[CERT-daily] Tageszusammenfassung - Montag 31-08-2015

Daily end-of-shift report team at cert.at
Mon Aug 31 18:20:06 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 28-08-2015 18:00 − Montag 31-08-2015 18:00
Handler:     Stephan Richter
Co-Handler:  Alexander Riepl




*** OWASP veröffentlicht Handbuch zum Schutz gegen automatisierte Angriffe ***
---------------------------------------------
Als Hilfe für das Absichern von Webanwendungen hat die Non-Profit-Organisation OWASP ein Handbuch für Entwickler herausgebracht, das bislang wenig beachtete Angriffe beschreibt.
---------------------------------------------
http://heise.de/-2794167




*** Spionage-Trojaner Regin: Symantec entdeckt 49 weitere Module ***
---------------------------------------------
Das Sicherheitsunternehmen Symantec hatte Ende des vergangenen Jahres die Ausspähungssoftware "Regin" entdeckt. Nun warten die Experten mit neuen Einzelheiten auf.
---------------------------------------------
http://heise.de/-2794176




*** Linux Foundation releases PARANOID internal infosec guide ***
---------------------------------------------
Workstation security tips for system administrators. Linux Foundation project director Konstantin Ryabitsev has publicly-released the penguinistas internal hardening requirements to help sysadmins and other paranoid tech bods and system administrators secure their workstations.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/31/harden_like_linux_foundation/




*** Detecting file changes on Microsoft systems with FCIV, (Mon, Aug 31st) ***
---------------------------------------------
Microsoft releases often interesting tools to help system administrators and incident handlers to investigate suspicious activities on Windows systems. In 2012, they released a free tool called FCIV(File Checksum Integrity Verifier)(1). It is a stand alone executable which does not require any DLL or other resources. Just launch it from any location.Its goal is to browse a file system or some directories recursively and to generate MD5/SHA1 hashes of all the files found. The results are saved in a...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20091&rss




*** Schwachstellen in Kontrollsoftware von Kraftwerken und Raffinerien ***
---------------------------------------------
Siemens und Schneider Electric haben eine Reihe von Lücken in SCADA-Systemen geschlossen. Zum Teil kommt die betroffene Software auch in deutschen Kraftwerken zum Einsatz.
---------------------------------------------
http://heise.de/-2794724




*** Security: Standardpasswörter bei Heimroutern entdeckt ***
---------------------------------------------
Mindestens fünf Router diverser Hersteller haben leicht zu erratene Standardpasswörter für den administrativen Zugang. Mit ihnen lassen sich die Geräte aus der Ferne manipulieren.
---------------------------------------------
http://www.golem.de/news/security-standardpasswoerter-bei-heimroutern-entdeckt-1508-116028-rss.html




*** Contributor Conference: Owncloud führt Programm für Bug-Bounties ein ***
---------------------------------------------
Hacker können nun auch mit der Sicherheitsprüfung von Owncloud Geld verdienen. Die Prämien können sich allerdings noch nicht mit denen von großen Unternehmen wie Google oder Microsoft messen.
---------------------------------------------
http://www.golem.de/news/contributor-conference-owncloud-fuehrt-programm-fuer-bug-bounties-ein-1508-116016-rss.html




*** Whos afraid of shadow IT? ***
---------------------------------------------
One of the biggest disruptions in the IT world is the quantity and quality of SaaS tools. From email and storage, to phone systems and infrastructure, it has never been easier to use top of the range ...
---------------------------------------------
http://www.net-security.org/article.php?id=2373




*** KeyRaider Malware Steals Certificates, Keys and Account Data From Jailbroken iPhones ***
---------------------------------------------
Researchers have discovered a new strain of iOS malware dubbed KeyRaider that targets jailbroken devices and has the ability to steal certificates, private keys, and Apple account information. The malware already has claimed the private Apple account data of more than 225,000 victims. The KeyRaider malware was discovered by researchers at Palo Alto Networks, who...
---------------------------------------------
http://threatpost.com/keyraider-malware-steals-certificates-keys-and-account-data-from-jailbroken-iphones/114473




*** SSD Advisory - AppLock Multiple Vulnerabilities ***
---------------------------------------------
The following report describes three ( 3 ) different vulnerabilities found in the AppLock, an Android application, with over 10 Millions of downloads, used to secure pictures, videos and application with a PIN code.
---------------------------------------------
https://blogs.securiteam.com/index.php/archives/2558




*** DRDoS, UDP-Based protocols and BitTorrent ***
---------------------------------------------
On July 1st, 2015, the security team at BitTorrent received a report [1] from Florian Adamsky about Distributed Reflective Denial of Service (DRDoS) vulnerabilities affecting several BitTorrent products making use of UDP-based [2] protocols. uTorrent, BitTorrent and BitTorrent Sync use the Micro Transport Protocol (µTP) [3] implementation in libuTP [4] as the preferred transport backend running on top of UDP. While these vulnerabilities have been described before in other alerts [5] in...
---------------------------------------------
http://engineering.bittorrent.com/2015/08/27/drdos-udp-based-protocols-and-bittorrent/




*** Patch für Schwachstelle in Hewlett Packard lt4112 LTE/HSPA+ Gobi 4G Module (Remote Execution of Arbitrary Code) ***
---------------------------------------------
Hewlett Packard hat ein Security Bulletin zu einer Sicherheitslücke im HP lt4112 LTE/HSPA+ Gobi 4G Module veröffentlicht. Die Schwachstelle erlaubt einem entfernten Angreifer das Ausführen beliebigen Codes. Ein Firmware-Update, welches das Problem behebt, ist verfügbar. CVE-Nummern: CVE-2015-5367, CVE-2015-5367 CVSS2 Base Score: 6.9...
---------------------------------------------
http://www.cert.at/services/blog/20150831172201-1588.html




*** TA15-240A: Controlling Outbound DNS Access ***
---------------------------------------------
Original release date: August 28, 2015 Systems Affected Networked systems Overview US-CERT has observed an increase in Domain Name System (DNS) traffic from client systems within internal networks to publically hosted DNS servers. Direct client access to Internet DNS servers, rather than controlled access through enterprise DNS servers, can expose an organization to unnecessary security risks and system inefficiencies. This Alert provides recommendations for improving security related to...
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA15-240A




*** NetIQ Access Manager 4.1 Support Pack 1 Hot Fix 1 4.1.1.1-9 ***
---------------------------------------------
Abstract: NetIQ Access Manager 4.1 Support Pack 1 Hot Fix 1 build (version 4.1.1.1-9). This file contains updates for services contained in the NetIQ Access Manager 4.1 product and requires 4.1 SP1 to be installed as a minimum. NetIQ recommends that all customers running Access Manager 4.1 release code apply this patch.  The purpose of the patch is to provide a bundle of fixes for security issues that have surfaced since NetIQ Access Manager 4.1 SP1 was released. These fixes include updates to...
---------------------------------------------
https://download.novell.com/Download?buildid=ceIVdhBEV2o~




*** Edimax PS-1206MF Web Admin Auth Bypass ***
---------------------------------------------
Topic: Edimax PS-1206MF Web Admin Auth Bypass Risk: High Text:# Title: Edimax PS-1206MF - Web Admin Auth Bypass # Date: 30.08.15 # Vendor: edimax.com # Firmware version: 4.8.25 # Author...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015080183




*** HPSBMU03416 rev.1 - HP Data Protector, Remote Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP Data Protector. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information.
---------------------------------------------
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04776510




*** IBM Security Bulletins ***
---------------------------------------------

*** IBM Security Bulletin: Potential Information Disclosure vulnerability could expose user personal data in WebSphere Commerce (CVE-2015-4980) ***
http://www.ibm.com/support/docview.wss?uid=swg21965013

*** IBM Security Bulletin: Java CVE-2015-2590 ***
http://www.ibm.com/support/docview.wss?uid=nas8N1020888

*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Sterling Connect:Direct for HP NonStop (CVE-2015-1792, CVE-2015-1789, CVE-2015-1790) ***
http://www.ibm.com/support/docview.wss?uid=swg21963603

*** IBM Security Bulletin: Apache Tomcat Vulnerability in Algo Audit and Compliance (CVE-2014-0230 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21963664

*** IBM Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2014-0230) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005258

*** IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation and Rational Requirements Composer with potential for Cross Site Scripting attack (CVE-2015-1917) ***
http://www.ibm.com/support/docview.wss?uid=swg21713610

*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Storwize V7000 Unified (CVE-2013-7423) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005316

*** Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Flex System Manger (FSM) (CVE-2013-2877, CVE-2014-0191, CVE-2014-3660) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098592

*** Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) (Multiple CVEs) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098591




*** WordPress Responsive Thumbnail Slider 1.0 Shell Upload ***
---------------------------------------------
Topic: WordPress Responsive Thumbnail Slider 1.0 Shell Upload Risk: High Text:<!-- # Exploit Title: Wordpress Responsive Thumbnail Slider Arbitrary File Upload # Date: 2015/8/29 # Exploit Author: Arash ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015080170


More information about the Daily mailing list