=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 22-01-2016 18:00 − Montag 25-01-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** ZDI-16-023: Oracle GoldenGate Veridata File Upload Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GoldenGate. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-023/
*** Hospira Multiple Products Buffer Overflow Vulnerability ***
---------------------------------------------
Jeremy Richards of SAINT Corporation has identified a buffer overflow vulnerability in Hospira's LifeCare PCA Infusion System. Hospira has determined that LifeCare PCA Infusion Systems released prior to July 2009 that are running Communication Engine (CE) Version 1.0 or earlier are vulnerable. In response to Jeremy ..
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02
*** Security Advisory: Stored XSS in Magento ***
---------------------------------------------
During our regular research audits for our Cloud-based WAF, we discovered a Stored XSS vulnerability affecting the Magento platform that can be easily exploited remotely. We notified the Magento team and worked with them to get it fixed.
---------------------------------------------
https://blog.sucuri.net/2016/01/security-advisory-stored-xss-in-magento.html
*** 'Deliberate' Backdoor Removed From Secure Conferencing Gear ***
---------------------------------------------
AMX, a provider of audio-visual conferencing gear used in sensitive government and military locations, has removed a 'deliberate' backdoor in one of its central controller system products.
---------------------------------------------
http://threatpost.com/deliberate-backdoor-removed-from-secure-conferencing-…
*** Rsync Symlink Path Validation Flaw Lets Remote Users Write Files on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1034786
*** JavaScript Backdoor ***
---------------------------------------------
Casey Smith recently shared his research on twitter, which is to reverse HTTP Shell by using JavaScript. I found it rather interesting and further analyzed this technique.
---------------------------------------------
http://en.wooyun.io/2016/01/18/JavaScript-Backdoor.html
*** Snowden enttarnt falsche "Krypto-Mail" in IS-Video ***
---------------------------------------------
Terrororganisation hatte in Botschaft mit weiteren Angriffen gedroht
---------------------------------------------
http://derstandard.at/2000029688150
*** Fortinet: Mehr Hintertüren, mehr Patches ***
---------------------------------------------
Erst in der vergangenen Woche war bekanntgeworden, dass einige Fortinet-Firewall-Produkte einen Zugang mit Standardpasswörtern ermöglichen. Jetzt hat das Unternehmen seine eigenen Produkte analysiert - und weitere verwundbare Geräte gefunden.
---------------------------------------------
http://www.golem.de/news/fortinet-mehr-hintertueren-mehr-patches-1601-11872…
*** CVE-2015-8651 (Flash up to 20.0.0.228/235) and Exploit Kits ***
---------------------------------------------
http://malware.dontneedcoffee.com/2016/01/cve-2015-8651.html
*** Multi-Faktor-Authentifizierung: Neue vPro-Generation bringt Intel Authenticate ***
---------------------------------------------
Mit der sechsten Generation des Core i (Skylake) und dem Start der entsprechenden Geschäftskundenplattform will Intel nun verstärkt auch Sicherheitslösungen in vPro anbieten. Eine betriebssystemunabhängige Firmware und direktes Ansprechen der Grafikkarte sollen Keylogger chancenlos lassen.
---------------------------------------------
http://www.golem.de/news/multi-faktor-authentifizierung-neue-vpro-generatio…
*** RSA Conference disables Twitter password-collecting form ***
---------------------------------------------
After a storm of criticism and shaming over the blurb-tweeting feature, the organizers said that they had used OAuth and hadnt collected passwords.
---------------------------------------------
https://nakedsecurity.sophos.com/2016/01/25/rsa-conference-disables-twitter…
*** Linux kernel : Denial of service with specially crafted key file. ***
---------------------------------------------
An issue with ASN1.1 DER decoder was reported that a specially created key can lead to a kernel panic via x509 certificate DER signature parsing.
---------------------------------------------
http://www.openwall.com/lists/oss-security/2016/01/25/2
*** Sicherheitspatches: Angreifer können Webseiten mit Magento-Shop kapern ***
---------------------------------------------
Magento sichert sein Shop-System ab. Dabei schließt der Anbieter zwei als kritisch eingestufte Lücken, über die Angreifer Admin-Sessions übernehmen können.
---------------------------------------------
http://heise.de/-3083645
*** Hard-Coded Password Found in Lenovo File-Sharing App ***
---------------------------------------------
Lenovos SHAREit file-sharing app for Windows and Android has been patched against vulnerabilities that put private data at risk.
---------------------------------------------
http://threatpost.com/hard-coded-password-found-in-lenovo-file-sharing-app/…
*** Hack Brief: Don't Be Trolled by This iPhone-Crashing Link Meme ***
---------------------------------------------
Pranksters are passing a link to "crashsafari.com" around social media, which immediately crashes iPhones and iPads.
---------------------------------------------
http://www.wired.com/2016/01/hack-brief-dont-be-trolled-by-this-iphone-cras…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 21-01-2016 18:00 − Freitag 22-01-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Scanning for Fortinet ssh backdoor, (Thu, Jan 21st) ***
---------------------------------------------
On 11 Jan, a Python script was posted on the full-disclosure mailing list that took advantage of a hardcoded ssh password in some older versions of various products from Fortinet (see complete list in Ref [1] below). Looking at our collected ssh data, weve seen an increase in scanning for those devices in the days since the revelation of the vulnerability. Nearly all of this scanning has come from two IPs in China (124.160.116.194 and 183.131.19.18). So if you...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20635&rss
*** Unknown attackers are infecting home routers via dating sites ***
---------------------------------------------
Damballa researchers have spotted an active campaign aimed at infecting as many home routers possible with a worm. A variant of the TheMoon worm, it works by taking advantage of a weakness in the H...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=3192
*** Security: Auch Kreditkarten mit Chip und PIN können kopiert werden ***
---------------------------------------------
Bislang war bekannt, dass Kreditkarten mit Magnetstreifen mit trivialen Mitteln kopierbar sind. Aktuelle Recherchen zeigen, dass auch Karten mit dem besser gesicherten Chip-und-PIN-Verfahren kopiert werden können - weil einige Banken schlampen.
---------------------------------------------
http://www.golem.de/news/security-auch-kreditkarten-mit-chip-und-pin-koenne…
*** Fraunhofer ESK: Skype ist Sicherheitsrisiko für Firmen ***
---------------------------------------------
Wissenschaftler des Fraunhofer-ESK-Instituts haben Microsofts Instant-Messaging-Dienst Skype untersucht und raten Firmen vom Einsatz ab. Vor allem wegen der Netzarchitektur und der Verschlüsselung haben sie Sicherheitsbedenken.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Fraunhofer-ESK-Skype-ist-Sicherheits…
*** Extracting pcap from memory , (Fri, Jan 22nd) ***
---------------------------------------------
I have talked many times about memory forensics and how useful its. In this diary I am going to talk about how to extract a pcap file from a memory image using bulk_extractor. Of course when we are extracting a pcap file from a memory image we are going to not have everything but there will be some remanence that can help in our investigation bulk_extractor is a computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20639&rss
*** Trojan.DNSChanger circumvents Powershell restrictions ***
---------------------------------------------
We take a close look at the functionality of a new variant of the DNS-changer adware family. Especially the use of encoded scripts as a way to bypass the Powershell execution protection.Categories: Security ThreatTags: adwarechangerdnsPieter Arntzpowershellrestrictedrestrictionstrojan(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/security-threat/2016/01/trojan-dnschanger-cir…
*** Citrix XenServer Security Update for CVE-2016-1571 ***
---------------------------------------------
A security vulnerability has been identified in Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host in certain deployments. This vulnerability affects all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1.
---------------------------------------------
https://support.citrix.com/article/CTX205496
*** Multiple Buffalo network devices vulnerable to cross-site scripting ***
---------------------------------------------
Multiple network devices provided by BUFFALO INC. contain a cross-site scripting vulnerability.
---------------------------------------------
http://jvn.jp/en/jp/JVN49225722/
*** Multiple Buffalo network devices vulnerable to cross-site request forgery ***
---------------------------------------------
Multiple network devices provided by BUFFALO INC. contain a cross-site request forgery vulnerability.
---------------------------------------------
http://jvn.jp/en/jp/JVN09268287/
*** DSA-3451 fuse - security update ***
---------------------------------------------
Jann Horn discovered a vulnerability in the fuse (Filesystem inUserspace) package in Debian. The fuse package ships an udev ruleadjusting permissions on the related /dev/cuse character device, makingit world writable.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3451
*** DFN-CERT-2016-0129: NTP: Eine Schwachstelle ermöglicht das Erlangen von Administratorrechten ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0129/
*** DFN-CERT-2016-0125: Red Hat JBoss Web Server: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe und das Umgehen von Sicherheitsvorkehrungen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0125/
*** USN-2879-1: rsync vulnerability ***
---------------------------------------------
Ubuntu Security Notice USN-2879-121st January, 2016rsync vulnerabilityA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryrsync could be made to write files outside of the expected directory.Software description rsync - fast, versatile, remote (and local) file-copying tool DetailsIt was discovered that rsync incorrectly handled invalid filenames. Amalicious server could use this issue to write files outside of...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2879-1/
*** CAREL PlantVisor Enhanced Authentication Bypass Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an authorization bypass vulnerability in CAREL's PlantVisor application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-021-01
*** Security Advisory: NTP vulnerabilities CVE-2015-5194 and CVE-2015-5195 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/02/sol02360853.html?…
*** Bugtraq: January 2016 - Bamboo - Critical Security Advisory ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537347
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 20-01-2016 18:00 − Donnerstag 21-01-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Asacub Android Trojan: Financial fraud and information stealing ***
---------------------------------------------
Asacub is a new malware that targets Android users for financial gain. When first identified, Asacub displayed all the signs of an information stealing malware; however, some versions of the Trojan ar...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=3190
*** TeslaCrypt Decrypted: Flaw in TeslaCrypt allows Victims to Recover their Files ***
---------------------------------------------
For a little over a month, researchers and previous victims have been quietly helping TeslaCrypt victims get their files back using a flaw in the TeslaCrypts encryption key storage algorithm. The information that the ransomware could be decrypted was being kept quiet so that that the malware developer would not learn about it and fix the flaw. Since the recently released TeslaCrypt 3.0 has fixed this flaw, we have decided to publish the information on how a victim could...
---------------------------------------------
http://www.bleepingcomputer.com/news/security/teslacrypt-decrypted-flaw-in-…
*** El Chapos Opsec ***
---------------------------------------------
Ive already written about Sean Penns opsec while communicating with El Chapo. Heres the technique of mirroring, explained: El chapo then switched to a complex system of using BBM (Blackberrys Instant Messaging) and Proxies. The way it worked was if you needed to contact The Boss, you would send a BBM text to an intermediary (who would spend his days...
---------------------------------------------
https://www.schneier.com/blog/archives/2016/01/el_chapos_opsec.html
*** Cyber fraudsters steal over $50 million from airplane systems manufacturer ***
---------------------------------------------
Austrian company FACC, which develops and produces components and systems made of composite materials for aircraft and aircraft engine manufacturers such as Boeing and Airbus, has been hit by hackers who managed to steal approximately 50 million euros (around $54,5 million).
---------------------------------------------
http://www.net-security.org/secworld.php?id=19356http://www.net-security.org/secworld.php?id=18808 (An emerging global threat: BEC scams hitting more and more businesses)
*** Linux-Root-Exploit: Android-Bedrohung überschaubar ***
---------------------------------------------
Ein Mitglied des Android-Sicherheitsteams geht davon aus, dass nur wenige Android-Versionen durch die lokale Rechtausweitungslücke im Linux-Kernel verwundbar sind. Ein Patch ist in Arbeit.
---------------------------------------------
http://heise.de/-3080760
*** Captive-Portals: Das iPhone verrät Cookies ***
---------------------------------------------
Die Nutzung von WLANs mit Captive-Portals kann für iPhone-Nutzer zur Sicherheitsgefahr werden. Einen entsprechenden Bug haben israelische Sicherheitsforscher gefunden. Apple hat die Sicherheitslücke mittlerweile behoben.
---------------------------------------------
http://www.golem.de/news/captive-portals-das-iphone-verraet-cookies-1601-11…
*** Deliberately hidden backdoor account in several AMX (HARMAN Professional) devices ***
---------------------------------------------
Your conference room, a watchful protector."AMX (www.amx.com) is part of the HARMAN Professional Division, and the leading brand for the business, education, and government markets for the company. As such, AMX is dedicated to integrating AV solutions for an IT World. AMX solves the complexity of managing technology with reliable, consistent and scalable systems comprising control and automation, system-wide switching and AV signal distribution, digital signage and technology management.
---------------------------------------------
http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in…
*** "Ermittlungen" ***
---------------------------------------------
"Ermittlungen" | 21. Jänner 2016 | Wir (mit Hut GovCERT) sind mal wieder vor Ort im Einsatz und helfen einer Organisation bei der Ursachenforschung und bei der Wiederherstellung der Services nach einem Sicherheitsvorfall. So weit so gut, dafür sind wir da, das ist unsere Aufgabe. Die Strafverfolgung ist aber definitiv nicht unsere Aufgabe. Das ist ganz klar und da behauptet auch keiner was anderes. Problematisch wird es dann, wenn Begriffe verwendet werden, die im normalen...
---------------------------------------------
http://www.cert.at/services/blog/20160121173915-1656.html
*** OpenVAS Greenbone Security Assistant Cross Site Scripting ***
---------------------------------------------
Topic: OpenVAS Greenbone Security Assistant Cross Site Scripting Risk: Low Text:Vulnerability information Date: 13th January 2016 Product: Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8 Vendor:...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016010133
*** Security Advisory: BIG-IP file validation vulnerability CVE-2015-8021 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/49/sol49580002.html?…
*** Security Advisory: SNTP vulnerability CVE-2015-5219 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/60/sol60352002.html?…
*** LiteSpeed Web Server Input Validation Flaw Lets Remote Users Inject HTTP Headers ***
---------------------------------------------
http://www.securitytracker.com/id/1034746
*** DFN-CERT-2016-0118: Moodle: Zwei Schwachstellen ermöglichen u.a. einen Cross-Site-Scripting-Angriff ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0118/
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 19-01-2016 18:00 − Mittwoch 20-01-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Survey shows many businesses aren't encrypting private employee data ***
---------------------------------------------
Many companies arent encrypting their own employees private data, according to a Sophos survey of IT decision makers in six countries.
---------------------------------------------
https://nakedsecurity.sophos.com/2016/01/19/survey-shows-many-businesses-ar…
*** Android Malware Steals Voice-Based Two-Factor Authentication Codes (January 13 and 18, 2016) ***
---------------------------------------------
Symantec has detected malware created for Android devices that steals single-use passcodes generated to add a layer of security to online banking authentication procedures...
---------------------------------------------
http://www.sans.org/newsletters/newsbites/r/18/5/201
*** Dridex banking malware adds a new trick ***
---------------------------------------------
Dridex, the banking malware that wont go away, has been improved upon once again.IBMs X-Force researchers have found that the latest version of Dridex uses a DNS (Domain Name System) trick to direct victims to fake banking websites.The technique, known as DNS cache poisoning, involves changing DNS settings to direct someone asking for a legitimate banking website to a fake site.DNS cache poisoning is a powerful attack. Even if a person types in the correct domain name for a bank, the fake...
---------------------------------------------
http://www.cio.com/article/3024244/dridex-banking-malware-adds-a-new-trick.…
*** /tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!, (Wed, Jan 20th) ***
---------------------------------------------
When you are performing a penetration test, you need to learn how your target is working: What kind of technologies and tools are used, how internal usernames are generated, email addresses format, ... Grabbing for such information is called the reconnaissance phase. Once you collected enough details, you can prepare your different scenarios to attack the target.All pentesters have their personal toolbox that has been enhanced day after day. In many cases, there is no real magic: to abuse or...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20631&rss
*** Critical Patch Update: Oracle stellt 248 Sicherheitspatches bereit ***
---------------------------------------------
Die bislang größte Sicherheitsptach-Sammlung von Oracle ist da und fixt Lücken in Database, Java, MySQL und Co. Dieses Mal steht Oracles E-Business Suite im Mittelpunkt.
---------------------------------------------
http://heise.de/-3077692
*** Apple Releases Patches for iOS, OS X and Safari ***
---------------------------------------------
Apple released security updates for iOS, OS X and Safari, patching a number of kernel-level code-execution vulnerabilities.
---------------------------------------------
http://threatpost.com/apple-releases-patches-for-ios-os-x-and-safari/115946/
*** Trojan for Android preinstalled on Phillips s307 firmware ***
---------------------------------------------
January 20, 2016 The past year was marked by a big number of firmware Trojans for Android capable to covertly download and install various software and display annoying advertisements. Android.Cooee.1 incorporated into the graphical shell of some cheap Chinese smartphones was one of them. Virus makers obviously continued to preinstall Android.Cooee.1 into mobile devices. This time, however, Doctor Web security researchers detected the Trojan on firmware of a well-known electronics manufacturer.
---------------------------------------------
http://news.drweb.com/show/?i=9792&lng=en&c=9
*** Primes, parameters and moduli ***
---------------------------------------------
First a brief history of Diffie-Hellman for those not familiar with it The short version of Diffie-Hellman is that two parties (Alice and Bob) want to share a secret so they can encrypt their communications and talk securely without an...
---------------------------------------------
https://securityblog.redhat.com/2016/01/20/primes-parameters-and-moduli/
*** Serious flaw patched in Intel Driver Update Utility ***
---------------------------------------------
A software utility that helps users download the latest drivers for their Intel hardware components contained a vulnerability that could have allowed man-in-the-middle attackers to execute malicious code on computers.The tool, known as the Intel Driver Update Utility, can be downloaded from Intels support website. It provides an easy way to find the latest drivers for various Intel chipsets, graphics cards, wireless cards, desktop boards, Intel NUC mini PCs or the Intel Compute Stick.
---------------------------------------------
http://www.cio.com/article/3024345/serious-flaw-patched-in-intel-driver-upd…
*** Cisco Guide to Harden Cisco IOS Devices ***
---------------------------------------------
This document contains information to help you secure your Cisco IOS system devices, which increases the overall security of your network. Structured around the three planes into which functions of a network device can be categorized, this document provides an overview of each included feature and references to related documentation.
---------------------------------------------
http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html
*** Security Advisory: BIND vulnerability CVE-2015-8704 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/53/sol53445000.html?…
*** Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle ***
---------------------------------------------
Topic: Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle Risk: Medium Text:1. Advisory Information Title: Intel Driver Update Utility MiTM Advisory ID: CORE-2016-0001 Advisory URL: http://www.cores...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016010119
*** Oracle Critical Patch Update Advisory - January 2016 ***
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
*** Oracle Linux Bulletin - January 2016 ***
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867…
*** HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS) ***
---------------------------------------------
A vulnerability in Microsoft Report Viewer was addressed by HPE Performance Center. This is a Cross-Site scripting (XSS) vulnerability that could allow remote information disclosure.
---------------------------------------------
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr…
*** Xen Security Advisory CVE-2016-1571 / XSA-168 ***
---------------------------------------------
VMX: intercept issue with INVLPG on non-canonical address
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-168.html
*** Xen Security Advisory CVE-2016-1570 / XSA-167 ***
---------------------------------------------
PV superpage functionality missing sanity checks
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-167.html
*** Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** DFN-CERT-2016-0109: Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe und das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0109/
*** DFN-CERT-2016-0106: NTP: Mehrere Schwachstellen ermöglichen u.a. das Darstellen falscher Informationen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0106/
*** APPLE-SA-2016-01-19-3 Safari 9.0.3 ***
---------------------------------------------
APPLE-SA-2016-01-19-3 Safari 9.0.3Safari 9.0.3 is now available and addresses the following:WebKitAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,OS X El Capitan v10.11 to v10.11.2Impact: Visiting a maliciously crafted website may lead to arbitrarycode execution [...]
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2016/Jan/msg00004.ht…
*** APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 ***
---------------------------------------------
APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update2016-001OS X El Capitan 10.11.3 and Security Update 2016-001 is now availableand addresses the following:AppleGraphicsPowerManagementAvailable for: OS X El Capitan v10.11 to v10.11. [...]
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2016/Jan/msg00003.ht…
*** APPLE-SA-2016-01-19-1 iOS 9.2.1 ***
---------------------------------------------
APPLE-SA-2016-01-19-1 iOS 9.2.1iOS 9.2.1 is now available and addresses the following:Disk ImagesAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to execute arbitrary code withkernel privileges [...]
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2016/Jan/msg00002.ht…
*** DSA-3449 bind9 - security update ***
---------------------------------------------
It was discovered that specific APL RR data could trigger an INSISTfailure in apl_42.c and cause the BIND DNS server to exit, leading to adenial-of-service.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3449
*** Siemens OZW672 and OZW772 XSS Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a cross-site scripting vulnerability in Siemens OZW672 and OZW772 devices.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM FlashSystem model V840 (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005584
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM FlashSystem model 840 (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005585
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2016-0777, CVE-2016-0778) ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000044
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM SAN Volume Controller and Storwize Family (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005583
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Sterling Connect:Express for UNIX (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21974473
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Sterling Connect:Direct for UNIX (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21974888
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of IBM WebSphere MQ (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21974466
---------------------------------------------
*** IBM Security Bulletin: IBM Spectrum Scale is affected by a security vulnerability (CVE-2015-7488) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005580
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in IBM SDK for Node.js affect IBM Business Process Manager Configuration Editor (CVE-2015-8027, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196) ***
http://www.ibm.com/support/docview.wss?uid=swg21974459
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005579
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM API Management (CVE-2015-4872 CVE-2015-4911 CVE-2015-4893 CVE-2015-4803) ***
http://www.ibm.com/support/docview.wss?uid=swg21974673
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SD affect Guardium Data Reduction ***
http://www.ibm.com/support/docview.wss?uid=swg21973724
---------------------------------------------
*** IBM Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) ***
http://www.ibm.com/support/docview.wss?uid=swg21971951
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express. ***
http://www.ibm.com/support/docview.wss?uid=swg21972376
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 18-01-2016 18:00 − Dienstag 19-01-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** FDA Issues Guidelines on Medical Device Cybersecurity ***
---------------------------------------------
The Food and Drug Administration (FDA) issued a new set of draft guidelines on Friday in hopes medical device manufacturers address cybersecurity risks in their products.
---------------------------------------------
http://threatpost.com/fda-issues-guidelines-on-medical-device-cybersecurity…
*** Good practice guide on disclosing vulnerabilities ***
---------------------------------------------
ENISA published a good practice guide on vulnerability disclosure, aiming to provide a picture of the challenges the security researchers, the vendors and other involved stakeholders are confronted wi...
---------------------------------------------
http://www.net-security.org/secworld.php?id=19342
*** Microsoft asks: We've taken down botnets for you. How about a kill switch? ***
---------------------------------------------
Its like pulling a smoking car off the road... Oh, hang on Last December, Microsoft intercepted traffic on users' PCs and helped break up a botnet. And nobody complained. So the company very tentatively asked at a session on ethics and policy in Brussels this week whether it should do more.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/01/19/microsoft_b…
*** Security: XSS-Lücke in Yahoo-Mail gefixt ***
---------------------------------------------
Eine XSS-Lücke in Yahoo-Mail ermöglichte es Angreifern, fremde Accounts zu übernehmen. Sie hätten alle E-Mails der Nutzer weiterleiten und ausgehende E-Mails mit Viren infizieren können, schreibt ein Sicherheitsforscher. Yahoo hat bereits reagiert.
---------------------------------------------
http://www.golem.de/news/security-xss-luecke-in-yahoo-mail-gefixt-1601-1186…
*** Angler Exploit Kit's January Vacation ***
---------------------------------------------
Since last year, we've been monitoring various redirectors which lead to exploit kits (EK). One of the redirectors in question routes to either Angler EK or Neutrino EK. SANS ISC has also observed this particular redirector switching between these two kits. At the beginning of this year, we noticed a sudden significant drop in our...
---------------------------------------------
https://labsblog.f-secure.com/2016/01/19/angler-exploit-kits-january-vacati…
*** Root-Exploit: Android und Linux anfällig für Rechte-Trickserei ***
---------------------------------------------
Der Schlüsselbund des Kernels stattet mit einem Trick seit 2012 jeden Nutzer mit Root-Rechten aus. Allerdings muss der Nutzer dafür bereits angemeldet sein.
---------------------------------------------
http://heise.de/-3076663
*** MSN Home Page Drops More Malware Via Malvertising ***
---------------------------------------------
Visitors to the MSN homepage may have been exposed to malvertising.Categories: MalvertisingTags: ad spiritappnexusmalvertisingmsn(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/malvertising-2/2016/01/msn-home-page-drops-mo…
*** Cisco Web Security Appliance Security Bypass Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Moodle Bugs Let Remote Users Access Hidden Course and Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1034694
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 15-01-2016 18:00 − Montag 18-01-2016 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
*** Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to execute a stored cross-site scripting (XSS) attack against a user of the Cisco FireSIGHT Management Center web interface.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Easily Exploitable Vulnerability Could Cause Physical Damage to Industrial Motors ***
---------------------------------------------
http://www.sans.org/newsletters/newsbites/r/18/4/307
*** Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability ***
---------------------------------------------
Cisco FireSIGHT Management Center (MC) contains a DOM-based cross-site scripting vulnerability (XSS) in the management page. An unauthenticated, remote attacker could persuade a user to perform a malicious action, allowing the attacker to perform a XSS attack.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** IBM Security Bulletin: Vulnerabilities in GNU grep utility affect IBM Security Network Protection (CVE-2012-5667, and CVE-2015-1345) ***
---------------------------------------------
The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. Security vulnerabilities have been discovered in grep utility used with IBM Security Network Protection.
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21972209
*** IBM Security Bulletin: IBM WebSphere Application Server Liberty Profile vulnerability affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2015-2017) ***
---------------------------------------------
WebSphere Application Server Liberty Profile that is embedded in TADDM could allow a remote attacker to has access to the customer app or a form which sends the contents in a header will be able to split the response and add headers to the response. The customer application will allow cross-site scripting, web cache poisoning, and other similar exploits.
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21974782
*** Cisco Adaptive Security Appliance Information Disclosure Vulnerability ***
---------------------------------------------
A vulnerability in the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional attacks.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** The SLOTH attack and IKE/IPsec ***
---------------------------------------------
The IKE daemons in RHEL7 (libreswan) and RHEL6 (openswan) are not vulnerable to the SLOTH attack. But the attack is still interesting to look at . The SLOTH attack released today is a new transcript collision attack against ..
---------------------------------------------
https://securityblog.redhat.com/2016/01/15/the-sloth-attack-and-ikeipsec/
*** Schwere Lücke bei Überwachungskameras von Hofer und Aldi ***
---------------------------------------------
Sicherheitsexperten warnen vor Überwachungskameras der Marke Maginon. Diese erlauben den ungeschützten Zugriff auf Bild und Ton, aber auch WLAN- und E-Mail-Passwörter.
---------------------------------------------
http://futurezone.at/produkte/schwere-luecke-bei-ueberwachungskameras-von-h…
*** LostPass ***
---------------------------------------------
I have discovered a phishing attack against LastPass that allows an attacker to steal a LastPass users email, password, and even two-factor auth code, giving full access to all passwords and documents stored in LastPass.
---------------------------------------------
https://www.seancassidy.me/lostpass.html
*** Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012 - and a new network attack ***
---------------------------------------------
Hot Potato (aka: Potato) takes advantage of known issues in Windows to gain local privilege escalation in default configurations, namely NTLM relay (specifically HTTP->SMB relay) and NBNS spoofing.
---------------------------------------------
http://foxglovesecurity.com/2016/01/16/hot-potato/
*** HTTP Evasions Explained - Part 10 - Lazy Browsers ***
---------------------------------------------
The previous parts of this series looked at firewalls and browsers as black boxes which just behave that way for unknown reason. For this part I took a closer look at the source code of Chromium and Firefox. This way Ive found even more ways to construct HTTP which is insanely broken but still gets accepted by the ..
---------------------------------------------
http://noxxi.de/research/http-evader-explained-10-lazy-browsers.html
*** nic.at bringt "Security-Lock" für Domains ***
---------------------------------------------
Schutz soll verhindern, dass eine Domain irrtümlich unerreichbar oder manipuliert wird
---------------------------------------------
http://derstandard.at/2000029286062
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 14-01-2016 18:00 − Freitag 15-01-2016 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** NCCIC/ICS-CERT Monitor for November-December 2015 ***
---------------------------------------------
The NCCIC/ICS-CERT Monitor for November-December 2015 is a summary of ICS-CERT activities for that period of time.
---------------------------------------------
https://ics-cert.us-cert.gov/monitors/ICS-MM201512
Download: https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT%20Monito…
*** Oracle Critical Patch Update - January 2016 - Pre-Release Announcement ***
---------------------------------------------
[...] This Critical Patch Update contains 248 new security vulnerability fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
*** Creator of MegalodonHTTP DDoS Botnet Arrested ***
---------------------------------------------
Last month, the Norway police arrested five hackers accused of running the MegalodonHTTP Remote Access Trojan (RAT). The arrests came as part of the joint operation between Norway's Kripos National Criminal Investigation Service and Europol, codenamed "OP Falling sTAR." According to the United States security firm, all the five men, aged between 16 and 24 years and located in Romania,...
---------------------------------------------
https://thehackernews.com/2016/01/MegalodonHTTP-DDoS-Botnet.html
*** Kreditkartenhack bei VISA: Unter anderem A1-Kunden betroffen ***
---------------------------------------------
Ein Drittanbieter in Island wurde angegriffen - rund 2.000 A1 Visa-Kunden erhalten neue Karte
---------------------------------------------
http://derstandard.at/2000029114201
*** Updated BlackEnergy Trojan Grows More Powerful ***
---------------------------------------------
In late December, a cyberattack caused a power outage in the Ukraine, plunging hundreds of thousands of citizens into darkness for hours. Threat researchers soon confirmed that the BlackEnergy malware package, first developed in 2007, was the culprit. They also discovered that the malware has been significantly upgraded since its first release.
---------------------------------------------
https://blogs.mcafee.com/mcafee-labs/updated-blackenergy-trojan-grows-more-…
*** Wieder sicher: Authentifizierungsprotokoll OAuth ***
---------------------------------------------
Angreifer sollen abermals Log-in-Daten von Nutzern abgreifen können, wenn diese sich mittels OAuth bei Online-Services anmelden. Die Schwachstellen wurden bereits geschlossen. Sicherheitsforscher attestieren dem Protokoll insgesamt eine hohe Sicherheit.
---------------------------------------------
http://heise.de/-3071639
*** Spamming Someone from PayPal ***
---------------------------------------------
Troy Hunt has identified a new spam vector. PayPal allows someone to send someone else a $0 invoice. The spam is in the notes field. But its a legitimate e-mail from PayPal, so it evades many of the traditional spam filters. Presumably it doesnt cost anything to send a $0 invoice via PayPal. Hopefully, the company will close this loophole...
---------------------------------------------
https://www.schneier.com/blog/archives/2016/01/spamming_someon.html
*** OS Xs Gatekeeper bypassed again ***
---------------------------------------------
Do you remember when, last October, Synack director of research Patrick Wardle found a simple way to evade OS Xs Gatekeeper defense mechanism by bundling up a legitimate Apple-signed app with a malic...
---------------------------------------------
http://www.net-security.org/secworld.php?id=19336
*** Advantech WebAccess Vulnerabilities ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
*** Manage Engine Applications Manager 12 Multiple Vulnerabilities ***
---------------------------------------------
Applications Manager suffers from multiple vulnerabilities including XSS, CSRF and Privilege Escalation.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5292.php
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 13-01-2016 18:00 − Donnerstag 14-01-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** SlemBunk Part II: Prolonged Attack Chain and Better-Organized Campaign ***
---------------------------------------------
Our follow-up investigation of a nasty Android banking malware we identified at the tail end of last year has not only revealed that the trojan is more persistent than we initially realized - thus making for a much more dangerous threat - but that it is also being used as part of an ongoing and evolving campaign.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2016/01/slembunk-part-two.html
*** Faulty ransomware renders files unrecoverable, even by the attacker ***
---------------------------------------------
A cybercriminal has built a ransomware program based on proof-of-concept code released online, but messed up the implementation, resulting in victims files being completely unrecoverable.Researchers from antivirus vendor Trend Micro recently ..
---------------------------------------------
http://www.cio.com/article/3022159/faulty-ransomware-renders-files-unrecove…
*** As easy as Citrix123 - hacker claims he popped Citrixs CMS ***
---------------------------------------------
And once he was in, it became possible to pour malware onto all customers, allegedly A Russian hacker claims he broke into systems run by Citrix, and gained access to potentially a huge number of customers.
---------------------------------------------
www.theregister.co.uk/2016/01/13/ruskie_hacker_pops_citrix/
*** Ex-NSA-Chef: Hintertüren für Verschlüsselung sind eine furchtbare Idee ***
---------------------------------------------
Michael Hayden widerspricht den Forderungen von FBI-Boss James Comey
---------------------------------------------
http://derstandard.at/2000029033330
*** RedHen CRM - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-002 ***
---------------------------------------------
The Redhen set of modules allows you to build a CRM features in a Drupal site.When rendering individual Contacts, this module does not properly filter the certain data prior to display. When rendering listing of notes or engagement scores, ..
---------------------------------------------
https://www.drupal.org/node/2649800
*** Cisco kämpft mit statischem Passwort und fixt kritische Lücken ***
---------------------------------------------
In Ciscos Identity Services Engine klafft eine als kritisch und eine als hoch eingestufte Schwachstelle. Neben der Wireless-LAN-Controller-Software sind auch noch Aironet-Basisstationen der 1800-Serie verwundbar. Sicherheitsupdates stehen bereit.
---------------------------------------------
http://heise.de/-3070756
*** Angriff der Cyber-Eichhörnchen ***
---------------------------------------------
Eichhörnchen sind eine größere Gefahr für Internet- und Stromleitungen als Hacker. Das zeigt die Webseite CyberSquirrel1 auf augenzwinkernde Art und Weise.
---------------------------------------------
http://www.golem.de/news/internet-und-stromausfaelle-angriff-der-cyber-eich…
*** OpenSSL version 1.1.0 pre release 2 published ***
---------------------------------------------
OpenSSL 1.1.0 is currently in alpha. OpenSSL 1.1.0 pre release 2 has now been made available. For details of changes and known issues see the release ..
---------------------------------------------
https://mta.openssl.org/pipermail/openssl-announce/2016-January/000057.html
*** Triple-Seven: OpenSSH-Schwachstelle leakt geheime Schlüssel ***
---------------------------------------------
Eine unfertige Option, die bei OpenSSH seit 2010 standardmäßig aktiviert ist, führt dazu, dass gekaperte Server die geheimen Schlüssel der sich verbindenden Nutzer auslesen können. Updates, welche die Lücke schließen, stehen bereit.
---------------------------------------------
http://heise.de/-3071372
*** Ransomware a Threat to Cloud Services, Too ***
---------------------------------------------
Ransomware -- malicious software that encrypts the victims files and holds them hostage unless and until the victim pays a ransom in Bitcoin -- has emerged as a potent and increasingly common threat online. But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services.
---------------------------------------------
http://krebsonsecurity.com/2016/01/ransomware-a-threat-to-cloud-services-to…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 12-01-2016 18:00 − Mittwoch 13-01-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Security Bulletins Posted for Adobe Acrobat and Reader ***
---------------------------------------------
Security Bulletins for Adobe Acrobat and Reader (APSB16-02) have been published. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant security bulletin. This posting ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1311
*** There Goes The Neighborhood - Bad Actors on GMHOST Alexander Mulgin Serginovic ***
---------------------------------------------
Whether they encourage it or not, some network operators become known and favored by criminals such as those that operate exploit kit (EK) and malware infrastructure. After ..
---------------------------------------------
http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.h…
*** MS16-JAN - Microsoft Security Bulletin Summary for January 2016 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-JAN
*** Raising the Dead ***
---------------------------------------------
It's a bit late for Halloween but the ability to resurrect the dead (processes that is) is an interesting type of security issue when dealing with multi-user Windows systems such as Terminal Servers. Specifically this blog is about this issue which I reported to Microsoft and was fixed in bulletin ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2016/01/raising-dead.html
*** FortiOS SSH Undocumented Interactive Login Vulnerability ***
---------------------------------------------
http://www.fortiguard.com/advisory/fortios-ssh-undocumented-interactive-log…
*** Ransomware Strikes Websites ***
---------------------------------------------
Ransomware is one of the most insidious types of malware that one can come across. These infections will encrypt all files on the target computer as well as any hard drives connected to the machine - pictures, videos, text files - you ..
---------------------------------------------
https://blog.sucuri.net/2016/01/ransomware-strikes-websites.html
*** Triaging the exploitability of IE/EDGE crashes ***
---------------------------------------------
Both Internet Explorer (IE) and Edge have seen significant changes in order to help protect customers from security threats. This work has featured a number of mitigations that together have not only rendered classes of vulnerabilities not-exploitable, but also dramatically raised the cost ..
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2016/01/12/triaging-the-exploitabili…
*** Die smarte Türklingel verrät das WLAN-Passwort ***
---------------------------------------------
Eine Gegensprechanlage, die mit dem Smartphone zusammenarbeitet. Klingt eigentlich praktisch, doch leider weist das Gerät Sicherheitsmängel auf, wie Hacker jetzt herausfanden.
---------------------------------------------
http://www.golem.de/news/internet-of-things-die-smarte-tuerklingel-verraet-…
*** Backdoor bei Fortinet vermutet: Firma spricht von Lücke ***
---------------------------------------------
Alternative Login-Methode in Software entdeckt – Patch bereits 2014 veröffentlicht
---------------------------------------------
http://derstandard.at/2000028972976
*** A Case of Too Much Information: Ransomware Code Shared Publicly for 'Educational Purposes', Used Maliciously Anyway ***
---------------------------------------------
Researchers, whether independent or from security vendors, have a responsibility to properly disseminate the information they gathered to help the industry as well as users. Even with the best intentions, improper disclosure of sensitive information ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/a-case-of-too-mu…
*** Security: Verizon routet 4 Millionen Spammer-IPs ***
---------------------------------------------
IPv4-Adressen sind ein knappes Gut. Doch der US-Anbieter Verizon reagiere trotzdem nicht auf Missbrauchsmitteilungen, kritisiert eine Sicherheitsfirma.
---------------------------------------------
http://www.golem.de/news/security-verizon-routet-4-millionen-spammer-ips-16…
*** [HTB23279]: Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered multiple SQL Injection vulnerabilities in mcart.xls Bitrix module, which can be exploited to execute arbitrary SQL queries and obtain potentially sensitive data, modify information in database and gain complete control over the vulnerable website.
---------------------------------------------
https://www.htbridge.com/advisory/HTB23279
*** [HTB23283]: Remote Code Execution in Roundcube ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in a popular webmail client Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the vulnerable server.
---------------------------------------------
https://www.htbridge.com/advisory/HTB23283
*** Hacking Team's Leak Helped Researchers Hunt Down a Zero-Day ***
---------------------------------------------
Researchers at Kaspersky Lab have, for the first time, discovered a valuable zero-day exploit after intentionally going on the hunt for it.
---------------------------------------------
http://www.wired.com/2016/01/hacking-team-leak-helps-kaspersky-researchers-…
*** Denial-of-Service Flaw Patched in DHCP ***
---------------------------------------------
The Internet Systems Consortium (ISC) on Tuesday patched a denial-of-service vulnerability in numerous versions of DHCP.
---------------------------------------------
http://threatpost.com/denial-of-service-flaw-patched-in-dhcp/115875/
*** The SLOTH attack and IKE/IPsec ***
---------------------------------------------
Executive Summary: The IKE daemons in RHEL7 (libreswan) and RHEL6 (openswan) are not vulnerable to the SLOTH attack. But the attack is still interesting to look at . The SLOTH attack released today is a new transcript collision attack against ..
---------------------------------------------
https://securityblog.redhat.com/2016/01/13/the-sloth-attack-and-ikeipsec/
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 11-01-2016 18:00 − Dienstag 12-01-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Angler Exploit Kit Continues to Evade Detection: Over 90,000 Websites Compromised ***
---------------------------------------------
Exploit Kits (EK), arguably the most impactful malicious infrastructure on the Internet, constantly evolve to evade detection by security technology. Tremendous effort has been spent on tracking new variations of different EK families. In ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/01/angler-exploit-kit-conti…
*** Mac OS X, iOS, and Flash Had the Most Discovered Vulnerabilities in 2015 ***
---------------------------------------------
Interesting analysis: Which software had the most publicly disclosed vulnerabilities this year? The winner is none other than Apples Mac OS X, with 384 vulnerabilities. The runner-up? Apples iOS, with 375 vulnerabilities. Rounding out the top five are Adobes Flash Player, with 314 vulnerabilities; Adobes AIR ..
---------------------------------------------
https://www.schneier.com/blog/archives/2016/01/mac_os_x_ios_an.html
*** DSA-3440 sudo - security update ***
---------------------------------------------
When sudo is configured to allow a user to edit files under a directory that they can already write to without using sudo, they can actuallyedit (read and write) arbitrary files. Daniel Svartman reported that aconfiguration like this might ..
---------------------------------------------
https://www.debian.org/security/2016/dsa-3440
*** Ransom32 - look at the malicious package ***
---------------------------------------------
Ransom32 is a new ransomware implemented in a very atypical style. In our post, we will focus on some implementation details of the malicious package.
---------------------------------------------
https://blog.malwarebytes.org/intelligence/2016/01/ransom32-look-at-the-mal…
*** Say 'Cyber' again - Ars cringes through CSI: Cyber ***
---------------------------------------------
CBS endangered cyber-procedural: Plane hacking! Software defined radio! White noise! OMG!
---------------------------------------------
http://arstechnica.com/the-multiverse/2016/01/say-cyber-again-ars-cringes-t…
*** McAfee Application Control - The dinosaurs want their vuln back ***
---------------------------------------------
The experts of the SEC Consult Vulnerability Lab conducted research in the field of the security of application whitelisting in critical infrastructures. In the course of that research the security of McAfee Application Control was checked.The experts developed several methods to bypass the provided protections ..
---------------------------------------------
http://blog.sec-consult.com/2016/01/mcafee-application-control-dinosaurs.ht…
*** (ISC)2 SecureAustria ***
---------------------------------------------
How can we know what we are protecting if we struggle to understand and keep up with how we and our organizations are changing? It�s time to get a grip on the far-reaching and fundamental changes that are occurring in business today.
---------------------------------------------
https://www.sba-research.org/events/isc2-secureaustria/
*** Sicherheit: Aus für alte IE-Versionen trifft jeden fünften Webnutzer ***
---------------------------------------------
Über die Jahre hat Microsoft eine Fülle unterschiedlicher Versionen des Internet Explorers veröffentlicht. Nun entledigt man sich der Support-Pflichten für einen großen Teil derselben: Ab sofort liefert Microsoft keinerlei Updates mehr für Internet Explorer 8 bis 10.
---------------------------------------------
http://derstandard.at/2000028882047
*** Cops Say They Can Access Encrypted Emails on So-Called PGP BlackBerrys ***
---------------------------------------------
Dutch investigators have confirmed to Motherboard that they are able to read encrypted messages sent on PGP BlackBerry phones�custom, security-focused BlackBerry devices that come complete with an encrypted email feature, and which reportedly may be used by organized criminal groups.
---------------------------------------------
https://motherboard.vice.com/read/cops-say-they-can-access-encrypted-emails…
*** Ongoing Sophisticated Malware Campaign Compromising ICS (Update C) ***
---------------------------------------------
This alert update is a follow-up to the updated NCCIC/ICS-CERT Alert titled ICS-ALERT-14-281-01B Ongoing Sophisticated Malware Campaign Compromising ICS that was published December 10, 2014, on the ICS-CERT web site. | ICS-CERT has identified a sophisticated malware campaign that has compromised numerous ..
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-281-01B
*** Experts warn Neutrino and RIG exploit kit activity spike ***
---------------------------------------------
Security experts at Heimdal Security are warning a spike in cyber attacks leveraging the popular Neutrino and RIG exploit kit. Cyber criminals always exploit new opportunities and users' bad habits, now crooks behind the recent campaigns relying on Neutrino and RIG exploit kits are ramping up attacks ..
---------------------------------------------
http://securityaffairs.co/wordpress/43482/cyber-crime/neutrino-rig-exploit-…
*** Group using DDoS attacks to extort business gets hit by European law enforcement ***
---------------------------------------------
On 15 and 16 December, law enforcement agencies from Austria, Bosnia and Herzegovina, Germany and the United Kingdom joined forces with Europol in the framework of an operation against the ...
---------------------------------------------
http://www.net-security.org/secworld.php?id=19314
*** Schwere Sicherheitslücken im Passwort-Manager von Trend Micro ***
---------------------------------------------
Google-Forscher Tavis Ormandy deckt wieder einmal Schwachstellen in Anti-Viren-Software auf. Bei Trend Micro stellt er konsterniert fest: "Das Lächerlichste, was ich je gesehen habe."
---------------------------------------------
http://heise.de/-3069140
*** UPC: Standard-WLAN-Passwörter kinderleicht zu knacken ***
---------------------------------------------
Neuer Hack erlaubt Berechnung basierend auf der ESSID – UPC prüft Klage gegen Sicherheitsforscher.
---------------------------------------------
http://derstandard.at/2000028921659
*** An Easy Way for Hackers to Remotely Burn Industrial Motors ***
---------------------------------------------
Devices that control the speed of industrial motors operating water plant pumps and other equipment can be remotely hacked and destroyed.
---------------------------------------------
http://www.wired.com/2016/01/an-easy-way-for-hackers-to-remotely-burn-indus…