End-of-Shift report
Timeframe: Mittwoch 23-12-2015 18:00 − Montag 28-12-2015 18:00
Handler: L. Aaron Kaplan
Co-Handler: Stephan Richter
Malware-Driven Card Breach at Hyatt Hotels
Hyatt Hotels Corporation said today it recently discovered malicious software designed to steal credit card data on computers that operate the payment processing systems for Hyatt-managed locations.
http://krebsonsecurity.com/2015/12/malware-driven-card-breach-at-hyatt-hotels/
Using WPScan: Finding WordPress Vulnerabilities
When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. The database at wpvulndb.com is used to check for vulnerable software and the WPScan team maintains the ever-growing list ofRead More The post Using WPScan: Finding WordPress Vulnerabilities appeared first on Sucuri Blog.
https://blog.sucuri.net/2015/12/using-wpscan-finding-wordpress-vulnerabilities.html
NSA und GCHQ nutzen seit Jahren Hintertüren in Juniper-Firewalls
Geheimes Dokument aus 2011 zeigt Zusammenarbeit der zwei Geheimdienste
http://derstandard.at/2000028055853
Victims of the Gomasom Ransomware can now decrypt their files for free
Fabian Wosar, security researcher at Emsisoft, created a tool for decrypting files locked by the Gomasom Ransomware. Ransomware are the most threatening cyber threats for end-users, but today I have a good news for victims of the Gomasom ransomware, victims can rescue their locked files. The news was spread by the security researcher Fabian Wosar that developed a...
http://securityaffairs.co/wordpress/43074/malware/decrypt-gomasom-ransomware-files.html
Hacker zeigen massive Lücken bei Bankomatkarten
Vor Publikum PIN ausgelesen, Prepaid-Karte aufgeladen und Zahlungen umgeleitet
http://derstandard.at/2000028162750
32C3: Hardware-Trojaner als unterschätzte Gefahr
Fest in IT-Geräte und Chips eingebaute Hintertüren stellten eine "ernste Bedrohung" dar, warnten Sicherheitsexperten auf der Hackerkonferenz. Sie seien zwar nur mit großem Einwand einzubauen, aber auch schwer zu finden.
http://heise.de/-3056452
32C3: Dieselgate und die omninöse Akustik-Funktion
Kann die Manipulation der Abgaswerte bei Volkswagen wirklich das Werk einzelner Ingenieure sein? Auf dem CCC-Congress erteilten ein Insider und ein Hacker dieser Legende eine Absage.
http://heise.de/-3056438
32C3: Automatische Zugsicherung und vernetzte Bahntechnik im Hackervisier
Eine Hackergruppe, die sich auf Industrieanlagen konzentriert, hat diverse Angriffsflächen rund um vernetzte Systeme zur Zugkontrolle ausgemacht. Veraltete Software sowie unsichere Passwörter seien dort "überall" zu finden.
http://heise.de/-3056484
DSA-3430 libxml2 - security update
Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an application using libxml2, would cause that application to use anexcessive amount of CPU, leak potentially sensitive information, orcrash the application.
https://www.debian.org/security/2015/dsa-3430
GIT git-remote-ext Helper URL Processing Lets Remote Users Execute Arbitrary Commands on the Target System
http://www.securitytracker.com/id/1034501
F5 Security Advisory: Apache vulnerability CVE-2010-0434
https://support.f5.com:443/kb/en-us/solutions/public/k/40/sol40284849.html?ref=rss
EMC Secure Remote Services Virtual Edition Directory Traversal Flaw Lets Remote Authenticated Users View Files on the Target System
http://www.securitytracker.com/id/1034530
Cisco Jabber for Windows STARTTLS Downgrade Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab
Vuln: Dnsmasq CVE-2015-3294 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/74452
IDM 4.5 - 4.0.2 Midrange Driver Patch 4.0.2
Abstract: Identity Manager Midrange: IBM i (i5/OS and OS/400) driver patch for the Identity Manager versions 4.0.2 or higher. Driver version will show i5os Driver Version 4.0.2 IDM 4.0.2 Build Date 20151207_1437IDM 4.5.x Build Date 201512071006 To see the version run I5OSDRV/I5OSDRV OPTION(*VERSION)Document ID: 5230811Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm45-402midrangepatch2.tar.gz (96.31 MB)Products:Identity Manager 4.0.2Identity Manager...
https://download.novell.com/Download?buildid=HsE3grsz-TU~
DFN-CERT-2015-1999: libvirt: Eine Schwachstelle ermöglicht die Manipulation von Dateien
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1999/
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in Websphere Liberty Profile (WLP) affect Power Management Console (CVE-2015-2017, CVE-2015-1927, CVE-2015-4938)
http://www.ibm.com/support/docview.wss?uid=nas8N1021040
IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2015-7410)
http://www.ibm.com/support/docview.wss?uid=swg21972676
IBM Security Bulletin: Vulnerability in Linux-PAM affects PowerKVM (CVE-2015-3238)
http://www.ibm.com/support/docview.wss?uid=isg3T1022880
IBM Security Bulletin: Vulnerabilities in pam affect Power Management Console (CVE-2015-3238)
http://www.ibm.com/support/docview.wss?uid=nas8N1021041
IBM Security Bulletin: A denial of service vulnerability affects IBM Sterling B2B Integrator (CVE-2014-0050)
http://www.ibm.com/support/docview.wss?uid=swg21972944
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK including Logjam affect IBM PureApplication System. (CVE-2015-4000, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, and CVE-2015-1931)
http://www.ibm.com/support/docview.wss?uid=swg21973591
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931 and CVE-2015-4872)
http://www.ibm.com/support/docview.wss?uid=swg21973439
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM Integration Designer and WebSphere Integration Developer (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-4872)
http://www.ibm.com/support/docview.wss?uid=swg21972087
IBM Security Bulletin: Vulnerabilities affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-4962, CVE-2015-4946)
http://www.ibm.com/support/docview.wss?uid=swg21973404
IBM Security Bulletin: Malformed ECParameters causes infinite loop (CVE-2015-1788)
http://www.ibm.com/support/docview.wss?uid=isg3T1023038
IBM Security Bulletin: Multiple vulnerabilities affect AppScan Enterprise
http://www.ibm.com/support/docview.wss?uid=swg21972830
IBM Security Bulletin: Clickjack vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-1928)
http://www.ibm.com/support/docview.wss?uid=swg21973200
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Content Manager Enterprise Edition (CVE-2015-1788)
http://www.ibm.com/support/docview.wss?uid=swg21973416
IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM Tivoli Storage Manager Client and IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275,
http://www.ibm.com/support/docview.wss?uid=swg21973383
IBM Security Bulletin: Privilege escalation coverage gap in IBM SPSS Statistics (CVE-2015-7489)
http://www.ibm.com/support/docview.wss?uid=swg21973502
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902)
http://www.ibm.com/support/docview.wss?uid=isg3T1023034
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005474
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.
http://www.ibm.com/support/docview.wss?uid=nas8N1021047
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Monitoring clients (CVE-2015-2590 plus additional CVEs.)
http://www.ibm.com/support/docview.wss?uid=swg21964027