=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 07-04-2015 18:00 − Mittwoch 08-04-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Gmail Problems Due to Expired Certificate (April 6, 2015) ***
---------------------------------------------
Because Google allowed a servers security certificate to expire, Gmail users experienced problems for several hours on April 4.......
---------------------------------------------
http://www.sans.org/newsletters/newsbites/r/17/27/302
*** Aw snap! How hideous HTML can crash Chrome tabs in one click ***
---------------------------------------------
Watch out for drive-by browser bombs - for now, at least A bug in the most recent version of the Chrome allows miscreants to crash browser tabs simply by embedding a link with a malformed URL in the HTML of a page.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/04/07/chrome_awsn…
*** Drive-by-login attack identified and used in lieu of spear phishing campaigns ***
---------------------------------------------
A new attack, drive-by-logins, allows attackers to target specific victims on sites they trust.
---------------------------------------------
http://www.scmagazine.com/high-tech-bridge-identifies-new-attack-method-pos…
*** Nuclear Exploit-Kit mit Google Ads ausgeliefert ***
---------------------------------------------
Googles Werbebanner lieferten für mehrere Stunden ein gefährliches Exploit-Kit aus, das die Rechner vieler nichtsahnender Opfer mit Schadcode infiziert haben könnte.
---------------------------------------------
http://heise.de/-2596908
*** Most top corporates still Heartbleeding over the internet ***
---------------------------------------------
Australia crowned global head-in-sand champion A depressing 76 percent of the top 2000 global organisations have public facing systems still exposed to Heartbleed, researchers say.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/04/08/still_bleed…
*** Your home automation things are a security nightmare ***
---------------------------------------------
Veracode tests leave lazy devs red-faced Its not just home broadband routers that have hopeless security: according to security outfit Veracode, cloudy home automation outfits also need to hang their collective heads in shame.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/04/08/your_home_a…
*** Why cybersecurity is vital during the vendor selection process ***
---------------------------------------------
You likely have a list of criteria to check through during the hiring process of a vendor, but if you havent added cybersecurity standards to that list, you should.
---------------------------------------------
http://www.scmagazine.com/why-cybersecurity-is-vital-during-the-vendor-sele…
*** l+f: Updated euer WordPress oder ISIS kommt! ***
---------------------------------------------
Das FBI schlägt Alarm: Sympathisanten des Islamischen Staates hacken haufenweise WordPress-Seiten.
---------------------------------------------
http://heise.de/-2596912
*** Guide outlines specifications of smart card-based PACS ***
---------------------------------------------
Smart cards are increasingly accepted as the credential of choice for securely authenticating identity, determining appropriate levels of information access and controlling physical access. To furt...
---------------------------------------------
http://www.net-security.org/secworld.php?id=18179
*** A flawed ransomware encryptor ***
---------------------------------------------
Last autumn, we discovered the first sample of an interesting new encryptor, TorLocker. The Trojan encrypts all files with AES-256 + RSA-2048 and uses the Tor network to contact its "owners".
---------------------------------------------
http://securelist.com/blog/research/69481/a-flawed-ransomware-encryptor/
*** New Tor version fixes issues that can crash hidden services and clients ***
---------------------------------------------
Two new versions of the Tor anonymity software have been released on Tuesday, with fixes for two security issues that can be exploited to crash hidden services and clients visiting them. The first ...
---------------------------------------------
http://www.net-security.org/secworld.php?id=18180
*** Don't judge the risk by the logo ***
---------------------------------------------
It's been almost a year since the OpenSSL Heartbleed vulnerability, a flaw which started a trend of the branded vulnerability, changing the way security vulnerabilities affecting open-source software are being reported and perceived. Vulnerabilities are found and fixed all the...
---------------------------------------------
https://securityblog.redhat.com/2015/04/08/dont-judge-the-risk-by-the-logo/
*** NTP Project ntpd reference implementation contains multiple vulnerabilities ***
---------------------------------------------
NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks.
---------------------------------------------
https://www.kb.cert.org/vuls/id/374268
*** Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products ***
---------------------------------------------
cisco-sa-20150408-ntpd
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability ***
---------------------------------------------
cisco-sa-20150408-cxfp
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Multiple Vulnerabilities in Cisco ASA Software ***
---------------------------------------------
cisco-sa-20150408-asa
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** HPSBHF03310 rev.1 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code ***
---------------------------------------------
Potential security vulnerabilities have been identified with certain HP Thin Clients running Windows Embedded Standard 7 (WES7) and Windows Embedded Standard 2009 (WES09) and all versions of HP Easy Deploy. The vulnerabilities could be exploited remotely to allow elevation of privilege and execution of code.
---------------------------------------------
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04629160
*** SSA-487246 (Last Update 2015-04-08): Vulnerabilities in SIMATIC HMI Devices ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit…
*** FreeBSD IPv6 Router Advertisement Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1032043
*** DSA-3214 mailman - security update ***
---------------------------------------------
A path traversal vulnerability was discovered in Mailman, the mailinglist manager. Installations using a transport script (such aspostfix-to-mailman.py) to interface with their MTA instead of staticaliases were vulnerable to a path traversal attack. To successfullyexploit this, an attacker needs write access on the local file system.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3214
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 03-04-2015 18:00 − Dienstag 07-04-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** On Demand Webinar: Monitoring Linux/UNIX Privileged Users ***
---------------------------------------------
On Demand Webinar - Randy Franklin Smith looks at how to audit what admins do inside Linux and UNIX with sudo's logging capabilities. Then, the BeyondTrust team will walk through how to augment sudo for complete control and auditing over UNIX and Linux user activity.
---------------------------------------------
http://blog.beyondtrust.com/on-demand-webinar-monitoring-linuxunix-privileg…
*** Dyre Wolf malware steals more than $1 million, bypasses 2FA protection ***
---------------------------------------------
Campaign is crude and brazen, but rakes in cash anyway.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/dSucTqiLvNI/
*** Angler Exploit Kit Utilizing 302 Cushioning and Domain Shadowing ***
---------------------------------------------
Overview Angler Exploit Kit is one of the most prevalent and advanced exploit kits in use today and is continually evolving. Angler continues to utilize malvertising to push landing pages and malicious actors are still registering domains solely for serving exploits, but recently, weve noticed an increase in two new infection vectors - 302 Cushioning and Domain Shadowing. 302 Cushioning, or a
---------------------------------------------
http://feedproxy.google.com/~r/zscaler/research/~3/JUMaL-rqARE/angler-explo…
*** Bugs in Tor exploited to run DoS against black markets ***
---------------------------------------------
A severe vulnerability in Tor network was exploited by attackers to run denial of service attacks against two underground black markets. An operator of an underground black market hosted on the Tor network revealed that hit site suffered a DoS attack that exploited a flaw in Tor architecture. The event is not isolated, a similar...
---------------------------------------------
http://securityaffairs.co/wordpress/35663/hacking/bugs-in-tor-dos.html
*** Bring Out Your Dead: An Update on the PCI relevance of SSLv3 ***
---------------------------------------------
In October, a tidal wave of discussion surrounding SSLv3 hit the information security community with the release of the POODLE attack vector. This served to heat up existing discussions about when and how organizations would give SSLv3 the final thump...
---------------------------------------------
https://www.ambiron.com/Resources/SpiderLabs-Blog/Bring-Out-Your-Dead--An-U…
*** A severe arbitrary code execution in BitTorrent Sync affects various products ***
---------------------------------------------
A security expert has discovered a severe vulnerability in BitTorrent Sync that can be exploited by a remote attacker to execute arbitrary code on a vulnerable machine. The security expert Andrea Micalizzi, also known as "rgod", has discovered a serious vulnerability in BitTorrent Sync (CVE-2015-2846) can be exploited by a remote attacker to execute arbitrary code.
---------------------------------------------
http://securityaffairs.co/wordpress/35752/hacking/severe-flaw-bittorrent-sy…
*** SS7-Schwachstellen: Firewalls sollen Angriffe mildern ***
---------------------------------------------
Die Probleme im Protokoll SS7 lassen sich nicht ohne weiteres absichern, denn es wurden dafür nie entsprechende Sicherheitsmaßnahmen implementiert. Mit Firewalls können Provider Schwachstellen zumindest abmildern.
---------------------------------------------
http://www.golem.de/news/ss7-schwachstellen-firewalls-sollen-angriffe-milde…
*** Fuzzing: Wie man Heartbleed hätte finden können ***
---------------------------------------------
Vor einem Jahr machte der Heartbleed-Bug in OpenSSL Schlagzeilen - doch solche Bugs lassen sich mit Hilfe von Fuzzing-Technologien aufspüren. Wir haben das mit den Tools American Fuzzy Lop und Address Sanitizer nachvollzogen und den Heartbleed-Bug neu entdeckt.
---------------------------------------------
http://www.golem.de/news/fuzzing-wie-man-heartbleed-haette-finden-koennen-1…
*** Firefox-Update: Mozilla schaltet opportunistische Verschlüsselung wieder aus ***
---------------------------------------------
Nicht mal eine Woche nach Firefox 37 muss Mozilla nun Firefox 37.0.1 nachlegen. Das Sicherheits-Feature "opportunistic encryption" kann missbraucht werden, um die Sicherheit von SSL/TLS-Verbindungen zu untergraben und wurde wieder entfernt.
---------------------------------------------
http://heise.de/-2596576
*** Cell Phone Opsec ***
---------------------------------------------
Heres an article on making secret phone calls with cell phones. His step-by-step instructions for making a clandestine phone call are as follows: Analyze your daily movements, paying special attention to anchor points (basis of operation like home or work) and dormant periods in schedules (8-12 p.m. or when cell phones arent changing locations); Leave your daily cell phone behind...
---------------------------------------------
https://www.schneier.com/blog/archives/2015/04/cell_phone_opse.html
*** ZDI-15-112: ManageEngine Desktop Central MSP InventorySWMeteringServlet domain File Upload Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-112/
*** ZDI-15-113: ManageEngine OpManager MultipartRequestServlet filename File Upload Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-113/
*** ZDI-15-114: ManageEngine Desktop Central MSP AndroidCheckInServlet UDID Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-114/
*** ZDI-15-115: BitTorrent Sync btsync: Protocol Command Injection Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent Sync. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-115/
*** ZDI-15-116: IBM Lotus Domino SSL2 Client Master Key Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-116/
*** ZDI-15-117: IBM Lotus Domino LDAP ModifyRequest add Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Domino. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-117/
*** Security Advisory: OpenSSL vulnerability CVE-2015-0287 ***
---------------------------------------------
(SOL16318)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16318.htm…
*** Security Advisory: OpenSSL vulnerability CVE-2009-5146 ***
---------------------------------------------
(SOL16337)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16337.htm…
*** Security Advisory: Multiple MySQL vulnerabilities ***
---------------------------------------------
(SOL16355)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16355.htm…
*** SA-CONTRIB-2015-065 - Registration codes - Multiple vulnerabilities ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-065Project: Registration codes (third-party module)Version: 6.x, 7.xDate: 2015-March-04 Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Scripting, Cross Site Request ForgeryDescriptionRegistration codes module allows new account registrations only for users who provide a valid registration code. The module was not properly sanitizing user supplied text in some pages, thereby exposing XSS
---------------------------------------------
https://www.drupal.org/node/2445955
*** OpenSSH 6.8 Insecure Functions ***
---------------------------------------------
Topic: OpenSSH 6.8 Insecure Functions Risk: Low Text:-=[Advanced Information Security Corp]=- Author: Nicholas Lemonias Report Date: 2/4/2015 Email: lem.nikolas (at) gmail ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015040029
*** IDM 4.0.2 ACF2 Driver Version 4.0.0.3 Patch 1 ***
---------------------------------------------
Abstract: IDM 4.0.2-4.5 Bi-Directional ACF2 Driver Version 4.0.0.3. This patch is for the Identity Manager 4.0.2 to 4.5 ACF2 Driver. Field patch for IDMLOAD.XMT, SAMPLIB.XMT, RACFEXEC.XMTDocument ID: 5206570Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm402acf2_4003.tar.gz (2.55 MB)Products:Identity Manager 4.0.2Identity Manager 4.5Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=oJ3evaNQb2M~
*** IDM 4.0.2 RACF Driver Version 4.0.0.11 Patch 3 ***
---------------------------------------------
Abstract: IDM 4.0.2-4.5 Bi-Directional RACF Driver Version 4.0.0.11. This patch is for the Identity Manager 4.0.2 to 4.5 RACF Driver. Field patch for IDMLOAD.XMT, SAMPLIB.XMT, RACFEXEC.XMTDocument ID: 5206551Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm402racf_40011.tar.gz (2.99 MB)Products:Identity Manager 4.0.2Identity Manager 4.5Superceded Patches:IDM 4.0.2 RACF Driver Version 4.0.0.8 Patch2
---------------------------------------------
https://download.novell.com/Download?buildid=6F0mcIA5UQs~
*** IDM 4.0.2-4.5 Top Secret Driver Version 3.6.1.10 Patch 1 ***
---------------------------------------------
Abstract: IDM 4.0.2-4.5 Bi-Directional Top Secret Driver Version 3.6.1.10. Field patch for IDMLOAD.XMT, SAMPLIB.XMT, TSSEXEC.XMTDocument ID: 5206590Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm402topsecret_36110.tar.gz (2.66 MB)Products:Identity Manager 4.0.2Identity Manager 4.5Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=_WYyICODfL8~
*** Cisco Wireless LAN Controller HTML Help Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38222
*** HPSBMU03296 rev.1 - HP BladeSystem c-Class Onboard Administrator running OpenSSL, Remote Denial of Service (DoS) ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP BladeSystem c-Class Onboard Administrator. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow a Denial of Service (DoS).
---------------------------------------------
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04599440
*** HPSBGN03306 rev.1 - HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL, Remote Denial of Service (DoS) ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS).
---------------------------------------------
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04626468
*** DFN-CERT-2015-0463 - Google Chrome, Chromium, Ubuntu oxide-qt: Mehrere Schwachstellen ermöglichen u. a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
07.04.2015
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0463/
*** Security Advisory: Persistent XSS in WP-Super-Cache ***
---------------------------------------------
Security Risk: Dangerous Exploitation level: Very Easy/Remote DREAD Score: 8/10 Vulnerability: Persistent XSS Patched Version: 1.4.4 During a routine audit for our Website Firewall (WAF), we discovered a dangerous Persistent XSS vulnerability affecting the very popular WP-Super-Cache plugin (more than a million active installs according to wordpress.org). The security issue, as well as another bug-fixRead More
---------------------------------------------
http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 02-04-2015 18:00 − Freitag 03-04-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Website Malware - The SWF iFrame Injector Evolves ***
---------------------------------------------
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invisible, ..
---------------------------------------------
http://blog.sucuri.net/2015/04/website-malware-the-swf-iframe-injector-evol…
*** Audit Concludes No Backdoors in TrueCrypt ***
---------------------------------------------
Auditors performing a cryptanalysis of TrueCrypt found four vulnerabilities, but zero backdoors in the popular open source encryption software.
---------------------------------------------
http://threatpost.com/audit-concludes-no-backdoors-in-truecrypt/111994
*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38194http://tools.cisco.com/security/center/viewAlert.x?alertId=38193http://tools.cisco.com/security/center/viewAlert.x?alertId=38210
*** The Fine Line Between Ad and Adware: A Closer Look at the MDash SDK ***
---------------------------------------------
Just last month, there were reports that Google removed three apps from its Play Store as they were discovered to be adware in disguise. At the time of the discovery, the apps were said to have been downloaded into millions of devices, ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/the-fine-line-be…
*** VMSA-2015-0003 ***
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
*** All in One SEO Pack <= 2.2.5.1 - Authentication Bypass ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7881
*** Schneider Electric VAMPSET Software Buffer Overflow Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a vulnerability in the Schneider Electric VAMPSET software.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-092-01
*** SSH Fingerprints Are Important, (Fri, Apr 3rd) ***
---------------------------------------------
Some years ago, I was preparing Cisco certification exams. I connected via SSH to a new Cisco router, and was presented with this familiar dialog: This made me think: before proceeding, I wanted to obtain the fingerprint out-of-band, via a trusted channel, so that I could verify it. So I took a ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19543
*** Android Security - 2014 in Review ***
---------------------------------------------
https://static.googleusercontent.com/media/source.android.com/en/us/devices…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 01-04-2015 18:00 − Donnerstag 02-04-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Phishing-Mails mit Anweisungen des Chefs oft erfolgreich ***
---------------------------------------------
Phishing-Mails werden immer raffinierter. So gibt es etwa getarnte Mails vom Boss an seine Mitarbeiter, Geld zu überweisen, die höchst erfolgreich sind.
---------------------------------------------
http://futurezone.at/digital-life/phishing-mails-mit-anweisungen-des-chefs-…
*** User Import - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-093 ***
---------------------------------------------
This module enables the import of users into Drupal, or the update of existing users, with data from a CSV file (comma separated file).Some management URLs were not properly protected. A malicious user could trick an administrator ..
---------------------------------------------
https://www.drupal.org/node/2463949
*** Password Policy - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-090 ***
---------------------------------------------
The Password Policy module allows enforcing restrictions on user passwords by defining password policies.The module doesnt sufficiently sanitize usernames in some administration pages, thereby exposing a Cross Site Scripting ..
---------------------------------------------
https://www.drupal.org/node/2463835
*** NewPosThings Has New PoS Things ***
---------------------------------------------
Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has…
*** Google suspends CNNIC from Chromes certificate store ***
---------------------------------------------
Chinese certificate authority told to re-apply.When a web client, such as a browser, attempts to make an HTTPS connection, it needs to know that no man-in-the-middle attack is taking place. The web server therefore proves its ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/04_02b.xml
*** Frühjahrsputz bei Chrome: Fast 200 Adware-Plug-ins fliegen raus ***
---------------------------------------------
Google räumt im Chrome Web Store auf und verbannt reihenweise Adware-Erweiterungen, die Millionen von Nutzern mit Werbung genervt haben. In Zukunft sollen derartige Plagegeister erst gar nicht im Web Store landen.
---------------------------------------------
http://heise.de/-2595248
*** E-Mail-Sicherheit: Gedächtnislücken und Darkmail-Ideen ***
---------------------------------------------
Die Internet Engineering Task Force hat sich die Vertraulichkeit der Internetprotokolle auf die Fahnen geschrieben. Was lässt sich bei E-Mails noch machen? Zum Beispiel Metadaten verbergen. Auch gibt es Versuche, sichere E-Mail handlicher zu machen.
---------------------------------------------
http://heise.de/-2595167
*** Using the docker command to root the host (totally not a security issue) ***
---------------------------------------------
It is possible to do a few more things more with docker besides working with containers, such as creating a root shell on the host, overwriting system configuration files, reading restricted stuff, etc.
---------------------------------------------
http://reventlov.com/advisories/using-the-docker-command-to-root-the-host
*** Analysis of a Romanian Botnet ***
---------------------------------------------
Recently I noticed some strange entries in our web server log files. Specifically, someone was trying to exploit our servers using the ShellShock vulnerability (CVE-2014-6271) to execute a ..
---------------------------------------------
http://blog.politoinc.com/2015/04/analysis-of-a-romanian-botnet/
*** Verschlüsselung: Truecrypt-Audit findet kleinere Sicherheitsprobleme ***
---------------------------------------------
Die zweite Phase des Audits für die Verschlüsselungssoftware Truecrypt ist beendet. Dabei wurden die kryptographischen Funktionen untersucht. Einige Sicherheitsprobleme wurden entdeckt, sie treten aber nur in seltenen Fällen auf.
---------------------------------------------
http://www.golem.de/news/verschluesselung-truecrypt-audit-findet-kleinere-s…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 31-03-2015 18:00 − Mittwoch 01-04-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38113http://tools.cisco.com/security/center/viewAlert.x?alertId=38118http://tools.cisco.com/security/center/viewAlert.x?alertId=38114http://tools.cisco.com/security/center/viewAlert.x?alertId=38124
*** The Resurrection of CVE-2011-2461 ***
---------------------------------------------
Security researchers Luca Carettoni and Mauro Gentile recently found during their research that even though Adobe has fixed an old vulnerability found in 2011 (CVE-2011-2461), its side effects still linger around the Internet. Your favorite ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/the-resurrection…
*** OWASP/WASC Distributed Web Honeypots Project Re-Launch - Seeking Participants ***
---------------------------------------------
The SpiderLabs Research Team is proud to announce that we are officially re-launching the Distributed Web Honeypots Project under the new joint OWASP/WASC project home! For those SpiderLabs Blog readers who follow our ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/OWASP/WASC-Distributed-…
*** Intro to E-Commerce and PCI Compliance - Part I ***
---------------------------------------------
Have you ever heard of the term Payment Card Industry (PCI)? Specifically, PCI compliance? If you have an e-commerce website, you probably have already heard about it. But do ..
---------------------------------------------
http://blog.sucuri.net/2015/03/intro-to-e-commerce-and-pci-compliance-part-…
*** Inductive Automation Ignition Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for several vulnerabilities in Inductive Automation's Ignition Software.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-090-01
*** Ecava IntegraXor DLL Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for two DLL loading vulnerabilities in Ecava's IntegraXor SCADA Server.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-090-02
*** Hospira MedNet Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for four vulnerabilities in Hospira's MedNet server software.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-090-03
*** Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-15-085-01 Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities, ..
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-085-01A
*** Rig Exploit Kit Changes Traffic Patterns, (Wed, Apr 1st) ***
---------------------------------------------
Sometime within the past month, Rig exploit kit (EK) changed URL structure." /> Notice the PHPSSESID and ?req= patterns in the above example." /> Now, we dont see the PHPSSESID and ?req= patterns. Lets take a closer look at the more ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19533
*** Multiple Xen-vulnerabilities ***
---------------------------------------------
http://www.securitytracker.com/id/1031994http://www.securitytracker.com/id/1031998http://www.securitytracker.com/id/1031997
*** Crypto-Ransomware Sightings and Trends for 1Q 2015 ***
---------------------------------------------
It seems that cybercriminals have yet to tire of creating crypto-ransomware malware. Since the start of 2015, we have spotted several variants of crypto-ransomware plague the threat landscape. In January, the Australia-New Zealand region was beset by variants of TorrentLocker. But we soon ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/crypto-ransomwar…
*** Firefox 37 verbessert Browser-Sicherheit ***
---------------------------------------------
Es ist wieder einmal Update-Zeit bei Mozilla: Mit Firefox 37 gibt es nun also eine neue Version des Browsers, die vor allem Sicherheitsverbesserungen verspricht.
---------------------------------------------
http://derstandard.at/2000013734909
*** A timeline of mobile botnets ***
---------------------------------------------
With the recent explosion in smartphone usage, malware authors have increasingly focused their attention on mobile devices, leading to a steep rise in mobile malware over the past couple of years. In this paper, Ruchna Nigam focuses on mobile botnets, drawing up an inventory of types of known mobile bot variants.
---------------------------------------------
https://www.virusbtn.com/virusbulletin/archive/2015/03/vb201503-mobile-botn…
*** Google: Fünf Prozent aller Nutzer haben Adware auf ihren Rechnern ***
---------------------------------------------
Bei mehr als einem Drittel davon sind es sogar mehr als vier Tools, die Werbung in Webseiten injizieren
---------------------------------------------
http://derstandard.at/2000013745151
*** Smartes Türschloss August war zu gastfreundlich ***
---------------------------------------------
Durch eine Lücke in vernetzten Türschlossern konnten sich deren Besitzer unangemeldet untereinander besuchen.
---------------------------------------------
http://heise.de/-2593822
*** JOSE - JSON Object Signing and Encryption ***
---------------------------------------------
Federated Identity Management has become very widespread in past years - in addition to enterprise deployments a lot of popular web services allow users to carry their identity over multiple sites. Social networking ..
---------------------------------------------
https://securityblog.redhat.com/2015/04/01/jose-json-object-signing-and-enc…
*** DNS/AXFR: Nameserver verraten Geheim-URLs ***
---------------------------------------------
Das DNS-Protokoll hat eine Funktion, mit der man umfangreiche Informationen zu einer Domain abfragen kann. Dieser sogenannte AXFR-Transfer ist normalerweise ..
---------------------------------------------
http://www.golem.de/news/dns-axfr-nameserver-verraten-geheim-urls-1504-1132…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 30-03-2015 18:00 − Dienstag 31-03-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** New reconnaissance threat Trojan.Laziok targets the energy sector ***
---------------------------------------------
A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised ..
---------------------------------------------
http://www.symantec.com/connect/blogs/new-reconnaissance-threat-trojanlazio…
*** WordPress Leads 1.6.1-1.6.2 - Persistent XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7871
*** Drive-by code and Phishing on Swiss websites in 2014 ***
---------------------------------------------
In 2014, about 1,800 Swiss websites were cleaned from drive-by code, compared with 2,700 in 2013, a decline of 33%. At the same time, the number of phishing cases affecting .ch and .li ..
---------------------------------------------
http://securityblog.switch.ch/2015/03/31/drive-by-phishing-swiss-websites-2…
*** Citrix Command Center Bugs Let Remote Users Download Files and Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1031993
*** VB2015 conference programme announced ***
---------------------------------------------
>From drones to elephants: an exciting range of topics will be covered in Prague.In six months time, security researchers from around the world will gather in Prague for the 25th Virus Bulletin conference. Today we are excited to reveal the conference programme.As every year, the selection committees task ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/03_31.xml?rss
*** IoT Research - Smartbands ***
---------------------------------------------
One of the big trends in sphere of health and fitness are fitness trackers such as smartbands. Tracking devices and their mobile applications from three leading vendors were inspected in this report to shed some light on the current ..
---------------------------------------------
http://securelist.com/analysis/publications/69412/iot-research-smartbands/
*** Chinas Man-on-the-Side Attack on GitHub ***
---------------------------------------------
We have looked closer at this attack, and can conclude that China is using their active and passive network infrastructure in order to perform a man-on-the-side attack against GitHub. See our "TTL analysis" at the end of ..
---------------------------------------------
http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-…
*** Hacking Browsers: Are Browsers the Weakest Link of the Security Chain? ***
---------------------------------------------
Current scenario The number of cyber attacks is constantly increasing, and according to security experts they grow even more sophisticated. The security firm Secunia has recently released its annual study of trends in software vulnerabilities, an interesting report that highlights the ..
---------------------------------------------
http://resources.infosecinstitute.com/hacking-browsers-are-browsers-the-wea…
*** The sad state of SMTP encryption ***
---------------------------------------------
This is a quick recap of why Im sad about SMTP encryption. It explains how TLS certificate verification in SMTP is useless even if you force it.
---------------------------------------------
https://blog.filippo.io/the-sad-state-of-smtp-encryption/
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 27-03-2015 18:00 − Montag 30-03-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** iOS, OS X Library AFNetwork Patches MiTM Vulnerability ***
---------------------------------------------
Until yesterday, a popular networking library for iOS and OS X, used by several apps like Pinterest and Simple was susceptible to SSL man-in-the-middle (MiTM) attacks.
---------------------------------------------
http://threatpost.com/ios-os-x-library-afnetwork-patches-mitm-vulnerability…
*** Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38079
*** Privilege Escalation in TYPO3 Neos ***
---------------------------------------------
http://www.typo3.org/news/article/privilege-escalation-in-typo3-neos/
*** Offenbar schwerwiegendes Datenleck bei Uber ***
---------------------------------------------
Offenbar kursieren im Dark Web zurzeit Zugangsdaten zu Tausenden von Nutzerkonten des Fahrdienstes Uber. Diese werden zu Spottpreisen von mehreren Anbietern laut Motherboard verhökert. Die Datensätze enthalten demnach Benutzername, Passwort und die letzten Ziffern, sowie das Verfallsdatum der ..
---------------------------------------------
http://derstandard.at/2000013594365
*** British Airways: Hacker hatten Zugriff auf Bonusmeilen ***
---------------------------------------------
In einem offenbar automatisierten Angriff auf Konten des British Airways Executive Club ist es Einbrechern möglicherweise gelungen, die Bonusmeilen einiger Kunden abzugreifen.
---------------------------------------------
http://www.golem.de/news/british-airways-hacker-hatten-zugriff-auf-bonusmei…
*** Announcing tlscompare.org ***
---------------------------------------------
As part of an ongoing project on increasing TLS security we are today announcing https://tlscompare.org This webpage is about evaluating a massive extension of the ruleset for HTTPSEverywhere, a browser extension for Chrome and Firefox which ..
---------------------------------------------
https://www.sba-research.org/2015/03/30/announcing-tlscompare-org/
*** Newsletter 3.7.0 - Open Redirect ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7868
*** Projekt-Hosting: Tagelanger DDoS-Angriff auf Github ***
---------------------------------------------
Seit Donnerstag läuft die grösste DDoS-Attacke auf Github seit dem Entstehen des Dienstes. Experten vermuten, der Angriff gehe von chinesische Behörden aus, bestätigt wird das durch den Projekt-Hoster aber nicht.
---------------------------------------------
http://www.golem.de/news/projekt-hosting-tagelanger-ddos-angriff-auf-github…
*** Security Attacks via Malicious QR Codes ***
---------------------------------------------
With the increasing use of smartphones, QR codes are becoming popular. Recently, WhatsApp launched its web version, which needs QR code scanning to access the web version of WhatsApp. So, many people now know what QR code is, but still more are unaware. It is very similar to a bar code we ..
---------------------------------------------
http://resources.infosecinstitute.com/security-attacks-via-malicious-qr-cod…
*** OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=36956
*** Ad Networks Ripe for Abuse Via Malvertising ***
---------------------------------------------
Criminals have found a safe haven abusing legitimate processes, such as real-time bidding, implemented by online advertising networks to move exploits and malware, and build botnets and fraud campaigns.
---------------------------------------------
http://threatpost.com/ad-networks-ripe-for-abuse-via-malvertising/111840
*** WordPress Plugin - Revslider update captions CSS file critical vulnerability ***
---------------------------------------------
Today being another day at work for SecureLayer7 to recover our client's defaced website, and bang I think I hit upon a nasty vulnerability of a famous plugin. Although we successfully patched the vulnerability and we fixed the undoing of the blacklisting. On further research I stumbled ..
---------------------------------------------
http://blog.securelayer7.net/wordpress-plugin-revslider-update-captions-css…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 26-03-2015 18:00 − Freitag 27-03-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Cisco Wireless LAN Controller Task Name aaaQueueReader Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38076
*** Verschlüsselung: Kryptographen zeigen neue Angriffe gegen RC4 ***
---------------------------------------------
Eine bislang wenig beachtete Schwäche von RC4 nutzt der Kryptograph Itsik Mantin für seine neue Angriffsmethode. Ein weiterer kürzlich vorgestellter Angriff betrifft IMAP-Verbindungen.
---------------------------------------------
http://www.golem.de/news/verschluesselung-rc4-erneut-unter-beschuss-1503-11…
*** Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for vulnerabilities in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014. Schneider Electric has released new patches that mitigate these vulnerabilities.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-085-01
*** Beta Bot Trojan ***
---------------------------------------------
In this article, I would like to show how an analysis is performed on the Beta Bot trojan to identify its characteristics. The Beta Bot trojan, classified as Troj/Neurevt-A, is a dangerous trojan. This trojan is transferred to the victim machine through a phishing email, and the user downloads the files disguised ..
---------------------------------------------
http://resources.infosecinstitute.com/beta-bot-trojan/
*** Cisco NX-OS Software DHCP Options Command Injection Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38062
*** Microsoft will Windows-Lücke nicht schliessen ***
---------------------------------------------
Google entdeckt Fehler, über den sich einfache Nutzer Systemrechte verschaffen können.
---------------------------------------------
http://derstandard.at/2000013551658
*** The bizarre, pre-internet history of ransomware ***
---------------------------------------------
Two months ago, I wrote a short article about helping my mother deal with CryptoWall 2.0., a form of computer virus more broadly known as ransomware. Basically what happens is this: You flip open your laptop to find you have been locked out of all your files. Then a ransom note hovers into view, written ..
---------------------------------------------
https://medium.com/un-hackable/the-bizarre-pre-internet-history-of-ransomwa…
*** Baidu's traffic hijacked to DDoS GitHub.com ***
---------------------------------------------
As a Chinese living outside of China, I frequently visit Chinese websites, many of which use advertising and visitor tracking provided by Baidu, the largest search engine available in China. As I was browsing one of the most popular ..
---------------------------------------------
http://insight-labs.org/?p=1682
*** Vulnerability: CVE-2015-0932 ***
---------------------------------------------
ANTLabs InnGate devices are a popular Internet gateway for visitor-based networks. They're commonly installed in hotels, convention centers and other places that provide temporary guests access to a WiFi connection. If you've ever used WiFi in a hotel, you're familiar with these types of devices as they are typically tied to a specific room number for billing purposes.
---------------------------------------------
http://blog.cylance.com//spear-team-cve-2015-0932
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 25-03-2015 18:00 − Donnerstag 26-03-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Pin-up on your Smartphone!, (Thu, Mar 26th) ***
---------------------------------------------
Yeah, okay, I admit that headline is cheap click bait. Originally, it said Certificate Pinning on Smartphones. If you are more interested in pin-ups on your smartphone, I fear youll have to look elsewhere :). Recently, an email provider that I use changed their Internet-facing services completely. I hadnt seen any announcement that this would happen, and the provider likely thought that since the change was transparent to the customer, no announcement was needed. But Im probably a tad more...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19513&rss
*** Data lurking: How to protect your company against overlooked insider threats ***
---------------------------------------------
Enterprises often fear hackers as their number one security threat. However, they should be more scared of what happens internally. More often than not, data breaches come from employees or system err...
---------------------------------------------
http://www.net-security.org/article.php?id=2245
*** Setting issue in Windows 7 and 8.1 could allow privilege escalation ***
---------------------------------------------
Experts of the Project Zero have disclosed a proof-of-concept for the exploitation of a default setting in Windows 7, 8.1 that allow privilege escalation. A new security issue threatens users of Windows 7 and 8.1, this time experts are warning about a default setting in both OSs that could allow local users to elevate privileges...
---------------------------------------------
http://securityaffairs.co/wordpress/35318/hacking/win-7-and-8-1-privilege-e…
*** Security Harden CentOS 7 ***
---------------------------------------------
This HowTo walks you through the steps required to security harden CentOS 7, it's based on the OpenSCAP benchmark, unfortunately the current version of OpenSCAP that ships with CentOS does not offically support CentOS CPEs. But there is a "workaround" that will allow OpenSCAP + OpenSCAP workbench to run on CentOS, I'll document this in a separate post.
---------------------------------------------
http://highon.coffee/blog/security-harden-centos-7/
*** Encryption Solutions for the New World ***
---------------------------------------------
Keeping personal information secure and protected remains a top priority for computer users who now rely heavily on information systems to manage a large part of their personal and business lives. One of the ways to make sure only authorized users have access to information is the use of encryption, a process that transforms data...
---------------------------------------------
http://resources.infosecinstitute.com/encryption-solutions-for-the-new-worl…
*** Who Is the Antidetect Author? ***
---------------------------------------------
Earlier this month I wrote about Antidetect, a commercial tool designed to help thieves evade fraud detection schemes employed by many e-commerce companies. That piece walked readers through a sales video produced by the author of Antidetect showing the software being used to buy products online with stolen credit cards. Today, well take a closer look at clues to a possible real-life identity of this tools creator.
---------------------------------------------
http://krebsonsecurity.com/2015/03/who-is-the-antidetect-author/
*** Hacking-Kit für Steuergeräte im Auto ***
---------------------------------------------
Ein Hacking-Toolkit soll dabei helfen, IT-Sicherheitslücken bei Autos aufzudecken. Ziel ist es, die Hersteller zu mehr Sorgfalt bei diesem Thema zu bewegen.
---------------------------------------------
http://heise.de/-2585225
*** Verschlüsselung: RC4 erneut unter Beschuss ***
---------------------------------------------
Auf der Black Hat Asia hat der Kryptograph Itsik Mantin neue Angriffsmethoden gegen die RC4-Verschlüsselung vorgestellt. Den Grundstein dazu hatte Mantin bereits vor 13 Jahren gelegt. Davon unabhängig wurde kürzlich ein weiterer Angriff gegen RC4 vorgestellt, der IMAP-Verbindungen betrifft.
---------------------------------------------
http://www.golem.de/news/verschluesselung-rc4-erneut-unter-beschuss-1503-11…
*** WordPress Malware Causes Psuedo-Darkleech Infection ***
---------------------------------------------
Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses. It's difficult to detect because the malware is only active when both server and site admins are not logged in, and the iFrame is only injected once a dayRead More
---------------------------------------------
http://blog.sucuri.net/2015/03/pseudo-darkleech-server-root-infection.html
*** VMSA-2015-0001.2 ***
---------------------------------------------
VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0001.html
*** DFN-CERT-2015-0416 - Citrix Command Center: Zwei Schwachstellen ermöglichen die Übernahme des Systems ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0416/
*** EMC Isilon OneFS Privilege Escalation ***
---------------------------------------------
Topic: EMC Isilon OneFS Privilege Escalation Risk: Medium Text:ESA-2015-049: EMC Isilon OneFS Privilege Escalation Vulnerability EMC Identifier: ESA-2015-049 CVE Identifier: CVE-2015-...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015030182
*** Security Advisories for Drupal Third-Party Modules ***
---------------------------------------------
*** Linear Case - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-084 ***
https://www.drupal.org/node/2459327
*** Webform Multiple File Upload - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-083 ***
https://www.drupal.org/node/2459323
*** Crumbs - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-082 ***
https://www.drupal.org/node/2459315
*** Petition - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-081 ***
https://www.drupal.org/node/2459311
*** Invoice - Moderately Critical - Multiple vulnerabilities - Unsupported - SA-CONTRIB-2015-085 ***
https://www.drupal.org/node/2459337
*** Ubercart Webform Checkout Pane - Moderately Critical - Cross Site Scripting (XSS) - Unsupported - SA-CONTRIB-2015-087 ***
https://www.drupal.org/node/2459359
*** Decisions - Moderately Critical - Cross Site Scripting (XSS) - Unsupported - SA-CONTRIB-2015-086 ***
https://www.drupal.org/node/2459349
*** Decisions - Moderately Critical - Cross Site Request Forgery (CSRF) - Unsupported - SA-CONTRIB-2015-086 ***
https://www.drupal.org/node/2459349
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 24-03-2015 18:00 − Mittwoch 25-03-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Patched Flash Vulnerability Now Part of Exploit Kit (March 20, 2015) ***
---------------------------------------------
A vulnerability in Adobes Flash Player that was patched on March 12 has already been added to an exploit kit.......
---------------------------------------------
http://www.sans.org/newsletters/newsbites/r/17/23/200
*** Macro-based Malware Increases Along with Spam Volume, Now Drops BARTALEX ***
---------------------------------------------
Early this year Microsoft reported an increase in macro-related threats being used to spread malware via spam. Similarly, we've been seeing a drastic increase in spammed emails with attached Microsoft Word documents and Microsoft Excel spreadsheets that come with embedded macros. Macros are a set of commands or code that are meant to help automate...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/EHquGcibJew/
*** 15,435 vulnerabilities across 3,870 applications were recorded in 2014 ***
---------------------------------------------
In 2014, 15,435 vulnerabilities were discovered according to data from Secunia Research. The vulnerabilities are spread across 3,870 applications published by 500 different vendors, and these numbers ...
---------------------------------------------
http://www.net-security.org/secworld.php?id=18132
*** l+f: XXSs not dead ***
---------------------------------------------
Nur weil es keine Schlagzeilen mehr macht, ist es noch lange nicht aus der Welt. Das beweist etwa eine XSS-Lücke bei Amazon.
---------------------------------------------
http://heise.de/-2584311
*** Multifunctional Vawtrak malware now updated via favicons ***
---------------------------------------------
The Vawtrak (aka Snifula) multifunctional malware has been around since mid-2013. Its information-stealing, backdoor and spying capabilities deservedly earned it the description as the "Swiss army kni...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2997
*** Not using IPv6? Are you sure? ***
---------------------------------------------
Internet Protocol version 6 (IPv6) has been around for many years and was first supported in Red Hat Enterprise Linux 6 in 2010. Designed to provide, among other things, additional address space on the ever-growing Internet, IPv6 has only recently...
---------------------------------------------
https://securityblog.redhat.com/2015/03/25/security-considerations-regardin…
*** PHP 5.5.23 is available, (Wed, Mar 25th) ***
---------------------------------------------
>From the fine folks at php.net: The PHP development team announces the immediate availability of PHP 5.5.23. Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP 5.5 users are encouraged to upgrade to this version. (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19507&rss
*** F-Secure: FSC-2015-2: PATH TRAVERSAL VULNERABILITY, (Wed, Mar 25th) ***
---------------------------------------------
F-Secure has announced a security vulnerability affecting their corporate and consumer protection products. The details are available here: https://www.f-secure.com/en/web/labs_global/fsc-2015-2
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19509&rss
*** Researcher finds backdoor opened by Dells helper app ***
---------------------------------------------
A security researcher has discovered a serious bug in Dell System Detect, the software Dell users are urged to use to download the appropriate drivers for their machines. The flaw can be exploited by ...
---------------------------------------------
http://www.net-security.org/secworld.php?id=18134
*** Flash in 2015 ***
---------------------------------------------
In the past few years, web exploits had three main targets: Internet Explorer, Java, and Flash. In 2013, the popularity of Java exploits peaked. Bug hunters became really good at finding Java bugs, and corrupting the security manager was a convenient exploitation technique. Multiple exploit campaigns used Java zero-days, and exploit kits (EK) universally adopted these exploits.
In January of 2014, however, Oracle blocked the execution of unsigned applets by default, and exploit authors largely abandoned Java. The change left Internet Explorer and Adobe Flash as the next best targets. Both IE and Flash received attention from exploit developers, but in June of 2014, Microsoft began rolling out heap corruption mitigations such as an isolated heap and delayed frees for IE. Exploit developers again, needed to shift their focus.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/03/flash_in_2015.html
*** Guest talk: "Large-scale Automated Software Diversity - Programming Language Technology to Enhance System Security" ***
---------------------------------------------
26/03/2015 - 10:00 am - 11:00 am SBA Research Favoritenstraße 16 1040 Wien
---------------------------------------------
https://www.sba-research.org/events/guest-talk-large-scale-automated-softwa…
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco IOS XR Software DHCPv4 Server Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=38006
*** Cisco Mobility Service Engine Password Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=38007
*** Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2014-3566, CVE-2014-6457, CVE-2014-6593, CVE-2015-0410) ***
http://www.ibm.com/support/docview.wss?uid=swg21699013
*** IBM Security Bulletin: NTP vulnerabilities affect IBM SmartCloud Entry (CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022036
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0206) ***
http://www.ibm.com/support/docview.wss?uid=swg21697205
*** IBM Security Bulletin: IBM Cloud Manager with OpenStack Nova Vulnerability (CVE-2014-3708) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022097
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime Technology Edition affect Rational Functional Tester (CVE-2014-3065, CVE-2014-3566, CVE-2014-6511) ***
http://www.ibm.com/support/docview.wss?uid=swg21693297
*** IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Content Collector for SAP Applications (CVE-2015-0138, CVE-2014-8730) ***
http://www.ibm.com/support/docview.wss?uid=swg21699263
*** IBM Security Bulletin : Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and WebSphere Message Broker ***
http://www.ibm.com/support/docview.wss?uid=swg21697107
*** IBM Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect Rational DOORS Web Access (CVE-2014-6593, CVE-2015-0410, CVE-2015-0138) ***
http://www.ibm.com/support/docview.wss?uid=swg21697068
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2014-6549) (CVE-2015-0408) (CVE-2015-0412) (CVE-2015-0395) (CVE-2015-0403) (CVE-2015-0406) (CVE-2015-0410) ***
http://www.ibm.com/support/docview.wss?uid=swg21699907
*** DFN-CERT-2015-0399 GnuTLS: Mehrere Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0399/
*** GE and MACTek HART Device DTM Vulnerability (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-15-036-01 GE and MACTek HART Device DTM Vulnerability that was published February 5, 2015, on the NCCIC/ICS-CERT web site. This advisory provides mitigation details for an improper input vulnerability in the HART Device Type Manager (DTM) library utilized in GE and MACTek's HART Device DTM.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-036-01A
*** Random Article component for Joomla! multiple SQL injection ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/101773