End-of-Shift report
Timeframe: Montag 16-11-2015 18:00 − Dienstag 17-11-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Cyber crooks actively hijacking servers with unpatched vBulletin installations
Administrators of vBulletin installations would do well to install the latest vBulletin Connect updates as soon as possible, as cyber crooks are actively searching for servers running vulnerable versi...
http://www.net-security.org/secworld.php?id=19113
Windows driver signing bypass by Derusbi
Derusbi is an infamous piece of malware. The oldest identified version was compiled in 2008. It was used on well-known hacks such as the Mitsubishi Heavy Industries hack discovered in October 2011 or the Anthem hack discovered in 2015.
http://www.sekoia.fr/blog/windows-driver-signing-bypass-by-derusbi/
Developers Are (still) From Mars, Infosec People (still) From Venus
In March 2011, Brian Honan contributed to an issue of the INSECURE magazine with an article called "Management are from Mars, information security professional are from Venus". This title comes from the John Gray's worldwide bestseller where he presents the relations between men and women. Still today, we can reuse this subject for many purposes. Last week, I...
https://blog.rootshell.be/2015/11/17/developers-mars-infosec-people-venus/
Why Algebraic Eraser may be the riskiest cryptosystem you've never heard of
Researchers say there's a fatal flaw in proposed "Internet of things" standard.
http://arstechnica.com/security/2015/11/why-algebraic-eraser-may-be-the-most-risky-cryptosystem-youve-never-heard-of/
Cyber Security Assessment Netherlands 2015: cross-border cyber security approach necessary
Cybercrime and digital espionage remain the largest threat to digital security in the Netherlands. Geopolitical developments like international conflicts and political sensitivities have a major impact on the scope of this threat. These are key findings from the Cyber Security Assessment Netherlands (CSAN), presented to the House of Representatives by State Secretary Dijkhoff in October, and now available in English.
https://www.ncsc.nl/english/current-topics/news/cyber-security-assessment-netherlands-2015.html
Gas- und Öl-Industrie: Leichte Ziele für Hacker
Sicherheitsforscher warnen davor, dass Cyber-Kriminelle mit vergleichsweise einfachen Methoden einen Großteil der weltweiten Öl-Produktion kontrollieren könnten.
http://heise.de/-2922912
Bugtraq: Open-Xchange Security Advisory 2015-11-17
PGP public keys allow to specify arbitrary "User ID" information that gets encoded to the public key and is presented to OX Guard users at "Guard PGP Settings". Public keys containing such content are still valid. Therefor they can be distributed and in case the uid field contains javascript code, they can be used to inject code.
http://www.securityfocus.com/archive/1/536923
Cisco Firepower 9000 Unauthenticated File Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-firepower
D-Link DIR-645 UPNP Buffer Overflow
Topic: D-Link DIR-645 UPNP Buffer Overflow Risk: High Text:## Advisory Information Title: Dlink DIR-645 UPNP Buffer Overflow Vendors contacted: William Brown <
william.brown at dlink.com...
https://cxsecurity.com/issue/WLB-2015110133
D-Link DIR-815 Buffer Overflow / Command Injection
Topic: D-Link DIR-815 Buffer Overflow / Command Injection Risk: High Text:## Advisory Information Title: DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities Ve...
https://cxsecurity.com/issue/WLB-2015110135
Huawei Security Notice - Statement on Seclists.org Revealing Security Vulnerability in Huawei P8 Smart Phone
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-462315.htm