End-of-Shift report
Timeframe: Dienstag 27-10-2015 18:00 − Mittwoch 28-10-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
One in 20 apps on private PCs are end-of-life
Secunia Research revealed the state of security for PC users in a total of 14 countries, including the US. One in 20 applications on private US PCs are end-of-life and 12 percent of Windows operating ...
http://www.net-security.org/secworld.php?id=19032
Yahoo! crypto! chap! turns! security! code! into! evil! tracker!
HTTP Strict Transport Security isnt working as advertised or planned Yahoo! crypto bod Yan Zhu has found twin attacks that allow websites to learn the web histories of visitors users by targeting HTTP Strict Transport Security (HSTS).
http://go.theregister.com/feed/www.theregister.co.uk/2015/10/28/sniffly/
Update unbedingt installieren: Joomla im Fokus von Angreifern
Nutzer von Joomla sollten das in der vergangenen Woche veröffentlichte Update dringend einspielen. Denn Angreifer attackieren aktuell massenweise Webseiten, die eine verwundbare Version einsetzen.
http://heise.de/-2860521
Windows 10 Security
Windows 10 was launched on July 29th of this year and had been adopted by 75 million users by the end of August. Despite its initial popularity, the adoption rate for the new operating system has slowed down since the time of its launch. While the Windows 10 market share for desktop operating systems climbed...
http://resources.infosecinstitute.com/windows-10-security/
Victim of its own success and (ab)used by malwares, (Wed, Oct 28th)
This morning, I faced an interesting case. We were notified that one of our computers was doing potentially malicious HTTP requests. The malicious URL was: api.wipmania.com. We quickly checked and detected to many hosts were sendingrequests to this API. It is a website hosted in France which provides geolocalisation services via a text/json/xml API. The usage is pretty quick and">
xavier at vps2$curl
http://api.wipmania.com/ip_address BE You provide an IP address and it returns its...
https://isc.sans.edu/diary.html?storyid=20311&rss
Certificate Authorities Will Stop Issuing SHA1 Certificates as of January 1 (October 23, 2015)
As of midnight January 1, 2016, certificate authorities will cease issuing SHA1 digital certificates...
http://www.sans.org/newsletters/newsbites/r/17/84/308
We set up a simple test page to see how browsers deal with mixed language IDNs. Try it out: http://www.example.xn--comindex-634g.jp/ . Test yours. (sorry, earlier link did not render right), (Tue, Oct 27th)
Johannes B. Ullrich, Ph.D. STI|Twitter|LinkedIn (c) SANS Internet Storm Center.
https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
https://isc.sans.edu/diary.html?storyid=20305&rss
DFN-CERT-2015-1672: NTP: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1672/
DSA-3381 openjdk-7 - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the executionof arbitrary code, breakouts of the Java sandbox, information disclosure,or denial of service.
https://www.debian.org/security/2015/dsa-3381
DSA-3380 php5 - security update
Two vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development.
https://www.debian.org/security/2015/dsa-3380
VU#350508: HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password
Vulnerability Note VU#350508 HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password Original Release date: 27 Oct 2015 | Last revised: 27 Oct 2015 Overview The HP ArcSight SmartConnector fails to properly validate SSL certificates, and also contains a hard-coded password. Description CWE-295: Improper Certificate Validation - CVE-2015-2902The ArcSight SmartConnector fails to validate the certificate of the upstream Logger device it is reporting logs to.
http://www.kb.cert.org/vuls/id/350508
Security Advisory: PAM vulnerability CVE-2015-3238
(SOL17494)
https://support.f5.com:443/kb/en-us/solutions/public/17000/400/sol17494.html?ref=rss
Security Advisory: Datastor kernel vulnerability CVE-2015-7394
(SOL17407)
https://support.f5.com:443/kb/en-us/solutions/public/17000/400/sol17407.html?ref=rss
Infinite Automation Systems Mango Automation Vulnerabilities
This advisory provides mitigation details for vulnerabilities in the Infinite Automation Systems Mango Automation application. Infinite Automation Systems has produced a new version to mitigate these vulnerabilities.
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02
Rockwell Automation Micrologix 1100 and 1400 PLC Systems Vulnerabilities
This advisory provides mitigation details for vulnerabilities in the Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 programmable logic controller (PLC) systems.
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-03