End-of-Shift report
Timeframe: Donnerstag 15-01-2015 18:00 − Freitag 16-01-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Definitions matter. For crying out loud, securobods, BE SPECIFIC - ENISA
Use your words or the DDoSers will GET you.... Definitions matter when your infrastructure is under threat says European Union Agency for Network and Information Security (ENISA).
http://go.theregister.com/feed/www.theregister.co.uk/2015/01/15/if_you_want_your_infrastructure_to_be_secure_sort_out_your_language_says_enisa/
Critical Patch Update - January 2015 - Pre-Release Announcement
This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2015, which will be released on Tuesday, January 20, 2015. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Google AdWords Campaigns Hijacked by Malvertisers
Two Google AdWords campaigns have been hijacked by malvertisers and users are being redirected to fraud sites without even clicking the poisoned ads.
http://threatpost.com/google-adwords-campaigns-hijacked-by-malvertisers/110457
Telekom-Tools für sichere Server-Konfiguration
Die Telekom nimmt Admins an die Hand und liefert kostenlose Tools, die bei der Härtung von nginx, MySQL und Co. helfen.
http://heise.de/-2517840
Sicherheitsfirmen warnen vor "Je Suis Charlie"-Trojaner
Vermeintliches Solidaritätsvideo lädt tatsächlich Schadsoftware auf den Rechner
http://derstandard.at/2000010489196
Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse
In particular we reveal that, even though 95 percent of the popular domains we investigated are actively targeted by typosquatters, only few trademark owners protect themselves against this practice by proactively registering their own typosquatting domains. A small fraction of those typosquatted domains -- such as gooogle.com for google.com -- were registered by the legitimate website in a bid to foil typosquatters.
https://lirias.kuleuven.be/bitstream/123456789/471369/3/typos-final.pdf
Employee Threat Assessment Template for Large Organizations
Despite the popular image of the hacker cracking distant servers from his basement, studies show that people with legitimate access to your information pose an even bigger threat. And when information is stolen from within, it's often harder to trace and determine the extent of the problem. The larger your [...]The post Employee Threat Assessment Template for Large Organizations appeared first on InfoSec Institute.
http://resources.infosecinstitute.com/employee-threat-assessment-template-large-organizations/
Details zur kritischen Lücke im Telnet-Server von Windows
Auf einer chinesischen Website ist eine detaillierte Analyse der gerade erst gepatchten Telnet-Lücke aufgetaucht - und ein Proof-of-Concept.
http://heise.de/-2518951
Cisco Adaptive Security Appliance DHCPv6 Relay Denial of Service Vulnerability
CVE-2015-0578
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0578
Cisco Hosted WebEx Meeting Center Information Disclosure
CVE-2015-0590
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590
T-Mobile Internet Manager UpdateCfg.ini SEH buffer overflow
http://xforce.iss.net/xforce/xfdb/99945
Alienvault OSSIM Web UI command execution
http://xforce.iss.net/xforce/xfdb/99951
Arbiter Systems 1094B GPS Clock Spoofing Vulnerability
This advisory provides mitigation details for a GPS clock spoofing vulnerability in the Arbiter Systems 1094B clock.
https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01
GE Proficy HMI/SCADA CIMPLICITY CimView Memory Access Violation
This advisory provides mitigation details for a memory access violation vulnerability in GE's CIMPLICITY CimView application.
https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02
Windows: Impersonation Check Bypass With CryptProtectMemory and CRYPTPROTECTMEMORY_SAME_LOGON flag
Platform: Windows 7, 8.1 Update 32/64 bit Class: Security Bypass/Information Disclosure The function CryptProtectMemory allows an application to encrypt memory for one of three scenarios, process, logon session and computer. When using the logon session option (CRYPTPROTECTMEMORY_SAME_LOGON flag) the encryption key is generated based on the logon session identifier, this is for sharing memory between processes running within the same logon.
https://code.google.com/p/google-security-research/issues/detail?id=128
DSA-3129 rpm - security update
Two vulnerabilities have been discovered in the RPM package manager.
https://www.debian.org/security/2015/dsa-3129
Information Disclosure in Direct Mail Subscription (direct_mail_subscription)
It has been discovered that the extension "Direct Mail Subscription" (direct_mail_subscription) is susceptible to Information Disclosure.
http://www.typo3.org/news/article/information-disclosure-in-direct-mail-subscription-direct-mail-subscription/
WiFi File Browser Pro v2.0.8 Code Execution Vulnerability
Topic: WiFi File Browser Pro v2.0.8 Code Execution Vulnerability Risk: High Text:Document Title: WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability References (Source): == http:/...
http://cxsecurity.com/issue/WLB-2015010087