[CERT-daily] Tageszusammenfassung - Montag 20-07-2015

Mon Jul 20 18:18:30 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 17-07-2015 18:00 − Montag 20-07-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Cyber-securitys dirty little secret: Its not as bad as you think ***
---------------------------------------------
And as for botnets - on their way out A new research report from the Global Commission on Internet Governance has reached a surprising conclusion: cyberspace is actually getting safer.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/07/18/cybersecurity_report/


*** Its the Data, Stupid! ***
---------------------------------------------
At least with MySQL, PostgreSQL and much of the relational database software the defaults are fairly secure: listen on the local interface only and provide some form of authorization by default. This isnt the case with some of the newer NoSQL products that started entering mainstream fairly recently. For the purpose of this article I will talk about one of the more popular NoSQL products called MongoDB, though much of what is being said also applies to other software (Im looking at you Redis).
---------------------------------------------
https://blog.shodan.io/its-the-data-stupid/


*** RedStar OS Watermarking ***
---------------------------------------------
During the last few months information about one of North Koreas operating systems was leaked. It is a Linux based OS that tries to simulate the look and feel of a Mac. Some of it's features have already been discussed on various blog posts and news articles. We thought we would take a short look at the OS. This blog post contains some of the results.
---------------------------------------------
http://www.insinuator.net/2015/07/redstar-os-watermarking/


*** Autoruns and VirusTotal, (Fri, Jul 17th) ***
---------------------------------------------
Continuing my diary entries on Sysinternals tools with VirusTotal support, I'm taking a look at autoruns.
Autoruns is another fine Sysinternals tool that comes with VirusTotal integration. If you are not familiar with autoruns, it scans all auto-starting locations in Windows and provides a comprehensive report. This gives you an overview of all programs that start automatically on the scanned Windows machine.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19933


*** Sigcheck and VirusTotal, (Fri, Jul 17th) ***
---------------------------------------------
Continuing my diary entries on Sysinternals tools with VirusTotal support, I'm taking a look at sigcheck.
Sigcheck is a command-line utility to check the digital signature of files like PE files (EXEs).
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19935


*** Disabled Adobe Flash browser plugin? This might not be enough ***
---------------------------------------------
I went to the Adobes Flash test page and opened it in IE (top left). As expected, the plugin couldnt run because (see the Manage Add-ons window in the bottom-left corner) it has been disabled. And yet when I opened the same test URL in HH - Flash was right there. And this is a problem. Yes, by disabling Flash in the main browsers we have significantly reduced the risk but we have not eliminated it.
---------------------------------------------
http://blog.kulshitsky.com/2015/07/disabled-adobe-flash-browser-plugin.html


*** Parlamentswebsite nur mehr mit aktuellen Browsern nutzbar ***
---------------------------------------------
SSL-Verschlüsselungsprotokolle werden auf den neuesten Stand gebracht
---------------------------------------------
http://derstandard.at/2000019420275


*** Ashley Madison hacked: Site for people who cant be trusted cant be trusted ***
---------------------------------------------
Bin site or well spaff everything, say hax0rz Adulterers hookup website Ashley Madison has been hacked, with the miscreants threatening to release personal details, including users sexual fantasies, unless the site is shut down.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/07/20/ashley_madison_hacked/


*** BSI warnt vor Sicherheitslücke in Blackberry-Link-App für Mac und PC ***
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik warnt vor einem Fehler in dem Synchronisationstool. Nutzer sollten aktualisieren.
---------------------------------------------
http://heise.de/-2753660


*** Zero Days, the documentary ***
---------------------------------------------
VPRO (the Dutch public broadcasting organisation) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on Youtube.
---------------------------------------------
https://www.f-secure.com/weblog/archives/00002821.html


*** BGP Security Alerts Coming to Twitter ***
---------------------------------------------
At Black Hat, researchers from OpenDNS are expected to launch a new Twitter feed called BGP Stream that will send out alerts on possible BGP and DNS hijacking attacks.
---------------------------------------------
http://threatpost.com/bgp-security-alerts-coming-to-twitter/113843


*** Maligno: An Open Source Pentesting Tool ***
---------------------------------------------
Today I want show you a new tool that could help in your penetration testing activity. Maligno is an open source penetration-testing tool under the FreeBSD license, written in Python for maximum compatibility with Metasploit. It uses the Metasploit framework, in particular msfvenom, to generate the shellcode AES encrypted and encoded prior to transmission. Maligno...
---------------------------------------------
http://resources.infosecinstitute.com/maligno-open-source-penetration-testing-tool/


*** Cyber savvy? Take a Quick Security Awareness Quiz to Find Out ***
---------------------------------------------
So you think you are cyber-savvy knowledgeable in the cyber security risks you face every day in the digital world? Take this quick security quiz and find out. Just get record your answers as you take the quiz. There are 10 questions for this security awareness quiz. You can refer to the Answers Section to...
---------------------------------------------
http://resources.infosecinstitute.com/cyber-savvy-take-a-quick-security-awareness-quiz-to-find-out/


*** Free Tool Looks for HackingTeam Malware ***
---------------------------------------------
Researchers at Rook Security have released a new tool that looks for HackingTeam malware on target systems, and also have published a set of indicators of compromise to help organizations look for signs of an infection from the intrusion software. The HackingTeam Remote Control System is the company's flagship surveillance and intrusion platform. It sold...
---------------------------------------------
http://threatpost.com/free-tool-looks-for-hackingteam-malware/113850


*** OpenSSH anfällig für Bruteforce-Angriffe ***
---------------------------------------------
Die eingestellte Grenze der maximal möglichen Passwort-Angaben vor einem Verbindungsabbruch lässt sich in einigen Konfigurationen recht einfach austricksen.
---------------------------------------------
http://heise.de/-2753501


*** OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) ***
---------------------------------------------
Topic: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) Risk: Low Text:OpenSSH has a default value of six authentication tries before it will close the connection (the ssh client allows only three p...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015070097


*** VU#813631: Total Commander File Info plugin vulnerable to denial of service via an out-of-bounds read ***
---------------------------------------------
Vulnerability Note VU#813631 Total Commander File Info plugin vulnerable to denial of service via an out-of-bounds read Original Release date: 20 Jul 2015 | Last revised: 20 Jul 2015   Overview Total Commanders File Info plugin version 2.21 attempts an out-of-bounds read when reading a file carefully crafted by an attacker.  Description CWE-125: Out-of-bounds Read - CVE-2015-2869An attacker that can control the contents of certain file types may be able to cause an out-of-bounds read error in
---------------------------------------------
http://www.kb.cert.org/vuls/id/813631


*** DFN-CERT-2015-1093: JBoss Enterprise Portal Platform: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsmaßnahmen ***
---------------------------------------------
Durch eine Schwachstelle in JBoss Portal Plattform ist es einem entfernten, einfach authentifizierten Angreifer möglich, Sicherheitsvorkehrungen zu umgehen.
Red Hat stellt für die Komponente PortletBridge von Red Hat JBoss Portal 6.2.0 ein Sicherheitsupdate zur Verfügung.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1093/


*** Security Advisory: PCRE library vulnerability CVE-2015-2326 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/900/sol16984.html?ref=rss


*** HPSBUX03379 SSRT101976 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) ***
---------------------------------------------
A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS).
---------------------------------------------
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04745746


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Power Systems Firmware affected by Open Source - 2 issues for OpenSSL (CVE-2015-0286, CVE-2015-0287) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022521

*** IBM Security Bulletin: DH key exchange protocol vulnerability ("Logjam") in IBM Java SDK affects IBM SPSS Analytic Server (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21961993

*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Virtualization Engine TS7700 (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005295

*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Content Manager Enterprise Edition (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21962455

*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Websphere Partner Gateway Enterprise/Advanced Editions (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21962162

*** IBM Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Rational Publishing Engine (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21961086

*** IBM Security Bulletin: DH key exchange protocol vulnerability ("Logjam") in IBM Java SDK affects IBM SPSS Statistics (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21961214

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SPSS Collaboration and Deployment Services (CVE-2015-0478, CVE-2015-0488, CVE-2015-2808, CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21960528

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 - April 2015 ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005294

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Partner Gateway Advanced/Enterprise (CVE-2015-0488, CVE-2015-1916, CVE-2015-2808, CVE-2015-0204) ***
http://www.ibm.com/support/docview.wss?uid=swg21957734

*** IBM Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Publishing Engine (CVE-2015-2808) ***
http://www.ibm.com/support/docview.wss?uid=swg21961080

*** IBM Security Bulletin: Security Vulnerability in IBM WebSphere Application Server affects IBM WebSphere Partner Gateway Advanced/Enterprise (CVE-2015-1920) ***
http://www.ibm.com/support/docview.wss?uid=swg21957802

*** IBM Security Bulletin: Insufficient authorization in Service REST API and cross site scripting vulnerability in REST API affecting IBM Business Process Manager (CVE-2015-1905, CVE-2015-1906) ***
http://www.ibm.com/support/docview.wss?uid=swg21700717

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System (CVE-2015-0410 and CVE-2014-6593) ***
http://www.ibm.com/support/docview.wss?uid=swg21962372