End-of-Shift report
Timeframe: Dienstag 24-03-2015 18:00 − Mittwoch 25-03-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Patched Flash Vulnerability Now Part of Exploit Kit (March 20, 2015)
A vulnerability in Adobes Flash Player that was patched on March 12 has already been added to an exploit kit.......
http://www.sans.org/newsletters/newsbites/r/17/23/200
Macro-based Malware Increases Along with Spam Volume, Now Drops BARTALEX
Early this year Microsoft reported an increase in macro-related threats being used to spread malware via spam. Similarly, we've been seeing a drastic increase in spammed emails with attached Microsoft Word documents and Microsoft Excel spreadsheets that come with embedded macros. Macros are a set of commands or code that are meant to help automate...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/EHquGcibJew/
15,435 vulnerabilities across 3,870 applications were recorded in 2014
In 2014, 15,435 vulnerabilities were discovered according to data from Secunia Research. The vulnerabilities are spread across 3,870 applications published by 500 different vendors, and these numbers ...
http://www.net-security.org/secworld.php?id=18132
l+f: XXSs not dead
Nur weil es keine Schlagzeilen mehr macht, ist es noch lange nicht aus der Welt. Das beweist etwa eine XSS-Lücke bei Amazon.
http://heise.de/-2584311
Multifunctional Vawtrak malware now updated via favicons
The Vawtrak (aka Snifula) multifunctional malware has been around since mid-2013. Its information-stealing, backdoor and spying capabilities deservedly earned it the description as the "Swiss army kni...
http://www.net-security.org/malware_news.php?id=2997
Not using IPv6? Are you sure?
Internet Protocol version 6 (IPv6) has been around for many years and was first supported in Red Hat Enterprise Linux 6 in 2010. Designed to provide, among other things, additional address space on the ever-growing Internet, IPv6 has only recently...
https://securityblog.redhat.com/2015/03/25/security-considerations-regarding-ipv6/
PHP 5.5.23 is available, (Wed, Mar 25th)
>
From the fine folks at php.net: The PHP development team announces the immediate availability of PHP 5.5.23. Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP 5.5 users are encouraged to upgrade to this version. (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
https://isc.sans.edu/diary.html?storyid=19507&rss
F-Secure: FSC-2015-2: PATH TRAVERSAL VULNERABILITY, (Wed, Mar 25th)
F-Secure has announced a security vulnerability affecting their corporate and consumer protection products. The details are available here:
https://www.f-secure.com/en/web/labs_global/fsc-2015-2
https://isc.sans.edu/diary.html?storyid=19509&rss
Researcher finds backdoor opened by Dells helper app
A security researcher has discovered a serious bug in Dell System Detect, the software Dell users are urged to use to download the appropriate drivers for their machines. The flaw can be exploited by ...
http://www.net-security.org/secworld.php?id=18134
Flash in 2015
In the past few years, web exploits had three main targets: Internet Explorer, Java, and Flash. In 2013, the popularity of Java exploits peaked. Bug hunters became really good at finding Java bugs, and corrupting the security manager was a convenient exploitation technique. Multiple exploit campaigns used Java zero-days, and exploit kits (EK) universally adopted these exploits.
In January of 2014, however, Oracle blocked the execution of unsigned applets by default, and exploit authors largely abandoned Java. The change left Internet Explorer and Adobe Flash as the next best targets. Both IE and Flash received attention from exploit developers, but in June of 2014, Microsoft began rolling out heap corruption mitigations such as an isolated heap and delayed frees for IE. Exploit developers again, needed to shift their focus.
https://www.fireeye.com/blog/threat-research/2015/03/flash_in_2015.html
Guest talk: "Large-scale Automated Software Diversity - Programming Language Technology to Enhance System Security"
26/03/2015 - 10:00 am - 11:00 am SBA Research Favoritenstraße 16 1040 Wien
https://www.sba-research.org/events/guest-talk-large-scale-automated-software-diversity-programming-language-technology-to-enhance-system-security/
Cisco Security Advisories
Cisco IOS XR Software DHCPv4 Server Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=38006
Cisco Mobility Service Engine Password Information Disclosure Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=38007
Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani
Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip
Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge
Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak
Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe
Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2
Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2014-3566, CVE-2014-6457, CVE-2014-6593, CVE-2015-0410)
http://www.ibm.com/support/docview.wss?uid=swg21699013
IBM Security Bulletin: NTP vulnerabilities affect IBM SmartCloud Entry (CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296)
http://www.ibm.com/support/docview.wss?uid=isg3T1022036
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0206)
http://www.ibm.com/support/docview.wss?uid=swg21697205
IBM Security Bulletin: IBM Cloud Manager with OpenStack Nova Vulnerability (CVE-2014-3708)
http://www.ibm.com/support/docview.wss?uid=isg3T1022097
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime Technology Edition affect Rational Functional Tester (CVE-2014-3065, CVE-2014-3566, CVE-2014-6511)
http://www.ibm.com/support/docview.wss?uid=swg21693297
IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Content Collector for SAP Applications (CVE-2015-0138, CVE-2014-8730)
http://www.ibm.com/support/docview.wss?uid=swg21699263
IBM Security Bulletin : Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and WebSphere Message Broker
http://www.ibm.com/support/docview.wss?uid=swg21697107
IBM Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect Rational DOORS Web Access (CVE-2014-6593, CVE-2015-0410, CVE-2015-0138)
http://www.ibm.com/support/docview.wss?uid=swg21697068
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2014-6549) (CVE-2015-0408) (CVE-2015-0412) (CVE-2015-0395) (CVE-2015-0403) (CVE-2015-0406) (CVE-2015-0410)
http://www.ibm.com/support/docview.wss?uid=swg21699907
DFN-CERT-2015-0399 GnuTLS: Mehrere Schwachstellen ermöglichen das Umgehen von Sicherheitsvorkehrungen
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0399/
GE and MACTek HART Device DTM Vulnerability (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-15-036-01 GE and MACTek HART Device DTM Vulnerability that was published February 5, 2015, on the NCCIC/ICS-CERT web site. This advisory provides mitigation details for an improper input vulnerability in the HART Device Type Manager (DTM) library utilized in GE and MACTek's HART Device DTM.
https://ics-cert.us-cert.gov//advisories/ICSA-15-036-01A
Random Article component for Joomla! multiple SQL injection
http://xforce.iss.net/xforce/xfdb/101773