======================= = End-of-Shift report = =======================
Timeframe: Mittwoch 28-10-2015 18:00 − Donnerstag 29-10-2015 18:00 Handler: Stephan Richter Co-Handler: n/a
*** Why Is the NSA Moving Away from Elliptic Curve Cryptography? *** --------------------------------------------- In August, I wrote about the NSAs plans to move to quantum-resistant algorithms for its own cryptographic needs. Cryptographers Neal Koblitz and Alfred Menezes just published a long paper speculating as to the governments real motives for doing this. They range from some new cryptanalysis of ECC to a political need after the DUAL_EC_PRNG disaster -- to the stated reason... --------------------------------------------- https://www.schneier.com/blog/archives/2015/10/why_is_the_nsa_.html
*** New DDoS attacks misuse NetBIOS name server, RPC portmap, and Sentinel licensing servers *** --------------------------------------------- Akamai has observed three new reflection DDoS attacks in recent months: NetBIOS name server reflection, RPC portmap reflection, and Sentinel reflection. In a reflection DDoS attack, also called a D... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/g4MR874bgXg/secworld.php
*** TLS-Zertifikate: Google greift gegen Symantec durch *** --------------------------------------------- Symantec hatte im September mehrere Tausend unberechtigte TLS-Zertifikate ausgestellt, verschweigt aber zunächst das Ausmaß des Vorfalls. Google zeigt dafür wenig Verständnis und stellt einige Bedingungen für den Verbleib der Symantec-Rootzertifikate im Chrome-Browser. (Symantec, Google) --------------------------------------------- http://www.golem.de/news/tls-zertifikate-google-greift-gegen-symantec-durch-...
*** Jackpotting: Geldautomaten in Deutschland mit USB-Stick ausgeräumt *** --------------------------------------------- Seit 2010 ist das Plündern von Geldautomaten per USB-Stick bekannt. In Deutschland wurde nun erstmals ein Täter dabei gefilmt, wie er zwei Automaten an einem Tag ausräumte. (Security, Black Hat) --------------------------------------------- http://www.golem.de/news/jackpotting-geldautomaten-in-deutschland-mit-usb-st...
*** Security: Forscher stellen LTE-Angriffe mit 1.250-Euro-Hardware vor *** --------------------------------------------- LTE-Netzwerke galten bislang als deutlich sicherer als GSM- und 3G-Netzwerke. Anfang der Woche hat ein Team von Forschern jetzt verschiedene praktische Angriffe vorgestellt, die mit geringen Kosten und kommerzieller Hardware funktionieren sollen. (Security, Smartphone) --------------------------------------------- http://www.golem.de/news/security-forscher-stellen-lte-angriffe-mit-1-250-eu...
*** USB cleaning device for the masses, (Thu, Oct 29th) *** --------------------------------------------- For so long, USB keys have been a nice out-of-bandinfection vector. People like goodies and people like to plug those small pieces of plastic into their computers. Even if good solutions exists (like BitLocker- the standard solution provided by Microsoft), a lot of infrastructureare not protected against the use ofrogue USB keys for many good or obscure reasons. There are also multiple reasons to receive USB keys: from partners, customers, contractors, vendors, etc. The best practice should be... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20315&rss
*** XEN Security Advisories *** --------------------------------------------- Advisory | Public release | Updated | Version | CVE(s) | Title XSA-153 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7972 | x86: populate-on-demand balloon size inaccuracy can crash guests XSA-152 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7971 | x86: some pmu and profiling hypercalls log without rate limiting XSA-151 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7969 | x86: leak of per-domain profiling-related vcpu pointer array XSA-150 | 2015-10-29 11:59 | 2015-10-29... --------------------------------------------- http://xenbits.xen.org/xsa/
*** Cisco ASR 5500 SAE Gateway Lets Remote Users Cause the Target BGP Process to Restart *** --------------------------------------------- http://www.securitytracker.com/id/1034024
*** IBM DB2 TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections *** --------------------------------------------- http://www.securitytracker.com/id/1033991
*** JBoss Operations Network Cassandra JMX/RMI Interface Lets Remote Users Execute Arbitrary Code on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1034002
*** DSA-3382 phpmyadmin - security update *** --------------------------------------------- https://www.debian.org/security/2015/dsa-3382
*** Security Notice - Statement About WormHole Vulnerability in Baidu Apps Preset in Huawei Phones *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/...
*** Security Advisory - UE Measurement Leak Vulnerability in Huawei P8 Phones *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisori...
*** Security Advisory: OpenSSH vulnerability CVE-2015-5352 *** --------------------------------------------- (SOL17461) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/17000/400/sol17461.html...
*** VU#573848: Qolsys IQ Panel contains multiple vulnerabilities *** --------------------------------------------- Vulnerability Note VU#573848 Qolsys IQ Panel contains multiple vulnerabilities Original Release date: 29 Oct 2015 | Last revised: 29 Oct 2015 Overview All firmware versions of Qolsys IQ Panel contain hard-coded cryptographic keys, do not validate signatures during software updates, and use a vulnerable version of Android OS. Description Qolsys IQ Panel is an Android OS-based touch screen controller for home automation devices and functions. All firmware versions contain the following --------------------------------------------- http://www.kb.cert.org/vuls/id/573848
*** IBM Security Bulletins *** ---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2015-2613 CVE-2015-2601 CVE-2015-2625 CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005435
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affects SAN Volume Controller and Storwize Family (CVE-2015-1789 CVE-2015-1791 CVE-2015-1788 ) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005434
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005314
*** IBM Security Bulletin: Weak file permissions vulnerability affects IBM Tivoli Monitoring for Tivoli Storage Manager (CVE-2015-4927) *** http://www.ibm.com/support/docview.wss?uid=swg21969340
*** IBM Security Bulletin: A security vulnerability in IBM WebSphere Application Server affects IBM Security Access Manager for Web version 7.0 software installations and IBM Tivoli Access Manager for e-business (CVE-2015-1946) *** http://www.ibm.com/support/docview.wss?uid=swg21969077
*** IBM Security Bulletin: Vulnerability in RC4 stream cipher affects N-series Data ONTAP (CVE-2015-2808) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005273
*** IBM Security Bulletin: Multiple vulnerabilities in Firefox, affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-4497, CVE-2015-4498) *** http://www.ibm.com/support/docview.wss?uid=swg21968836
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Access Manager for Mobile (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21963711