End-of-Shift report
Timeframe: Dienstag 21-04-2015 18:00 − Mittwoch 22-04-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
How attackers exploit end-users psychology
At RSA Conference 2015, Proofpoint released the results of its annual study that details the ways attackers exploit end-users psychology to circumvent IT security. Last year was the year attacke...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/tTatKVMFrgE/secworld.php
How to hack Avaya phones with a simple text editor
At RSA conference 2015 a researcher demonstrated that Avaya's Ethernet office phones can be compromised with just a simple text editor. At the RSA conference 2015 in San Francisco, Dr Ang Cui from Columbia University PhD and Red Ballon Security cofounder announced that Avaya's Ethernet office phones can be compromised with just a simple text...
http://securityaffairs.co/wordpress/36187/hacking/how-to-hack-avaya-phone.html
2 out of 3 IT pros put systems at risk by making undocumented changes
The Netwrix 2015 State of IT Changes Survey of more than 700 IT professionals across 40 industries found that 70% of companies forget about documenting changes, up from 57% last year. Most surprisingl...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/4YM1XhU4vq4/secworld.php
The CozyDuke APT
CozyDuke (aka CozyBear, CozyCar or "Office Monkeys") is a threat actor that became increasingly active in the 2nd half of 2014 and hit a variety of targets. The White House and Department of State are two of the most spectacular...
http://securelist.com/blog/research/69731/the-cozyduke-apt/
CozyDuke, TLP: White
This whitepaper provides an overview of CozyDuke, a set of tools used by one or more malicious actors for performing targeted attacks against high profile organizations, such as governmental organizations and other entities that work closely with these institutions.
https://www.f-secure.com/weblog/archives/00002804.html
"No iOS Zone" - A New Vulnerability Allows DoS Attacks on iOS Devices
In today's RSA Conference presentation, (Tuesday, April 21, 2015 | 3:30 PM - 4:20 PM | West | Room: 2001) Adi Sharabani, CEO and my fellow co-founder at Skycure, and I covered the lifecycle of vulnerabilities and vendor pitfalls. We also shared some details about a vulnerability our team recently identified in iOS 8 - a vulnerability that we are currently working with Apple to fix.
https://www.skycure.com/blog/ios-shield-allows-dos-attacks-on-ios-devices/
Regular expressions and recommended practices
Whenever a security person crosses a vulnerability report, one of the the first steps is to ensure that the reported problem is actually a vulnerability. Usually, the issue falls into well known and studied categories and this step is done...
https://securityblog.redhat.com/2015/04/22/regular-expressions-and-recommended-practices/
RSA 2015: Thousands of Android apps found to be vulnerable
Vulnerability testing by CERT found tens of thousands of Android apps are vulnerable and no full register exists as they dont all get CVE assigned.
http://feedproxy.google.com/~r/SCMagazineHome/~3/42uHv7yPt0M/
RSA 2015: Experts discuss six dangerous attack techniques
Data breaches, ransomware, and threats against industrial control system were were discussed during an RSA Conference 2015 session on dangerous attack techniques.
http://feedproxy.google.com/~r/SCMagazineHome/~3/yup3ar8W41U/
SSA-994726 (Last Update 2015-04-22): GHOST Vulnerability in Siemens Industrial Products
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-994726.pdf
SSA-451236 (Last Update 2015-04-22): Vulnerability in SIMATIC ProSave, SIMATIC CFC, SIMATIC STEP 7, SIMOTION Scout, and STARTER
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf
HPSBGN03308 rev.1 - HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS), Remote Code Execution
A potential security vulnerability has been identified with the HP TippingPoint Security Management System (SMS) and vSMS. A vulnerability in JBOSS RMI could be exploited to allow remote code execution.
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04626974
Manage Engine Firewall Analyzer 8.3 Build 8300 Cross Site Scripting
Topic: Manage Engine Firewall Analyzer 8.3 Build 8300 Cross Site Scripting Risk: Low Text: = Reflected XSS Vulnerability In Manage Engine Firewall Analyzer = . contents:: Table Of Content Overview == ...
http://cxsecurity.com/issue/WLB-2015040128
Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=38486
Cisco Unified MeetingPlace Web Services Directory SOAP API Endpoints Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=38461
Cisco Unified MeetingPlace Server Multiple State Changing URL API Functionalities Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=38460
DSA-3231 subversion - security update
Several vulnerabilities were discovered in Subversion, a version controlsystem. The Common Vulnerabilities and Exposures project identifies thefollowing problems:...
https://www.debian.org/security/2015/dsa-3231
Glibc Buffer Overflow in getanswer_r() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1032178
Platform Agent 2011.1r2
Abstract: The Novell Audit Platform Agent (Platform Agent) facilitates auditing events by transmitting log data from multiple applications to the Audit server.Document ID: 5207351Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:Platform-Agent_2011.1r2.sha256 (93 bytes)Platform-Agent_2011.1r2.zip (16.8 MB)Products:Sentinel 7.0Sentinel 7.0.1Sentinel 7.0.2Sentinel 7.0.3Sentinel 7.1Sentinel 7.1.1Sentinel 7.1.2Sentinel 7.2Sentinel 7.2.1Sentinel 7.2.2Sentinel 7.3Sentinel Log
https://download.novell.com/Download?buildid=dpHkpNu89zw~