[CERT-daily] Tageszusammenfassung - Mittwoch 25-11-2015
Daily end-of-shift report
team at cert.at
Wed Nov 25 18:05:11 CET 2015
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 24-11-2015 18:00 − Mittwoch 25-11-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Cisco Unified CallManager and Unified Presence Server ICMP Echo Request Handling Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20070328-CVE-2007-1834
*** A $10 Tool Can Guess (And Steal) Your Next Credit Card Number ***
---------------------------------------------
A pattern in AmEx card numbers allows Samy Kamkars DIY gadget to predict and use new numbers for fraud as fast as the company can generate them.
---------------------------------------------
http://www.wired.com/2015/11/samy-kamkar-10-dollar-tool-can-guess-and-steal-your-next-credit-card-number/
*** High-Security, Open-Source Router is a Hit on Indiegogo (Video) ***
---------------------------------------------
The device is called the Turris Omnia, and its Indiegogo page says its a "hi-performance & open-source router." Their fundraising goal is $100,000. So far, 1,191 backers have pledged $248,446 (as of the moment this was typed), with 49 days left ..
---------------------------------------------
http://linux.slashdot.org/story/15/11/24/1940251/high-security-open-source-router-is-a-hit-on-indiegogo-video
*** Hilton Acknowledges Credit Card Breach ***
---------------------------------------------
Two months after KrebsOnSecurity first reported that multiple banks suspected a credit card breach at Hilton Hotel properties across the country, Hilton has acknowledged an intrusion involving malicious software found on some point-of-sale systems.
---------------------------------------------
http://krebsonsecurity.com/?p=33068
*** Xen VPMU Feature May Let Local Users Deny Service, Obtain Information, and Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1034230
*** Unwanted Software and Harmful Programs ***
---------------------------------------------
We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings including search engines, anti-virus programs, firewalls and and e-mail spam. Recently I came ..
---------------------------------------------
https://blog.sucuri.net/2015/11/unwanted-software-and-harmful-programs.html
*** Google kann nicht ohne weiteres geschützte Geräte entsperren ***
---------------------------------------------
Ein Sicherheitsbericht des Bezirksstaatsanwalts von Manhattan berichtet von einer Hintertür, durch die Google auf richterlichen Beschluss in den USA auf bestimmte passwortgeschützte Android-Smartphones zugreifen können soll. Dem widerspricht jetzt ein Mitarbeiter des Android-Sicherheitsteams.
---------------------------------------------
http://www.golem.de/news/android-sicherheit-google-kann-nicht-ohne-weiteres-geschuetzte-geraete-entsperren-1511-117629.html
*** House of Keys: Industry-Wide HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide ***
---------------------------------------------
In the course of an internal research project we have analyzed the firmware images of more than 4000 embedded devices of over 70 vendors. The devices we have looked at include Internet gateways, routers, modems, IP cameras, VoIP phones, etc. We have specifically analyzed ..
---------------------------------------------
http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html
*** DSDTestProvider: Weiteres gefährliches Dell-Zertifikat entdeckt ***
---------------------------------------------
Auf Dell-Computern ist ein weiteres CA-Zertifikat mitsamt privatem Schlüssel entdeckt worden. Damit kann jeder gültige Zertifikate ausstellen und die Verschlüsselung von Webseiten ad absurdum führen. Der Patch zum Löschen von eDellRoot ist verfügbar.
---------------------------------------------
http://heise.de/-3020134
*** Internet Explorer: Microsoft stellt Support für fast alle Versionen ein ***
---------------------------------------------
Ab Mitte Jänner wird nur mehr der IE11 mit Sicherheitsupdates versorgt – Fast ein Viertel der Web-Nutzer betroffen.
---------------------------------------------
http://derstandard.at/2000026383964
*** Amazon.com setzt Passwörter von Kunden zurück ***
---------------------------------------------
Einige Amazon-Kunden in den USA und Großbritannien müssen sich ein neues Passwort ausdenken. Amazon hat die Passwörter zurückgesetzt - eine reine Vorsichtsmaßnahme, wie es heißt. Doch das Statement von Amazon ist teilweise widersprüchlich und lässt viele Fragen offen.
---------------------------------------------
http://www.golem.de/news/security-amazon-com-setzt-passwoerter-von-kunden-zurueck-1511-117634.html
*** When Your CEO Won't Take Security Awareness Training ***
---------------------------------------------
CEOs are often the busiest people in any organization. As security professionals, we should respect that: but what can we do when our CEO won't take security awareness training? This is not uncommon but it can be a hard nut for security ..
---------------------------------------------
http://resources.infosecinstitute.com/when-your-ceo-wont-take-security-awareness-training/
*** Does prevalence matter? A different approach to traditional antimalware test scoring ***
---------------------------------------------
Most well-known antimalware tests today focus on broad-spectrum malware. In other words, tests include malware that is somewhat indiscriminate (isnt necessarily targeted), at least somewhat prevalent and sometimes very prevalent. Typically,..
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/11/25/does-prevalence-matter-a-different-approach-to-traditional-antimalware-test-scoring.aspx
*** Moxa OnCell Central Manager Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for hardcoded credentials and authentication bypass vulnerabilities in the Moxa OnCell Central Manager Software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-328-01
*** Tor-Betreiber starten Crowdfunding ***
---------------------------------------------
Private Gelder sollen Abhängigkeit von US-Behörden reduzieren und Weiterentwicklung ermöglichen
---------------------------------------------
http://derstandard.at/2000026409932
*** A Problem Shared ***
---------------------------------------------
Information sharing has been a much discussed, but traditionally a hit-and-miss affair within the world of information security - after all, one's information can hardly be said to be secure if you're bandying it about to anyone who expresses ..
---------------------------------------------
https://blog.team-cymru.org/2015/11/a-problem-shared/
*** Protecting Windows Networks - Dealing with credential theft ***
---------------------------------------------
Credential theft is a huge problem, if you care to look at Verizon Data Breach reports over the years, you will see that use of stolen credentials was lingering at the top intrusion method for quite some time. They also prevalent in APT attacks. And why ..
---------------------------------------------
https://dfirblog.wordpress.com/2015/11/24/protecting-windows-networks-dealing-with-credential-theft/
*** Ransomware Playbook - Guide for Handling Ransomware Infections ***
---------------------------------------------
The following post demonstrates the writing process of a ransomware playbook for effective incident response and handling ransomware infections.
---------------------------------------------
https://www.demisto.com/playbooks/playbook-for-handling-ransomware-infections/
*** Breach at IT Automation Firm LANDESK ***
---------------------------------------------
LANDESK, a company that sells software to help organizations securely and remotely manage their fleets of desktop computers, servers and mobile devices, alerted employees last week that a data breach may have exposed their personal information. But LANDESK ..
---------------------------------------------
http://krebsonsecurity.com/2015/11/breach-at-it-automation-firm-landesk
More information about the Daily
mailing list