[CERT-daily] Tageszusammenfassung - Montag 14-12-2015
Daily end-of-shift report
team at cert.at
Mon Dec 14 18:29:09 CET 2015
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 11-12-2015 18:00 − Montag 14-12-2015 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
*** IBM Security Bulletin ***
---------------------------------------------
*** Vulnerability in Apache Commons affects WebSphere Message Broker and IBM Integration Bus (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21972391
---------------------------------------------
***Vulnerability in Apache Commons affects Tivoli Network Manager Transmission Edition (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971891
---------------------------------------------
***Vulnerability in Apache Commons affects Rational Developer for System z (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971643
---------------------------------------------
***Vulnerability in the IBM Installation Manager script (CVE-2015-7442) ***
http://www.ibm.com/support/docview.wss?uid=swg21971295
---------------------------------------------
***Vulnerability in Apache Commons affects Rational Software Architect, Rational Software Architect for WebSphere Software and Rational Software Architect RealTime (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21972753
---------------------------------------------
***Vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) ***
http://www.ibm.com/support/docview.wss?uid=swg21972951
---------------------------------------------
***A security vulnerability has been identified in IBM Maximo Asset Management which could allow an attacker to obtain sensitive information via REST API (CVE-2015-7452) ***
http://www.ibm.com/support/docview.wss?uid=swg21972463
---------------------------------------------
***IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2015-7451) ***
http://www.ibm.com/support/docview.wss?uid=swg21972423
---------------------------------------------
***IBM Security Network Intrusion Prevention System is affected by krb5 vulnerabilities (CVE-2014-4341, CVE-2013-1418 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21970321
---------------------------------------------
***A vulnerability in OpenSSH affects IBM Security Network Intrusion Prevention System (CVE-2015-5600) ***
http://www.ibm.com/support/docview.wss?uid=swg21969673
---------------------------------------------
***A vulnerability in net-snmp affects IBM Security Network Intrusion Prevention System (CVE-2014-3565) ***
http://www.ibm.com/support/docview.wss?uid=swg21972208
---------------------------------------------
***Vulnerabilities in curl affect IBM Security Network Intrusion Prevention System ***
http://www.ibm.com/support/docview.wss?uid=swg21968978
---------------------------------------------
***A security vulnerability has been identified in IBM Rational ClearQuest (CVE-2015-4996) ***
http://www.ibm.com/support/docview.wss?uid=swg21972331
---------------------------------------------
***Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Provisioning Manager (CVE-2015-2601, CVE-2015-1931, CVE-2015-2625) ***
http://www.ibm.com/support/docview.wss?uid=swg21972941
---------------------------------------------
***Vulnerabilities in OpenSSL affect IBM Cognos Planning(CVE-2015-1789, CVE-2015-1790, CVE-2015-1792) ***
http://www.ibm.com/support/docview.wss?uid=swg21971729
---------------------------------------------
*** Website Malware - Evolution of Pseudo Darkleech ***
---------------------------------------------
Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and coordinates, iframes with No-IP host names, and random dimensions where the ..
---------------------------------------------
https://blog.sucuri.net/2015/12/evolution-of-pseudo-darkleech.html
*** iTunes 12.3.2 ***
---------------------------------------------
https://support.apple.com/kb/HT205636
*** Security Advisory: Apache Groovy vulnerability CVE-2015-3253 ***
---------------------------------------------
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. (CVE-2015-3253)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/49/sol49233165.html
*** Security Update 2015-006 Yosemite ***
---------------------------------------------
https://support.apple.com/kb/HT205653
*** OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks ***
---------------------------------------------
https://support.apple.com/kb/HT205637
*** OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks ***
---------------------------------------------
https://support.apple.com/kb/HT205375
*** What Signs Are You Missing? ***
---------------------------------------------
While recently listening to a presentation, I found my attention drawn to a metal water container at the center of the conference room table. Condensation was all around it and without ever having to interact with the container, I found ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20481
*** Google Bans Symantec Root Certificates ***
---------------------------------------------
An anonymous reader writes: After in September Google discovered SSL certificates issued in its name by Symantec, and after in October the company discovered over 2,500 ..
---------------------------------------------
http://tech.slashdot.org/story/15/12/12/2255212/google-bans-symantec-root-certificates
*** DSA-3416 libphp-phpmailer - security update ***
---------------------------------------------
Takeshi Terada discovered a vulnerability in PHPMailer, a PHP library foremail transfer, used by many CMSs. The library accepted email addressesand SMTP commands containing line breaks, which can be abused by anattacker to inject messages.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3416
*** Memory-resident modular malware menaces moneymen ***
---------------------------------------------
Latentbot avoids your HDD - and its been off the radar for two years A stealthy strain of malware resident only in memory has been quietly pwning victims around the world for two years.
---------------------------------------------
www.theregister.co.uk/2015/12/14/latentbot_memory_resident_malware/
*** Lenovo/CSR: Bluetooth-Treiber installiert Root-Zertifikat ***
---------------------------------------------
Ein Bluetooth-Treiber für Chips der Firma CSR installiert zwei Root-Zertifikate, mit denen der Besitzer des privaten Schlüssels HTTPS-Verbindungen angreifen könnte. Offenbar handelt es sich um Testzertifikate zur Treibersignierung während der Entwicklung.
---------------------------------------------
http://www.golem.de/news/lenovo-csr-bluetooth-treiber-installiert-root-zertifikat-1512-117996.html
*** Inside the German cybercriminal underground ***
---------------------------------------------
Trend Micro investigated on German crime forums and concluded that Germany possesses the most advanced cybercrime ecosystem in the European Union. We have reported several times the news related to various criminal cybercriminal ..
---------------------------------------------
http://securityaffairs.co/wordpress/42802/cyber-crime/german-cybercriminal-underground.html
*** [20151214] - Core - Remote Code Execution Vulnerability ***
---------------------------------------------
Browser information are not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability.
---------------------------------------------
https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html
*** [20151214] - Core - CSRF Hardening ***
---------------------------------------------
Add additional CSRF hardening in com_templates.
---------------------------------------------
https://developer.joomla.org/security-centre/633-20151214-core-csrf-hardening.html
*** [20151214] - Core - Directory Traversal ***
---------------------------------------------
Fails to properly sanitise input data from the XML install file located within the package archive.
---------------------------------------------
https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html
*** Bugtraq: ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537111
*** Bugtraq: [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537109
*** Sicherheitsforscher: Datenleck bei Mackeeper erlaubt freien Zugriff auf Nutzerdaten ***
---------------------------------------------
Die Datenbank der umstrittetenen Mac-Software Mackeeper sei frei zugänglich, erklärt ein Sicherheitsforscher. Er habe 13 Millionen Datensätze mit Nutzerinformationen ungehindert heruntergeladen.
---------------------------------------------
http://heise.de/-3043720
More information about the Daily
mailing list