End-of-Shift report
Timeframe: Mittwoch 14-10-2015 18:00 − Donnerstag 15-10-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Zero-Day in Magento Plugin Magmi Under Attack
A zero-day in a popular plugin for the Magento ecommerce platform called Magmi is under attack.
http://threatpost.com/zero-day-in-magento-plugin-magmi-under-attack/115026/
Security Advisory for Adobe Flash Player (APSA15-05)
A Security Advisory (APSA15-05) has been published regarding a critical vulnerability (CVE-2015-7645) in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Adobe is aware of a report that an exploit for this vulnerability is being used...
https://blogs.adobe.com/psirt/?p=1280
Kritische Flash-Lücke: Adobe stellt Patch in Aussicht
Einer Sicherheitsfirma zufolge greift die Gruppe Pawn Storm derzeit gezielt aktuelle Flash-Versionen über eine Zero-Day-Lücke an. Adobe hat nun einen Patch angekündigt.
http://heise.de/-2847993
Exploit kit roundup: Less Angler, more Nuclear, (Thu, Oct 15th)
Introduction Earlier this month, Ciscos Talos team published an in-depth report on the Angler exploit kit (EK) [1]. The report also documentedCiscos coordination with hosting providers to shut down malicious servers associated with this EK. The result? Ive found far less Angler EK in the last two...
https://isc.sans.edu/diary.html?storyid=20255&rss
How is NSA breaking so much crypto?
However, the documents do not explain how these breakthroughs work, and speculation about possible backdoors or broken algorithms has been rampant in the technical community. Yesterday at ACM CCS, one of the leading security research venues, we and twelve coauthors presented a paper that we think solves this technical mystery.
https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/
HTTP Evasions Explained - Part 5 - GZip Compression
This is the fifth part in a series which will explain the evasions done by HTTP Evader. This part is about failures to handle gzip compression properly. Contrary to deflate compression all products Ive seen are able to handle gzip compression in theory. But several major products fail if you set some special bits, invalidate the checksum, remove some bytes from the end etc. But, the browsers unpack the content anyway so we get a bypass again.
http://noxxi.de/research/http-evader-explained-5-gzip.html
Existing security standards do not sufficiently address IoT
A lack of clarity and standards around Internet of Things (IoT) security is leading to a lack of confidence. According to the UK IT professionals surveyed by ISACA, 75 percent of the security exper...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/624P7Nfkph8/secworld.php
IETF verabschiedet Standard für die Absicherung des verschlüsselten Mail-Transports
Die Spezifikation DANE over SMTP hat nur zwei Jahre für ihre Standardisierung benötigt. Das Bundesamt für Sicherheit und Informationstechnik fordert nun bereits von zertifizierten Mail-Providern die Umsetzung des DANE-Verfahrens.
http://heise.de/-2848049
Juniper Security Advisories
JSA10695 - 2015-10 Security Bulletin: Junos: Multiple privilege escalation vulnerabilities in Python on Junos (CVE-2014-6448)
http://kb.juniper.net/index/content&id=JSA10695&actp=RSS
JSA10702 - 2015-10 Security Bulletin: QFabric 3100 Director: CUPS printing system Improper Update of Reference Count leads to remote chained vulnerability attack via XSS against authenticated users (CVE-2015-1158, CVE-2015-1159)
http://kb.juniper.net/index/content&id=JSA10702&actp=RSS
JSA10706 - 2015-10 Security Bulletin: Junos: FTPS through SRX opens up wide range of data channel TCP ports (CVE-2015-5361)
http://kb.juniper.net/index/content&id=JSA10706&actp=RSS
JSA10701 - 2015-10 Security Bulletin: Junos: Trio Chipset (Trinity) Denial of service due to maliciously crafted uBFD packet. (CVE-2015-7748)
http://kb.juniper.net/index/content&id=JSA10701&actp=RSS
JSA10700 - 2015-10 Security Bulletin: Junos: J-Web in vSRX-Series: A remote attacker can cause a denial of service to vSRX when J-Web is enabled causing the vSRX instance to reboot. (CVE-2014-6451)
http://kb.juniper.net/index/content&id=JSA10700&actp=RSS
JSA10703 - 2015-10 Security Bulletin: Junos: vSRX-Series: A remote attacker can cause a persistent denial of service to the vSRX through a specific connection request to the firewalls host-OS.(CVE-2015-7749)
http://kb.juniper.net/index/content&id=JSA10703&actp=RSS
JSA10708 - 2015-10 Security Bulletin: Junos: SSH allows unauthenticated remote user to consume large amounts of resources (CVE-2015-7752)
http://kb.juniper.net/index/content&id=JSA10708&actp=RSS
JSA10704 - 2015-10 Security Bulletin: ScreenOS: Network based denial of service vulnerability in ScreenOS (CVE-2015-7750)
http://kb.juniper.net/index/content&id=JSA10704&actp=RSS
JSA10707 - 2015-10 Security Bulletin: Junos: Corrupt pam.conf file allows unauthenticated root access (CVE-2015-7751)
http://kb.juniper.net/index/content&id=JSA10707&actp=RSS
JSA10705 - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
http://kb.juniper.net/index/content&id=JSA10705&actp=RSS
JSA10699 - 2015-10 Security Bulletin: Junos: Crafted packets cause mbuf chain corruption which may result in kernel panic (CVE-2014-6450)
http://kb.juniper.net/index/content&id=JSA10699&actp=RSS
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in GNU glibc affect IBM Security Network Intrusion Prevention System (CVE-2013-2207, CVE-2014-8121, and CVE-2015-1781 )
http://www.ibm.com/support/docview.wss?uid=swg21966788
IBM Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Intrusion Prevention System (CVE-2015-5621)
http://www.ibm.com/support/docview.wss?uid=swg21966694
IBM Security Bulletin: IBM NetInsight is impacted by multiple vulnerabilities in open source cURL libcurl (CVE-2015-3153, CVE-2015-3236)
http://www.ibm.com/support/docview.wss?uid=swg21967448
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor (CVE-2015-2601, CVE-2015-2613, CVE-2015-2625, CVE-2015-1931)
http://www.ibm.com/support/docview.wss?uid=swg21968048
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server (CVE-2015-1931 CVE-2015-2601 CVE-2015-2613 CVE-2015-2625)
http://www.ibm.com/support/docview.wss?uid=swg21964927
IBM Security Bulletin: IBM Personal Communications with IBM GSKit - Malformed ECParameters causes infinite loop (CVE-2015-1788)
http://www.ibm.com/support/docview.wss?uid=swg21962890
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor (CVE-2015-1789, CVE-2015-1790, CVE-2015-1792)
http://www.ibm.com/support/docview.wss?uid=swg21968046
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational Team Concert Build Agent (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2014-8176)
http://www.ibm.com/support/docview.wss?uid=swg21968724
IBM Security Bulletin: Logjam vulnerability affects IBM SmartCloud Entry (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=isg3T1022754
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor (CVE-2015-0488)
http://www.ibm.com/support/docview.wss?uid=swg21968052
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-0488 CVE-2015-0478 CVE-2015-1916 CVE-2015-0204)
http://www.ibm.com/support/docview.wss?uid=swg21963609
IBM Security Bulletin: Cross Site Scripting (XSS) Vulnerability in IBM Sametime Rich Client and in IBM Sametime Proxy (CVE-2015-1917)
http://www.ibm.com/support/docview.wss?uid=swg21965839
Security Advisory: Stored XSS in Akismet WordPress Plugin
Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 9/10 Vulnerability: Stored XSS Patched Version: 3.1.5 During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs. Vulnerability Disclosure Timeline: October 2nd, 2015 - Bug discovered, initial report to Automattic security team October 5th, 2015...
http://feedproxy.google.com/~r/sucuri/blog/~3/abpAvnfFREc/security-advisory-stored-xss-in-akismet-wordpress-plugin.html