[CERT-daily] Tageszusammenfassung - Mittwoch 28-10-2015

Daily end-of-shift report team at cert.at
Wed Oct 28 18:09:21 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 27-10-2015 18:00 − Mittwoch 28-10-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** One in 20 apps on private PCs are end-of-life ***
---------------------------------------------
Secunia Research revealed the state of security for PC users in a total of 14 countries, including the US. One in 20 applications on private US PCs are end-of-life and 12 percent of Windows operating ...
---------------------------------------------
http://www.net-security.org/secworld.php?id=19032




*** Yahoo! crypto! chap! turns! security! code! into! evil! tracker! ***
---------------------------------------------
HTTP Strict Transport Security isnt working as advertised or planned Yahoo! crypto bod Yan Zhu has found twin attacks that allow websites to learn the web histories of visitors users by targeting HTTP Strict Transport Security (HSTS).
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/10/28/sniffly/




*** Update unbedingt installieren: Joomla im Fokus von Angreifern ***
---------------------------------------------
Nutzer von Joomla sollten das in der vergangenen Woche veröffentlichte Update dringend einspielen. Denn Angreifer attackieren aktuell massenweise Webseiten, die eine verwundbare Version einsetzen.
---------------------------------------------
http://heise.de/-2860521




*** Windows 10 Security ***
---------------------------------------------
Windows 10 was launched on July 29th of this year and had been adopted by 75 million users by the end of August. Despite its initial popularity, the adoption rate for the new operating system has slowed down since the time of its launch. While the Windows 10 market share for desktop operating systems climbed...
---------------------------------------------
http://resources.infosecinstitute.com/windows-10-security/




*** Victim of its own success and (ab)used by malwares, (Wed, Oct 28th) ***
---------------------------------------------
This morning, I faced an interesting case. We were notified that one of our computers was doing potentially malicious HTTP requests. The malicious URL was: api.wipmania.com. We quickly checked and detected to many hosts were sendingrequests to this API. It is a website hosted in France which provides geolocalisation services via a text/json/xml API. The usage is pretty quick and">xavier at vps2$curl http://api.wipmania.com/ip_address BE You provide an IP address and it returns its...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20311&rss




*** Certificate Authorities Will Stop Issuing SHA1 Certificates as of January 1 (October 23, 2015) ***
---------------------------------------------
As of midnight January 1, 2016, certificate authorities will cease issuing SHA1 digital certificates...
---------------------------------------------
http://www.sans.org/newsletters/newsbites/r/17/84/308




*** We set up a simple test page to see how browsers deal with mixed language IDNs. Try it out: http://www.example.xn--comindex-634g.jp/ . Test yours. (sorry, earlier link did not render right), (Tue, Oct 27th) ***
---------------------------------------------
--- Johannes B. Ullrich, Ph.D. STI|Twitter|LinkedIn (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20305&rss




*** DFN-CERT-2015-1672: NTP: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1672/




*** DSA-3381 openjdk-7 - security update ***
---------------------------------------------
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the executionof arbitrary code, breakouts of the Java sandbox, information disclosure,or denial of service.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3381




*** DSA-3380 php5 - security update ***
---------------------------------------------
Two vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3380




*** VU#350508: HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password ***
---------------------------------------------
Vulnerability Note VU#350508 HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password Original Release date: 27 Oct 2015 | Last revised: 27 Oct 2015   Overview The HP ArcSight SmartConnector fails to properly validate SSL certificates, and also contains a hard-coded password.  Description CWE-295: Improper Certificate Validation - CVE-2015-2902The ArcSight SmartConnector fails to validate the certificate of the upstream Logger device it is reporting logs to.
---------------------------------------------
http://www.kb.cert.org/vuls/id/350508




*** Security Advisory: PAM vulnerability CVE-2015-3238 ***
---------------------------------------------
(SOL17494)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/17000/400/sol17494.html?ref=rss




*** Security Advisory: Datastor kernel vulnerability CVE-2015-7394 ***
---------------------------------------------
(SOL17407)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/17000/400/sol17407.html?ref=rss




*** Infinite Automation Systems Mango Automation Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for vulnerabilities in the Infinite Automation Systems Mango Automation application. Infinite Automation Systems has produced a new version to mitigate these vulnerabilities.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02




*** Rockwell Automation Micrologix 1100 and 1400 PLC Systems Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for vulnerabilities in the Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 programmable logic controller (PLC) systems.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03


More information about the Daily mailing list