Tageszusammenfassung - Donnerstag 12-03-2015

End-of-Shift report

Timeframe: Mittwoch 11-03-2015 18:00 − Donnerstag 12-03-2015 18:00 Handler: Stephan Richter Co-Handler: n/a

Cyber Security in Supply Chain Management: Part 1

Introduction Cyber security is generally thought of as various types of security devices like firewalls, Web Application Firewall (WAF), IDS/IPS, SIEM, DLP etc. to safeguard network, applications and data. But what if, for example, the deployed security solutions have a bug inside? The latest example of this is exposing of a vulnerability in Lenovo notebooks.

http://resources.infosecinstitute.com/cyber-security-in-supply-chain-management-part-1/

Paper: Windows 10 patching process may leave enterprises vulnerable to zero-day attacks

Aryeh Goretsky gives advice on how to adapt to Windows 10s patching strategy.Patching is hard, especially when the code base is old and the bugs are buried deeply. This was highlighted once again this week when Microsoft released a patch for a vulnerability that was thought to have been patched almost five years ago, but which could still be exploited.In fact, six out of the last eight Patch Tuesdays have included patches that have caused problems for some Windows users.Probably in response to...

http://www.virusbtn.com/blog/2015/03_12.xml?rss

Microsoft SHA-2 Advisory Causing "Infinite Loop" Issues

Windows users are having issues with a security update issued this week meant to add SHA-2 code-signing and verification support to Windows 7 and Windows Server 2008 R2 machines.

http://threatpost.com/microsoft-sha-2-advisory-causing-infinite-loop-issues/111597

Schwerwiegende Sicherheitslücke im Shop-System xt:Commerce

Derzeit klafft eine Sicherheitslücke im aktuellen Versionszweig des verbreiteten Online-Shop-Systems xt:Commerce. Ein Patch ist bereits verfügbar.

http://heise.de/-2573755

Who got the bad SSL Certificate? Using tshark to analyze the SSL handshake., (Thu, Mar 12th)

Ever wonder if any of your users connect to sites with bad SSL certificates? I ran into this issue recently when debugging some SSL issues, and ended up with thisquick tshark and shell script trickto extract the necessary information from a packet capture. First, you may want to compare the host name your clients connect to, to the host name returned as part of the certificate. While the Host header is encrypted and not accessible, modern SSL libraries use Server Name Indication (SNI) as part...

https://isc.sans.edu/diary.html?storyid=19455&rss

Defending Against PoS RAM Scrapers

Stealing payment card data has become an everyday crime that yields quick monetary gains. Attackers aim to steal the data stored in the magnetic stripe of payment cards, optionally clone the cards, and run charges on the accounts associated with them. The topic of PoS RAM scraper malware always prompts businesses and retailers to ask...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/CYPwDbRGFfc/

Dropbox Patches Remotely Exploitable Vulnerability in SDK

Developers at Dropbox recently fixed a remotely exploitable vulnerability in the Android SDK version of the app that enabled attackers to connect applications on some devices to a Dropbox account without the users consent.

http://threatpost.com/dropbox-patches-remotely-exploitable-vulnerability-in-sdk/111587

Inverted WordPress Trojan

Trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously does something bad. In WordPress, typical trojans are plugins and themes (usually pirated) which may have backdoors, or send out spam, create doorways, inject hidden links or malware. The trojan modelRead More

http://blog.sucuri.net/2015/03/inverted-wordpress-trojan.html

RSA Digital Certificate Manager Input Validation Flaws Permit Cross-Site Scripting and Denial of Service Attacks

http://www.securitytracker.com/id/1031912

EMC Secure Remote Services GHOST / SQL Injection / Command Injection

Topic: EMC Secure Remote Services GHOST / SQL Injection / Command Injection Risk: High Text:ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities CVE Identifier: CVE-2...

http://cxsecurity.com/issue/WLB-2015030076

Google Android Integer Oveflow / Heap Corruption

http://cxsecurity.com/issue/WLB-2015030079

phpMyAdmin Bug May Disclose CSRF Token to Remote Users

http://www.securitytracker.com/id/1031871

Elipse E3 Process Control Vulnerability (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-15-069-04 Elipse E3 Process Control Vulnerability that was published March 10, 2015, on the NCCIC/ICS-CERT web site.

https://ics-cert.us-cert.gov/advisories/ICSA-15-069-04A

IBM Security Bulletin: Apache Tomcat request smuggling affects Algo Audit and Compliance (CVE-2014-0227)

http://www.ibm.com/support/docview.wss?uid=swg21698437

IBM Security Bulletin: IBM PowerVC - Ceilometer DB2/MongoDB Backend Password Leak (CVE-2013-6384)

http://www.ibm.com/support/docview.wss?uid=nas8N1020585

IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM/Cisco Switches and Directors (CVE-2015-0235)

http://www.ibm.com/support/docview.wss?uid=ssg1S1005122

IBM Security Bulletin: Multiple IBM InfoSphere Information Server components are affected by a vulnerability in the XML4C parser (CVE-2014-8901)

http://www.ibm.com/support/docview.wss?uid=swg21696312