End-of-Shift report
Timeframe: Mittwoch 21-10-2015 18:00 − Donnerstag 22-10-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Cisco ASA Software DNS Denial of Service Vulnerability
A vulnerability in the DNS code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected system to reload.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dns1
Cisco ASA Software DNS Denial of Service Vulnerability
A vulnerability in the DNS code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected system to reload.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dns2
Google Moving Gmail to Strict DMARC Implementation
Google said it will move gmail.com to a policy of rejecting any messages that don't pass the authentication checks spelled out in the DMARC specification.
http://threatpost.com/google-moving-gmail-to-strict-dmarc-implementation/115125/
IBM Runs World's Worst Spam-Hosting ISP?
This author has long sought to shame Web hosting and Internet service providers who fail to take the necessary steps to keep spammers, scammers and other online neer-do-wells ..
http://krebsonsecurity.com/2015/10/ibm-runs-worlds-worst-spam-hosting-isp
Apple Releases Updates for iOS, WatchOS, OS X, Safari and iTunes.
Apple published one of its usual updates for everything. Below I took a shot at a quick summary. You can find ..
https://isc.sans.edu/diary.html?storyid=20285
Drupal Core - Overlay - Less Critical - Open Redirect - SA-CORE-2015-004
The Overlay module in Drupal core displays administrative pages as a layer over the current page (using JavaScript), rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability.
https://www.drupal.org/SA-CORE-2015-004
jQuery Update - Less Critical - Open Redirect - SA-CONTRIB-2015-158
The jQuery Update module enables you to update jQuery on your site. The module ships with a modified version of the core Overlay JavaScript file, which is vulnerable to an open redirect attack (see SA-CORE-2015-004).
https://www.drupal.org/node/2598426
Hack.lu 2015 Wrap-Up Day #2
Here we go with my wrap-up for the second day. After some coffee and pastries, the day started hardly with a very technical talk. Samuel Chevet & Clement Rouault presented their research about Windows local kernel debugging. Kernel debugging ..
https://blog.rootshell.be/2015/10/21/hack-lu-2015-wrap-up-day-2/
E-Mail-Sicherheit: Was Provider beitragen können
https://www.rtr.at/de/inf/E_Mail_Sicherheit05112015
Drahtlose Infektion: Erste Malware für Fitnesstracker entwickelt
Übertragung auf Fitbit Flex in zehn Sekunden möglich – Schadsoftware befällt PC von Opfer
http://derstandard.at/2000024345670
Geplante Obsoleszenz: Diese Software lässt Computer rasend schnell altern
Forscher haben ein Programm entwickelt, das Prozessoren in kurzer Zeit so abnutzt, dass sie unbrauchbar werden. Mögliche Nutznießer: Hersteller, Kunden - oder Militärs.
http://www.golem.de/news/geplante-obsoleszenz-diese-software-laesst-computer-rasend-schnell-altern-1510-117064.html
[20151001] - Core - SQL Injection
http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html
[20151002] - Core - ACL Violations
http://developer.joomla.org/security-centre/629-20151002-core-acl-violations.html
[20151003] - Core - ACL Violations
http://developer.joomla.org/security-centre/630-20151003-core-acl-violations.html
[2015-10-22] Lime Survey Multiple Critical Vulnerabilities
Lime Survey contains multiple vulnerabilities which can be used by unauthenticated attackers to execute administrative functions. Moreover, in certain conditions unauthenticated attackers can run arbitrary PHP code and gain access to the filesystem and the Lime Survey database.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151022-0_Lime_Survey_multiple_critical_vulnerabilities_v10.txt
NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability
Unauthenticated off-path attackers can force ntpd processes to peer with malicious time sources of the attacker's choosing allowing the attacker to make arbitrary changes to system time. This attack leverages a logic error in ntpd's handling of ..
http://talosintel.com/reports/TALOS-2015-0069/