[CERT-daily] Tageszusammenfassung - Dienstag 13-10-2015

Daily end-of-shift report team at cert.at
Tue Oct 13 18:13:13 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 12-10-2015 18:00 − Dienstag 13-10-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Free and Commercial Tools to Implement the SANS Top 20 Security Controls, Part 3: Secure Configurations ***
---------------------------------------------
This is Part 3 of a How-To effort to compile a list of tools (free and commercial) that can help IT administrators comply with SANS Security Controls. In Part 1 we looked at Inventory of Authorized and Unauthorized Devices. In Part 2 we looked at Inventory of Authorized and Unauthorized Software. Now well move on to Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. 3-1 Establish and ensure the use of standard secure configurations of...
---------------------------------------------
https://feeds.feedblitz.com/~/117076473/0/alienvault-blogs~Free-and-Commercial-Tools-to-Implement-the-SANS-Top-Security-Controls-Part-Secure-Configurations




*** Certificate authorities issue SSL certificates to fraudsters ***
---------------------------------------------
In just one month, certificate authorities have issued hundreds of SSL certificates for deceptive domain names used in phishing attacks. SSL certificates lend an additional air of authenticity to phishing sites, causing the victims browsers to display a padlock icon to indicate a secure connection. Despite industry requirements for increased vetting of high-risk requests, many fraudsters slip through the net, obtaining SSL certificates for domain names such as banskfamerica.com (issued by...
---------------------------------------------
http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html




*** I am HDRoot! Part 2 ***
---------------------------------------------
Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems.
---------------------------------------------
http://securelist.com/analysis/publications/72356/i-am-hdroot-part-2/




*** Best Practices for Securing Remote Access ***
---------------------------------------------
Most, if not all, of the day-to-day tasks performed in offices today rely heavily on technology, mainly computers, laptops, tablets & smart devices. As the world and the global economy become increasingly interconnected, members of the staff too are required to go mobile. Sometimes, the need arises to work from home or somewhere away from...
---------------------------------------------
http://resources.infosecinstitute.com/best-practices-for-securing-remote-access/




*** Social Media Security: Your Biggest Threat is Yourself ***
---------------------------------------------
I set out to write this blog to explore the security threats faced by both businesses and individuals in Social Media. I had the intention of making this a rather technical blog, full of charts and statistics. However, as I began talking to people within the security and social media world, I discovered that the top threat to both individuals and businesses has nothing to do with the actual technology and network vulnerability. The biggest threat to social media security is actually ourselves.
---------------------------------------------
https://feeds.feedblitz.com/~/117261057/0/alienvault-blogs~Social-Media-Security-Your-Biggest-Threat-is-Yourself




*** Windows Exploit Suggester - An Easy Way to Find and Exploit Windows Vulnerabilities ***
---------------------------------------------
Introduction During our penetration testing engagements, we often come across the situations where we need to find the right exploits to escalate the privileges on a compromised host. Though there are multiple techniques to escalate the privileges, finding out missing patches could be an easy way if an exploit is publicly available. Blindly trying various...
---------------------------------------------
http://resources.infosecinstitute.com/windows-exploit-suggester-an-easy-way-to-find-and-exploit-windows-vulnerabilities/




*** Security Bulletins Posted for Adobe Acrobat, Reader and Flash Player ***
---------------------------------------------
Security Bulletins for Adobe Acrobat and Reader (APSB15-24) and Adobe Flash Player (APSB15-25) have been published. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1278




*** WiFi jamming attacks more simple and cheaper than ever ***
---------------------------------------------
A security researcher has demonstrated that jamming WiFi, Bluetooth, and Zigbee networks is not difficult to perform but, most importantly, also not as costly as one might think. According to Math...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/f-PMACEc174/secworld.php




*** Best Quality and Quantity of Contributions in the New Xen Project 4.6 Release ***
---------------------------------------------
I'm pleased to announce the release of Xen Project Hypervisor 4.6. This release focused on improving code quality, security hardening, enablement of security appliances, and release cycle predictability - this is the most punctual release we have ever had.
---------------------------------------------
https://blog.xenproject.org/2015/10/13/xen-4-6/




*** Netgear Router: Eine Schwachstelle ermöglicht das Erlangen von Administratorrechten ***
---------------------------------------------
Netgear stellt die Firmware 1.1.0.32 für die Router-Modelle JNR1010v2, WNR614, WNR618, JWNR2000v5, WNR2020, JWNR2010v5, WNR1000v4 und WNR2020v2 zur Verfügung.
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K15-1482%20UPDATE%201




*** VU#751328: QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X ***
---------------------------------------------
Vulnerability Note VU#751328 QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X Original Release date: 12 Oct 2015 | Last revised: 12 Oct 2015   Overview QNAP QTS is a Network-Attached Storage (NAS) system. The QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X.  Description CWE-23: Relative Path Traversal - CVE-2015-6003When the Apple Filing Protocol (AFP) is enabled, any OS X user account (including the
---------------------------------------------
http://www.kb.cert.org/vuls/id/751328




*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Stored IQ (CVE-2015-2625) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21968526




*** IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM SONAS (CVE-2015-2808) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1005319




*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM SONAS (CVE-2013-7423) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1005315




*** F5 Security Advisory: OpenJDK vulnerability CVE-2014-0428 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/17000/300/sol17381.html?ref=rss




*** Cisco Application Policy Infrastructure Controller SSH Key Handling Flaw Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1033793




*** Cisco ASR Router TACACS Implementation Bug Lets Remote Users Cause the Target vpnmgr Service to Restart ***
---------------------------------------------
http://www.securitytracker.com/id/1033792




*** Password Safe And Repository Enterprise 7.4.4 Build 2247 Crypto Issues ***
---------------------------------------------
Topic: Password Safe And Repository Enterprise 7.4.4 Build 2247 Crypto Issues Risk: Medium Text:Advisory ID: SYSS-2015-037 Product(s): Password Safe and Repository Enterprise Manufacturer: MATESO GmbH Affected Version(s)...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015100089




*** Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection ***
---------------------------------------------
Topic: Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection Risk: Medium Text:Advisory ID: SYSS-2015-034 Product(s): Password Safe and Repository Enterprise Manufacturer: MATESO GmbH Affected Version(s)...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015100092




*** Bugtraq: CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536670




*** Bugtraq: CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536669




*** Bugtraq: CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536668


More information about the Daily mailing list