End-of-Shift report
Timeframe: Montag 23-03-2015 18:00 − Dienstag 24-03-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
DMARC and Spam: Why It Matters
Recently I discussed how TorrentLocker spam was using email authentication for its spam runs. At the time, I suggested that these spam runs were using email authentication to gather information about victim networks and potentially improve the ability to evade spam filters. DomainKeys Identified Mail's (DKIM) own specification mentions the possibility of messages with from "trusted sources" and with a...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/W3IX-WkypVo/
Why enterprise IT and security teams should talk more
The "It wont happen to me" mentality combined with communication gaps between the IT and security teams greatly increases enterprises risk of being breached.
http://www.scmagazine.com/why-enterprise-it-and-security-teams-should-talk-more/article/404676/
Xen shows off 35-piece cloudpocalypse collection
The latest fixing fashions for open-source hypervisors hit the catwalk The Xen Project has fixed 35 flaws, all rated critical, for versions 4.3 and 4.4 of its flagship hypervisor. The fixes appear to correspond to flaws identified after the late February 2014 cloudpocalypse, when major cloud providers feared they would once again need to reboot substantial parts of their server fleets to keep them secure.
http://go.theregister.com/feed/www.theregister.co.uk/2015/03/24/xen_shows_off_35piece_cloudpocalypse_collection/
Four advantages of an identity behavior-based approach to cybersecurity
With an ever-increasing number of data breaches, more money is being poured into IT security budgets. According to Gartner, the average global security budget increased 8 percent from 2013 to 2014 and...
http://www.net-security.org/article.php?id=2243
KNX-Schwachstellen: Spielen mit den Lichtern der anderen
Das aktuelle KNX-Protokoll abzusichern, halten die Entwickler nicht für nötig. Denn Angreifer brauchen physischen Zugriff auf das System. Doch den bekommen sie leichter als gedacht - und können dann sogar Türöffner und Alarmanlagen steuern.
http://www.golem.de/news/knx-schwachstellen-spielen-mit-den-lichtern-der-anderen-1503-113085-rss.html
BlackHat talk hibernated over 0-day in SAPs Afaria mobile manager
Researcher has form as a gent: he held back disclosure of medical records leak Alexander Polyakov has been forced to withdraw a talk detailing dangerous vulnerabilities into SAPs mobile device management product Afaria scheduled to be given at BlackHat Asia Pacific this week.
http://go.theregister.com/feed/www.theregister.co.uk/2015/03/24/sap_blackhat_talk_nixed_medical_app_vulns/
Google deckt erneut Missbrauch im SSL-Zertifizierungssystem auf
Über das Public-Key-Pinning im Webbrowser Chrome ist Google auf gefälschte Zertifikate für Google-Domains gestoßen. Diese werden von der Root-CA CNNIC beglaubigt, der viele Betriebssysteme und Browser beim Aufbau verschlüsselter Verbindungen vertrauen.
http://heise.de/-2583414
The importance of standards in electronic identification and trust services providers
ENISA publishes a new report on the importance of standards in the area of electronic identification and trust services providers.
http://www.enisa.europa.eu/media/news-items/the-importance-of-standards-in-electronic-identification-and-trust-services-providers
Full, cracked version of NanoCore RAT leaked, onslaught of infection attempts expected
NanoCore, a lesser-known remote access Trojan (RAT), has recently been spotted being delivered to employees of energy companies in Asia and the Middle East via spear-phishing emails impersonating a le...
http://www.net-security.org/malware_news.php?id=2995
Android Installer Hijacking Vulnerability Could Expose Android Users to Malware
Executive Summary We discovered a widespread vulnerability in Google's Android OS we are calling "Android Installer Hijacking", estimated to impact 49.5 percent of all current Android users. In detail: Android Installer Hijacking allows an attacker...
http://researchcenter.paloaltonetworks.com/2015/03/android-installer-hijacking-vulnerability-could-expose-android-users-to-malware/
The average DDoS attack tripled in volume
The average packet volume for DDoS attacks increased 340 percent to 4.36 million packets per second (Mpps), and the average bit volume swelled 245 percent to 12.1 Gbps in the final quarter of 2014, ac...
http://www.net-security.org/secworld.php?id=18125
Privilege Gone Wild 2: Over 25% of Organizations Have No Privileged Access Controls
BeyondTrust recently conducted a survey, with over 700 respondents, to explore how organizations view the risk of misuse from privileged account misuse, as well as trends in addressing and mitigating those risks.
http://blog.beyondtrust.com/privilege-gone-wild-2-over-25-of-organizations-have-no-privileged-access-controls
Is Your Multi-Factor Authentication Solution the Real Thing?
In infosec, multi-factor authentication is often considered a positive, constructive element of layered security. However, some people have an oversimplified view. With multi-factor authentication, there are many nuances to consider. At BSides Austin I presented on this topic. When shopping for a multi-factor authentication solution, what should you look for? There are over 200 multi-factor authentication vendors, how do you evaluate the best one for your needs? You can weed out more the half
https://www.alienvault.com/blogs/security-essentials/is-your-multi-factor-authentication-solution-the-real-thing
Why Website Reinfections Happen
I joined Sucuri a little over a month ago. My job is actually as a Social Media Specialist, but we have this process where regardless of your job you have to learn what website infections look like and more importantly, how to clean them. It's this idea that regardless of you are you must always...
http://blog.sucuri.net/2015/03/why-website-reinfections-happen.html
HP Security Bulletins
HPSBST03196 rev.1- HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Code Execution
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04599191
HPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information, Unauthorized Access
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04604357
HPSBHF03289 rev.1- HP ThinClient PCs running ThinPro Linux, Remote Code Execution, Denial of Service, Disclosure of information
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04602055
HPSBMU03220 rev.1 - HP Shunra Network Appliance / HP Shunra Wildcat Appliance, Remote Execution of Code
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04518183
HPSBMU03297 rev.1- HP Helion Application Lifecycle Service (ALS) for Linux, Remote Code Execution
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04599861
HPSBMU03301 rev.1 - HP BladeSystem c-Class Onboard Administrator running OpenSSL, Remote Disclosure of Information
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04609844
HPSBHF03151 rev.1 - HP Integrated Lights-Out 2 and 4 (iLO 2, iLO 4), Chassis Management (iLO CM), Remote Denial of Service, Remote Execution of Code, Elevation of Privilege
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04486432
HPSBHF03275 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO 2, iLO 3, iLO 4), Remote Disclosure of Information
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04582218
HPSBHF03276 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO 2, iLO 3, iLO 4), Remote Unauthorized Access, Denial of Service (Dos)
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04582368
HPSBMU03292 rev.1 - HP Operations Orchestration Authentication Bypass
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04595607
HPSBMU03291 rev.1 - HP Operations Orchestration running Powershell Operations, Remote Disclosure of Information
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04595417
HPSBMU03263 rev.1 - HP Insight Control running OpenSSL, Remote Disclosure of Information
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04574073
IBM Security Bulletins
IBM Security Bulletin: IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050 and 5710 are affected by vulnerabilities in NTP (CVE-2014-9293, CVE-2014-9294, CVE-2014-9297, CVE-2014-9298)
http://www.ibm.com/support/docview.wss?uid=swg21699578
IBM Security Bulletin: Vulnerabilities in IBM Rational ClearQuest (CVE-2014-8925)
http://www.ibm.com/support/docview.wss?uid=swg21699148
IBM Security Bulletin: IBM Forms Experience Builder is affected by a Dojo Toolkit vulnerability (CVE-2014-8917)
http://www.ibm.com/support/docview.wss?uid=swg21697448
IBM Security Bulletin: IBM Security Identity Manager Adapters passwords exposed in log files (CVE-2014-8923)
http://www.ibm.com/support/docview.wss?uid=swg21699902
IBM Security Bulletin: Multiple vulnerabilities IBM Java SDK affect IBM Rational Connector for SAP Solution Manager (CVE-2014-3566 CVE-2014-6457)
http://www.ibm.com/support/docview.wss?uid=swg21698921
IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2014-3065)
http://www.ibm.com/support/docview.wss?uid=swg21696456
IBM Security Bulletin: Multiple vulnerabilities in Java Runtime affect XIV Management Tools (CVE-2015-0410)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005143
IBM Security Bulletin: Multiple vulnerabilities IBM Java SDK affect IBM Rational Connector for SAP Solution Manager (CVE-2014-6593 CVE-2015-0410)
http://www.ibm.com/support/docview.wss?uid=swg21698695
IBM Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller and Storwize Family (CVE-2014-7809)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005037
IBM Security Bulletin: Multiple Kerberos (krb5) vulnerabilities affect PowerKVM (Multiple CVEs)
http://www.ibm.com/support/docview.wss?uid=isg3T1022076
IBM Security Bulletin: Security Bulletin: IBM i is affected by the following SAMBA vulnerabilities: CVE-2015-0240
http://www.ibm.com/support/docview.wss?uid=nas8N1020638
EMC Documentum xMS information disclosure
http://xforce.iss.net/xforce/xfdb/101741
DSA-3203 tor - security update
Several denial-of-service issues have been discovered in Tor, aconnection-based low-latency anonymous communication system.
https://www.debian.org/security/2015/dsa-3203
InBoundio Marketing Plugin <= 2.0.3 - Shell Upload
https://wpvulndb.com/vulnerabilities/7864