End-of-Shift report
Timeframe: Montag 21-12-2015 18:00 − Dienstag 22-12-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
IBM Security Bulletin: Blind SQL injection vulnerability in IBM OpenPages GRC Platform API (CVE-2015-5049)
A blind SQL injection vulnerability has been found in the OpenPages GRC Platform API that could allow retrival or manipulation of information in the database.
http://www.ibm.com/support/docview.wss?uid=swg21970590
Cisco IOS XE Software Packet Processing Denial of Service Vulnerability
The vulnerability is due to incorrect processing of packets that have a source MAC address of 0000:0000:0000. An attacker could exploit this vulnerability by sending a frame that has a source MAC address of all zeros to an affected device. A successful exploit could allow the attacker to cause the device to reload.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2015-1221-iosxe
[20151207] - Core - SQL Injection
Inadequate filtering of request data leads to a SQL Injection vulnerability.
https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html
[20151206] - Core - Session Hardening
The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). This fixes the bug across all supported PHP versions.
https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html
First Exploit Attempts For Juniper Backdoor Against Honeypot
We are detecting numerous login attempts against our ssh honeypots using the ScreenOSbackdoor password. Our honeypot doesnt emulate ScreenOS beyond the login banner, so we do not know what the attackers are up to, but some of the attacks appear to be manual in that we do see the attacker trying different ..
https://isc.sans.edu/diary.html?storyid=20525
Protecting Your Sites from Apache.Commons Vulnerabilities
A few weeks ago, FoxGlove Security released this important blog post that includes several Proof-of-Concepts for exploiting Java unserialize vulnerabilities. A remote attacker can gain Remote Code Execution by sending specially crafted payload to any endpoint expecting a serialized ..
https://www.trustwave.com/Resources/SpiderLabs-Blog/Protecting-Your-Sites-from-Apache-Commons-Vulnerabilities/
Oracle muss Java-Updates nachbessern
Alte Java-Versionen müssen restlos von Computern verschwinden. Dafür muss Oracle sorgen.
http://heise.de/-3052761
Shopshifting: Sicherheitsforscher decken Lücken im elektronischen Zahlungsverkehr auf
Bezahl-Terminals sprechen übers Netz mit ihrer Kasse und dem Bezahldienstleister. Beide Kommunikationskanäle weisen Schwächen auf, die ein Angreifer nutzen kann, um Kunden oder Ladeninhaber auszuplündern.
http://heise.de/-3052165
rt-sa-2015-013
https://www.redteam-pentesting.de/advisories/rt-sa-2015-013.txt
Juniper backdoors
Juniper hat in einem Advisory (hier unsere unsere Warnung dazu) der Welt gesagt, dass sie bei einem Code-Audit zwei Hintertüren in ScreenOS gefunden haben.Die eine ist eine technisch ziemlich triviale Sache: ein konstantes Passwort erlaubt den Login per ssh oder telnet. Angeblich hat es nur 6 Stunden gebraucht, um dieses ..
http://www.cert.at/services/blog/20151222153859-1646.html
IBM Security Bulletin: Multiple XSS Vulnerabilities in IBM UrbanCode Deploy (CVE-2015-7415)
IBM UrbanCode Deploy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker ..
http://www.ibm.com/support/docview.wss?uid=swg21970811
Bericht: Hacker haben Teile des US-Stromnetzes infiltriert
In rund zwölf Fällen sollen Cyberangriffe auf Kontrollzentren von Energieversorgern in den USA während der vergangenen zehn Jahre erfolgreich gewesen sein. Der Hack des Anbieters Calpine ging wohl vom Iran aus.
http://heise.de/-3054887
Call for Papers: VB2016 Prague
VB seeks submissions for the 26th Virus Bulletin Conference.Virus Bulletin is seeking submissions from those wishing to present papers at VB2016, which will take place 5 to 7 October 2016 at the Hyatt Regency Denver Hotel in Denver, Colorado, USA.Originally started as an annual gathering of anti-virus experts, the ..
http://www.virusbtn.com/blog/2015/12_22.xml