End-of-Shift report
Timeframe: Freitag 26-06-2015 18:00 − Montag 29-06-2015 18:00
Handler: Robert Waldner
Co-Handler: n/a
In eigener Sache: CERT.at sucht Verstärkung
Wir suchen aktuell eine/n ProgrammiererIn - vorerst als Karenzvertretung bis Jahresende. Details siehe
https://cert.at/about/jobs/jobs.html
http://www.cert.at/services/blog/20150629141329-1553.html
IETF Officially Deprecates SSLv3
The IETF, in RFC7568, declared SSLv3 "not sufficiently secure" and prohibited its use. SSLv3 fallbacks were to blame for the POODLE and BEAST attacks.
http://threatpost.com/ietf-officially-deprecates-sslv3/113503
NIST Updates Random Number Generation Guidelines
An anonymous reader writes: Encryption weighs heavily on the public consciousness these days, as weve learned that government agencies are keeping an eye on us and a lot of our security tools arent as foolproof as weve thought. In response to this, the National Institute of Standards and Technology has issued a formal update to its document on how to properly generate a random number - crucial in many types of encryption.
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/JJ7XjyjPA9c/nist-updates-random-number-generation-guidelines
Lücke im Flash Player: Exploit Kit erhöht Angriffs-Risiko
Bisher haben Angreifer die in der letzten Woche bekanntgewordene Schwachstelle in Adobes Flash Player nur vereinzelt und gezielt attackiert. Aktuell nutzt jedoch auch das Magnitude Exploit Kit die Lücke aus und vergrößert den Angriffsradius.
http://heise.de/-2730795
The State of the ESILE/Lotus Blossom Campaign
As is generally the case with backdoors, ESILE contacts a command-and-control server in order to receive commands from its attacker. How it does this is also a fingerprint of the campaign as well. It uses a URL based on the MAC address of the infected machine's network interface, as well as the current time. ... This distinctive pattern can be used to help spot and block ESILE-related endpoints on an organization's network.
http://blog.trendmicro.com/trendlabs-security-intelligence/the-state-of-the-esilelotus-blossom-campaign/
Migrating from SHA-1 to SHA-2
Heres a comprehensive document on migrating from SHA-1 to SHA-2 in Active Directory certificates....
https://www.schneier.com/blog/archives/2015/06/migrating_from_.html
Cyber Security Challenge: Bundesheer sucht Nachwuchs-Hacker
Qualifikation läuft bis August, Veranstaltung von Cyber Security Austria und Abwehramt organisiert
http://derstandard.at/2000018220253
Bugtraq: ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities
Summary: ESRS VE version 3.06 contains security fixes for multiple vulnerabilities that could potentially be exploited by malicious uses to compromise the affected system
Insufficient Certificate Validation
CVE-2015-0543: CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Cookie Generated with Insufficient Randomness
CVE-2015-0544: CVSSv2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
http://www.securityfocus.com/archive/1/535851
The Powershell Diaries 2 - Software Inventory, (Mon, Jun 29th)
After last weeks story, hopefully youve got your problem users accounts identified. With that worked out, lets see about finding problem applications. We all need a handle on what applications are installed on workstations for a number of reasons to make sure that when upgrade time comes, that nobody gets left behind that older apps that have security vulnerabilities or have limited function get taken care of...
https://isc.sans.edu/diary.html?storyid=19851&rss
Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM)
Business recommendation: By combining all vulnerabilities documented in this advisory an unprivileged authenticated remote attacker can gain full system access (root) on the RPRM appliance. This has an impact on all conferences taking place via this RP Resource Manager. Attackers can steal all conference passcodes and join or record any conference. SEC Consult recommends not to use this system until a thorough security review has been performed by security professionals and all identified issues have been resolved.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150626-0_Polycom_RealPresence_Resource_Manager_Critical_Vulnerabilities_v10.txt
TYPO3-EXT-SA-2015-015: Cross-Site Scripting in extension "404 Page not found handling" (pagenotfoundhandling)
It has been discovered that the extension "404 Page not found handling" (pagenotfoundhandling) is susceptible to Cross-Site Scripting
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:O/RC:C
Affected Versions: version 2.1.0 and below
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-015/
Hacker-Angriff vermutet: Apache Build-Server offline
Bis jetzt wurde ein Angriff nicht offiziell bestätigt. Auch ist nicht bekannt, ob ein Eingriff in auf den Servern gebaute Software-Pakete stattgefunden hat.
Die Build-Systeme der ASF werden unter anderem von OpenOffice, dem Tomcat-Projekt und dem Web-Framework Apache Wicket verwendet. Neben den Build-Servern und der Continuous-Integration-Webseite ist auch das CMS der Apache-Seiten betroffen.
http://heise.de/-2731265
Cisco Application Policy Infrastructure Controller Unauthorized Access Vulnerability
CVE: CVE-2015-4225, CVSS2 Base Score: 5.5
A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (Cisco APIC) could allow an authenticated, remote attacker to have read access to certain information stored in the affected system.
The vulnerability is due to improper handling of RBAC for health scoring. An attacker could exploit this vulnerability to gain access to information on the affected system.
http://tools.cisco.com/security/center/viewAlert.x?alertId=39529