End-of-Shift report
Timeframe: Dienstag 15-12-2015 18:00 − Mittwoch 16-12-2015 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
IBM Security Bulletin
Multiple vulnerabilities in IBM Java SDK affect IBM Rational Connector for SAP Solution Manager
http://www.ibm.com/support/docview.wss?uid=swg21967447
IBM Security Bulletin: Security Vulnerability in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Configuration Manager
http://www.ibm.com/support/docview.wss?uid=swg21972884
IBM Security Bulletin: Openstack Cinder and Horizon vulnerabilities affect IBM Cloud Manager with OpenStack
http://www.ibm.com/support/docview.wss?uid=isg3T1023146
IBM Security Bulletin: IBM QRadar SIEM is vulnerable to path traversal attack.
http://www.ibm.com/support/docview.wss?uid=swg21967647
IBM Security Bulletin: A security vulnerability exist in the IBM SDK, Java Technology Edition provided with WebSphere DataPower XC10 Appliance
http://www.ibm.com/support/docview.wss?uid=swg21972660
IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Stored cross-site scripting.
http://www.ibm.com/support/docview.wss?uid=swg21973175
FireEye Exploitation: Project Zero's Vulnerability of the Beast
FireEye sell security appliances to enterprise and government customers. FireEye's flagship products are monitoring devices designed to be installed at egress points of large networks, i.e. where traffic flows from the intranet to the internet.To give a ..
http://googleprojectzero.blogspot.com/2015/12/fireeye-exploitation-project-zeros.html
Security Management vs Chaos: Understanding the Butterfly Effect to Manage Outcomes & Reduce Chaos
And now for something completely different.">Python">Subtitle: Captain Obvious Applies Chaos Theory Introduction This diary breaks a bit from our expected norms todiscussmanaging possible outcomes originating froma data breach ..
https://isc.sans.edu/diary.html?storyid=20495
Security Advisory: Multiple MySQL vulnerabilities
https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59010802.html?ref
VB2015 video: Making a dent in Russian mobile banking phishing
Sebastian Porst explains what Google has done to protect users from phishing apps targeting Russian banks.In the last few years, mobile malware has evolved from a mostly theoretical threat to a very serious one that affects many users. Indeed, several talks at VB2015 dealt with various aspects of mobile ..
http://www.virusbtn.com/blog/2015/12_16.xml
Adcon Telemetry A840 Vulnerabilities
This advisory contains mitigation details for vulnerabilities in Adcon Telemetry's A840 Telemetry Gateway Base Station.
https://ics-cert.us-cert.gov/advisories/ICSA-15-349-01
Advantech EKI Vulnerabilities (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-15-344-01 Advantech EKI Vulnerabilities that was published December 10, 2015, on the NCCIC/ICS-CERT web site.
https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01
Sicherheitspaket UTM von Sophos löchrig
Das Unified-Threat-Management-Paket von Sophos ist bedroht und einem Sicherheitsforscher zufolge können Angreifer etwa die Firewall deaktivieren. Die Lücken sollen bereits gefixt sein; Patches sind aber noch nicht verfügbar.
http://heise.de/-3044717
DFN-CERT-2015-1937/">ISC BIND9: Zwei Schwachstellen ermöglichen einen Denial-of-Service-Angriff
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1937/
Driving an industry towards secure code
The German government made an unprecedented move this week by issuing requirements for all new vehicles' software to be made accessible to country regulators to ensure that emissions loopholes aren't ...
http://www.net-security.org/article.php?id=2431
Playing With Sandboxes Like a Boss
Last week, Guy wrote a nice diary to explain how to easily deploy IRMA to analyze suspicious files. Having a good tool to work on files locally is always interesting for multiple reasons. You are doing some independent research, you ..
https://isc.sans.edu/diary.html?storyid=20501
Attacking WPA2 Enterprise
The widespread use of mobile and portable devices in the enterprise environment requires a proper implementation of the wireless network infrastructure to provide them connectivity and ensure the business functionality. WPA-Enterprise is ..
http://resources.infosecinstitute.com/attacking-wpa2-enterprise/
Open Source Network Security Tools for Newbies
With so many open source tools available to help with network security, it can be tricky to figure out where to start, especially if you are an IT generalist who has been tasked with security. We all have to start somewhere. The question is, where? The sheer number of open source tools available can make ..
https://www.alienvault.com/blogs/security-essentials/open-source-network-security-tools-for-newbies
[HTB23282]: RCE in Zen Cart via Arbitrary File Inclusion
High-Tech Bridge Security Research Lab discovered critical vulnerability in a popular e-commerce software Zen Cart, which can be exploited by remote non-authenticated attackers to compromise vulnerable system. A remote ..
https://www.htbridge.com/advisory/HTB23282
Crimeware / APT Malware Masquerade as Santa Claus and Christmas Apps
CloudSek was monitoring an underground hacking team, that was selling a Desktop malware in various underground forums. The desktop malware is specifically designed for jumping air-gapped systems , and given the type of documents the attackers are seeking , it was collecting classified data from software companies and government organisations.
https://www.cloudsek.com/announcements/blog/apt-malware-masquerade-as-christmas-apps-and-santa-claus/