=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 03-04-2015 18:00 − Dienstag 07-04-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** On Demand Webinar: Monitoring Linux/UNIX Privileged Users ***
---------------------------------------------
On Demand Webinar - Randy Franklin Smith looks at how to audit what admins do inside Linux and UNIX with sudo's logging capabilities. Then, the BeyondTrust team will walk through how to augment sudo for complete control and auditing over UNIX and Linux user activity.
---------------------------------------------
http://blog.beyondtrust.com/on-demand-webinar-monitoring-linuxunix-privileg…
*** Dyre Wolf malware steals more than $1 million, bypasses 2FA protection ***
---------------------------------------------
Campaign is crude and brazen, but rakes in cash anyway.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/dSucTqiLvNI/
*** Angler Exploit Kit Utilizing 302 Cushioning and Domain Shadowing ***
---------------------------------------------
Overview Angler Exploit Kit is one of the most prevalent and advanced exploit kits in use today and is continually evolving. Angler continues to utilize malvertising to push landing pages and malicious actors are still registering domains solely for serving exploits, but recently, weve noticed an increase in two new infection vectors - 302 Cushioning and Domain Shadowing. 302 Cushioning, or a
---------------------------------------------
http://feedproxy.google.com/~r/zscaler/research/~3/JUMaL-rqARE/angler-explo…
*** Bugs in Tor exploited to run DoS against black markets ***
---------------------------------------------
A severe vulnerability in Tor network was exploited by attackers to run denial of service attacks against two underground black markets. An operator of an underground black market hosted on the Tor network revealed that hit site suffered a DoS attack that exploited a flaw in Tor architecture. The event is not isolated, a similar...
---------------------------------------------
http://securityaffairs.co/wordpress/35663/hacking/bugs-in-tor-dos.html
*** Bring Out Your Dead: An Update on the PCI relevance of SSLv3 ***
---------------------------------------------
In October, a tidal wave of discussion surrounding SSLv3 hit the information security community with the release of the POODLE attack vector. This served to heat up existing discussions about when and how organizations would give SSLv3 the final thump...
---------------------------------------------
https://www.ambiron.com/Resources/SpiderLabs-Blog/Bring-Out-Your-Dead--An-U…
*** A severe arbitrary code execution in BitTorrent Sync affects various products ***
---------------------------------------------
A security expert has discovered a severe vulnerability in BitTorrent Sync that can be exploited by a remote attacker to execute arbitrary code on a vulnerable machine. The security expert Andrea Micalizzi, also known as "rgod", has discovered a serious vulnerability in BitTorrent Sync (CVE-2015-2846) can be exploited by a remote attacker to execute arbitrary code.
---------------------------------------------
http://securityaffairs.co/wordpress/35752/hacking/severe-flaw-bittorrent-sy…
*** SS7-Schwachstellen: Firewalls sollen Angriffe mildern ***
---------------------------------------------
Die Probleme im Protokoll SS7 lassen sich nicht ohne weiteres absichern, denn es wurden dafür nie entsprechende Sicherheitsmaßnahmen implementiert. Mit Firewalls können Provider Schwachstellen zumindest abmildern.
---------------------------------------------
http://www.golem.de/news/ss7-schwachstellen-firewalls-sollen-angriffe-milde…
*** Fuzzing: Wie man Heartbleed hätte finden können ***
---------------------------------------------
Vor einem Jahr machte der Heartbleed-Bug in OpenSSL Schlagzeilen - doch solche Bugs lassen sich mit Hilfe von Fuzzing-Technologien aufspüren. Wir haben das mit den Tools American Fuzzy Lop und Address Sanitizer nachvollzogen und den Heartbleed-Bug neu entdeckt.
---------------------------------------------
http://www.golem.de/news/fuzzing-wie-man-heartbleed-haette-finden-koennen-1…
*** Firefox-Update: Mozilla schaltet opportunistische Verschlüsselung wieder aus ***
---------------------------------------------
Nicht mal eine Woche nach Firefox 37 muss Mozilla nun Firefox 37.0.1 nachlegen. Das Sicherheits-Feature "opportunistic encryption" kann missbraucht werden, um die Sicherheit von SSL/TLS-Verbindungen zu untergraben und wurde wieder entfernt.
---------------------------------------------
http://heise.de/-2596576
*** Cell Phone Opsec ***
---------------------------------------------
Heres an article on making secret phone calls with cell phones. His step-by-step instructions for making a clandestine phone call are as follows: Analyze your daily movements, paying special attention to anchor points (basis of operation like home or work) and dormant periods in schedules (8-12 p.m. or when cell phones arent changing locations); Leave your daily cell phone behind...
---------------------------------------------
https://www.schneier.com/blog/archives/2015/04/cell_phone_opse.html
*** ZDI-15-112: ManageEngine Desktop Central MSP InventorySWMeteringServlet domain File Upload Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-112/
*** ZDI-15-113: ManageEngine OpManager MultipartRequestServlet filename File Upload Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-113/
*** ZDI-15-114: ManageEngine Desktop Central MSP AndroidCheckInServlet UDID Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-114/
*** ZDI-15-115: BitTorrent Sync btsync: Protocol Command Injection Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent Sync. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-115/
*** ZDI-15-116: IBM Lotus Domino SSL2 Client Master Key Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-116/
*** ZDI-15-117: IBM Lotus Domino LDAP ModifyRequest add Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Domino. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-117/
*** Security Advisory: OpenSSL vulnerability CVE-2015-0287 ***
---------------------------------------------
(SOL16318)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16318.htm…
*** Security Advisory: OpenSSL vulnerability CVE-2009-5146 ***
---------------------------------------------
(SOL16337)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16337.htm…
*** Security Advisory: Multiple MySQL vulnerabilities ***
---------------------------------------------
(SOL16355)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16355.htm…
*** SA-CONTRIB-2015-065 - Registration codes - Multiple vulnerabilities ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-065Project: Registration codes (third-party module)Version: 6.x, 7.xDate: 2015-March-04 Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Scripting, Cross Site Request ForgeryDescriptionRegistration codes module allows new account registrations only for users who provide a valid registration code. The module was not properly sanitizing user supplied text in some pages, thereby exposing XSS
---------------------------------------------
https://www.drupal.org/node/2445955
*** OpenSSH 6.8 Insecure Functions ***
---------------------------------------------
Topic: OpenSSH 6.8 Insecure Functions Risk: Low Text:-=[Advanced Information Security Corp]=- Author: Nicholas Lemonias Report Date: 2/4/2015 Email: lem.nikolas (at) gmail ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015040029
*** IDM 4.0.2 ACF2 Driver Version 4.0.0.3 Patch 1 ***
---------------------------------------------
Abstract: IDM 4.0.2-4.5 Bi-Directional ACF2 Driver Version 4.0.0.3. This patch is for the Identity Manager 4.0.2 to 4.5 ACF2 Driver. Field patch for IDMLOAD.XMT, SAMPLIB.XMT, RACFEXEC.XMTDocument ID: 5206570Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm402acf2_4003.tar.gz (2.55 MB)Products:Identity Manager 4.0.2Identity Manager 4.5Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=oJ3evaNQb2M~
*** IDM 4.0.2 RACF Driver Version 4.0.0.11 Patch 3 ***
---------------------------------------------
Abstract: IDM 4.0.2-4.5 Bi-Directional RACF Driver Version 4.0.0.11. This patch is for the Identity Manager 4.0.2 to 4.5 RACF Driver. Field patch for IDMLOAD.XMT, SAMPLIB.XMT, RACFEXEC.XMTDocument ID: 5206551Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm402racf_40011.tar.gz (2.99 MB)Products:Identity Manager 4.0.2Identity Manager 4.5Superceded Patches:IDM 4.0.2 RACF Driver Version 4.0.0.8 Patch2
---------------------------------------------
https://download.novell.com/Download?buildid=6F0mcIA5UQs~
*** IDM 4.0.2-4.5 Top Secret Driver Version 3.6.1.10 Patch 1 ***
---------------------------------------------
Abstract: IDM 4.0.2-4.5 Bi-Directional Top Secret Driver Version 3.6.1.10. Field patch for IDMLOAD.XMT, SAMPLIB.XMT, TSSEXEC.XMTDocument ID: 5206590Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm402topsecret_36110.tar.gz (2.66 MB)Products:Identity Manager 4.0.2Identity Manager 4.5Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=_WYyICODfL8~
*** Cisco Wireless LAN Controller HTML Help Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38222
*** HPSBMU03296 rev.1 - HP BladeSystem c-Class Onboard Administrator running OpenSSL, Remote Denial of Service (DoS) ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP BladeSystem c-Class Onboard Administrator. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow a Denial of Service (DoS).
---------------------------------------------
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04599440
*** HPSBGN03306 rev.1 - HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL, Remote Denial of Service (DoS) ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS).
---------------------------------------------
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04626468
*** DFN-CERT-2015-0463 - Google Chrome, Chromium, Ubuntu oxide-qt: Mehrere Schwachstellen ermöglichen u. a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
07.04.2015
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0463/
*** Security Advisory: Persistent XSS in WP-Super-Cache ***
---------------------------------------------
Security Risk: Dangerous Exploitation level: Very Easy/Remote DREAD Score: 8/10 Vulnerability: Persistent XSS Patched Version: 1.4.4 During a routine audit for our Website Firewall (WAF), we discovered a dangerous Persistent XSS vulnerability affecting the very popular WP-Super-Cache plugin (more than a million active installs according to wordpress.org). The security issue, as well as another bug-fixRead More
---------------------------------------------
http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 02-04-2015 18:00 − Freitag 03-04-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Website Malware - The SWF iFrame Injector Evolves ***
---------------------------------------------
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invisible, ..
---------------------------------------------
http://blog.sucuri.net/2015/04/website-malware-the-swf-iframe-injector-evol…
*** Audit Concludes No Backdoors in TrueCrypt ***
---------------------------------------------
Auditors performing a cryptanalysis of TrueCrypt found four vulnerabilities, but zero backdoors in the popular open source encryption software.
---------------------------------------------
http://threatpost.com/audit-concludes-no-backdoors-in-truecrypt/111994
*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38194http://tools.cisco.com/security/center/viewAlert.x?alertId=38193http://tools.cisco.com/security/center/viewAlert.x?alertId=38210
*** The Fine Line Between Ad and Adware: A Closer Look at the MDash SDK ***
---------------------------------------------
Just last month, there were reports that Google removed three apps from its Play Store as they were discovered to be adware in disguise. At the time of the discovery, the apps were said to have been downloaded into millions of devices, ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/the-fine-line-be…
*** VMSA-2015-0003 ***
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
*** All in One SEO Pack <= 2.2.5.1 - Authentication Bypass ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7881
*** Schneider Electric VAMPSET Software Buffer Overflow Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a vulnerability in the Schneider Electric VAMPSET software.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-092-01
*** SSH Fingerprints Are Important, (Fri, Apr 3rd) ***
---------------------------------------------
Some years ago, I was preparing Cisco certification exams. I connected via SSH to a new Cisco router, and was presented with this familiar dialog: This made me think: before proceeding, I wanted to obtain the fingerprint out-of-band, via a trusted channel, so that I could verify it. So I took a ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19543
*** Android Security - 2014 in Review ***
---------------------------------------------
https://static.googleusercontent.com/media/source.android.com/en/us/devices…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 01-04-2015 18:00 − Donnerstag 02-04-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Phishing-Mails mit Anweisungen des Chefs oft erfolgreich ***
---------------------------------------------
Phishing-Mails werden immer raffinierter. So gibt es etwa getarnte Mails vom Boss an seine Mitarbeiter, Geld zu überweisen, die höchst erfolgreich sind.
---------------------------------------------
http://futurezone.at/digital-life/phishing-mails-mit-anweisungen-des-chefs-…
*** User Import - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-093 ***
---------------------------------------------
This module enables the import of users into Drupal, or the update of existing users, with data from a CSV file (comma separated file).Some management URLs were not properly protected. A malicious user could trick an administrator ..
---------------------------------------------
https://www.drupal.org/node/2463949
*** Password Policy - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-090 ***
---------------------------------------------
The Password Policy module allows enforcing restrictions on user passwords by defining password policies.The module doesnt sufficiently sanitize usernames in some administration pages, thereby exposing a Cross Site Scripting ..
---------------------------------------------
https://www.drupal.org/node/2463835
*** NewPosThings Has New PoS Things ***
---------------------------------------------
Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has…
*** Google suspends CNNIC from Chromes certificate store ***
---------------------------------------------
Chinese certificate authority told to re-apply.When a web client, such as a browser, attempts to make an HTTPS connection, it needs to know that no man-in-the-middle attack is taking place. The web server therefore proves its ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/04_02b.xml
*** Frühjahrsputz bei Chrome: Fast 200 Adware-Plug-ins fliegen raus ***
---------------------------------------------
Google räumt im Chrome Web Store auf und verbannt reihenweise Adware-Erweiterungen, die Millionen von Nutzern mit Werbung genervt haben. In Zukunft sollen derartige Plagegeister erst gar nicht im Web Store landen.
---------------------------------------------
http://heise.de/-2595248
*** E-Mail-Sicherheit: Gedächtnislücken und Darkmail-Ideen ***
---------------------------------------------
Die Internet Engineering Task Force hat sich die Vertraulichkeit der Internetprotokolle auf die Fahnen geschrieben. Was lässt sich bei E-Mails noch machen? Zum Beispiel Metadaten verbergen. Auch gibt es Versuche, sichere E-Mail handlicher zu machen.
---------------------------------------------
http://heise.de/-2595167
*** Using the docker command to root the host (totally not a security issue) ***
---------------------------------------------
It is possible to do a few more things more with docker besides working with containers, such as creating a root shell on the host, overwriting system configuration files, reading restricted stuff, etc.
---------------------------------------------
http://reventlov.com/advisories/using-the-docker-command-to-root-the-host
*** Analysis of a Romanian Botnet ***
---------------------------------------------
Recently I noticed some strange entries in our web server log files. Specifically, someone was trying to exploit our servers using the ShellShock vulnerability (CVE-2014-6271) to execute a ..
---------------------------------------------
http://blog.politoinc.com/2015/04/analysis-of-a-romanian-botnet/
*** Verschlüsselung: Truecrypt-Audit findet kleinere Sicherheitsprobleme ***
---------------------------------------------
Die zweite Phase des Audits für die Verschlüsselungssoftware Truecrypt ist beendet. Dabei wurden die kryptographischen Funktionen untersucht. Einige Sicherheitsprobleme wurden entdeckt, sie treten aber nur in seltenen Fällen auf.
---------------------------------------------
http://www.golem.de/news/verschluesselung-truecrypt-audit-findet-kleinere-s…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 31-03-2015 18:00 − Mittwoch 01-04-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38113http://tools.cisco.com/security/center/viewAlert.x?alertId=38118http://tools.cisco.com/security/center/viewAlert.x?alertId=38114http://tools.cisco.com/security/center/viewAlert.x?alertId=38124
*** The Resurrection of CVE-2011-2461 ***
---------------------------------------------
Security researchers Luca Carettoni and Mauro Gentile recently found during their research that even though Adobe has fixed an old vulnerability found in 2011 (CVE-2011-2461), its side effects still linger around the Internet. Your favorite ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/the-resurrection…
*** OWASP/WASC Distributed Web Honeypots Project Re-Launch - Seeking Participants ***
---------------------------------------------
The SpiderLabs Research Team is proud to announce that we are officially re-launching the Distributed Web Honeypots Project under the new joint OWASP/WASC project home! For those SpiderLabs Blog readers who follow our ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/OWASP/WASC-Distributed-…
*** Intro to E-Commerce and PCI Compliance - Part I ***
---------------------------------------------
Have you ever heard of the term Payment Card Industry (PCI)? Specifically, PCI compliance? If you have an e-commerce website, you probably have already heard about it. But do ..
---------------------------------------------
http://blog.sucuri.net/2015/03/intro-to-e-commerce-and-pci-compliance-part-…
*** Inductive Automation Ignition Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for several vulnerabilities in Inductive Automation's Ignition Software.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-090-01
*** Ecava IntegraXor DLL Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for two DLL loading vulnerabilities in Ecava's IntegraXor SCADA Server.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-090-02
*** Hospira MedNet Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for four vulnerabilities in Hospira's MedNet server software.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-090-03
*** Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-15-085-01 Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities, ..
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-085-01A
*** Rig Exploit Kit Changes Traffic Patterns, (Wed, Apr 1st) ***
---------------------------------------------
Sometime within the past month, Rig exploit kit (EK) changed URL structure." /> Notice the PHPSSESID and ?req= patterns in the above example." /> Now, we dont see the PHPSSESID and ?req= patterns. Lets take a closer look at the more ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19533
*** Multiple Xen-vulnerabilities ***
---------------------------------------------
http://www.securitytracker.com/id/1031994http://www.securitytracker.com/id/1031998http://www.securitytracker.com/id/1031997
*** Crypto-Ransomware Sightings and Trends for 1Q 2015 ***
---------------------------------------------
It seems that cybercriminals have yet to tire of creating crypto-ransomware malware. Since the start of 2015, we have spotted several variants of crypto-ransomware plague the threat landscape. In January, the Australia-New Zealand region was beset by variants of TorrentLocker. But we soon ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/crypto-ransomwar…
*** Firefox 37 verbessert Browser-Sicherheit ***
---------------------------------------------
Es ist wieder einmal Update-Zeit bei Mozilla: Mit Firefox 37 gibt es nun also eine neue Version des Browsers, die vor allem Sicherheitsverbesserungen verspricht.
---------------------------------------------
http://derstandard.at/2000013734909
*** A timeline of mobile botnets ***
---------------------------------------------
With the recent explosion in smartphone usage, malware authors have increasingly focused their attention on mobile devices, leading to a steep rise in mobile malware over the past couple of years. In this paper, Ruchna Nigam focuses on mobile botnets, drawing up an inventory of types of known mobile bot variants.
---------------------------------------------
https://www.virusbtn.com/virusbulletin/archive/2015/03/vb201503-mobile-botn…
*** Google: Fünf Prozent aller Nutzer haben Adware auf ihren Rechnern ***
---------------------------------------------
Bei mehr als einem Drittel davon sind es sogar mehr als vier Tools, die Werbung in Webseiten injizieren
---------------------------------------------
http://derstandard.at/2000013745151
*** Smartes Türschloss August war zu gastfreundlich ***
---------------------------------------------
Durch eine Lücke in vernetzten Türschlossern konnten sich deren Besitzer unangemeldet untereinander besuchen.
---------------------------------------------
http://heise.de/-2593822
*** JOSE - JSON Object Signing and Encryption ***
---------------------------------------------
Federated Identity Management has become very widespread in past years - in addition to enterprise deployments a lot of popular web services allow users to carry their identity over multiple sites. Social networking ..
---------------------------------------------
https://securityblog.redhat.com/2015/04/01/jose-json-object-signing-and-enc…
*** DNS/AXFR: Nameserver verraten Geheim-URLs ***
---------------------------------------------
Das DNS-Protokoll hat eine Funktion, mit der man umfangreiche Informationen zu einer Domain abfragen kann. Dieser sogenannte AXFR-Transfer ist normalerweise ..
---------------------------------------------
http://www.golem.de/news/dns-axfr-nameserver-verraten-geheim-urls-1504-1132…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 30-03-2015 18:00 − Dienstag 31-03-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** New reconnaissance threat Trojan.Laziok targets the energy sector ***
---------------------------------------------
A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised ..
---------------------------------------------
http://www.symantec.com/connect/blogs/new-reconnaissance-threat-trojanlazio…
*** WordPress Leads 1.6.1-1.6.2 - Persistent XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7871
*** Drive-by code and Phishing on Swiss websites in 2014 ***
---------------------------------------------
In 2014, about 1,800 Swiss websites were cleaned from drive-by code, compared with 2,700 in 2013, a decline of 33%. At the same time, the number of phishing cases affecting .ch and .li ..
---------------------------------------------
http://securityblog.switch.ch/2015/03/31/drive-by-phishing-swiss-websites-2…
*** Citrix Command Center Bugs Let Remote Users Download Files and Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1031993
*** VB2015 conference programme announced ***
---------------------------------------------
>From drones to elephants: an exciting range of topics will be covered in Prague.In six months time, security researchers from around the world will gather in Prague for the 25th Virus Bulletin conference. Today we are excited to reveal the conference programme.As every year, the selection committees task ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/03_31.xml?rss
*** IoT Research - Smartbands ***
---------------------------------------------
One of the big trends in sphere of health and fitness are fitness trackers such as smartbands. Tracking devices and their mobile applications from three leading vendors were inspected in this report to shed some light on the current ..
---------------------------------------------
http://securelist.com/analysis/publications/69412/iot-research-smartbands/
*** Chinas Man-on-the-Side Attack on GitHub ***
---------------------------------------------
We have looked closer at this attack, and can conclude that China is using their active and passive network infrastructure in order to perform a man-on-the-side attack against GitHub. See our "TTL analysis" at the end of ..
---------------------------------------------
http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-…
*** Hacking Browsers: Are Browsers the Weakest Link of the Security Chain? ***
---------------------------------------------
Current scenario The number of cyber attacks is constantly increasing, and according to security experts they grow even more sophisticated. The security firm Secunia has recently released its annual study of trends in software vulnerabilities, an interesting report that highlights the ..
---------------------------------------------
http://resources.infosecinstitute.com/hacking-browsers-are-browsers-the-wea…
*** The sad state of SMTP encryption ***
---------------------------------------------
This is a quick recap of why Im sad about SMTP encryption. It explains how TLS certificate verification in SMTP is useless even if you force it.
---------------------------------------------
https://blog.filippo.io/the-sad-state-of-smtp-encryption/
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 27-03-2015 18:00 − Montag 30-03-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** iOS, OS X Library AFNetwork Patches MiTM Vulnerability ***
---------------------------------------------
Until yesterday, a popular networking library for iOS and OS X, used by several apps like Pinterest and Simple was susceptible to SSL man-in-the-middle (MiTM) attacks.
---------------------------------------------
http://threatpost.com/ios-os-x-library-afnetwork-patches-mitm-vulnerability…
*** Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38079
*** Privilege Escalation in TYPO3 Neos ***
---------------------------------------------
http://www.typo3.org/news/article/privilege-escalation-in-typo3-neos/
*** Offenbar schwerwiegendes Datenleck bei Uber ***
---------------------------------------------
Offenbar kursieren im Dark Web zurzeit Zugangsdaten zu Tausenden von Nutzerkonten des Fahrdienstes Uber. Diese werden zu Spottpreisen von mehreren Anbietern laut Motherboard verhökert. Die Datensätze enthalten demnach Benutzername, Passwort und die letzten Ziffern, sowie das Verfallsdatum der ..
---------------------------------------------
http://derstandard.at/2000013594365
*** British Airways: Hacker hatten Zugriff auf Bonusmeilen ***
---------------------------------------------
In einem offenbar automatisierten Angriff auf Konten des British Airways Executive Club ist es Einbrechern möglicherweise gelungen, die Bonusmeilen einiger Kunden abzugreifen.
---------------------------------------------
http://www.golem.de/news/british-airways-hacker-hatten-zugriff-auf-bonusmei…
*** Announcing tlscompare.org ***
---------------------------------------------
As part of an ongoing project on increasing TLS security we are today announcing https://tlscompare.org This webpage is about evaluating a massive extension of the ruleset for HTTPSEverywhere, a browser extension for Chrome and Firefox which ..
---------------------------------------------
https://www.sba-research.org/2015/03/30/announcing-tlscompare-org/
*** Newsletter 3.7.0 - Open Redirect ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7868
*** Projekt-Hosting: Tagelanger DDoS-Angriff auf Github ***
---------------------------------------------
Seit Donnerstag läuft die grösste DDoS-Attacke auf Github seit dem Entstehen des Dienstes. Experten vermuten, der Angriff gehe von chinesische Behörden aus, bestätigt wird das durch den Projekt-Hoster aber nicht.
---------------------------------------------
http://www.golem.de/news/projekt-hosting-tagelanger-ddos-angriff-auf-github…
*** Security Attacks via Malicious QR Codes ***
---------------------------------------------
With the increasing use of smartphones, QR codes are becoming popular. Recently, WhatsApp launched its web version, which needs QR code scanning to access the web version of WhatsApp. So, many people now know what QR code is, but still more are unaware. It is very similar to a bar code we ..
---------------------------------------------
http://resources.infosecinstitute.com/security-attacks-via-malicious-qr-cod…
*** OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=36956
*** Ad Networks Ripe for Abuse Via Malvertising ***
---------------------------------------------
Criminals have found a safe haven abusing legitimate processes, such as real-time bidding, implemented by online advertising networks to move exploits and malware, and build botnets and fraud campaigns.
---------------------------------------------
http://threatpost.com/ad-networks-ripe-for-abuse-via-malvertising/111840
*** WordPress Plugin - Revslider update captions CSS file critical vulnerability ***
---------------------------------------------
Today being another day at work for SecureLayer7 to recover our client's defaced website, and bang I think I hit upon a nasty vulnerability of a famous plugin. Although we successfully patched the vulnerability and we fixed the undoing of the blacklisting. On further research I stumbled ..
---------------------------------------------
http://blog.securelayer7.net/wordpress-plugin-revslider-update-captions-css…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 26-03-2015 18:00 − Freitag 27-03-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Cisco Wireless LAN Controller Task Name aaaQueueReader Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38076
*** Verschlüsselung: Kryptographen zeigen neue Angriffe gegen RC4 ***
---------------------------------------------
Eine bislang wenig beachtete Schwäche von RC4 nutzt der Kryptograph Itsik Mantin für seine neue Angriffsmethode. Ein weiterer kürzlich vorgestellter Angriff betrifft IMAP-Verbindungen.
---------------------------------------------
http://www.golem.de/news/verschluesselung-rc4-erneut-unter-beschuss-1503-11…
*** Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for vulnerabilities in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014. Schneider Electric has released new patches that mitigate these vulnerabilities.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-085-01
*** Beta Bot Trojan ***
---------------------------------------------
In this article, I would like to show how an analysis is performed on the Beta Bot trojan to identify its characteristics. The Beta Bot trojan, classified as Troj/Neurevt-A, is a dangerous trojan. This trojan is transferred to the victim machine through a phishing email, and the user downloads the files disguised ..
---------------------------------------------
http://resources.infosecinstitute.com/beta-bot-trojan/
*** Cisco NX-OS Software DHCP Options Command Injection Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38062
*** Microsoft will Windows-Lücke nicht schliessen ***
---------------------------------------------
Google entdeckt Fehler, über den sich einfache Nutzer Systemrechte verschaffen können.
---------------------------------------------
http://derstandard.at/2000013551658
*** The bizarre, pre-internet history of ransomware ***
---------------------------------------------
Two months ago, I wrote a short article about helping my mother deal with CryptoWall 2.0., a form of computer virus more broadly known as ransomware. Basically what happens is this: You flip open your laptop to find you have been locked out of all your files. Then a ransom note hovers into view, written ..
---------------------------------------------
https://medium.com/un-hackable/the-bizarre-pre-internet-history-of-ransomwa…
*** Baidu's traffic hijacked to DDoS GitHub.com ***
---------------------------------------------
As a Chinese living outside of China, I frequently visit Chinese websites, many of which use advertising and visitor tracking provided by Baidu, the largest search engine available in China. As I was browsing one of the most popular ..
---------------------------------------------
http://insight-labs.org/?p=1682
*** Vulnerability: CVE-2015-0932 ***
---------------------------------------------
ANTLabs InnGate devices are a popular Internet gateway for visitor-based networks. They're commonly installed in hotels, convention centers and other places that provide temporary guests access to a WiFi connection. If you've ever used WiFi in a hotel, you're familiar with these types of devices as they are typically tied to a specific room number for billing purposes.
---------------------------------------------
http://blog.cylance.com//spear-team-cve-2015-0932
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 25-03-2015 18:00 − Donnerstag 26-03-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Pin-up on your Smartphone!, (Thu, Mar 26th) ***
---------------------------------------------
Yeah, okay, I admit that headline is cheap click bait. Originally, it said Certificate Pinning on Smartphones. If you are more interested in pin-ups on your smartphone, I fear youll have to look elsewhere :). Recently, an email provider that I use changed their Internet-facing services completely. I hadnt seen any announcement that this would happen, and the provider likely thought that since the change was transparent to the customer, no announcement was needed. But Im probably a tad more...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19513&rss
*** Data lurking: How to protect your company against overlooked insider threats ***
---------------------------------------------
Enterprises often fear hackers as their number one security threat. However, they should be more scared of what happens internally. More often than not, data breaches come from employees or system err...
---------------------------------------------
http://www.net-security.org/article.php?id=2245
*** Setting issue in Windows 7 and 8.1 could allow privilege escalation ***
---------------------------------------------
Experts of the Project Zero have disclosed a proof-of-concept for the exploitation of a default setting in Windows 7, 8.1 that allow privilege escalation. A new security issue threatens users of Windows 7 and 8.1, this time experts are warning about a default setting in both OSs that could allow local users to elevate privileges...
---------------------------------------------
http://securityaffairs.co/wordpress/35318/hacking/win-7-and-8-1-privilege-e…
*** Security Harden CentOS 7 ***
---------------------------------------------
This HowTo walks you through the steps required to security harden CentOS 7, it's based on the OpenSCAP benchmark, unfortunately the current version of OpenSCAP that ships with CentOS does not offically support CentOS CPEs. But there is a "workaround" that will allow OpenSCAP + OpenSCAP workbench to run on CentOS, I'll document this in a separate post.
---------------------------------------------
http://highon.coffee/blog/security-harden-centos-7/
*** Encryption Solutions for the New World ***
---------------------------------------------
Keeping personal information secure and protected remains a top priority for computer users who now rely heavily on information systems to manage a large part of their personal and business lives. One of the ways to make sure only authorized users have access to information is the use of encryption, a process that transforms data...
---------------------------------------------
http://resources.infosecinstitute.com/encryption-solutions-for-the-new-worl…
*** Who Is the Antidetect Author? ***
---------------------------------------------
Earlier this month I wrote about Antidetect, a commercial tool designed to help thieves evade fraud detection schemes employed by many e-commerce companies. That piece walked readers through a sales video produced by the author of Antidetect showing the software being used to buy products online with stolen credit cards. Today, well take a closer look at clues to a possible real-life identity of this tools creator.
---------------------------------------------
http://krebsonsecurity.com/2015/03/who-is-the-antidetect-author/
*** Hacking-Kit für Steuergeräte im Auto ***
---------------------------------------------
Ein Hacking-Toolkit soll dabei helfen, IT-Sicherheitslücken bei Autos aufzudecken. Ziel ist es, die Hersteller zu mehr Sorgfalt bei diesem Thema zu bewegen.
---------------------------------------------
http://heise.de/-2585225
*** Verschlüsselung: RC4 erneut unter Beschuss ***
---------------------------------------------
Auf der Black Hat Asia hat der Kryptograph Itsik Mantin neue Angriffsmethoden gegen die RC4-Verschlüsselung vorgestellt. Den Grundstein dazu hatte Mantin bereits vor 13 Jahren gelegt. Davon unabhängig wurde kürzlich ein weiterer Angriff gegen RC4 vorgestellt, der IMAP-Verbindungen betrifft.
---------------------------------------------
http://www.golem.de/news/verschluesselung-rc4-erneut-unter-beschuss-1503-11…
*** WordPress Malware Causes Psuedo-Darkleech Infection ***
---------------------------------------------
Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses. It's difficult to detect because the malware is only active when both server and site admins are not logged in, and the iFrame is only injected once a dayRead More
---------------------------------------------
http://blog.sucuri.net/2015/03/pseudo-darkleech-server-root-infection.html
*** VMSA-2015-0001.2 ***
---------------------------------------------
VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0001.html
*** DFN-CERT-2015-0416 - Citrix Command Center: Zwei Schwachstellen ermöglichen die Übernahme des Systems ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0416/
*** EMC Isilon OneFS Privilege Escalation ***
---------------------------------------------
Topic: EMC Isilon OneFS Privilege Escalation Risk: Medium Text:ESA-2015-049: EMC Isilon OneFS Privilege Escalation Vulnerability EMC Identifier: ESA-2015-049 CVE Identifier: CVE-2015-...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015030182
*** Security Advisories for Drupal Third-Party Modules ***
---------------------------------------------
*** Linear Case - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-084 ***
https://www.drupal.org/node/2459327
*** Webform Multiple File Upload - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-083 ***
https://www.drupal.org/node/2459323
*** Crumbs - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-082 ***
https://www.drupal.org/node/2459315
*** Petition - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-081 ***
https://www.drupal.org/node/2459311
*** Invoice - Moderately Critical - Multiple vulnerabilities - Unsupported - SA-CONTRIB-2015-085 ***
https://www.drupal.org/node/2459337
*** Ubercart Webform Checkout Pane - Moderately Critical - Cross Site Scripting (XSS) - Unsupported - SA-CONTRIB-2015-087 ***
https://www.drupal.org/node/2459359
*** Decisions - Moderately Critical - Cross Site Scripting (XSS) - Unsupported - SA-CONTRIB-2015-086 ***
https://www.drupal.org/node/2459349
*** Decisions - Moderately Critical - Cross Site Request Forgery (CSRF) - Unsupported - SA-CONTRIB-2015-086 ***
https://www.drupal.org/node/2459349
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 24-03-2015 18:00 − Mittwoch 25-03-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Patched Flash Vulnerability Now Part of Exploit Kit (March 20, 2015) ***
---------------------------------------------
A vulnerability in Adobes Flash Player that was patched on March 12 has already been added to an exploit kit.......
---------------------------------------------
http://www.sans.org/newsletters/newsbites/r/17/23/200
*** Macro-based Malware Increases Along with Spam Volume, Now Drops BARTALEX ***
---------------------------------------------
Early this year Microsoft reported an increase in macro-related threats being used to spread malware via spam. Similarly, we've been seeing a drastic increase in spammed emails with attached Microsoft Word documents and Microsoft Excel spreadsheets that come with embedded macros. Macros are a set of commands or code that are meant to help automate...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/EHquGcibJew/
*** 15,435 vulnerabilities across 3,870 applications were recorded in 2014 ***
---------------------------------------------
In 2014, 15,435 vulnerabilities were discovered according to data from Secunia Research. The vulnerabilities are spread across 3,870 applications published by 500 different vendors, and these numbers ...
---------------------------------------------
http://www.net-security.org/secworld.php?id=18132
*** l+f: XXSs not dead ***
---------------------------------------------
Nur weil es keine Schlagzeilen mehr macht, ist es noch lange nicht aus der Welt. Das beweist etwa eine XSS-Lücke bei Amazon.
---------------------------------------------
http://heise.de/-2584311
*** Multifunctional Vawtrak malware now updated via favicons ***
---------------------------------------------
The Vawtrak (aka Snifula) multifunctional malware has been around since mid-2013. Its information-stealing, backdoor and spying capabilities deservedly earned it the description as the "Swiss army kni...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2997
*** Not using IPv6? Are you sure? ***
---------------------------------------------
Internet Protocol version 6 (IPv6) has been around for many years and was first supported in Red Hat Enterprise Linux 6 in 2010. Designed to provide, among other things, additional address space on the ever-growing Internet, IPv6 has only recently...
---------------------------------------------
https://securityblog.redhat.com/2015/03/25/security-considerations-regardin…
*** PHP 5.5.23 is available, (Wed, Mar 25th) ***
---------------------------------------------
>From the fine folks at php.net: The PHP development team announces the immediate availability of PHP 5.5.23. Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP 5.5 users are encouraged to upgrade to this version. (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19507&rss
*** F-Secure: FSC-2015-2: PATH TRAVERSAL VULNERABILITY, (Wed, Mar 25th) ***
---------------------------------------------
F-Secure has announced a security vulnerability affecting their corporate and consumer protection products. The details are available here: https://www.f-secure.com/en/web/labs_global/fsc-2015-2
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19509&rss
*** Researcher finds backdoor opened by Dells helper app ***
---------------------------------------------
A security researcher has discovered a serious bug in Dell System Detect, the software Dell users are urged to use to download the appropriate drivers for their machines. The flaw can be exploited by ...
---------------------------------------------
http://www.net-security.org/secworld.php?id=18134
*** Flash in 2015 ***
---------------------------------------------
In the past few years, web exploits had three main targets: Internet Explorer, Java, and Flash. In 2013, the popularity of Java exploits peaked. Bug hunters became really good at finding Java bugs, and corrupting the security manager was a convenient exploitation technique. Multiple exploit campaigns used Java zero-days, and exploit kits (EK) universally adopted these exploits.
In January of 2014, however, Oracle blocked the execution of unsigned applets by default, and exploit authors largely abandoned Java. The change left Internet Explorer and Adobe Flash as the next best targets. Both IE and Flash received attention from exploit developers, but in June of 2014, Microsoft began rolling out heap corruption mitigations such as an isolated heap and delayed frees for IE. Exploit developers again, needed to shift their focus.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/03/flash_in_2015.html
*** Guest talk: "Large-scale Automated Software Diversity - Programming Language Technology to Enhance System Security" ***
---------------------------------------------
26/03/2015 - 10:00 am - 11:00 am SBA Research Favoritenstraße 16 1040 Wien
---------------------------------------------
https://www.sba-research.org/events/guest-talk-large-scale-automated-softwa…
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco IOS XR Software DHCPv4 Server Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=38006
*** Cisco Mobility Service Engine Password Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=38007
*** Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2014-3566, CVE-2014-6457, CVE-2014-6593, CVE-2015-0410) ***
http://www.ibm.com/support/docview.wss?uid=swg21699013
*** IBM Security Bulletin: NTP vulnerabilities affect IBM SmartCloud Entry (CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022036
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0206) ***
http://www.ibm.com/support/docview.wss?uid=swg21697205
*** IBM Security Bulletin: IBM Cloud Manager with OpenStack Nova Vulnerability (CVE-2014-3708) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022097
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime Technology Edition affect Rational Functional Tester (CVE-2014-3065, CVE-2014-3566, CVE-2014-6511) ***
http://www.ibm.com/support/docview.wss?uid=swg21693297
*** IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Content Collector for SAP Applications (CVE-2015-0138, CVE-2014-8730) ***
http://www.ibm.com/support/docview.wss?uid=swg21699263
*** IBM Security Bulletin : Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and WebSphere Message Broker ***
http://www.ibm.com/support/docview.wss?uid=swg21697107
*** IBM Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect Rational DOORS Web Access (CVE-2014-6593, CVE-2015-0410, CVE-2015-0138) ***
http://www.ibm.com/support/docview.wss?uid=swg21697068
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2014-6549) (CVE-2015-0408) (CVE-2015-0412) (CVE-2015-0395) (CVE-2015-0403) (CVE-2015-0406) (CVE-2015-0410) ***
http://www.ibm.com/support/docview.wss?uid=swg21699907
*** DFN-CERT-2015-0399 GnuTLS: Mehrere Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0399/
*** GE and MACTek HART Device DTM Vulnerability (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-15-036-01 GE and MACTek HART Device DTM Vulnerability that was published February 5, 2015, on the NCCIC/ICS-CERT web site. This advisory provides mitigation details for an improper input vulnerability in the HART Device Type Manager (DTM) library utilized in GE and MACTek's HART Device DTM.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-036-01A
*** Random Article component for Joomla! multiple SQL injection ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/101773
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 23-03-2015 18:00 − Dienstag 24-03-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** DMARC and Spam: Why It Matters ***
---------------------------------------------
Recently I discussed how TorrentLocker spam was using email authentication for its spam runs. At the time, I suggested that these spam runs were using email authentication to gather information about victim networks and potentially improve the ability to evade spam filters. DomainKeys Identified Mail's (DKIM) own specification mentions the possibility of messages with from "trusted sources" and with a...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/W3IX-WkypVo/
*** Why enterprise IT and security teams should talk more ***
---------------------------------------------
The "It wont happen to me" mentality combined with communication gaps between the IT and security teams greatly increases enterprises risk of being breached.
---------------------------------------------
http://www.scmagazine.com/why-enterprise-it-and-security-teams-should-talk-…
*** Xen shows off 35-piece cloudpocalypse collection ***
---------------------------------------------
The latest fixing fashions for open-source hypervisors hit the catwalk The Xen Project has fixed 35 flaws, all rated critical, for versions 4.3 and 4.4 of its flagship hypervisor. The fixes appear to correspond to flaws identified after the late February 2014 cloudpocalypse, when major cloud providers feared they would once again need to reboot substantial parts of their server fleets to keep them secure.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/03/24/xen_shows_o…
*** Four advantages of an identity behavior-based approach to cybersecurity ***
---------------------------------------------
With an ever-increasing number of data breaches, more money is being poured into IT security budgets. According to Gartner, the average global security budget increased 8 percent from 2013 to 2014 and...
---------------------------------------------
http://www.net-security.org/article.php?id=2243
*** KNX-Schwachstellen: Spielen mit den Lichtern der anderen ***
---------------------------------------------
Das aktuelle KNX-Protokoll abzusichern, halten die Entwickler nicht für nötig. Denn Angreifer brauchen physischen Zugriff auf das System. Doch den bekommen sie leichter als gedacht - und können dann sogar Türöffner und Alarmanlagen steuern.
---------------------------------------------
http://www.golem.de/news/knx-schwachstellen-spielen-mit-den-lichtern-der-an…
*** BlackHat talk hibernated over 0-day in SAPs Afaria mobile manager ***
---------------------------------------------
Researcher has form as a gent: he held back disclosure of medical records leak Alexander Polyakov has been forced to withdraw a talk detailing dangerous vulnerabilities into SAPs mobile device management product Afaria scheduled to be given at BlackHat Asia Pacific this week.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/03/24/sap_blackha…
*** Google deckt erneut Missbrauch im SSL-Zertifizierungssystem auf ***
---------------------------------------------
Über das Public-Key-Pinning im Webbrowser Chrome ist Google auf gefälschte Zertifikate für Google-Domains gestoßen. Diese werden von der Root-CA CNNIC beglaubigt, der viele Betriebssysteme und Browser beim Aufbau verschlüsselter Verbindungen vertrauen.
---------------------------------------------
http://heise.de/-2583414
*** The importance of standards in electronic identification and trust services providers ***
---------------------------------------------
ENISA publishes a new report on the importance of standards in the area of electronic identification and trust services providers.
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/the-importance-of-standards-in-…
*** Full, cracked version of NanoCore RAT leaked, onslaught of infection attempts expected ***
---------------------------------------------
NanoCore, a lesser-known remote access Trojan (RAT), has recently been spotted being delivered to employees of energy companies in Asia and the Middle East via spear-phishing emails impersonating a le...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2995
*** Android Installer Hijacking Vulnerability Could Expose Android Users to Malware ***
---------------------------------------------
Executive Summary We discovered a widespread vulnerability in Google's Android OS we are calling "Android Installer Hijacking", estimated to impact 49.5 percent of all current Android users. In detail: Android Installer Hijacking allows an attacker...
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/03/android-installer-hijack…
*** The average DDoS attack tripled in volume ***
---------------------------------------------
The average packet volume for DDoS attacks increased 340 percent to 4.36 million packets per second (Mpps), and the average bit volume swelled 245 percent to 12.1 Gbps in the final quarter of 2014, ac...
---------------------------------------------
http://www.net-security.org/secworld.php?id=18125
*** Privilege Gone Wild 2: Over 25% of Organizations Have No Privileged Access Controls ***
---------------------------------------------
BeyondTrust recently conducted a survey, with over 700 respondents, to explore how organizations view the risk of misuse from privileged account misuse, as well as trends in addressing and mitigating those risks.
---------------------------------------------
http://blog.beyondtrust.com/privilege-gone-wild-2-over-25-of-organizations-…
*** Is Your Multi-Factor Authentication Solution the Real Thing? ***
---------------------------------------------
In infosec, multi-factor authentication is often considered a positive, constructive element of layered security. However, some people have an oversimplified view. With multi-factor authentication, there are many nuances to consider. At BSides Austin I presented on this topic. When shopping for a multi-factor authentication solution, what should you look for? There are over 200 multi-factor authentication vendors, how do you evaluate the best one for your needs? You can weed out more the half
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/is-your-multi-factor-a…
*** Why Website Reinfections Happen ***
---------------------------------------------
I joined Sucuri a little over a month ago. My job is actually as a Social Media Specialist, but we have this process where regardless of your job you have to learn what website infections look like and more importantly, how to clean them. It's this idea that regardless of you are you must always...
---------------------------------------------
http://blog.sucuri.net/2015/03/why-website-reinfections-happen.html
*** HP Security Bulletins ***
---------------------------------------------
*** HPSBST03196 rev.1- HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Code Execution ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04599191
*** HPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information, Unauthorized Access ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04604357
*** HPSBHF03289 rev.1- HP ThinClient PCs running ThinPro Linux, Remote Code Execution, Denial of Service, Disclosure of information ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04602055
*** HPSBMU03220 rev.1 - HP Shunra Network Appliance / HP Shunra Wildcat Appliance, Remote Execution of Code ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04518183
*** HPSBMU03297 rev.1- HP Helion Application Lifecycle Service (ALS) for Linux, Remote Code Execution ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04599861
*** HPSBMU03301 rev.1 - HP BladeSystem c-Class Onboard Administrator running OpenSSL, Remote Disclosure of Information ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04609844
*** HPSBHF03151 rev.1 - HP Integrated Lights-Out 2 and 4 (iLO 2, iLO 4), Chassis Management (iLO CM), Remote Denial of Service, Remote Execution of Code, Elevation of Privilege ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04486432
*** HPSBHF03275 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO 2, iLO 3, iLO 4), Remote Disclosure of Information ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04582218
*** HPSBHF03276 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO 2, iLO 3, iLO 4), Remote Unauthorized Access, Denial of Service (Dos) ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04582368
*** HPSBMU03292 rev.1 - HP Operations Orchestration Authentication Bypass ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04595607
*** HPSBMU03291 rev.1 - HP Operations Orchestration running Powershell Operations, Remote Disclosure of Information ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04595417
*** HPSBMU03263 rev.1 - HP Insight Control running OpenSSL, Remote Disclosure of Information ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04574073
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050 and 5710 are affected by vulnerabilities in NTP (CVE-2014-9293, CVE-2014-9294, CVE-2014-9297, CVE-2014-9298) ***
http://www.ibm.com/support/docview.wss?uid=swg21699578
*** IBM Security Bulletin: Vulnerabilities in IBM Rational ClearQuest (CVE-2014-8925) ***
http://www.ibm.com/support/docview.wss?uid=swg21699148
*** IBM Security Bulletin: IBM Forms Experience Builder is affected by a Dojo Toolkit vulnerability (CVE-2014-8917) ***
http://www.ibm.com/support/docview.wss?uid=swg21697448
*** IBM Security Bulletin: IBM Security Identity Manager Adapters passwords exposed in log files (CVE-2014-8923) ***
http://www.ibm.com/support/docview.wss?uid=swg21699902
*** IBM Security Bulletin: Multiple vulnerabilities IBM Java SDK affect IBM Rational Connector for SAP Solution Manager (CVE-2014-3566 CVE-2014-6457) ***
http://www.ibm.com/support/docview.wss?uid=swg21698921
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2014-3065) ***
http://www.ibm.com/support/docview.wss?uid=swg21696456
*** IBM Security Bulletin: Multiple vulnerabilities in Java Runtime affect XIV Management Tools (CVE-2015-0410) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005143
*** IBM Security Bulletin: Multiple vulnerabilities IBM Java SDK affect IBM Rational Connector for SAP Solution Manager (CVE-2014-6593 CVE-2015-0410) ***
http://www.ibm.com/support/docview.wss?uid=swg21698695
*** IBM Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller and Storwize Family (CVE-2014-7809) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005037
*** IBM Security Bulletin: Multiple Kerberos (krb5) vulnerabilities affect PowerKVM (Multiple CVEs) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022076
*** IBM Security Bulletin: Security Bulletin: IBM i is affected by the following SAMBA vulnerabilities: CVE-2015-0240 ***
http://www.ibm.com/support/docview.wss?uid=nas8N1020638
*** EMC Documentum xMS information disclosure ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/101741
*** DSA-3203 tor - security update ***
---------------------------------------------
Several denial-of-service issues have been discovered in Tor, aconnection-based low-latency anonymous communication system.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3203
*** InBoundio Marketing Plugin <= 2.0.3 - Shell Upload ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7864