End-of-Shift report
Timeframe: Dienstag 07-04-2015 18:00 − Mittwoch 08-04-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Gmail Problems Due to Expired Certificate (April 6, 2015)
Because Google allowed a servers security certificate to expire, Gmail users experienced problems for several hours on April 4.......
http://www.sans.org/newsletters/newsbites/r/17/27/302
Aw snap! How hideous HTML can crash Chrome tabs in one click
Watch out for drive-by browser bombs - for now, at least A bug in the most recent version of the Chrome allows miscreants to crash browser tabs simply by embedding a link with a malformed URL in the HTML of a page.
http://go.theregister.com/feed/www.theregister.co.uk/2015/04/07/chrome_awsnap_vuln/
Drive-by-login attack identified and used in lieu of spear phishing campaigns
A new attack, drive-by-logins, allows attackers to target specific victims on sites they trust.
http://www.scmagazine.com/high-tech-bridge-identifies-new-attack-method-possibly-used-by-apts/article/407805/
Nuclear Exploit-Kit mit Google Ads ausgeliefert
Googles Werbebanner lieferten für mehrere Stunden ein gefährliches Exploit-Kit aus, das die Rechner vieler nichtsahnender Opfer mit Schadcode infiziert haben könnte.
http://heise.de/-2596908
Most top corporates still Heartbleeding over the internet
Australia crowned global head-in-sand champion A depressing 76 percent of the top 2000 global organisations have public facing systems still exposed to Heartbleed, researchers say.
http://go.theregister.com/feed/www.theregister.co.uk/2015/04/08/still_bleeding_one_year_laterheartbleed_2015_research/
Your home automation things are a security nightmare
Veracode tests leave lazy devs red-faced Its not just home broadband routers that have hopeless security: according to security outfit Veracode, cloudy home automation outfits also need to hang their collective heads in shame.
http://go.theregister.com/feed/www.theregister.co.uk/2015/04/08/your_home_automation_things_are_a_security_nightmare/
Why cybersecurity is vital during the vendor selection process
You likely have a list of criteria to check through during the hiring process of a vendor, but if you havent added cybersecurity standards to that list, you should.
http://www.scmagazine.com/why-cybersecurity-is-vital-during-the-vendor-selection-process/article/405711/
l+f: Updated euer WordPress oder ISIS kommt!
Das FBI schlägt Alarm: Sympathisanten des Islamischen Staates hacken haufenweise WordPress-Seiten.
http://heise.de/-2596912
Guide outlines specifications of smart card-based PACS
Smart cards are increasingly accepted as the credential of choice for securely authenticating identity, determining appropriate levels of information access and controlling physical access. To furt...
http://www.net-security.org/secworld.php?id=18179
A flawed ransomware encryptor
Last autumn, we discovered the first sample of an interesting new encryptor, TorLocker. The Trojan encrypts all files with AES-256 + RSA-2048 and uses the Tor network to contact its "owners".
http://securelist.com/blog/research/69481/a-flawed-ransomware-encryptor/
New Tor version fixes issues that can crash hidden services and clients
Two new versions of the Tor anonymity software have been released on Tuesday, with fixes for two security issues that can be exploited to crash hidden services and clients visiting them. The first ...
http://www.net-security.org/secworld.php?id=18180
Don't judge the risk by the logo
It's been almost a year since the OpenSSL Heartbleed vulnerability, a flaw which started a trend of the branded vulnerability, changing the way security vulnerabilities affecting open-source software are being reported and perceived. Vulnerabilities are found and fixed all the...
https://securityblog.redhat.com/2015/04/08/dont-judge-the-risk-by-the-logo/
NTP Project ntpd reference implementation contains multiple vulnerabilities
NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks.
https://www.kb.cert.org/vuls/id/374268
Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
cisco-sa-20150408-ntpd
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability
cisco-sa-20150408-cxfp
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp
Multiple Vulnerabilities in Cisco ASA Software
cisco-sa-20150408-asa
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa
HPSBHF03310 rev.1 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code
Potential security vulnerabilities have been identified with certain HP Thin Clients running Windows Embedded Standard 7 (WES7) and Windows Embedded Standard 2009 (WES09) and all versions of HP Easy Deploy. The vulnerabilities could be exploited remotely to allow elevation of privilege and execution of code.
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04629160
SSA-487246 (Last Update 2015-04-08): Vulnerabilities in SIMATIC HMI Devices
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf
FreeBSD IPv6 Router Advertisement Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1032043
DSA-3214 mailman - security update
A path traversal vulnerability was discovered in Mailman, the mailinglist manager. Installations using a transport script (such aspostfix-to-mailman.py) to interface with their MTA instead of staticaliases were vulnerable to a path traversal attack. To successfullyexploit this, an attacker needs write access on the local file system.
https://www.debian.org/security/2015/dsa-3214