Daily

daily@lists.cert.at

1 participants
3249 discussions

Tageszusammenfassung - Mittwoch 17-02-2016
by Daily end-of-shift report 17 Feb '16

17 Feb '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 16-02-2016 18:00 − Mittwoch 17-02-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco 1000 Series Connected Grid Routers SNMP BRIDGE MIB Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Stuxnet als erster Akt: USA wollten Iran mit Cyberangriff lahmlegen *** --------------------------------------------- Geheimprojekt "Nitro Zeus" hätte Infrastruktur zerstören sollen – außerdem detaillierte Pläne gegen Nuklearanlage .. --------------------------------------------- http://derstandard.at/2000031233923 *** Machine-Learning: Künstliche neuronale Netzwerke erleichtern Passwortcracking *** --------------------------------------------- Ein Machbarkeitsnachweis zeigt, dass künstliche neuronale Netzwerke mit etwas Training benutzt werden können, um Passwörter zu knacken. Selbst bei recht komplexen klappt das erstaunlich gut. --------------------------------------------- http://www.golem.de/news/machine-learning-kuenstliche-neuronale-netzwerke-e… *** Pwning CCTV cameras *** --------------------------------------------- CCTV is ubiquitous in the UK. A recent study estimates there are about 1.85m cameras across the UK - most in private premises. Most of those cameras will be connected to some kind of recording device, which these days means a Digital Video Recorder or DVR. --------------------------------------------- https://www.pentestpartners.com/blog/pwning-cctv-cameras/ *** Gerichtliche Anordnung zum iPhone-Entsperren: Apple-Chef Tim Cook widersetzt sich *** --------------------------------------------- Tim Cook hat sich ungewöhnlicherweise in einem offenen Brief an die Kunden gewandt. Darin begründet er, warum sich das Unternehmen weigert, dem FBI mit einer Hintertür bei Ermittlungen zu helfen. --------------------------------------------- http://heise.de/-3107769 *** Verheerender Fehler gefährdet fast alle Linux-Systeme *** --------------------------------------------- Fehler in der glibc kann zum Einschmuggeln von Code ausgenutzt werden - Update dringend empfohlen --------------------------------------------- http://derstandard.at/2000031281408 *** Linux Fysbis Trojan, a new weapon in the Pawn Storm's arsenal *** --------------------------------------------- Malware researchers at PaloAlto discovered the Fysbis Trojan, a simple and an effective Linux threat used by the Russian cyberspy group Pawn Storm. Do you remember the Pawn Storm hacking crew? Security experts have identified this group of Russian hackers with several names, including .. --------------------------------------------- http://securityaffairs.co/wordpress/44551/hacking/pawn-storm-linux-fysbis-t… *** Mazar: Forscher warnen vor mächtiger Android-Malware *** --------------------------------------------- Verwendet Tor-Netzwerk um Spuren zu verwischen - Kann volle Kontrolle �bernehmen, braucht aber reichlich Mitarbeit der Nutzer --------------------------------------------- http://derstandard.at/2000031296473 *** OceanLotus for OS X - an Application Bundle Pretending to be an Adobe Flash Update *** --------------------------------------------- In May 2015, researchers at Qihoo 360 published a report on OceanLotus that included details about malware targeting Chinese infrastructure. In that report, there is a description about a piece of malware that targets OS X systems. A sample of that malware was uploaded to VirusTotal a few months .. --------------------------------------------- https://www.alienvault.com/open-threat-exchange/blog/oceanlotus-for-os-x-an… *** [HTB23284]: RCE via CSRF in osCommerce *** --------------------------------------------- High-Tech Bridge Security Research Lab discovered vulnerability in popular e-commerce software osCommerce with 280,000 store owners (according to the vendor). The vulnerability can be exploited to execute arbitrary PHP code on the remote system, compromise the vulnerable web application, its database and even the web server and related environment. --------------------------------------------- https://www.htbridge.com/advisory/HTB23284 *** [HTB23291]: SQL Injection in webSPELL *** --------------------------------------------- High-Tech Bridge Security Research Lab discovered two vulnerabilities in a popular CMS webSPELL developed for the needs of esport related communities. The vulnerability allows a remote authenticated attacker with cashbox access privileges to execute arbitrary SQL commands .. --------------------------------------------- https://www.htbridge.com/advisory/HTB23291 *** The Dridex Banking Trojan *** --------------------------------------------- Dridex is a generation of banking trojans, one of the most prominent threats for companies. A banking trojan basically is malicious software (malware) that tries to obtain confidential information from your computer system, targetting specifically online banking and payment systems. The Dridex trojan is equipped to steal all data necessary for fraudulent activities. --------------------------------------------- http://www.techknow.one/forum/index.php?topic=9346

1 0

Tageszusammenfassung - Dienstag 16-02-2016
by Daily end-of-shift report 16 Feb '16

16 Feb '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 15-02-2016 18:00 − Dienstag 16-02-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** More Multi-Architecture IoT Malware, (Mon, Feb 15th) *** --------------------------------------------- Attackers have problems too: Attacks against Internet of Things (IoT) devices are simple (as in log in...), but the attacker never knows what kind of architecture they may hit. IoT devices often go beyond the standard x86 architecture we are used to on our servers and workstations. What I typically see .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20731 *** Password cracking attacks on Bitcoin wallets net $103,000 *** --------------------------------------------- Hackers have siphoned about $103,000 out of Bitcoin accounts that were protected with an alternative security measure, according to research that tracked six years' worth of transactions. Account-holders used easy-to-remember passwords to protect their accounts instead of the long cryptographic keys normally required. --------------------------------------------- http://arstechnica.com/security/2016/02/password-cracking-attacks-on-bitcoi… *** Cisco Emergency Responder Cross-Site Scripting Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Exploiting (pretty) blind SQL injections, (Mon, Feb 15th) *** --------------------------------------------- Although a lot has been written about SQL injection vulnerabilities, they can still be found relatively often. In most of the cases Ive seen in last couple of years, I had to deal with blind SQL injection vulnerabilities. Typically, .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20733 *** VoIP phones can be turned into spying or money-making tools *** --------------------------------------------- A security vulnerability present in many enterprise-grade VoIP phones can easily be exploited by hackers to spy on employees and management, says security consultant Paul Moore. In a less dangerous attack alternative, these compromised devices can also be made to covertly place calls to premium .. --------------------------------------------- https://www.helpnetsecurity.com/2016/02/16/voip-phones-can-turned-spying-mo… *** Ransomware: Neben deutschen Krankenhäusern auch US-Klinik von Virus lahmgelegt *** --------------------------------------------- Nicht nur in Deutschland kämpfen Krankenhäuser immer wieder gegen Verschlüsselungstrojaner. In Los Angeles ist eine Klinik seit mehr als einer Woche lahmgelegt. Die Programmierer fordern angeblich mehr als 3 Millionen US-Dollar Lösegeld. --------------------------------------------- http://heise.de/-3103733 *** "Fake President": E-Mail-Betrüger erleichtern Konzerne um Millionenbeträge *** --------------------------------------------- Vorstands-Accounts und machen ahnungslose Buchhalter zu ihren Komplizen --------------------------------------------- http://derstandard.at/2000031179980 *** Geldautomaten: Skimming an der Netzwerkbuchse *** --------------------------------------------- Skimming ist ein bekanntes Problem - Kriminelle verwenden nachgebaute Tastaturfelder und Magnetkartenleser, um Kundendaten an Geldautomaten zu kopieren. Jetzt warnt der Hersteller NCR vor neuen Gefahren. --------------------------------------------- http://www.golem.de/news/geldautomaten-skimming-an-der-netzwerkbuchse-1602-… *** USN-2855-2: Samba regression *** --------------------------------------------- Ubuntu Security Notice USN-2855-216th February, 2016samba regressionA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryUSN-2855-1 introduced a regression in .. --------------------------------------------- http://www.ubuntu.com/usn/usn-2855-2/ *** Erpressungs-Trojaner Locky schlägt offenbar koordiniert zu *** --------------------------------------------- Locky lauerte vermutlich bereits eine Weile auf den infizierten Systemen, ehe es am vergangenen Montag zeitgleich bei mehreren Opfern mit der Verschlüsselung persönlicher Dateien begonnen hat. --------------------------------------------- http://heise.de/-3104069 *** Stuxnet angeblich Teil eines größeren Angriffs auf kritische Infrastruktur des Iran *** --------------------------------------------- Dass die USA und Israel hinter Stuxnet steckten, um Irans Atomprogramm zu stören, gilt mittlerweile als gesichert. Ein neuer Dokumentarfilm behauptet nun, dass der Cyber-Wurm Teil eines viel größeren Programms war, das den ganzen Iran lahmlegen sollte. --------------------------------------------- http://heise.de/-3104957 *** TYPO3 CMS 6.2.18 and 7.6.3 released *** --------------------------------------------- Both versions are maintenance releases and contain bug and security fixes. In case the extension compatibility6 is used, please make sure to upgrade to version 7.6.2. --------------------------------------------- https://typo3.org/news/article/typo3-cms-6218-and-763-released/ *** Glibc: Sicherheitslücke gefährdet fast alle Linux-Systeme *** --------------------------------------------- Eine schwerwiegende Sicherheitslücke klafft in der Glibc-Bibliothek, die in fast allen Linux-Systemen genutzt wird: Eine DNS-Funktion erlaubt die Ausführung von bösartigem Code. Nutzer sollten schnellstmöglich Updates installieren. --------------------------------------------- http://www.golem.de/news/glibc-sicherheitsluecke-gefaehrdet-fast-alle-linux… *** CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow *** --------------------------------------------- The glibc project thanks the Google Security Team and Red Hat for reporting the security impact of this issue, and Robert Holiday of Ciena for reporting the related bug 18665. --------------------------------------------- https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

1 0

Tageszusammenfassung - Montag 15-02-2016
by Daily end-of-shift report 15 Feb '16

15 Feb '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 12-02-2016 18:00 − Montag 15-02-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** A Look Behind The Skype Malvertising Campaign *** --------------------------------------------- As reported by F-Secure, a recent malvertising campaign has been hitting several top publishers to push the Angler exploit kit and install the TeslaCrypt ransomware, according to the Finnish company. Some of these infections happened via Skype, which displays ad banners within its product. --------------------------------------------- https://blog.malwarebytes.org/malvertising-2/2016/02/a-look-behind-the-skyp… *** Fake SUPEE-5344 Patch Steals Payment Details *** --------------------------------------------- In case you don't know, SUPEE-5344 is an official security patch to the infamous Magento shoplift bug. That bug allows bad actors to obtain admin access to vulnerable Magento sites. While the patch was released February 2015 many sites unfortunately did .. --------------------------------------------- https://blog.sucuri.net/2016/02/fake-supee-5344-patch-steals-payment-detail… *** VMware VMSA-2015-0007.3 has been Re-released, (Sat, Feb 13th) *** --------------------------------------------- VMware has re-issue VMSA-2015-0007.3 today after they found an earlier fix for CVE-2016-2342 was incomplete. Affected ESXi versions are: 5.0, 5.1 and 5.5. Advisory can be .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20727 *** Critical Fixes Issued for Windows, Java, Flash *** --------------------------------------------- Microsoft Windows users and those with Adobe Flash Player or Java installed, its time to update again! Microsoft released 13 updates to address some three dozen unique security vulnerabilities. Adobe issued security updates for its Flash Player software that plugs at least 22 security holes in the widely-used browser plugin. Meanwhile, Oracle issued an unscheduled security fix for Java, its second security update for Java in as many weeks. --------------------------------------------- http://krebsonsecurity.com/2016/02/criticial-fixes-issued-for-windows-java-… *** Verschlüsselungs-Trojaner: mp3-Variante von TeslaCrypt *** --------------------------------------------- Leser gaben der Redaktion Hinweise auf verschlüsselte Dateien mit der Endung .mp3. Die scheint eine neue Variante des Verschlüsselungs-Trojaners TeslaCrypt zu erzeugen. --------------------------------------------- http://heise.de/-3101992 *** DSA-3477 iceweasel - security update *** --------------------------------------------- Holger Fuhrmannek discovered that missing input sanitising in theGraphite font rendering engine could result in the execution of arbitrarycode. --------------------------------------------- https://www.debian.org/security/2016/dsa-3477 *** Nigerianischer Astronaut im All verloren: Spam begeistert Netz *** --------------------------------------------- Nutzer können angeblich ein Investment von drei Millionen Dollar verdoppeln --------------------------------------------- http://derstandard.at/2000031110981 *** IT-Sicherheit: Immer mehr komplexe Angriffe auf Firmen *** --------------------------------------------- Neuer Cybersicherheits-Bericht zeigt erhöhte Gefahrenlage im Internet --------------------------------------------- http://derstandard.at/2000031119634 *** Mazar Bot Actively Targeting Android Devices *** --------------------------------------------- Researchers at Heimdal Security report public attacks against Android devices using the Mazar bot, which was advertised months ago in a Russian cybercrime forum. --------------------------------------------- http://threatpost.com/mazar-bot-actively-targeting-android-devices/116240/ *** Update auf Version 1.17: Veracrypt soll jetzt doppelt so schnell sein *** --------------------------------------------- Veracrypt ist einer der beliebtesten Nachfolger des eingestellten Truecrypt - ein Update bringt jetzt neue Funktionen. Ausserdem soll das Laden von Containern deutlich schneller vonstattengehen - bislang einer der grössten Kritikpunkte .. --------------------------------------------- http://www.golem.de/news/update-auf-version-1-17-veracrypt-soll-jetzt-doppe… *** Virus legte Krankenhaus in Deutschland lahm *** --------------------------------------------- "Befunde mussten persönlich, per Telefon oder Fax übermittelt werden" --------------------------------------------- http://derstandard.at/2000031136914 *** [R1] Nessus < 6.5.5 Multiple Vulnerabilities *** --------------------------------------------- http://www.tenable.com/security/tns-2016-02 *** Reflecting on Recent iOS and Android Security Updates *** --------------------------------------------- The last thirty days proven to be yet another exciting time for the mobile security ecosystem. Apple and Google released updates for their respective mobile operating systems that fix several critical issues - including some in the kernel that may be exploited remotely. --------------------------------------------- https://blog.zimperium.com/reflecting-on-recent-ios-and-android-security-up…

1 0

Tageszusammenfassung - Freitag 12-02-2016
by Daily end-of-shift report 12 Feb '16

12 Feb '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 11-02-2016 18:00 − Freitag 12-02-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** SC Congress: "flakey kettles and dolls that swear at you" *** --------------------------------------------- Ken Munro, managing director of Pen Test Partners, showed the SC Congress just how easy it is to crack a whole range of IoT nonsense --------------------------------------------- http://www.scmagazine.com/sc-congress-flakey-kettles-and-dolls-that-swear-a… *** Determining Physical Location on the Internet *** --------------------------------------------- Interesting research: "CPV: Delay-based Location Verification for the Internet": Abstract: The number of location-aware services over the Internet continues growing. Some of these require the clients geographic location for security-sensitive applications. Examples include location-aware authentication, location-aware access policies, fraud prevention, complying with media licensing, and regulating online gambling/voting. An adversary can evade existing geolocation techniques, e.g.,... --------------------------------------------- https://www.schneier.com/blog/archives/2016/02/determining_phy.html *** New Trojan threatens users' bank accounts *** --------------------------------------------- February 12, 2016 Banking Trojans are considered to be one of the most dangerous threats. Not only they have a complex architecture but they are also capable to perform a wide variety of functions. Yet, some attackers do not disdain to contrive rather primitive malicious programs such as, for example, Trojan.Proxy2.102, which was examined by Doctor Web specialists. Trojan.Proxy2.102 steals money from victims' bank accounts using the following method. Once launched, it installs a root... --------------------------------------------- http://news.drweb.com/show/?i=9840&lng=en&c=9 *** Vermehrte Scans und Workarounds zu Ciscos ASA-Lücke *** --------------------------------------------- Die Angreifer sammeln offenbar bereits aktiv Informationen zu möglicherweise verwundbaren Systemen, während die Verteidiger noch mit den Tücken des Updates kämpfen. --------------------------------------------- http://heise.de/-3100443 *** Download.com and Others Bundle Superfish-Style HTTPS Breaking Adware *** --------------------------------------------- It's a scary time to be a Windows user. Lenovo was bundling HTTPS-hijacking Superfish adware, Comodo ships with an even worse security hole called PrivDog, and dozens of other apps like LavaSoft are doing the same. It's really bad, but if you want your encrypted web sessions to be hijacked just head to CNET Downloads or any freeware site, because they are all bundling HTTPS-breaking adware now. --------------------------------------------- http://www.howtogeek.com/210265/download.com-and-others-bundle-superfish-st… *** How to Avoid Potentially Unwanted Programs *** --------------------------------------------- We've come up with a PUPs cheat sheet that businesses can use to train IT staff and users. A little PUPs awareness, if you will. Read on to learn more about how you get PUPs, Categories: Online SecurityTags: avoidpotentially unwanted programsPUP(Read more...) --------------------------------------------- https://blog.malwarebytes.org/online-security/2016/02/how-to-avoid-potentia… *** How to use the traffic light protocol - TLP *** --------------------------------------------- The TLP or Traffic Light Protocol is a set of designations designed to help sharing of sensitive information. It has been widely adopted in the CSIRT and security community. The originator of the information labels the information with one of four colours. These colours indicate what further dissemination, if any, can be undertaken by the recipient. Note that the colours only mark the level of dissemination, not the sensitivity level (although they often align). --------------------------------------------- https://www.vanimpe.eu/2015/08/21/use-traffic-light-protocol-tlp/ *** D-Link DSL-2750B Remote Command Execution *** --------------------------------------------- Topic: D-Link DSL-2750B Remote Command Execution Risk: High Text:After some playing around Ive noticed something interesting during login phase: by sending wrong credentials, user is redirec... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016020128 *** Sophos UTM 9 Cross Site Scripting *** --------------------------------------------- Topic: Sophos UTM 9 Cross Site Scripting Risk: Low Text: -- Vendor: -- Sophos (https://www.sophos.com) -- Affected Products/Versions: -- Produc... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016020117 *** ASUS Router Administrative Interface Exposure *** --------------------------------------------- Topic: ASUS Router Administrative Interface Exposure Risk: Low Text:Asus wireless routers running ASUSWRT firmware (in other words, anything with an RT- in the model name) have a design flaw in w... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016020116 *** ZCM 11.3.x - Fix for CVE-2015-5970 ZCM ZENworks ChangePassword XPath Injection Information Disclosure Vulnerability - See TID 7017240 *** --------------------------------------------- Abstract: Vulnerability overview: CVE-2015-5970 An XPath injection exists in the ChangePassword RPC method implementation. By combining this with an entity reference to a file on the appliance, an attacker can exfiltrate arbitrary text files from the vulnerable device.This issue has been found and reported by cpnrodzc7 working with HPs Zero Day Initiative (ZDI-CAN-3136). Patch overview: This patch contains the necessary files and installation information to correct the below issue on ZCM 11.3.x --------------------------------------------- https://download.novell.com/Download?buildid=vt0EO0DgaX8~ *** ZCM 11.4.x - Fix for CVE-2015-5970 ZCM ZENworks ChangePassword XPath Injection Information Disclosure Vulnerability - See TID 7017240 *** --------------------------------------------- Abstract: Vulnerability overview: CVE-2015-5970 An XPath injection exists in the ChangePassword RPC method implementation. By combining this with an entity reference to a file on the appliance, an attacker can exfiltrate arbitrary text files from the vulnerable device.This issue has been found and reported by cpnrodzc7 working with HPs Zero Day Initiative (ZDI-CAN-3136). Patch overview: This patch contains the necessary files and installation information to correct the below issue on ZCM 11.4.x --------------------------------------------- https://download.novell.com/Download?buildid=SOM6P0NdZ5U~ *** PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1035005 *** DFN-CERT-2016-0260: Mozilla Firefox, Firefox ESR: Zwei Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0260/ *** DFN-CERT-2016-0263: Cacti: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0263/

1 0

Tageszusammenfassung - Donnerstag 11-02-2016
by Daily end-of-shift report 11 Feb '16

11 Feb '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 10-02-2016 18:00 − Donnerstag 11-02-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Critical bug found in Cisco ASA products, attackers are scanning for affected devices *** --------------------------------------------- Several Cisco Adaptive Security Appliance (ASA) products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code exec... --------------------------------------------- http://www.net-security.org/secworld.php?id=19427 *** Some notes on VirusTotal. *** --------------------------------------------- Many of you are probably familiar with VirusTotal, a service that allows you to scan a file or URL using multiple antivirus and URL scanners. VirusTotal results are often used in write-ups about...read moreThe post Some notes on VirusTotal. appeared first on Webroot Threat Blog. --------------------------------------------- http://www.webroot.com/blog/2016/02/09/some-notes-on-virustotal/ *** Seo-moz.com SEO Spam Campaign *** --------------------------------------------- Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisements by linking visitors to unwanted websites and stuffing spam keywords into the site. These links and keywords help the spam websites to rank higher in search engines like Google, sending evenRead More The post Seo-moz.com SEO Spam Campaign appeared first on Sucuri Blog. --------------------------------------------- https://blog.sucuri.net/2016/02/seo-moz-com-seo-spam-campaign.html *** Malvertising Via Skype Delivers Angler *** --------------------------------------------- A recent malvertising campaign shows that platforms that display ads, even when they are not necessarily the browser, are not immune to the attack. An example of a popular non-browser application that shows ads is Skype. These images would be familiar to avid Skype users. This did not really bother us much until last night, when we... --------------------------------------------- https://labsblog.f-secure.com/2016/02/10/malvertising-via-skype-delivers-an… *** Tomcat IR with XOR.DDoS, (Thu, Feb 11th) *** --------------------------------------------- Apache Tomcat is a java based web service that is used for different applications. While you may have it running in your environment, you may not be familiar with its workings to provide adequate incident response "> "> ">0 S root 31847 1 0 80 0 - 1124641 futex_ 2015 ? 02:36:33 /usr/bin/java -classpath /usr/share/apache-tomcat-7.0.65/bin/bootstrap.jar ">Here you can see that it is running from /usr/share/apache-tomcat-7.0.65. ">The Tomcat configurations --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20721&rss *** Building automation systems are so bad IBM hacked one for free *** --------------------------------------------- Remote sites owned as router, controller and server all fall to pen-test team An IBM-led penetration testing team has thoroughly owned an enterprise building management network in a free assessment designed to publicise the horrid state of embedded device security. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/02/11/building_au… *** How Malware Detects Virtualized Environment, and its Countermeasures - An Overview *** --------------------------------------------- Virtual Machines are usually considered a good way to analyze malware as they can provide an isolated environment for the malware to trigger but their actions can be controlled and intercepted. However, modern age malware detects their environment in which they are running, and if they detect they are running in VM, they sustain their... --------------------------------------------- http://resources.infosecinstitute.com/how-malware-detects-virtualized-envir… *** DFN-CERT-2016-0252: Cisco Adaptive Security Appliance Software: Eine Schwachstelle ermöglicht die Übernahme der Systemkontrolle *** --------------------------------------------- Eine Schwachstelle in der Cisco Adaptive Security Appliances Software ermöglicht einem entfernten, nicht authentifizierten Angreifer beliebigen Programmcode auszuführen und so die Kontrolle über ein betroffenes System zu übernehmen, auch ist die Durchführung eines Denial-of-Service-Angriffs möglich. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0252/ *** ZDI-16-163: Dell SonicWALL GMS Virtual Appliance Deserialization of Untrusted Data Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-163/ *** ZDI-16-164: Dell SonicWALL GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL GMS Virtual Appliance. Authentication is required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-164/ *** Cisco Spark Representational State Transfer Interface Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Spark Representational State Transfer Interface Unauthorized Access Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Spark Representational State Transfer Interface Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Advanced Malware Protection and Email Security Appliance Proxy Engine Security Bypass Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates *** --------------------------------------------- A number of vulnerabilities have been identified in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway that could allow a malicious, unprivileged user to perform privileged operations or execute commands. --------------------------------------------- https://support.citrix.com/article/CTX206001 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in libssh2 affects PowerKVM (CVE-2015-1782) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023318 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in curl affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1023307 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects Tivoli Storage Manager Operations Center and Tivoli Storage Manager Client Management Service (CVE-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=swg21976362 --------------------------------------------- *** IBM Security Bulletin:Security Bulletin: Vulnerability in IBM Java Runtime affect AppScan Source (CVE-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=swg21976569 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in cpio affects PowerKVM (CVE-2014-9112) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023298 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Linux Kernel affects PowerKVM (CVE-2016-0728) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023279 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in OpenSSL affects IBM Netezza Platform Software clients (CVE-2015-3194) *** http://www.ibm.com/support/docview.wss?uid=swg21976419 --------------------------------------------- *** IBM Security Bulletin: IBM Sterling Order Management is affected by Apache Commons Collections security vulnerabilities (CVE-2015-7450) *** http://www.ibm.com/support/docview.wss?uid=swg21975793 --------------------------------------------- *** IBM Security Bulletin: Cross-site scripting vulnerability in Liberty for Java for IBM Bluemix (CVE-2015-7417) *** http://www.ibm.com/support/docview.wss?uid=swg21976218 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM JAVA Runtime affect AppScan Source (CVE-2015-4872) *** http://www.ibm.com/support/docview.wss?uid=swg21976159 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 10-02-2016
by Daily end-of-shift report 10 Feb '16

10 Feb '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 09-02-2016 18:00 − Mittwoch 10-02-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Fast Flux Bot Nets and Fluxer - Part 1 *** --------------------------------------------- This time well start a two-parter on fast flux bot nets including the concept of domain generation algorithms. --------------------------------------------- http://www.scmagazine.com/fast-flux-bot-nets-and-fluxer--part-1/article/473… *** DMA Locker Strikes Back *** --------------------------------------------- A few days ago we published a post about a new ransomware - DMA Locker (read more here). At that time, it was using a pretty simple way of storing keys. Having the original sample was enough to recover files. Unfortunately, the latest version (discovered February 8th) comes with several improvements and RSA key. Let's... --------------------------------------------- https://blog.malwarebytes.org/news/2016/02/dma-locker-strikes-back/ *** Linode SSH key blunder left virtual servers open to man-in-the-middle fiddles for months *** --------------------------------------------- Regen your keys ASAP Web hosting biz Linode broke the security in its customers virtual machines, allowing attackers to eavesdrop on SSH connections and hijack them. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/02/09/linode_ssh_… *** Skimmers Hijack ATM Network Cables *** --------------------------------------------- If you have ever walked up to an ATM to withdraw cash only to decide against it after noticing a telephone or ethernet cord snaking from behind the machine to a jack in the wall, your paranoia may not have been misplaced: ATM maker NCR is warning about skimming attacks that involve keypad overlays, hidden cameras and skimming devices plugged into the ATM network cables to intercept customer card data. --------------------------------------------- http://krebsonsecurity.com/2016/02/skimmers-hijack-atm-network-cables/ *** Patchday: Microsoft stopft 6 kritische Lücken, lässt alte Internet-Explorer-Versionen im Regen stehen *** --------------------------------------------- Es ist wieder einmal Zeit zum Updaten für Microsoft-Anwender. Wer noch ältere Versionen des Internet Explorer im Einsatz hat, muss jetzt schleunigst handeln. --------------------------------------------- http://heise.de/-3098499 *** The history of Cryptowall: a large scale cryptographic ransomware threat *** --------------------------------------------- This tracker focusses on tracking the development changes in the CryptoWall ransomware, it does not attempt to track every single CryptoWall sample that exists. It simply exists to track the family in a more higher level fashion, a few samples will be listed next to specific versions just for reference rather than bulk collection. The timeline below shows the development track of CryptoWall when new versions were first seen. Below the timeline you will find an overview. --------------------------------------------- https://www.cryptowalltracker.org/ *** Sparkle-Installer: Gatekeeper-Sicherung für Macs lässt sich umgehen *** --------------------------------------------- Viele App-Entwickler für Mac nutzen das Sparkle-Framwork für praktische Auto-Updates - und machen damit zahlreiche Mac-Programme angreifbar. Betroffen sind nicht nur VLC und uTorrent. --------------------------------------------- http://www.golem.de/news/man-in-the-middle-angriff-sparkle-installer-macht-… *** Cracking Damn Insecure and Vulnerable App (DIVA) - part 5: *** --------------------------------------------- In the first four articles, we have discussed solutions for the first eleven challenges in DIVA. In this last article of this series, we will discuss the remaining two challenges that are related to native code. In case if you missed the previous articles in this series, here are the links. http://resources.infosecinstitute.com/cracking-damn-insecure-and-vulnerable… http://resources.infosecinstitute.com/cracking-damn-insecure-and-vulnerable… --------------------------------------------- http://resources.infosecinstitute.com/cracking-damn-insecure-and-vulnerable… *** Hijacking forgotten & misconfigured subdomains *** --------------------------------------------- Its been a while since my last blog post, so I decided to release a new tool. I think that we need more articles about "DNS hacking", I hope that you will learn something new here. --------------------------------------------- http://www.xexexe.cz/2016/02/hijacking-forgotten-misconfigured.html *** Network forensic analysis tool NetworkMiner 2.0 released *** --------------------------------------------- NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. ... --------------------------------------------- http://www.net-security.org/secworld.php?id=19421 *** MSRT February 2016 *** --------------------------------------------- The February release of the Microsoft Malicious Software Removal Tool (MSRT) includes updated detections for the following malware families: Bladabindi Gamarue Sality Kelihos Diplugem The updates include detections for the latest variants from these malware families. There were no new malware families added to the MSRT this month. The MSRT works in tandem with real-time... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/02/09/msrt-february-2016/ *** MS16-FEB - Microsoft Security Bulletin Summary for February 2016 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS16-FEB *** Deception: Shine Bright Like a Diamond *** --------------------------------------------- ***German Summary: Projektpläne, Designs, Kundendaten: Die Kronjuwelen eines jeden Unternehmens gehören vor Cyberkriminellen unter allen Umständen versteckt - oder? Werfen Sie den Ködern aus, denn jetzt täuschen die Guten! Deception ("Täuschung") lautet der neue Cyber-Security-Ansatz, der nach Schätzungen des renommierten Marktforschungsunternehmens Gartner bereits 2018 in rund 10 % aller Unternehmen zum Einsatz kommen wird. Virtuelle Fallen... --------------------------------------------- http://blog.sec-consult.com/2016/02/deception-shine-bright-like-diamond.html *** Tollgrade SmartGrid Sensor Management System Software Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for vulnerabilities in Tollgrade Communications, Inc.'s SmartGrid LightHouse Sensor Management System (SMS) Software EMS. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-040-01 *** Bugtraq: Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216) *** --------------------------------------------- http://www.securityfocus.com/archive/1/537490 *** Bugtraq: ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/537489 *** Bugtraq: dotDefender Firewall CSRF *** --------------------------------------------- http://www.securityfocus.com/archive/1/537491 *** [2016-02-10] Yeager CMS multiple vulnerabilities *** --------------------------------------------- Yeager CMS suffers from multiple critical security issues including multiple SQL injections, arbitrary file upload, server-side request forgery and non-permanent cross-site scripting vulnerabilities. Unauthenticated attackers are able to compromise Yeager CMS in both application and database levels. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016… *** DFN-CERT-2016-0237: Horde Application Framework: Zwei Schwachstellen ermöglichen einen Cross-Site-Scripting-Angriff *** --------------------------------------------- 09.02.2016 --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-0237/ *** Cisco Security Advisories *** --------------------------------------------- *** Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Prime Collaboration Provisioning Local Privilege Escalation Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Application Policy Infrastructure Controller Enterprise Module Web Framework Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Video Communications Server Information Disclosure Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Unified Products Information Disclosure Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Unified Communications Manager Information Disclosure Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect Liberty for Java for IBM Bluemix January 2016 CPU (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448) *** http://www.ibm.com/support/docview.wss?uid=swg21976217 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Security SiteProtector System (CVE-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=swg21976042 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Manager (FSM) (CVE-2016-0777, CVE-2016-0778) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023319 --------------------------------------------- *** IBM Security Bulletin: IBM Pure Power Integrated Manager (PPIM) is affected by vulnerabilities in ntp (CVE-2014-9750, CVE-2014-9751) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023291 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Pure Power Integrated Manager (PPIM) (CVE-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=isg3T1023292 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects Watson Explorer (CVE-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=swg21974808 --------------------------------------------- *** IBM Security Bulletin: IBM Netezza SQL Extensions is vulnerable to an OpenSource PCRE Vulnerability (CVE-2015-8380, CVE-2015-8382, CVE-2015-8391) *** http://www.ibm.com/support/docview.wss?uid=swg21976124 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities identified in IBM Java SDK affect WebSphere Service Registry and Repository Studio (CVE-2015-4872, CVE-2015-4911, CVE-2015-4893, CVE-2015-4803) *** http://www.ibm.com/support/docview.wss?uid=swg21971058 --------------------------------------------- *** IBM Security Bulletin: A libxml vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-1819) *** http://www.ibm.com/support/docview.wss?uid=swg21976393 --------------------------------------------- *** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Mobile (CVE-2014-8121) *** http://www.ibm.com/support/docview.wss?uid=swg21976290 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in nss-softokn affects IBM Security Access Manager for Mobile (CVE-2015-2730) *** http://www.ibm.com/support/docview.wss?uid=swg21976295 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by an OpenSSH vulnerability (CVE-2008-5161) *** http://www.ibm.com/support/docview.wss?uid=swg21976082 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by multiple NTP vulnerabilities *** http://www.ibm.com/support/docview.wss?uid=swg21975967 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM MQ Light (CVE-2015-3197) *** http://www.ibm.com/support/docview.wss?uid=swg21976345 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVS-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=swg21975832 --------------------------------------------- *** IBM Security Bulletin: A Security Vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis *** http://www.ibm.com/support/docview.wss?uid=swg21975544 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in cURL and libcURL affect IBM Security Access Manager (CVE-2014-3613, CVE-2014-8150) *** http://www.ibm.com/support/docview.wss?uid=swg21974736 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM MQ Light (CVE-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=swg21976341 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 9-02-2016
by Daily end-of-shift report 09 Feb '16

09 Feb '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 08-02-2016 18:00 − Dienstag 09-02-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Gate To Nuclear EK Uses Fake CloudFlare DDoS Check *** --------------------------------------------- This rogue CloudFlare page hides a malicious payload. Categories: ExploitKits Tags: cloudflareEKNuclear(Read more...) --------------------------------------------- https://blog.malwarebytes.org/exploitkits/2016/02/gate-to-nuclear-ek-uses-f… *** Patching Complex Web Vulnerabilities Using ModSecurity WAF *** --------------------------------------------- In this blog post we will demonstrate complicated examples of common web application vulnerabilities, and see how they can be mitigated with ModSecurity WAF. --------------------------------------------- https://www.htbridge.com/blog/patching-complex-web-vulnerabilities-using-mo… *** Its 2016 and a font file can own your computer *** --------------------------------------------- Libgraphite font library buggy and vulnerable in Firefox, Thunderbird, WordPad and more says Talos Cisco-owned Talos has announced a bunch of font library bugs present in apps running on Windows and Linux, affecting client and-server-side machines. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/02/09/libgraphite… *** Power Grid Honeypot Puts Face on Attacks *** --------------------------------------------- Researchers from MalCrawler built a honeypot mimicking an electronic management system at the heart of a power grid, exposing attackers' behavior once they have access to critical infrastructure systems. --------------------------------------------- http://threatpost.com/power-grid-honeypot-puts-face-on-attacks/116217/ *** Russian hackers used malware to manipulate the Dollar/Ruble exchange rate *** --------------------------------------------- Russian-language hackers have managed to break into Russian regional bank Energobank, infect its systems, and gain unsanctioned access to its trading system terminals, which allowed them to manipulat... --------------------------------------------- http://www.net-security.org/malware_news.php?id=3201 *** How to Hack the Power Grid Through Home Air Conditioners *** --------------------------------------------- Researchers show how hackers can manipulate the remote on-off device installed on some air conditioners to cause a blackout. --------------------------------------------- http://www.wired.com/2016/02/how-to-hack-the-power-grid-through-home-air-co… *** (Not only) Oracle Java Windows installer vulnerable *** --------------------------------------------- Oracle hat einen Out-of-Band Patch für Java 6, 7 und 8 für Windows veröffentlicht, mit dem eine Sicherheitslücke im Installationsprozess geschlossen wird. Es sind dazu bereits zahlreiche Medienberichte erschienen, in denen allerdings häufig die Tatsache ausser acht gelassen wird, dass es sich hier nicht um eine Java-spezifische Schwachstelle handelt. Das Problem - Stichwort "Binary Planting" -... --------------------------------------------- http://www.cert.at/services/blog/20160209102305-1678.html *** Security Bulletins Posted *** --------------------------------------------- Security Bulletins for Adobe Photoshop and Bridge (APSB16-03), Flash Player (APSB16-04), Adobe Experience Manager (APSB16-05) and Adobe Connect (APSB16-07) have been published. Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant security bulletin. This... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1315 *** DSA-3472 wordpress - security update *** --------------------------------------------- Two vulnerabilities were discovered in wordpress, a web blogging tool.The Common Vulnerabilities and Exposures project identifies thefollowing problems: --------------------------------------------- https://www.debian.org/security/2016/dsa-3472 *** DSA-3471 qemu - security update *** --------------------------------------------- Several vulnerabilities were discovered in qemu, a full virtualizationsolution on x86 hardware. --------------------------------------------- https://www.debian.org/security/2016/dsa-3471 *** DSA-3470 qemu-kvm - security update *** --------------------------------------------- Several vulnerabilities were discovered in qemu-kvm, a fullvirtualization solution on x86 hardware. --------------------------------------------- https://www.debian.org/security/2016/dsa-3470 *** DSA-3469 qemu - security update *** --------------------------------------------- Several vulnerabilities were discovered in qemu, a full virtualizationsolution on x86 hardware. --------------------------------------------- https://www.debian.org/security/2016/dsa-3469 *** USN-2880-2: Firefox regression *** --------------------------------------------- Ubuntu Security Notice USN-2880-28th February, 2016firefox regressionA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryUSN-2880-1 introduced a regression in Firefox.Software description firefox - Mozilla Open Source web browser DetailsUSN-2880-1 fixed vulnerabilities in Firefox. This update introduced aregression which caused Firefox to crash on startup with some configurations.This update fixes the problem.We apologize --------------------------------------------- http://www.ubuntu.com/usn/usn-2880-2/

1 0

Tageszusammenfassung - Montag 8-02-2016
by Daily end-of-shift report 08 Feb '16

08 Feb '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-02-2016 18:00 − Montag 08-02-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** Magento PCI Compliance Issues and Theft Over TLS *** --------------------------------------------- With about 30% of the market share, Magento is gradually becoming a "WordPress" of the ecommerce world. Like WordPress, it becomes a major target for hackers due to its popularity. However, in the case of Magento, the main goal that hackers pursue is to steal money, either from shop customers or the shop owners. During... --------------------------------------------- https://blog.sucuri.net/2016/02/theft-over-tls-or-illusion-of-pci-complianc… *** Extracting and distributing information on incidents, or what is PROKI *** --------------------------------------------- In the last blogpost, I promised to write something about our new project PROKI. PROKI is the abbreviation of the Czech phrase for "prediction and protection against cyber incidents" and in this project, our team set two goals for itself. --------------------------------------------- http://en.blog.nic.cz/2016/02/05/extracting-and-distributing-information-on… *** GitHub bug bounty hunting *** --------------------------------------------- Last month, I went hunting for security bugs in GitHub, a popular platform for sharing and collaborating on code. After spending many hours mapping out GitHub's infrastructure, and testing for weaknesses without any significant results or leads, I shifted my focus to the service providers. This is a write-up about two of the issues I found, which both have since been addressed. --------------------------------------------- https://medium.com/@ircbot/github-bug-bounty-hunting-741de324be1c *** Netgear-Router-Software: Schwachstelle ermöglicht Dateiupload und Download *** --------------------------------------------- Die Router-Verwaltungssoftware Netgear Management System hat ein Sicherheitsproblem. Angreifer können zwischen einer Remote-Code-Execution und einer Directory-Traversal-Schwachstelle wählen. Einen Patch gibt es bislang nicht. --------------------------------------------- http://www.golem.de/news/netgear-router-software-schwachstelle-ermoeglicht-… *** Bankomat-Trick: Geld abheben, Kontostand bleibt gleich *** --------------------------------------------- Die Angriffe auf Finanzinstitute werden immer erfinderischer. Eine neue Schadsoftware bucht Finanzbeträge aufs Konto zurück, nachdem diese bei Bankomaten abgehoben wurden. --------------------------------------------- http://futurezone.at/digital-life/bankomat-trick-geld-abheben-kontostand-bl… *** T9000 backdoor steals documents, records Skype conversations, victims actions *** --------------------------------------------- A new backdoor Trojan with spyware capabilities is being used in targeted attacks against organizations based in the United States. It has been dubbed T9000, since its a newer, improved version of th... --------------------------------------------- http://www.net-security.org/malware_news.php?id=3199 *** Avast SafeZone Browser Lets Attackers Access Your Filesystem *** --------------------------------------------- Just two days after Comodos Chromodo browser was publicly shamed by Google Project Zero security researcher Tavis Ormandy, its now Avasts turn to be scorned for failing to provide a "secure" browser for its users. --------------------------------------------- http://news.softpedia.com/news/avast-safezone-browser-lets-attackers-access… *** Adwind: FAQ *** --------------------------------------------- Adwind - a cross-platform RAT, multifunctional malware program which is distributed through a single malware-as-a-service platform. Different versions of the Adwind malware have been used in attacks against at least 443,000 private users, commercial and non-commercial organizations around the world. --------------------------------------------- http://securelist.com/blog/research/73660/adwind-faq/ *** Java installer flaw shows why you should clear your Downloads folder *** --------------------------------------------- On most computers, the default download folder quickly becomes a repository of old and unorganized files that were opened once and then forgotten about. A recently fixed flaw in the Java installer highlights why keeping this folder clean is important.On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason is that older Java... --------------------------------------------- http://www.cio.com/article/3030707/security/java-installer-flaw-shows-why-y… *** Netgear Pro NMS 300 Code Execution / File Download *** --------------------------------------------- Topic: Netgear Pro NMS 300 Code Execution / File Download Risk: High Text:>> Remote code execution / arbitrary file download in NETGEAR ProSafe Network Management System NMS300 >> Discovered by Pedro ... --------------------------------------------- https://cxsecurity.com/issue/WLB-2016020070 *** Oracle Security Alert for CVE-2016-0603 - 5 February 2016 *** --------------------------------------------- To be successfully exploited, this vulnerability requires that an unsuspecting user be tricked into visiting a malicious web site and download files into the user's system before installing Java SE 6, 7 or 8. Though relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user’s system. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-28743… *** Bugtraq: [security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/537461 *** Bugtraq: [security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/537460 *** 0Day Vulnerabilities in Advantech WebAccess *** --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-146/ http://www.zerodayinitiative.com/advisories/ZDI-16-147/ http://www.zerodayinitiative.com/advisories/ZDI-16-148/ http://www.zerodayinitiative.com/advisories/ZDI-16-149/ http://www.zerodayinitiative.com/advisories/ZDI-16-150/ http://www.zerodayinitiative.com/advisories/ZDI-16-151/ http://www.zerodayinitiative.com/advisories/ZDI-16-152/ http://www.zerodayinitiative.com/advisories/ZDI-16-153/ http://www.zerodayinitiative.com/advisories/ZDI-16-154/ http://www.zerodayinitiative.com/advisories/ZDI-16-155/ --------------------------------------------- *** SSA-253230 (Last Update 2016-02-08): Vulnerabilities in SIMATIC S7-1500 CPU *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-253230… *** Bugtraq: Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys) *** --------------------------------------------- http://www.securityfocus.com/archive/1/537471 *** WooCommerce - Store Toolkit Plugin Privilege Escalation <= 1.5.6 *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8385 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: A vulnerability in net-snmp affects IBM DataPower Gateways (CVE-2015-5621) *** http://www.ibm.com/support/docview.wss?uid=swg21975340 --------------------------------------------- *** IBM Security Bulletin: A cross-site scripting vulnerability has been identified in IBM Security Access Manager for Web (CVE-2015-8531) *** http://www.ibm.com/support/docview.wss?uid=swg21974651 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager for Web is affected by multiple NTP vulnerabilities *** http://www.ibm.com/support/docview.wss?uid=swg21974652 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Net-SNMP affect IBM Security Access Manager for Web (CVE-2014-3565, CVE-2015-5621) *** http://www.ibm.com/support/docview.wss?uid=swg21974644 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM QRadar SIEM, and QRadar Incident Forensics (CVE-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=swg21976113 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM DataPower Gateways (CVE-2015-7575) *** http://www.ibm.com/support/docview.wss?uid=swg21974965 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability found in IBM WebSphere Commerce (CVE-2015-7444) *** http://www.ibm.com/support/docview.wss?uid=swg21974307 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager for Web is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183) *** http://www.ibm.com/support/docview.wss?uid=swg21974648 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183) *** http://www.ibm.com/support/docview.wss?uid=swg21974650 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Security Access Manager for Web (CVE-2015-7421, CVE-2015-7420) *** http://www.ibm.com/support/docview.wss?uid=swg21974750 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Security Access Manager for Mobile (CVE-2015-7421, CVE-2015-7420) *** http://www.ibm.com/support/docview.wss?uid=swg21974747 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Mobile *** http://www.ibm.com/support/docview.wss?uid=swg21973139 --------------------------------------------- *** IBM Security Bulletin: A libxml vulnerability affects IBM Security Access Manager for Web (CVE-2015-1819) *** http://www.ibm.com/support/docview.wss?uid=swg21974737 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in XML processing affects IBM DataPower Gateways (CVE-2015-1819) *** http://www.ibm.com/support/docview.wss?uid=swg21975341 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Storage Manager ASNODENAME Vulnerability (CVE-2015-7408) *** http://www.ibm.com/support/docview.wss?uid=swg21975957 --------------------------------------------- *** IBM Security Bulletin: A Linux-PAM vulnerability affects IBM Security Access Manager for Web (CVE-2015-3238) *** http://www.ibm.com/support/docview.wss?uid=swg21974738 --------------------------------------------- *** IBM Security Bulletin: A Linux-PAM vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-3238) *** http://www.ibm.com/support/docview.wss?uid=swg21975882 --------------------------------------------- *** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Web (CVE-2014-8121) *** http://www.ibm.com/support/docview.wss?uid=swg21974653 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in nss-softokn affects IBM Security Access Manager for Web (CVE-2015-2730) *** http://www.ibm.com/support/docview.wss?uid=swg21974657 --------------------------------------------- *** IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a Denial of Service attack, and Sensitive Information Exposure. (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196) *** http://www.ibm.com/support/docview.wss?uid=swg21976148 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 5-02-2016
by Daily end-of-shift report 05 Feb '16

05 Feb '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-02-2016 18:00 − Freitag 05-02-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** WP-Invoice <= 4.1.0 - Multiple Vulnerabilities *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8378 *** User Meta Manager <= 3.4.6 - Authenticated Blind SQL Injection *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8380 *** User Meta Manager <= 3.4.6 - Privilege Escalation *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8379 *** Racing MIDI messages in Chrome *** --------------------------------------------- This is a guest blog post by Oliver Chang from the Chrome Security team.This post is about an exceptionally bad use after free bug in Chrome's browser process that affected Linux, Chrome OS and OS X. What makes this bug interesting is the fact that it could be directly triggered from the web without .. --------------------------------------------- http://googleprojectzero.blogspot.com/2016/02/racing-midi-messages-in-chrom… *** DSA-3466 krb5 - security update *** --------------------------------------------- Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3466 *** Neutrino Exploit Kit Not Responding - Bug or Feature? *** --------------------------------------------- A couple of weeks ago we were looking at some exploit kits in one of our lab environments and noticed a decline in the number of Neutrino instances were seeing. This sent us on yet another journey to investigate Neutrino .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Neutrino-Exploit-Kit-Not-Res… *** Chrome picks up bonus security features on Windows 10 *** --------------------------------------------- The Windows 10 November update (version 1511, build 10586) included a handful of new security features to provide protection against some security issues that have kept on popping up in Windows for a number of years. Google yesterday added source .. --------------------------------------------- http://arstechnica.com/information-technology/2016/02/chrome-picks-up-bonus… *** A trip through the spam filters: more malspam with zip attachments containing .js files *** --------------------------------------------- I was discussing malicious spam (malspam) with a fellow security professional earlier this week. He was examining malspam with zip attachments containing .js files. This is something Ive covered previously in ISC .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20697 *** Verschlüsselungs-Trojaner TeslaCrypt 2 geknackt; Kriminelle rüsten nach *** --------------------------------------------- Opfer des berüchtigten Verschlüsselungs-Trojaners TeslaCrypt können aufatmen: Das kostenlose Tool TeslaDecoder kann zumindest die Dateien der Version 2 entschlüsseln. Doch die Betrüger schlafen nicht: Aktuell kursiert schon Version 3. --------------------------------------------- http://heise.de/-3092667 *** Eset NOD32 Antivirus 9 gefährdet https-Verschlüsselung *** --------------------------------------------- Eset NOD32 Antivirus 9 installiert einen SSL-Filter, der sich in die Verschlüsselung einklinkt. Wie heise Security entdeckte, akzeptiert er dabei unter Umständen gefälschte Zertifikate; ein Update des Herstellers beseitigt den Fehler. --------------------------------------------- http://heise.de/-3095024 *** Dridex: Botnet verteilt Virenscanner *** --------------------------------------------- Gelingt es Cyberkriminellen, ihre Malware auf fremden Rechnern einzuschleusen, nutzen sie dies mitunter aus, um sie zum Teil eines Botnets zu machen. Über ihre Server steuern sie die kompromittierten Computer und nutzen ihre .. --------------------------------------------- http://derstandard.at/2000030450321 *** The Malware Museum @ Internet Archive *** --------------------------------------------- Here's what submitting a virus sample looked like back in the days of 5" floppy disks. And now you can see classic viruses in action at The Malware Museum. Do you feel like emulating old malware inside a MS-DOS Virtual Machine inside .. --------------------------------------------- https://labsblog.f-secure.com/2016/02/05/the-malware-museum-internet-archiv… *** Positive Research Center *** --------------------------------------------- In December 2015, I found a critical vulnerability in one of PayPal business websites (manager.paypal.com). It allowed me to execute arbitrary shell commands on PayPal web servers via unsafe Java object deserialization and to access production databases. I immediately reported this bug to PayPal security team, and it was fixed promptly. --------------------------------------------- http://blog.ptsecurity.com/2016/02/paypal-remote-code-execution.html

1 0

Tageszusammenfassung - Donnerstag 4-02-2016
by Daily end-of-shift report 04 Feb '16

04 Feb '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-02-2016 18:00 − Donnerstag 04-02-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Weiterhin etliche IP-Kameras von Aldi unzureichend geschützt *** --------------------------------------------- Nach wie vor ist mindestens eine dreistellige Zahl der bei Aldi verkauften Maginon-Kameras ohne Passwort über das Internet steuerbar. Unterdessen hat sich herausgestellt, dass der Hersteller bereits im Juni 2015 informiert wurde. --------------------------------------------- http://heise.de/-3092642 *** Cisco Unified Communications Manager SQL Injection Vulnerability *** --------------------------------------------- A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** CERT: Poor password policy leaves OpenELEC operating system vulnerable to hackers *** --------------------------------------------- The CERT Division at Carnegie Mellon University yesterday issued an alert detailing a password vulnerability in the Open Embedded Linux Entertainment Center operating system. --------------------------------------------- http://www.scmagazine.com/cert-poor-password-policy-leaves-openelec-operati… *** Macro Redux: the Premium Package *** --------------------------------------------- Earlier this week we came across an interesting spam email. It was targeted at one of our customers in the retail industry. It contained a Microsoft Word document (MD5 = b74604d0081e68e91d64b361601d79c4) with a rather small macro in it. All that macro did was save a copy of the document as RTF, open it and then .. --------------------------------------------- http://labs.bromium.com/2016/02/03/macro-redux-the-premium-package/ *** Cisco Jabber Guest Server HTTP Web-Based Management Interface Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the HTTP web-based management interface of the Cisco Jabber Guest application could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Fake Adobe Flash Update OS X Malware *** --------------------------------------------- Yesterday, while investigating some Facebook click-bait, I came across a fake Flash update that is targeting OS X users. Fake flash updates have been very common to infect OS X. They do not rely on a vulnerability in the operating system. Instead, the user is asked to willingly install them, by making .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20693 *** No More Deceptive Download Buttons *** --------------------------------------------- In November, we announced that Safe Browsing would protect you from social engineering attacks - deceptive tactics that try to trick you into doing something dangerous, like installing unwanted software or revealing your personal information (for example, passwords, phone numbers, or credit cards). You may .. --------------------------------------------- https://googleonlinesecurity.blogspot.co.uk/2016/02/no-more-deceptive-downl… *** l+f: Web-Dienst prüft Präsenz sicherheitsrelevanter HTTP-Header *** --------------------------------------------- Mit securityheaders.io kann man herausfinden, welche Schutzfunktionen ein Server über die HTTP-Header scharf schaltet. --------------------------------------------- http://heise.de/-3095001

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily