End-of-Shift report
Timeframe: Montag 12-10-2015 18:00 − Dienstag 13-10-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Free and Commercial Tools to Implement the SANS Top 20 Security Controls, Part 3: Secure Configurations
This is Part 3 of a How-To effort to compile a list of tools (free and commercial) that can help IT administrators comply with SANS Security Controls. In Part 1 we looked at Inventory of Authorized and Unauthorized Devices. In Part 2 we looked at Inventory of Authorized and Unauthorized Software. Now well move on to Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. 3-1 Establish and ensure the use of standard secure configurations of...
https://feeds.feedblitz.com/~/117076473/0/alienvault-blogs~Free-and-Commercial-Tools-to-Implement-the-SANS-Top-Security-Controls-Part-Secure-Configurations
Certificate authorities issue SSL certificates to fraudsters
In just one month, certificate authorities have issued hundreds of SSL certificates for deceptive domain names used in phishing attacks. SSL certificates lend an additional air of authenticity to phishing sites, causing the victims browsers to display a padlock icon to indicate a secure connection. Despite industry requirements for increased vetting of high-risk requests, many fraudsters slip through the net, obtaining SSL certificates for domain names such as banskfamerica.com (issued by...
http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html
I am HDRoot! Part 2
Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems.
http://securelist.com/analysis/publications/72356/i-am-hdroot-part-2/
Best Practices for Securing Remote Access
Most, if not all, of the day-to-day tasks performed in offices today rely heavily on technology, mainly computers, laptops, tablets & smart devices. As the world and the global economy become increasingly interconnected, members of the staff too are required to go mobile. Sometimes, the need arises to work from home or somewhere away from...
http://resources.infosecinstitute.com/best-practices-for-securing-remote-access/
Social Media Security: Your Biggest Threat is Yourself
I set out to write this blog to explore the security threats faced by both businesses and individuals in Social Media. I had the intention of making this a rather technical blog, full of charts and statistics. However, as I began talking to people within the security and social media world, I discovered that the top threat to both individuals and businesses has nothing to do with the actual technology and network vulnerability. The biggest threat to social media security is actually ourselves.
https://feeds.feedblitz.com/~/117261057/0/alienvault-blogs~Social-Media-Security-Your-Biggest-Threat-is-Yourself
Windows Exploit Suggester - An Easy Way to Find and Exploit Windows Vulnerabilities
Introduction During our penetration testing engagements, we often come across the situations where we need to find the right exploits to escalate the privileges on a compromised host. Though there are multiple techniques to escalate the privileges, finding out missing patches could be an easy way if an exploit is publicly available. Blindly trying various...
http://resources.infosecinstitute.com/windows-exploit-suggester-an-easy-way-to-find-and-exploit-windows-vulnerabilities/
Security Bulletins Posted for Adobe Acrobat, Reader and Flash Player
Security Bulletins for Adobe Acrobat and Reader (APSB15-24) and Adobe Flash Player (APSB15-25) have been published. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant...
https://blogs.adobe.com/psirt/?p=1278
WiFi jamming attacks more simple and cheaper than ever
A security researcher has demonstrated that jamming WiFi, Bluetooth, and Zigbee networks is not difficult to perform but, most importantly, also not as costly as one might think. According to Math...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/f-PMACEc174/secworld.php
Best Quality and Quantity of Contributions in the New Xen Project 4.6 Release
I'm pleased to announce the release of Xen Project Hypervisor 4.6. This release focused on improving code quality, security hardening, enablement of security appliances, and release cycle predictability - this is the most punctual release we have ever had.
https://blog.xenproject.org/2015/10/13/xen-4-6/
Netgear Router: Eine Schwachstelle ermöglicht das Erlangen von Administratorrechten
Netgear stellt die Firmware 1.1.0.32 für die Router-Modelle JNR1010v2, WNR614, WNR618, JWNR2000v5, WNR2020, JWNR2010v5, WNR1000v4 und WNR2020v2 zur Verfügung.
https://www.cert-bund.de/advisoryshort/CB-K15-1482%20UPDATE%201
VU#751328: QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X
Vulnerability Note VU#751328 QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X Original Release date: 12 Oct 2015 | Last revised: 12 Oct 2015 Overview QNAP QTS is a Network-Attached Storage (NAS) system. The QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X. Description CWE-23: Relative Path Traversal - CVE-2015-6003When the Apple Filing Protocol (AFP) is enabled, any OS X user account (including the
http://www.kb.cert.org/vuls/id/751328
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Stored IQ (CVE-2015-2625)
http://www.ibm.com/support/docview.wss?uid=swg21968526
IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM SONAS (CVE-2015-2808)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005319
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM SONAS (CVE-2013-7423)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005315
F5 Security Advisory: OpenJDK vulnerability CVE-2014-0428
https://support.f5.com:443/kb/en-us/solutions/public/17000/300/sol17381.html?ref=rss
Cisco Application Policy Infrastructure Controller SSH Key Handling Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1033793
Cisco ASR Router TACACS Implementation Bug Lets Remote Users Cause the Target vpnmgr Service to Restart
http://www.securitytracker.com/id/1033792
Password Safe And Repository Enterprise 7.4.4 Build 2247 Crypto Issues
Topic: Password Safe And Repository Enterprise 7.4.4 Build 2247 Crypto Issues Risk: Medium Text:Advisory ID: SYSS-2015-037 Product(s): Password Safe and Repository Enterprise Manufacturer: MATESO GmbH Affected Version(s)...
https://cxsecurity.com/issue/WLB-2015100089
Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection
Topic: Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection Risk: Medium Text:Advisory ID: SYSS-2015-034 Product(s): Password Safe and Repository Enterprise Manufacturer: MATESO GmbH Affected Version(s)...
https://cxsecurity.com/issue/WLB-2015100092
Bugtraq: CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin
http://www.securityfocus.com/archive/1/536670
Bugtraq: CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin
http://www.securityfocus.com/archive/1/536669
Bugtraq: CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin
http://www.securityfocus.com/archive/1/536668