[CERT-daily] Tageszusammenfassung - Dienstag 22-12-2015

Daily end-of-shift report team at cert.at
Tue Dec 22 18:04:27 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 21-12-2015 18:00 − Dienstag 22-12-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** IBM Security Bulletin: Blind SQL injection vulnerability in IBM OpenPages GRC Platform API (CVE-2015-5049) ***
---------------------------------------------
 A blind SQL injection vulnerability has been found in the OpenPages GRC Platform API that could allow retrival or manipulation of information in the database. 
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21970590




*** Cisco IOS XE Software Packet Processing Denial of Service Vulnerability ***
---------------------------------------------
The vulnerability is due to incorrect processing of packets that have a source MAC address of 0000:0000:0000. An attacker could exploit this vulnerability by sending a frame that has a source MAC address of all zeros to an affected device. A successful exploit could allow the attacker to cause the device to reload.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2015-1221-iosxe




*** [20151207] - Core - SQL Injection ***
---------------------------------------------
Inadequate filtering of request data leads to a SQL Injection vulnerability.
---------------------------------------------
https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html




*** [20151206] - Core - Session Hardening ***
---------------------------------------------
The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). This fixes the bug across all supported PHP versions.
---------------------------------------------
https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html




*** First Exploit Attempts For Juniper Backdoor Against Honeypot ***
---------------------------------------------
We are detecting numerous login attempts against our ssh honeypots using the ScreenOSbackdoor password. Our honeypot doesnt emulate ScreenOS beyond the login banner, so we do not know what the attackers are up to, but some of the attacks appear to be manual in that we do see the attacker trying different ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20525




*** Protecting Your Sites from Apache.Commons Vulnerabilities ***
---------------------------------------------
A few weeks ago, FoxGlove Security released this important blog post that includes several Proof-of-Concepts for exploiting Java unserialize vulnerabilities. A remote attacker can gain Remote Code Execution by sending specially crafted payload to any endpoint expecting a serialized ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Protecting-Your-Sites-from-Apache-Commons-Vulnerabilities/




*** Oracle muss Java-Updates nachbessern ***
---------------------------------------------
Alte Java-Versionen müssen restlos von Computern verschwinden. Dafür muss Oracle sorgen.
---------------------------------------------
http://heise.de/-3052761




*** Shopshifting: Sicherheitsforscher decken Lücken im elektronischen Zahlungsverkehr auf ***
---------------------------------------------
Bezahl-Terminals sprechen übers Netz mit ihrer Kasse und dem Bezahldienstleister. Beide Kommunikationskanäle weisen Schwächen auf, die ein Angreifer nutzen kann, um Kunden oder Ladeninhaber auszuplündern.
---------------------------------------------
http://heise.de/-3052165




*** rt-sa-2015-013 ***
---------------------------------------------
https://www.redteam-pentesting.de/advisories/rt-sa-2015-013.txt




*** Juniper backdoors ***
---------------------------------------------
Juniper hat in einem Advisory (hier unsere unsere Warnung dazu) der Welt gesagt, dass sie bei einem Code-Audit zwei Hintertüren in ScreenOS gefunden haben.Die eine ist eine technisch ziemlich triviale Sache: ein konstantes Passwort erlaubt den Login per ssh oder telnet. Angeblich hat es nur 6 Stunden gebraucht, um dieses ..
---------------------------------------------
http://www.cert.at/services/blog/20151222153859-1646.html




*** IBM Security Bulletin: Multiple XSS Vulnerabilities in IBM UrbanCode Deploy (CVE-2015-7415) ***
---------------------------------------------
IBM UrbanCode Deploy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker ..
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21970811




*** Bericht: Hacker haben Teile des US-Stromnetzes infiltriert ***
---------------------------------------------
In rund zwölf Fällen sollen Cyberangriffe auf Kontrollzentren von Energieversorgern in den USA während der vergangenen zehn Jahre erfolgreich gewesen sein. Der Hack des Anbieters Calpine ging wohl vom Iran aus.
---------------------------------------------
http://heise.de/-3054887




*** Call for Papers: VB2016 Prague ***
---------------------------------------------
VB seeks submissions for the 26th Virus Bulletin Conference.Virus Bulletin is seeking submissions from those wishing to present papers at VB2016, which will take place 5 to 7 October 2016 at the Hyatt Regency Denver Hotel in Denver, Colorado, USA.Originally started as an annual gathering of anti-virus experts, the ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/12_22.xml


More information about the Daily mailing list