=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 11-08-2015 18:00 − Mittwoch 12-08-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** MS15-AUG - Microsoft Security Bulletin Summary for August 2015 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS15-AUG
*** Adobe, MS Push Patches, Oracle Drops Drama ***
---------------------------------------------
Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software. Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system. Not to be left out of Patch Tuesday, Oracles chief security officer lobbed something ..
---------------------------------------------
http://krebsonsecurity.com/2015/08/adobe-ms-push-patches-oracle-drops-drama/
*** Defending against CVE-2015-1769: a logical issue exploited via a malicious USB stick ***
---------------------------------------------
Today Microsoft released update MS15-085 to address CVE-2015-1769, an important severity security issue in Mount Manager. It affects both client and server versions, from Windows Vista to Windows 10. The goal of this blog post ..
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-201…
*** MSRT August 2015: Vawtrak ***
---------------------------------------------
As part of our ongoing effort to provide better malware protection, we are adding the following detections to the Microsoft Malicious Software Removal Tool (MSRT) this month: Win32/Vawtrak Win32/Critroni Win32/Kasidet Critroni is a ransomware malware family that can lock your files and ask ..
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/08/11/msrt-august-2015-vawtrak…
*** Emerging ransomware: Troldesh ***
---------------------------------------------
Troldesh (detected as variants of Win32/Troldesh) started to show up in the early part of 2015 and became more prevalent in June this year. Overall detections have so far lessened in July - except for a notable spike around the 8th of the month, ..
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/08/09/emerging-ransomware-trol…
*** OpenSSH 7.0 Released ***
---------------------------------------------
An anonymous reader writes: Today the OpenSSH project maintainers announced the release of version 7.0. This release is focusing on deprecating weak and unsafe cryptographic methods, though some of the work wont be complete until 7.1. This release removes support for the following: the legacy SSH v1 protocol, ..
---------------------------------------------
http://it.slashdot.org/story/15/08/11/2340247/openssh-70-released
*** IoT security is RUBBISH says IoT vendor collective ***
---------------------------------------------
Online Trust Alliance calls on gadget vendors to stop acting like clowns A vendor group whose membership includes Microsoft, Symantec, Verisign, ADT and TRUSTe reckons the Internet of Things (IoT) market is being pushed with no regard to either ..
---------------------------------------------
http://www.theregister.co.uk/2015/08/12/iot_security_is_rubbish_says_iot_ve…
*** KCI-Angriff auf TLS missbraucht Clientzertifikate ***
---------------------------------------------
Ein komplexer Angriff nutzt eine trickreiche Kombination aus Clientzertifikaten und einem statischen Diffie-Hellman-Schlüsselaustausch. Der Angriff ist nur in sehr speziellen Situationen relevant, doch es zeigt sich wieder einmal, dass das TLS-Protokoll selbst Sicherheitslücken hat.
---------------------------------------------
http://www.golem.de/news/schluesselaustausch-kci-angriff-auf-tls-missbrauch…
*** Hacker ermöglichen Börsen-Insidergeschäfte in Millionenhöhe ***
---------------------------------------------
Pressemitteilungen beinhalten gelegentlich Informationen, die an der Börse viel Geld wert sind - vor allem, wenn sie vor ihrer Veröffentlichung in die Hände von Tätern gelangen, die damit Insidergeschäfte machen. In den USA wurde ein Verbrecherring zerschlagen, der über 100 Millionen US-Dollar damit verdient haben soll.
---------------------------------------------
http://www.golem.de/news/pressemitteilungen-hacker-ermoeglichen-boersen-ins…
*** Schneider Electric IMT25 DTM Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a memory corruption vulnerability in Schneider Electric IMT25 DTM component.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-223-01
*** Blacklists miss 90% of malware blogged IP love ***
---------------------------------------------
Correlate all the things. Threat intelligence firm RecordedFuture says popular web blacklists are missing thousands of IP addresses linked to malware data theft.
---------------------------------------------
http://www.theregister.co.uk/2015/08/12/two_shady_men_walk_into_a_bar_black…
*** Security: Lenovos sanktioniertes Rootkit ***
---------------------------------------------
Nach einer kompletten Neuinstallation von Windows auf einem Lenovo-Laptop wurde zur Überraschung eines Anwenders plötzlich auch ein Lenovo-Dienst gestartet. Er vermutete eine Art Bios-Rootkit und lag damit offenbar gar nicht so falsch.
---------------------------------------------
http://www.golem.de/news/security-lenovos-sanktioniertes-rootkit-1508-11571…
*** Windows Service Accounts - Why They're Evil and Why Pentesters Love them! ***
---------------------------------------------
Windows Service Accounts have been one of those enterprise neccessary evils - things that you have to have, but nobody ever talks about or considers to be a problem. All too often, these service accounts are in the Domain Admins group, ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20029
*** August 2015 Security Update Release Summary ***
---------------------------------------------
Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are ..
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2015/08/11/august-2015-security-upd…
*** Thunderstrike 2: Mac firmware worm details ***
---------------------------------------------
This is the annotated transcript of our DefCon 23 / BlackHat 2015 talk, which presented the full details of Thunderstrike 2, the first firmware worm for Apples Macs that can spread via both software or Thunderbolt hardware accessories and writes ..
---------------------------------------------
https://trmm.net/Thunderstrike2_details
*** Firefox Under Fire: Anatomy of latest 0-day attack ***
---------------------------------------------
On the August 6th, the Mozilla Foundation released a security update for the Firefox web browser that fixes the CVE-2015-4495 vulnerability in Firefox's embedded PDF viewer, PDF.js. This vulnerability allows attackers to bypass the same-origin policy and execute JavaScript remotely that will be ..
---------------------------------------------
http://www.welivesecurity.com/2015/08/11/firefox-under-fire-anatomy-of-late…
*** Finding Vulnerabilities in Core WordPress: A Bug Hunter's Trilogy, Part II - Supremacy ***
---------------------------------------------
In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts - describing his long path of discovered flaws and vulnerabilities in ..
---------------------------------------------
http://blog.checkpoint.com/2015/08/11/finding-vulnerabilities-in-core-wordp…
*** SSD Advisory - ZendXml Multibyte Payloads XXE/XEE ***
---------------------------------------------
The XML standard defines a concept of an external entites. XXE (XML eXternal Entity) attack is an attack on an application that parses XML input from untrusted sources using incorrectly configured XML parser. The application may be forced to open arbitrary files and/or network resources. Exploiting XXE issues on PHP applications may also lead to denial of service or in some cases (for example, when an 'expect' PHP module is installed) lead to command execution.
---------------------------------------------
https://blogs.securiteam.com/index.php/archives/2550
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 10-08-2015 18:00 − Dienstag 11-08-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Beliebige SSL-Zertifikate durch Missbrauch der Uralt-Internettechnik BGP ***
---------------------------------------------
Das für das globale Internet unabdingbare Border Gateway Protocol (BGP) lässt sich leicht manipulieren. Ein Hacker beschrieb auf der Black Hat, wie man darüber gültige SSL-Zertifikate für beliebige Domains ausstellen lassen kann.
---------------------------------------------
http://heise.de/-2774454
*** Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=36968
*** Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=33996
*** CVE-2015-2419 - Internet Explorer Double-Free in Angler EK ***
---------------------------------------------
The Angler Exploit Kit (EK) recently added support for an Internet Explorer (IE) vulnerability (CVE-2015-2419) that was patched in July 2015. Quickly exploiting recently patched vulnerabilities is standard for Angler EK authors, but the target has been Adobe Flash Player since the ..
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/08/cve-2015-2419_inte.html
*** The Italian Connection: An analysis of exploit supply chains and digital quartermasters ***
---------------------------------------------
On July 5, 2015 an unknown hacker publicly announced on Twitter that he had breached the internal network of Hacking Team - an Italian pentesting company known ..
---------------------------------------------
http://blog.shadowserver.org/2015/08/10/the-italian-connection-an-analysis-…
*** QNAP Turbo NAS Series Devices Multiple Flaws Let Remote Users Conduct Cross-Site Scripting Attacks, Traverse the Directory, Execute Arbitrary Code, and Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1033224
*** QNAP Logging Error Lets Local Users Obtain Disk Encryption Keys ***
---------------------------------------------
http://www.securitytracker.com/id/1033223
*** Internal modem can be exploited by malware to gain persistence ***
---------------------------------------------
Two security experts at the last Def Con hacking conference have demonstrated how Internal LTE/3G modems can be hacked to help malware survive OS reinstalls Many users totally ignore that LTE/3G modems built into new business laptops and ..
---------------------------------------------
http://securityaffairs.co/wordpress/39252/hacking/internal-modem-hacking.ht…
*** Who's Behind Your Proxy? Uncovering Bunitu's Secrets ***
---------------------------------------------
In our previous analysis we showed how the Bunitu Trojan was distributed via the Neutrino exploit kit in various malvertising campaigns. After spending more time analyzing ..
---------------------------------------------
https://blog.malwarebytes.org/botnets/2015/08/whos-behind-your-proxy-uncove…
*** Watch out for Costly Mobile Ads ***
---------------------------------------------
There are lots of ways you can have a bad hair day with a mobile device - a rogue app from the Play Store, a dubious file from a non-official source or even a phish attack which takes advantage of a mobile's smaller screen size. A less annoying issue is pop-ups, adverts ..
---------------------------------------------
https://blog.malwarebytes.org/online-security/2015/08/watch-out-for-costly-…
*** Tanksysteme ungeschützt im Netz: Leichte Beute für Hacker ***
---------------------------------------------
Bankomatkassen an Zapfsäulen wurden bereits zum Ziel von Hackerangriffen, um Daten zu stehlen. Doch Tankstellen könnten von Kriminellen im Internet auch für weitaus gefährlichere Attacken ins Visier genommen werden. Das Forscherteam von Rapid7 fand laut "Wired" ..
---------------------------------------------
http://derstandard.at/2000020547838
*** Vulnerabilities iframe <= 3.0 ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8150https://wpvulndb.com/vulnerabilities/8149
*** Threat Group-3390 Targets Organizations for Cyberespionage ***
---------------------------------------------
Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers investigated activities associated with Threat Group-3390[1] (TG-3390). Analysis of TG-3390s operations, targeting, and tools led CTU researchers to assess with moderate confidence ..
---------------------------------------------
http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3…
*** Instant KARMA Might Still Get You ***
---------------------------------------------
About a year ago, I started looking into Android applications that arent validating SSL certificates. Users of these applications could be at risk if they fall victim to a man-in-the-middle (MITM) attack. Earlier this year, I also wrote about ..
---------------------------------------------
https://insights.sei.cmu.edu/cert/2015/08/instant-karma-might-still-get-you…
*** Dynamic DNS Security and Potential Threats ***
---------------------------------------------
Recently I began to notice a trend that Dynamic DNS providers have been repeatedly abused as a part of malware campaigns. How is dynamic DNS a threat to your enterprise? What can be done to mitigate this threat? Before we answer these questions, ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/dynamic-dns-security-a…
*** Another Android hole: "OCtoRuTA" - One (Java) Class to Rule Them All ***
---------------------------------------------
Yet another large-scale vulnerability has been revealed in Android. This one lets an otherwise innocent-looking app go rogue, and enjoy privileges normally limited to the trusted parts of Android.
---------------------------------------------
https://nakedsecurity.sophos.com/2015/08/11/another-android-hole-octoruta-o…
*** Kali Linux 2.0 Released ***
---------------------------------------------
We're still buzzing and recovering from the Black Hat and DEF CON conferences where we finished presenting our new Kali Linux Dojo, which was a blast. With the help of a few good people, the Dojo rooms were set up ready for the masses - where many ..
---------------------------------------------
https://www.kali.org/releases/kali-linux-20-released/
*** Security Updates Available for Adobe Flash Player (APSB15-19) ***
---------------------------------------------
A security bulletin (APSB15-19) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1254
*** Mobilfunkdaten bei Facebook massenhaft auslesbar ***
---------------------------------------------
Einem Entwickler ist es gelungen, mit einem kleinen Skript binnen weniger Minuten zahlreiche Mobilfunknummern von Nutzern über Facebook abzufragen. Sicherheitsexperten drängen auf eine andere Voreinstellung.
---------------------------------------------
http://heise.de/-2776623
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 07-08-2015 18:00 − Montag 10-08-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Tech Firm Ubiquiti Suffers $46M Cyberheist ***
---------------------------------------------
Networking firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole $46.7 million using an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers.
---------------------------------------------
http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheis…
*** Welcome to The Internet of Compromised Things ***
---------------------------------------------
This post is a bit of a public service announcement, so Ill get right to the point: Every time you use WiFi, ask yourself: could I be connecting to the Internet through a compromised router with malware?Its becoming more and ..
---------------------------------------------
http://blog.codinghorror.com/welcome-to-the-internet-of-compromised-things/
*** Black Hat: Schadsoftware per Windows-Update mit WSUS ***
---------------------------------------------
Zwei Sicherheitsforscher demonstrierten auf der Black-Hat-Konferenz, wie sich die Windows Server Update Services (WSUS) zum Verteilen von gefälschten Windows-Updates in einem Unternehmensnetz benutzen lassen. Es gibt jedoch ein schlichtes Gegenmittel.
---------------------------------------------
http://heise.de/-2775156
*** Black Hat: SMM weiterhin grosses Einfallstor ***
---------------------------------------------
Ein Computerwissenschaftler zeigt ein Scheunentor, das schon zwanzig Jahre offen steht.
---------------------------------------------
http://heise.de/-2775248
*** RIG Reloaded - Examining the Architecture of RIG Exploit Kit 3.0 ***
---------------------------------------------
A few months ago the RIG exploit kit took quite a hit when its source code was leaked by a disgruntled reseller. At the time we wrote a blog post detailing the inner workings of RIGs infrastructure and business model,...
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/RIG-Reloaded---Examining-the…
*** Stagefright: Online-Ganoven tarnen Android-Trojaner als Sicherheitsupdate ***
---------------------------------------------
Während die meisten Hersteller keine oder wenige Firmware-Updates anbieten, die vor den gefährlichen Stagefright-Lücken schützen, können Online-Abzocker vermeintlich schon liefern. Es handelt sich dabei allerdings um einen Trojaner.
---------------------------------------------
http://heise.de/-2775388
*** WP Statistics <= 9.5.1 - Referer Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8145
*** Stagefright: Motorola verspricht umfassende Updates ***
---------------------------------------------
Auch wenn es bisher noch keine Hinweise auf entsprechende Angriffe gibt – die vor zwei Wochen bekannt gewordenen Sicherheitslücken im Media Framework Stagefright haben ordentlich Bewegung in die Android-Welt gebracht. Nach Google, LG und Samsung meldet sich mit Motorola nun der nächste Hersteller zu Wort – und verspricht umfassende Updates.
---------------------------------------------
http://derstandard.at/2000020502273
*** Data, Technologies and Security - Part 1 ***
---------------------------------------------
A lot of technologies present themselves as solutions for multiple challenges. At BinaryEdge, we are big adepts of analyzing all the different technologies until we see what correctly adapts and fits our environment. From a security ..
---------------------------------------------
http://blog.binaryedge.io/2015/08/10/data-technologies-and-security-part-1/
*** What's Next in Malware After Kuluoz? ***
---------------------------------------------
Regular readers of this blog have heard all about the infamous Kuluoz malware. This family was the latest evolution of the Asprox malware and at its peak in 2014 it accounted for 80% of ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/08/whats-next-in-malware-af…
*** Getting in with the Proxmark 3 and ProxBrute ***
---------------------------------------------
As a member of the Physical Security team here at SpiderLabs, some of my job responsibilities include getting into a facility by any (non-destructive) means necessary. When a client has decided once and for all that theyve trained their guards and fortified the gates, its time to test those defenses to measure just how resilient they actually are to an attack. And thats where we come in.
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Getting-in-with-the-Pro…
*** Google Analytics by Yoast <= 5.4.4 - Authenticated Stored Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8147
*** Mass Dark Web Scanning With PunkSPIDER ***
---------------------------------------------
A while back we did some work in scanning Tor hidden services for vulnerabilities (read about it here - btw I love this article for its use of dark web and explaining that the term is highly disputed). Basically, if you dont want to read it, we did a massive scan of the Tor network for web app vulnerabilities as part of our ..
---------------------------------------------
http://alex.hyperiongray.com/posts/289994-scanning-the-dark-web
*** Stagefright Vulnerability Disclosure ***
---------------------------------------------
StageFright which handles multiple media formats, is a system service for Android. This service is implemented by Native C++. The following diagram shows how media applications interact with ..
---------------------------------------------
http://translate.wooyun.io/2015/08/08/Stagefright-Vulnerability-Disclosure.…
*** Darkhotel APT Latest to Use Hacking Team Zero Day ***
---------------------------------------------
The Darkhotel APT gang has extended its geographic reach to victims in a host of additional countries, and has added to its cache of zero days with its use of a HackingTeam exploit for a Flash zero-day vulnerability.
---------------------------------------------
http://threatpost.com/darkhotel-apt-latest-to-use-hacking-team-zero-day/114…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 06-08-2015 18:00 − Freitag 07-08-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Updated DGA Changer Malware Generates Fake Domain Stream ***
---------------------------------------------
Researchers at Seculert have discovered the latest twist to DGA Changer, which now is able to generate a fake stream of domains if it detects it's being executed in a virtual machine.
---------------------------------------------
http://threatpost.com/updated-dga-changer-malware-generates-fake-domain-str…
*** BLEKey Device Breaks RFID Physical Access Controls ***
---------------------------------------------
A device called BEKey which is the size of a quarter and can be installed in 60 seconds on a proximity card reader could potentially be used to break physical access controls in 80 percent of deployments.
---------------------------------------------
http://threatpost.com/blekey-device-breaks-rfid-physical-access-controls/11…
*** BIND Denial of Service Vulnerability Blamed on Windows 2000 Compatibility Code ***
---------------------------------------------
The BIND implementation of the Domain Name System (DNS) is a critical part of the infrastructure of the Internet. For example, almost all of the 13 root name servers use BIND. On July 28 a vulnerability was published in BIND that could be anonymously exploited by an attacker. To crash the server, all an attacker would have to...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OQsKsP-w1DU/
*** Schwachstelle: Certifi-Gate erlaubt Zertifikatsmissbrauch unter Android ***
---------------------------------------------
Bösartige Apps können in Android legitime Zertifikate nutzen, um erhöhte Rechte zu erhalten. Die Entdecker der Schwachstelle haben dieser den Namen Certifi-Gate gegeben. Google bestätigt die Lücke, betont aber, dass Apps im Play Store auf ein solches Missbrauchspotential überprüft würden.
---------------------------------------------
http://www.golem.de/news/schwachstelle-certifi-gate-erlaubt-zertifikatsmiss…
*** HTTPS: BGP-Angriff gefährdet TLS-Zertifikatssystem ***
---------------------------------------------
Auf der Black Hat weisen Sicherheitsforscher auf ein Problem mit TLS-Zertifizierungsstellen hin: Die Prüfung, wem eine Domain gehört, findet über ein ungesichertes Netz statt. Dieser Weg ist angreifbar - beispielsweise mittels des Routingprotokolls BGP.
---------------------------------------------
http://www.golem.de/news/https-bgp-angriff-gefaehrdet-tls-zertifikatssystem…
*** Kryptographie: Rechenfehler mit großen Zahlen ***
---------------------------------------------
Kryptographische Algorithmen benötigen oft Berechnungen mit großen Ganzzahlen. Immer wieder werden Fehler in den entsprechenden Bibliotheken gefunden. Diese können zu Sicherheitslücken werden.
---------------------------------------------
http://www.golem.de/news/kryptographie-rechenfehler-mit-grossen-zahlen-1508…
*** Zwölf Sicherheitslücken in PHP geschlossen, Support für Version 5.5 ausgelaufen ***
---------------------------------------------
Das PHP-Entwickerteam hat seinen Interpreter sicherer gemacht und weist darauf hin, dass der Support für Version 5.5 vor kurzem abgelaufen ist. Wer kann, sollte auf Version 5.6 umsteigen.
---------------------------------------------
http://heise.de/-2774343
*** The GasPot experiment: Hackers target gas tanks ***
---------------------------------------------
Physically tampering with gasoline tanks is dangerous enough, given how volatile gas can be. Altering a fuel gauge can cause a tank to overflow, and a simple spark can set everything ablaze. But imagi...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/5bYYfndJK74/secworld.php
*** Auto-Hacking: Gehackte Teslas lassen sich bei voller Fahrt ausschalten ***
---------------------------------------------
Insgesamt sechs Lücken haben IT-Sicherheitsforscher in der Software der Automobile von Tesla entdeckt. Über sie gelang es ihnen, die Kontrolle über das Fahrzeug zu übernehmen.
---------------------------------------------
http://www.golem.de/news/auto-hacking-gehackte-teslas-lassen-sich-bei-volle…
*** Firefox exploit found in the wild ***
---------------------------------------------
Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1. https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
---------------------------------------------
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-w…
*** CrackLord: Gratis-Tool zum Steuern von Cracking-Clustern ***
---------------------------------------------
Forscher haben mit CrackLord eine Open-Source-Software vorgestellt, die CPU-/GPU-Cluster zum Cracken von Passwörtern ansteuert und Aufgaben verwaltet und verteilt.
---------------------------------------------
http://heise.de/-2774582
*** Scada-Sicherheit: Siemens-PLC wird zum Einbruchswerkzeug ***
---------------------------------------------
Über die oftmals frei aus dem Internet zugänglichen Programmable Logic Controller (PLC) zum Steuern von Scada-Systemen können Angreifer Scanner zum Spionieren in Industrie-Systeme schmuggeln. Die dafür nötige Software steht frei zum Download.
---------------------------------------------
http://heise.de/-2774812
*** Citrix XenServer Security Update for CVE-2015-5154 ***
---------------------------------------------
A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to compromise the host ...
---------------------------------------------
http://support.citrix.com/article/CTX201593
*** USN-2706-1: OpenJDK 6 vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-2706-16th August, 2015openjdk-6 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTSSummarySeveral security issues were fixed in OpenJDK 6.Software description openjdk-6 - Open Source Java implementation DetailsSeveral vulnerabilities were discovered in the OpenJDK JRE related toinformation disclosure, data integrity, and availability. An attackercould exploit these to cause a denial of service or expose sensitivedata...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2706-1/
*** Security Advisory: Java SE vulnerabilities CVE-2015-2590 and CVE-2015-4732 ***
---------------------------------------------
(SOL17079)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/17000/000/sol17079.htm…
*** DSA-3329 linux - security update ***
---------------------------------------------
Several vulnerabilities have been discovered in the Linux kernelthat may lead to a privilege escalation, denial of service orinformation leak.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3329
*** Apache Subversion Bugs Let Remote Users Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1033215
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: A Security Vulnerability, exists in the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software (CVE-2015-1835) ***
http://www.ibm.com/support/docview.wss?uid=swg21962128
*** IBM Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM Security Identity Governance ***
http://www.ibm.com/support/docview.wss?rs=0&uid=swg21963438
*** IBM Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects the IBM FlashSystem V840 (CVE 2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005344
*** IBM Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects the IBM FlashSystem 840 (CVE 2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005339
*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21960191
*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tivoli Monitoring (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21962739
*** IBM Security Bulletin: A vulnerability in Open Source Struts affects the IBM FlashSystem 840 (CVE 2015-1831) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005329
*** IBM Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem V840 (CVEs 2015-0204, 2015-0488, and 2015-1916) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005328
*** IBM Security Bulletin: A vulnerability in Open Source Struts affect the IBM FlashSystem V840 (CVE 2015-1831) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005331
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-0488, CVE-2015-0478, CVE-2015-1916) ***
http://www.ibm.com/support/docview.wss?uid=swg21883959
*** IBM Security Bulletin: Multiple vulnerabilities in the unzip utility affect IBM Security Access Manager for Mobile. ***
http://www.ibm.com/support/docview.wss?uid=swg21963158
*** IBM Security Bulletin: Multiple vulnerability in Product IBM Tivoli Common Reporting(CVE-2015-0488, CVE-2015-0478, CVE-2015-2808, CVE-2015-1916, CVE-2014-0227, CVE-2015-0209 , CVE-2015-0286 , CVE-2015-0289) ***
http://www.ibm.com/support/docview.wss?uid=swg21963024
*** IBM Security Bulletin: A vulnerability in Open Source OpenSSL affects the IBM FlashSystem 840 (CVE 2015-0286) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005341
*** IBM Security Bulletin: Vulnerability in Open Source Apache Tomcat affect the IBM FlashSystem V840, (CVE-2014-0227) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005204
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 05-08-2015 18:00 − Donnerstag 06-08-2015 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Jetzt Android-Geräte auf Stagefright-Lücken testen! ***
---------------------------------------------
Mit einer kostenlosen App kann man überprüfen, ob die eigenen Android-Geräte über die Stagefright-Lücken angreifbar sind.
---------------------------------------------
http://heise.de/-2773801
*** Stagefright-Sicherheitslücke: Elf Wege, ein Android-System zu übernehmen ***
---------------------------------------------
Auf der Black-Hat-Konferenz hat Joshua Drake die Hintergründe zu den Stagefright-Sicherheitslücken erläutert. Über mindestens elf verschiedene Wege lässt sich ein Android-System seinem Vortrag zufolge angreifen. Fortschritte gibt es bei den Android-Updates. (Android, Firefox)
---------------------------------------------
http://www.golem.de/news/stagefright-sicherheitsluecke-elf-wege-ein-android…
*** APT Group Gets Selective About Data it Steals ***
---------------------------------------------
Dell SecureWorks researchers today at Black Hat released a new report on Emissary Panda, or TG-3390, a China-sponsored APT gang that has refined the types of data it covets.
---------------------------------------------
http://threatpost.com/apt-group-gets-selective-about-data-it-steals/114103
*** Inside the $100M 'Business Club' Crime Gang ***
---------------------------------------------
New research into a notorious Eastern European organized cybercrime gang accused of stealing than $100 million from banks and businesses worldwide provides an unprecedented, behind-the-scenes look at an exclusive "business club" that dabbled in cyber espionage and worked closely with phantom Chinese firms on Russias far eastern border.
---------------------------------------------
http://www.krebsonsecurity.com/2015/08/inside-the-100m-business-club-crime-…
*** Corporate networks can be compromised via Windows Updates ***
---------------------------------------------
Yesterday at Black Hat USA 2015, researchers from UK-based Context Information Security demonstrated how Windows Update can be abused for internal attacks on corporate networks by exploiting insecurely configured enterprise implementations of Windows Server Update Services (WSUS).
---------------------------------------------
http://www.net-security.org/secworld.php?id=18725
*** Exploit-Kit Rig: Verbrechen lohnt sich wieder ***
---------------------------------------------
Vor einigen Monaten wurde der Quellcode des Exploit-Kits RIG 2.0 veröffentlicht; damit war der Shooting-Star der Crimeware-Szene erstmal aus dem Rennen. Jetzt sind die Entwickler mit einer Version 3.0 zurück - und verdienen besser denn je.
---------------------------------------------
http://heise.de/-2772951
*** How Scammers Abuse Our Brains ***
---------------------------------------------
Your brain is awesome. We're not just flattering you, it's true. It's also true of the guy sat next to you, the woman across the street, even your kid cousin who still thinks that flicking boogers is the height of hilarity. Each one of us is blessed with a brain that has unparalleled amounts of storage, and ferocious processing power. That said, our minds are still finite. The amount of information we can attend to at a given moment is limited.
---------------------------------------------
https://blog.team-cymru.org/2015/08/how-scammers-abuse-our-brains/
*** Bugtraq: Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows ***
---------------------------------------------
the just released latest version 5.0.0.5 of LibreOffice.org for Windows
distributes (once again) a completely outdated and vulnerable MSVC++
runtime.
---------------------------------------------
http://www.securityfocus.com/archive/1/536144
*** Nicholas Weaver on iPhone Security ***
---------------------------------------------
Excellent essay: Yes, an iPhone configured with a proper password has enough protection that, turned off, Id be willing to hand mine over to the DGSE, NSA, or Chinese. But many (perhaps most) users dont configure their phones right. Beyond just waiting for the suspect to unlock his phone, most people either use a weak 4-digit passcode ...
---------------------------------------------
https://www.schneier.com/blog/archives/2015/08/nicholas_weaver_1.html
*** Sigcheck and virustotal-search, (Thu, Aug 6th) ***
---------------------------------------------
In my last diary entry I mentioned offline use of Sysinternal tools with my tool virustotal-search. So you want to use sigcheck but you cant connect the machine to the Internet. Then you can use sigchecks option -h to calculate cryptographic hashes of the files it checks, and option -c to produce a CSV output (-ct for CSV with a tab separator). If you want, you can limit sigcheck" /> To extract a unique list of MD5 hashes, you can use this pipe of awk, tail, sed and sort ...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20009&rss
*** How Social Engineering Security Awareness Stops 3 Common Scams ***
---------------------------------------------
Social engineering, in the context of information security, refers to the use of psychological manipulation to trick people into divulging sensitive information (information gathering) or performing actions (fraud/unauthorized system access). It is a non-technical confidence scam that resembles a very elaborate plan that consists of several stages (See the Typical Phases part).
---------------------------------------------
http://resources.infosecinstitute.com/how-social-engineering-security-aware…
*** Sick of Flash security holes? HTML5 has its own ***
---------------------------------------------
HTML5 has been billed as the natural, standards-based successor to proprietary plug-ins such as Adobes Flash Player for providing rich multimedia services on the Web. But when it comes to security, one of Flashs major weaknesses, HTML5 is no panacea.In fact, HTML5 has security issues of its own. Julien Bellanger, CEO of application security monitoring firm Prevoty, says HTML5 makes security more complex, not simpler. HTML5 security has been a question mark for years, and it has not improved
---------------------------------------------
http://www.csoonline.com/article/2960695/application-security/sick-of-flash…
*** 'Funtenna' software hack turns a laser printer into a covert radio ***
---------------------------------------------
Researcher demonstrates how attacker could exfiltrate data over airwaves.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/RCktE3iPj7M/
*** Black Hat: Sicherheitsforscher klonen verschlüsselte SIM-Karten ***
---------------------------------------------
Die Verschlüsselung via AES 256 gilt auch langfristig als sicher. Im Zuge eines Angriffes über Bande wurden nun derartig verschlüsselte SIM-Karten in wenigen Minuten geknackt.
---------------------------------------------
http://heise.de/-2773751
*** Bugtraq: [security bulletin] HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information ***
---------------------------------------------
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running
OpenSSL with SSL/TLS enabled.
This is the TLS vulnerability using US export-grade 512-bit keys in
Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information.
---------------------------------------------
http://www.securityfocus.com/archive/1/536142
*** FreeBSD patch(1) Lets Remote Users Execute Arbitrary Commands on the Target System ***
---------------------------------------------
A vulnerability was reported in FreeBSD patch(1). A remote user can cause arbitrary commands to be executed on the target system.
The patch(1) utility does not properly sanitize the input patch stream. A remote user can create a specially crafted patch file that, when processed by the target user via patch(1), will run ed(1) commands (in addition to running valid version control system commands) with the privileges of the target user.
---------------------------------------------
http://www.securitytracker.com/id/1033188
*** FreeBSD routed(8) RIP Query Processing Flaw Lets Remote Users Cause the Target Service to Crash ***
---------------------------------------------
A remote user on a network that is not directly connected to the target system's network can send a specially crafted routing information protocol (RIP) query to trigger a flaw in the target routed(8) daemon and cause the daemon to crash. As a result, the target system's routing table will no longer be updated.
Systems with the routed(8) daemon enabled are affected.
---------------------------------------------
http://www.securitytracker.com/id/1033185
*** Security Notice - Statement on the UAP2015 Vulnerability Mentioned at the BlackHat USA Conference ***
---------------------------------------------
The investigation is still ongoing. Huawei PSIRT will keep updating the SN and will give the related views as soon as possible. Please stay tuned.
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 04-08-2015 18:00 − Mittwoch 05-08-2015 18:00
Handler: n/a
Co-Handler: n/a
*** Nuclear EK traffic patterns in August 2015, (Wed, Aug 5th) ***
---------------------------------------------
Introduction About two weeks ago, Nuclear exploit kit (EK)changed its URL patterns. Now it looks a bit likeAngler EK. Kafeine originally announced the change on 2015-07-21 [1], and we collected examples the next day. Heres how Nuclear EK looked on" /> Here" /> Now that were into August 2015,URL patterns for Nuclear EK have altered again. These changes are similar to weve seen withAngler EK since June 2015 [3]. Theyre not the same URL patternsas Angler, but the changes are...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20001&rss
*** Wait, what? TrueCrypt decrypted by FBI to nail doc-stealing sysadmin ***
---------------------------------------------
Do the Feds know something we dont about crypto-tool? Or did bloke squeal his password? Discontinued on-the-fly disk encryption utility TrueCrypt was unable to keep out the FBI in the case of a US government techie who stole copies of classified military documents. How the Feds broke into the IT bods encrypted TrueCrypt partition isnt clear.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/truecrypt_d…
*** WordPress-Update schließt sechs Sicherheitslücken ***
---------------------------------------------
Die Version 4.2.4 des Content-Management-Systems behebt unter anderem eine SQL-Injection-Lücke, durch die Angreifer die Installation übernehmen können.
---------------------------------------------
http://heise.de/-2771541
*** Man-In-The-Cloud Owns Your DropBox, Google Drive -- Sans Malware ***
---------------------------------------------
Using no malware or stolen passwords, new attack can compromise your cloud synch services and make your good files malicious.
---------------------------------------------
http://www.darkreading.com/cloud/man-in-the-cloud-owns-your-dropbox-google-…
*** Email Security Awareness: How To Get Quick Results ***
---------------------------------------------
Phishing and Spear phishing attacks on the rise Phishing and spear phishing attacks are the most effective attack vectors. Despite the high level of awareness of the cyber threats, bad actors still consider email their privileged attack vector. According to the security experts at Trend Micro firm, spear phishing is the attack method used in...
---------------------------------------------
http://resources.infosecinstitute.com/email-security-awareness-how-to-get-q…
*** Finding Vulnerabilities in Core WordPress: A Bug Hunter's Trilogy, Part I ***
---------------------------------------------
In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts - describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only "Subscriber" user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web...
---------------------------------------------
http://blog.checkpoint.com/2015/08/04/wordpress-vulnerabilities-1/
*** Android-Schwachstelle: Telekom schaltet wegen Stagefright-Exploits direktes MMS ab ***
---------------------------------------------
MMS-Nutzer müssen wegen einer Android-Schwachstelle auf die direkte Zustellung verzichten. Die Telekom will so ihre Kunden schützen.
---------------------------------------------
http://www.golem.de/news/android-schwachstelle-telekom-schaltet-wegen-stage…
*** MVEL as an attack vector ***
---------------------------------------------
Java-based expression languages provide significant flexibility when using middleware products such as Business Rules Management System (BRMS). This flexibility comes at a price as there are significant security concerns in their use. In this article MVEL is used in JBoss...
---------------------------------------------
https://securityblog.redhat.com/2015/08/05/mvel-as-an-attack-vector/
*** Root-Exploit: Apple bereitet offenbar Patch mit MacOS 10.10.5 vor ***
---------------------------------------------
Der Mac-Hersteller setzt einem Bericht zufolge zunächst auf verschiedene Maßnahmen, um die Ausnutzung einer Rechteausweitungslücke zur Malware-Installation zu erschweren. Das ausstehende Update auf OS X 10.10.5 soll die Schwachstelle dann beseitigen.
---------------------------------------------
http://heise.de/-2772715
*** Bugtraq: [SECURITY] [DSA 3328-2] wordpress regression update ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536135
*** Apple OS X DYLD_PRINT_TO_FILE Environment Variable Validation Flaw Lets Local Users Obtain Root Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1033177
*** [2015-08-05] Websense Content Gateway stack buffer overflow in handle_debug_network ***
---------------------------------------------
A stack-based buffer overflow was identified in the Websense Content Manager administrative interface, which allows execution of arbitrary code.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2015…
*** Security Advisory - CF Card Information Leak Vulnerability on Multiple Huawei Products ***
---------------------------------------------
The CF cards on some Huawei switches contain some sensitive information in plaintext. Once an attacker gets such a CF card, it may result in the leak of sensitive information (HWPSIRT-2015-07048).
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
*** Security_Advisory-Two Security Vulnerabilities in the ME906 Wireless Module ***
---------------------------------------------
The upgrade package of the ME906 wireless module contains the hash values of the root account and password. An attacker can obtain the password of the root account through reverse cracking, connect to the serial port of the wireless module, and enter the root account and password to log in to the operating system of the module. (HWPSIRT-2015-02009) | This module implements upgrade check using CRC16, which is insecure. Much study is done for reversely cracking this algorithm. (HWPSIRT-2015-06032)
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 03-08-2015 18:00 − Dienstag 04-08-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Thunderstrike 2: Mac-Firmware-Wurm soll sich über Thunderbolt-Adapter verbreiten ***
---------------------------------------------
Weitere EFI-Schwachstellen ermöglichen nach Angabe von Sicherheitsforschern die Modifikation der Firmware mobiler Macs. Ein Angreifer könne dadurch einen Schädling einschleusen, der sich über Thunderbolt-Adapter und Peripherie fortpflanzt.
---------------------------------------------
http://heise.de/-2767994
*** DYLD_PRINT_TO_FILE exploit found in the wild ***
---------------------------------------------
Last month, Stefan Esser blogged about a zero-day vulnerability in OS X, without having informed Apple about the problem first. Unfortunately, today has brought the discovery of the first known exploit. (Read more...)
---------------------------------------------
https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-…
*** Hackers use cartons with sticks, may be foiled by watermelons ***
---------------------------------------------
Translation from Russian hack-slang: Credit card, PayPal and secure server Gaining an invite to the best of the nearly 60 websites powering the cybercrime underground is only half the fight for researchers; they also need to know that credit cards are called cartons, PayPal a stick, and bulletproof servers watermelons.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/russian_cyb…
*** Android-Schwachstelle: Stagefright-Exploits wohl bald aktiv ***
---------------------------------------------
Erste Nachweise, dass die wohl gravierende Sicherheitslücke in Android ausnutzbar ist, sind bereits im Umlauf. Patches gibt es bereits für Android und Cynanogenmod. Bis die Hersteller sie bereitstellen, könnte Stagefright aber millionenfach missbraucht worden sein.
---------------------------------------------
http://www.golem.de/news/android-schwachstelle-stagefright-exploits-wohl-ba…
*** Android MediaServer Bug Traps Phones in Endless Reboots ***
---------------------------------------------
We have discovered a new vulnerability that allows attackers to perform denial of service (DoS) attacks on Android's mediaserver program. This causes a device's system to reboot and drain all its battery life. In more a severe case, where a related malicious app is set to auto-start, the device can be trapped in an endless reboot...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/w1VZWbnfA4c/
*** Your Password is Too Damn Short ***
---------------------------------------------
Im a little tired of writing about passwords. But like taxes, email, and pinkeye, theyre not going away any time soon. Heres what I know to be true, and backed up by plenty of empirical data:
---------------------------------------------
http://blog.codinghorror.com/your-password-is-too-damn-short/
*** Yahoo! ads! caught! spreading! CryptoWall! ransomware! AGAIN! ***
---------------------------------------------
Unpatched Flash holes exploited to inject file-scrambling nasty Yahoo!s ad network is still being used to spread ransomware to Windows PCs a year after the last big outbreak.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/yahoo_malwa…
*** Open source tool for deploying SSL public key pinning in iOS, OS X apps ***
---------------------------------------------
At Black Hat USA 2015, Data Theorem and Yahoo! will be unveiling TrustKi, a new, open source security toolkit that helps developers easily include complex mobile security functionality, known as SSL p...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/jxmlYG4OZVA/secworld.php
*** Cybersecurity Policy and Threat Assessment for the Energy Sector ***
---------------------------------------------
INTRODUCTION: A wake-up call An HP Enterprise Security's 2014 Global Report on the Cost of Cyber Crime by the Ponemon Institute reveals some astounding aspects of the cyber-attacks on the energy utilities. First, these assets suffered the highest average annual losses from cybercrimes ($13, 2 million), closely followed by the losses caused by computer attacks...
---------------------------------------------
http://resources.infosecinstitute.com/cybersecurity-policy-and-threat-asses…
*** Symantec Endpoint Protection: Gefährlicher Sicherheitslücken-Cocktail ***
---------------------------------------------
Über verschiedene Schwachstellen in Symantecs End Point Protection 12.1 können sich Angreifer in Netzwerke schleichen, beliebigen Code und Befehle ausführen und anschließend ganze Systemverbunde kapern.
---------------------------------------------
http://heise.de/-2768461
*** MatrixSSL Tiny: A TLS software implementation for IoT devices ***
---------------------------------------------
INSIDE Secure announced the availability of MatrixSSL Tiny, the world's smallest Transport Layer Security (TLS) software implementation, to allow companies to affordably secure IoT devices with string...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/mnlQoZJr0zU/secworld.php
*** Bugtraq: Mozilla extensions: a security nightmare ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536133
*** WordPress 4.2.4 Security and Maintenance Release ***
---------------------------------------------
August 4, 2015 | WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise...
---------------------------------------------
https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance…
*** Security Advisory: Apache vulnerability CVE-2012-0053 ***
---------------------------------------------
(SOL15273)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/200/sol15273.htm…
*** DSA-3327 squid3 - security update ***
---------------------------------------------
Alex Rousskov of The Measurement Factory discovered that Squid3, a fullyfeatured web proxy cache, does not correctly handle CONNECT method peerresponses when configured with cache_peer and operating on explicitproxy traffic. This could allow remote clients to gain unrestrictedaccess through a gateway proxy to its backend proxy.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3327
*** SSA-504631 (Last Update 2015-08-04): Incorrect Certificate Validation in COMPAS Mobile App ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affected IBM Workflow for Bluemix July 2015 ***
http://www.ibm.com/support/docview.wss?uid=swg21963428
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791) ***
http://www.ibm.com/support/docview.wss?uid=swg21960633
*** IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities ***
http://www.ibm.com/support/docview.wss?uid=swg21962726
*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Rational ClearQuest(CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21962816
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2015-0488, CVE-2015-0478, CVE-2015-1916) ***
http://www.ibm.com/support/docview.wss?uid=swg21902824
*** IBM Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM MobileFirst Platform Foundation and IBM Worklight ***
http://www.ibm.com/support/docview.wss?uid=swg21961179
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 31-07-2015 18:00 − Montag 03-08-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** One font vulnerability to rule them all #1: Introducing the BLEND vulnerability ***
---------------------------------------------
Posted by Mateusz Jurczyk of Google Project ZeroLast month, I presented parts of my PostScript font security research at the REcon security conference in Montreal, in a talk titled "One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced exploitation". This talk discussed the exploitation process of a vulnerability found in the implementation of a BLEND Charstring instruction, discovered in a user-mode Adobe Reader's CoolType...
---------------------------------------------
http://googleprojectzero.blogspot.com/2015/07/one-font-vulnerability-to-rul…
*** Schwachstellen: Fernzugriff öffnet Autotüren ***
---------------------------------------------
Einem Hacker ist es gelungen, sich in die Software Onstar Remotelink des US-Autoherstellers General Motors einzuklinken. Damit lässt sich das Fahrzeug entriegeln und sogar starten. Wegfahren konnte er mit dem gehackten Fahrzeug aber nicht.
---------------------------------------------
http://www.golem.de/news/schwachstellen-fernzugriff-oeffnet-autotueren-1508…
*** Angriff auf Dell-Firmware nach Tiefschlaf ***
---------------------------------------------
Nach dem Aufwachen aus dem Standby vergisst die Firmware einiger Dell-Rechner, sich selbst vor Schreibzugriffen zu schützen. So könnten Angreifer Schadcode in die Firmware schleusen.
---------------------------------------------
http://heise.de/-2766940
*** Sicherheitslücken im Android-Multimedia-System eskalieren ***
---------------------------------------------
Die Schwachstellen im Multimedia-System sind gefährlicher als zuerst vermutet: Mit manipulierten MP4-Videos könnten Angreifer Kontrolle übers Smartphone erlangen.
---------------------------------------------
http://heise.de/-2766925
*** Your Security Policy Is So Lame, (Sun, Aug 2nd) ***
---------------------------------------------
Every person should avoid lame security policies because of the lack of clarity they leave behind. Often times we find ourselves forced into creating security policies due to compliance requirements. Is there a way to lean into this requirement and get value beyond the checkbox? I certainly think so and would like to share some ideas on how you can do this as well. ">I personally avoided being the policy guy">">The following are several tips and tricks you can use to
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19991&rss
*** Microsoft Windows 10 spies on you by default ***
---------------------------------------------
While Microsoft is offering for free it new Windows 10 OS, security experts argue that the cost for user privacy is much higher. Microsoft Windows 10 is the new operating system of the IT giant, the newborn already reached more than 14 million downloads in just two days. The experts who have already analyzed Windows 10...
---------------------------------------------
http://securityaffairs.co/wordpress/39042/digital-id/windows-10-privacy.html
*** BIND9 - Denial of Service Exploit in the Wild ***
---------------------------------------------
BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and is used by most DNS providers. A week ago, the Internet Systems Consortium (ISC) team released a patch for a serious denial of service vulnerability (CVE-2015-5477) that allows a remote...
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/RmxRTNcW95o/bind9-denial-of-s…
*** Chrome extensions crocked with simple attack ***
---------------------------------------------
Security-enhancer HTTPS Everywhere switched off with this one weird trick Detectify researcher Mathias Karlsson says attackers can remove Google Chrome extensions, including the popular HTTPS Everywhere extension, if users do nothing else but visit a web page.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/03/detectify_d…
*** Hijacking Satellite Communications with a $1,000 Device ***
---------------------------------------------
A security researcher demonstrated how to hack a satellite tracking technology with a $1,000 device made of off the shelf components. Colby Moore, a security expert from security firm Synack, will present in a talk at the next Black Hat Conference how to hack satellite tracking technology by using a $1,000 device made of off...
---------------------------------------------
http://securityaffairs.co/wordpress/39051/digital-id/hijacking-satellite-co…
*** Researchers Create First Firmware Worm That Attacks Macs ***
---------------------------------------------
The common wisdom is that Apple computers are more secure than PCs. It turns out this isnt true.
---------------------------------------------
http://www.wired.com/2015/08/researchers-create-first-firmware-worm-attacks…
*** Anonymisierung: Weiterer Angriff auf das Tor-Netzwerk beschrieben ***
---------------------------------------------
Forscher haben eine weitere Möglichkeit entdeckt, Benutzerzugriffe auf Tors Hidden Services zu entlarven. Ihr Angriff benötige aber eine gehörige Portion Glück, schreiben sie. Auch die Tor-Betreiber wiegeln ab.
---------------------------------------------
http://www.golem.de/news/anonymisierung-weiterer-angriff-auf-das-tor-netzwe…
*** Your SSH Server On Port 8080 Is No Longer "Hidden" Or "Safe", (Mon, Aug 3rd) ***
---------------------------------------------
I am seeing some scanning for SSH servers on port 8080 in web server logs for web servers that listen on this port. So far, I dont see any scans like this for web servers listening on port 80. In web server logs, the scan is reflected as an Invalid Method (error 501) as the web server only sees the banner provided by the SSHclient, and of course can not respond. For example: 222.186.21.180 - - [03/Aug/2015:08:31:55 +0000] SSH-2.0-libssh2_1.4.3 501 303 - - This IP address in this example is for...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19995&rss
*** Designing the Perfect Security Awareness Newsletter ***
---------------------------------------------
Even in smaller organizations, a regular security awareness newsletter can support effective, participative security. While your organization's editorial rules could be a creative break on a really great newsletter, the following tips can help you build up an effective one that will be welcomed by associates and be an asset to the organization's security. Do...
---------------------------------------------
http://resources.infosecinstitute.com/designing-the-perfect-security-awaren…
*** Windows 10 Upgrade Spam Carries CTB-Locker Ransomware ***
---------------------------------------------
Spam messages spoofing Microsoft and promising a free Windows 10 upgrade instead drop the CTB-Locker crypto-ransomware on compromised machines.
---------------------------------------------
http://threatpost.com/windows-10-upgrade-spam-carries-ctb-locker-ransomware…
*** Google Android Buffer Overflows in DHCP Let Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1033124
*** D-Link DCS-2103 1.20 CSRF / Cross Site Scripting ***
---------------------------------------------
Topic: D-Link DCS-2103 1.20 CSRF / Cross Site Scripting Risk: Medium Text:Hello list! There are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in D-Link DCS-2103 (IP camera). ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015080016
*** VU#360431: Chiyu Technology fingerprint access control contains multiple vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#360431 Chiyu Technology fingerprint access control contains multiple vulnerabilities Original Release date: 31 Jul 2015 | Last revised: 31 Jul 2015 Overview Multiple models of Chiyu Technology fingerprint access control devices contain a cross-site scripting (XSS) vulnerability and an authentication bypass vulnerability. Description CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - CVE-2015-2870According to the reporter, tags are...
---------------------------------------------
http://www.kb.cert.org/vuls/id/360431
*** Juniper Pulse Secure TCP Hardware Acceleration Flaw Lets Remote Users Access Data on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1033166
*** FortiSandbox WebUI Multiple XSS vulnerabilities ***
---------------------------------------------
Topic: FortiSandbox WebUI Multiple XSS vulnerabilities Risk: Low Text:[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/a...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015080004
*** DSA-3322 ruby-rack - security update ***
---------------------------------------------
Tomek Rabczak from the NCC Group discovered a flaw in thenormalize_params() method in Rack, a modular Ruby webserver interface.A remote attacker can use this flaw via specially crafted requests tocause a `SystemStackError` and potentially cause a denial of servicecondition for the service.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3322
*** DSA-3326 ghostscript - security update ***
---------------------------------------------
William Robinet and Stefan Cornelius discovered an integer overflow inGhostscript, the GPL PostScript/PDF interpreter, which may result indenial of service or potentially execution of arbitrary code if aspecially crafted file is opened.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3326
*** DSA-3325 apache2 - security update ***
---------------------------------------------
Several vulnerabilities have been found in the Apache HTTPD server.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3325
*** DSA-3323 icu - security update ***
---------------------------------------------
Several vulnerabilities were discovered in the International Componentsfor Unicode (ICU) library.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3323
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) - IBM Java SDK updates July 2015 ***
http://www.ibm.com/support/docview.wss?uid=swg21963354
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Intrusion Prevention System ***
http://www.ibm.com/support/docview.wss?uid=swg21962039
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web ***
http://www.ibm.com/support/docview.wss?uid=swg21963096
*** IBM Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects IBM Security Network Intrusion Prevention System (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21962045
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack (CVE-2015-0486 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-2808 ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022548
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry (CVE-2015-0486 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-2808 ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022550
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business ***
http://www.ibm.com/support/docview.wss?uid=swg21963126
*** IBM Security Bulletin: Multiple vulnerabilities in the unzip utility affect IBM Security Access Manager for Web ***
http://www.ibm.com/support/docview.wss?uid=swg21963094
*** IBM Security Bulletin: Vulnerabilities in unzip affect IBM Security Network Intrusion Prevention System (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, and CVE-2014-9636 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21962038
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 30-07-2015 18:00 − Freitag 31-07-2015 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** Derelict TrueCrypt Russia portal is command hub for Ukraine spying op ***
---------------------------------------------
Backdoored code slung at officials, journos etc Malware used to attack Ukrainian government, military, and major news agencies in the country, was distributed from the Russian portal of encryption utility TrueCrypt, new research has revealed.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/07/30/truecrypt_r…
*** Username Enumeration against OpenSSH-SELinux with CVE-2015-3238 ***
---------------------------------------------
I recently disclosed a low-risk vulnerability in Linux-PAM < 1.2.1 , which allows attackers to conduct username enumeration and denial of service attacks. Below I will provide more technical details about this vulnerability. The Past Time-based username enumeration is an...
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-ag…
*** Flash Threats: Not Just In The Browser ***
---------------------------------------------
July has been a fairly poor month for Adobe Flash Player security, to say the least. Three separate zero-day vulnerabilities (all courtesy of the Hacking Team dump) have left many people concerned about Flash security, with many (including this blog) calling for it to go away. Some sort of reaction from Adobe to improve Flash...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6YRcRVFMKYg/
*** Bundestags-Hack: Reparatur des Bundestagsnetzes soll vier Tage dauern ***
---------------------------------------------
Das Netzwerk des Bundetages soll zwischen dem 13. und 17. August 2015 neu aufgesetzt werden. In dieser Zeit wird es komplett abgeschaltet. Auch E-Mails können dann nicht mehr empfangen oder versendet werden.
---------------------------------------------
http://www.golem.de/news/bundestags-hack-reparatur-des-bundestagsnetzes-sol…
*** Compromised site serves Nuclear exploit kit together with fake BSOD ***
---------------------------------------------
Support scammers not lying about a malware infection for a change.During our work on the development of the VBWeb tests, which will be started soon, we came across an interesting case of an infected website that served not only the Nuclear exploit kit, but also a fake blue screen of death (BSOD) that attempted to trick the user into falling for a support scam.When a (legitimate) website includes (legitimate) advertisements, these ads themselves are rarely included in the HTML code. Rather, the...
---------------------------------------------
http://www.virusbtn.com/blog/2015/07_31.xml?rss
*** MMS Not the Only Attack Vector for "Stagefright" ***
---------------------------------------------
Earlier this week Zimperium zLabs revealed an Android vulnerability which could be used to install malware on a device via a simple multimedia message. This vulnerability, now known as Stagefright, has gained a lot of attention for the potential attacks it can cause. Stagefright makes it possible, for example, for an attacker to install a spyware app...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fiKsjboNusw/
*** Real World Ramifications of Cyber Attacks ***
---------------------------------------------
Warning: the following blog contains gratuitous use of sarcasm and hyperbole from the start. Reader discretion is advised. And so, ladies and gentlemen, it has finally happened. The Internet-of-Things has risen up, Skynet style, and we are doomed. This much prophesied event finally came to pass with reports of hackers disabling cars from miles away, and altering rifle trajectories. At last, it seems, the crossover has been made from the digital world to the physical one; the end is nigh. Then...
---------------------------------------------
https://blog.team-cymru.org/2015/07/real-world-ramifications-of-cyber-attac…
*** Symantec Endpoint Protection Multiple Issues ***
---------------------------------------------
Revisions None Severity CVSS2 Base Score ...
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se…
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Prime Central Hosted Collaboration Solution Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40214
*** Cisco IM and Presence Service Reflected Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40217
*** Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40175
*** Cisco Unified Communications Manager Prime Collaboration Deployment Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40223
*** Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Password Storage Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a password storage vulnerability in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
*** ZDI-15-372: IBM Tivoli Storage Manager FastBack Server Opcode 4755 Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/lONzWRepYUI/
*** ZDI-15-373: IBM Tivoli Storage Manager FastBack Server Opcode 1365 Files Restore Agents Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Np2gm5rVOXQ/
*** ZDI-15-374: IBM Tivoli Storage Manager FastBack Server Opcode 1365 Volumes Restore Agents Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/zJI4EVNVvMM/
*** ZDI-15-375: IBM Tivoli Storage Manager FastBack Server Opcode 4115 Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/x0uVs7pbpJo/
*** ZDI-15-376: IBM Tivoli Storage Manager FastBack Server Opcode 8192 Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/L9RNtcsUYnU/
*** More IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 29-07-2015 18:00 − Donnerstag 30-07-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Der Stagefright Bug ***
---------------------------------------------
Bald ist die Blackhat Konferenz in Vegas und der Schwachstellen-Zirkus rundherum ist im vollen Gange. Aktuell sind eine Reihe von Verwundbarkeiten in der Stagefright Library von Android groß im Gespräch. Was steckt da ..
---------------------------------------------
http://www.cert.at/services/blog/20150730175038-1560.html
*** Anatomy of a Scamware Network - MultiPlug ***
---------------------------------------------
While examining our cloud sandbox data recently, we uncovered a large MultiPlug network that caught our attention due to its use pattern of code signing certificates and the breadth of its hosting infrastructure. Overview of the Scamware ..
---------------------------------------------
http://research.zscaler.com/2015/07/anatomy-of-scamware-network-multiplug.h…
*** Tsar Team Microsoft Office Zero Day CVE-2015-2424 ***
---------------------------------------------
After the publication of Flash and IE zero days following the Hacking Team leak, researchers have discovered the use of another zero-day vulnerability by the Tsar Team sometimes ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Tsar-Team-Microsoft-Off…
*** Telefonanlage gehackt – 14.000 Euro Schaden für Firma in Oberwart ***
---------------------------------------------
Der Fall einer Firma, deren Telefonanlage von Unbekannten gehackt worden ist, beschäftigt Kriminalisten in Oberwart: Dem Unternehmer flatterten Rechnungen über insgesamt 14.000 Euro ins Haus. Wie der Schaden entstehen konnte, sei noch Gegenstand von Ermittlungen, teilte die Landespolizeidirektion Burgenland mit.
---------------------------------------------
http://derstandard.at/2000019966507
*** Android: Video-Attacke kann Geräte unbenutzbar machen ***
---------------------------------------------
Die Sicherheit von Googles mobilem Betriebssystem Android kommt einmal mehr unter Beschuss: Nur wenige Tage nachdem Zimperium vor mehreren Lücken im Media Framework Stagefright gewarnt hat, meldet sich nun auch Trend Micro zu Wort. In einem Blog-Eintrag warnt der Sicherheitsdienstleister vor zwei weiteren Fehlern in Stagefright, durch die ein Android-Gerät vorübergehend keinen Laut mehr von sich gibt. Auch reagiert ein solcherart angegriffenes Geräte kaum bis gar nicht mehr.
---------------------------------------------
http://derstandard.at/2000019966485
*** Windows 10 speichert Festplattenverschlüsselungs-Keys in der Cloud ***
---------------------------------------------
Mit Windows 10 steht seit kurzem die neueste Betriebssystemgeneration von Microsoft zur Verfügung. Die ersten Tests kommen zu überwiegende positiven Urteilen, und doch steht der Softwarehersteller nun einmal mehr in der Kritik – und zwar von Sicherheitsexperten.
---------------------------------------------
http://derstandard.at/2000019972950
*** Throwback Thursday: Riotous Assembly ***
---------------------------------------------
This Throwback Thursday, we turn the clock back to January 1994, shortly after Cyber Riot had emerged as the first virus capable of infecting the Windows kernel.Today, malware that affects the Windows kernel is ubiquitous - the ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/07_30.xml
*** Beginners Guide to "Use after free Exploits #IE 6 0-day #Exploit Development" ***
---------------------------------------------
Last week a friend asked few queries regarding use after free vulnerabilities, . Its been a while I wrote a tutorial so taught of cooking a beginners guide this week end. I wanted a live target for the tutorial so my plans were to ..
---------------------------------------------
http://garage4hackers.com/content.php?r=143-Beginners-Guide-to-Use-after-fr…
*** Admin-Oberfläche Froxlor verrät Datenbank-Passwörter ***
---------------------------------------------
Das Server-Management-Panel Froxlor ist verwundbar und Angreifer können unter Umständen das Datenbank-Passwort aus der Ferne auslesen. Eine gefixte Version ist aber noch nicht für alle Linux-Distributionen verfügbar.
---------------------------------------------
http://heise.de/-2765508
*** OpenBSD patch Lets Remote Users Execute Arbitrary Commands on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1033126
*** CVE-2015-0097 Exploited in the Wild ***
---------------------------------------------
In March 2015, Microsoft patched a remote code execution (RCE) vulnerability (CVE-2015-0097) in Microsoft Office. In July 2015, Eduardo Prado released a Proof of Concept (PoC) exploit for this vulnerability here. It did not take long for attackers to repackage this PoC and use it in attacks ..
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-0097_exploi.h…
*** l+f: Smarter Safe lässt sich clever ausrauben ***
---------------------------------------------
Präparierten USB-Stick anstecken, 60 Sekunden warten und schon öffnen sich die Tresor-Türen: Mehr als 10.000 in den USA installierte vermeintlich smarte Tresore sollen sich so knacken lassen. Die Spuren lassen sich dabei restlos verwischen.
---------------------------------------------
http://heise.de/-2765663
*** Why is Passive Mixed Content so serious? ***
---------------------------------------------
One of the most important tools in web security is Transport Layer Security (TLS). It not only protects sensitive information during transit, but also verifies that ..
---------------------------------------------
https://blog.whitehatsec.com/why-is-passive-mixed-content-so-serious/