Daily

daily@lists.cert.at

1 participants
3190 discussions

Tageszusammenfassung - Mittwoch 2-12-2015
by Daily end-of-shift report 02 Dec '15

02 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 01-12-2015 18:00 − Mittwoch 02-12-2015 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Cisco Unified Computing System Central Software Cross-Site Scripting Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** DSA-3408 gnutls26 - security update *** --------------------------------------------- It was discovered that GnuTLS, a library implementing the TLS and SSLprotocols, incorrectly validates the first byte of padding in CBC modes.A remote attacker can possibly take advantage of this flaw to perform apadding oracle attack. --------------------------------------------- https://www.debian.org/security/2015/dsa-3408 *** VU#630239: Epiphany Cardio Server version 3.3 is vulnerable to SQL and LDAP injection *** --------------------------------------------- The Epiphany Cardio Server prior to version 4.0 is vulnerable to SQL injection and LDAP injection, allowing an unauthenticated attacker to gain administrator rights. --------------------------------------------- http://www.kb.cert.org/vuls/id/630239 *** Cisco UCS Central Software Server-Side Request Forgery Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Saia Burgess Controls PCD Controller Hard-coded Password Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a hard-coded password vulnerability in Saia Burgess Controls's family of PCD controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-335-01 *** Schneider Electric ProClima ActiveX Control Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for remote code execution vulnerabilities in the Schneider Electric ProClima F1 Bookview ActiveX control application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-335-02 *** Siemens SIMATIC Communication Processor Vulnerability *** --------------------------------------------- This advisory provides mitigation details for an authentication bypass vulnerability in the Siemens SIMATIC Communication Processor devices. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-335-03 *** DSA-3409 putty - security update *** --------------------------------------------- A memory-corrupting integer overflow in the handling of the ECH (erasecharacters) control sequence was discovered in PuTTYs terminalemulator. A remote attacker can take advantage of this flaw to mount adenial of service or potentially to execute arbitrary code. --------------------------------------------- https://www.debian.org/security/2015/dsa-3409 *** Security Advisory - Privilege Escalation Vulnerability in Huawei LogCenter *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Security Advisory - DoS Vulnerability in Huawei LogCenter *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Entropy drought hits Raspberry Pi harvests, weakens SSH security *** --------------------------------------------- Hotfix posted online to shore up Raspbian key generation Raspberry Pis running Raspbian - a flavor of Debian GNU/Linux tuned for the credit-card-sized computers - apparently generate weak SSH host keys. --------------------------------------------- www.theregister.co.uk/2015/12/02/raspberry_pi_weak_ssh_keys/ *** DSA-3410 icedove - security update *** --------------------------------------------- Multiple security issues have been found in Icedove, Debians version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors,integer overflows, buffer overflows and other implementation errors maylead to the execution of arbitrary code or denial of service. --------------------------------------------- https://www.debian.org/security/2015/dsa-3410 *** Chrome für Linux: Google streicht 32-Bit-Version *** --------------------------------------------- Support endet März 2016 – Community kann weiterhin eigene Builds bauen --------------------------------------------- http://derstandard.at/2000026808558 *** BSides Vienna 2015 Slides *** --------------------------------------------- The slides of the BSides Vienna are available online and linked directly at the schedule page: https://bsidesvienna.at/talks/ You can also wget them: wget http://bsidesvienna.at/slides/2015/a_case_study_on_the_security_of_applicat… wget http://bsidesvienna.at/slides/2015/closing_slides.pdf wget http://bsidesvienna.at/slides/2015/crypto_wars_2.0.pdf wget http://bsidesvienna.at/slides/2015/digital_supply_chain_security.pdf wget --------------------------------------------- http://www.reddit.com/r/netsec/comments/3v50y7/bsides_vienna_2015_slides/ *** Security: Bug Bounty für Barbie-Puppen *** --------------------------------------------- Nicht nur Vtech-Spielzeug ist unsicher: Die umstrittene WLAN-Barbie von Mattel hält es mit der Sicherheit ebenfalls nicht so genau. Ein Hacker konnte aus der Puppe zahlreiche Informationen auslesen - und glaubt, auch die Serveranbindung manipulieren zu können. --------------------------------------------- http://www.golem.de/news/security-bug-bounty-fuer-barbie-puppen-1512-117769… *** Nessus and Powershell is like Chocolate and Peanut Butter!, (Wed, Dec 2nd) *** --------------------------------------------- In a typical security assessment, youll do authenticated scans of internal hosts, looking for vulnerabilities due to missed patches or configuration issues. I often use Nessus for this, but find that for a typical IT manager, the Nessus .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20431 *** Ponmocup *** --------------------------------------------- Ponmocup2. Dezember 2015Aktuell ist das Botnet, zu dem wir die meisten Infektionen gemeldet bekommen, immer noch Conficker. Weit abgeschlagen dahinter finden sich "gozi", "nymaim", "ZeuS" (incl. Varianten), "tinba" und "dyre". Die genauen Zahlen variieren stark, da ist die Konsistenz der Messungen nicht die beste.Jetzt haben wir einen neuen Namen hoch oben in der Liste: "Ponmocup". Die Malware selber ist nicht neu, manche setzten die --------------------------------------------- http://www.cert.at/services/blog/20151202163506-1641.html *** The Perils of Vendor Bloatware *** --------------------------------------------- In todays Stormcast, Johannes summarizes the current issue with some of the software that comes pre-installed on Dell Laptops. In short, Dell Foundation Services, which is used for remote management, allows unauthenticated WMI queries to be processed, .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20433 *** IBM Security Bulletin: A potential security vulnerability in WebSphere Liberty Profile affects InfoSphere Streams (CVE-2015-1927) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21967767 *** IBM Security Bulletin: IBM Cognos Business Intelligence Server 2015Q4 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21959874 *** IBM Security Bulletin: Multiple vulnerabilities in Apache HttpComponents affect IBM Cognos Metrics Manager (CVE-2012-6153, CVE-2014-3577) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970193 *** Dell verschlimmbessert die Foundation-Services-Lücke *** --------------------------------------------- Angreifer aus dem Web können bei bestimmten Dell-Rechnern den Service-Tag auslesen und die Nutzer so tracken. Dell hat diese Lücke nun geschlossen. Seit dem Update kann man allerdings unter anderem die gesamte Hardware-Konfiguration auslesen. --------------------------------------------- http://www.heise.de/security/meldung/Dell-verschlimmbessert-die-Foundation-…

1 0

Tageszusammenfassung - Dienstag 1-12-2015
by Daily end-of-shift report 01 Dec '15

01 Dec '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 30-11-2015 18:00 − Dienstag 01-12-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0 *** --------------------------------------------- Microsoft is aware of unconstrained digital certificates from Dell Inc. for which the private keys were inadvertently disclosed. [...] To help protect customers from potentially fraudulent use of these unconstrained digital certificates, the certificates have been deemed no longer valid by Dell Inc. and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of these certificates. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/3119884 *** SHA1 Phase Out Overview, (Mon, Nov 30th) *** --------------------------------------------- SHA1 (Secure Hashing Algorithm 1) has been in use for about 20 years. More recently, some weaknesses have been identified in SHA1, and in general, faster computing hardware makes it more and more likely that collisions willbe found. As a result, SHA2 starts to replace SHA1and you should see this impacting your users next year. Various software will stop trusting SHA1 signatures, and users may receive warnings about invalid signatures or certificates as a result. First a very quick primer on... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20423&rss *** Belkins N150 router is perfect for learning hacking skills - wait, what, its in production? *** --------------------------------------------- Practice your CSRF and DNS meddling exploits here Belkins home routers can be commandeered by hackers, thanks to a Telnet backdoor, a cross-site request forgery (CSRF) vulnerability and other bugs, were told. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/12/01/hole_in_bel… *** DDoS-Attacken gegen griechische Banken *** --------------------------------------------- Armada Collective weitet DDoS-Angriffe in Europa aus und erpresst nun Kreditinstitute in Griechenland. --------------------------------------------- http://www.heise.de/newsticker/meldung/DDoS-Attacken-gegen-griechische-Bank… *** Guest Talk: "Alice in the Sky - On Security of Air Traffic Control Communication" *** --------------------------------------------- January 14, 2016 - 2:00 pm - 4:45 pm SBA Research Favoritenstraße 16 1040 Wien --------------------------------------------- https://www.sba-research.org/events/guest-talk-alice-in-the-sky-on-security… *** Conficker, back from the undead, dominates malware threat landscape *** --------------------------------------------- Look out, ransomware is coming up on the rails Conficker was the most common malware used to attack UK and international organisations in October, accounting for 20 per cent of all attacks globally, according to security vendor Check Point. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/12/01/conficker_d… *** Nuclear Pack loads a fileless CVE-2014-4113 Exploit *** --------------------------------------------- http://malware.dontneedcoffee.com/2015/12/nuclear-pack-loading-fileless-cve… *** Reverse Engineering Intel DRAM Addressing and Exploitation *** --------------------------------------------- We demonstrate the power of such attacks by implementing a high speed covert channel that achieves transmission rates of up to 1.5Mb/s, which is three orders of magnitude faster than current covert channels on main memory. Finally, we show how our results can be used to increase the efficiency of the Rowhammer attack significantly by reducing the search space by a factor of up to 16384. --------------------------------------------- http://arxiv.org/abs/1511.08756 *** Dell Foundation Service ermöglicht Tracking von Nutzern *** --------------------------------------------- Im Dell Foundation Service zur Wartung von Computern klafft eine Schwachstelle, über die Angreifer die Service-Tag-Nummer auslesen können. Eine gefixte Version steht zum Download bereit. --------------------------------------------- http://heise.de/-3028416 *** "Crash Course - PCI DSS 3.1 is here. Are you ready?" Part II *** --------------------------------------------- Thanks to all who attended our recent webinar, "Crash Course - PCI DSS 3.1 is here. Are you ready?". During the stream, there were a number of great questions asked by attendees that didn't get answered due to the limited time. This blog post is a means to answer many of those questions. Still have... --------------------------------------------- https://blog.whitehatsec.com/crash-course-pci-dss-3-1-is-here-are-you-ready… *** l+f: Das Telegram-Protokoll macht Stalking einfach *** --------------------------------------------- Hat man die Telefonnummer eines Telegram-Nutzers, kann man relativ einfach dessen Online-Status überwachen. --------------------------------------------- http://heise.de/-3028550 *** Can you trust SSL encryption of your email provider? *** --------------------------------------------- Have you ever though how secure and reliable is your SSL/TLS connection to your email servers? A brief research about encryption implementation of the most popular free email providers. --------------------------------------------- https://www.htbridge.com/blog/can-you-trust-ssl-encryption-of-your-email-pr… *** Xen Heap Overflow in PC-Net II Emulator Lets Local Users on a Guest System Gain Elevated Privileges on the Host System *** --------------------------------------------- http://www.securitytracker.com/id/1034268 *** Security Notice - Statement on Pierre Kim Revealing Security Vulnerabilities in Huawei WiMAX Routers *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** Cisco ASR 1000 Series Root Shell License Bypass Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Cloud Services Router 1000V Command Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Web Security Appliance Native FTP Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security Advisory 2015-03: Vulnerability discovered in OTRS FAQ package *** --------------------------------------------- December 01, 2015 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security(a)otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2016-03-02] uid OTRS Security Team GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22... --------------------------------------------- https://www.otrs.com/security-advisory-2015-03-vulnerability-discovered-in-…

1 0

Tageszusammenfassung - Montag 30-11-2015
by Daily end-of-shift report 30 Nov '15

30 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 27-11-2015 18:00 − Montag 30-11-2015 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl *** IBM Security Bulletin: IBM Maximo Asset Management contains a vulnerability which could allow a user to log in with an expired password (CVE-2015-5017) *** --------------------------------------------- IBM Maximo Asset Management contains a vulnerability which could allow a user to log into the system with an expired password. This vulnerability could allow a local attacker to obtain sensitive information or compromise the integrity of the system. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21969052 *** IBM Security Bulletin: Security Bulletin: Vulnerability in Apache Commons affects IBM Endpoint Manager for Remote Control (CVE-2015-7450) *** --------------------------------------------- Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971490 *** Program:Win32/CompromisedCert.D *** --------------------------------------------- This threat is a Dell root certificate for which the private keys were leaked. This means a hacker can use this certificate to modify your browsing experience and steal sensitive information. --------------------------------------------- https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?na… *** Dell Root-CA-Desaster: Microsoft bringt Updates in Stellung *** --------------------------------------------- Mit einem Update für mehrere seiner Sicherheits-Tools will Microsoft zwei digitale Zertifikate entfernen, die auf Computern des Herstellers Dell zu Sicherheitsrisiken wurden. Erste Schadsoftware, die das Einfallstor nutzt, wurde bereits gefunden. --------------------------------------------- http://heise.de/-3025738 *** Turris Omnia Security Project protects home network users *** --------------------------------------------- The non-profit security research Turris Omnia project originating from the Czech Republic focuses on safety of SoHo users. The non-profit security research project originating from the Czech Republic, which focuses on safety of SoHo .. --------------------------------------------- http://securityaffairs.co/wordpress/42382/hacking/turris-omnia-router-proje… *** International NCSC One Conference 2016 *** --------------------------------------------- We are pleased to announce the fourth edition of our international One Conference 2016 that will take place at the World Forum in The Hague on April 5 and 6, 2016. Again the program will be informative and eye-opening offering something of interest to a wide variety of participants from private sectors, .. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/ncsc-one-conference-2016.ht… *** Lancom fixt Verschlüsselungsproblem in Routern *** --------------------------------------------- In verschiedenen Routern von Lancom klafft eine Schwachstelle, über die Angreifer verschlüsselte Verbindungen aufbrechen können. Workarounds sichern betroffene Geräte ab. --------------------------------------------- http://heise.de/-3026432 *** DFN-CERT-2015-1837: Xen: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1837/ *** Bugtraq: Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation *** --------------------------------------------- http://www.securityfocus.com/archive/1/537001 *** SSA-763427: Vulnerability in Communication Processor (CP) modules SIMATIC CP 343-1, TIM 3V-IE, TIM 4R-IE, and CP 443-1 *** --------------------------------------------- An authentication bypass vulnerability in Communication Processor (CP) module families SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 could allow unauthenticated users to perform administrative operations under certain conditions. --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427… *** Multiple serious vulnerabilities in RSI Videofied's alarm protocol *** --------------------------------------------- RSI Videofied are a French company that produce a series of alarm panels that are fairly unique in the market. They are designed to be battery powered and send videos from the detectors if the alarm is triggered. This is called video .. http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-vi… *** Forthcoming OpenSSL releases *** --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2e, 1.0.1q, 1.0.0t and 0.9.8zh. These releases will be made available on 3rd December between approx. 1pm and 5pm (UTC). They will fix a number of security defects, the highest of which is classified as "moderate" severity. --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2015-November/000045.html

1 0

Tageszusammenfassung - Freitag 27-11-2015
by Daily end-of-shift report 27 Nov '15

27 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 26-11-2015 18:00 − Freitag 27-11-2015 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter, Robert Waldner *** Reader's Digest and other WordPress Sites Compromised, Push Angler EK *** --------------------------------------------- Readers Digest is among the latest compromised sites pushing Angler EK. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/11/readers-digest-and-ot… *** Known 'Good' DNS, An Observation, (Thu, Nov 26th) *** --------------------------------------------- This has come up enough it seems worth noting for this U.S. Thanks Giving Holiday. The concept of public Domain Name Service (DNS) is not new, but worth discussing both the merits and pitfalls. Weve discussed DNS here quite a bit over the years, for a prospectus. There are a few (this is not an endorsement *quickly looks around for legal counsel and dodges them*) good services around that are known. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20419&rss *** DSA-3407 dpkg - security update *** --------------------------------------------- Hanno Boeck discovered a stack-based buffer overflow in the dpkg-debcomponent of dpkg, the Debian package management system. This flaw couldpotentially lead to arbitrary code execution if a user or an automatedsystem were tricked into processing a specially crafted Debian binarypackage (.deb) in the old style Debian binary package format. --------------------------------------------- https://www.debian.org/security/2015/dsa-3407 *** Apache Cordova vulnerable to improper application of whitelist restrictions *** --------------------------------------------- Apache Cordova contains a vulnerability where whitelist restrictions are not properly applied. --------------------------------------------- http://jvn.jp/en/jp/JVN18889193/ *** ManageEngine Firewall Analyzer fails to restrict access permissions *** --------------------------------------------- ManageEngine Firewall Analyzer provided by Zoho Corporation contains a vulerability where access permissions are not restricted. --------------------------------------------- http://jvn.jp/en/jp/JVN12991684/ *** ManageEngine Firewall Analyzer vulnerable to directory traversal *** --------------------------------------------- ManageEngine Firewall Analyzer provided by Zoho Corporation contains a directory traversal vulnerability. --------------------------------------------- http://jvn.jp/en/jp/JVN21968837/ *** Defending against Actual IT Threats *** --------------------------------------------- Roger Grimes has written an interesting paper: "Implementing a Data-Driven Computer Security Defense." His thesis is that most organizations dont match their defenses to the actual risks. His paper explains how it got to be this way, and how to fix it.... --------------------------------------------- https://www.schneier.com/blog/archives/2015/11/defending_again_4.html *** Adobe will Weiterverteilung von Flash Player einschränken *** --------------------------------------------- Ab Januar 2016 können nur noch Business-Anwender mit einer gültigen Lizenz den Flash Player zur Weiterverteilung herunterladen, verkündet Adobe. --------------------------------------------- http://heise.de/-3025473 *** Paper: Optimizing ssDeep for use at scale *** --------------------------------------------- Brian Wallace presents tool to optimize ssDeep comparisons.Malware rarely comes as a single file, and to avoid having to analyse each sample in a set individually, a fuzzy hashing algorithm tool like ssDeep can tell a researcherwhether two files are very similar - or not similar at all.When working with a large set of samples, the number of comparisons (which grows quadratically with the set size) may soon become extremely large though. To make this task more manageable, Cylance --------------------------------------------- http://www.virusbtn.com/blog/2015/11_27.xml?rss

1 0

Tageszusammenfassung - Donnerstag 26-11-2015
by Daily end-of-shift report 26 Nov '15

26 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 25-11-2015 18:00 − Donnerstag 26-11-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Verschlüsselung: Punkte auf der falschen elliptischen Kurve *** --------------------------------------------- Forscher der Ruhr-Universität Bochum haben einen schon lange bekannten Angriff auf Verschlüsselungsverfahren mit elliptischen Kurven in der Praxis umsetzen können. Verwundbar ist neben Java-Bibliotheken auch ein Hardware-Verschlüsselungsgerät von Utimaco. --------------------------------------------- http://www.golem.de/news/verschluesselung-punkte-auf-der-falschen-elliptisc… *** Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Shields up on potentially unwanted applications in your enterprise *** --------------------------------------------- Has your enterprise environment been bogged down by a sneaky browser-modifier which tricked you into installing adware from a seemingly harmless software bundle? Then you might have already experienced what a potentially unwanted application (PUA) can do. The good news is, the new opt-in feature for .. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/11/25/shields-up-on-potentiall… *** "Cyberangriffe werden besser und komplexer" *** --------------------------------------------- Vertreter österreichischer Unternehmen und Sicherheitsexperten diskutierten mit der futurezone über Trends in der Cyberkriminalität und den Schutz kritischer Infrastruktur. --------------------------------------------- http://futurezone.at/digital-life/cyberangriffe-werden-besser-und-komplexer… *** DSA-3405 smokeping - security update *** --------------------------------------------- Tero Marttila discovered that the Debian packaging for smokepinginstalled it in such a way that the CGI implementation of Apache httpd(mod_cgi) passed additional arguments to the smokeping_cgi program,potentially leading to arbitrary code execution in response to craftedHTTP requests. --------------------------------------------- https://www.debian.org/security/2015/dsa-3405 *** Serverseitiges JavaScript: Zwei offene Lücken in Node.js *** --------------------------------------------- Eine DoS-Schwachstelle und einen Out-of-Bounds-Zugriffsfehler bei der JavaScript-Engine V8 sind in unterschiedlichen Node.js-Versionen zu finden. Ein Patch soll nächste Woche veröffentlicht werden. --------------------------------------------- http://heise.de/-3022698 *** Ads on popular Search Engine are leading to Phishing Sites *** --------------------------------------------- The Reporting and Analysis Centre for Information Assurance (MELANI) and GovCERT.ch is aware of an ongoing phishing campaign that is targeting a large credit card issuer in Switzerland. What makes this phishing campaign somehow unique is the way how the phishers are advertising their phishing sites: while .. --------------------------------------------- http://www.govcert.admin.ch/blog/16/ads-on-popular-search-engine-are-leadin… *** Malware Researcher's Handbook (Demystifying PE File) *** --------------------------------------------- PE File Portable executable file format is a type of format that is used in Windows (both x86 and x64). As per Wikipedia, the portable executable (PE) format is a file format for executable, object code, DLLs, FON font files, and core dumps. The PE file .. --------------------------------------------- http://resources.infosecinstitute.com/2-malware-researchers-handbook-demyst… *** Smart Home: Sicherheitslücken im Zigbee-Protokoll demonstriert *** --------------------------------------------- Sicherheitsforscher haben auf der Sicherheitskonferenz Deepsec in Wien eklatante Mängel in der Sicherheit von Zigbee-Smart-Home-Geräten demonstriert. Es gelang ihnen, ein Türschloss zu übernehmen und zu öffnen. --------------------------------------------- http://www.golem.de/news/smart-home-sicherheitsluecken-im-zigbee-protokoll-… *** Windows Defender mit verstecktem Adware-Killer *** --------------------------------------------- Microsofts Virenschutz blokiert jetzt auch Adware. Eigentlich ist die nützliche Funktion für Unternehmensnetze gedacht – sie lässt sich aber auch auf gewöhnlichen Windows-Systemen freischalten, wie ein Test von heise Security zeigt. --------------------------------------------- http://heise.de/-3023579

1 0

Tageszusammenfassung - Mittwoch 25-11-2015
by Daily end-of-shift report 25 Nov '15

25 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 24-11-2015 18:00 − Mittwoch 25-11-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco Unified CallManager and Unified Presence Server ICMP Echo Request Handling Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-… *** A $10 Tool Can Guess (And Steal) Your Next Credit Card Number *** --------------------------------------------- A pattern in AmEx card numbers allows Samy Kamkars DIY gadget to predict and use new numbers for fraud as fast as the company can generate them. --------------------------------------------- http://www.wired.com/2015/11/samy-kamkar-10-dollar-tool-can-guess-and-steal… *** High-Security, Open-Source Router is a Hit on Indiegogo (Video) *** --------------------------------------------- The device is called the Turris Omnia, and its Indiegogo page says its a "hi-performance & open-source router." Their fundraising goal is $100,000. So far, 1,191 backers have pledged $248,446 (as of the moment this was typed), with 49 days left .. --------------------------------------------- http://linux.slashdot.org/story/15/11/24/1940251/high-security-open-source-… *** Hilton Acknowledges Credit Card Breach *** --------------------------------------------- Two months after KrebsOnSecurity first reported that multiple banks suspected a credit card breach at Hilton Hotel properties across the country, Hilton has acknowledged an intrusion involving malicious software found on some point-of-sale systems. --------------------------------------------- http://krebsonsecurity.com/?p=33068 *** Xen VPMU Feature May Let Local Users Deny Service, Obtain Information, and Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1034230 *** Unwanted Software and Harmful Programs *** --------------------------------------------- We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings including search engines, anti-virus programs, firewalls and and e-mail spam. Recently I came .. --------------------------------------------- https://blog.sucuri.net/2015/11/unwanted-software-and-harmful-programs.html *** Google kann nicht ohne weiteres geschützte Geräte entsperren *** --------------------------------------------- Ein Sicherheitsbericht des Bezirksstaatsanwalts von Manhattan berichtet von einer Hintertür, durch die Google auf richterlichen Beschluss in den USA auf bestimmte passwortgeschützte Android-Smartphones zugreifen können soll. Dem widerspricht jetzt ein Mitarbeiter des Android-Sicherheitsteams. --------------------------------------------- http://www.golem.de/news/android-sicherheit-google-kann-nicht-ohne-weiteres… *** House of Keys: Industry-Wide HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide *** --------------------------------------------- In the course of an internal research project we have analyzed the firmware images of more than 4000 embedded devices of over 70 vendors. The devices we have looked at include Internet gateways, routers, modems, IP cameras, VoIP phones, etc. We have specifically analyzed .. --------------------------------------------- http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html *** DSDTestProvider: Weiteres gefährliches Dell-Zertifikat entdeckt *** --------------------------------------------- Auf Dell-Computern ist ein weiteres CA-Zertifikat mitsamt privatem Schlüssel entdeckt worden. Damit kann jeder gültige Zertifikate ausstellen und die Verschlüsselung von Webseiten ad absurdum führen. Der Patch zum Löschen von eDellRoot ist verfügbar. --------------------------------------------- http://heise.de/-3020134 *** Internet Explorer: Microsoft stellt Support für fast alle Versionen ein *** --------------------------------------------- Ab Mitte Jänner wird nur mehr der IE11 mit Sicherheitsupdates versorgt – Fast ein Viertel der Web-Nutzer betroffen. --------------------------------------------- http://derstandard.at/2000026383964 *** Amazon.com setzt Passwörter von Kunden zurück *** --------------------------------------------- Einige Amazon-Kunden in den USA und Großbritannien müssen sich ein neues Passwort ausdenken. Amazon hat die Passwörter zurückgesetzt - eine reine Vorsichtsmaßnahme, wie es heißt. Doch das Statement von Amazon ist teilweise widersprüchlich und lässt viele Fragen offen. --------------------------------------------- http://www.golem.de/news/security-amazon-com-setzt-passwoerter-von-kunden-z… *** When Your CEO Won't Take Security Awareness Training *** --------------------------------------------- CEOs are often the busiest people in any organization. As security professionals, we should respect that: but what can we do when our CEO won't take security awareness training? This is not uncommon but it can be a hard nut for security .. --------------------------------------------- http://resources.infosecinstitute.com/when-your-ceo-wont-take-security-awar… *** Does prevalence matter? A different approach to traditional antimalware test scoring *** --------------------------------------------- Most well-known antimalware tests today focus on broad-spectrum malware. In other words, tests include malware that is somewhat indiscriminate (isnt necessarily targeted), at least somewhat prevalent and sometimes very prevalent. Typically,.. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/11/25/does-prevalence-matter-a… *** Moxa OnCell Central Manager Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for hardcoded credentials and authentication bypass vulnerabilities in the Moxa OnCell Central Manager Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-328-01 *** Tor-Betreiber starten Crowdfunding *** --------------------------------------------- Private Gelder sollen Abhängigkeit von US-Behörden reduzieren und Weiterentwicklung ermöglichen --------------------------------------------- http://derstandard.at/2000026409932 *** A Problem Shared *** --------------------------------------------- Information sharing has been a much discussed, but traditionally a hit-and-miss affair within the world of information security - after all, one's information can hardly be said to be secure if you're bandying it about to anyone who expresses .. --------------------------------------------- https://blog.team-cymru.org/2015/11/a-problem-shared/ *** Protecting Windows Networks - Dealing with credential theft *** --------------------------------------------- Credential theft is a huge problem, if you care to look at Verizon Data Breach reports over the years, you will see that use of stolen credentials was lingering at the top intrusion method for quite some time. They also prevalent in APT attacks. And why .. --------------------------------------------- https://dfirblog.wordpress.com/2015/11/24/protecting-windows-networks-deali… *** Ransomware Playbook - Guide for Handling Ransomware Infections *** --------------------------------------------- The following post demonstrates the writing process of a ransomware playbook for effective incident response and handling ransomware infections. --------------------------------------------- https://www.demisto.com/playbooks/playbook-for-handling-ransomware-infectio… *** Breach at IT Automation Firm LANDESK *** --------------------------------------------- LANDESK, a company that sells software to help organizations securely and remotely manage their fleets of desktop computers, servers and mobile devices, alerted employees last week that a data breach may have exposed their personal information. But LANDESK .. --------------------------------------------- http://krebsonsecurity.com/2015/11/breach-at-it-automation-firm-landesk

1 0

Tageszusammenfassung - Dienstag 24-11-2015
by Daily end-of-shift report 24 Nov '15

24 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 23-11-2015 18:00 − Dienstag 24-11-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Stealthy GlassRAT Spies on Commercial Targets *** --------------------------------------------- RSA has uncovered GlassRAT, a spy tool targeting commercial targets thats signed with a stolen certificate from a large developer in China. --------------------------------------------- http://threatpost.com/stealthy-glassrat-spies-on-commercial-targets/115453/ *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-… --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Multiple vulnerabilities in Apache Commons affecting IBM products *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971377 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971376 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971415 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971412 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971246 *** IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by operating system command vulnerability (CVE-2015-7426) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21971484 *** IBM Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2015-7416 *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1020995 *** IBM Security Bulletin: IBM Smart Analytics System 5600 is affected by a vulnerability in IBM GPFS (CVE-2015-1788) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21969177 *** IBM Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect Sytem Storage DS8000 *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1005448 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect AppScan Standard (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970847 *** Security Advisory - Overflow Vulnerabilities in SNMPv3 *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Worlds most complex cash register malware plunders millions in US *** --------------------------------------------- ModPos kernel monster threatens haul during festive shopping blitz The worlds most complex sales till malware has been discovered ... after it ripped millions of bank cards from US retailers .. --------------------------------------------- www.theregister.co.uk/2015/11/24/modpos_point_of_sale_malware/ *** Break a dozen secret keys, get a million more for free *** --------------------------------------------- For many years NIST has officially claimed that AES-128 has "comparable strength" to 256-bit ECC, namely 128 "bits of security". Ten years ago, in a talk "Is 2255−19 big enough?", I disputed this claim. The underlying attack algorithms had already been known for years, and its not hard to see their impact on key-size selection; but somehow NIST hadnt gotten .. --------------------------------------------- http://blog.cr.yp.to/20151120-batchattacks.html *** Steam Weak File Permissions Privilege Escalation *** --------------------------------------------- A low privileged user could modify the steam.exe binary and obtain code execution with elevated privileges upon an administrator login or execution of steam.exe --------------------------------------------- http://www.securityfocus.com/archive/1/536961 *** Security Advisory - Memory Overflow Vulnerability in the Huawei Smartphone *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Root-CA-Zertifikat: Dell will eDellRoot über Update entfernen *** --------------------------------------------- Dell versichert, dass Besitzer eines Dell-Computers das vom Hersteller standardmäßig installierte gefährliche CA-Zertifikat über ein Update deinstallieren oder per Hand dauerhaft entfernen können. --------------------------------------------- http://heise.de/-3015616 *** 3 Attacks on Cisco TACACS+: Bypassing the Ciscos auth *** --------------------------------------------- I would like to tell the results of my little security research of TACACS+ protocol. --------------------------------------------- http://agrrrdog.blogspot.ca/2015/11/3-attacks-on-cisco-tacacs-bypassing.html *** Hackers do the Haka - Part 1 *** --------------------------------------------- Haka is an open source network security oriented language that allows writing security rules and protocol dissectors. In this first part of a two-part series, we will focus on writing security rules. --------------------------------------------- http://thisissecurity.net/2015/11/23/hackers-do-the-haka-part-1/ *** Heap Overflow in PCRE *** --------------------------------------------- There are two variants of PCRE, the classic one and PCRE2. PCRE2 is not affected. ... If you use PCRE with potentially untrusted regular expressions you should update immediately. There is no immediate risk if you use regular expressions from a trusted source with an untrusted input. --------------------------------------------- https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html *** Ermittlern gelingt Schlag gegen weltweit agierende Phisher-Bande *** --------------------------------------------- Das LKA Sachsen hat fünf Tatverdächtige verhaftet, die bandenmäßig mit Betrugsanrufen PIN-Codes für Online-Zahlungsgutscheine abgephisht haben sollen. --------------------------------------------- http://heise.de/-3016944 *** WP Page Widget <= 2.7 - Authenticated Reflected Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8317 *** Social Share Button <= 2.1 - Authenticated Persistent Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8326 *** Google kann Android-Geräte aus der Ferne entsperren *** --------------------------------------------- Google kann offensichtlich die Bildschirmsperren der meisten Android-Geräte auf Behördenanordnung zurücksetzen. Das geht aus dem Bericht eines New Yorker Bezirksstaatsanwalt hervor. Der einzige Schutz dagegen ist die Vollverschlüsselung. --------------------------------------------- http://heise.de/-3015984 *** WP Live Chat Support <= 4.3.5 - Unauthenticated Blind SQL Injection *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8343 *** WR ContactForm <= 1.1.9 - Authenticated SQL Injection *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8341

1 0

Tageszusammenfassung - Montag 23-11-2015
by Daily end-of-shift report 23 Nov '15

23 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 20-11-2015 18:00 − Montag 23-11-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Command and Control Server Detection: Methods & Best Practices *** --------------------------------------------- Botnet C&C servers issue commands in many ways Recently I discussed botnets and the way they represent an ongoing and evolving threat to corporate IT security. This time I'll be discussing .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/command-and-control-se… *** Cisco Networking Services Sensitive Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Deepsec: ZigBee macht Smart Home zum offenen Haus *** --------------------------------------------- ZigBee-Funknetze weisen nach neuen Erkenntnissen von Sicherheitsforschern eklatante Sicherheitsmängel auf. Die Technik wird beispielsweise bei der Steuerung von Türschlössern eingesetzt. --------------------------------------------- http://heise.de/-3010287 *** Blackberry Offers Lawful Device Interception Capabilities *** --------------------------------------------- An anonymous reader writes: Apple and Google have been vocal in their opposition to any kind of government regulation of cell phone encryption. BlackBerry, however, is taking a different stance, saying it specifically supports "lawful interception capabilities" .. --------------------------------------------- http://yro.slashdot.org/story/15/11/22/0048205/blackberry-offers-lawful-dev… *** JW Player 6 Plugin for Wordpress <= 2.1.14 - Authenticated Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8260 *** DSA-3401 openjdk-7 - security update *** --------------------------------------------- It was discovered that rebinding a receiver of a direct method handlemay allow a protected method to be accessed. --------------------------------------------- https://www.debian.org/security/2015/dsa-3401 *** Bugtraq: Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation *** --------------------------------------------- Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation --------------------------------------------- http://www.securityfocus.com/archive/1/536951 *** Data breach at firm that manages Cisco, Microsoft certifications *** --------------------------------------------- Pearson VUE says credentials manager product affected Cisco, IBM, Oracle and Microsofts certification management provider, Pearson VUE, has copped to a data breach following a malware .. --------------------------------------------- www.theregister.co.uk/2015/11/23/pearson_vue_data_breach_pcm/ *** Ist hier jemand Dell-Kunde? Die shippen anscheinend ... *** --------------------------------------------- Ist hier jemand Dell-Kunde? Die shippen anscheinend eine Backdoor-CA mit ihrem Windows.Aber, mal unter uns, wer sich irgendeinen PC kauft und nicht als erstes das Windows wegschmeisst und frisch neu installiert, dem ist eh nicht zu helfen.Daher war das ja .. --------------------------------------------- http://blog.fefe.de/?ts=a8adce6b *** WP Database Backup <= 3.3 - Authenticated Persistent Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8275 *** Pornography - A Favorite Costume For Android Malware *** --------------------------------------------- 30% of Internet traffic is in some way related to pornography and this is the primary reason why malware authors are using porn apps to infect large numbers of users. During recent data mining, we noticed an increasing volume of mobile malware using pornography (disguised as porn apps) to lure victims into different scams .. --------------------------------------------- http://research.zscaler.com/2015/11/pornography-favorite-costume-for.html

1 0

Tageszusammenfassung - Freitag 20-11-2015
by Daily end-of-shift report 20 Nov '15

20 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 19-11-2015 18:00 − Freitag 20-11-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** Trojanized adware family abuses accessibility service to install whatever apps it wants *** --------------------------------------------- Shedun does not exploit a vulnerability in the service, instead it takes advantage of the service's legitimate features. By gaining the permission to use the accessibility service, Shedun is able to read the text that appears on screen, determine if an application installation prompt is shown, scroll through the permission list, and finally, press the install button without any physical interaction from the user. --------------------------------------------- https://blog.lookout.com/blog/2015/11/19/shedun-trojanized-adware/ *** Tibbo AggreGate Platform Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for vulnerabilities in the Tibbo AggreGate SCADA/HMI package. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01 *** When Hunting BeEF, Yara rules. *** --------------------------------------------- BeEF, The Browser Exploitation Framework, is a penetration-testing tool focusing on web browsers. You can think of it as the Metasploit for web browsers security testing. In fact, it offers several modules that may allow the attacker to, for example, steal web login credentials, switch on microphone and camera, etc. --------------------------------------------- https://isc.sans.edu/diary/When+Hunting+BeEF%2C+Yara+rules./20395 *** HTTP Evasions Explained - Part 8 - Borderline Robustness *** --------------------------------------------- This is part eight in a series which explains the evasions done by HTTP Evader. This part looks into the excessive and inconsistent robustness attempts done by the browser vendors and how this can be used to evade firewalls. --------------------------------------------- http://noxxi.de/research/http-evader-explained-8-borderline-robustness.html *** Nmap 7 Released! *** --------------------------------------------- I encounter many folks at security conferences who havent heard about all the modern Nmap capabilities and still just use it as a simple port scanner. Folks who dont use (or at least know about) NSE, Ncat, Nping, Zenmap, Ndiff, version detection and IPv6 scanning are really missing out! --------------------------------------------- http://seclists.org/nmap-announce/2015/6 *** contrast-rO0 *** --------------------------------------------- A lightweight Java agent for preventing attacks against object deserialization like those discussed by @breenmachine and the original researchers @frohoff and @gebl, affecting WebLogic, JBoss, Jenkins and more. --------------------------------------------- https://github.com/Contrast-Security-OSS/contrast-rO0 *** Metasploit module: Chkrootkit Local Privilege Escalation *** --------------------------------------------- Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privsec. CVE: CVE-2014-0476 --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110179 *** ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting *** --------------------------------------------- ArcSight Management Center and ArcSight Logger contain a cross-site scripting vulnerability. --------------------------------------------- http://jvn.jp/en/jp/JVN51046809/ *** IBM Security Bulletin: IBM i Access for Windows affected by vulnerabilities CVE-2015-2023 and CVE-2015-7422 *** --------------------------------------------- IBM i Access for Windows is affected by vulnerabilities CVE-2015-2023 and CVE-2015-7422. These vulnerabilities affect the Windows system running the IBM i Access for Windows product. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1020996 *** IBM Security Bulletin: Multiple vulnerabilities in current releases of IBM WebSphere Real Time *** --------------------------------------------- Java SE issues disclosed in the Oracle October 2015 Critical Patch Update, plus CVE-2015-5006 --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970978

1 0

Tageszusammenfassung - Donnerstag 19-11-2015
by Daily end-of-shift report 19 Nov '15

19 Nov '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 18-11-2015 18:00 − Donnerstag 19-11-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** GovCERT.ch zu den DDoS-Erpressungen *** --------------------------------------------- Die Kollegen aus der Schweiz haben ausführlich zu den aktuellen Erpressungsversuchen (DD4BC/Armada Collective) gebloggt und auch eine Zusammenfassung über Mitigations-Massnahmen geschrieben. --------------------------------------------- http://www.cert.at/services/blog/20151119115219-1633.html *** BSI veröffentlicht Bericht zur Lage der IT-Sicherheit in Deutschland 2015 *** --------------------------------------------- Der Bericht zur Lage der IT-Sicherheit in Deutschland beschreibt und analysiert die aktuelle IT-Sicherheitslage, die Ursachen von Cyber-Angriffen sowie die verwendeten Angriffsmittel und -methoden. Daraus abgeleitet thematisiert der Lagebericht Lösungsansätze zur Verbesserung der IT-Sicherheit in Deutschland. Der Lagebericht verdeutlicht, dass die Anzahl der Schwachstellen und Verwundbarkeiten in IT-Systemen weiterhin auf einem hohen Niveau liegt und ... --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2015/Lage_der_IT… *** ARRIS Cable Modem has a Backdoor in the Backdoor *** --------------------------------------------- While researching on the subject, I found a previously undisclosed backdoor on ARRIS cable modems, affecting many of their devices including TG862A, TG862G, DG860A. As of this writing, Shodan searches indicate that the backdoor affects over 600.000 externally accessible hosts and the vendor did not state whether its going to fix it yet. --------------------------------------------- https://w00tsec.blogspot.co.at/2015/11/arris-cable-modem-has-backdoor-in.ht… *** BSI veröffentlicht Sicherheitsstudie zu TrueCrypt *** --------------------------------------------- Im Auftrag des Bundesamtes für Sicherheit in der Informationstechnik (BSI) untersuchte das Fraunhofer-Institut für Sichere Informationstechnologie SIT die Verschlüsselungssoftware TrueCrypt auf Sicherheitslücken. ... Die Sicherheitsexperten kommen zu dem Ergebnis, dass TrueCrypt weiterhin für die Verschlüsselung von Daten auf Datenträgern geeignet ist. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2015/Sicherheits… *** ZDI-15-570: SQLite fts3_tokenizer Untrusted Pointer Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/U5RlY6kAls0/ *** Encrypt - Moderately Critical - Weak Encryption - SA-CONTRIB-2015-166 *** --------------------------------------------- This module enables you to encrypt data within Drupal using a user-configurable encryption method and key provider. The module did not sufficiently validate good configurations and api usage resulting in multiple potential weaknesses ... --------------------------------------------- https://www.drupal.org/node/2618362 *** Actors using exploit kits - How they change tactics, (Thu, Nov 19th) *** --------------------------------------------- Introduction Exploit kits (EKs) are used by criminals to infect unsuspecting users while they are browsing the web. EKs are hosted on servers specifically dedicated to the EK. How are the users computers directed to an EK? It happens through compromised websites. Threat actors compromise legitimate websites, and pages from these compromised servers have injected script that connects the users computer to an EK server. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20391&rss *** NVIDIA Driver Windows Control Panel Unquoted Search Path Lets Local Users Gain Elevated Privileges *** --------------------------------------------- The NVIDIA Control Panel executable Smart Maximize Helper (nvSmartMaxApp.exe) uses an unquoted path when launching process threads. A local user can place a specially crafted program in certain locations in the search path to cause arbitrary code to be executee with elevated privileges during Windows startup. --------------------------------------------- http://www.securitytracker.com/id/1034175 *** NVIDIA 3D Driver for Windows Named Pipe Access Control Flaw Lets Remote Authenticated Users Gain Elevated Privileges *** --------------------------------------------- The 3D Driver's 'Vision service' (nvSCPAPISvr.exe) creates a named pipe without proper access controls. A local user or a remote authenticated user can create a specially crafted run key entry to execute arbitrary command line statements with the privileges of the target user. In a Windows Domain environment, a remote authenticated user with access to a domain-joined system can exploit this flaw within the joined domain. --------------------------------------------- http://www.securitytracker.com/id/1034173 *** Microsoft Security Intelligence Report: Strontium *** --------------------------------------------- The Microsoft Security Intelligence Report (SIR) provides a regular snapshot of the current threat landscape, using data from more than 600 million computers worldwide. The latest report (SIRv19) was released this week and includes a detailed analysis of the actor group STRONTIUM - a group that uses zero-day exploits to collect the sensitive information of high-value targets in government and political organizations. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/11/18/microsoft-security-intel… *** NVIDIA NVAPI and Kernel Mode Driver Bugs Let Local Users Deny Service, Obtain Potentially Sensitive Information, and Gain Elevated Privielges *** --------------------------------------------- The NVAPI support layer of NVIDIA GPU graphics drivers does not properly validate user-supplied input. In addition, an integer overflow may occur in the kernel mode driver. A local user can exploit these vulnerabilities to potentially sensitive information, deny service, or execute arbitrary code on the target system with elevated privileges. --------------------------------------------- http://www.securitytracker.com/id/1034176 *** Open-Xchange Guard 2.0 Cross Site Scripting *** --------------------------------------------- Topic: Open-Xchange Guard 2.0 Cross Site Scripting Risk: Low Text:Product: Open-Xchange Guard Vendor: Open-Xchange GmbH Internal reference: 41466 (Bug ID) Vulnerability type: Cross-Site-Sc... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015110166 *** Edgy online shoppers face Dyre Christmas as malware mutates *** --------------------------------------------- Bank-plundering code now hunts Windows 10 and its Edge browser VXers have cooked up Windows 10 and Edge support for the nasty Dyre or Dyreza banking trojan. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/11/19/edgy_online… *** Windows Sandbox Attack Surface Analysis *** --------------------------------------------- TL;DR; I've released my tools I use internally to test out sandboxed code and determine the likely attack surface exposed to an attacker if a sandboxed process is compromised. You can get the source code from https://github.com/google/sandbox-attacksurface-analysis-tools. This blog post will describe a few common use cases so that you can use them to do your own sandbox analysis. --------------------------------------------- http://googleprojectzero.blogspot.co.at/2015/11/windows-sandbox-attack-surf… *** Bugtraq: CVE-2015-8131: Kibana CSRF vulnerability *** --------------------------------------------- Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a CSRF attack. We have been assigned CVE 2015-8131 for this issue. CVSS Score: 4.0 Remediation: We recommend that all Kibana users upgrade to either 4.1.3, 4.2.1, or a later version. --------------------------------------------- http://www.securityfocus.com/archive/1/536935 *** Russian financial cybercrime: how it works *** --------------------------------------------- The Russian-language cybercrime market is known all over the world. Kaspersky Lab experts have been monitoring the Russian hacker underground since its emergence. In this review we analyze how financial cybercrime works. --------------------------------------------- http://securelist.com/analysis/publications/72782/russian-financial-cybercr… *** VMSA-2015-0008 *** --------------------------------------------- vCenter Server, vCloud Director, Horizon View information disclosure issue VMware products that use Flex BlazeDS may be affected by a flaw in the processing of XML External Entity (XXE) requests. A specially crafted XML request sent to the server could lead to unintended information be disclosed. ... The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-3269 to this issue. --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0008.html *** Cisco Unified Interaction Manager Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the web chat interface of Cisco Unified Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the chat on the affected system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-… *** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450) *** --------------------------------------------- An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by WebSphere Application Server and WebSphere Application Server Hypervisor Edition. This vulnerability does not affect the IBM HTTP Server or versions of WebSphere Application Server prior to Version 7.0. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21970575

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily