End-of-Shift report
Timeframe: Dienstag 30-06-2015 18:00 − Mittwoch 01-07-2015 18:00
Handler: Robert Waldner
Co-Handler: n/a
What is Wi-Fi Sense and Why Does It Want Your Facebook Account?
Wi-Fi Sense is a feature built into Windows 10. You may see a pop-up saying "Wi-Fi Sense needs permission to use your Facebook account." It also works with Outlook.com and Skype contacts. This feature allows you to share Wi-Fi login information - network names and passphrases - with your friends. It's designed to automatically connect Windows 10 devices to shared networks.
...
Wi-Fi Sense was originally a Windows Phone 8.1 feature that made the jump to desktop PCs and tablets with Windows 10.
http://www.howtogeek.com/219700/what-is-wi-fi-sense-and-why-does-it-want-your-facebook-account/?PageSpeed=noscript
EU-Kompromiss zu Meldepflichten bei Cyberangriffen steht
Betreiber "wesentlicher" Infrastrukturen und Dienste in der EU müssen bald Cyberangriffe melden, für Digitalplattformen wie soziale Netzwerke sollen abgestufte Regeln gelten. Darauf haben sich EU-Rat und Parlament geeinigt.
http://www.heise.de/newsticker/meldung/EU-Kompromiss-zu-Meldepflichten-bei-Cyberangriffen-steht-2732313.html?wt_mc=rss.ho.beitrag.rdf
Apple Patches Dozens of Flaws in iOS 8.4, OS X 10.10.4
Apple has released new versions of iOS and OS X, both of which include a significant number of security patches, several for bugs that can lead to remote code execution and other serious issues. Version 8.4 of iOS contains fixes for more than 30 security vulnerabilities, including bugs in the iOS kernel, WebKit, and CoreText.
http://threatpost.com/apple-patches-dozens-of-flaws-in-ios-8-4-os-x-10-10-4/113547
ZDI-15-275: (0Day) SolarWinds Storage Manager AuthenticationFilter Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Manager. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-15-275/
TYPO3 CMS 6.2.14 and 7.3.1 released
We are announcing the release of the following TYPO3 CMS updates:
TYPO3 CMS 6.2.14 LTS
TYPO3 CMS 7.3.1
Both versions are maintenance releases and contain bug and security fixes.
http://www.typo3.org/news/article/typo3-cms-6214-and-731-released/
Apple gets around to fixing those 77 security holes in OS X Yosemite
Your OS X box can still be owned by, well, just about everything Apple has released a series of security updates to address 77 CVE-listed security vulnerabilities in OS X Yosemite.
http://www.theregister.co.uk/2015/06/30/apple_finally_gets_around_to_fixing_those_77_security_holes_in_os_x_yosemite/
A third of iThings open to VPN-hijacking, app-wrecking attacks
Masques off: Researchers detail five ways to wreck Apple stuff A trio of FireEye researchers have reported twin app-demolishing iOS vulnerabilities Apple has partially fixed in its latest update that could wreck core apps such as the App Store and Settings.
http://www.theregister.co.uk/2015/07/01/masque_attack_ios_fireeye/
June 2015 Android malware review from Doctor Web
PRINCIPAL TRENDS IN JUNE
- Activity of banking Trojans
- Emergence of new downloader
- Trojans Emergence of new Android ransomware
- Growing number of SMS Trojans
http://news.drweb.com/show/?i=9511&lng=en&c=9
Cisco Vulnerability Alerts
Cisco Nexus Devices NX-OS Software Command-Line Interpreter Local Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39569
Cisco Nexus Devices Python Subsystem Local Privilege Escalation Vulnerabilities
http://tools.cisco.com/security/center/viewAlert.x?alertId=39571
Cisco Unified MeetingPlace SQL Injection Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39570
Cisco Nexus 7000 Devices Virtual Device Context Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39568
IBM Security Bulletins
IBM Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21961048
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects PowerKVM (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=isg3T1022395
IBM Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus Registry Edition (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21961049
IBM Security Bulletin: CICS Transaction Gateway for Multiplatforms
http://www.ibm.com/support/docview.wss?uid=swg21903636
IBM Security Bulletin: A security vulnerability in IBM WebSphere Application Server affects IBM Security Access Manager for Web version 7.0 software installations and IBM Tivoli Access Manager for e-business (CVE-2015-1920)
http://www.ibm.com/support/docview.wss?uid=swg21960450
IBM Security Bulletin: Multiple vulnerabilities in the FreeType library affect IBM Security Access Manager for Web
http://www.ibm.com/support/docview.wss?uid=swg21960562
IBM Security Bulletin: Multiple vulnerabilities in FreeType library affect IBM Security Access Manager for Mobile.
http://www.ibm.com/support/docview.wss?uid=swg21958900
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web
http://www.ibm.com/support/docview.wss?uid=swg21960668
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Access Manager for Mobile.
http://www.ibm.com/support/docview.wss?uid=swg21958903
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Web (CVE-2013-7423)
http://www.ibm.com/support/docview.wss?uid=swg21960456
Vulnerabilities in NTPv4 affect AIX
http://www.ibm.com/support/
IBM Security Bulletin: Multiple cross-site scripting (XSS) vulnerabilities in IBM Dojo Toolkit affects IBM Case Manager (CVE-2014-8917)
http://www.ibm.com/support/docview.wss?uid=swg21883851
IBM Security Bulletin: PowerKVM is affected by a kexec-tools vulnerability (CVE-2015-0267)
http://www.ibm.com/support/docview.wss?uid=isg3T1022407
IBM Security Bulletin: Dual_EC_DRBG vulnerability and RC4 stream cipher vulnerability affect WebSphere Transformation Extender Secure Adapter Collection (CVE-2007-6755, CVE-2015-2808)
http://www.ibm.com/support/docview.wss?uid=swg21959577
IBM Security Bulletin: XSS vulnerability in Error dialog which can execute scripts injected into addressability and comments features that affects IBM Case Manager (CVE-2015-1979)
http://www.ibm.com/support/docview.wss?uid=swg21959695
IBM Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Sterling Connect:Express for UNIX (CVE-2015-4000, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
http://www.ibm.com/support/docview.wss?uid=swg21959308
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Cognos Command Center (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21960508
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects the Enterprise Common Collector component of the IBM Tivoli zEnterprise Monitoring Agent (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21960019
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM InfoSphere Optim Performance Manager (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21959591
IBM Security Bulletin: JavaScript evaluation vulnerability in IBM Business Process Manager (CVE-2015-1961)
http://www.ibm.com/support/docview.wss?uid=swg21959052
IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance affected by Java vulnerabilities (CVE-2015-0138 CVE-2015-0204 CVE-2015-1914 CVE-2015-2808 )
http://www.ibm.com/support/docview.wss?uid=swg21960515
IBM Security Bulletin: Potential denial of service may affect IBM WebSphere Application Server shipped with IBM Tivoli Network Performance Manager (CVE-2015-1829)
http://www.ibm.com/support/docview.wss?uid=swg21960364
IBM Security Bulletin: PowerKVM is affected by a bind vulnerability (CVE-2015-1349)
http://www.ibm.com/support/docview.wss?uid=isg3T1022295
IBM Security Bulletin: PowerKVM is affected by a qemu vulnerability (CVE-2014-9718)
http://www.ibm.com/support/docview.wss?uid=isg3T1022294
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Access Manager for Mobile (CVE-2015-0488, CVE-2015-0478, CVE-2015-1916)
http://www.ibm.com/support/docview.wss?uid=swg21959597
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Mobile (CVE-2013-7423)
http://www.ibm.com/support/docview.wss?uid=swg21959604
IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Glance v2 API unrestricted path traversal (CVE-2014-9493, CVE-2015-1195)
http://www.ibm.com/support/docview.wss?uid=nas8N1020785
IBM Security Bulletin: IBM PowerVC is impacted by Apache Qpid security vulnerabilities (CVE-2015-0203, CVE-2015-0223, CVE-2015-0224)
http://www.ibm.com/support/docview.wss?uid=nas8N1020787
IBM Security Bulletin: A cross-site scripting vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-1966)
http://www.ibm.com/support/docview.wss?uid=swg21959068
IBM Security Bulletin: A cross-site scripting vulnerability affects IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway (CVE-2015-1966)
http://www.ibm.com/support/docview.wss?uid=swg21959071
IBM Security Bulletin: XSS Vulnerability in IBM Jazz Foundation affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-0130)
http://www.ibm.com/support/docview.wss?uid=swg21960407