Daily

daily@lists.cert.at

1 participants
3138 discussions

Tageszusammenfassung - Freitag 7-08-2015
by Daily end-of-shift report 07 Aug '15

07 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 06-08-2015 18:00 − Freitag 07-08-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Updated DGA Changer Malware Generates Fake Domain Stream *** --------------------------------------------- Researchers at Seculert have discovered the latest twist to DGA Changer, which now is able to generate a fake stream of domains if it detects it's being executed in a virtual machine. --------------------------------------------- http://threatpost.com/updated-dga-changer-malware-generates-fake-domain-str… *** BLEKey Device Breaks RFID Physical Access Controls *** --------------------------------------------- A device called BEKey which is the size of a quarter and can be installed in 60 seconds on a proximity card reader could potentially be used to break physical access controls in 80 percent of deployments. --------------------------------------------- http://threatpost.com/blekey-device-breaks-rfid-physical-access-controls/11… *** BIND Denial of Service Vulnerability Blamed on Windows 2000 Compatibility Code *** --------------------------------------------- The BIND implementation of the Domain Name System (DNS) is a critical part of the infrastructure of the Internet. For example, almost all of the 13 root name servers use BIND. On July 28 a vulnerability was published in BIND that could be anonymously exploited by an attacker. To crash the server, all an attacker would have to... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OQsKsP-w1DU/ *** Schwachstelle: Certifi-Gate erlaubt Zertifikatsmissbrauch unter Android *** --------------------------------------------- Bösartige Apps können in Android legitime Zertifikate nutzen, um erhöhte Rechte zu erhalten. Die Entdecker der Schwachstelle haben dieser den Namen Certifi-Gate gegeben. Google bestätigt die Lücke, betont aber, dass Apps im Play Store auf ein solches Missbrauchspotential überprüft würden. --------------------------------------------- http://www.golem.de/news/schwachstelle-certifi-gate-erlaubt-zertifikatsmiss… *** HTTPS: BGP-Angriff gefährdet TLS-Zertifikatssystem *** --------------------------------------------- Auf der Black Hat weisen Sicherheitsforscher auf ein Problem mit TLS-Zertifizierungsstellen hin: Die Prüfung, wem eine Domain gehört, findet über ein ungesichertes Netz statt. Dieser Weg ist angreifbar - beispielsweise mittels des Routingprotokolls BGP. --------------------------------------------- http://www.golem.de/news/https-bgp-angriff-gefaehrdet-tls-zertifikatssystem… *** Kryptographie: Rechenfehler mit großen Zahlen *** --------------------------------------------- Kryptographische Algorithmen benötigen oft Berechnungen mit großen Ganzzahlen. Immer wieder werden Fehler in den entsprechenden Bibliotheken gefunden. Diese können zu Sicherheitslücken werden. --------------------------------------------- http://www.golem.de/news/kryptographie-rechenfehler-mit-grossen-zahlen-1508… *** Zwölf Sicherheitslücken in PHP geschlossen, Support für Version 5.5 ausgelaufen *** --------------------------------------------- Das PHP-Entwickerteam hat seinen Interpreter sicherer gemacht und weist darauf hin, dass der Support für Version 5.5 vor kurzem abgelaufen ist. Wer kann, sollte auf Version 5.6 umsteigen. --------------------------------------------- http://heise.de/-2774343 *** The GasPot experiment: Hackers target gas tanks *** --------------------------------------------- Physically tampering with gasoline tanks is dangerous enough, given how volatile gas can be. Altering a fuel gauge can cause a tank to overflow, and a simple spark can set everything ablaze. But imagi... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/5bYYfndJK74/secworld.php *** Auto-Hacking: Gehackte Teslas lassen sich bei voller Fahrt ausschalten *** --------------------------------------------- Insgesamt sechs Lücken haben IT-Sicherheitsforscher in der Software der Automobile von Tesla entdeckt. Über sie gelang es ihnen, die Kontrolle über das Fahrzeug zu übernehmen. --------------------------------------------- http://www.golem.de/news/auto-hacking-gehackte-teslas-lassen-sich-bei-volle… *** Firefox exploit found in the wild *** --------------------------------------------- Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1. https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ --------------------------------------------- https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-w… *** CrackLord: Gratis-Tool zum Steuern von Cracking-Clustern *** --------------------------------------------- Forscher haben mit CrackLord eine Open-Source-Software vorgestellt, die CPU-/GPU-Cluster zum Cracken von Passwörtern ansteuert und Aufgaben verwaltet und verteilt. --------------------------------------------- http://heise.de/-2774582 *** Scada-Sicherheit: Siemens-PLC wird zum Einbruchswerkzeug *** --------------------------------------------- Über die oftmals frei aus dem Internet zugänglichen Programmable Logic Controller (PLC) zum Steuern von Scada-Systemen können Angreifer Scanner zum Spionieren in Industrie-Systeme schmuggeln. Die dafür nötige Software steht frei zum Download. --------------------------------------------- http://heise.de/-2774812 *** Citrix XenServer Security Update for CVE-2015-5154 *** --------------------------------------------- A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to compromise the host ... --------------------------------------------- http://support.citrix.com/article/CTX201593 *** USN-2706-1: OpenJDK 6 vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-2706-16th August, 2015openjdk-6 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTSSummarySeveral security issues were fixed in OpenJDK 6.Software description openjdk-6 - Open Source Java implementation DetailsSeveral vulnerabilities were discovered in the OpenJDK JRE related toinformation disclosure, data integrity, and availability. An attackercould exploit these to cause a denial of service or expose sensitivedata... --------------------------------------------- http://www.ubuntu.com/usn/usn-2706-1/ *** Security Advisory: Java SE vulnerabilities CVE-2015-2590 and CVE-2015-4732 *** --------------------------------------------- (SOL17079) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/17000/000/sol17079.htm… *** DSA-3329 linux - security update *** --------------------------------------------- Several vulnerabilities have been discovered in the Linux kernelthat may lead to a privilege escalation, denial of service orinformation leak. --------------------------------------------- https://www.debian.org/security/2015/dsa-3329 *** Apache Subversion Bugs Let Remote Users Obtain Potentially Sensitive Information *** --------------------------------------------- http://www.securitytracker.com/id/1033215 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: A Security Vulnerability, exists in the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software (CVE-2015-1835) *** http://www.ibm.com/support/docview.wss?uid=swg21962128 *** IBM Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM Security Identity Governance *** http://www.ibm.com/support/docview.wss?rs=0&uid=swg21963438 *** IBM Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects the IBM FlashSystem V840 (CVE 2015-4000) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005344 *** IBM Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects the IBM FlashSystem 840 (CVE 2015-4000) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005339 *** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-4000) *** http://www.ibm.com/support/docview.wss?uid=swg21960191 *** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tivoli Monitoring (CVE-2015-4000) *** http://www.ibm.com/support/docview.wss?uid=swg21962739 *** IBM Security Bulletin: A vulnerability in Open Source Struts affects the IBM FlashSystem 840 (CVE 2015-1831) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005329 *** IBM Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem V840 (CVEs 2015-0204, 2015-0488, and 2015-1916) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005328 *** IBM Security Bulletin: A vulnerability in Open Source Struts affect the IBM FlashSystem V840 (CVE 2015-1831) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005331 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-0488, CVE-2015-0478, CVE-2015-1916) *** http://www.ibm.com/support/docview.wss?uid=swg21883959 *** IBM Security Bulletin: Multiple vulnerabilities in the unzip utility affect IBM Security Access Manager for Mobile. *** http://www.ibm.com/support/docview.wss?uid=swg21963158 *** IBM Security Bulletin: Multiple vulnerability in Product IBM Tivoli Common Reporting(CVE-2015-0488, CVE-2015-0478, CVE-2015-2808, CVE-2015-1916, CVE-2014-0227, CVE-2015-0209 , CVE-2015-0286 , CVE-2015-0289) *** http://www.ibm.com/support/docview.wss?uid=swg21963024 *** IBM Security Bulletin: A vulnerability in Open Source OpenSSL affects the IBM FlashSystem 840 (CVE 2015-0286) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005341 *** IBM Security Bulletin: Vulnerability in Open Source Apache Tomcat affect the IBM FlashSystem V840, (CVE-2014-0227) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005204

1 0

Tageszusammenfassung - Donnerstag 6-08-2015
by Daily end-of-shift report 06 Aug '15

06 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 05-08-2015 18:00 − Donnerstag 06-08-2015 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Jetzt Android-Geräte auf Stagefright-Lücken testen! *** --------------------------------------------- Mit einer kostenlosen App kann man überprüfen, ob die eigenen Android-Geräte über die Stagefright-Lücken angreifbar sind. --------------------------------------------- http://heise.de/-2773801 *** Stagefright-Sicherheitslücke: Elf Wege, ein Android-System zu übernehmen *** --------------------------------------------- Auf der Black-Hat-Konferenz hat Joshua Drake die Hintergründe zu den Stagefright-Sicherheitslücken erläutert. Über mindestens elf verschiedene Wege lässt sich ein Android-System seinem Vortrag zufolge angreifen. Fortschritte gibt es bei den Android-Updates. (Android, Firefox) --------------------------------------------- http://www.golem.de/news/stagefright-sicherheitsluecke-elf-wege-ein-android… *** APT Group Gets Selective About Data it Steals *** --------------------------------------------- Dell SecureWorks researchers today at Black Hat released a new report on Emissary Panda, or TG-3390, a China-sponsored APT gang that has refined the types of data it covets. --------------------------------------------- http://threatpost.com/apt-group-gets-selective-about-data-it-steals/114103 *** Inside the $100M 'Business Club' Crime Gang *** --------------------------------------------- New research into a notorious Eastern European organized cybercrime gang accused of stealing than $100 million from banks and businesses worldwide provides an unprecedented, behind-the-scenes look at an exclusive "business club" that dabbled in cyber espionage and worked closely with phantom Chinese firms on Russias far eastern border. --------------------------------------------- http://www.krebsonsecurity.com/2015/08/inside-the-100m-business-club-crime-… *** Corporate networks can be compromised via Windows Updates *** --------------------------------------------- Yesterday at Black Hat USA 2015, researchers from UK-based Context Information Security demonstrated how Windows Update can be abused for internal attacks on corporate networks by exploiting insecurely configured enterprise implementations of Windows Server Update Services (WSUS). --------------------------------------------- http://www.net-security.org/secworld.php?id=18725 *** Exploit-Kit Rig: Verbrechen lohnt sich wieder *** --------------------------------------------- Vor einigen Monaten wurde der Quellcode des Exploit-Kits RIG 2.0 veröffentlicht; damit war der Shooting-Star der Crimeware-Szene erstmal aus dem Rennen. Jetzt sind die Entwickler mit einer Version 3.0 zurück - und verdienen besser denn je. --------------------------------------------- http://heise.de/-2772951 *** How Scammers Abuse Our Brains *** --------------------------------------------- Your brain is awesome. We're not just flattering you, it's true. It's also true of the guy sat next to you, the woman across the street, even your kid cousin who still thinks that flicking boogers is the height of hilarity. Each one of us is blessed with a brain that has unparalleled amounts of storage, and ferocious processing power. That said, our minds are still finite. The amount of information we can attend to at a given moment is limited. --------------------------------------------- https://blog.team-cymru.org/2015/08/how-scammers-abuse-our-brains/ *** Bugtraq: Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows *** --------------------------------------------- the just released latest version 5.0.0.5 of LibreOffice.org for Windows distributes (once again) a completely outdated and vulnerable MSVC++ runtime. --------------------------------------------- http://www.securityfocus.com/archive/1/536144 *** Nicholas Weaver on iPhone Security *** --------------------------------------------- Excellent essay: Yes, an iPhone configured with a proper password has enough protection that, turned off, Id be willing to hand mine over to the DGSE, NSA, or Chinese. But many (perhaps most) users dont configure their phones right. Beyond just waiting for the suspect to unlock his phone, most people either use a weak 4-digit passcode ... --------------------------------------------- https://www.schneier.com/blog/archives/2015/08/nicholas_weaver_1.html *** Sigcheck and virustotal-search, (Thu, Aug 6th) *** --------------------------------------------- In my last diary entry I mentioned offline use of Sysinternal tools with my tool virustotal-search. So you want to use sigcheck but you cant connect the machine to the Internet. Then you can use sigchecks option -h to calculate cryptographic hashes of the files it checks, and option -c to produce a CSV output (-ct for CSV with a tab separator). If you want, you can limit sigcheck" /> To extract a unique list of MD5 hashes, you can use this pipe of awk, tail, sed and sort ... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20009&rss *** How Social Engineering Security Awareness Stops 3 Common Scams *** --------------------------------------------- Social engineering, in the context of information security, refers to the use of psychological manipulation to trick people into divulging sensitive information (information gathering) or performing actions (fraud/unauthorized system access). It is a non-technical confidence scam that resembles a very elaborate plan that consists of several stages (See the Typical Phases part). --------------------------------------------- http://resources.infosecinstitute.com/how-social-engineering-security-aware… *** Sick of Flash security holes? HTML5 has its own *** --------------------------------------------- HTML5 has been billed as the natural, standards-based successor to proprietary plug-ins such as Adobes Flash Player for providing rich multimedia services on the Web. But when it comes to security, one of Flashs major weaknesses, HTML5 is no panacea.In fact, HTML5 has security issues of its own. Julien Bellanger, CEO of application security monitoring firm Prevoty, says HTML5 makes security more complex, not simpler. HTML5 security has been a question mark for years, and it has not improved --------------------------------------------- http://www.csoonline.com/article/2960695/application-security/sick-of-flash… *** 'Funtenna' software hack turns a laser printer into a covert radio *** --------------------------------------------- Researcher demonstrates how attacker could exfiltrate data over airwaves. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/RCktE3iPj7M/ *** Black Hat: Sicherheitsforscher klonen verschlüsselte SIM-Karten *** --------------------------------------------- Die Verschlüsselung via AES 256 gilt auch langfristig als sicher. Im Zuge eines Angriffes über Bande wurden nun derartig verschlüsselte SIM-Karten in wenigen Minuten geknackt. --------------------------------------------- http://heise.de/-2773751 *** Bugtraq: [security bulletin] HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information *** --------------------------------------------- VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information. --------------------------------------------- http://www.securityfocus.com/archive/1/536142 *** FreeBSD patch(1) Lets Remote Users Execute Arbitrary Commands on the Target System *** --------------------------------------------- A vulnerability was reported in FreeBSD patch(1). A remote user can cause arbitrary commands to be executed on the target system. The patch(1) utility does not properly sanitize the input patch stream. A remote user can create a specially crafted patch file that, when processed by the target user via patch(1), will run ed(1) commands (in addition to running valid version control system commands) with the privileges of the target user. --------------------------------------------- http://www.securitytracker.com/id/1033188 *** FreeBSD routed(8) RIP Query Processing Flaw Lets Remote Users Cause the Target Service to Crash *** --------------------------------------------- A remote user on a network that is not directly connected to the target system's network can send a specially crafted routing information protocol (RIP) query to trigger a flaw in the target routed(8) daemon and cause the daemon to crash. As a result, the target system's routing table will no longer be updated. Systems with the routed(8) daemon enabled are affected. --------------------------------------------- http://www.securitytracker.com/id/1033185 *** Security Notice - Statement on the UAP2015 Vulnerability Mentioned at the BlackHat USA Conference *** --------------------------------------------- The investigation is still ongoing. Huawei PSIRT will keep updating the SN and will give the related views as soon as possible. Please stay tuned. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices…

1 0

Tageszusammenfassung - Mittwoch 5-08-2015
by Daily end-of-shift report 05 Aug '15

05 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 04-08-2015 18:00 − Mittwoch 05-08-2015 18:00 Handler: n/a Co-Handler: n/a *** Nuclear EK traffic patterns in August 2015, (Wed, Aug 5th) *** --------------------------------------------- Introduction About two weeks ago, Nuclear exploit kit (EK)changed its URL patterns. Now it looks a bit likeAngler EK. Kafeine originally announced the change on 2015-07-21 [1], and we collected examples the next day. Heres how Nuclear EK looked on" /> Here" /> Now that were into August 2015,URL patterns for Nuclear EK have altered again. These changes are similar to weve seen withAngler EK since June 2015 [3]. Theyre not the same URL patternsas Angler, but the changes are... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20001&rss *** Wait, what? TrueCrypt decrypted by FBI to nail doc-stealing sysadmin *** --------------------------------------------- Do the Feds know something we dont about crypto-tool? Or did bloke squeal his password? Discontinued on-the-fly disk encryption utility TrueCrypt was unable to keep out the FBI in the case of a US government techie who stole copies of classified military documents. How the Feds broke into the IT bods encrypted TrueCrypt partition isnt clear. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/truecrypt_d… *** WordPress-Update schließt sechs Sicherheitslücken *** --------------------------------------------- Die Version 4.2.4 des Content-Management-Systems behebt unter anderem eine SQL-Injection-Lücke, durch die Angreifer die Installation übernehmen können. --------------------------------------------- http://heise.de/-2771541 *** Man-In-The-Cloud Owns Your DropBox, Google Drive -- Sans Malware *** --------------------------------------------- Using no malware or stolen passwords, new attack can compromise your cloud synch services and make your good files malicious. --------------------------------------------- http://www.darkreading.com/cloud/man-in-the-cloud-owns-your-dropbox-google-… *** Email Security Awareness: How To Get Quick Results *** --------------------------------------------- Phishing and Spear phishing attacks on the rise Phishing and spear phishing attacks are the most effective attack vectors. Despite the high level of awareness of the cyber threats, bad actors still consider email their privileged attack vector. According to the security experts at Trend Micro firm, spear phishing is the attack method used in... --------------------------------------------- http://resources.infosecinstitute.com/email-security-awareness-how-to-get-q… *** Finding Vulnerabilities in Core WordPress: A Bug Hunter's Trilogy, Part I *** --------------------------------------------- In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts - describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only "Subscriber" user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web... --------------------------------------------- http://blog.checkpoint.com/2015/08/04/wordpress-vulnerabilities-1/ *** Android-Schwachstelle: Telekom schaltet wegen Stagefright-Exploits direktes MMS ab *** --------------------------------------------- MMS-Nutzer müssen wegen einer Android-Schwachstelle auf die direkte Zustellung verzichten. Die Telekom will so ihre Kunden schützen. --------------------------------------------- http://www.golem.de/news/android-schwachstelle-telekom-schaltet-wegen-stage… *** MVEL as an attack vector *** --------------------------------------------- Java-based expression languages provide significant flexibility when using middleware products such as Business Rules Management System (BRMS). This flexibility comes at a price as there are significant security concerns in their use. In this article MVEL is used in JBoss... --------------------------------------------- https://securityblog.redhat.com/2015/08/05/mvel-as-an-attack-vector/ *** Root-Exploit: Apple bereitet offenbar Patch mit MacOS 10.10.5 vor *** --------------------------------------------- Der Mac-Hersteller setzt einem Bericht zufolge zunächst auf verschiedene Maßnahmen, um die Ausnutzung einer Rechteausweitungslücke zur Malware-Installation zu erschweren. Das ausstehende Update auf OS X 10.10.5 soll die Schwachstelle dann beseitigen. --------------------------------------------- http://heise.de/-2772715 *** Bugtraq: [SECURITY] [DSA 3328-2] wordpress regression update *** --------------------------------------------- http://www.securityfocus.com/archive/1/536135 *** Apple OS X DYLD_PRINT_TO_FILE Environment Variable Validation Flaw Lets Local Users Obtain Root Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1033177 *** [2015-08-05] Websense Content Gateway stack buffer overflow in handle_debug_network *** --------------------------------------------- A stack-based buffer overflow was identified in the Websense Content Manager administrative interface, which allows execution of arbitrary code. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2015… *** Security Advisory - CF Card Information Leak Vulnerability on Multiple Huawei Products *** --------------------------------------------- The CF cards on some Huawei switches contain some sensitive information in plaintext. Once an attacker gets such a CF card, it may result in the leak of sensitive information (HWPSIRT-2015-07048). --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Security_Advisory-Two Security Vulnerabilities in the ME906 Wireless Module *** --------------------------------------------- The upgrade package of the ME906 wireless module contains the hash values of the root account and password. An attacker can obtain the password of the root account through reverse cracking, connect to the serial port of the wireless module, and enter the root account and password to log in to the operating system of the module. (HWPSIRT-2015-02009) | This module implements upgrade check using CRC16, which is insecure. Much study is done for reversely cracking this algorithm. (HWPSIRT-2015-06032) --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…

1 0

Tageszusammenfassung - Dienstag 4-08-2015
by Daily end-of-shift report 04 Aug '15

04 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 03-08-2015 18:00 − Dienstag 04-08-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Thunderstrike 2: Mac-Firmware-Wurm soll sich über Thunderbolt-Adapter verbreiten *** --------------------------------------------- Weitere EFI-Schwachstellen ermöglichen nach Angabe von Sicherheitsforschern die Modifikation der Firmware mobiler Macs. Ein Angreifer könne dadurch einen Schädling einschleusen, der sich über Thunderbolt-Adapter und Peripherie fortpflanzt. --------------------------------------------- http://heise.de/-2767994 *** DYLD_PRINT_TO_FILE exploit found in the wild *** --------------------------------------------- Last month, Stefan Esser blogged about a zero-day vulnerability in OS X, without having informed Apple about the problem first. Unfortunately, today has brought the discovery of the first known exploit. (Read more...) --------------------------------------------- https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-… *** Hackers use cartons with sticks, may be foiled by watermelons *** --------------------------------------------- Translation from Russian hack-slang: Credit card, PayPal and secure server Gaining an invite to the best of the nearly 60 websites powering the cybercrime underground is only half the fight for researchers; they also need to know that credit cards are called cartons, PayPal a stick, and bulletproof servers watermelons. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/russian_cyb… *** Android-Schwachstelle: Stagefright-Exploits wohl bald aktiv *** --------------------------------------------- Erste Nachweise, dass die wohl gravierende Sicherheitslücke in Android ausnutzbar ist, sind bereits im Umlauf. Patches gibt es bereits für Android und Cynanogenmod. Bis die Hersteller sie bereitstellen, könnte Stagefright aber millionenfach missbraucht worden sein. --------------------------------------------- http://www.golem.de/news/android-schwachstelle-stagefright-exploits-wohl-ba… *** Android MediaServer Bug Traps Phones in Endless Reboots *** --------------------------------------------- We have discovered a new vulnerability that allows attackers to perform denial of service (DoS) attacks on Android's mediaserver program. This causes a device's system to reboot and drain all its battery life. In more a severe case, where a related malicious app is set to auto-start, the device can be trapped in an endless reboot... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/w1VZWbnfA4c/ *** Your Password is Too Damn Short *** --------------------------------------------- Im a little tired of writing about passwords. But like taxes, email, and pinkeye, theyre not going away any time soon. Heres what I know to be true, and backed up by plenty of empirical data: --------------------------------------------- http://blog.codinghorror.com/your-password-is-too-damn-short/ *** Yahoo! ads! caught! spreading! CryptoWall! ransomware! AGAIN! *** --------------------------------------------- Unpatched Flash holes exploited to inject file-scrambling nasty Yahoo!s ad network is still being used to spread ransomware to Windows PCs a year after the last big outbreak. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/yahoo_malwa… *** Open source tool for deploying SSL public key pinning in iOS, OS X apps *** --------------------------------------------- At Black Hat USA 2015, Data Theorem and Yahoo! will be unveiling TrustKi, a new, open source security toolkit that helps developers easily include complex mobile security functionality, known as SSL p... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/jxmlYG4OZVA/secworld.php *** Cybersecurity Policy and Threat Assessment for the Energy Sector *** --------------------------------------------- INTRODUCTION: A wake-up call An HP Enterprise Security's 2014 Global Report on the Cost of Cyber Crime by the Ponemon Institute reveals some astounding aspects of the cyber-attacks on the energy utilities. First, these assets suffered the highest average annual losses from cybercrimes ($13, 2 million), closely followed by the losses caused by computer attacks... --------------------------------------------- http://resources.infosecinstitute.com/cybersecurity-policy-and-threat-asses… *** Symantec Endpoint Protection: Gefährlicher Sicherheitslücken-Cocktail *** --------------------------------------------- Über verschiedene Schwachstellen in Symantecs End Point Protection 12.1 können sich Angreifer in Netzwerke schleichen, beliebigen Code und Befehle ausführen und anschließend ganze Systemverbunde kapern. --------------------------------------------- http://heise.de/-2768461 *** MatrixSSL Tiny: A TLS software implementation for IoT devices *** --------------------------------------------- INSIDE Secure announced the availability of MatrixSSL Tiny, the world's smallest Transport Layer Security (TLS) software implementation, to allow companies to affordably secure IoT devices with string... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/mnlQoZJr0zU/secworld.php *** Bugtraq: Mozilla extensions: a security nightmare *** --------------------------------------------- http://www.securityfocus.com/archive/1/536133 *** WordPress 4.2.4 Security and Maintenance Release *** --------------------------------------------- August 4, 2015 | WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise... --------------------------------------------- https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance… *** Security Advisory: Apache vulnerability CVE-2012-0053 *** --------------------------------------------- (SOL15273) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/200/sol15273.htm… *** DSA-3327 squid3 - security update *** --------------------------------------------- Alex Rousskov of The Measurement Factory discovered that Squid3, a fullyfeatured web proxy cache, does not correctly handle CONNECT method peerresponses when configured with cache_peer and operating on explicitproxy traffic. This could allow remote clients to gain unrestrictedaccess through a gateway proxy to its backend proxy. --------------------------------------------- https://www.debian.org/security/2015/dsa-3327 *** SSA-504631 (Last Update 2015-08-04): Incorrect Certificate Validation in COMPAS Mobile App *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affected IBM Workflow for Bluemix July 2015 *** http://www.ibm.com/support/docview.wss?uid=swg21963428 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791) *** http://www.ibm.com/support/docview.wss?uid=swg21960633 *** IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities *** http://www.ibm.com/support/docview.wss?uid=swg21962726 *** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Rational ClearQuest(CVE-2015-4000) *** http://www.ibm.com/support/docview.wss?uid=swg21962816 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2015-0488, CVE-2015-0478, CVE-2015-1916) *** http://www.ibm.com/support/docview.wss?uid=swg21902824 *** IBM Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM MobileFirst Platform Foundation and IBM Worklight *** http://www.ibm.com/support/docview.wss?uid=swg21961179

1 0

Tageszusammenfassung - Montag 3-08-2015
by Daily end-of-shift report 03 Aug '15

03 Aug '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 31-07-2015 18:00 − Montag 03-08-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** One font vulnerability to rule them all #1: Introducing the BLEND vulnerability *** --------------------------------------------- Posted by Mateusz Jurczyk of Google Project ZeroLast month, I presented parts of my PostScript font security research at the REcon security conference in Montreal, in a talk titled "One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced exploitation". This talk discussed the exploitation process of a vulnerability found in the implementation of a BLEND Charstring instruction, discovered in a user-mode Adobe Reader's CoolType... --------------------------------------------- http://googleprojectzero.blogspot.com/2015/07/one-font-vulnerability-to-rul… *** Schwachstellen: Fernzugriff öffnet Autotüren *** --------------------------------------------- Einem Hacker ist es gelungen, sich in die Software Onstar Remotelink des US-Autoherstellers General Motors einzuklinken. Damit lässt sich das Fahrzeug entriegeln und sogar starten. Wegfahren konnte er mit dem gehackten Fahrzeug aber nicht. --------------------------------------------- http://www.golem.de/news/schwachstellen-fernzugriff-oeffnet-autotueren-1508… *** Angriff auf Dell-Firmware nach Tiefschlaf *** --------------------------------------------- Nach dem Aufwachen aus dem Standby vergisst die Firmware einiger Dell-Rechner, sich selbst vor Schreibzugriffen zu schützen. So könnten Angreifer Schadcode in die Firmware schleusen. --------------------------------------------- http://heise.de/-2766940 *** Sicherheitslücken im Android-Multimedia-System eskalieren *** --------------------------------------------- Die Schwachstellen im Multimedia-System sind gefährlicher als zuerst vermutet: Mit manipulierten MP4-Videos könnten Angreifer Kontrolle übers Smartphone erlangen. --------------------------------------------- http://heise.de/-2766925 *** Your Security Policy Is So Lame, (Sun, Aug 2nd) *** --------------------------------------------- Every person should avoid lame security policies because of the lack of clarity they leave behind. Often times we find ourselves forced into creating security policies due to compliance requirements. Is there a way to lean into this requirement and get value beyond the checkbox? I certainly think so and would like to share some ideas on how you can do this as well. ">I personally avoided being the policy guy">">The following are several tips and tricks you can use to --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19991&rss *** Microsoft Windows 10 spies on you by default *** --------------------------------------------- While Microsoft is offering for free it new Windows 10 OS, security experts argue that the cost for user privacy is much higher. Microsoft Windows 10 is the new operating system of the IT giant, the newborn already reached more than 14 million downloads in just two days. The experts who have already analyzed Windows 10... --------------------------------------------- http://securityaffairs.co/wordpress/39042/digital-id/windows-10-privacy.html *** BIND9 - Denial of Service Exploit in the Wild *** --------------------------------------------- BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and is used by most DNS providers. A week ago, the Internet Systems Consortium (ISC) team released a patch for a serious denial of service vulnerability (CVE-2015-5477) that allows a remote... --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/RmxRTNcW95o/bind9-denial-of-s… *** Chrome extensions crocked with simple attack *** --------------------------------------------- Security-enhancer HTTPS Everywhere switched off with this one weird trick Detectify researcher Mathias Karlsson says attackers can remove Google Chrome extensions, including the popular HTTPS Everywhere extension, if users do nothing else but visit a web page. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/08/03/detectify_d… *** Hijacking Satellite Communications with a $1,000 Device *** --------------------------------------------- A security researcher demonstrated how to hack a satellite tracking technology with a $1,000 device made of off the shelf components. Colby Moore, a security expert from security firm Synack, will present in a talk at the next Black Hat Conference how to hack satellite tracking technology by using a $1,000 device made of off... --------------------------------------------- http://securityaffairs.co/wordpress/39051/digital-id/hijacking-satellite-co… *** Researchers Create First Firmware Worm That Attacks Macs *** --------------------------------------------- The common wisdom is that Apple computers are more secure than PCs. It turns out this isnt true. --------------------------------------------- http://www.wired.com/2015/08/researchers-create-first-firmware-worm-attacks… *** Anonymisierung: Weiterer Angriff auf das Tor-Netzwerk beschrieben *** --------------------------------------------- Forscher haben eine weitere Möglichkeit entdeckt, Benutzerzugriffe auf Tors Hidden Services zu entlarven. Ihr Angriff benötige aber eine gehörige Portion Glück, schreiben sie. Auch die Tor-Betreiber wiegeln ab. --------------------------------------------- http://www.golem.de/news/anonymisierung-weiterer-angriff-auf-das-tor-netzwe… *** Your SSH Server On Port 8080 Is No Longer "Hidden" Or "Safe", (Mon, Aug 3rd) *** --------------------------------------------- I am seeing some scanning for SSH servers on port 8080 in web server logs for web servers that listen on this port. So far, I dont see any scans like this for web servers listening on port 80. In web server logs, the scan is reflected as an Invalid Method (error 501) as the web server only sees the banner provided by the SSHclient, and of course can not respond. For example: 222.186.21.180 - - [03/Aug/2015:08:31:55 +0000] SSH-2.0-libssh2_1.4.3 501 303 - - This IP address in this example is for... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19995&rss *** Designing the Perfect Security Awareness Newsletter *** --------------------------------------------- Even in smaller organizations, a regular security awareness newsletter can support effective, participative security. While your organization's editorial rules could be a creative break on a really great newsletter, the following tips can help you build up an effective one that will be welcomed by associates and be an asset to the organization's security. Do... --------------------------------------------- http://resources.infosecinstitute.com/designing-the-perfect-security-awaren… *** Windows 10 Upgrade Spam Carries CTB-Locker Ransomware *** --------------------------------------------- Spam messages spoofing Microsoft and promising a free Windows 10 upgrade instead drop the CTB-Locker crypto-ransomware on compromised machines. --------------------------------------------- http://threatpost.com/windows-10-upgrade-spam-carries-ctb-locker-ransomware… *** Google Android Buffer Overflows in DHCP Let Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1033124 *** D-Link DCS-2103 1.20 CSRF / Cross Site Scripting *** --------------------------------------------- Topic: D-Link DCS-2103 1.20 CSRF / Cross Site Scripting Risk: Medium Text:Hello list! There are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in D-Link DCS-2103 (IP camera). ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015080016 *** VU#360431: Chiyu Technology fingerprint access control contains multiple vulnerabilities *** --------------------------------------------- Vulnerability Note VU#360431 Chiyu Technology fingerprint access control contains multiple vulnerabilities Original Release date: 31 Jul 2015 | Last revised: 31 Jul 2015 Overview Multiple models of Chiyu Technology fingerprint access control devices contain a cross-site scripting (XSS) vulnerability and an authentication bypass vulnerability. Description CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - CVE-2015-2870According to the reporter, tags are... --------------------------------------------- http://www.kb.cert.org/vuls/id/360431 *** Juniper Pulse Secure TCP Hardware Acceleration Flaw Lets Remote Users Access Data on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1033166 *** FortiSandbox WebUI Multiple XSS vulnerabilities *** --------------------------------------------- Topic: FortiSandbox WebUI Multiple XSS vulnerabilities Risk: Low Text:[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/a... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015080004 *** DSA-3322 ruby-rack - security update *** --------------------------------------------- Tomek Rabczak from the NCC Group discovered a flaw in thenormalize_params() method in Rack, a modular Ruby webserver interface.A remote attacker can use this flaw via specially crafted requests tocause a `SystemStackError` and potentially cause a denial of servicecondition for the service. --------------------------------------------- https://www.debian.org/security/2015/dsa-3322 *** DSA-3326 ghostscript - security update *** --------------------------------------------- William Robinet and Stefan Cornelius discovered an integer overflow inGhostscript, the GPL PostScript/PDF interpreter, which may result indenial of service or potentially execution of arbitrary code if aspecially crafted file is opened. --------------------------------------------- https://www.debian.org/security/2015/dsa-3326 *** DSA-3325 apache2 - security update *** --------------------------------------------- Several vulnerabilities have been found in the Apache HTTPD server. --------------------------------------------- https://www.debian.org/security/2015/dsa-3325 *** DSA-3323 icu - security update *** --------------------------------------------- Several vulnerabilities were discovered in the International Componentsfor Unicode (ICU) library. --------------------------------------------- https://www.debian.org/security/2015/dsa-3323 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) - IBM Java SDK updates July 2015 *** http://www.ibm.com/support/docview.wss?uid=swg21963354 *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Intrusion Prevention System *** http://www.ibm.com/support/docview.wss?uid=swg21962039 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web *** http://www.ibm.com/support/docview.wss?uid=swg21963096 *** IBM Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects IBM Security Network Intrusion Prevention System (CVE-2015-4000) *** http://www.ibm.com/support/docview.wss?uid=swg21962045 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack (CVE-2015-0486 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-2808 *** http://www.ibm.com/support/docview.wss?uid=isg3T1022548 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry (CVE-2015-0486 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-2808 *** http://www.ibm.com/support/docview.wss?uid=isg3T1022550 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business *** http://www.ibm.com/support/docview.wss?uid=swg21963126 *** IBM Security Bulletin: Multiple vulnerabilities in the unzip utility affect IBM Security Access Manager for Web *** http://www.ibm.com/support/docview.wss?uid=swg21963094 *** IBM Security Bulletin: Vulnerabilities in unzip affect IBM Security Network Intrusion Prevention System (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, and CVE-2014-9636 ) *** http://www.ibm.com/support/docview.wss?uid=swg21962038

1 0

Tageszusammenfassung - Freitag 31-07-2015
by Daily end-of-shift report 31 Jul '15

31 Jul '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 30-07-2015 18:00 − Freitag 31-07-2015 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Derelict TrueCrypt Russia portal is command hub for Ukraine spying op *** --------------------------------------------- Backdoored code slung at officials, journos etc Malware used to attack Ukrainian government, military, and major news agencies in the country, was distributed from the Russian portal of encryption utility TrueCrypt, new research has revealed. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/07/30/truecrypt_r… *** Username Enumeration against OpenSSH-SELinux with CVE-2015-3238 *** --------------------------------------------- I recently disclosed a low-risk vulnerability in Linux-PAM < 1.2.1 , which allows attackers to conduct username enumeration and denial of service attacks. Below I will provide more technical details about this vulnerability. The Past Time-based username enumeration is an... --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-ag… *** Flash Threats: Not Just In The Browser *** --------------------------------------------- July has been a fairly poor month for Adobe Flash Player security, to say the least. Three separate zero-day vulnerabilities (all courtesy of the Hacking Team dump) have left many people concerned about Flash security, with many (including this blog) calling for it to go away. Some sort of reaction from Adobe to improve Flash... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6YRcRVFMKYg/ *** Bundestags-Hack: Reparatur des Bundestagsnetzes soll vier Tage dauern *** --------------------------------------------- Das Netzwerk des Bundetages soll zwischen dem 13. und 17. August 2015 neu aufgesetzt werden. In dieser Zeit wird es komplett abgeschaltet. Auch E-Mails können dann nicht mehr empfangen oder versendet werden. --------------------------------------------- http://www.golem.de/news/bundestags-hack-reparatur-des-bundestagsnetzes-sol… *** Compromised site serves Nuclear exploit kit together with fake BSOD *** --------------------------------------------- Support scammers not lying about a malware infection for a change.During our work on the development of the VBWeb tests, which will be started soon, we came across an interesting case of an infected website that served not only the Nuclear exploit kit, but also a fake blue screen of death (BSOD) that attempted to trick the user into falling for a support scam.When a (legitimate) website includes (legitimate) advertisements, these ads themselves are rarely included in the HTML code. Rather, the... --------------------------------------------- http://www.virusbtn.com/blog/2015/07_31.xml?rss *** MMS Not the Only Attack Vector for "Stagefright" *** --------------------------------------------- Earlier this week Zimperium zLabs revealed an Android vulnerability which could be used to install malware on a device via a simple multimedia message. This vulnerability, now known as Stagefright, has gained a lot of attention for the potential attacks it can cause. Stagefright makes it possible, for example, for an attacker to install a spyware app... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fiKsjboNusw/ *** Real World Ramifications of Cyber Attacks *** --------------------------------------------- Warning: the following blog contains gratuitous use of sarcasm and hyperbole from the start. Reader discretion is advised. And so, ladies and gentlemen, it has finally happened. The Internet-of-Things has risen up, Skynet style, and we are doomed. This much prophesied event finally came to pass with reports of hackers disabling cars from miles away, and altering rifle trajectories. At last, it seems, the crossover has been made from the digital world to the physical one; the end is nigh. Then... --------------------------------------------- https://blog.team-cymru.org/2015/07/real-world-ramifications-of-cyber-attac… *** Symantec Endpoint Protection Multiple Issues *** --------------------------------------------- Revisions None Severity CVSS2 Base Score ... --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Cisco Security Advisories *** --------------------------------------------- *** Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Prime Central Hosted Collaboration Solution Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=40214 *** Cisco IM and Presence Service Reflected Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=40217 *** Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=40175 *** Cisco Unified Communications Manager Prime Collaboration Deployment Information Disclosure Vulnerability *** http://tools.cisco.com/security/center/viewAlert.x?alertId=40223 *** Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Password Storage Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a password storage vulnerability in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01 *** ZDI-15-372: IBM Tivoli Storage Manager FastBack Server Opcode 4755 Stack Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/lONzWRepYUI/ *** ZDI-15-373: IBM Tivoli Storage Manager FastBack Server Opcode 1365 Files Restore Agents Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Np2gm5rVOXQ/ *** ZDI-15-374: IBM Tivoli Storage Manager FastBack Server Opcode 1365 Volumes Restore Agents Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/zJI4EVNVvMM/ *** ZDI-15-375: IBM Tivoli Storage Manager FastBack Server Opcode 4115 Stack Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/x0uVs7pbpJo/ *** ZDI-15-376: IBM Tivoli Storage Manager FastBack Server Opcode 8192 Stack Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/L9RNtcsUYnU/ *** More IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us

1 0

Tageszusammenfassung - Donnerstag 30-07-2015
by Daily end-of-shift report 30 Jul '15

30 Jul '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 29-07-2015 18:00 − Donnerstag 30-07-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Der Stagefright Bug *** --------------------------------------------- Bald ist die Blackhat Konferenz in Vegas und der Schwachstellen-Zirkus rundherum ist im vollen Gange. Aktuell sind eine Reihe von Verwundbarkeiten in der Stagefright Library von Android groß im Gespräch. Was steckt da .. --------------------------------------------- http://www.cert.at/services/blog/20150730175038-1560.html *** Anatomy of a Scamware Network - MultiPlug *** --------------------------------------------- While examining our cloud sandbox data recently, we uncovered a large MultiPlug network that caught our attention due to its use pattern of code signing certificates and the breadth of its hosting infrastructure. Overview of the Scamware .. --------------------------------------------- http://research.zscaler.com/2015/07/anatomy-of-scamware-network-multiplug.h… *** Tsar Team Microsoft Office Zero Day CVE-2015-2424 *** --------------------------------------------- After the publication of Flash and IE zero days following the Hacking Team leak, researchers have discovered the use of another zero-day vulnerability by the Tsar Team sometimes .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Tsar-Team-Microsoft-Off… *** Telefonanlage gehackt – 14.000 Euro Schaden für Firma in Oberwart *** --------------------------------------------- Der Fall einer Firma, deren Telefonanlage von Unbekannten gehackt worden ist, beschäftigt Kriminalisten in Oberwart: Dem Unternehmer flatterten Rechnungen über insgesamt 14.000 Euro ins Haus. Wie der Schaden entstehen konnte, sei noch Gegenstand von Ermittlungen, teilte die Landespolizeidirektion Burgenland mit. --------------------------------------------- http://derstandard.at/2000019966507 *** Android: Video-Attacke kann Geräte unbenutzbar machen *** --------------------------------------------- Die Sicherheit von Googles mobilem Betriebssystem Android kommt einmal mehr unter Beschuss: Nur wenige Tage nachdem Zimperium vor mehreren Lücken im Media Framework Stagefright gewarnt hat, meldet sich nun auch Trend Micro zu Wort. In einem Blog-Eintrag warnt der Sicherheitsdienstleister vor zwei weiteren Fehlern in Stagefright, durch die ein Android-Gerät vorübergehend keinen Laut mehr von sich gibt. Auch reagiert ein solcherart angegriffenes Geräte kaum bis gar nicht mehr. --------------------------------------------- http://derstandard.at/2000019966485 *** Windows 10 speichert Festplattenverschlüsselungs-Keys in der Cloud *** --------------------------------------------- Mit Windows 10 steht seit kurzem die neueste Betriebssystemgeneration von Microsoft zur Verfügung. Die ersten Tests kommen zu überwiegende positiven Urteilen, und doch steht der Softwarehersteller nun einmal mehr in der Kritik – und zwar von Sicherheitsexperten. --------------------------------------------- http://derstandard.at/2000019972950 *** Throwback Thursday: Riotous Assembly *** --------------------------------------------- This Throwback Thursday, we turn the clock back to January 1994, shortly after Cyber Riot had emerged as the first virus capable of infecting the Windows kernel.Today, malware that affects the Windows kernel is ubiquitous - the .. --------------------------------------------- http://www.virusbtn.com/blog/2015/07_30.xml *** Beginners Guide to "Use after free Exploits #IE 6 0-day #Exploit Development" *** --------------------------------------------- Last week a friend asked few queries regarding use after free vulnerabilities, . Its been a while I wrote a tutorial so taught of cooking a beginners guide this week end. I wanted a live target for the tutorial so my plans were to .. --------------------------------------------- http://garage4hackers.com/content.php?r=143-Beginners-Guide-to-Use-after-fr… *** Admin-Oberfläche Froxlor verrät Datenbank-Passwörter *** --------------------------------------------- Das Server-Management-Panel Froxlor ist verwundbar und Angreifer können unter Umständen das Datenbank-Passwort aus der Ferne auslesen. Eine gefixte Version ist aber noch nicht für alle Linux-Distributionen verfügbar. --------------------------------------------- http://heise.de/-2765508 *** OpenBSD patch Lets Remote Users Execute Arbitrary Commands on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1033126 *** CVE-2015-0097 Exploited in the Wild *** --------------------------------------------- In March 2015, Microsoft patched a remote code execution (RCE) vulnerability (CVE-2015-0097) in Microsoft Office. In July 2015, Eduardo Prado released a Proof of Concept (PoC) exploit for this vulnerability here. It did not take long for attackers to repackage this PoC and use it in attacks .. --------------------------------------------- https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-0097_exploi.h… *** l+f: Smarter Safe lässt sich clever ausrauben *** --------------------------------------------- Präparierten USB-Stick anstecken, 60 Sekunden warten und schon öffnen sich die Tresor-Türen: Mehr als 10.000 in den USA installierte vermeintlich smarte Tresore sollen sich so knacken lassen. Die Spuren lassen sich dabei restlos verwischen. --------------------------------------------- http://heise.de/-2765663 *** Why is Passive Mixed Content so serious? *** --------------------------------------------- One of the most important tools in web security is Transport Layer Security (TLS). It not only protects sensitive information during transit, but also verifies that .. --------------------------------------------- https://blog.whitehatsec.com/why-is-passive-mixed-content-so-serious/

1 0

Tageszusammenfassung - Mittwoch 29-07-2015
by Daily end-of-shift report 29 Jul '15

29 Jul '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 28-07-2015 18:00 − Mittwoch 29-07-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** New RC4 Attack *** --------------------------------------------- New research: "All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS," by Mathy Vanhoef and Frank Piessens: Abstract: We present new biases in RC4, break the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP), and design a practical .. --------------------------------------------- https://www.schneier.com/blog/archives/2015/07/new_rc4_attack_1.html *** Cisco UCS Central Software File Access Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40151 *** Cisco AnyConnect Secure Mobility Client Local Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40176 *** SweetCAPTCHA Returns Hijacking Another Plugin *** --------------------------------------------- Yesterday we observed a strange short return of the SweetCaptcha plugin to WordPress.org repository. In June we reported that SweetCaptcha injected third-party ad code to their scripts which lead to malvertising problems on the .. --------------------------------------------- https://blog.sucuri.net/2015/07/sweetcaptcha-returns-hijacking-another-plug… *** CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure *** --------------------------------------------- An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit. --------------------------------------------- https://kb.isc.org/article/AA-01272 *** Trend Micro Discovers Vulnerability That Renders Android Devices Silent *** --------------------------------------------- We have discovered a vulnerability in Android that can render a phone apparently dead - silent, unable to make calls, with a lifeless screen. This vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-disc… *** Hackers Can Disable a Sniper Rifle - Or Change Its Target *** --------------------------------------------- If a hacker attacks your TrackingPoint smart gun over its Wi-Fi connection, you may find the weapon is aiming at a different target than you think. --------------------------------------------- http://www.wired.com/2015/07/hackers-can-disable-sniper-rifleor-change-targ… *** Eigene Keys zum Verschlüsseln der Google Cloud Platform *** --------------------------------------------- Nutzer der Google Cloud Platform können ihre Umgebung nun mit eigenen Keys verschlüsseln. So sollen weder Betreiber noch Externe Zugriff auf die Daten erhalten. --------------------------------------------- http://heise.de/-2764751 *** Phishing: Betrüger zocken Nutzer mit "WhatsApp Gold" ab *** --------------------------------------------- Fake-Angebot lockt mit "besserer Audioqualität" und größeren Gruppen – bringt aber nur Werbung --------------------------------------------- http://derstandard.at/2000019919056 *** A third of workers admit theyd leak sensitive biz data for peanuts *** --------------------------------------------- And three per cent of employees would consider offers as low as 100 pound. A third of employees would sell information on company patents, financial records and customer credit card details .. --------------------------------------------- www.theregister.co.uk/2015/07/29/third_workers_would_leak_data_cash/ *** Die Git-Stolperfalle: Viele Webseiten geben sensible Daten preis *** --------------------------------------------- Wenn Web-Admins beim Hochladen von Projekten nicht aufpassen, stellen sie unter Umständen ohne es mitzubekommen Passwort-Datenbanken und weitere schützenswerte Daten zum Abruf für jedermann bereit. --------------------------------------------- http://heise.de/-2764756 *** Remote code execution via serialized data *** --------------------------------------------- Most programming languages contain powerful features, that used correctly are incredibly powerful, but used incorrectly can be incredibly dangerous. Serialization (and deserialization) is one such feature available in most modern programming .. --------------------------------------------- https://securityblog.redhat.com/2015/07/29/remote-code-execution-via-serial… *** Analyzing VUPEN's CVE-2012-1856 *** --------------------------------------------- Quite some time ago (more than a year before the HackingTeam leaks) I came across a number of interesting exploit samples that make use of CVE-2012-1856. With the recent HackingTeam leaks a .. --------------------------------------------- http://blog.ropchain.com/2015/07/27/analyzing-vupens-cve-2012-1856/ *** Sicherheitsupdate von Chrysler gefährlicher als Hack *** --------------------------------------------- Zum Schließen einer Sicherheitslücke, die eine Fernsteuerung des Autos ermöglichen könnte, bot Chrysler den Download von ".exe"- und ".zip"-Dateien für die Autoelektronik an. --------------------------------------------- http://fm4.orf.at/stories/1761148/ *** Windows 10 Shares Your Wi-Fi With Contacts *** --------------------------------------------- Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giants latest operating system -- Windows 10. But theres a very important security caveat that users should know about before transitioning to the .. --------------------------------------------- http://krebsonsecurity.com/2015/07/windows-10-shares-your-wi-fi-with-contac…

1 0

Tageszusammenfassung - Dienstag 28-07-2015
by Daily end-of-shift report 28 Jul '15

28 Jul '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 27-07-2015 18:00 − Dienstag 28-07-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco Firepower 9000 Series Unauthenticated Web Page Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40136 *** Cisco Email Security Appliance AsyncOS Cross-Site Scripting Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40172 *** Angler Exploit Kit Used to Find and Infect PoS Systems *** --------------------------------------------- An attack aiming to infect PoS systems was found using the Angler Exploit Kit to push a PoS reconnaissance Trojan,This Trojan, detected as TROJ_RECOLOAD.A, checks for multiple conditions in the infected system like if it is a PoS machine or part of a PoS .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/angler-exploit-k… *** PHP File Manager hat gravierende Sicherheitslücken *** --------------------------------------------- Seit Jahren ungepatchte Schwachstellen im PHP File Manager gefährden zahlreiche Server, darunter auch von großen Unternehmen. Der Hersteller reagiert nicht auf Anfragen --------------------------------------------- http://www.golem.de/news/security-php-file-manager-hat-gravierende-sicherhe… *** 2. Konferenz zur Cyber Security Challenge: Das Programm steht *** --------------------------------------------- Die Gefahren und andererseits die Möglichkeiten zum Schutz und der Prävention vor Cyberangriffen sind das zentrale Thema der 2. Konferenz zur Cyber Security Challenge Germany Mitte September in Berlin. --------------------------------------------- http://heise.de/-2761878 *** [2015-07-28] McAfee Application Control multiple vulnerabilities *** --------------------------------------------- McAfee Application Control contains multiple vulnerabilities which can be used by an attacker to bypass the provided application whitelisting protection and attack availability of the system. Moreover, the identified vulnerabilities negatively affect the security of the underlying operating system. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2015… *** IMI 2015 - IT meets Industry 29.-30. September 2015 *** --------------------------------------------- Interconnecting IT and Automation offers great opportunities for the operation of industrial production sites. However, this may carry along some complex risks. With the title “IT meets Industry” IMI 2015 brings together the ICS- and IT-Community. The goal: make the most of opportunities – and minimise risks. --------------------------------------------- https://it-meets-industry.de/ *** Honeynet-Projekt analysiert Gefahren für Industrie 4.0 *** --------------------------------------------- Acht Monate lang beobachteten Experten des TÜV SÜD, welche Angriffe von wo aus auf ihr simuliertes Wasserwerk erfolgten. Ihre Erkenntnisse sollten arglose Unternehmen spätestens jetzt wachrütteln. --------------------------------------------- http://heise.de/-2763978 *** Aaron Zauner presented preliminary results on TLS usage in email *** --------------------------------------------- Aaron Zauner presented our preliminary results on the usage of TLS in the email ecosystem at the IETF meeting last week. As part of our project TLSiP we are actively scanning the Internet (/0) for TLS configurations as well as its problems with it. As .. --------------------------------------------- https://www.sba-research.org/2015/07/28/aaron-zauner-presented-preliminary-… *** The Russian Underground - Revamped *** --------------------------------------------- When big breaches happen and hundreds of millions of credit card numbers and SSNs get stolen, they resurface in other places. The underground now offers a vast landscape of shops, where criminals can buy credit cards and other things at irresistible prices. Million dollar breaches News and media coverage .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/the-russian-unde… *** Cisco 2015 Midyear Security Report [PDF] *** --------------------------------------------- http://www.cisco.com/web/offers/pdfs/cisco-msr-2015.pdf *** Security: Apples App Store als Einfallstor für Schadcode *** --------------------------------------------- Über eine Schwachstelle in der Verarbeitung von Belegen für Einkäufe in Apples App Store lässt sich Code auf fremden Rechnern einschleusen. --------------------------------------------- http://www.golem.de/news/security-apples-app-store-als-einfallstor-fuer-sch…

1 0

Tageszusammenfassung - Montag 27-07-2015
by Daily end-of-shift report 27 Jul '15

27 Jul '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 24-07-2015 18:00 − Montag 27-07-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Multiple Cisco Products LDAP Server SSL Certificate Validation Vulnerability *** --------------------------------------------- A vulnerability in SSL certificate validation of multiple Cisco products could allow an unauthenticated, remote attacker to stage a man-in-the-middle attack. The vulnerability is due to lack of SSL certificate validation for secure LDAP. An attacker could exploit this vulnerability to stage a man-in-the-middle attack when .. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40137 *** IT-Sicherheit bei smarten Autos "viel zu lange ignoriert" *** --------------------------------------------- Nach dem Hack eines Jeeps gibt es Einigung darüber, dass noch viel Nachholbedarf besteht --------------------------------------------- http://derstandard.at/2000019712190 *** DSA-3317 lxc - security update *** --------------------------------------------- Several vulnerabilities have been discovered in LXC, the LinuxContainers userspace tools. Roman Fiedler discovered a directory traversal flaw in LXC when creating lock files. A local attacker could exploit this flaw to create an arbitrary .. --------------------------------------------- https://www.debian.org/security/2015/dsa-3317 *** Hacking Team: "Wir sind das Opfer" *** --------------------------------------------- Der Hersteller von aggressiver Überwachungs-Software sieht sich als einziges Opfer in der Affäre um die Veröffentlichung von Daten, die die Zusammenarbeit des Unternehmens mit autoritären Staaten belegen sollen. --------------------------------------------- http://heise.de/-2763077 *** WP Statistics <= 9.4 - SQL Injection *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8116 *** WP Slimstat <= 4.1.5.2 - Referer Header Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/8117 *** Password Hashing Competition: Hashfunktion Argon2 gewinnt Wettbewerb *** --------------------------------------------- In einem Wettbewerb ist nach neuen Hashfunktionen gesucht worden, die sich für das Hashen von Passwörtern eignen. Jetzt steht der Gewinner fest: Argon2, entwickelt von einem Team an der Universität Luxemburg. --------------------------------------------- http://www.golem.de/news/password-hashing-competition-hashfunktion-argon2-g… *** Security: Zahlreiche Steam-Konten gehackt *** --------------------------------------------- Die Steam-Konten mehrerer Twitch-Streamer wurden offenbar von Unbekannten übernommen. Sie nutzen einen Fehler in der Anmeldefunktion aus. Valve hat bereits ein Update bereitgestellt. --------------------------------------------- http://www.golem.de/news/security-zahlreiche-steam-konten-gehackt-1507-1154… *** Advertising hijacking made by Invisible rogue mobile apps are wasting petabytes of data a day *** --------------------------------------------- Mobile Malware is growing and crooks are targeting the advertising industry to redirect users to ad pages in a sort of Advertising hijacking. Mobile Malware is growing and crooks are targeting the advertising industry with malicious .. --------------------------------------------- http://securityaffairs.co/wordpress/38885/cyber-crime/mobile-advertising-hi… *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to crash the host ... --------------------------------------------- http://support.citrix.com/article/CTX201145 *** ManageEngine Exchange Reporter Plus Auth Bypass / Arbitrary SQL Statement Execution *** --------------------------------------------- The ManageEngine Exchange Reporter product installs a JBoss server which listens on default port 8181 (tcp/http) for incoming requests. It offers an admin panel on that port. Without authorization/authentication it is possible to .. --------------------------------------------- https://blogs.securiteam.com/index.php/archives/2533 *** Experts Found a Unicorn in the Heart of Android *** --------------------------------------------- Gaining remote code execution privileges merely by having access to the mobile number? Enter Stagefright. The targets for this kind of attack can be anyone from Prime ministers, govt. officials, company executives, security officers to IT managers. --------------------------------------------- http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily