------------- Cisco Unified IP Phones 9900 Series Denial of Service Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=39554 --------------------------------------------- Cisco Unified Communications Domain Manager Information Disclosure Vulnerability http://tools.cisco.com/security/center/viewAlert.x?alertId=39557 --------------------------------------------- *** Vulnerabilities in IBM products*** --------------------------------------------- Security Bulletin: Vulnerabilities in libxml2 affect System Networking Products (CVE-2014-0191, CVE-2013-2877, CVE-2014-3660) http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098306 --------------------------------------------- Security Bulletin: Vulnerabilities in OpenSSL affect Flex System FC3171 8Gb SAN Switch and Flex System FC3171 8Gb SAN Pass-thru (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568) http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098265 --------------------------------------------- Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Flex System Manager (FSM) SMIA Configuration Tool (CVE-2015-4000) http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403 --------------------------------------------- Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware. (CVE-2015-2808) http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098314 --------------------------------------------- Security Bulletin: Vulnerability in RC4 stream cipher affects IBM System Networking RackSwitch (CVE-2015-2808) http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098302 ---------------------------------------------Security Bulletin: Vulnerability in RC4 stream cipher affects IBM BladeCenter Switches (CVE-2015-2808) http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098303 --------------------------------------------- Security Bulletin: Multiple vulnerabilities in xorg-x11-server affect IBM Flex System Manger (FSM) http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098372 --------------------------------------------- Security Bulletin: GNU C library (glibc) vulnerability affects IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware (CVE-2015-0235) http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098317 --------------------------------------------- Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206) http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098358 --------------------------------------------- Security Bulletin: Vulnerabilities in OpenSSL affect IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275) http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098339 --------------------------------------------- IBM Security Bulletin: IBM SmartCloud Analytics - Log Analysis is affected by Open Source Python Vulnerability (CVE-2014-9365) http://www.ibm.com/support/docview.wss?uid=swg21958936 --------------------------------------------- IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Endpoint Manager for Remote Control http://www.ibm.com/support/docview.wss?uid=swg21903374 --------------------------------------------- IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime, affect Tivoli Endpoint Manager for Remote Control. http://www.ibm.com/support/docview.wss?uid=swg21903373 --------------------------------------------- IBM Security Bulletin: A vulnerability in cURL libcURL affects IBM Tivoli Composite Application Manager for Transactions (CVE-2014-8150) http://www.ibm.com/support/docview.wss?uid=swg21697198 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 29-06-2015
by Daily end-of-shift report 29 Jun '15

29 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 26-06-2015 18:00 − Montag 29-06-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** In eigener Sache: CERT.at sucht Verstärkung *** --------------------------------------------- Wir suchen aktuell eine/n ProgrammiererIn - vorerst als Karenzvertretung bis Jahresende. Details siehe https://cert.at/about/jobs/jobs.html --------------------------------------------- http://www.cert.at/services/blog/20150629141329-1553.html *** IETF Officially Deprecates SSLv3 *** --------------------------------------------- The IETF, in RFC7568, declared SSLv3 "not sufficiently secure" and prohibited its use. SSLv3 fallbacks were to blame for the POODLE and BEAST attacks. --------------------------------------------- http://threatpost.com/ietf-officially-deprecates-sslv3/113503 *** NIST Updates Random Number Generation Guidelines *** --------------------------------------------- An anonymous reader writes: Encryption weighs heavily on the public consciousness these days, as weve learned that government agencies are keeping an eye on us and a lot of our security tools arent as foolproof as weve thought. In response to this, the National Institute of Standards and Technology has issued a formal update to its document on how to properly generate a random number - crucial in many types of encryption. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/JJ7XjyjPA9c/nist-updates-ra… *** Lücke im Flash Player: Exploit Kit erhöht Angriffs-Risiko *** --------------------------------------------- Bisher haben Angreifer die in der letzten Woche bekanntgewordene Schwachstelle in Adobes Flash Player nur vereinzelt und gezielt attackiert. Aktuell nutzt jedoch auch das Magnitude Exploit Kit die Lücke aus und vergrößert den Angriffsradius. --------------------------------------------- http://heise.de/-2730795 *** The State of the ESILE/Lotus Blossom Campaign *** --------------------------------------------- As is generally the case with backdoors, ESILE contacts a command-and-control server in order to receive commands from its attacker. How it does this is also a fingerprint of the campaign as well. It uses a URL based on the MAC address of the infected machine's network interface, as well as the current time. ... This distinctive pattern can be used to help spot and block ESILE-related endpoints on an organization's network. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/the-state-of-the… *** Migrating from SHA-1 to SHA-2 *** --------------------------------------------- Heres a comprehensive document on migrating from SHA-1 to SHA-2 in Active Directory certificates.... --------------------------------------------- https://www.schneier.com/blog/archives/2015/06/migrating_from_.html *** Cyber Security Challenge: Bundesheer sucht Nachwuchs-Hacker *** --------------------------------------------- Qualifikation läuft bis August, Veranstaltung von Cyber Security Austria und Abwehramt organisiert --------------------------------------------- http://derstandard.at/2000018220253 *** Bugtraq: ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities *** --------------------------------------------- Summary: ESRS VE version 3.06 contains security fixes for multiple vulnerabilities that could potentially be exploited by malicious uses to compromise the affected system Insufficient Certificate Validation CVE-2015-0543: CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) Cookie Generated with Insufficient Randomness CVE-2015-0544: CVSSv2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) --------------------------------------------- http://www.securityfocus.com/archive/1/535851 *** The Powershell Diaries 2 - Software Inventory, (Mon, Jun 29th) *** --------------------------------------------- After last weeks story, hopefully youve got your problem users accounts identified. With that worked out, lets see about finding problem applications. We all need a handle on what applications are installed on workstations for a number of reasons to make sure that when upgrade time comes, that nobody gets left behind that older apps that have security vulnerabilities or have limited function get taken care of... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19851&rss *** Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) *** --------------------------------------------- Business recommendation: By combining all vulnerabilities documented in this advisory an unprivileged authenticated remote attacker can gain full system access (root) on the RPRM appliance. This has an impact on all conferences taking place via this RP Resource Manager. Attackers can steal all conference passcodes and join or record any conference. SEC Consult recommends not to use this system until a thorough security review has been performed by security professionals and all identified issues have been resolved. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2015… *** TYPO3-EXT-SA-2015-015: Cross-Site Scripting in extension "404 Page not found handling" (pagenotfoundhandling) *** --------------------------------------------- It has been discovered that the extension "404 Page not found handling" (pagenotfoundhandling) is susceptible to Cross-Site Scripting Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:O/RC:C Affected Versions: version 2.1.0 and below --------------------------------------------- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… *** Hacker-Angriff vermutet: Apache Build-Server offline *** --------------------------------------------- Bis jetzt wurde ein Angriff nicht offiziell bestätigt. Auch ist nicht bekannt, ob ein Eingriff in auf den Servern gebaute Software-Pakete stattgefunden hat. Die Build-Systeme der ASF werden unter anderem von OpenOffice, dem Tomcat-Projekt und dem Web-Framework Apache Wicket verwendet. Neben den Build-Servern und der Continuous-Integration-Webseite ist auch das CMS der Apache-Seiten betroffen. --------------------------------------------- http://heise.de/-2731265 *** Cisco Application Policy Infrastructure Controller Unauthorized Access Vulnerability *** --------------------------------------------- CVE: CVE-2015-4225, CVSS2 Base Score: 5.5 A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (Cisco APIC) could allow an authenticated, remote attacker to have read access to certain information stored in the affected system. The vulnerability is due to improper handling of RBAC for health scoring. An attacker could exploit this vulnerability to gain access to information on the affected system. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39529

1 0

Tageszusammenfassung - Freitag 26-06-2015
by Daily end-of-shift report 26 Jun '15

26 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 25-06-2015 18:00 − Freitag 26-06-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Magento Platform Targeted By Credit Card Scrapers *** --------------------------------------------- We've been writing a lot about E-Commerce hacks and PCI Compliance recently. The more people buy things online, the more of an issue this will be come and the more important it will .. --------------------------------------------- https://blog.sucuri.net/2015/06/magento-platform-targeted-by-credit-card-sc… *** MMD-0034-2015 - New ELF Linux/DES.Downloader on Elasticsearch CVE-2015-1427 exploit *** --------------------------------------------- This is a tough writing, and will be many addition will be added after the initial release. We are pushed to release this as alert of an on going attack, it is a real malware incident .. --------------------------------------------- http://blog.malwaremustdie.org/2015/06/mmd-0034-2015-new-elf.html *** That shot you heard? SSLv3 is now DEAD *** --------------------------------------------- Its joined the choir invisible We really, really, really mean it this time: take SSL3 and bury .. --------------------------------------------- http://www.theregister.co.uk/2015/06/26/that_shot_you_heard_sslv3_is_now_de… *** EU-Ermittler zerschlagen Ring von Online-Banking-Betrügern *** --------------------------------------------- Verschiedenen Behörden aus Europa haben eine erfolgreiche Operation gegen Cyber-Kriminelle durchgeführt, die im großen Stil über alle Kontinente verteilt Banking-Trojaner eingesetzt haben. --------------------------------------------- http://heise.de/-2729777 *** Windows Server 2003 noch auf Drittel aller Server: Support-Ende im Juli *** --------------------------------------------- Am 14. Juli endet der Support von Windows Server 2003, Server 2003 R2 und Small Business Server 2003. Ab dann wird es für das zwölf Jahre alte System keine neuen Updates, Hotfixes oder Sicherheits-Aktualisierung mehr geben. --------------------------------------------- http://derstandard.at/2000018075592 *** Polycom RealPresence Resource Manager critical vulnerabilities allow surveillance on conferences *** --------------------------------------------- Multiple remote vulnerabilities (arbitrary file disclosure, path traversal, arbitrary file upload, privilege escalation in the web application) combined with local vulnerabilities (sudo misconfiguration, weak filesystem permissions) allow an .. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2015… *** Siemens Climatix BACnet/IP Communication Module Cross-site Scripting Vulnerability *** --------------------------------------------- This advisory provides mitigation details for an identified cross-site scripting vulnerability in the Siemens Climatix BACnet/IP communication module. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-176-01 *** PACTware Exceptional Conditions Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a handling of exceptional conditions vulnerability in the PACTware Consortium PACTware application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-176-02 *** Latest spam filter test sees significant drop in catch rates *** --------------------------------------------- Despite a drop in catch rates, 15 products earn a VBSpam award, with four earning a VBSpam+ award.Spam is notoriously volatile and thus, while we like to make the news headlines with our tests as much as anyone, we would warn against .. --------------------------------------------- http://www.virusbtn.com/blog/2015/06_26.xml *** ZDI-15-262: HP System Management Homepage Single Sign On Stack Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard System Management Homepage. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-262/

1 0

Tageszusammenfassung - Donnerstag 25-06-2015
by Daily end-of-shift report 25 Jun '15

25 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 24-06-2015 18:00 − Donnerstag 25-06-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** Paper: Using .NET GUIDs to help hunt for malware *** --------------------------------------------- Tool to extract identifiers incorporated into VirusTotal. The large number of new malware samples found each day hasnt made malware analysis an easier task, and researchers could use anything that helps them automate this task. Today, we publish a paper by Cylance researcher Brian Wallace, who looks at two globally unique identifiers (GUIDs) found in malware created using .NET, which can help link multiple files to the same Visual Studio project. --------------------------------------------- http://www.virusbtn.com/blog/2015/06_24a.xml?rss *** The Powershell Diaries - Finding Problem User Accounts in AD, (Wed, Jun 24th) *** --------------------------------------------- Powershell has gotten a lot of attention lately as a pentesters tool of choice, since it has access to pretty much every low-level system function in the Microsoft ecosystem, and the AV industry isnt dealing well with that yet (aside from ignoring powershell completely that is). But what about day-to-day system administration? Really, the possibilities for admins are just as limitless as for pentesters - thats what Powershell was invented for after all ! --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19833&rss *** Shibboleth authentication - Moderately critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-129 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2015-129 Project: Shibboleth authentication (third-party module) Version: 6.x, 7.x Date: 2015-June-24 Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All Vulnerability: Cross Site Scripting Description Shibboleth authentication module allows users to log in and get permissions based on federated (SAML2) authentication.The module didnt filter the text that is displayed as a login link. --------------------------------------------- https://www.drupal.org/node/2511518 *** HybridAuth Social Login - Less Critical - Access bypass - SA-CONTRIB-2015-127 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2015-127 Project: HybridAuth Social Login (third-party module) Version: 7.x Date: 2015-June-24 Security risk: 8/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:UncommonVulnerability: Access bypass Description The HybridAuth Social Login module enables you to allow visitors to authenticate or login to a Drupal site using their identities from social networks like Facebook or Twitter. --------------------------------------------- https://www.drupal.org/node/2511410 *** Web security subtleties and exploitation of combined vulnerabilities, (Thu, Jun 25th) *** --------------------------------------------- The goal of a penetration test is to report all identified vulnerabilities to the customer. Of course, every penetration tester puts most of his effort into finding critical security vulnerabilities: SQL injection, XSS and similar, which have the most impact for the tested web application (and, indeed, it does not hurt a penetration testers ego when such a vulnerability is identified :) However, I strongly push towards reporting of every single vulnerability, no matter how harmless it might appear ... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19837&rss *** Samsung deaktiviert keine Sicherheitsupdates von Windows *** --------------------------------------------- PR-Desaster im Eigenbau: Samsung veröffentlicht ein Tool namens "disable_Windowsupdate.exe". Doch das macht gar nicht das, was der Name vermuten lässt. --------------------------------------------- http://www.heise.de/newsticker/meldung/Samsung-deaktiviert-keine-Sicherheit… *** Von wegen Schutz: NOD32 erlaubt das Kapern von Rechnern *** --------------------------------------------- Statt die Nutzer zu schützen erlaubte NOD32 von Eset es Angreifern, die Rechner der Opfer komplett zu übernehmen. Das Update, welches die Lücke schließt, sollte schleunigst eingespielt werden. --------------------------------------------- http://heise.de/-2728967 *** SSA-142512 (Last Update 2015-06-25): Cross-Site Scripting Vulnerability in Climatix BACnet/IP Communication Module *** --------------------------------------------- SSA-142512 (Last Update 2015-06-25): Cross-Site Scripting Vulnerability in Climatix BACnet/IP Communication Module --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** Multiple vulnerabilities in Cisco products *** *** Cisco Wireless LAN Controller Command Injection Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39517 *** Cisco IOS XR MPLS LDP Packet Processing Denial of Service Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39509 *** Cisco Unified Presence Server Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39504 *** Cisco IM and Presence Service Leaked Encrypted Passwords Privilege Escalation Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39505 *** Cisco IM and Presence Service SQL Injection Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=39506

1 0

Tageszusammenfassung - Mittwoch 24-06-2015
by Daily end-of-shift report 24 Jun '15

24 Jun '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-06-2015 18:00 − Mittwoch 24-06-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Operation Clandestine Wolf � Adobe Flash Zero-Day in APT3 PhishingCampaign *** --------------------------------------------- In June, FireEye�s FireEye as a Service team in Singapore uncovered a phishing campaign exploiting an Adobe Flash Player zero-day vulnerability (CVE-2015-3113). The attackers� emails included links to compromised web servers that served either benign content or a malicious Adobe Flash Player file that exploits CVE-2015-3113. --------------------------------------------- https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-… *** Digital Snake Oil *** --------------------------------------------- One of the most common complaints we see on our forums, and from our users, concerns a particular category of program called �Registry Optimizers� or �Registry Cleaners� or �Registry Defragmenters�. For this post, we will just refer to them as .. --------------------------------------------- https://blog.malwarebytes.org/social-engineering/2015/06/digital-snake-oil/ *** Websites Hacked Via Website Backups *** --------------------------------------------- The past few months we�ve been spending a good deal of time talking about backups. This is for good reason, they are often your safety net when things go wrong; interestingly enough though, they are often the forgotten pillar of security. It�s why we .. --------------------------------------------- https://blog.sucuri.net/2015/06/websites-hacked-via-website-backups.html *** Cisco AnyConnect Client for Windows Privilege Escalation Vulnerability *** --------------------------------------------- A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39466 *** MMD-0033-2015 - Linux/XorDDoS infection incident report (CNC: HOSTASA.ORG) *** --------------------------------------------- This post is an actual malware infection incident of the"Linux/XOR.DDoS" malware, see this previous post as reference, malware was in attempt to infect a real service. Incident details: Source of attack: An attack .. --------------------------------------------- http://blog.malwaremustdie.org/2015/06/mmd-0033-2015-linuxxorddos-infection… *** Analysis and Exploitation of an ESET Vulnerability *** --------------------------------------------- Many antivirus products include emulation capabilities that are intended to allow unpackers to run for a few cycles before signatures are applied. ESET NOD32 uses a minifilter or kext to intercept all disk I/O, which is analyzed and then emulated if .. --------------------------------------------- http://googleprojectzero.blogspot.com/2015/06/analysis-and-exploitation-of-… *** Of Privacy, Security, and the Art of Scanning *** --------------------------------------------- With all the recent news and attention on world events the concept and concern around privacy has increased over the last several years. This is an excellent progression of personal protection and should be pursued .. --------------------------------------------- http://blog.shadowserver.org/2015/06/23/of-privacy-security-and-the-art-of-… *** Attacking Ruby Gem Security with CVE-2015-3900 *** --------------------------------------------- A Ruby gem is a standard packaging format used for Ruby libraries and applications. This packaging format allows Ruby software developers a clearly defined format in which they can .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Secu… *** Samsung deliberately disabling Windows Update *** --------------------------------------------- On my home forum Sysnative, a user (wavly) was being assisted with a WU issue, which was going well, aside from the fact that wavlys WU kept getting disabled randomly. It was figured out eventually after using auditpol.exe and registry security .. --------------------------------------------- http://bsodanalysis.blogspot.de/2015/06/samsung-deliberately-disabling-wind… *** Kaspersky hilft Facebook User-PCs nach Viren zu scannen *** --------------------------------------------- Facebook will die Verbreitung von Malware über das soziale Netzwerk eindämmen. Dafür werden nicht nur Profile nach verdächtigen Aktivitäten gescannt. Das Unternehmen bietet Nutzern auch die Möglichkeit an, einen kostenlosen Scan ihres Computers durchzuführen. Seit einiger Zeit .. --------------------------------------------- http://derstandard.at/2000017946165 *** Identifying vulnerable code *** --------------------------------------------- No matter how much care you take during development of any software, security issues creep in. Hence, it is important to get the code reviewed for security loopholes. Code is the only advantage for organizations over the hackers and they need .. --------------------------------------------- http://resources.infosecinstitute.com/identifying-vulnerable-code/ *** Am 30. Juni ist DNSSEC-Day *** --------------------------------------------- Am 30. Juni 2015 veranstalten das BSI, der DENIC und heise online den DNSSEC-Day. Kern der Veranstaltung ist ein Livestreaming, bei dem Fachleute Nutzen und .. --------------------------------------------- http://heise.de/-2723932 *** Results of my recent PostScript Charstring security research unveiled *** --------------------------------------------- Some months ago, I started reverse engineering and investigating the security posture of the Adobe Type Manager Font Driver (ATMFD.DLL) module, which provides support for Type 1 and OpenType fonts in the Windows kernel since Windows NT 4.0, .. --------------------------------------------- http://j00ru.vexillium.org/?p=2520

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily