End-of-Shift report
Timeframe: Donnerstag 30-07-2015 18:00 − Freitag 31-07-2015 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
Derelict TrueCrypt Russia portal is command hub for Ukraine spying op
Backdoored code slung at officials, journos etc Malware used to attack Ukrainian government, military, and major news agencies in the country, was distributed from the Russian portal of encryption utility TrueCrypt, new research has revealed.
http://go.theregister.com/feed/www.theregister.co.uk/2015/07/30/truecrypt_ru_hub/
Username Enumeration against OpenSSH-SELinux with CVE-2015-3238
I recently disclosed a low-risk vulnerability in Linux-PAM < 1.2.1 , which allows attackers to conduct username enumeration and denial of service attacks. Below I will provide more technical details about this vulnerability. The Past Time-based username enumeration is an...
https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/
Flash Threats: Not Just In The Browser
July has been a fairly poor month for Adobe Flash Player security, to say the least. Three separate zero-day vulnerabilities (all courtesy of the Hacking Team dump) have left many people concerned about Flash security, with many (including this blog) calling for it to go away. Some sort of reaction from Adobe to improve Flash...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6YRcRVFMKYg/
Bundestags-Hack: Reparatur des Bundestagsnetzes soll vier Tage dauern
Das Netzwerk des Bundetages soll zwischen dem 13. und 17. August 2015 neu aufgesetzt werden. In dieser Zeit wird es komplett abgeschaltet. Auch E-Mails können dann nicht mehr empfangen oder versendet werden.
http://www.golem.de/news/bundestags-hack-reparatur-des-bundestagsnetzes-soll-vier-tage-dauern-1507-115518-rss.html
Compromised site serves Nuclear exploit kit together with fake BSOD
Support scammers not lying about a malware infection for a change.During our work on the development of the VBWeb tests, which will be started soon, we came across an interesting case of an infected website that served not only the Nuclear exploit kit, but also a fake blue screen of death (BSOD) that attempted to trick the user into falling for a support scam.When a (legitimate) website includes (legitimate) advertisements, these ads themselves are rarely included in the HTML code. Rather, the...
http://www.virusbtn.com/blog/2015/07_31.xml?rss
MMS Not the Only Attack Vector for "Stagefright"
Earlier this week Zimperium zLabs revealed an Android vulnerability which could be used to install malware on a device via a simple multimedia message. This vulnerability, now known as Stagefright, has gained a lot of attention for the potential attacks it can cause. Stagefright makes it possible, for example, for an attacker to install a spyware app...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fiKsjboNusw/
Real World Ramifications of Cyber Attacks
Warning: the following blog contains gratuitous use of sarcasm and hyperbole from the start. Reader discretion is advised. And so, ladies and gentlemen, it has finally happened. The Internet-of-Things has risen up, Skynet style, and we are doomed. This much prophesied event finally came to pass with reports of hackers disabling cars from miles away, and altering rifle trajectories. At last, it seems, the crossover has been made from the digital world to the physical one; the end is nigh. Then...
https://blog.team-cymru.org/2015/07/real-world-ramifications-of-cyber-attacks/
Symantec Endpoint Protection Multiple Issues
Revisions None Severity CVSS2 Base Score ...
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150730_00
Cisco Security Advisories
Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k
Cisco Prime Central Hosted Collaboration Solution Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40214
Cisco IM and Presence Service Reflected Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40217
Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40175
Cisco Unified Communications Manager Prime Collaboration Deployment Information Disclosure Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40223
Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Password Storage Vulnerability
This advisory provides mitigation details for a password storage vulnerability in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 products.
https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01
ZDI-15-372: IBM Tivoli Storage Manager FastBack Server Opcode 4755 Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/lONzWRepYUI/
ZDI-15-373: IBM Tivoli Storage Manager FastBack Server Opcode 1365 Files Restore Agents Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Np2gm5rVOXQ/
ZDI-15-374: IBM Tivoli Storage Manager FastBack Server Opcode 1365 Volumes Restore Agents Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/zJI4EVNVvMM/
ZDI-15-375: IBM Tivoli Storage Manager FastBack Server Opcode 4115 Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/x0uVs7pbpJo/
ZDI-15-376: IBM Tivoli Storage Manager FastBack Server Opcode 8192 Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/L9RNtcsUYnU/
More IBM Security Bulletins
https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us