=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 19-02-2016 18:00 − Montag 22-02-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** glibc: Neue Version repariert dramatische Lücke in Linux-Netzwerkfunktionen ***
---------------------------------------------
Den kritische Fehler, den Angreifer zur Übernahme von Linux-Systemen nutzen konnten, hat das glibc-Team mit Version 2.23 offenbar behoben. Die anderen Änderungen wie Unicode-8-Support stehen im Schatten des Bugfix.
---------------------------------------------
http://heise.de/-3112519
*** Joomla Sites Join WordPress As TeslaCrypt Ransomware Target ***
---------------------------------------------
Joomla is the newest prey of attackers behind a campaign that has targeted WordPress websites by injecting JavaScript files with malicious code.
---------------------------------------------
http://threatpost.com/joomla-sites-join-wordpress-as-teslacrypt-ransomware-…
*** PCI DSS 3.2 slated for early 2016 ***
---------------------------------------------
PCI DSS version 3.2, scheduled for release in the first half of 2016, likely March or April, will address the current threat landscape as well as "trending attacks causing compromises" detailed in current breach forensics reports.
---------------------------------------------
http://www.scmagazine.com/pci-dss-32-slated-for-early-2016/article/478089/
*** Investigating a Compromised Server with Rootcheck ***
---------------------------------------------
What do you do if you suspect your server (VPS or dedicated) has been compromised? If you are a customer, you have the option to leverage our team to perform the incident response on your behalf, but what if you want to do an investigation on your own? In this ..
---------------------------------------------
https://blog.sucuri.net/2016/02/investigating-a-compromised-server-with-roo…
*** Wie Privatleute von Online-Kriminellen zur Geldwäsche missbraucht werden ***
---------------------------------------------
Kriminelle Banden nutzen unscheinbare Privatleute zur Geldwäsche. Neuerdings haben sie auch Flüchtlinge im Visier. An die Hintermänner kommt man kaum ran.
---------------------------------------------
http://heise.de/-3112859
*** Security: Rätselhafter Anstieg von Tor-Adressen ***
---------------------------------------------
Ein ungewöhnlicher Anstieg von .onion-Adressen im Tor-Netzwerk gibt zurzeit Rätsel auf. Grund für den Anstieg könnte eine neue Messaging-App sein - oder Malware.
---------------------------------------------
http://www.golem.de/news/security-sprunghafter-anstieg-von-tor-adressen-160…
*** Warning - Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System ***
---------------------------------------------
Are you also the one who downloaded Linux Mint on February 20th? You may have been Infected! Linux Mint is one of the best and popular Linux distros available today, but if you have downloaded and installed the operating system recently you ..
---------------------------------------------
https://thehackernews.com/2016/02/linux-mint-hack.html
*** DSA-3479 graphite2 - security update ***
---------------------------------------------
Multiple vulnerabilities have been found in the Graphite font renderingengine which might result in denial of service or the execution ofarbitrary code if a malformed font file is processed.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3479
*** Synology NAS DSM 5.2 Remote Code Execution (RCE) ***
---------------------------------------------
RCE in Synology NAS DSM 5.2 due to lack of input sanitisation. RCE triggered indirectly via port forwarding mechanism in the NAS UI.
---------------------------------------------
http://rileykidd.com/2016/01/12/synology-nas-dsm-5-2-remote-code-execution-…
*** A Skeleton Key of Unknown Strength ***
---------------------------------------------
TL;DR: The glibc DNS bug (CVE-2015-7547) is unusually bad. Even Shellshock and Heartbleed tended to affect things we knew were on the network and knew we had to defend. This affects a universally used library (glibc) at a universally used protocol (DNS). Generic tools that we didn't even know had network surface (sudo) are thus exposed, as is software written in ..
---------------------------------------------
http://dankaminsky.com/2016/02/20/skeleton/
*** Sicherheitsforscher: Piraten-App-Store vorübergehend in Apples App Store ***
---------------------------------------------
Über mehrere Monate hat eine in Apples offiziellem Software-Laden erhältliche, als Übersetzungs-Tool getarnte iOS-App ihren Nutzern offenbar gecrackte Apps zum Download angeboten.
---------------------------------------------
http://heise.de/-3113988
*** Deutschland: "Bundestrojaner" ist einsatzbereit ***
---------------------------------------------
Nach monatelangen Vorbereitungen steht den Ermittlernin Deutschland eine eigene Software für Online-Durchsuchungen zur Verfügung.
---------------------------------------------
http://futurezone.at/netzpolitik/deutschland-bundestrojaner-ist-einsatzbere…
*** Neue Masche: Krypto-Trojaner Locky über Javascript-Dateien verbreitet ***
---------------------------------------------
Nachdem der Verschlüsselungs-Trojaner zunächst vor allem über Office-Dateien verbreitet wurde, verschicken die Täter jetzt Skripte. Dadurch ist ein Ludwigsluster Wursthersteller unfreiwillig zur Anlaufstelle der Locky-Opfer geworden.
---------------------------------------------
http://heise.de/-3113689
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 18-02-2016 18:00 − Freitag 19-02-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Maimed Ramnit Still Lurking in the Shadow ***
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2016/02/maimed_ramnit_still.ht…
*** ZDI-16-172: Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-172/
*** Mutliple vulnerabilities in SAP 3D Visual Enterprise Viewer SketchUp document ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-176/http://www.zerodayinitiative.com/advisories/ZDI-16-175/http://www.zerodayinitiative.com/advisories/ZDI-16-174/http://www.zerodayinitiative.com/advisories/ZDI-16-173/
*** Krypto-Trojaner Locky wütet in Deutschland: Über 5000 Infektionen pro Stunde ***
---------------------------------------------
Die neue Ransomware Locky findet hierzulande offenbar massenhaft Opfer, darunter auch ein Fraunhofer-Institut. Inzwischen haben die Täter ihrem Schädling sogar Deutsch beigebracht.
---------------------------------------------
http://heise.de/-3111774
*** B+B SmartWorx VESP211 Authentication Bypass Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an authentication bypass vulnerability in B+B SmartWorx's VESP211 serial servers.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-049-01
*** AMX Multiple Products Credential Management Vulnerabilities ***
---------------------------------------------
This advisory contains mitigations details for hard-coded passwords in multiple AMX products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-049-02
*** Privilege Escalation: Schon wieder Sicherheitslücke bei Comodo ***
---------------------------------------------
Ein unsicheres Standardpasswort in der Comodo-Internet-Security-Suite ermöglicht es Angreifern, ihre Rechte zu erweitern, um beliebige Programme auszuführen. Auf dem Rechner selbst - aber möglicherweise auch aus der Ferne.
---------------------------------------------
http://www.golem.de/news/privilege-escalation-schon-wieder-sicherheitslueck…
*** Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates ***
---------------------------------------------
http://support.citrix.com/article/CTX206001
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 17-02-2016 18:00 − Donnerstag 18-02-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** WordPress Sites Leveraged in Layer 7 DDoS Campaigns ***
---------------------------------------------
We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back on March 2014. The problem, as previously described,was that any WordPress website with the pingback feature enabled (which is on by default) could ..
---------------------------------------------
https://blog.sucuri.net/2016/02/wordpress-sites-leveraged-in-ddos-campaigns…
*** Angler exploit kit generated by "admedia" gates, (Thu, Feb 18th) ***
---------------------------------------------
On 2016-02-01, the Sucuri blog reported a spike in compromised WordPress sites generating hidden iframes with malicious URLs [1]. By 2016-02-02, I started seeing exploit kit (EK) traffic related to this campaign [2]. Sucuri noted that admedia was a common string used in malicious URLs generated by ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20741
*** SimpliSafe home alarms transmit PIN unlock codes in the clear - ideal for lurking burglars ***
---------------------------------------------
How to break into hundreds of thousands of homes in America Pics and vid If youve got a SimpliSafe wireless home alarm system, as hundreds of thousands of homes in the US apparently do, then its time to buy a new alarm system because yours is screwed.
---------------------------------------------
www.theregister.co.uk/2016/02/17/simplisafe_wireless_home_alarm_system_crac…
*** Nodejs - Access bypass - Moderately Critical -- DRUPAL-SA-CONTRIB-2016-007 ***
---------------------------------------------
The module doesn't disconnect unauthenticated sockets, allowing those sockets to receive broadcast messages. For sites that only serve authenticated pages, or only allows Node.js connections from authenticated users, the expectation is that only authenticated Drupal users will see broadcast messages.
---------------------------------------------
https://www.drupal.org/node/2670636
*** Commerce Authorize.Net SIM/DPM Payment Methods - Access Bypass - DRUPAL-SA-CONTRIB-2016-006 ***
---------------------------------------------
The module doesn't sufficiently protect against the premature triggering of order completion without successful payment by the manual entry of a specially-constructed URL which contains the correct payment redirect key.
---------------------------------------------
https://www.drupal.org/node/2670632
*** Instagram rolls out two factor authentication ***
---------------------------------------------
But SMS still a mess. Hipsters and selfie-lovers will enjoy extra security after Instagram added two-factor authentication to its service.
---------------------------------------------
www.theregister.co.uk/2016/02/18/instagram_rolls_out_two_factor_authenticat…
*** Funkregulierung: TP-Link muss WLAN-Firmware sperren ***
---------------------------------------------
TP-Link sperrt die Firmware aller WLAN-Geräte. Andere Hersteller tun es wohl auch. Damit können User ihre Geräte nicht mehr warten. Das bewirkt die neue Funkregulierung auf beiden Seiten des Atlantik.
---------------------------------------------
http://heise.de/-3109847
*** Gerichtlich angeordnete iPhone-Entsperrung: Google-Chef unterstützt Widerstand des Apple-Chefs ***
---------------------------------------------
Google-Chef Sundar Pichai meint so wie Apple-Chef Tim Cook, falls sich das FBI durchsetze, dass Apple beim Entsperren eines iPhone zu helfen habe, werde ein riskanter Präzedenzfall geschaffen.
---------------------------------------------
http://heise.de/-3109864
*** These were the Top 10 Android Threats in 2015 - Plus, What to Expect in 2016 ***
---------------------------------------------
Mobile World Congress is next week and F-Secure is jazzed to be participating again - it promises to be another awesome expo. But while the tech world buzzes about which devices will be unveiled by the top handset makers, leave it to us to interrupt the conversation to remind you about security ..
---------------------------------------------
http://safeandsavvy.f-secure.com/2016/02/18/these-were-the-top-10-android-t…
*** DSA-3482 libreoffice - security update ***
---------------------------------------------
An anonymous contributor working with VeriSign iDefense Labsdiscovered that libreoffice, a full-featured office productivitysuite, did not correctly handle Lotus WordPro files. This would enablean attacker to crash the program, or execute arbitrary code, bysupplying a specially crafted ..
---------------------------------------------
https://www.debian.org/security/2016/dsa-3482
*** Ransomware: US-Krankenhaus zahlt 40 Bitcoins Lösegeld ***
---------------------------------------------
Bitcoins im Wert von 15.000 Euro blätterte ein Krankenhaus in Los Angeles hin, um seine von einem Erpressungstrojaner verschlüsselten Daten wieder freizukriegen. Das sei der schnellste Weg gewesen, sagte der Krankenhaus-Chef.
---------------------------------------------
http://heise.de/-3109956
*** VB2015 paper: Will Android Trojans, Worms or Rootkits Survive in SEAndroid and Containerization? ***
---------------------------------------------
Sophos researchers Rowland Yu and William Lee look at whether recent security enhancements to Android, such as SEAndroid and containerization, will be enough to defeat future malware threats.
---------------------------------------------
https://www.virusbulletin.com/blog/2016/02/vb2015-paper-will-android-trojan…
*** A Letter to the Insiders - Think Twice ***
---------------------------------------------
Insider threats come in many forms, from the unwitting to the negligent, and even the downright malicious. For those who may be unwillingly co-opted into cybercrime, either by subterfuge or coercion, we can provide education, technical measures, policies and processes that limit the risk. But what can ..
---------------------------------------------
https://blog.team-cymru.org/2016/02/a-letter-to-the-insiders-think-twice/
*** New Ransomware PadCrypt: The first with Live Chat Support ***
---------------------------------------------
A new ransomware has been discovered and what sets apart this variant from the rest is its implementation of a chat interface embedded into the product. That link for 'Live Chat' will prompt...read moreThe post New Ransomware PadCrypt: The first with Live Chat Support appeared first on Webroot Threat Blog.
---------------------------------------------
http://www.webroot.com/blog/2016/02/18/new-ransomware-padcrypt-first-live-c…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 16-02-2016 18:00 − Mittwoch 17-02-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Cisco 1000 Series Connected Grid Routers SNMP BRIDGE MIB Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Stuxnet als erster Akt: USA wollten Iran mit Cyberangriff lahmlegen ***
---------------------------------------------
Geheimprojekt "Nitro Zeus" hätte Infrastruktur zerstören sollen – außerdem detaillierte Pläne gegen Nuklearanlage ..
---------------------------------------------
http://derstandard.at/2000031233923
*** Machine-Learning: Künstliche neuronale Netzwerke erleichtern Passwortcracking ***
---------------------------------------------
Ein Machbarkeitsnachweis zeigt, dass künstliche neuronale Netzwerke mit etwas Training benutzt werden können, um Passwörter zu knacken. Selbst bei recht komplexen klappt das erstaunlich gut.
---------------------------------------------
http://www.golem.de/news/machine-learning-kuenstliche-neuronale-netzwerke-e…
*** Pwning CCTV cameras ***
---------------------------------------------
CCTV is ubiquitous in the UK. A recent study estimates there are about 1.85m cameras across the UK - most in private premises. Most of those cameras will be connected to some kind of recording device, which these days means a Digital Video Recorder or DVR.
---------------------------------------------
https://www.pentestpartners.com/blog/pwning-cctv-cameras/
*** Gerichtliche Anordnung zum iPhone-Entsperren: Apple-Chef Tim Cook widersetzt sich ***
---------------------------------------------
Tim Cook hat sich ungewöhnlicherweise in einem offenen Brief an die Kunden gewandt. Darin begründet er, warum sich das Unternehmen weigert, dem FBI mit einer Hintertür bei Ermittlungen zu helfen.
---------------------------------------------
http://heise.de/-3107769
*** Verheerender Fehler gefährdet fast alle Linux-Systeme ***
---------------------------------------------
Fehler in der glibc kann zum Einschmuggeln von Code ausgenutzt werden - Update dringend empfohlen
---------------------------------------------
http://derstandard.at/2000031281408
*** Linux Fysbis Trojan, a new weapon in the Pawn Storm's arsenal ***
---------------------------------------------
Malware researchers at PaloAlto discovered the Fysbis Trojan, a simple and an effective Linux threat used by the Russian cyberspy group Pawn Storm. Do you remember the Pawn Storm hacking crew? Security experts have identified this group of Russian hackers with several names, including ..
---------------------------------------------
http://securityaffairs.co/wordpress/44551/hacking/pawn-storm-linux-fysbis-t…
*** Mazar: Forscher warnen vor mächtiger Android-Malware ***
---------------------------------------------
Verwendet Tor-Netzwerk um Spuren zu verwischen - Kann volle Kontrolle �bernehmen, braucht aber reichlich Mitarbeit der Nutzer
---------------------------------------------
http://derstandard.at/2000031296473
*** OceanLotus for OS X - an Application Bundle Pretending to be an Adobe Flash Update ***
---------------------------------------------
In May 2015, researchers at Qihoo 360 published a report on OceanLotus that included details about malware targeting Chinese infrastructure. In that report, there is a description about a piece of malware that targets OS X systems. A sample of that malware was uploaded to VirusTotal a few months ..
---------------------------------------------
https://www.alienvault.com/open-threat-exchange/blog/oceanlotus-for-os-x-an…
*** [HTB23284]: RCE via CSRF in osCommerce ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered vulnerability in popular e-commerce software osCommerce with 280,000 store owners (according to the vendor). The vulnerability can be exploited to execute arbitrary PHP code on the remote system, compromise the vulnerable web application, its database and even the web server and related environment.
---------------------------------------------
https://www.htbridge.com/advisory/HTB23284
*** [HTB23291]: SQL Injection in webSPELL ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered two vulnerabilities in a popular CMS webSPELL developed for the needs of esport related communities. The vulnerability allows a remote authenticated attacker with cashbox access privileges to execute arbitrary SQL commands ..
---------------------------------------------
https://www.htbridge.com/advisory/HTB23291
*** The Dridex Banking Trojan ***
---------------------------------------------
Dridex is a generation of banking trojans, one of the most prominent threats for companies. A banking trojan basically is malicious software (malware) that tries to obtain confidential information from your computer system, targetting specifically online banking and payment systems. The Dridex trojan is equipped to steal all data necessary for fraudulent activities.
---------------------------------------------
http://www.techknow.one/forum/index.php?topic=9346
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 15-02-2016 18:00 − Dienstag 16-02-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** More Multi-Architecture IoT Malware, (Mon, Feb 15th) ***
---------------------------------------------
Attackers have problems too: Attacks against Internet of Things (IoT) devices are simple (as in log in...), but the attacker never knows what kind of architecture they may hit. IoT devices often go beyond the standard x86 architecture we are used to on our servers and workstations. What I typically see ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20731
*** Password cracking attacks on Bitcoin wallets net $103,000 ***
---------------------------------------------
Hackers have siphoned about $103,000 out of Bitcoin accounts that were protected with an alternative security measure, according to research that tracked six years' worth of transactions. Account-holders used easy-to-remember passwords to protect their accounts instead of the long cryptographic keys normally required.
---------------------------------------------
http://arstechnica.com/security/2016/02/password-cracking-attacks-on-bitcoi…
*** Cisco Emergency Responder Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco IOS Software for Cisco Industrial Ethernet 2000 Series Switches Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Exploiting (pretty) blind SQL injections, (Mon, Feb 15th) ***
---------------------------------------------
Although a lot has been written about SQL injection vulnerabilities, they can still be found relatively often. In most of the cases Ive seen in last couple of years, I had to deal with blind SQL injection vulnerabilities. Typically, ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20733
*** VoIP phones can be turned into spying or money-making tools ***
---------------------------------------------
A security vulnerability present in many enterprise-grade VoIP phones can easily be exploited by hackers to spy on employees and management, says security consultant Paul Moore. In a less dangerous attack alternative, these compromised devices can also be made to covertly place calls to premium ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/02/16/voip-phones-can-turned-spying-mo…
*** Ransomware: Neben deutschen Krankenhäusern auch US-Klinik von Virus lahmgelegt ***
---------------------------------------------
Nicht nur in Deutschland kämpfen Krankenhäuser immer wieder gegen Verschlüsselungstrojaner. In Los Angeles ist eine Klinik seit mehr als einer Woche lahmgelegt. Die Programmierer fordern angeblich mehr als 3 Millionen US-Dollar Lösegeld.
---------------------------------------------
http://heise.de/-3103733
*** "Fake President": E-Mail-Betrüger erleichtern Konzerne um Millionenbeträge ***
---------------------------------------------
Vorstands-Accounts und machen ahnungslose Buchhalter zu ihren Komplizen
---------------------------------------------
http://derstandard.at/2000031179980
*** Geldautomaten: Skimming an der Netzwerkbuchse ***
---------------------------------------------
Skimming ist ein bekanntes Problem - Kriminelle verwenden nachgebaute Tastaturfelder und Magnetkartenleser, um Kundendaten an Geldautomaten zu kopieren. Jetzt warnt der Hersteller NCR vor neuen Gefahren.
---------------------------------------------
http://www.golem.de/news/geldautomaten-skimming-an-der-netzwerkbuchse-1602-…
*** USN-2855-2: Samba regression ***
---------------------------------------------
Ubuntu Security Notice USN-2855-216th February, 2016samba regressionA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryUSN-2855-1 introduced a regression in ..
---------------------------------------------
http://www.ubuntu.com/usn/usn-2855-2/
*** Erpressungs-Trojaner Locky schlägt offenbar koordiniert zu ***
---------------------------------------------
Locky lauerte vermutlich bereits eine Weile auf den infizierten Systemen, ehe es am vergangenen Montag zeitgleich bei mehreren Opfern mit der Verschlüsselung persönlicher Dateien begonnen hat.
---------------------------------------------
http://heise.de/-3104069
*** Stuxnet angeblich Teil eines größeren Angriffs auf kritische Infrastruktur des Iran ***
---------------------------------------------
Dass die USA und Israel hinter Stuxnet steckten, um Irans Atomprogramm zu stören, gilt mittlerweile als gesichert. Ein neuer Dokumentarfilm behauptet nun, dass der Cyber-Wurm Teil eines viel größeren Programms war, das den ganzen Iran lahmlegen sollte.
---------------------------------------------
http://heise.de/-3104957
*** TYPO3 CMS 6.2.18 and 7.6.3 released ***
---------------------------------------------
Both versions are maintenance releases and contain bug and security fixes. In case the extension compatibility6 is used, please make sure to upgrade to version 7.6.2.
---------------------------------------------
https://typo3.org/news/article/typo3-cms-6218-and-763-released/
*** Glibc: Sicherheitslücke gefährdet fast alle Linux-Systeme ***
---------------------------------------------
Eine schwerwiegende Sicherheitslücke klafft in der Glibc-Bibliothek, die in fast allen Linux-Systemen genutzt wird: Eine DNS-Funktion erlaubt die Ausführung von bösartigem Code. Nutzer sollten schnellstmöglich Updates installieren.
---------------------------------------------
http://www.golem.de/news/glibc-sicherheitsluecke-gefaehrdet-fast-alle-linux…
*** CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow ***
---------------------------------------------
The glibc project thanks the Google Security Team and Red Hat for reporting the security impact of this issue, and Robert Holiday of Ciena for reporting the related bug 18665.
---------------------------------------------
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 12-02-2016 18:00 − Montag 15-02-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** A Look Behind The Skype Malvertising Campaign ***
---------------------------------------------
As reported by F-Secure, a recent malvertising campaign has been hitting several top publishers to push the Angler exploit kit and install the TeslaCrypt ransomware, according to the Finnish company. Some of these infections happened via Skype, which displays ad banners within its product.
---------------------------------------------
https://blog.malwarebytes.org/malvertising-2/2016/02/a-look-behind-the-skyp…
*** Fake SUPEE-5344 Patch Steals Payment Details ***
---------------------------------------------
In case you don't know, SUPEE-5344 is an official security patch to the infamous Magento shoplift bug. That bug allows bad actors to obtain admin access to vulnerable Magento sites. While the patch was released February 2015 many sites unfortunately did ..
---------------------------------------------
https://blog.sucuri.net/2016/02/fake-supee-5344-patch-steals-payment-detail…
*** VMware VMSA-2015-0007.3 has been Re-released, (Sat, Feb 13th) ***
---------------------------------------------
VMware has re-issue VMSA-2015-0007.3 today after they found an earlier fix for CVE-2016-2342 was incomplete. Affected ESXi versions are: 5.0, 5.1 and 5.5. Advisory can be ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20727
*** Critical Fixes Issued for Windows, Java, Flash ***
---------------------------------------------
Microsoft Windows users and those with Adobe Flash Player or Java installed, its time to update again! Microsoft released 13 updates to address some three dozen unique security vulnerabilities. Adobe issued security updates for its Flash Player software that plugs at least 22 security holes in the widely-used browser plugin. Meanwhile, Oracle issued an unscheduled security fix for Java, its second security update for Java in as many weeks.
---------------------------------------------
http://krebsonsecurity.com/2016/02/criticial-fixes-issued-for-windows-java-…
*** Verschlüsselungs-Trojaner: mp3-Variante von TeslaCrypt ***
---------------------------------------------
Leser gaben der Redaktion Hinweise auf verschlüsselte Dateien mit der Endung .mp3. Die scheint eine neue Variante des Verschlüsselungs-Trojaners TeslaCrypt zu erzeugen.
---------------------------------------------
http://heise.de/-3101992
*** DSA-3477 iceweasel - security update ***
---------------------------------------------
Holger Fuhrmannek discovered that missing input sanitising in theGraphite font rendering engine could result in the execution of arbitrarycode.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3477
*** Nigerianischer Astronaut im All verloren: Spam begeistert Netz ***
---------------------------------------------
Nutzer können angeblich ein Investment von drei Millionen Dollar verdoppeln
---------------------------------------------
http://derstandard.at/2000031110981
*** IT-Sicherheit: Immer mehr komplexe Angriffe auf Firmen ***
---------------------------------------------
Neuer Cybersicherheits-Bericht zeigt erhöhte Gefahrenlage im Internet
---------------------------------------------
http://derstandard.at/2000031119634
*** Mazar Bot Actively Targeting Android Devices ***
---------------------------------------------
Researchers at Heimdal Security report public attacks against Android devices using the Mazar bot, which was advertised months ago in a Russian cybercrime forum.
---------------------------------------------
http://threatpost.com/mazar-bot-actively-targeting-android-devices/116240/
*** Update auf Version 1.17: Veracrypt soll jetzt doppelt so schnell sein ***
---------------------------------------------
Veracrypt ist einer der beliebtesten Nachfolger des eingestellten Truecrypt - ein Update bringt jetzt neue Funktionen. Ausserdem soll das Laden von Containern deutlich schneller vonstattengehen - bislang einer der grössten Kritikpunkte ..
---------------------------------------------
http://www.golem.de/news/update-auf-version-1-17-veracrypt-soll-jetzt-doppe…
*** Virus legte Krankenhaus in Deutschland lahm ***
---------------------------------------------
"Befunde mussten persönlich, per Telefon oder Fax übermittelt werden"
---------------------------------------------
http://derstandard.at/2000031136914
*** [R1] Nessus < 6.5.5 Multiple Vulnerabilities ***
---------------------------------------------
http://www.tenable.com/security/tns-2016-02
*** Reflecting on Recent iOS and Android Security Updates ***
---------------------------------------------
The last thirty days proven to be yet another exciting time for the mobile security ecosystem. Apple and Google released updates for their respective mobile operating systems that fix several critical issues - including some in the kernel that may be exploited remotely.
---------------------------------------------
https://blog.zimperium.com/reflecting-on-recent-ios-and-android-security-up…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 11-02-2016 18:00 − Freitag 12-02-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** SC Congress: "flakey kettles and dolls that swear at you" ***
---------------------------------------------
Ken Munro, managing director of Pen Test Partners, showed the SC Congress just how easy it is to crack a whole range of IoT nonsense
---------------------------------------------
http://www.scmagazine.com/sc-congress-flakey-kettles-and-dolls-that-swear-a…
*** Determining Physical Location on the Internet ***
---------------------------------------------
Interesting research: "CPV: Delay-based Location Verification for the Internet": Abstract: The number of location-aware services over the Internet continues growing. Some of these require the clients geographic location for security-sensitive applications. Examples include location-aware authentication, location-aware access policies, fraud prevention, complying with media licensing, and regulating online gambling/voting. An adversary can evade existing geolocation techniques, e.g.,...
---------------------------------------------
https://www.schneier.com/blog/archives/2016/02/determining_phy.html
*** New Trojan threatens users' bank accounts ***
---------------------------------------------
February 12, 2016 Banking Trojans are considered to be one of the most dangerous threats. Not only they have a complex architecture but they are also capable to perform a wide variety of functions. Yet, some attackers do not disdain to contrive rather primitive malicious programs such as, for example, Trojan.Proxy2.102, which was examined by Doctor Web specialists. Trojan.Proxy2.102 steals money from victims' bank accounts using the following method. Once launched, it installs a root...
---------------------------------------------
http://news.drweb.com/show/?i=9840&lng=en&c=9
*** Vermehrte Scans und Workarounds zu Ciscos ASA-Lücke ***
---------------------------------------------
Die Angreifer sammeln offenbar bereits aktiv Informationen zu möglicherweise verwundbaren Systemen, während die Verteidiger noch mit den Tücken des Updates kämpfen.
---------------------------------------------
http://heise.de/-3100443
*** Download.com and Others Bundle Superfish-Style HTTPS Breaking Adware ***
---------------------------------------------
It's a scary time to be a Windows user. Lenovo was bundling HTTPS-hijacking Superfish adware, Comodo ships with an even worse security hole called PrivDog, and dozens of other apps like LavaSoft are doing the same. It's really bad, but if you want your encrypted web sessions to be hijacked just head to CNET Downloads or any freeware site, because they are all bundling HTTPS-breaking adware now.
---------------------------------------------
http://www.howtogeek.com/210265/download.com-and-others-bundle-superfish-st…
*** How to Avoid Potentially Unwanted Programs ***
---------------------------------------------
We've come up with a PUPs cheat sheet that businesses can use to train IT staff and users. A little PUPs awareness, if you will. Read on to learn more about how you get PUPs, Categories: Online SecurityTags: avoidpotentially unwanted programsPUP(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/online-security/2016/02/how-to-avoid-potentia…
*** How to use the traffic light protocol - TLP ***
---------------------------------------------
The TLP or Traffic Light Protocol is a set of designations designed to help sharing of sensitive information. It has been widely adopted in the CSIRT and security community. The originator of the information labels the information with one of four colours. These colours indicate what further dissemination, if any, can be undertaken by the recipient. Note that the colours only mark the level of dissemination, not the sensitivity level (although they often align).
---------------------------------------------
https://www.vanimpe.eu/2015/08/21/use-traffic-light-protocol-tlp/
*** D-Link DSL-2750B Remote Command Execution ***
---------------------------------------------
Topic: D-Link DSL-2750B Remote Command Execution Risk: High Text:After some playing around Ive noticed something interesting during login phase: by sending wrong credentials, user is redirec...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016020128
*** Sophos UTM 9 Cross Site Scripting ***
---------------------------------------------
Topic: Sophos UTM 9 Cross Site Scripting Risk: Low Text: -- Vendor: -- Sophos (https://www.sophos.com) -- Affected Products/Versions: -- Produc...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016020117
*** ASUS Router Administrative Interface Exposure ***
---------------------------------------------
Topic: ASUS Router Administrative Interface Exposure Risk: Low Text:Asus wireless routers running ASUSWRT firmware (in other words, anything with an RT- in the model name) have a design flaw in w...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016020116
*** ZCM 11.3.x - Fix for CVE-2015-5970 ZCM ZENworks ChangePassword XPath Injection Information Disclosure Vulnerability - See TID 7017240 ***
---------------------------------------------
Abstract: Vulnerability overview: CVE-2015-5970 An XPath injection exists in the ChangePassword RPC method implementation. By combining this with an entity reference to a file on the appliance, an attacker can exfiltrate arbitrary text files from the vulnerable device.This issue has been found and reported by cpnrodzc7 working with HPs Zero Day Initiative (ZDI-CAN-3136). Patch overview: This patch contains the necessary files and installation information to correct the below issue on ZCM 11.3.x
---------------------------------------------
https://download.novell.com/Download?buildid=vt0EO0DgaX8~
*** ZCM 11.4.x - Fix for CVE-2015-5970 ZCM ZENworks ChangePassword XPath Injection Information Disclosure Vulnerability - See TID 7017240 ***
---------------------------------------------
Abstract: Vulnerability overview: CVE-2015-5970 An XPath injection exists in the ChangePassword RPC method implementation. By combining this with an entity reference to a file on the appliance, an attacker can exfiltrate arbitrary text files from the vulnerable device.This issue has been found and reported by cpnrodzc7 working with HPs Zero Day Initiative (ZDI-CAN-3136). Patch overview: This patch contains the necessary files and installation information to correct the below issue on ZCM 11.4.x
---------------------------------------------
https://download.novell.com/Download?buildid=SOM6P0NdZ5U~
*** PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1035005
*** DFN-CERT-2016-0260: Mozilla Firefox, Firefox ESR: Zwei Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0260/
*** DFN-CERT-2016-0263: Cacti: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0263/
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 10-02-2016 18:00 − Donnerstag 11-02-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Critical bug found in Cisco ASA products, attackers are scanning for affected devices ***
---------------------------------------------
Several Cisco Adaptive Security Appliance (ASA) products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code exec...
---------------------------------------------
http://www.net-security.org/secworld.php?id=19427
*** Some notes on VirusTotal. ***
---------------------------------------------
Many of you are probably familiar with VirusTotal, a service that allows you to scan a file or URL using multiple antivirus and URL scanners. VirusTotal results are often used in write-ups about...read moreThe post Some notes on VirusTotal. appeared first on Webroot Threat Blog.
---------------------------------------------
http://www.webroot.com/blog/2016/02/09/some-notes-on-virustotal/
*** Seo-moz.com SEO Spam Campaign ***
---------------------------------------------
Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisements by linking visitors to unwanted websites and stuffing spam keywords into the site. These links and keywords help the spam websites to rank higher in search engines like Google, sending evenRead More The post Seo-moz.com SEO Spam Campaign appeared first on Sucuri Blog.
---------------------------------------------
https://blog.sucuri.net/2016/02/seo-moz-com-seo-spam-campaign.html
*** Malvertising Via Skype Delivers Angler ***
---------------------------------------------
A recent malvertising campaign shows that platforms that display ads, even when they are not necessarily the browser, are not immune to the attack. An example of a popular non-browser application that shows ads is Skype. These images would be familiar to avid Skype users. This did not really bother us much until last night, when we...
---------------------------------------------
https://labsblog.f-secure.com/2016/02/10/malvertising-via-skype-delivers-an…
*** Tomcat IR with XOR.DDoS, (Thu, Feb 11th) ***
---------------------------------------------
Apache Tomcat is a java based web service that is used for different applications. While you may have it running in your environment, you may not be familiar with its workings to provide adequate incident response "> "> ">0 S root 31847 1 0 80 0 - 1124641 futex_ 2015 ? 02:36:33 /usr/bin/java -classpath /usr/share/apache-tomcat-7.0.65/bin/bootstrap.jar ">Here you can see that it is running from /usr/share/apache-tomcat-7.0.65. ">The Tomcat configurations
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20721&rss
*** Building automation systems are so bad IBM hacked one for free ***
---------------------------------------------
Remote sites owned as router, controller and server all fall to pen-test team An IBM-led penetration testing team has thoroughly owned an enterprise building management network in a free assessment designed to publicise the horrid state of embedded device security.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/02/11/building_au…
*** How Malware Detects Virtualized Environment, and its Countermeasures - An Overview ***
---------------------------------------------
Virtual Machines are usually considered a good way to analyze malware as they can provide an isolated environment for the malware to trigger but their actions can be controlled and intercepted. However, modern age malware detects their environment in which they are running, and if they detect they are running in VM, they sustain their...
---------------------------------------------
http://resources.infosecinstitute.com/how-malware-detects-virtualized-envir…
*** DFN-CERT-2016-0252: Cisco Adaptive Security Appliance Software: Eine Schwachstelle ermöglicht die Übernahme der Systemkontrolle ***
---------------------------------------------
Eine Schwachstelle in der Cisco Adaptive Security Appliances Software ermöglicht einem entfernten, nicht authentifizierten Angreifer beliebigen Programmcode auszuführen und so die Kontrolle über ein betroffenes System zu übernehmen, auch ist die Durchführung eines Denial-of-Service-Angriffs möglich.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0252/
*** ZDI-16-163: Dell SonicWALL GMS Virtual Appliance Deserialization of Untrusted Data Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-163/
*** ZDI-16-164: Dell SonicWALL GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL GMS Virtual Appliance. Authentication is required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-164/
*** Cisco Spark Representational State Transfer Interface Information Disclosure Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Spark Representational State Transfer Interface Unauthorized Access Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Spark Representational State Transfer Interface Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Advanced Malware Protection and Email Security Appliance Proxy Engine Security Bypass Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates ***
---------------------------------------------
A number of vulnerabilities have been identified in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway that could allow a malicious, unprivileged user to perform privileged operations or execute commands.
---------------------------------------------
https://support.citrix.com/article/CTX206001
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in libssh2 affects PowerKVM (CVE-2015-1782) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023318
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in curl affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023307
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects Tivoli Storage Manager Operations Center and Tivoli Storage Manager Client Management Service (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976362
---------------------------------------------
*** IBM Security Bulletin:Security Bulletin: Vulnerability in IBM Java Runtime affect AppScan Source (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976569
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in cpio affects PowerKVM (CVE-2014-9112) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023298
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Linux Kernel affects PowerKVM (CVE-2016-0728) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023279
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in OpenSSL affects IBM Netezza Platform Software clients (CVE-2015-3194) ***
http://www.ibm.com/support/docview.wss?uid=swg21976419
---------------------------------------------
*** IBM Security Bulletin: IBM Sterling Order Management is affected by Apache Commons Collections security vulnerabilities (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21975793
---------------------------------------------
*** IBM Security Bulletin: Cross-site scripting vulnerability in Liberty for Java for IBM Bluemix (CVE-2015-7417) ***
http://www.ibm.com/support/docview.wss?uid=swg21976218
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM JAVA Runtime affect AppScan Source (CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21976159
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 09-02-2016 18:00 − Mittwoch 10-02-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Fast Flux Bot Nets and Fluxer - Part 1 ***
---------------------------------------------
This time well start a two-parter on fast flux bot nets including the concept of domain generation algorithms.
---------------------------------------------
http://www.scmagazine.com/fast-flux-bot-nets-and-fluxer--part-1/article/473…
*** DMA Locker Strikes Back ***
---------------------------------------------
A few days ago we published a post about a new ransomware - DMA Locker (read more here). At that time, it was using a pretty simple way of storing keys. Having the original sample was enough to recover files. Unfortunately, the latest version (discovered February 8th) comes with several improvements and RSA key. Let's...
---------------------------------------------
https://blog.malwarebytes.org/news/2016/02/dma-locker-strikes-back/
*** Linode SSH key blunder left virtual servers open to man-in-the-middle fiddles for months ***
---------------------------------------------
Regen your keys ASAP Web hosting biz Linode broke the security in its customers virtual machines, allowing attackers to eavesdrop on SSH connections and hijack them.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/02/09/linode_ssh_…
*** Skimmers Hijack ATM Network Cables ***
---------------------------------------------
If you have ever walked up to an ATM to withdraw cash only to decide against it after noticing a telephone or ethernet cord snaking from behind the machine to a jack in the wall, your paranoia may not have been misplaced: ATM maker NCR is warning about skimming attacks that involve keypad overlays, hidden cameras and skimming devices plugged into the ATM network cables to intercept customer card data.
---------------------------------------------
http://krebsonsecurity.com/2016/02/skimmers-hijack-atm-network-cables/
*** Patchday: Microsoft stopft 6 kritische Lücken, lässt alte Internet-Explorer-Versionen im Regen stehen ***
---------------------------------------------
Es ist wieder einmal Zeit zum Updaten für Microsoft-Anwender. Wer noch ältere Versionen des Internet Explorer im Einsatz hat, muss jetzt schleunigst handeln.
---------------------------------------------
http://heise.de/-3098499
*** The history of Cryptowall: a large scale cryptographic ransomware threat ***
---------------------------------------------
This tracker focusses on tracking the development changes in the CryptoWall ransomware, it does not attempt to track every single CryptoWall sample that exists. It simply exists to track the family in a more higher level fashion, a few samples will be listed next to specific versions just for reference rather than bulk collection. The timeline below shows the development track of CryptoWall when new versions were first seen. Below the timeline you will find an overview.
---------------------------------------------
https://www.cryptowalltracker.org/
*** Sparkle-Installer: Gatekeeper-Sicherung für Macs lässt sich umgehen ***
---------------------------------------------
Viele App-Entwickler für Mac nutzen das Sparkle-Framwork für praktische Auto-Updates - und machen damit zahlreiche Mac-Programme angreifbar. Betroffen sind nicht nur VLC und uTorrent.
---------------------------------------------
http://www.golem.de/news/man-in-the-middle-angriff-sparkle-installer-macht-…
*** Cracking Damn Insecure and Vulnerable App (DIVA) - part 5: ***
---------------------------------------------
In the first four articles, we have discussed solutions for the first eleven challenges in DIVA. In this last article of this series, we will discuss the remaining two challenges that are related to native code. In case if you missed the previous articles in this series, here are the links. http://resources.infosecinstitute.com/cracking-damn-insecure-and-vulnerable…http://resources.infosecinstitute.com/cracking-damn-insecure-and-vulnerable…
---------------------------------------------
http://resources.infosecinstitute.com/cracking-damn-insecure-and-vulnerable…
*** Hijacking forgotten & misconfigured subdomains ***
---------------------------------------------
Its been a while since my last blog post, so I decided to release a new tool. I think that we need more articles about "DNS hacking", I hope that you will learn something new here.
---------------------------------------------
http://www.xexexe.cz/2016/02/hijacking-forgotten-misconfigured.html
*** Network forensic analysis tool NetworkMiner 2.0 released ***
---------------------------------------------
NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. ...
---------------------------------------------
http://www.net-security.org/secworld.php?id=19421
*** MSRT February 2016 ***
---------------------------------------------
The February release of the Microsoft Malicious Software Removal Tool (MSRT) includes updated detections for the following malware families: Bladabindi Gamarue Sality Kelihos Diplugem​​ The updates include detections for the latest variants from these malware families. There were no new malware families added to the MSRT this month. The MSRT works in tandem with real-time...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/02/09/msrt-february-2016/
*** MS16-FEB - Microsoft Security Bulletin Summary for February 2016 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-FEB
*** Deception: Shine Bright Like a Diamond ***
---------------------------------------------
***German Summary: Projektpläne, Designs, Kundendaten: Die Kronjuwelen eines jeden Unternehmens gehören vor Cyberkriminellen unter allen Umständen versteckt - oder? Werfen Sie den Ködern aus, denn jetzt täuschen die Guten! Deception ("Täuschung") lautet der neue Cyber-Security-Ansatz, der nach Schätzungen des renommierten Marktforschungsunternehmens Gartner bereits 2018 in rund 10 % aller Unternehmen zum Einsatz kommen wird. Virtuelle Fallen...
---------------------------------------------
http://blog.sec-consult.com/2016/02/deception-shine-bright-like-diamond.html
*** Tollgrade SmartGrid Sensor Management System Software Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for vulnerabilities in Tollgrade Communications, Inc.'s SmartGrid LightHouse Sensor Management System (SMS) Software EMS.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-040-01
*** Bugtraq: Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537490
*** Bugtraq: ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537489
*** Bugtraq: dotDefender Firewall CSRF ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537491
*** [2016-02-10] Yeager CMS multiple vulnerabilities ***
---------------------------------------------
Yeager CMS suffers from multiple critical security issues including multiple SQL injections, arbitrary file upload, server-side request forgery and non-permanent cross-site scripting vulnerabilities. Unauthenticated attackers are able to compromise Yeager CMS in both application and database levels.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016…
*** DFN-CERT-2016-0237: Horde Application Framework: Zwei Schwachstellen ermöglichen einen Cross-Site-Scripting-Angriff ***
---------------------------------------------
09.02.2016
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0237/
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Prime Collaboration Provisioning Local Privilege Escalation Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Application Policy Infrastructure Controller Enterprise Module Web Framework Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Video Communications Server Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Unified Products Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Unified Communications Manager Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect Liberty for Java for IBM Bluemix January 2016 CPU (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448) ***
http://www.ibm.com/support/docview.wss?uid=swg21976217
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Security SiteProtector System (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976042
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Manager (FSM) (CVE-2016-0777, CVE-2016-0778) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023319
---------------------------------------------
*** IBM Security Bulletin: IBM Pure Power Integrated Manager (PPIM) is affected by vulnerabilities in ntp (CVE-2014-9750, CVE-2014-9751) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023291
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Pure Power Integrated Manager (PPIM) (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023292
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects Watson Explorer (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21974808
---------------------------------------------
*** IBM Security Bulletin: IBM Netezza SQL Extensions is vulnerable to an OpenSource PCRE Vulnerability (CVE-2015-8380, CVE-2015-8382, CVE-2015-8391) ***
http://www.ibm.com/support/docview.wss?uid=swg21976124
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities identified in IBM Java SDK affect WebSphere Service Registry and Repository Studio (CVE-2015-4872, CVE-2015-4911, CVE-2015-4893, CVE-2015-4803) ***
http://www.ibm.com/support/docview.wss?uid=swg21971058
---------------------------------------------
*** IBM Security Bulletin: A libxml vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-1819) ***
http://www.ibm.com/support/docview.wss?uid=swg21976393
---------------------------------------------
*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Mobile (CVE-2014-8121) ***
http://www.ibm.com/support/docview.wss?uid=swg21976290
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in nss-softokn affects IBM Security Access Manager for Mobile (CVE-2015-2730) ***
http://www.ibm.com/support/docview.wss?uid=swg21976295
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by an OpenSSH vulnerability (CVE-2008-5161) ***
http://www.ibm.com/support/docview.wss?uid=swg21976082
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by multiple NTP vulnerabilities ***
http://www.ibm.com/support/docview.wss?uid=swg21975967
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM MQ Light (CVE-2015-3197) ***
http://www.ibm.com/support/docview.wss?uid=swg21976345
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVS-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21975832
---------------------------------------------
*** IBM Security Bulletin: A Security Vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis ***
http://www.ibm.com/support/docview.wss?uid=swg21975544
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in cURL and libcURL affect IBM Security Access Manager (CVE-2014-3613, CVE-2014-8150) ***
http://www.ibm.com/support/docview.wss?uid=swg21974736
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM MQ Light (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976341
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 08-02-2016 18:00 − Dienstag 09-02-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Gate To Nuclear EK Uses Fake CloudFlare DDoS Check ***
---------------------------------------------
This rogue CloudFlare page hides a malicious payload. Categories: ExploitKits Tags: cloudflareEKNuclear(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/exploitkits/2016/02/gate-to-nuclear-ek-uses-f…
*** Patching Complex Web Vulnerabilities Using ModSecurity WAF ***
---------------------------------------------
In this blog post we will demonstrate complicated examples of common web application vulnerabilities, and see how they can be mitigated with ModSecurity WAF.
---------------------------------------------
https://www.htbridge.com/blog/patching-complex-web-vulnerabilities-using-mo…
*** Its 2016 and a font file can own your computer ***
---------------------------------------------
Libgraphite font library buggy and vulnerable in Firefox, Thunderbird, WordPad and more says Talos Cisco-owned Talos has announced a bunch of font library bugs present in apps running on Windows and Linux, affecting client and-server-side machines.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/02/09/libgraphite…
*** Power Grid Honeypot Puts Face on Attacks ***
---------------------------------------------
Researchers from MalCrawler built a honeypot mimicking an electronic management system at the heart of a power grid, exposing attackers' behavior once they have access to critical infrastructure systems.
---------------------------------------------
http://threatpost.com/power-grid-honeypot-puts-face-on-attacks/116217/
*** Russian hackers used malware to manipulate the Dollar/Ruble exchange rate ***
---------------------------------------------
Russian-language hackers have managed to break into Russian regional bank Energobank, infect its systems, and gain unsanctioned access to its trading system terminals, which allowed them to manipulat...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=3201
*** How to Hack the Power Grid Through Home Air Conditioners ***
---------------------------------------------
Researchers show how hackers can manipulate the remote on-off device installed on some air conditioners to cause a blackout.
---------------------------------------------
http://www.wired.com/2016/02/how-to-hack-the-power-grid-through-home-air-co…
*** (Not only) Oracle Java Windows installer vulnerable ***
---------------------------------------------
Oracle hat einen Out-of-Band Patch für Java 6, 7 und 8 für Windows veröffentlicht, mit dem eine Sicherheitslücke im Installationsprozess geschlossen wird. Es sind dazu bereits zahlreiche Medienberichte erschienen, in denen allerdings häufig die Tatsache ausser acht gelassen wird, dass es sich hier nicht um eine Java-spezifische Schwachstelle handelt. Das Problem - Stichwort "Binary Planting" -...
---------------------------------------------
http://www.cert.at/services/blog/20160209102305-1678.html
*** Security Bulletins Posted ***
---------------------------------------------
Security Bulletins for Adobe Photoshop and Bridge (APSB16-03), Flash Player (APSB16-04), Adobe Experience Manager (APSB16-05) and Adobe Connect (APSB16-07) have been published. Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant security bulletin. This...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1315
*** DSA-3472 wordpress - security update ***
---------------------------------------------
Two vulnerabilities were discovered in wordpress, a web blogging tool.The Common Vulnerabilities and Exposures project identifies thefollowing problems:
---------------------------------------------
https://www.debian.org/security/2016/dsa-3472
*** DSA-3471 qemu - security update ***
---------------------------------------------
Several vulnerabilities were discovered in qemu, a full virtualizationsolution on x86 hardware.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3471
*** DSA-3470 qemu-kvm - security update ***
---------------------------------------------
Several vulnerabilities were discovered in qemu-kvm, a fullvirtualization solution on x86 hardware.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3470
*** DSA-3469 qemu - security update ***
---------------------------------------------
Several vulnerabilities were discovered in qemu, a full virtualizationsolution on x86 hardware.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3469
*** USN-2880-2: Firefox regression ***
---------------------------------------------
Ubuntu Security Notice USN-2880-28th February, 2016firefox regressionA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryUSN-2880-1 introduced a regression in Firefox.Software description firefox - Mozilla Open Source web browser DetailsUSN-2880-1 fixed vulnerabilities in Firefox. This update introduced aregression which caused Firefox to crash on startup with some configurations.This update fixes the problem.We apologize
---------------------------------------------
http://www.ubuntu.com/usn/usn-2880-2/