End-of-Shift report
Timeframe: Donnerstag 10-12-2015 18:00 − Freitag 11-12-2015 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
NIST will Feedback zur Absicherung von kritischer Infrastruktur
Die US-Standardisierungsbehörde möchte ihr Richtlinienpapier zur IT-Sicherheit von Kraftwerken und Industrieanlagen verbessern und bittet um Mithilfe. Allerdings ist das NIST bei Sicherheitsexperten momentan nicht gerade unumstritten.
http://heise.de/-3042666
New Spy Banker Trojan Telax abusing Google Cloud Servers
Introduction Zscaler ThreatLabZ has been closely monitoring a new Spy Banker Trojan campaign that has been targeting Portuguese-speaking users in Brazil. The malware authors are leveraging Google Cloud Servers to host the initial Spy Banker Downloader Trojan, which is responsible for downloading and installing Spy Banker Trojan Telax.
http://research.zscaler.com/2015/12/new-spy-banker-trojan-telax-abusing.html
Open Automation Software OPC Systems NET DLL Hijacking Vulnerability
This advisory provides mitigation details for a DLL Hijacking vulnerability in Open Automation Software's OPC Systems.NET application.
https://ics-cert.us-cert.gov/advisories/ICSA-15-344-02
XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-15-342-01 XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability that was published December 8, 2015, on the NCCIC/ICS-CERT web site. This advisory provides mitigations details for a cross-site scripting vulnerability in XZERES's 442SR turbine generator operating system.
https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01
Everything old is new again - Blackhole exploit kit since November 2015, (Fri, Dec 11th)
Last month, the Malwarebytes blog posted an article about Blackhole exploit kit (EK) resurfacing in active drive-by campaigns from compromised websites. At the time, I hadnt noticed this trend, because the Windows hosts I was using to generate EK traffic were a bit too up-to-date.
https://isc.sans.edu/diary.html?storyid=20477&rss
New SWITCH Security Report available - Invitation to take part in a Reader Survey
A new issue of our monthly SWITCH Security Report has just been released.
http://securityblog.switch.ch/2015/12/09/new-switch-security-report-available-invitation-to-take-part-in-a-reader-survey/
Zend Framework vulnerable to SQL injection
Zend Framework contains an SQL injection vulnerability (CWE-89) due to the argument of the ORDER BY clause.
An attacker who can access the product may execute SQL commands.
http://jvn.jp/en/jp/JVN71730320/
Totgesagte leben länger: Facebook und Cloudflare setzen weiter auf SHA-1
Mit SHA-1 signierte SSL/TLS-Zertifikate gelten schon lange als unsicher und es gibt seit einiger Zeit erste praktische Angriffe. Trotzdem wollen wichtige Dienstanbieter wie Facebook und Cloudflare auf unbestimmte Zeit an SHA-1 festhalten.
http://heise.de/-3041665
Advantech EKI Vulnerabilities
This advisory provides information regarding several vulnerabilities in Advantech's EKI devices.
https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01
Cisco Security Advisories
Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager XSS Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-uim
Cisco Small Business RV Series and SA500 Series Dual WAN VPN Router Generated Key Pair Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-dwvr
Cisco Emergency Responder Web Framework Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-cer
IBM Security Bulletins
Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images - OpenSSL vulnerabilities (CVE-2015-1791, CVE-2015-1792, CVE-2015-1788, CVE-2015-1789,CVE-2015-1790)
http://www.ibm.com/support/docview.wss?uid=swg21971248
Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2014-0919)
http://www.ibm.com/support/docview.wss?uid=swg21970398
Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931)
http://www.ibm.com/support/docview.wss?uid=swg21972650
Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931)
http://www.ibm.com/support/docview.wss?uid=swg21963120
Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2015-1788)
http://www.ibm.com/support/docview.wss?uid=swg21971177
Multiple vulnerabilities in OpenSSH, GNU C Library (glibc), and OpenSSL, including Logjam, affect Integrated Management Module II (IMM2)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099032
Vulnerabilities in openssh affect Power Hardware Management Console (CVE-2015-5600)
http://www.ibm.com/support/docview.wss?uid=nas8N1021006
A vulnerability in Libxml affects IBM Security Network Protection (CVE-2015-1819)
http://www.ibm.com/support/docview.wss?uid=swg21969664
A vulnerability in GNU glibc affects IBM Security Network Protection (CVE-2014-8121)
http://www.ibm.com/support/docview.wss?uid=swg21967169
Multiple vulnerability fixes for Rational Lifecycle Integration Adapter for HP ALM (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931)
http://www.ibm.com/support/docview.wss?uid=swg21972785
Multiple vulnerabilities in IBM Java SDK affect the IBM Installation Manager and IBM Packaging Utility (CVE-2015-2625 and CVE-2015-1931 )
http://www.ibm.com/support/docview.wss?uid=swg21972707
Vulnerability in spice affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5261, CVE-2015-5260)
http://www.ibm.com/support/docview.wss?uid=swg2C1000009
Vulnerability in IBM Java Runtime affects IBM Content Classification CVE-2015-4844
http://www.ibm.com/support/docview.wss?uid=swg21971760
Vulnerability in Apache Commons affects Rational Developer for i, Rational Developer for AIX and Linux and Rational Developer for Power Systems Software (CVE-2015-7450)
http://www.ibm.com/support/docview.wss?uid=swg21971814
´Vulnerability in Apache Commons affects IBM Rational Application Developer for WebSphere Software (CVE-2015-7450)
http://www.ibm.com/support/docview.wss?uid=swg21972565
Multiple vulnerability in Product IBM Tivoli Common Reporting (CVE-2015-7436,CVE-2015-7435,CVE-2012-6153,CVE-2014-3577,CVE-2015-7450,CVE-2015-4872)
http://www.ibm.com/support/docview.wss?uid=swg21972799
Vulnerability in Apache Commons affects IBM Web Interface for Content Management (WEBi) (CVE-2015-7450)
http://www.ibm.com/support/docview.wss?uid=swg21972903
Vulnerability in Apache Commons affects FileNet Collaboration Services/IBM FileNet Services for Lotus Quickr (CVE-2015-7450)
http://www.ibm.com/support/docview.wss?uid=swg21972902
Vulnerability in Apache Commons affects IBM Integration Designer (CVE-2015-7450)
http://www.ibm.com/support/docview.wss?uid=swg21971371