[CERT-daily] Tageszusammenfassung - Donnerstag 29-10-2015

Daily end-of-shift report team at cert.at
Thu Oct 29 18:08:32 CET 2015 

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 28-10-2015 18:00 − Donnerstag 29-10-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Why Is the NSA Moving Away from Elliptic Curve Cryptography? ***
---------------------------------------------
In August, I wrote about the NSAs plans to move to quantum-resistant algorithms for its own cryptographic needs. Cryptographers Neal Koblitz and Alfred Menezes just published a long paper speculating as to the governments real motives for doing this. They range from some new cryptanalysis of ECC to a political need after the DUAL_EC_PRNG disaster -- to the stated reason...
---------------------------------------------
https://www.schneier.com/blog/archives/2015/10/why_is_the_nsa_.html




*** New DDoS attacks misuse NetBIOS name server, RPC portmap, and Sentinel licensing servers ***
---------------------------------------------
Akamai has observed three new reflection DDoS attacks in recent months: NetBIOS name server reflection, RPC portmap reflection, and Sentinel reflection. In a reflection DDoS attack, also called a D...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/g4MR874bgXg/secworld.php




*** TLS-Zertifikate: Google greift gegen Symantec durch ***
---------------------------------------------
Symantec hatte im September mehrere Tausend unberechtigte TLS-Zertifikate ausgestellt, verschweigt aber zunächst das Ausmaß des Vorfalls. Google zeigt dafür wenig Verständnis und stellt einige Bedingungen für den Verbleib der Symantec-Rootzertifikate im Chrome-Browser. (Symantec, Google)
---------------------------------------------
http://www.golem.de/news/tls-zertifikate-google-greift-gegen-symantec-durch-1510-117188-rss.html




*** Jackpotting: Geldautomaten in Deutschland mit USB-Stick ausgeräumt ***
---------------------------------------------
Seit 2010 ist das Plündern von Geldautomaten per USB-Stick bekannt. In Deutschland wurde nun erstmals ein Täter dabei gefilmt, wie er zwei Automaten an einem Tag ausräumte. (Security, Black Hat)
---------------------------------------------
http://www.golem.de/news/jackpotting-geldautomaten-in-deutschland-mit-usb-stick-ausgeraeumt-1510-117190-rss.html




*** Security: Forscher stellen LTE-Angriffe mit 1.250-Euro-Hardware vor ***
---------------------------------------------
LTE-Netzwerke galten bislang als deutlich sicherer als GSM- und 3G-Netzwerke. Anfang der Woche hat ein Team von Forschern jetzt verschiedene praktische Angriffe vorgestellt, die mit geringen Kosten und kommerzieller Hardware funktionieren sollen. (Security, Smartphone)
---------------------------------------------
http://www.golem.de/news/security-forscher-stellen-lte-angriffe-mit-1-250-euro-hardware-vor-1510-117193-rss.html




*** USB cleaning device for the masses, (Thu, Oct 29th) ***
---------------------------------------------
For so long, USB keys have been a nice out-of-bandinfection vector. People like goodies and people like to plug those small pieces of plastic into their computers. Even if good solutions exists (like BitLocker- the standard solution provided by Microsoft), a lot of infrastructureare not protected against the use ofrogue USB keys for many good or obscure reasons. There are also multiple reasons to receive USB keys: from partners, customers, contractors, vendors, etc. The best practice should be...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20315&rss




*** XEN Security Advisories ***
---------------------------------------------
Advisory | Public release | Updated | Version | CVE(s) | Title 
XSA-153 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7972 | x86: populate-on-demand balloon size inaccuracy can crash guests 
XSA-152 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7971 | x86: some pmu and profiling hypercalls log without rate limiting 
XSA-151 | 2015-10-29 11:59 | 2015-10-29 11:59 | 3 | CVE-2015-7969 | x86: leak of per-domain profiling-related vcpu pointer array 
XSA-150 | 2015-10-29 11:59 | 2015-10-29...
---------------------------------------------
http://xenbits.xen.org/xsa/




*** Cisco ASR 5500 SAE Gateway Lets Remote Users Cause the Target BGP Process to Restart ***
---------------------------------------------
http://www.securitytracker.com/id/1034024




*** IBM DB2 TLS Diffie-Hellman Export Cipher Downgrade Attack Lets Remote Users Decrypt Connections ***
---------------------------------------------
http://www.securitytracker.com/id/1033991




*** JBoss Operations Network Cassandra JMX/RMI Interface Lets Remote Users Execute Arbitrary Code on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1034002




*** DSA-3382 phpmyadmin - security update ***
---------------------------------------------
https://www.debian.org/security/2015/dsa-3382




*** Security Notice - Statement About WormHole Vulnerability in Baidu Apps Preset in Huawei Phones ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-459836.htm




*** Security Advisory - UE Measurement Leak Vulnerability in Huawei P8 Phones ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-459832.htm




*** Security Advisory: OpenSSH vulnerability CVE-2015-5352 ***
---------------------------------------------
(SOL17461)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/17000/400/sol17461.html?ref=rss




*** VU#573848: Qolsys IQ Panel contains multiple vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#573848 Qolsys IQ Panel contains multiple vulnerabilities Original Release date: 29 Oct 2015 | Last revised: 29 Oct 2015   Overview All firmware versions of Qolsys IQ Panel contain hard-coded cryptographic keys, do not validate signatures during software updates, and use a vulnerable version of Android OS.  Description Qolsys IQ Panel is an Android OS-based touch screen controller for home automation devices and functions. All firmware versions contain the following
---------------------------------------------
http://www.kb.cert.org/vuls/id/573848




*** IBM Security Bulletins ***
---------------------------------------------

*** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2015-2613 CVE-2015-2601 CVE-2015-2625 CVE-2015-1931) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005435

*** IBM Security Bulletin: Vulnerabilities in OpenSSL affects SAN Volume Controller and Storwize Family (CVE-2015-1789 CVE-2015-1791 CVE-2015-1788 ) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005434

*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005314

*** IBM Security Bulletin: Weak file permissions vulnerability affects IBM Tivoli Monitoring for Tivoli Storage Manager (CVE-2015-4927) ***
http://www.ibm.com/support/docview.wss?uid=swg21969340

*** IBM Security Bulletin: A security vulnerability in IBM WebSphere Application Server affects IBM Security Access Manager for Web version 7.0 software installations and IBM Tivoli Access Manager for e-business (CVE-2015-1946) ***
http://www.ibm.com/support/docview.wss?uid=swg21969077

*** IBM Security Bulletin: Vulnerability in RC4 stream cipher affects N-series Data ONTAP (CVE-2015-2808) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005273

*** IBM Security Bulletin: Multiple vulnerabilities in Firefox, affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-4497, CVE-2015-4498) ***
http://www.ibm.com/support/docview.wss?uid=swg21968836

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Access Manager for Mobile (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931) ***
http://www.ibm.com/support/docview.wss?uid=swg21963711

More information about the Daily mailing list