End-of-Shift report
Timeframe: Donnerstag 07-05-2015 18:00 − Freitag 08-05-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Upcoming Security Updates for Adobe Reader and Acrobat (APSB15-10)
A prenotification Security Advisory has been posted regarding upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, May 12, 2015. We will continue to provide updates on the upcoming release via the Security Advisory as well as the Adobe PSIRT blog.
https://blogs.adobe.com/psirt/?p=1193
Compromised WordPress sites leaking credentials
Zscaler recently observed a credentials leak campaign on multiple WordPress sites. The compromised sites run backdoor code, which activates when the user submits login credentials. The credentials are encoded and sent to an attacker website in the form of a GET request. Till now, we have identified only one domain "conyouse.com" which is collecting all the credentials from these compromised
http://feedproxy.google.com/~r/zscaler/research/~3/63XGcunva0k/compromised-wordpress-sites-leaking.html
GPU-based malware, the evolution of rootkits and keyloggers
Malware developers have presented two proof-of-concept malware, a rootkit and a keylogger, which exploit the GPU of the infected host. Malware authors always demonstrate a great creativity and the ability to propose even more effective solutions, recently developers have published two strains of malware, Jellyfish rootkit and the Demon keylogger, that implement an unusual way to run on a victim's...
http://securityaffairs.co/wordpress/36634/malware/gpu-based-malware.html
Almost EVERY SAP install hackable, researchers say
Even worse when you tinker with it. A staggering 95 percent of enterprise SAP installations contain high-severity vulnerabilities that could allow systems to be hijacked, researchers say.
http://go.theregister.com/feed/www.theregister.co.uk/2015/05/08/sap_95_percent_vulnerable/
l+f: Kritische Lücke in Überwachungs-Software für kritische Systeme
Über einen Bug in Symantecs Server-Überwachungs-Software können Angreifer den Systemen beliebige Dateien unterjubeln und diese ausführen.
http://heise.de/-2638669
The USBKILL anti-forensics tool - it doesnt do *quite* what it says on the tin
A hacker who very modestly goes by the handle Hephaestos has just announced an "anti-forensic kill switch" dubbed, well, usbkill. It doesnt do quite what the name might suggest, and it could cut either way, so use it with care!
http://feedproxy.google.com/~r/nakedsecurity/~3/tzGEjCOTbq4/
Flawed Open Smart Grid Protocol is a risk for Smart Grid
More than four million smart meters and similar devices worldwide are open to cyber attacks due to the security issued in the Open Smart Grid Protocol. The Open Smart Grid Protocol (OSGP) is a family of specifications published by the European Telecommunications Standards Institute (ETSI) that are implemented today by more than four million smart...
http://securityaffairs.co/wordpress/36648/hacking/flaws-open-smart-grid-protocol.html
IETF spezifiziert Richtlinien für den Einsatz von Verschlüsselung
Das Gremium für Internet-Standards dokumentiert Richtlinien für den sinnvollen Einsatz der Transportverschlüsselung TLS. Der RFC 7525 enthält gute Anleitungen, Tipps und Hinweise auf Fallstricke für jeden, der Verschlüsselung selbst einrichtet.
http://heise.de/-2639221
Angreifer können Viren-Scanner von BullGuard und Panda lahmlegen
Mehrere Antiviren-Anwendungen von BullGuard und Panda weisen eine Sicherheitslücke auf, über die Angreifer die Schutzfunktionen deaktivieren können.
http://heise.de/-2639307
DSA-3253 pound - security update
Pound, a HTTP reverse proxy and load balancer, had several issuesrelated to vulnerabilities in the Secure Sockets Layer (SSL) protocol.
https://www.debian.org/security/2015/dsa-3253
Sentinel 7.3 HF1 (Sentinel 7.3.0.1) Build 1800 7.3.0.1
Abstract: Sentinel 7.3.0.1 upgrade patch for Sentinel 7.Document ID: 5202070Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_server-7.3.0.1-1817.x86_64.tar.gz.sha256 (109 bytes)sentinel_server-7.3.0.1-1817.x86_64.tar.gz (1.67 GB)Products:Sentinel 7.1SentinelSentinel 7.1.1Sentinel 7.1.2Sentinel 7.XSentinel 7.3Sentinel 7.2.2Sentinel 7.2.1Sentinel 7.2Superceded Patches: None
https://download.novell.com/Download?buildid=mBuUwDq2kD0~
Rockwell Automation RSLinx Classic Vulnerability
This advisory was originally posted to the US-CERT secure Portal library on April 21, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for a stack-based buffer overflow vulnerability in Rockwell Automation's OPCTest.exe, which is a test client for RSLinx Classic's support of the OPC-DA protocol.
https://ics-cert.us-cert.gov/advisories/ICSA-15-111-02
VMSA-2015-0003.7
VMware product updates address critical information disclosure issue in JRE
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
ZDI Security Advisories for EMC AutoStart and for ManageEngine Products
http://www.zerodayinitiative.com/advisories/published/
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in current releases of IBM WebSphere Real Time
http://www.ibm.com/support/docview.wss?uid=swg21902444
IBM Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Tivoli System Automation for Multiplatforms (CVE-2015-2808)
http://www.ibm.com/support/docview.wss?uid=swg21882749
IBM Security Bulletin: Multiple Kernel vulnerabilities affect PowerKVM (Multiple CVEs)
http://www.ibm.com/support/docview.wss?uid=isg3T1022146
IBM Security Bulletin: A Security Vulnerability exists in the Dojo runtime that affects Rational Application Developer
http://www.ibm.com/support/docview.wss?uid=swg21883926
Security Bulletin: Vulnerability in SSLv3 affects Upward Integration Modules (UIM) (CVE-2014-3566)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097659
IBM Security Bulletin: PowerKVM is affected by a Qemu vulnerability (CVE-2015-1779)
http://www.ibm.com/support/docview.wss?uid=isg3T1022149
IBM Security Bulletin: Multiple Unzip vulnerabilities affect PowerKVM (Multiple CVEs)
http://www.ibm.com/support/docview.wss?uid=isg3T1022145
IBM Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Endpoint Manager (CVE-2015-2808)
http://www.ibm.com/support/docview.wss?uid=swg21883852
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM ToolsCenter (CVE-2015-2808)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097676