Daily

daily@lists.cert.at

1 participants
3190 discussions

Tageszusammenfassung - Dienstag 20-10-2015
by Daily end-of-shift report 20 Oct '15

20 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 19-10-2015 18:00 − Dienstag 20-10-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Joomla! - Important Security Announcement - Patch Available Soon *** --------------------------------------------- A Joomla 3.4.5 release containing a security fix will be published on Thursday 22nd October at approximately 14:00 UTC The Joomla Security Strike Team (JSST) has been informed of a critical security issue in the Joomla core. Since this is a *very important security fix*, please be prepared to update your Joomla installations next Thursday. --------------------------------------------- https://www.joomla.org/announcements/release-news/5633-important-security-a… *** JSA10700 - 2015-10 Security Bulletin: Junos: J-Web in SRX5000-Series: A remote attacker can cause a denial of service to SRX5000-Series when J-Web is enabled causing the SRX to enter debug prompt. (CVE-2014-6451) *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10700&actp=RSS *** ZDI-15-525: Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-525/ *** ZDI-15-524: Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-524/ *** Lets Encrypt: Cross-Sign mit Identtrust abgeschlossen *** --------------------------------------------- Let's Encrypt hat einen neuen Meilenstein erreicht: Der Cross-Sign mit Identtrust ist abgeschlossen. Ab Mitte November soll der Dienst für die breite Öffentlichkeit verfügbar sein. --------------------------------------------- http://www.golem.de/news/let-s-encrypt-cross-sign-mit-identtrust-abgeschlos… *** DSA-3375 wordpress - security update *** --------------------------------------------- Several vulnerabilities have been fixed in Wordpress, the popularblogging engine. --------------------------------------------- https://www.debian.org/security/2015/dsa-3375 *** Android 6.0: Verschlüsselung wird verpflichtend *** --------------------------------------------- Einen zweiten Anlauf nimmt Google zur Absicherung von Android-Smartphones und Tablets: Mit Android 6.0 müssen – fast – alle neuen Geräte von Haus aus verschlüsselt werden, dies schreibt die neueste Version des Android Compatibility Definition Document vor. --------------------------------------------- http://derstandard.at/2000024183416 *** Hacking ZigBee Networks *** --------------------------------------------- What is ZigBee? Internet of Things (IoT) is what most experts consider as the next step of the Internet revolution where physical objects are invariably linked to the real and virtual world at the same time. Connected devices now .. --------------------------------------------- http://resources.infosecinstitute.com/hacking-zigbee-networks/ *** OpenSSH: Erster Code von SSH für Windows frei verfügbar *** --------------------------------------------- Die portable Version des aktuellen OpenSSH 7.1 stellt Microsoft nun auch für Windows bereit. Interessierte können außerdem künftig zu dem Projekt beitragen. Der produktive Einsatz soll noch in der ersten Jahreshälfte 2016 möglich sein. --------------------------------------------- http://www.golem.de/news/openssh-erster-code-von-ssh-fuer-windows-frei-verf… *** How a criminal ring defeated the secure chip-and-PIN credit cards *** --------------------------------------------- Over $680,000 stolen via a clever man-in-the-middle attack. --------------------------------------------- http://arstechnica.com/tech-policy/2015/10/how-a-criminal-ring-defeated-the… *** .:: Attacking Ruby on Rails Applications ::. *** --------------------------------------------- This little article aims to give an introduction to the topic of attacking Ruby on Rails applications. Its neither complete nor dropping 0day. Its rather the authors attempt to accumulate the interesting attack paths and techniques in one write up. As yours truly spend most of his work on Ruby .. --------------------------------------------- http://phrack.org/papers/attacking_ruby_on_rails.html *** Korrupter Silk-Road-Ermittler zu über sechs Jahren Haft verurteilt *** --------------------------------------------- Seine verdeckten Ermittlungen gegen den Drogenmarktplatz Silk Road nutzte ein US-Beamter für eigene kriminelle Machenschaften. Unter anderem wegen Erpressung und Geldwäsche muss er nun ins Gefängnis. --------------------------------------------- http://heise.de/-2851334 *** Tech Support Scammers Impersonate Apple Technicians *** --------------------------------------------- By setting up a phishing site for Apples remote sharing service, this tech support scam looks quite genuine. --------------------------------------------- https://blog.malwarebytes.org/fraud-scam/2015/10/tech-support-scammers-impe… *** There's no place like ::1 - Malware for the masses *** --------------------------------------------- Analyzing malware samples provided by customers usually leads to interesting results. Recently, an HP customer downloaded something via Microsoft Internet Explorer and provided the sample analyzed in this blog. In some cases, analysis of these types of samples provides insight into previously unknown .. --------------------------------------------- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/There-s-no-place-lik… *** Das BSI nimmt sich der Router-Sicherheit an *** --------------------------------------------- Das BSI hat ein Testkonzept vorgestellt, das die Sicherheit von Endkunden-Routern vergleichbar machen soll. Die 'wesentliche Sicherheitskomponente zum Schutz des internen Netzes' soll endlich sicher werden. --------------------------------------------- http://heise.de/-2851354

1 0

Tageszusammenfassung - Montag 19-10-2015
by Daily end-of-shift report 19 Oct '15

19 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 16-10-2015 18:00 − Montag 19-10-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** eFast browser hijacks file associations *** --------------------------------------------- We take a look at an Eorezo/Tuto4PC hijacker that installs a new browser called eFast rather than hijacking an existing one. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/10/efast-browser-hijacks… *** Surveillance Malware Trends: Tracking Predator Pain and HawkEye *** --------------------------------------------- Malicious actors employ a range of tools to achieve their objectives. One of the most damaging activities an actor pursues is the theft of authentication information, whether it .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2015/10/surveillance-malware-tre… *** SDG Technologies Plug and Play SCADA XSS Vulnerability *** --------------------------------------------- NCCIC/ICS-CERT is aware of a public disclosure of a cross-site scripting vulnerability with proof-of-concept (PoC) exploit code affecting SDG Technologies Plug and Play SCADA, a supervisory control and data acquisition/human-machine .. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-288-01 *** DSA-3373 owncloud - security update *** --------------------------------------------- Multiple vulnerabilities were discovered in ownCloud, a cloud storageweb service for files, music, contacts, calendars and many more. These flaws may lead to the execution of arbitrary code, authorization bypass,information disclosure, cross-site scripting or denial of service. --------------------------------------------- https://www.debian.org/security/2015/dsa-3373 *** Massive Magento Guruincsite Infection *** --------------------------------------------- We are currently seeing a massive attack on Magento sites where hackers inject malicious scripts that create iframes from 'guruincsite[.]com'. Google already blacklisted about seven thousand sites because of this malware. There are two .. --------------------------------------------- https://blog.sucuri.net/2015/10/massive-magento-guruincsite-infection.html *** New Neutrino EK Campaign Drops Andromeda *** --------------------------------------------- On October 15th, we started seeing a new pattern of redirections to the Neutrino Exploit Kit via compromised websites. What actually caught our attention was one of the file names used to inject an iframe pointing to the exploit kit landing page. Ironically, it was called neitrino.php. --------------------------------------------- https://blog.malwarebytes.org/exploits-2/2015/10/new-neutrino-ek-campaign-d… *** Freies Unix: OpenBSD 5.8 zähmt das System *** --------------------------------------------- Etwas eher als üblich ist OpenBSD auf den Tag genau 20 Jahre nach der Projektgründung erschienen. Für bessere Sicherheit wird das NX-Bit nun auch in der 32-Bit-X86-Architektur genutzt, der Sudo-Befehl ist ersetzt worden und das System kann offiziell gezähmt werden. --------------------------------------------- http://www.golem.de/news/freies-unix-openbsd-5-8-zaehmt-das-system-1510-116… *** 1Password Leaks Your Data *** --------------------------------------------- For those of you who don't know, 1PasswordAnywhere is a feature of 1Password which allows you to access your data without needing their client software. 1Password originally only used the �Agile Keychain� format to store their data (not including when they were OS X keychain only). This format basically stores your data as a series of JavaScript files which are decrypted .. --------------------------------------------- http://myers.io/2015/10/22/1password-leaks-your-data/ *** Staatliche Hackerangriffe: Facebook will seine Nutzer warnen *** --------------------------------------------- Facebook will von staatlichen Angriffen bedrohte Nutzer künftig warnen und ihnen den Einsatz von Zwei-Faktor-Authentifizeriung empfehlen. Bei der Klarnamenpflicht bleibt das Unternehmen aber bei seiner Position. --------------------------------------------- http://www.golem.de/news/staatliche-hackerangriffe-facebook-will-seine-nutz… *** Supporting the Android Ecosystem *** --------------------------------------------- A few months ago, a widely-publicized set of vulnerabilities called StageFright hit the Android ecosystem. While Google fixed the vulnerabilities in what appears to be a reasonable amount of time, the deployment of those fixes to .. --------------------------------------------- https://insights.sei.cmu.edu/cert/2015/10/supporting-the-android-ecosystem.…

1 0

Tageszusammenfassung - Freitag 16-10-2015
by Daily end-of-shift report 16 Oct '15

16 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 15-10-2015 18:00 − Freitag 16-10-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Security Updates Available for Adobe Flash Player (APSB15-27) *** --------------------------------------------- A security bulletin (APSB15-27) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1288 *** Exposing the most dangerous financial malware threats *** --------------------------------------------- Cyphort analyzed the top eight types of financial malware cybercriminals are using today to target banks and electronic payment systems. The most dangerous financial malware threats have resulted i... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/otxCIk5qeu4/malware_news.… *** Data dump points to a breach at Electronic Arts *** --------------------------------------------- Account details of some 600 Electronic Arts (EA) customers have apparently been leaked on Pastebin. The company has yet to confirm that the leak is genuine, but they are "taking steps to secure any ac... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/-grCjlQtA4c/secworld.php *** Enhanced Mitigation Experience Toolkit (EMET) version 5.5 Beta is now available *** --------------------------------------------- Enhanced Mitigation Experience Toolkit (EMET) version 5.5 Beta is now available The Enhanced Mitigation Experience Toolkit (EMET) benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives. It does this by anticipating, diverting, terminating, blocking, or otherwise invalidating the most common actions and techniques adversaries might use to compromise a computer. In this way, EMET can help protect your... --------------------------------------------- http://blogs.technet.com/b/srd/archive/2015/10/15/enhanced-mitigation-exper… *** Windows Drivers are True'ly Tricky *** --------------------------------------------- Posted by James Forshaw, Driving for BugsAuditing a product for security vulnerabilities can be a difficult challenge, and there's no guarantee you'll catch all vulnerabilities even when you do. This post describes an issue I identified in the Windows Driver code for Truecrypt, which has already gone through a security audit. The issue allows an application running as a normal user or within a low-integrity sandbox to remap the main system drive and elevate privileges to SYSTEM or... --------------------------------------------- http://googleprojectzero.blogspot.com/2015/10/windows-drivers-are-truely-tr… *** Breaking Diffie-Hellman with Massive Precomputation (Again) *** --------------------------------------------- The Internet is abuzz with this blog post and paper, speculating that the NSA is breaking the Diffie-Hellman key-exchange protocol in the wild through massive precomputation. I wrote about this at length in May when this paper was first made public. (The reason its news again is that the paper was just presented at the ACM Computer and Communications Security... --------------------------------------------- https://www.schneier.com/blog/archives/2015/10/breaking_diffie.html *** Auch Ubuntu Phone hat seine Sicherheitslücken *** --------------------------------------------- Eine App aus dem Ubuntu Phone Store hat eine Sicherheitslücke aufgezeigt, mit der Angreifer die komplette Kontrolle über die Geräte der Opfer hätte erlangen können. Stattdessen ändert die App nur den Boot-Splash. --------------------------------------------- http://heise.de/-2849370 *** Elasticsearch 1.7.3 released *** --------------------------------------------- Today, we are happy to announce the bug fix release of Elasticsearch 1.7.3, based on Lucene 4.10.4. This is the latest stable release. Users are advised to upgrade if they find themselves affected by any of the bugs which have been fixed.You can download Elasticsearch 1.7.3 and read the full changes list here.Previous blog posts about the 1.7 series:Elasticsearch 1.7.2Elasticsearch 1.7.1Elasticsearch 1.7.0This release contains a number of bug fixes including:Synced flushes were reactivating... --------------------------------------------- https://www.elastic.co/blog/elasticsearch-1-7-3-released *** VMSA-2015-0003.12 *** --------------------------------------------- VMware product updates address critical information disclosure issue in JRE --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0003.html *** Bugtraq: [security bulletin] HPSBUX03512 SSRT102254 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) and Other Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/536687 *** Bugtraq: [security bulletin] HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/536689 *** Updated F5 Security Advisory: OpenSSL vulnerability CVE-2014-0224 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/300/sol15325.htm… *** F5 Security Advisory: vCMP DoS vulnerability CVE-2015-6546 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/17000/300/sol17386.htm… *** APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 *** --------------------------------------------- APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, andiWork for iOS 2.6Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are nowavailable which address the following:Keynote, Pages, and NumbersAvailable for: OS X Yosemite v10.10.4 or later, iOS 8. [...] --------------------------------------------- http://prod.lists.apple.com/archives/security-announce/2015/Oct/msg00000.ht… *** USN-2772-1: PostgreSQL vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-2772-116th October, 2015postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryPostgreSQL could be made to crash or expose private information if ithandled specially crafted data.Software description postgresql-9.1 - Object-relational SQL database postgresql-9.3 - Object-relational SQL database postgresql-9.4 - Object-relational SQL... --------------------------------------------- http://www.ubuntu.com/usn/usn-2772-1/ *** 3S CODESYS Runtime Toolkit Null Pointer Dereference Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a NULL pointer dereference vulnerability in the 3S-Smart Software Solutions GmbHs CODESYS Runtime Toolkit. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-288-01 *** Bugtraq: Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) *** --------------------------------------------- http://www.securityfocus.com/archive/1/536692 *** Windows 10 Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111) *** --------------------------------------------- Topic: Windows 10 Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111) Risk: Medium Text:Source: https://code.google.com/p/google-security-research/issues/detail?id=486 Windows: Sandboxed Mount Reparse Point Crea... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015100120 *** Bugtraq: ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access *** --------------------------------------------- http://www.securityfocus.com/archive/1/536695

1 0

Tageszusammenfassung - Donnerstag 15-10-2015
by Daily end-of-shift report 15 Oct '15

15 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 14-10-2015 18:00 − Donnerstag 15-10-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Zero-Day in Magento Plugin Magmi Under Attack *** --------------------------------------------- A zero-day in a popular plugin for the Magento ecommerce platform called Magmi is under attack. --------------------------------------------- http://threatpost.com/zero-day-in-magento-plugin-magmi-under-attack/115026/ *** Security Advisory for Adobe Flash Player (APSA15-05) *** --------------------------------------------- A Security Advisory (APSA15-05) has been published regarding a critical vulnerability (CVE-2015-7645) in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Adobe is aware of a report that an exploit for this vulnerability is being used... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1280 *** Kritische Flash-Lücke: Adobe stellt Patch in Aussicht *** --------------------------------------------- Einer Sicherheitsfirma zufolge greift die Gruppe Pawn Storm derzeit gezielt aktuelle Flash-Versionen über eine Zero-Day-Lücke an. Adobe hat nun einen Patch angekündigt. --------------------------------------------- http://heise.de/-2847993 *** Exploit kit roundup: Less Angler, more Nuclear, (Thu, Oct 15th) *** --------------------------------------------- Introduction Earlier this month, Ciscos Talos team published an in-depth report on the Angler exploit kit (EK) [1]. The report also documentedCiscos coordination with hosting providers to shut down malicious servers associated with this EK. The result? Ive found far less Angler EK in the last two... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20255&rss *** How is NSA breaking so much crypto? *** --------------------------------------------- However, the documents do not explain how these breakthroughs work, and speculation about possible backdoors or broken algorithms has been rampant in the technical community. Yesterday at ACM CCS, one of the leading security research venues, we and twelve coauthors presented a paper that we think solves this technical mystery. --------------------------------------------- https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so… *** HTTP Evasions Explained - Part 5 - GZip Compression *** --------------------------------------------- This is the fifth part in a series which will explain the evasions done by HTTP Evader. This part is about failures to handle gzip compression properly. Contrary to deflate compression all products Ive seen are able to handle gzip compression in theory. But several major products fail if you set some special bits, invalidate the checksum, remove some bytes from the end etc. But, the browsers unpack the content anyway so we get a bypass again. --------------------------------------------- http://noxxi.de/research/http-evader-explained-5-gzip.html *** Existing security standards do not sufficiently address IoT *** --------------------------------------------- A lack of clarity and standards around Internet of Things (IoT) security is leading to a lack of confidence. According to the UK IT professionals surveyed by ISACA, 75 percent of the security exper... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/624P7Nfkph8/secworld.php *** IETF verabschiedet Standard für die Absicherung des verschlüsselten Mail-Transports *** --------------------------------------------- Die Spezifikation DANE over SMTP hat nur zwei Jahre für ihre Standardisierung benötigt. Das Bundesamt für Sicherheit und Informationstechnik fordert nun bereits von zertifizierten Mail-Providern die Umsetzung des DANE-Verfahrens. --------------------------------------------- http://heise.de/-2848049 *** Juniper Security Advisories *** --------------------------------------------- *** JSA10695 - 2015-10 Security Bulletin: Junos: Multiple privilege escalation vulnerabilities in Python on Junos (CVE-2014-6448) *** http://kb.juniper.net/index?page=content&id=JSA10695&actp=RSS *** JSA10702 - 2015-10 Security Bulletin: QFabric 3100 Director: CUPS printing system Improper Update of Reference Count leads to remote chained vulnerability attack via XSS against authenticated users (CVE-2015-1158, CVE-2015-1159) *** http://kb.juniper.net/index?page=content&id=JSA10702&actp=RSS *** JSA10706 - 2015-10 Security Bulletin: Junos: FTPS through SRX opens up wide range of data channel TCP ports (CVE-2015-5361) *** http://kb.juniper.net/index?page=content&id=JSA10706&actp=RSS *** JSA10701 - 2015-10 Security Bulletin: Junos: Trio Chipset (Trinity) Denial of service due to maliciously crafted uBFD packet. (CVE-2015-7748) *** http://kb.juniper.net/index?page=content&id=JSA10701&actp=RSS *** JSA10700 - 2015-10 Security Bulletin: Junos: J-Web in vSRX-Series: A remote attacker can cause a denial of service to vSRX when J-Web is enabled causing the vSRX instance to reboot. (CVE-2014-6451) *** http://kb.juniper.net/index?page=content&id=JSA10700&actp=RSS *** JSA10703 - 2015-10 Security Bulletin: Junos: vSRX-Series: A remote attacker can cause a persistent denial of service to the vSRX through a specific connection request to the firewalls host-OS.(CVE-2015-7749) *** http://kb.juniper.net/index?page=content&id=JSA10703&actp=RSS *** JSA10708 - 2015-10 Security Bulletin: Junos: SSH allows unauthenticated remote user to consume large amounts of resources (CVE-2015-7752) *** http://kb.juniper.net/index?page=content&id=JSA10708&actp=RSS *** JSA10704 - 2015-10 Security Bulletin: ScreenOS: Network based denial of service vulnerability in ScreenOS (CVE-2015-7750) *** http://kb.juniper.net/index?page=content&id=JSA10704&actp=RSS *** JSA10707 - 2015-10 Security Bulletin: Junos: Corrupt pam.conf file allows unauthenticated root access (CVE-2015-7751) *** http://kb.juniper.net/index?page=content&id=JSA10707&actp=RSS *** JSA10705 - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView *** http://kb.juniper.net/index?page=content&id=JSA10705&actp=RSS *** JSA10699 - 2015-10 Security Bulletin: Junos: Crafted packets cause mbuf chain corruption which may result in kernel panic (CVE-2014-6450) *** http://kb.juniper.net/index?page=content&id=JSA10699&actp=RSS *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in GNU glibc affect IBM Security Network Intrusion Prevention System (CVE-2013-2207, CVE-2014-8121, and CVE-2015-1781 ) *** http://www.ibm.com/support/docview.wss?uid=swg21966788 *** IBM Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Intrusion Prevention System (CVE-2015-5621) *** http://www.ibm.com/support/docview.wss?uid=swg21966694 *** IBM Security Bulletin: IBM NetInsight is impacted by multiple vulnerabilities in open source cURL libcurl (CVE-2015-3153, CVE-2015-3236) *** http://www.ibm.com/support/docview.wss?uid=swg21967448 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor (CVE-2015-2601, CVE-2015-2613, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21968048 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server (CVE-2015-1931 CVE-2015-2601 CVE-2015-2613 CVE-2015-2625) *** http://www.ibm.com/support/docview.wss?uid=swg21964927 *** IBM Security Bulletin: IBM Personal Communications with IBM GSKit - Malformed ECParameters causes infinite loop (CVE-2015-1788) *** http://www.ibm.com/support/docview.wss?uid=swg21962890 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor (CVE-2015-1789, CVE-2015-1790, CVE-2015-1792) *** http://www.ibm.com/support/docview.wss?uid=swg21968046 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational Team Concert Build Agent (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2014-8176) *** http://www.ibm.com/support/docview.wss?uid=swg21968724 *** IBM Security Bulletin: Logjam vulnerability affects IBM SmartCloud Entry (CVE-2015-4000) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022754 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor (CVE-2015-0488) *** http://www.ibm.com/support/docview.wss?uid=swg21968052 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-0488 CVE-2015-0478 CVE-2015-1916 CVE-2015-0204) *** http://www.ibm.com/support/docview.wss?uid=swg21963609 *** IBM Security Bulletin: Cross Site Scripting (XSS) Vulnerability in IBM Sametime Rich Client and in IBM Sametime Proxy (CVE-2015-1917) *** http://www.ibm.com/support/docview.wss?uid=swg21965839 *** Security Advisory: Stored XSS in Akismet WordPress Plugin *** --------------------------------------------- Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 9/10 Vulnerability: Stored XSS Patched Version: 3.1.5 During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs. Vulnerability Disclosure Timeline: October 2nd, 2015 - Bug discovered, initial report to Automattic security team October 5th, 2015... --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/abpAvnfFREc/security-advisory…

1 0

Tageszusammenfassung - Mittwoch 14-10-2015
by Daily end-of-shift report 14 Oct '15

14 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 13-10-2015 18:00 − Mittwoch 14-10-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Patchday: Adobe schließt kritische Lücken in Flash und Reader *** --------------------------------------------- Sicherheitslücken in beiden Produkten erlauben es Angreifern, den Rechner des Opfers aus der Ferne zu kapern. Bei Flash werden insgesamt 13 Lücken durch die Updates geschlossen, bei Acrobat und Reader sind es 56 Lücken. --------------------------------------------- http://heise.de/-2845079 *** Nach Patchday: Flash über neue Sicherheitslücke immer noch angreifbar *** --------------------------------------------- Eine Sicherheitsfirma berichtet von gezielten Angriffen, die momentan stattfinden und eine Zero-Day-Lücke in der aktuellen Flash-Version für Windows missbrauchen. --------------------------------------------- http://heise.de/-2846807 *** MS15-OCT - Microsoft Security Bulletin Summary for October 2015 - Version: 1.0 *** --------------------------------------------- This bulletin summary lists security bulletins released for October 2015. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS15-OCT *** Microsoft Patch Tuesday - October 2015 *** --------------------------------------------- This month the vendor is releasing six bulletins covering a total of 33 vulnerabilities. Thirteen of this months issues are rated Critical. --------------------------------------------- http://www.symantec.com/connect/blogs/microsoft-patch-tuesday-october-2015 *** Redirect to Microsoft Word Macro Virus *** --------------------------------------------- These days we rarely see Microsoft Word malware on websites, but it still exists and compromised websites can distribute this kind of malware as well. It's not just email attachments when it comes to sharing infected documents. For example, this malicious file was found on a hacked Joomla site by our analyst Krasimir Konov. --------------------------------------------- https://blog.sucuri.net/2015/10/redirect-to-microsoft-word-macro-virus.html *** The Web Authentication Arms Race - A Tale of Two Security Experts *** --------------------------------------------- Web authentication systems have evolved over the past ten years to counter a growing variety of threats. This post will present a fictional arms race between a web application developer and an attacker, showing how different threats can be countered with the latest security technologies. --------------------------------------------- http://blog.slaks.net/2015-10-13/web-authentication-arms-race-a-tale-of-two… *** MSRT October 2015: Tescrypt *** --------------------------------------------- Octobers Microsoft Malicious Software Removal Tool (MSRT) includes detection and remediation for the following families: Tescrypt Blakamba Diplugem Escad Joanap Brambul Drixed This blog focuses on the ransomware family Tescrypt. Tescrypt started showing up early in 2015 and, like most of its file-encrypting predecessors, it does what most typical ransomware does: Searches for specific file types on the infected machine (see our encyclopedia description for a list of known file extensions --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2015/10/13/msrt-october-2015-tescry… *** AndroidVulnerabilities.org - Calculating the score *** --------------------------------------------- We developed the FUM score to compare the security provided by different device manufacturers. The score gives each Android manufacturer a score out of 10 based on the security they have provided to their customers over the last four years. --------------------------------------------- http://androidvulnerabilities.org/ *** AV Phone Scan via Fake BSOD Web Pages, (Tue, Oct 13th) *** --------------------------------------------- A few days ago, I found a malicious website which triesto lure the visitor by simulating a Microsoft Windows Blue Screen of Death(BSOD) and popping up error messages within their browser. This is not a brand new attack but it remains in the wild. For a while, we saw Microsoft engineers calling people to warn them about an important problem with their computer (I blogged about this last year). In this case, it is different: the computer itself warns the user about a security issue and users... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20251&rss *** Injection on Steroids: Code-less Code Injections and 0-Day Techniques *** --------------------------------------------- In this talk, we discuss known-yet-complex and less documented code injection techniques. We further expose additional new user- and kernel-mode injection techniques. One of these techniques we've coined as "code-less code injection" since, as opposed to other known injection techniques, does not require adding code to the injected process. We also reveal an additional kernel-mode code injection which is a variation to the technique used by the AVs. However, as we demonstrate,... --------------------------------------------- http://breakingmalware.com/injection-techniques/code-less-code-injections-a… *** On (OAuth) token hijacks for fun and profit part #2 (Microsoft/xxx integration) *** --------------------------------------------- In a previous blogpost we have already analyzed a token hijack on one OAuth integration between some Microsoft and Google service and seen what went wrong. Now it is time to see yet another integration between Microsoft and xxxx (unluckily I cant disclose the name of the other company due the fact the havent still fixed a related issue...) and see some fallacy. But before to focus on the attack we might need a bit of introduction. --------------------------------------------- http://intothesymmetry.blogspot.ie/2015/10/on-oauth-token-hijacks-for-fun-a… *** VU#870744: ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities *** --------------------------------------------- Vulnerability Note VU#870744 ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities Original Release date: 13 Oct 2015 | Last revised: 13 Oct 2015 Overview Several models of ZyXEL routers are vulnerable to multiple issues, including weak default passwords, command injections due to improper input validation, and cross-site scripting. Description CWE-255: Credentials Management - CVE-2015-6016According to the reporter, the following models contain the weak... --------------------------------------------- http://www.kb.cert.org/vuls/id/870744 *** KerioControl Input Validation and Access Control Flaws Let Remote Users Conduct Cross-Site Request Forgery, Cross-Site Scripting, and SQL Injection Attacks and Remote Authenticated Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1033807

1 0

Tageszusammenfassung - Dienstag 13-10-2015
by Daily end-of-shift report 13 Oct '15

13 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 12-10-2015 18:00 − Dienstag 13-10-2015 18:00 Handler: Stephan Richter Co-Handler: n/a *** Free and Commercial Tools to Implement the SANS Top 20 Security Controls, Part 3: Secure Configurations *** --------------------------------------------- This is Part 3 of a How-To effort to compile a list of tools (free and commercial) that can help IT administrators comply with SANS Security Controls. In Part 1 we looked at Inventory of Authorized and Unauthorized Devices. In Part 2 we looked at Inventory of Authorized and Unauthorized Software. Now well move on to Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. 3-1 Establish and ensure the use of standard secure configurations of... --------------------------------------------- https://feeds.feedblitz.com/~/117076473/0/alienvault-blogs~Free-and-Commerc… *** Certificate authorities issue SSL certificates to fraudsters *** --------------------------------------------- In just one month, certificate authorities have issued hundreds of SSL certificates for deceptive domain names used in phishing attacks. SSL certificates lend an additional air of authenticity to phishing sites, causing the victims browsers to display a padlock icon to indicate a secure connection. Despite industry requirements for increased vetting of high-risk requests, many fraudsters slip through the net, obtaining SSL certificates for domain names such as banskfamerica.com (issued by... --------------------------------------------- http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-… *** I am HDRoot! Part 2 *** --------------------------------------------- Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems. --------------------------------------------- http://securelist.com/analysis/publications/72356/i-am-hdroot-part-2/ *** Best Practices for Securing Remote Access *** --------------------------------------------- Most, if not all, of the day-to-day tasks performed in offices today rely heavily on technology, mainly computers, laptops, tablets & smart devices. As the world and the global economy become increasingly interconnected, members of the staff too are required to go mobile. Sometimes, the need arises to work from home or somewhere away from... --------------------------------------------- http://resources.infosecinstitute.com/best-practices-for-securing-remote-ac… *** Social Media Security: Your Biggest Threat is Yourself *** --------------------------------------------- I set out to write this blog to explore the security threats faced by both businesses and individuals in Social Media. I had the intention of making this a rather technical blog, full of charts and statistics. However, as I began talking to people within the security and social media world, I discovered that the top threat to both individuals and businesses has nothing to do with the actual technology and network vulnerability. The biggest threat to social media security is actually ourselves. --------------------------------------------- https://feeds.feedblitz.com/~/117261057/0/alienvault-blogs~Social-Media-Sec… *** Windows Exploit Suggester - An Easy Way to Find and Exploit Windows Vulnerabilities *** --------------------------------------------- Introduction During our penetration testing engagements, we often come across the situations where we need to find the right exploits to escalate the privileges on a compromised host. Though there are multiple techniques to escalate the privileges, finding out missing patches could be an easy way if an exploit is publicly available. Blindly trying various... --------------------------------------------- http://resources.infosecinstitute.com/windows-exploit-suggester-an-easy-way… *** Security Bulletins Posted for Adobe Acrobat, Reader and Flash Player *** --------------------------------------------- Security Bulletins for Adobe Acrobat and Reader (APSB15-24) and Adobe Flash Player (APSB15-25) have been published. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1278 *** WiFi jamming attacks more simple and cheaper than ever *** --------------------------------------------- A security researcher has demonstrated that jamming WiFi, Bluetooth, and Zigbee networks is not difficult to perform but, most importantly, also not as costly as one might think. According to Math... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/f-PMACEc174/secworld.php *** Best Quality and Quantity of Contributions in the New Xen Project 4.6 Release *** --------------------------------------------- I'm pleased to announce the release of Xen Project Hypervisor 4.6. This release focused on improving code quality, security hardening, enablement of security appliances, and release cycle predictability - this is the most punctual release we have ever had. --------------------------------------------- https://blog.xenproject.org/2015/10/13/xen-4-6/ *** Netgear Router: Eine Schwachstelle ermöglicht das Erlangen von Administratorrechten *** --------------------------------------------- Netgear stellt die Firmware 1.1.0.32 für die Router-Modelle JNR1010v2, WNR614, WNR618, JWNR2000v5, WNR2020, JWNR2010v5, WNR1000v4 und WNR2020v2 zur Verfügung. --------------------------------------------- https://www.cert-bund.de/advisoryshort/CB-K15-1482%20UPDATE%201 *** VU#751328: QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X *** --------------------------------------------- Vulnerability Note VU#751328 QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X Original Release date: 12 Oct 2015 | Last revised: 12 Oct 2015 Overview QNAP QTS is a Network-Attached Storage (NAS) system. The QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X. Description CWE-23: Relative Path Traversal - CVE-2015-6003When the Apple Filing Protocol (AFP) is enabled, any OS X user account (including the --------------------------------------------- http://www.kb.cert.org/vuls/id/751328 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Stored IQ (CVE-2015-2625) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21968526 *** IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM SONAS (CVE-2015-2808) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1005319 *** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM SONAS (CVE-2013-7423) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1005315 *** F5 Security Advisory: OpenJDK vulnerability CVE-2014-0428 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/17000/300/sol17381.htm… *** Cisco Application Policy Infrastructure Controller SSH Key Handling Flaw Lets Local Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1033793 *** Cisco ASR Router TACACS Implementation Bug Lets Remote Users Cause the Target vpnmgr Service to Restart *** --------------------------------------------- http://www.securitytracker.com/id/1033792 *** Password Safe And Repository Enterprise 7.4.4 Build 2247 Crypto Issues *** --------------------------------------------- Topic: Password Safe And Repository Enterprise 7.4.4 Build 2247 Crypto Issues Risk: Medium Text:Advisory ID: SYSS-2015-037 Product(s): Password Safe and Repository Enterprise Manufacturer: MATESO GmbH Affected Version(s)... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015100089 *** Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection *** --------------------------------------------- Topic: Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection Risk: Medium Text:Advisory ID: SYSS-2015-034 Product(s): Password Safe and Repository Enterprise Manufacturer: MATESO GmbH Affected Version(s)... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015100092 *** Bugtraq: CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin *** --------------------------------------------- http://www.securityfocus.com/archive/1/536670 *** Bugtraq: CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin *** --------------------------------------------- http://www.securityfocus.com/archive/1/536669 *** Bugtraq: CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin *** --------------------------------------------- http://www.securityfocus.com/archive/1/536668

1 0

Tageszusammenfassung - Montag 12-10-2015
by Daily end-of-shift report 12 Oct '15

12 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 09-10-2015 18:00 − Montag 12-10-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** GnuPG (GPG) 2.1.9 release announced, (Sun, Oct 11th) *** --------------------------------------------- The GnuPG group has announced the release of GPG version 2.1.9, which addresses a number of technical issues within the components of the code. The update of any encryption component should be carefully planned, as the impact is often not fully understood until some data cannot be accessed because of encryption issues. If you are running a version of GPG older than version 2.1, i strongly recommend taking a look at the changes... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20235&rss *** Cloud DDoS Mitigation Services Can Be Easily Bypassed *** --------------------------------------------- An anonymous reader writes: A recent research paper shows that most Cloud-Based Security Providers are ineffective in protecting websites from DDoS attacks, mainly because they cannot entirely hide the origin websites IP address from attackers. As five security researchers from Belgium and the U.S. are claiming, there are eight methods through which these mitigation services can be bypassed. The techniques of obtaining a websites origin IP address rely on hackers searching through historical... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/kzYQm-Sz02k/cloud-ddos-miti… *** Sicherheitslücke in TeamSpeak-Desktop-Client 3.0.18 *** --------------------------------------------- Die besonders bei Gamern populäre Voice-Chat-Software TeamSpeak erlaubt Angreifern, Dateien auf Client-PCs hochzuladen. Server-Betreiber sollen alte Clients aussperren. --------------------------------------------- http://www.heise.de/newsticker/meldung/Sicherheitsluecke-in-TeamSpeak-Deskt… *** HP perfomance monitor can climb through Windows *** --------------------------------------------- Crimp nasty privilege escalation bug by running it in Linux instead says Rapid7 Rapid7 is advising HP SiteScope users to run the tool on Linux rather than Windows servers because of a nasty privilege escalation vulnerability. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/10/11/hp_says_get… *** European Aviation Safety Agency - Airplane hacking is reality *** --------------------------------------------- European Aviation Safety Agency European Aviation confirmed the concerns about the Airplane hacking. Hackers could easily infiltrate critical systems. On October 8, 2015, the director of the European Aviation Safety Agency, Patrick Ky revealed he has hired consultant, which is also a commercial pilot, who was able to exploit vulnerabilities in the Aircraft Communications Addressing... --------------------------------------------- http://securityaffairs.co/wordpress/40975/hacking/easa-airplane-hacking.html *** A Study in Bots: DiamondFox *** --------------------------------------------- DiamondFox is a multipurpose botnet with capabilities ranging from credential stealing to theft of credit card information from point of sale systems. This capable malware is being distributed in a number of hacker forums, allowing it to be operated by attackers with extremely limited capabilities to operate it. Fortunately for malware researchers, DiamondFox fails to protect itself in various ways. --------------------------------------------- http://blog.cylance.com/a-study-in-bots-diamondfox *** TLS Fingerprinting (Smarter Defending & Stealthier Attacking) *** --------------------------------------------- Previously, I have been able to demonstrate that certain clients could be differentiated from other network traffic. Specifically, that meant discriminating SuperFish, PrivDog, and GeniusBox from mainstream browsers when making HTTPS connections, and generating IDS signatures based on these findings to assist network administrators in being able to identify problematic hosts without requiring access to either endpoint. I have now expanded this technique to improve the accuracy of the... --------------------------------------------- https://blog.squarelemon.com/tls-fingerprinting/ *** Kaspersky Internet Security: Network Attack Blocker Design Flaw *** --------------------------------------------- A component of Kaspersky Internet Security that's enabled by default is called the "Network Attack Blocker", described as "protects the computer against dangerous network activity". I examined the implementation, and determined that it's actually a simple stateless packet filter with a pattern-matching signature system. It has no concept of flow reassembly or protocol decoding, which require stateful packet inspection. When the software detects an attack, it adds... --------------------------------------------- https://code.google.com/p/google-security-research/issues/detail?id=564 *** USB Killer 2.0 - How to easily burn a PC with a USB device *** --------------------------------------------- In March I presented the PoC of a computer-frying Killer USB pendrive designed by the Russian researcher, now the USB Killer 2.0 is arrived! Do you remember the killer USB? In March I presented the proof-of-concept computer-frying Killer USB pendrive designed by the Russian researcher with the pseudonym "Dark Purple". Dark Purple works for a company that develops and manufactures electronic components,... --------------------------------------------- http://securityaffairs.co/wordpress/40984/hacking/usb-killer-2-0.html *** Thousands of Zhone SOHO routers can be easily hijacked *** --------------------------------------------- Two days before he is scheduled to give a talk about discovering and exploiting 0-day vulnerabilities in SOHO routers firmware, security researcher Lyon Yang has released details about a number of vu... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/94i2m6_inBI/secworld.php *** DFN-CERT-2015-1574: Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1574/ *** Bugtraq: ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/536662

1 0

Tageszusammenfassung - Freitag 9-10-2015
by Daily end-of-shift report 09 Oct '15

09 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 08-10-2015 18:00 − Freitag 09-10-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** Prenotification: Upcoming Security Updates for Adobe Acrobat and Reader (APSB15-24) *** --------------------------------------------- A prenotification security advisory (APSB15-24) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, October 13, 2015. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1276 *** Brute Force Amplification Attacks Against WordPress XMLRPC *** --------------------------------------------- Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it's most likely being hit right now. It could be via protocols like SSH or FTP, and if it's a web server, via web-based brute force attempts againstRead More The post Brute Force Amplification Attacks Against WordPress XMLRPC appeared first on Sucuri Blog. --------------------------------------------- https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-w… *** PostgreSQL: 2015-10-08 Security Update Release *** --------------------------------------------- Two security issues have been fixed in this release which affect users of specific PostgreSQL features: CVE-2015-5289: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. CVE-2015-5288: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. --------------------------------------------- http://www.postgresql.org/about/news/1615/ *** PowerShell Command Line Logging *** --------------------------------------------- The problem is that, by default, Windows only logs that PowerShell was launched. No additional details about what exactly happened are preserved. The only thing we can tell is that PowerShell called additional programs and possibly opened up a few network sessions. However, there is a way to gather additional details on PowerShell sessions and the command line in general. --------------------------------------------- https://logrhythm.com/blog/powershell-command-line-logging/ *** MYSQL v5.6.24 Buffer Overflows *** --------------------------------------------- SUMMARY During a manual source code audit of MYSQL Version 5.6.24, various buffer overflow issues have been realized. --------------------------------------------- http://www.securityfocus.com/archive/1/536652 *** Aktive Angriffe auf Cisco-VPN-Zugänge *** --------------------------------------------- Vornehmlich über bekannte Sicherheitsprobleme kapern Unbekannte in großem Stil Firmenzugänge über Cisco Clientless SSL VPN (Web VPN), berichtet die Sicherheitsfirma Volexity. --------------------------------------------- http://heise.de/-2841963 *** IBM Security Bulletins *** --------------------------------------------- *** Multiple vulnerabilities of Mozilla Firefox in IBM Storwize V7000 Unified *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005332 --------------------------------------------- *** Mozilla Firefox vulnerability issues in IBM SONAS *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005333 --------------------------------------------- *** Vulnerabilities in Java affect the IBM FlashSystem V9000 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005411 --------------------------------------------- *** Vulnerabilities in Java affect the IBM FlashSystem V840 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005412 --------------------------------------------- *** Vulnerabilities in Java affect the IBM FlashSystem models 840 and 900 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005413 --------------------------------------------- *** Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2015-2613, CVE-2015-2601, CVE-2015-4000, CVE-2015-2625, and CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005342 --------------------------------------------- *** Multiple vulnerabilities in IBM Java Runtime Version 6 affect IBM Cognos Business Viewpoint (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21967563 --------------------------------------------- *** Vulnerabilities in Open Source OpenSSL affects the IBM FlashSystem V840 (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791, and CVE-2015-3216) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005376 --------------------------------------------- *** Vulnerabilities in OpenSSL affect IBM SONAS (CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005313 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 8-10-2015
by Daily end-of-shift report 08 Oct '15

08 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 07-10-2015 18:00 − Donnerstag 08-10-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** ZDI-15-461: Solarwinds Log and Event Manager Command Injection Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Log and Event Manager. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-461/ *** ZDI-15-460: Solarwinds Storage Manager ProcessFileUpload.jsp File Upload Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Storage Manager. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-460/ *** Forscher demonstriert Lücke im PGP-Standard *** --------------------------------------------- Durch die Rückwärtskompatibilität könnten Angreifer verschlüsselte und signierte Nachrichten nachträglich manipulieren. Immerhin geben aktuelle GnuPG-Versionen dann einen Hinweis auf mögliche Probleme. --------------------------------------------- http://heise.de/-2840052 *** SHA1 algorithm securing e-commerce and software could break by year's end *** --------------------------------------------- Researchers warn widely used algorithm should be retired sooner. --------------------------------------------- http://arstechnica.com/security/2015/10/sha1-crypto-algorithm-securing-inte… *** Zero-Day Exploit Found in Avast Antivirus *** --------------------------------------------- Avast was vulnerable to malicious HTTPS connections One of Googles security experts found a zero-day exploit inside the Avast antivirus, which the company has recently patched. --------------------------------------------- http://news.softpedia.com/news/zero-day-exploit-found-in-avast-antivirus-49… *** New mystery Windows-smashing RAT found in corporate network *** --------------------------------------------- Tin foil VXer wraps new Trojan in cloak and evasion tricks Malware man Yotam Gottesman has found a somewhat mysterious remote access Trojan on a corporate network that sports highly capable evasion techniques. --------------------------------------------- www.theregister.co.uk/2015/10/08/monker_rat/ *** Hack gegen Looppay: Samsung betont Sicherheit von Samsung Pay *** --------------------------------------------- Im Februar schluckte Samsung das Startup Looppay und integrierte dessen Technik in den mobilen Bezahldienst Samsung Pay. Kurz darauf schlichen sich Hacker in die Rechner des Startups, wie nun herauskam. --------------------------------------------- http://heise.de/-2840660 *** Wieder WLAN/SOHO router - remote root *** --------------------------------------------- Wie viele der kleinen WLAN Router (auch "SOHO" Router - small home and office router - genannt), hat auch Netgear bei der Sicherheit vom Web Interface gepatzt - so scheint es. Heute wurde bekannt, dass Netgear WNR1000v4 Router (eventuell sind auch andere Modelle betroffen) mit den folgenden Firmware .. --------------------------------------------- http://www.cert.at/services/blog/20151008163157-1605.html *** How I Hacked Hotmail *** --------------------------------------------- At Synack we really enjoy great vulnerabilities, whether in web, mobile, host or even in completely outrageous devices and systems (satellite hacking anyone?). But we always keep the great findings that we and the SRT have made for our customers confidential. So while this .. --------------------------------------------- https://www.synack.com/labs/blog/how-i-hacked-hotmail/

1 0

Tageszusammenfassung - Mittwoch 7-10-2015
by Daily end-of-shift report 07 Oct '15

07 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 06-10-2015 18:00 − Mittwoch 07-10-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Microsoft Edge Performance Object Lets Remote Users Detect Virtual Machines *** --------------------------------------------- http://www.securitytracker.com/id/1033749 *** Microsoft Internet Explorer Performance Object Lets Remote Users Detect Virtual Machines *** --------------------------------------------- http://www.securitytracker.com/id/1033748 *** Tripwire IP360 VnE Remote Administrative API Authentication Bypass *** --------------------------------------------- The IP350 VnE is susceptible to a remote XML-RPC authentication bypass vulnerability, which allows for specially crafted privileged commands to be remotely executed without authentication. The RPC service is available on the public HTTPS interface of the VnE by default, and cannot be disabled. --------------------------------------------- https://cxsecurity.com/issue/WLB-2015100053 *** Virus Bulletin : VB2015 Prague - conference slides *** --------------------------------------------- The following are the presentation slides shown by speakers at the VB2015 conference in Prague. We are still waiting for some of the slides to be supplied to us - these will be added when they are submitted to us. --------------------------------------------- https://www.virusbtn.com/conference/vb2015/slides/index *** Outlook Web Access als Hintertür zum Firmennetz *** --------------------------------------------- Viele Unternehmen sind sich nicht bewusst, welch verführerisches Ziel der Webdienst von Outlook darstellt. Sicherheitsforscher zeigen an einen aktuellen Fall, wie Angreifer darüber Domänen-Passwörter ausleiten können. --------------------------------------------- http://www.heise.de/newsticker/meldung/Outlook-Web-Access-als-Hintertuer-zu… *** HTTP Evasions Explained - Part 4 - Doubly Compressed Content *** --------------------------------------------- This is the fourth part in a series which will explain the evasions done by HTTP Evader. This article is about the products which successfully support deflate compression (where several products already fail) but fail if the content is .. --------------------------------------------- http://noxxi.de/research/http-evader-explained-4-double-encoding.html *** General HTML5 Security, Part 2 *** --------------------------------------------- In the second part of the General HTML5 Security series, we are going to discuss the enhanced security in HTML5 with features such as the CSP (Content Security Policy) and sandboxed iframes. We .. --------------------------------------------- http://resources.infosecinstitute.com/general-html5-security-part-2/ *** Kemoge: Another Mobile Malicious Adware Infecting Over 20 Countries *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.ht… *** US-Provider Verizon weitet Nutzung seines Supercookies aus *** --------------------------------------------- Mit dem Kauf von AOL will Verizon seine Kunden nun auch über dessen Werbenetzwerk weiterverfolgen. AOL erreicht mit seiner Werbung fast 600 Millionen Menschen weltweit. --------------------------------------------- http://heise.de/-2840065

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily