End-of-Shift report
Timeframe: Donnerstag 08-10-2015 18:00 − Freitag 09-10-2015 18:00
Handler: Robert Waldner
Co-Handler: n/a
Prenotification: Upcoming Security Updates for Adobe Acrobat and Reader (APSB15-24)
A prenotification security advisory (APSB15-24) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, October 13, 2015.
https://blogs.adobe.com/psirt/?p=1276
Brute Force Amplification Attacks Against WordPress XMLRPC
Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it's most likely being hit right now. It could be via protocols like SSH or FTP, and if it's a web server, via web-based brute force attempts againstRead More The post Brute Force Amplification Attacks Against WordPress XMLRPC appeared first on Sucuri Blog.
https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html
PostgreSQL: 2015-10-08 Security Update Release
Two security issues have been fixed in this release which affect users of specific PostgreSQL features: CVE-2015-5289: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. CVE-2015-5288: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed.
http://www.postgresql.org/about/news/1615/
PowerShell Command Line Logging
The problem is that, by default, Windows only logs that PowerShell was launched. No additional details about what exactly happened are preserved. The only thing we can tell is that PowerShell called additional programs and possibly opened up a few network sessions. However, there is a way to gather additional details on PowerShell sessions and the command line in general.
https://logrhythm.com/blog/powershell-command-line-logging/
MYSQL v5.6.24 Buffer Overflows
SUMMARY During a manual source code audit of MYSQL Version 5.6.24, various buffer overflow issues have been realized.
http://www.securityfocus.com/archive/1/536652
Aktive Angriffe auf Cisco-VPN-Zugänge
Vornehmlich über bekannte Sicherheitsprobleme kapern Unbekannte in großem Stil Firmenzugänge über Cisco Clientless SSL VPN (Web VPN), berichtet die Sicherheitsfirma Volexity.
http://heise.de/-2841963
IBM Security Bulletins
Multiple vulnerabilities of Mozilla Firefox in IBM Storwize V7000 Unified
http://www.ibm.com/support/docview.wss?uid=ssg1S1005332
Mozilla Firefox vulnerability issues in IBM SONAS
http://www.ibm.com/support/docview.wss?uid=ssg1S1005333
Vulnerabilities in Java affect the IBM FlashSystem V9000 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005411
Vulnerabilities in Java affect the IBM FlashSystem V840 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005412
Vulnerabilities in Java affect the IBM FlashSystem models 840 and 900 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005413
Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2015-2613, CVE-2015-2601, CVE-2015-4000, CVE-2015-2625, and CVE-2015-1931)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005342
Multiple vulnerabilities in IBM Java Runtime Version 6 affect IBM Cognos Business Viewpoint (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931)
http://www.ibm.com/support/docview.wss?uid=swg21967563
Vulnerabilities in Open Source OpenSSL affects the IBM FlashSystem V840 (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791, and CVE-2015-3216)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005376
Vulnerabilities in OpenSSL affect IBM SONAS (CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005313