End-of-Shift report
Timeframe: Dienstag 02-06-2015 18:00 − Mittwoch 03-06-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Your Website Hacked but No Signs of Infection
Imagine for a moment, you have a suspicion that you have somehow been hacked. You see that something is off, but you feel as if you are missing something. This is the emotionally draining world that many live in, with a paranoia and concern that grips you once you see and recognize that something is not right.
http://feedproxy.google.com/~r/sucuri/blog/~3/0D6hUcbKq34/your-website-hacked-but-no-signs-of-infection.html
Holy SSH-it! Microsoft promises secure logins for Windows PowerShell
Now that the door has hit Ballmer on the way out, OpenSSH support is go Microsoft has finally decided to add support for SSH to PowerShell, allowing people to log into Windows systems and use software remotely over an encrypted connection.
http://go.theregister.com/feed/www.theregister.co.uk/2015/06/02/openssh_windows/
Bug des Tages: Skype hat eine "SMS des Todes"
Sending the characters "
http://:" (without the quotes) crashes Skype, and receiving a message with those characters makes it crash any time you try to sign in again.
http://blog.fefe.de/?ts=ab900965
Good Patch Management Is Crucial to Cybersecurity in ICS
A good cybersecurity strategy for industrial control systems (ICS) must include both a systematic approach to patch management and compensating cybersecurity controls for when patching is not an option. Patch management resolves bugs, operability, reliability,...
http://feedproxy.google.com/~r/PaloAltoNetworks/~3/tK1mqdG1qkA/
IoT Devices Hosted On Vulnerable Clouds In Bad Neighborhoods
OpenDNS report finds that organizations may be more susceptible to Internet of Things devices than they realize.
http://www.darkreading.com/cloud/iot-devices-hosted-on-vulnerable-clouds-in-bad-neighborhoods/d/d-id/1320670?_mc=RSS_DR_EDT
Mass break-in: researchers catch 22 more routers for the SOHOpeless list
A business model ripe for the bin Yet another disclosure tips 22 SOHO routers in the security bin, with everything from privilege escalation and authentication bypass to hard-coded credential backdoors.
http://go.theregister.com/feed/www.theregister.co.uk/2015/06/03/mass_breakin_researchers_catch_22_more_routers_for_the_sohopeless_list/
Piwik: Unberechtigte können Webseiten-Statistiken abrufen
Installationen der Google-Analytics-Alternative Piwik sind häufig nicht korrekt konfiguriert und Dritte können ohne viel Aufwand Abrufstatistiken einsehen und sogar herunterladen.
http://heise.de/-2678572
SSH: Sechs Jahre alter Bug bedroht Github-Repositories
Ein Debian-Bug aus dem Jahr 2008 hinterlässt immer noch Spuren. Eine Analyse der öffentlichen SSH-Schlüssel bei Github zeigt: Mittels angreifbarer Schlüssel hätten Angreifer die Repositories von Projekten wie Python und Firmen wie Spotify oder Yandex manipulieren können.
http://www.golem.de/news/ssh-sechs-jahre-alter-bug-bedroht-github-repositories-1506-114449-rss.html
Emergency Security Band-Aids with Systemtap
Software security vulnerabilities are a fact of life. So is the subsequent publicity, package updates, and suffering service restarts. Administrators are used to it, and users bear it, and it's a default and traditional method. On the other hand, in...
https://securityblog.redhat.com/2015/06/03/emergency-security-band-aids-with-systemtap/
Krypto-Trojaner überlegt es sich anders und entschlüsselt alles wieder
Der Erpressungs-Trojaner Locker ist erst seit wenigen Tagen im Umlauf. Und schon ist seine Karriere wieder vorbei: Er hat vergangenen Dienstag den Befehl erhalten, alle verschlüsselten Dateien wiederherzustellen.
http://heise.de/-2678669
Hackers Scan All Tor Hidden Services To Find Weaknesses In The Dark Web
If you go down to the deep web today, you'll be following hot on the heels of a digital beast. In a matter of hours last week, the entire semi-anonymising Tor network, where activists and criminals alike try to hide from the gaze of their respective authorities, was traversed by PunkSPIDER, an automated scanner that pokes websites to uncover vulnerabilities.
http://www.forbes.com/sites/thomasbrewster/2015/06/01/dark-web-vulnerability-scan/
DSA-3277 wireshark - security update
Multiple vulnerabilities were discovered in the dissectors/parsers forLBMR, web sockets, WCP, X11, IEEE 802.11 and Android Logcat, which couldresult in denial of service.
https://www.debian.org/security/2015/dsa-3277
Vulnerabilities in Cisco Products
Cisco Unified MeetingPlace Microsoft Outlook Reflected Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39161
Cisco Unified MeetingPlace Session ID Information Disclosure Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39162
Cisco AnyConnect Secure Mobility Client Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39158
Cisco Adaptive Security Appliance XAUTH Bypass Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39157
Cisco Unified MeetingPlace Arbitrary File Download Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39163
Beckwith Electric TCP Initial Sequence Vulnerability
This advisory provides mitigation details for a TCP initial sequence numbers vulnerability in multiple Beckwith Electric products.
https://ics-cert.us-cert.gov/advisories/ICSA-15-153-01
Moxa SoftCMS Buffer Overflow Vulnerability
This advisory provides mitigation details for a buffer overflow vulnerability in the Moxa SoftCMS software package.
https://ics-cert.us-cert.gov/advisories/ICSA-15-153-02
[HTB23258]: Local PHP File Inclusion in ResourceSpace
Product: ResourceSpace v7.1.6513Vulnerability Type: PHP File Inclusion [CWE-98]Risk level: High Creater: Montala LimitedAdvisory Publication: May 6, 2015 [without technical details]Public Disclosure: June 3, 2015 CVE Reference: CVE-2015-3648 CVSSv2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) Vulnerability Details: High-Tech Bridge Security Research Lab discovered vulnerability in ResourceSpace, which can be exploited to include arbitrary local PHP file, execute PHP code, and compromise
https://www.htbridge.com/advisory/HTB23258
USN-2626-1: Qt vulnerabilities
Ubuntu Security Notice USN-2626-13rd June, 2015qt4-x11, qtbase-opensource-src vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryQt could be made to crash or run programs as your login if it opened aspecially crafted file.Software description qt4-x11 - Qt 4 libraries qtbase-opensource-src - Qt 5 libraries DetailsWolfgang Schenk discovered that Qt incorrectly handled certain malformedGIF...
http://www.ubuntu.com/usn/usn-2626-1/
Next End-of-Shift report on 2015-06-05