End-of-Shift report
Timeframe: Dienstag 19-05-2015 18:00 − Mittwoch 20-05-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Logjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS, (Wed, May 20th)
Theres a new vulnerability in town... As reported by the Wall Street Journal, The new bug, dubbed LogJam, is a cousin of Freak. But its in the basic design of TLS itself, meaning all Web browsers, and some email servers, are vulnerable. [1] According to the article, Internet-security experts crafted a fix for a previously undisclosed bug in security tools used by all modern Web browsers. But deploying the fix could break the Internet for thousands of websites.
https://isc.sans.edu/diary.html?storyid=19717&rss
Logjam: PFS Deployment Guide
Guide to Deploying Diffie-Hellman for TLS | Our study finds that the current real-world deployment of Diffie-Hellman is less secure than previously believed. This page explains how to properly deploy Diffie-Hellman on your server. | We have three recommendations for correctly deploying Diffie-Hellman for TLS:...
https://weakdh.org/sysadmin.html
DDoS Attacks on the rise in Q1 2015, says Akamai
DDoS attacks even more dangerous according to the last report published by Akamai Technologies, the "Q1 2015 State of the Internet - Security Report". According to Akamai Technologies, Q1 2015 showed that distributed denial-of-service attacks are on the rise again, and according to Akamai Technologies, Q1 set a record for the number of DDoS attacks,...
http://securityaffairs.co/wordpress/36983/security/akamai-ddos-q1-2015.html
"Los Pollos Hermanos" ransomware - what will they think of next?
The latest visual meme in ransomware comes from a cult TV show...about ficticious crooks. Paul Ducklin walks you through "PolloCrypt," more correctly known as Troj/LPoLock-A...
http://feedproxy.google.com/~r/nakedsecurity/~3/jdSKvU31t58/
JSON, Homoiconicity, and Database Access
During a recent review of an internal web application based on the Node.js platform, we discovered that combining JavaScript Object Notation (JSON) and database access (database query generators or object-relational mappers, ORMs) creates interesting security challenges, particularly for JavaScript programming...
https://securityblog.redhat.com/2015/05/20/json-homoiconicity-and-database-access/
iOS Security Guide (iOS 8.3)
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
What We Learned From a Data Exfiltration Incident at an Electric Utility
We often hear about the dangers of a cyberattacks taking down the grid, but seldom is public information available about the loss of sensitive information, particularly from the OT. The confidential information in this case was the utilitys smart grid and metering R&D knowledge base, which is intellectual property and information that attackers can use to compromise the smart grid.
http://www.elp.com/articles/powergrid_international/print/volume-20/issue-5/features/what-we-learned-from-a-data-exfiltration-incident-at-an-electric-utility.html
5 Signs Credentials In Your Network Are Being Compromised
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
http://www.darkreading.com/vulnerabilitiesthreats/5-signs-credentials-in-your-network-are-being-compromised/a/d-id/1320498
Update soll Mac-Outlook 2011 reanimieren
Mit Version 14.5.1 der Office-Version 2011 für OS X will Microsoft ein Problem bei Outlook beseitigen - der E-Mail-Client ließ sich nach Installation des vorausgehehenden Updates unter Umständen nicht mehr verwenden.
http://www.heise.de/newsticker/meldung/Update-soll-Mac-Outlook-2011-reanimieren-2658841.html?wt_mc=rss.ho.beitrag.rdf
MS15-046 - Version: 2.0
V2.0 (May 19, 2015): Bulletin revised to announce the release of the Microsoft Office for Mac 14.5.1 update. The release addresses a potential issue with Microsoft Outlook for Mac when customers install the Microsoft Office for Mac 14.5.0 update. Customers who have not already installed the 14.5.0 update should install the 14.5.1 update to be fully protected from this vulnerability. To avoid the possibility of future issues with Microsoft Outlook for Mac, Microsoft recommends that customers...
https://technet.microsoft.com/en-us/library/security/MS15-046
HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow
A potential security vulnerability has been identified with HP LoadRunner. The vulnerability could be exploited remotely to allow a buffer overflow.
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04594015
HPSBUX03334 SSRT102000 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilities
Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilities.
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04679334
HPSBUX03333 SSRT102029 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS), or Other Vulnerabilities
Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to create a Denial of Service (DoS), or other vulnerabilities.
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04679309
Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability
38913
http://tools.cisco.com/security/center/viewAlert.x?alertId=38913
ZDI-15-235: ManageEngine Applications Manager CommonAPIUtil getMGList groupId SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/x_So65VKXQk/
ZDI-15-234: ManageEngine Applications Manager CommonAPIUtil SyncMonitors haid SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/NDUhf-djzIs/
ZDI-15-233: Valve Steam Client Detection Denial of Service Vulnerability
This vulnerability allows remote attackers to execute a denial of service attack on vulnerable installations of Valve Steam. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/z6v9MWWd9O4/
Hikvision DS-7108HWI-SH XML Injection, AoF and BF vulnerabilities
Topic: Hikvision DS-7108HWI-SH XML Injection, AoF and BF vulnerabilities Risk: High Text:Hello list! There are vulnerabilities in Hikvision DS-7108HWI-SH. These are XML Injection, Abuse of Functionality and Bru...
http://cxsecurity.com/issue/WLB-2015050127
IPsec-Tools 0-day Denial of Service
Topic: IPsec-Tools 0-day Denial of Service Risk: High Text:Denial of Service in IPsec-Tools Vulnerability Report May 19, 2015 Product: IPsec-Tools Version: 0.8.2 Website: http:/...
http://cxsecurity.com/issue/WLB-2015050128
Security Advisory - Two Privilege Escalation Vulnerabilities in Huawei Mate 7 Smartphones
May 20, 2015 14:40
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-432799.htm
[HTB23257]: Stored XSS in WP Photo Album Plus WordPress Plugin
Product: WP Photo Album Plus WordPress Plugin v6.1.2Vulnerability Type: Cross-Site Scripting [CWE-79]Risk level: Medium Creater: J.N. BreetveltAdvisory Publication: April 29, 2015 [without technical details]Public Disclosure: May 20, 2015 CVE Reference: CVE-2015-3647 CVSSv2 Base Score: 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N) Vulnerability Details: High-Tech Bridge Security Research Lab discovered stored XSS vulnerability in WP Photo Album Plus WordPress plugin, which can be exploited to perform...
https://www.htbridge.com/advisory/HTB23257
Bugtraq: Eisbär SCADA (All Versions - iOS, Android & W8) - Persistent UI Vulnerability
http://www.securityfocus.com/archive/1/535576