End-of-Shift report
Timeframe: Dienstag 10-11-2015 18:00 − Mittwoch 11-11-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
November 2015 Security Update Release Summary
Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month's security updates and advisories can be found in the Security TechNet Library. MSRC Team
http://blogs.technet.com/b/msrc/archive/2015/11/10/november-2015-security-update-release-summary.aspx
MSRT November 2015: Detection updates
The Microsoft Malicious Software Removal Tool (MSRT) is updated monthly with new malware detections - so far this year we have added 29 malware families. This month we are updating our detections for some of the malware families already included in the tool. We choose the malware families we add to the MSRT each month using several criteria. One of the most common reasons is the prevalence of a family in the malware ecosystem. For example, in recent months we focused on...
http://blogs.technet.com/b/mmpc/archive/2015/11/10/msrt-november-2015-detection-updates.aspx
Patchday: Adobe pflegt den Flash-Patienten
Flash liegt mal wieder auf dem OP-Tisch und wird geflickt. Nutzer sollten ihren Flash-Patienten zügig behandeln, denn die Lücken gelten als kritisch. Exploits sollen aber noch nicht kursieren.
http://www.heise.de/newsticker/meldung/Patchday-Adobe-pflegt-den-Flash-Patienten-2916509.html?wt_mc=rss.ho.beitrag.rdf
What You Should Know about Triangulation Fraud and eBay
The increasing phenomenon of triangulation fraud on eBay has led to a published analysis on behalf of the company, as to how buyers should get informed and what they should pay attention to. Over the past few months, a new phenomenon has risen and its proportions have been growing exponentially. It seems that, even if...
http://securityaffairs.co/wordpress/41891/cyber-crime/triangulation-fraud-and-ebay.html
Symantec Endpoint Protection: Alte Sicherheitslücke bricht wieder auf
Eine totgeglaubte Schwachstelle ist wieder da, da ein älterer Patch nur Teile des Problems angegangen ist. Das aktuelle Update für Symantecs Endpoint Protection soll es nun richten und noch weitere Schwachstellen abdichten.
http://www.heise.de/newsticker/meldung/Symantec-Endpoint-Protection-Alte-Sicherheitsluecke-bricht-wieder-auf-2917002.html?wt_mc=rss.ho.beitrag.rdf
What Happens to Hacked Social Media Accounts
This article is going to look at a few reasons why a social media account is hacked. The goal is for you to understand why you will want to better protect your account, regardless of whether or not you see yourself as "important".
http://www.tripwire.com/state-of-security/security-awareness/what-happens-to-hacked-social-media-accounts/
InstaAgent: Passwort-sammelnder Instagram-Client fliegt aus App Store und Google Play
Die App, die Nutzern verschiedene Zusatzinformationen zu ihrem Profil bei Facebooks populärem Foto-Dienst verspricht, sendete offenbar Instagram-Benutzernamen und Passwort im Klartext an einen Dritt-Server.
http://heise.de/-2917792
GasPot Integrated Into Conpot, Contributing to Open Source ICS Research
In August of this year, we presented at Blackhat our paper titled The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems. GasPot was a honeypot designed to mimic the behavior of the Guardian AST gas-tank-monitoring system. It was designed to look like no other existing honeypot, with each instance being unique to make fingerprinting by attackers impossible. These were deployed within networks located in various countries, to give us a complete picture of the attacks...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4jNwbTj60bk/
Questions are the answeres - How to avoid becoming the blamed victim
"You have to ask questions", I say. Questions before, during, and after a breach. If you ask the right questions at the right time, you'll be able to make better decisions than the knee-jerk ones you've been making.
https://www.alienvault.com/blogs/security-essentials/questions-are-the-answers
TA15-314A: Web Shells - Threat Awareness and Guidance
Original release date: November 10, 2015 Systems Affected Web servers that allow web shells Overview This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert outlines the threat and provides prevention, detection, and mitigation strategies.Consistent use of web shells by Advanced Persistent Threat (APT) and criminal groups has led to significant cyber incidents.This...
https://www.us-cert.gov/ncas/alerts/TA15-313A
Bugtraq: [security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS)
http://www.securityfocus.com/archive/1/536877
Huawei HG630a / HG630a-50 Default SSH Admin Password
Topic: Huawei HG630a / HG630a-50 Default SSH Admin Password Risk: High Text:# Exploit Title: Huawei HG630a and HG630a-50 Default SSH Admin Password on Adsl Modems # Date: 10.11.2015 # Exploit Author: M...
https://cxsecurity.com/issue/WLB-2015110087
Huawei Security Advisories
Security Advisory - Input Validation Vulnerability in Huawei VP9660 Products
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461216.htm
Security Advisory - Directory Traversal Vulnerability in Huawei AR Router
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461676.htm
Security Advisory - DoS Vulnerability in Huawei U2990 and U2980
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461219.htm
Security Advisory - DoS Vulnerability in Huawei eSpace 8950 IP Phone
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461217.htm
Security Advisory - DoS Vulnerability in Huawei eSpace 7900 IP Phone
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461213.htm
ZDI-15-549: AlienVault Unified Security Management av-forward Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/eDK-If3dTI8/
ZDI-15-548: AlienVault Unified Security Management Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges to root on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/TpChWMSd5n0/
IBM Security Bulletins
IBM Security Bulletin: IBM FileNet eForms is affected by vulnerabilities in Apache HttpComponents(CVE-2012-6153 and CVE-2014-3577)
http://www.ibm.com/support/docview.wss?uid=swg21962659
IBM Security Bulletin: IBM Forms Server could be affected by a denial of service attack (CVE-2013-4517)
http://www.ibm.com/support/docview.wss?uid=swg21962659
IBM Security Bulletin: Fix Available for Denial of Service Vulnerability in IBM WebSphere Portal (CVE-2015-7419)
http://www.ibm.com/support/docview.wss?uid=swg21969906
IBM Security Bulletin: Additional Password Disclosure via application tracing in FlashCopy Manager on Windows, Data Protection for Exchange, and Data Protection for SQL CVE-2015-7404
http://www.ibm.com/support/docview.wss?uid=swg21969514
IBM Security Bulletin: Vulnerabilities in libuser affect Power Hardware Management Console (CVE-2015-3245 CVE-2015-3246)
http://www.ibm.com/support/docview.wss?uid=nas8N1020961
IBM Security Bulletin: IBM Cúram Social Program Management is vulnerable to a SQL injection attack
http://www.ibm.com/support/docview.wss?uid=swg21967851
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Content Collector and IBM CommonStore for Lotus Domino (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931)
http://www.ibm.com/support/docview.wss?uid=swg21969654
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ
http://www.ibm.com/support/docview.wss?uid=swg21970103
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Expeditor (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21959292
Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director Storage Control
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098822
IBM Security Bulletin: IBM FileNet eForms is affected by vulnerabilities in Apache HttpComponents(CVE-2012-6153 and CVE-2014-3577)
http://www.ibm.com/support/docview.wss?uid=swg21970090