[CERT-daily] Tageszusammenfassung - Dienstag 5-01-2016

Tue Jan 5 18:33:19 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 04-01-2016 18:00 − Dienstag 05-01-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** ProxieBack sneakily uses the victims server to bypass its own security ***
---------------------------------------------
Palo Alto Networks has come across a new family of proxy-creating malware, called ProxyBack, that the company believes has been in the wild since 2014 and may have more than 20 versions now running.
---------------------------------------------
http://www.scmagazine.com/proxieback-sneakily-uses-the-victims-server-to-bypass-its-own-security/article/462417/


*** Hocus-pocus! The stupidity of cybersecurity predictions ***
---------------------------------------------
Every year, some publication asks me to come up with a list of my top 10 predictions for the security field, and every year I tell them they might as well just dust off an article I wrote a year earlier, with maybe a couple of buzzwords and a new technology added on. What you can generally expect in any given year is more of the same, with some slight variations.That doesn't stop people from making predictions, though. Vendors and supposed experts can't seem to control the urge, but...
---------------------------------------------
http://www.cio.com/article/3019071/security/hocus-pocus-the-stupidity-of-cybersecurity-predictions.html


*** Matthew Garrett: Apple-Rechner eignen sich nicht für vertrauliche Arbeiten ***
---------------------------------------------
Zwar kann mit UEFI Secure Boot und TPMs der Startprozess von Windows- und Linux-Rechnern einigermaßen abgesichert werden - dies ließe sich aber verbessern, sagt Security-Experte Matthew Garrett. Katastrophal sei die Lage dagegen bei Apple.
---------------------------------------------
http://www.golem.de/news/matthew-garrett-apple-rechner-eignen-sich-nicht-fuer-vertrauliche-arbeiten-1601-118332-rss.html


*** Comcast Home Security System Vulnerable to Attack ***
---------------------------------------------
Comcast's Xfinity Home Security System is vulnerable to attacks that interfere with its ability to detect and alert to home intrusions.
---------------------------------------------
http://threatpost.com/comcast-home-security-system-vulnerable-to-attack/115774/


*** Using IDAPython to Make Your Life Easier: Part 3 ***
---------------------------------------------
In the first two posts of this series (Part 1 and Part 2), we discussed using IDAPython to make your life as a reverse engineer easier. Now let's look at conditional breakpoints. While debugging in...
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/01/using-idapython-to-make-your-life-easier-part-3/


*** HTML5 Security Cheat Sheet ***
---------------------------------------------
This OWASP cheat sheet serves as a guide for implementing HTML5 in a secure fashion. Contents include:Communication APIsStorage APIsGeolocationWeb WorkersSandboxed FramesOffline ApplicationsAnd...
---------------------------------------------
http://www.net-security.org/secworld.php?id=19279


*** Nexus Security Bulletin - January 2016 ***
---------------------------------------------
We have released a security update to Nexus devices through an over-the-air (OTA) update as part of our Android Security Bulletin Monthly Release process. [...] The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.
---------------------------------------------
https://source.android.com/security/bulletin/2016-01-01.html


*** DSA-3432 icedove - security update ***
---------------------------------------------
Multiple security issues have been found in Icedove, Debians version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors,integer overflows, buffer overflows and other implementation errors maylead to the execution of arbitrary code or denial of service.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3432


*** Puppet Enterprise Configuration Error Lets Remote Non-Whitelisted Users Access the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1034550


*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco Jabber STARTTLS Downgrade Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab
---------------------------------------------
*** Cisco IOS XR Software OSPF Link State Advertisement PCE Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160104-iosxr
---------------------------------------------
*** Cisco Prime Infrastructure Frame Injection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-pi
---------------------------------------------
*** Cisco Unified Communications Manager SQL Injection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-cucm
---------------------------------------------


*** IBM Security Bulleins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects Rational Tau (CVE-2015-3194) ***
http://www.ibm.com/support/docview.wss?uid=swg21973108
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Kenexa LCMS Premier on Cloud (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21972649
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSource Dojo ToolKit affects IBM InfoSphere Master Data Management ( CVE-2015-5654) ***
http://www.ibm.com/support/docview.wss?uid=swg21972787
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Partner Gateway Advanced/Enterprise editions(CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21973241
---------------------------------------------
*** IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2015-7456) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005574
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM TRIRIGA Application Platform (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21972369
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business ***
http://www.ibm.com/support/docview.wss?uid=swg21973135
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2015-5006, CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21972446
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affects IBM Rational Application Developer for WebSphere Software (CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21973785
---------------------------------------------
*** IBM Security Bulletin: IBM Tealeaf Customer Experience allows unauthorized access to system files (CVE-2015-4988) ***
http://www.ibm.com/support/docview.wss?uid=swg21968868
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affects IBM Rational Application Developer for WebSphere Software (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) ***
http://www.ibm.com/support/docview.wss?uid=swg21972455
---------------------------------------------
*** IBM Security Bulletin:Vulnerability in OpenSSL affects IBM PureApplication System. (CVE-2015-1788) ***
http://www.ibm.com/support/docview.wss?uid=swg21974116
---------------------------------------------
*** IBM Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues ***
http://www.ibm.com/support/docview.wss?uid=swg21972384
---------------------------------------------


Next End-of-Shift report on 2016-01-07