End-of-Shift report
Timeframe: Freitag 12-06-2015 18:00 − Montag 15-06-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Hey kids, who wants to pwn a million BIOSes?
IT security bods warn of dysfunctional ecosystem, fraught with vulnerability The overlooked task of patching PC BIOS and UEFI firmware vulnerabilities leaves corporations wide open to attack, a new paper by security researchers warns.
http://go.theregister.com/feed/www.theregister.co.uk/2015/06/12/bios_security_is_pants/
Oh look - JavaScript Droppers
In a typical drive-by-download attack scenario the shellcode would download and execute a malware binary. The malware binary is usually wrapped in a dropper that unpacks or de-obfuscates and executes it. Droppers' main goal is to launch malware without being detected by antiviruses and HIPS. Nowadays the most popular way of covert launching would probably...
http://labs.bromium.com/2015/06/12/oh-look-javascript-droppers/
NTP für Windows: Schaltsekunde könnte Probleme bereiten
Wer den NTP-Client für Windows installiert hat, sollte vor dem 30. Juni ein Update durchführen
http://derstandard.at/2000017430786
Windows Server 2003 End of Life: You Can't RIP
Windows XP reached end of support last year and now it's time for another end of life: Windows Server 2003. On July 14, 2015, this widely deployed Microsoft operating system will reach its end of life - a long run since its launch in April 2003. Estimates on the number of still-active Windows Server 2003 users vary from...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/FwOEN1rriTc/
OPM hack: Vast amounts of extremely sensitive data stolen
The extent of the breach suffered by the US Office of Personnel Management has apparently widened. Reports are coming in that the hackers have not only accessed Social Security numbers, job assign...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/FaMAmsBY66Y/secworld.php
Dnstwist variiert und testet Domainnamen
Wer überwachen will, wie Vertipper- und Phishing-Domains für einen Domainnamen verbreitet sind, kann das Python-Skript Dnstwist nutzen. Es übernimmt viel Handarbeit und hilft bei der Analyse.
http://heise.de/-2690418
The top mistakes banks make defending against hackers
Many financial institutions fail to perform comprehensive risk analysis and assessment, exposing their companies and clients to enormous risk.
https://www.htbridge.com/blog/the-top-mistakes-banks-make-defending-against-hackers.html
Call to participate in the EU28 Cloud Security Conference
On June 16, in Riga, the Ministry of Defence of the Republic of Latvia and the European Union Agency for Network and Information Security (ENISA) will organise the EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union. The participants of the conference will discuss the cloud security in the two parallel tracks: "Legal & Compliance" and "Technologies and Solutions".
http://www.enisa.europa.eu/media/news-items/call-to-participate-in-the-eu28-cloud-security-conference
The Duqu 2.0 persistence module
We have described how Duqu 2.0 does not have a normal "persistence" mechanism. This can lead users to conclude that flushing out the malware is as simple as rebooting all the infected machines. In reality, things are a bit more complicated.
http://securelist.com/blog/research/70641/the-duqu-2-0-persistence-module/
Duqu 2.0 Attackers Used Stolen Foxconn Certificate to Sign Driver
The attackers behind the recently disclosed Duqu 2.0 APT have used stolen digital certificates to help sneak their malware past security defenses, and one of the certificates used in the attacks was issued to Foxconn, the Chinese company that manufactures products for Apple, BlackBerry, Dell, and many other companies. Researchers at Kaspersky Lab, who discovered...
http://threatpost.com/duqu-2-0-attackers-used-stolen-foxconn-certificate-to-sign-driver/113315
Massive route leak causes Internet slowdown
Earlier today a massive route leak initiated by Telekom Malaysia (AS4788) caused significant network problems for the global routing system. Primarily affected was Level3 (AS3549 - formerly known as Global Crossing) and their customers. Below are some of the details as we know them now.
https://www.bgpmon.net/massive-route-leak-cause-internet-slowdown/
Cisco issues 16 patches to pop pesky peccant packets
Remote code execution for some, denial of service for the rest of us Cisco has issued a string of patches for 16 faults including a fix for a possible remote code execution in its IOS and IOS XE routing software.
http://go.theregister.com/feed/www.theregister.co.uk/2015/06/15/cisco_ipv6_ios_xr_patch/
Vulnerabilities in Cisco Products
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39339
Cisco IOS Software TCL Script Interpreter Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39343
Cisco Virtualization Experience Client 6215 Devices Command Injection Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39347
Novell ZENworks Mobile Management Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1032576
Novell Messenger 3.0 Support Pack 1
Abstract: Novell Messenger 3.0 Support Pack 1 has been released. Please be aware that there are security fixes to Messengers server and client components (see the change log below and the Readme documentation on the web). It is recommended that they are updated on an expedited basis.Document ID: 5212230Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:consoleone1.3.6h_windows.zip (46.82 MB)nm301_full_linux_multi.tar.gz (269.54 MB)nm301_client_mac_multi.zip (40.62...
https://download.novell.com/Download?buildid=o8Y11QiTuc4~
DSA-3285 qemu-kvm - security update
Several vulnerabilities were discovered in qemu-kvm, a fullvirtualization solution on x86 hardware.
https://www.debian.org/security/2015/dsa-3285
DSA-3284 qemu - security update
Several vulnerabilities were discovered in qemu, a fast processoremulator.
https://www.debian.org/security/2015/dsa-3284
DSA-3288 libav - security update
Several security issues have been corrected in multiple demuxers anddecoders of the libav multimedia library. A full list of the changes isavailable at
https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4
https://www.debian.org/security/2015/dsa-3288
DSA-3287 openssl - security update
Multiple vulnerabilities were discovered in OpenSSL, a Secure SocketsLayer toolkit.
https://www.debian.org/security/2015/dsa-3287
DSA-3286 xen - security update
Multiple security issues have been found in the Xen virtualisationsolution:
https://www.debian.org/security/2015/dsa-3286
Vulnerabilities in multiple third party TYPO3 CMS extensions
SQL Injection vulnerability in extension FAQ - Frequently Asked Questions (js_faq)
http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-faq-frequently-asked-questions-js-faq/
SQL Injection vulnerability in extension Developer Log (devlog)
http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-developer-log-devlog/
SQL Injection vulnerability in extension Smoelenboek (ncgov_smoelenboek)
http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-smoelenboek-ncgov-smoelenboek/
SQL Injection vulnerability in extension Store Locator (locator)
http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-store-locator-locator/
SQL Injection vulnerability in extension wt_directory (wt_directory)
http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-wt-directory-wt-directory/
Arbitrary Code Execution in extension Frontend User Upload (feupload)
http://www.typo3.org/news/article/arbitrary-code-execution-in-extension-frontend-user-upload-feupload/
Cross-Site Scripting in extension BE User Log (beko_beuserlog)
http://www.typo3.org/news/article/cross-site-scripting-in-extension-be-user-log-beko-beuserlog/
Arbitrary Code Execution in extension Job Fair (jobfair)
http://www.typo3.org/news/article/arbitrary-code-execution-in-extension-job-fair-jobfair/
Security Advisory - Web UI Authentication Vulnerability in Huawei E5756S
Jun 15, 2015 18:00
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-441178.htm
Filezilla 3.11.0.2 sftp module denial of service vulnerability
Topic: Filezilla 3.11.0.2 sftp module denial of service vulnerability Risk: Medium Text: # Exploit title: filezilla 3.11.0.2 sftp module denial of service vulnerability # Date: 5-6-2015 # Vendor homepage: http...
http://cxsecurity.com/issue/WLB-2015060077
putty v0.64 denial of service vulnerability
Topic: putty v0.64 denial of service vulnerability Risk: Medium Text: # Exploit title: putty v0.64 denial of service vulnerability # Date: 5-6-2015 # Vendor homepage:
http://www.chiark.green...
http://cxsecurity.com/issue/WLB-2015060076
E-Detective Lawful Interception System multiple security vulnerabilities
Topic: E-Detective Lawful Interception System multiple security vulnerabilities Risk: Medium Text:Advisory: E-Detective Lawful Interception System multiple security vulnerabilities Date: 14/06/2015 CVE: ...
http://cxsecurity.com/issue/WLB-2015060075