Tageszusammenfassung - Montag 16-11-2015

End-of-Shift report

Timeframe: Freitag 13-11-2015 18:00 − Montag 16-11-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

BitLocker encryption can be defeated with trivial Windows authentication bypass

Companies relying on Microsoft BitLocker to encrypt the drives of their employees computers should install the latest Windows patches immediately. A researcher disclosed a trivial Windows authentication bypass, fixed earlier this week, that puts data on BitLocker-encrypted drives at risk.Ian Haken, a researcher with software security testing firm Synopsys, demonstrated the attack Friday at the Black Hat Europe security conference in Amsterdam. The issue affects Windows computers that are part...

http://www.cio.com/article/3005178/bitlocker-encryption-can-be-defeated-with-trivial-windows-authentication-bypass.html#tk.rss_security

The November 2015 issue of our SWITCH Security Report is available!

Dear Reader! A new issue of our monthly SWITCH Security Report has just been released. The topics covered in this report are: No safe harbour in the Land of the Free - EU Court of Justice restricts data transfer to...

http://securityblog.switch.ch/2015/11/13/the-november-2015-issue-of-our-switch-security-report-is-available/

Websicherheit: Datenleck durch dynamische Skripte

Moderne Webseiten erstellen häufig dynamischen Javascript-Code. Wenn darin private Daten enthalten sind, können fremde Webseiten diese auslesen. Bei einer Untersuchung von Sicherheitsforschern war ein Drittel der untersuchten Webseiten von diesem Problem betroffen.

http://www.golem.de/news/websicherheit-datenleck-durch-dynamische-skripte-1511-117456-rss.html

Op-ed: (How) did they break Diffie-Hellman?

Relax - its not true that researchers have broken the Diffie-Hellman key exchange protocol.

http://arstechnica.com/security/2015/11/op-ed-how-did-they-break-diffie-hellman/

More POS malware, just in time for Christmas

VXers stuff evidence-purging malware in retailer stockings. Threat researchers are warning of two pieces of point of sales malware that have gone largely undetected during years of retail wrecking and now appear likely to earn VXers a haul over the coming festive break.

http://go.theregister.com/feed/www.theregister.co.uk/2015/11/16/more_pos_malware_just_in_time_for_christmas/

Black Hat Europe 2015 slides

briefings - november 12-13

https://www.blackhat.com/eu-15/briefings.html

Choosing the Right Cryptography Library for your PHP Project: A Guide

... conventional wisdom states that you almost certainly should not try to design your own cryptography. Instead, you should use an existing cryptography library. Okay, great. So which PHP cryptography library should I use? That depends on your exact requirements. Lets look at some good choices. (We wont cover any terrible choices.)

https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-your-php-project-guide

Apple OS X authentication issue when recovering from sleep mode

When Apple Remote Desktop is used in full screen mode and the remote connection is alive upon entering sleep mode, the text entered in the dialog box upon recovering from sleep mode is sent to the remotely connected host instead of the local host. This may result in command execution at the remote host.

http://jvn.jp/en/jp/JVN56210048/index.html

Programmbibliothek libpng verlangt nach Sicherheitsupdates

Eine Schwachstelle in libpng kann als Einfallstor für Angreifer dienen, um Anwendungen zum Absturz zu bringen.

http://www.heise.de/newsticker/meldung/Programmbibliothek-libpng-verlangt-nach-Sicherheitsupdates-2922089.html?wt_mc=rss.ho.beitrag.rdf

Container: CoreOS gibt CVE-Service als Open Source frei

Der Linux-Distributor CoreOS hat sein Container-Security-Werkzeug Clair als Open-Source-Software freigegeben. Das Tool ist in der Lage, jede einzelne Containerschicht nach Schwachstellen zu durchforsten und im Falle eines Fundes eine Meldung über die Art der Bedrohung zu übermitteln. Hierfür greift Clair auf die CVE-Datenbank (Common Vulnerabilities and Exposures) und ähnliche Ressourcen von Red Hat, Ubuntu, und Debian zurück. Clair hilft allerdings nicht, die...

http://www.heise.de/newsticker/meldung/Container-CoreOS-gibt-CVE-Service-als-Open-Source-frei-2921963.html

LiME - Linux Memory Extractor

Features Full Android memory acquisition Acquisition over network interface Minimal process footprint

http://www.kitploit.com/2015/11/lime-linux-memory-extractor.html

DD4BC / Armada Collective: Erpressung mittels DDoS

DD4BC / Armada Collective: Erpressung mittels DDoS16. November 2015Das ist mal wieder nichts wirklich Neues. Distributed Denial of Service Angriffe gibt es schon lange, das mag mit Turf-Fights in der Rotlicht-Szene angefangen haben, der Angriff auf Estland 2007 hat das Thema groß in die Presse gebracht, und spätestens seit den Angriffen der "Anonymous"-Bewegung sollte das Problem allgemein bekannt sein. Dazu gibt es auch einen Abschnitt in unserem letzten...

http://www.cert.at/services/blog/20151116114639-1627.html

BlackBerry Enterprise Server Input Validation Flaw in Management Console Lets Remote Conduct Cross-Site Scripting Attacks

http://www.securitytracker.com/id/1034154

D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in the DIR-816L wireless router enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated.

http://www.securityfocus.com/archive/1/536886

Debian: strongswan security update

Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.

https://lists.debian.org/debian-security-announce/2015/msg00303.html

Cisco Security Advisories

Cisco Videoscape Distribution Suite Service Manager Information Disclosure Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-vds

IBM Security Bulletins

Apache Commons Vulnerability for handling Java object deserialization

http://www.ibm.com/support/docview.wss?uid=swg21970575

IBM Security Bulletin: A vulnerability in GSKit affects IBM DataPower Gateways (CVE-2015-1788)

http://www.ibm.com/support/docview.wss?uid=swg21969271

IBM Security Bulletin: Certain cookies missing Secure attribute in IBM DataPower Gateways (CVE-2015-7427)

http://www.ibm.com/support/docview.wss?uid=swg21969342

Security Bulletin: Vulnerabilities in OpenSSL affect IBM System Networking RackSwitch (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792)

http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098801

IBM Security Bulletin: IBM Cúram Social Program Management contains an Apache Batik Vulnerability (CVE-2015-0250)

http://www.ibm.com/support/docview.wss?uid=swg21970112

IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition

http://www.ibm.com/support/docview.wss?uid=swg21969225

IBM Security Bulletin: Vulnerability in qemu-kvm affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance

http://www.ibm.com/support/docview.wss?uid=swg21968929

IBM Security Bulletin: Vulnerability in FUSE affects PowerKVM (CVE-2015-3202)

http://www.ibm.com/support/docview.wss?uid=isg3T1022878

IBM Security Bulletin: Lotus Protector for Mail Security affected by Opensource PHP Vulnerabilities (CVE-2015-6836 CVE-2015-6837 CVE-2015-6838)

http://www.ibm.com/support/docview.wss?uid=swg21968353

IBM Security Bulletin: GPFS security vulnerabilities in IBM SONAS (CVE-2015-4974 and CVE-2015-4981)

http://www.ibm.com/support/docview.wss?uid=ssg1S1005425

IBM Security Bulletin: Vulnerability in Mozilla gdk-pixbuf2 affects PowerKVM (CVE-2015-4491)

http://www.ibm.com/support/docview.wss?uid=isg3T1022833

Vulnerability in bind affects AIX (CVE-2015-5722)

http://www.ibm.com/support/