[CERT-daily] Tageszusammenfassung - Mittwoch 19-08-2015

Daily end-of-shift report team at cert.at
Wed Aug 19 18:16:12 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 18-08-2015 18:00 − Mittwoch 19-08-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** SANS Incident Response Survey 2015 Infographic ***
---------------------------------------------
So, you have a security policy, a blue team tasked with protecting your organization and an incident response plan. What happens when the inevitable occurs - you are attacked? SANS just released their 2015 Incident Response survey, summarizing results from 507 survey respondents who shared the top attack types they are seeing, and what is (and it not) working today in terms of incident response. The good news: malware, data breaches and Advanced Persistent Threats (APT's) were all...
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/sans-incident-response-survey-2015-infographic-1




*** Who should be responsible for IT security? ***
---------------------------------------------
Hot potato, or hot job? Typically, when a cybersecurity problem arises, it's the IT department that gets it in the neck. Ostensibly, that makes sense. After all, if someone is in your network mining your database for corporate secrets, it's hardly the office manager or the accounts receivable department's lookout, right?
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/18/responsibility_for_it_security/




*** Kehrtwende bei Mail-Sicherheit: Web.de und GMX führen DANE ein ***
---------------------------------------------
Mit seinen beiden Diensten gehört United Internet zu den Gründern der Initiative "E-Mail made in Germany", die ein eigenes Verfahren für die Absicherung des Mail-Transports einsetzt. Dennoch soll nun die moderne DANE-Technik hinzukommen.
---------------------------------------------
http://heise.de/-2782473




*** Später lesen: Schwerwiegende Backend-Lücken in Pocket nachgewiesen ***
---------------------------------------------
Ohne viel Aufwand hat ein Sicherheitsforscher auf die Backend-Infrastruktur von Pocket zugreifen können. Die Fehler sind zwar inzwischen behoben, dem Streit um die Aufnahme der App zum späteren Lesen in den Firefox-Browser könnte dies aber neuen Anschub geben.
---------------------------------------------
http://www.golem.de/news/spaeter-lesen-schwerwiegende-backend-luecken-in-pocket-nachgewiesen-1508-115846-rss.html




*** Outsourcing critical infrastructure (such as DNS), (Wed, Aug 19th) ***
---------------------------------------------
Migrating everything to cloud or various online services is becoming increasingly popular in last couple of years (and will probably not stop). However, leaving our most valuable jewels with someone else makes a lot of security people (me included) nervous. During some of the latest external penetration tests I noticed an increasing trend of companies moving some of their services to various cloud solutions or to their providers.target.com. IN ANSWER SECTION: target.com. 1365 IN NS
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20057&rss




*** IE Bug Exploited In Wild After Microsoft Releases Out-Of-Band Patch ***
---------------------------------------------
Remote code execution vulnerability in Internet Explorer versions 7 through 11 being used to drop PlugX RAT.
---------------------------------------------
http://www.darkreading.com/attacks-breaches/ie-bug-exploited-in-wild-after-microsoft-releases-out-of-band-patch/d/d-id/1321820




*** MS15-093 - Critical: Security Update for Internet Explorer (3088903) - Version: 1.0 ***
---------------------------------------------
This security update resolves a vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS15-093




*** Security Hotfix Available for LiveCycle Data Services (APSB15-20) ***
---------------------------------------------
A Security Bulletin (APSB15-20) has been published regarding a hotfix for LiveCycle DS. This hotfix addresses an important vulnerability that could result in information disclosure. Adobe recommends users apply the hotfix using the instructions provided in the "Solution" section of the Security Bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1259




*** Fortinet FortiGate/FortiOS MAC Authentication Flaw Lets Remote Users Modify Data on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1033256




*** Security Notice - Statement on "Fingerprints on Mobile Devices: Abusing and Leaking" at the Black Hat Conference ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-450997.htm




*** DSA-3337 gdk-pixbuf - security update ***
---------------------------------------------
Gustavo Grieco discovered a heap overflow in the processing of BMP imageswhich may result in the execution of arbitrary code if a malformed imageis opened.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3337




*** Security Advisory: ICMP packet processing vulnerability CVE-2015-5058 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/17000/000/sol17047.html?ref=rss




*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime and IBM WebSphere Application Server Liberty Profile affect WebSphere Appliance Management Center ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21963684




*** IBM Security Bulletin: Websphere Message Broker and IBM Integration Bus are affected by access control vulnerability (CVE-2015-2018) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21961734




*** Security Bulletin: Vulnerabilities in SSLv3 and GNU C library (glibc) affect multiple products shipped with Intelligent Cluster (CVE-2014-3566, CVE-2015-0235) ***
---------------------------------------------
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098516




*** Cisco TelePresence Video Communication Server Expressway Command Execution Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40522




*** Cisco Unified Interaction Manager Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40555




*** Cisco TelePresence Video Communication Server Expressway Arbitrary File Injection Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40518




*** Multiple Cisco Finesse Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40436


More information about the Daily mailing list