End-of-Shift report
Timeframe: Donnerstag 09-04-2015 18:00 − Freitag 10-04-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Beebone: FBI und Europol legen Wurm-Netz lahm
Das interessante am ausgeschalteten Beebone-Botnetz ist der Schädling dahinter: Es handelt sich um einen Downloader, der anderen Unrat nachlädt, sich selber weiter verbreitet und dabei ständig mutiert.
http://heise.de/-2598111
How To Create a Website Backup Strategy
We've all heard it million times before - backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-utilized precautions we can take to protect our vital data. Why are backups so important Put simply, a good set of backups can save your website when absolutely everythingRead More
http://feedproxy.google.com/~r/sucuri/blog/~3/II8TR_qV6OA/how-to-create-a-website-backup-strategy.html
122 online forums compromised to redirect visitors to Fiesta exploit kit
Over a hundred forum websites have been compromised and injected with code that redirects users to sites hosting the Fiesta exploit kit, Cyphort researchers have found. These are not highly popular...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/4VryRaL3aoc/malware_news.php
Don't Be Fodder for China's "Great Cannon"
China has been actively diverting unencrypted Web traffic destined for its top online search service -- Baidu.com -- so that some visitors from outside of the country were unwittingly enlisted in a novel and unsettling series of denial-of-service attacks aimed at sidelining sites that distribute anti-censorship tools, according to research released this week.
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/-n1M-QyvCoA/
Cisco and Level 3 team up to squash brute force server hijackers
#DownWithSSHPsychos Cisco and service provider Level 3 have teamed up take down netblocks linked to brute-force hack kingpins SSHPsychos, severely degrading (but not destroying) the groups potential to hack servers in the process.
http://go.theregister.com/feed/www.theregister.co.uk/2015/04/10/sshpsychos_botnet_takedown/
In eigener Sache: Wartungsarbeiten 16. 4. 2015
In eigener Sache: Wartungsarbeiten 16.4.2015 | 10. April 2015 | Am Donnerstag, 16. April 2015, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies kann zu kurzen Service-Ausfällen führen (jeweils im Bereich weniger Minuten). Es gehen dabei keine Daten (zb Emails) verloren, es kann sich nur die Bearbeitung etwas verzögern. In dringenden Fällen können sie uns wie gewohnt telefonisch unter +43 1 505 64 16 78 erreichen.
http://www.cert.at/services/blog/20150410112411-1466.html
Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=38292
Red Hat JBoss XML External Entity Expansion Flaw Lets Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1032017
VMSA-2015-0003.1
VMware product updates address critical information disclosure issue in JRE
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
f5 Security Advisories
Security Advisory: FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16380.html?ref=rss
Security Advisory: Linux kernel vulnerability CVE-2014-9683
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16381.html?ref=rss
Security Advisory: OpenSSL vulnerability CVE-2012-2110
https://support.f5.com:443/kb/en-us/solutions/public/16000/200/sol16285.html?ref=rss
Security Advisory: Linux file utility vulnerabilities CVE-2014-8116 / CVE-2014-8117
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16347.html?ref=rss
Security Advisory: GnuPG vulnerability CVE-2013-4576
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16396.html?ref=rss
Security Advisory: Linux RPM vulnerability CVE-2013-6435
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16383.html?ref=rss
Security Advisory: Multiple MySQL vulnerabilities
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16389.html?ref=rss
Security Advisory: NTP vulnerability CVE-2014-9297
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16392.html?ref=rss
Security Advisory: Python vulnerability CVE-2006-4980
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16398.html?ref=rss
Security Advisory: Multiple MySQL vulnerabilities
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16385.html?ref=rss
Security Advisory: NTP vulnerability CVE-2014-9298
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16393.html?ref=rss
Security Advisory: Apache Tomcat vulnerability CVE-2014-0227
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16344.html?ref=rss
DFN-CERT-2015-0483 - F5 Networks BIG-IP Protocol Security Module (PSM), F5 Networks BIG-IP Systeme: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff
08.04.2015
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0483/
DFN-CERT-2015-0318 - IBM Java, IBM Notes, IBM Domino: Mehrere Schwachstellen ermöglichen die Übernahme der Systemkontrolle
10.03.2015
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0318/
Security_Advisory-Xen Vulnerabilities on Huawei FusionSphere products
Apr 10, 2015 10:12
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm
[2015-04-10] Unauthenticated Local File Disclosure in multiple TP-LINK products
Attackers can read sensitive configuration files without prior authentication on multiple TP-LINK devices. These files e.g. include the administrator credentials and the WPA passphrase.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt