End-of-Shift report
Timeframe: Donnerstag 12-03-2015 18:00 − Freitag 13-03-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Security updates available for Adobe Flash Player (APSB15-05)
A Security Bulletin (APSB15-05) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin. This...
https://blogs.adobe.com/psirt/?p=1185
After Delays, Samsung Patches Social Media Vulnerability in Millions of Devices
Samsung patched a vulnerability last month in SNS Provider that if exploited could have given attackers the ability to access to any personal information users stored on Facebook, LinkedIn and Twitter.
http://threatpost.com/after-delays-samsung-patches-social-media-vulnerability-in-millions-of-devices/111609
Blind SQL Injection against WordPress SEO by Yoast, (Fri, Mar 13th)
WordPress has released an advisory for the WordPress plugin SEO by Yoast. Version up to and including 1.7.3.3 can be exploited with a blind SQL injection. According to WordPress, this plugin has more than one million downloads. A description of the SQL injection with proof of concept is described here and the latest update is available here. [1]
https://wordpress.org/plugins/wordpress-seo/ [2]
https://downloads.wordpress.org/plugin/wordpress-seo.1.7.4.zip [3]
https://isc.sans.edu/diary.html?storyid=19457&rss
Achievement Locked: New Crypto-Ransomware Pwns Video Gamers
Gamers may be used to paying to unlock downloadable content in their favorite games, but a new crypto-ransomware variant aims to make gamers pay to unlock what they already own. Data files for more than 20 games can be affected by the threat, increasing what is already a large target for cybercriminals. Another file type...
http://labs.bromium.com/2015/03/12/achievement-locked-new-crypto-ransomware-pwns-video-gamers/
VIRLOCK Combines File Infection and Ransomware
Analysis by Jaaziel Carlos, Jonh Chua, and Rodwin Fuentes Ransomware has become one of the biggest problems for end users are as of late. In the past months alone, we have reported on several variants of both ransomware and crypto-ransomware, each with their own "unique" routines. We recently came across one malware family, detected as...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/eJWas-XoY6I/
Microsoft EMET 5.2 is available, (Fri, Mar 13th)
Microsoft has announced a new release of the Enhanced Mitigation Experience Toolkit (EMET) 5.2. The main the main changes and improvements as the following: Control Flow Guard:EMETs native DLLs have been compiled with Control Flow Guard(CFG). CFG is a new feature introduced in Visual Studio 2015 (and supported by Windows 8.1 and Windows 10) that helps detect and stop attempts of code hijacking. EMET native DLLs (i.e. EMET.DLL) are injected into the application process EMET protects. Since we
https://isc.sans.edu/diary.html?storyid=19461&rss
Adobe schließt kritische Lücken in Flash
Ein neues Update für den Flash-Player schließt elf Sicherheitslücken und ist für alle Plattformen verfügbar. Eine zügige Installation ist ratsam, da Angreifer im schlimmsten Fall das System übernehmen könnten.
http://heise.de/-2574278
Bootschleife nach SHA-2-Update für Windows 7
Böse Überraschung für einige Nutzer mit Linux-Dual-Boot: Ein Windows-7-Update vom letzten Patchday stürzt den Rechner in eine Bootschleife. Das scheint allerdings nur beim Booten über das klassische BIOS aufzutreten, UEFI-Nutzer haben Glück.
http://heise.de/-2574289
BlackBerry has no fix for devices vulnerable to FREAK security flaw
Summary:The company, lauded for having the worlds most protected devices for encrypted messaging, warns that devices will be vulnerable to a serious security flaw until a patch is released.
http://www.zdnet.com/article/blackberry-slow-to-respond-to-freak-flaw-says-it-has-no-fix/
Mozilla Releases Open Source Masche Forensics Tool
Mozilla has released an open source memory forensics tool that some college students designed and built during the company's recent Winter of Security event. The new tool, known as Masche, is designed specifically for investigating server memory and has the advantage of being able to scan running processes without causing any problems with the machine.
http://threatpost.com/mozilla-releases-open-source-masche-forensics-tool/111630
Google-Panne: Inhaberdaten von 300.000 geschützten Domains einsehbar
Google bietet seinen Kunden die Möglichkeit, Domains zu registrieren, ohne dass dabei persönliche Daten in den Whois-Einträgen auftauchen. Durch einen Bug waren die Informationen trotzdem abrufbar.
http://heise.de/-2574423
Bypassing ASLR with CVE-2015-0071: An Out-of-Bounds Read Vulnerability
Almost every Patch Tuesday cycle contains one bulletin that (for convenience) rolls up multiple Internet Explorer vulnerabilities into a single bulletin. February's Patch Tuesday cumulative IE bulletin (MS15-009) included a fix for a particularly interesting vulnerability that could be used to bypass one of the key anti-exploit technologies in use today, address space layout randomization...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/35xufNRKED8/
Security Afterworks: Cybercrime - Lessons From the Field & Best Of Troopers15
Cybercrime – wie reagieren nach einem Vorfall? Die Frage ist schon längst nicht mehr ob, sondern wann Sie zum Ziel werden. Andreas Tomek informiert beim Security Afterworks im April über Lessons from the field – Incident Response & Cybercrime in Österreich. Danach geht es mit den Hot Topics der Troopers15 weiter.
Lassen Sie sich von uns auf den neuesten Stand bringen!
Dienstag, 14. April 2015
16.30 Uhr
ab 17.30 Uhr gemütlicher Ausklang
SBA Research
https://www.sba-research.org/events/security-afterworks-cybercrime-lessons-from-the-field-best-of-troopers15/
https://www.sba-research.org/wp-content/uploads/2015/03/Security-Afterworks-V-Agenda1.pdf
Cisco FREAKs out, starts epic OpenSSL bug-splat
Happy weekend, network admins Cisco admins will be watching and waiting for fixes, with the company announcing that many of its OpenSSL implementations are carrying a bunch of post-POODLE fleas.
http://go.theregister.com/feed/www.theregister.co.uk/2015/03/13/cisco_freaks_out_starts_epic_openssl_bugsplat/
Samsung SNS Provider Application For Android Access Theft
Topic: Samsung SNS Provider Application For Android Access Theft Risk: Low Text: Fundacion Dr. Manuel Sadosky - Programa STIC Advisory www.fundacionsadosky.org.ar *Vulnerabilities in the Samsung SNS ...
http://cxsecurity.com/issue/WLB-2015030093
HP Security Bulletins
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04571956
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04570627
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04576624
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03822422
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04562193
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04587108
DSA-3186 nss - security update
It was discovered that the Mozilla Network Security Service library(nss) incorrectly handled certain ASN.1 lengths. A remote attacker couldpossibly use this issue to perform a data-smuggling attack.
https://www.debian.org/security/2015/dsa-3186
DSA-3185 libgcrypt11 - security update
Multiple vulnerabilities were discovered in libgcrypt:
https://www.debian.org/security/2015/dsa-3185
DSA-3184 gnupg - security update
Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard:
https://www.debian.org/security/2015/dsa-3184
WPML Multiple Vulnerabilities (Including SQLi)
https://wpvulndb.com/vulnerabilities/7843
Schneider Electric Pelco DS-NVs Buffer Overflow Vulnerability
This advisory provides mitigation details for a buffer overflow vulnerability in the Schneider Electric Pelco DS-NVs software package.
https://ics-cert.us-cert.gov/advisories/ICSA-15-071-01
Xen Multiple Flaws Let Local Guest Users Deny Service or Obtain Information From Other Guest Systems
http://www.securitytracker.com/id/1031806