End-of-Shift report
Timeframe: Montag 01-06-2015 18:00 − Dienstag 02-06-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Understanding Flash Exploitation and the Alleged CVE-2015-0359 Exploit
What follows is a detailed analysis of the root cause of a vulnerability we call CVE-2015-X, as well as a step-by-step explanation of how to trigger it. For more on Flash vulnerabilities, we also invite you...
http://feedproxy.google.com/~r/PaloAltoNetworks/~3/JsuXUOWrYYM/
DYRE Banking Malware Upsurges; Europe and North America Most Affected
Online banking users in Europe and North America are experiencing the upsurge of DYRE, a malware family notorious for the multiple ways it steals data and its ties to parcel mule scams, among others. There has been a 125% increase of DYRE-related infections worldwide this quarter compared to the last, proving that cybercriminal interest in...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/HyDW9pkWWws/
Malvertising infected millions of users in 2015
New research from Malwarebytes has found that malvertising is one of the primary infection vectors used to reach millions of consumers this year. The analysis looked at the three large scale zero-...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/9go1s-jFKtc/malware_news.php
Playing with IP Reputation with Dshield & OSSEC
[This blogpost has also been published as a guest diary on isc.sans.org] When investigating incidents or searching for malicious activity in your logs, IP reputation is a nice way to increase the reliability of generated alerts. It can help to prioritize incidents. Let's take an example with a WordPress blog. It will, sooner or later, be targeted by a brute-force attack on the default /wp-admin page. In...
http://blog.rootshell.be/2015/06/02/playing-with-ip-reputation-with-dshield-ossec/
Bugtraq: WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/535663
Red Hat JBoss Fuse and A-MQ XML External Entity Processing Flaw Lets Remote Users Obtain Potentially Sensitive Files
http://www.securitytracker.com/id/1032442
Xen Security Advisories XSA-128, XSA-129, XSA-130, XSA-131
Potential unintended writes to host MSI message data field via qemu, PCI MSI mask bits inadvertently exposed to guests, Guest triggerable qemu MSI-X pass-through error messages, Unmediated PCI register access in qemu
http://xenbits.xen.org/xsa/
USN-2625-1: Apache HTTP Server update
Ubuntu Security Notice USN-2625-12nd June, 2015apache2 updateA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTSSummarySeveral security improvements have been made to the Apache HTTP Server.Software description apache2 - Apache HTTP server DetailsAs a security improvement, this update makes the following changes tothe Apache package in Ubuntu 12.04 LTS:Added support for ECC keys and ECDH ciphers.The SSLProtocol configuration directive now allows specifying
http://www.ubuntu.com/usn/usn-2625-1/
USN-2624-1: OpenSSL update
Ubuntu Security Notice USN-2624-11st June, 2015openssl updateA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryThe export cipher suites have been disabled in OpenSSL.Software description openssl - Secure Socket Layer (SSL) cryptographic library and tools DetailsAs a security improvement, this update removes the export cipher suitesfrom the default cipher list to prevent their use in possible
http://www.ubuntu.com/usn/usn-2624-1/
Cisco Headend Digital Broadband Delivery System Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39133
HPSBGN03269 rev.2 - HP StoreAll OS, Remote Code Execution
A potential security vulnerability has been identified with HP StoreAll OS. This is the GNU C Library (glibc) vulnerability known as "GHOST" which could be exploited remotely resulting in execution of code.
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04599438
PCRE Heap Overflow in Regex Processing Lets Users Execute Arbitrary Code
http://www.securitytracker.com/id/1032453