End-of-Shift report
Timeframe: Montag 14-12-2015 18:00 − Dienstag 15-12-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
13 million MacKeeper users exposed after MongoDB door was left open
Expect more breaches in the future as 35,000 MongoDB installs are misconfigured.
http://arstechnica.com/security/2015/12/13-million-mackeeper-users-exposed-after-mongodb-door-was-left-open/
Hack: Esa-Nutzer haben kurze Passwörter
Zahlreiche interne Datensätze der Europäischen Raumfahrtagentur Esa sind gehackt worden und jetzt im Internet einsehbar. Offenbar benutzen viele der Esa-Nutzer kurze und unsichere Passwörter.
http://www.golem.de/news/rocket-science-esa-nutzer-haben-kurze-passwoerter-1512-118026-rss.html
Vulnerability Details: Joomla! Remote Code Execution
The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected pretty much all versions of the platform up to 3.4.5. As soon as the patch was released, we were able to start our investigation and found that it was alreadyRead More The post Vulnerability Details: Joomla! Remote Code Execution appeared first on Sucuri Blog.
https://blog.sucuri.net/2015/12/joomla-remote-code-execution-the-details.html
4 Things to Consider When Assessing Device Posture for Effective Network Access Control
Guest blogger Benny Czarny explains one of the main reasons to have a NAC system in place is to keep risky devices from connecting to your organization's network. Unfortunately, simply purchasing a NAC solution is not going to guarantee your protection.Categories: Online SecurityTags: Anti-Malwareanti-virusencryptionendpointvulnerability(Read more...)
https://blog.malwarebytes.org/online-security/2015/12/4-things-to-consider-when-assessing-device-posture-for-effective-network-access-control/
Protecting Windows Networks - Kerberos Attacks
MEDIA NOTE: This is not a new flaw, just a good write-up! I don't know why media reporting this as a new flaw. | Kerberos is an authentication protocol that is used by default in Windows networks and provide mutual authentication and authorization for clients and servers. It does not require you to send a password or a hash on the wire, it is instead rely on a trusted third party for handling all the details. | Although, it is considered a secure protocol, it has some flaws in Windows...
http://dfir-blog.com/2015/12/13/protecting-windows-networks-kerberos-attacks/
Kaspersky Security Bulletin 2015. Overall statistics for 2015
In 2015, virus writers demonstrated a particular interest in exploits for Adobe Flash Player. The proportion of relatively simple programs used in mass attacks was growing. Attackers have mastered non-Windows platforms - Android and Linux: almost all types of malicious programs are created and used for these platforms.
http://securelist.com/analysis/kaspersky-security-bulletin/73038/kaspersky-security-bulletin-2015-overall-statistics-for-2015/
Oil and Gas Cyber Security - Interview
In the recent presentation at BlackHat, you mentioned that oil and gas is one of the industries most plagued by cyber-attacks. What makes oil and gas an attractive target? It's a juicy target for Cyberattacks as oil and gas companies are responsible for a great part of some countries' economies. Any interference in their work...
http://resources.infosecinstitute.com/oil-and-gas-cyber-security-interview/
Android.ZBot banking Trojan uses "web injections" to steal confidential data
December 15, 2015 The Trojans designed to steal money from bank accounts pose a serious threat to Android users. The Android.ZBot Trojan is one of these malicious programs. Its different modifications target mobile devices of Russian users from February 2015. This Trojan is interesting due to its ability to steal logins, passwords, and other confidential data by displaying fraudulent authentication forms on top of any applications. The appearance of such forms is generated on
http://news.drweb.com/show/?i=9754&lng=en&c=9
Security Afterworks: Wie man TLS-Hipster wird & Best of CCC
January 21, 2016 - 5:00 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien
https://www.sba-research.org/events/security-afterworks-wie-man-tls-hipster-wird-best-of-ccc/
ZDI-15-639: (0Day) Microsoft Office Excel Binary Worksheet Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://www.zerodayinitiative.com/advisories/ZDI-15-639/
ZDI-15-638: (0Day) Apache TomEE Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache TomEE. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-15-638/
Security Advisory: RSA-CRT key leak vulnerability CVE-2015-5738
https://support.f5.com:443/kb/en-us/solutions/public/k/91/sol91245485.html?ref=rss
Cisco Unified Communications Manager Web Management Interface Cross-Site Scripting Filter Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm
Cisco IOS XE Software IPv6 Neighbor Discovery Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ios
Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim
Security Notice - Statement on NTP.org and CERT/CC Revealing Security Vulnerabilities in NTPd
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-408044.htm
TYPO3 CMS 6.2.16 and 7.6.1 released
The TYPO3 Community announces the versions 6.2.16 LTS and 7.6.1 LTS of the TYPO3 Enterprise Content Management System.
Both versions are maintenance releases and contain bug and security fixes.
In case the extension mediace is used, please make sure to upgrade to version 7.6.1.
http://www.typo3.org/news/article/typo3-cms-6216-and-761-released/
Cross-Site Scripting in TYPO3 component Indexed Search
http://www.typo3.org/news/article/cross-site-scripting-in-typo3-component-indexed-search/
TYPO3 is susceptible to Cross-Site Flashing
http://www.typo3.org/news/article/typo3-is-susceptible-to-cross-site-flashing/
Multiple Cross-Site Scripting vulnerabilities in frontend
http://www.typo3.org/news/article/multiple-cross-site-scripting-vulnerabilities-in-frontend/
Cross-Site Scripting vulnerability in typolinks
http://www.typo3.org/news/article/cross-site-scripting-vulnerability-in-typolinks/
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend
http://www.typo3.org/news/article/multiple-cross-site-scripting-vulnerabilities-in-typo3-backend/
Cross-Site Scripting in TYPO3 component Extension Manager
http://www.typo3.org/news/article/cross-site-scripting-in-typo3-component-extension-manager/