End-of-Shift report
Timeframe: Montag 03-08-2015 18:00 − Dienstag 04-08-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Thunderstrike 2: Mac-Firmware-Wurm soll sich über Thunderbolt-Adapter verbreiten
Weitere EFI-Schwachstellen ermöglichen nach Angabe von Sicherheitsforschern die Modifikation der Firmware mobiler Macs. Ein Angreifer könne dadurch einen Schädling einschleusen, der sich über Thunderbolt-Adapter und Peripherie fortpflanzt.
http://heise.de/-2767994
DYLD_PRINT_TO_FILE exploit found in the wild
Last month, Stefan Esser blogged about a zero-day vulnerability in OS X, without having informed Apple about the problem first. Unfortunately, today has brought the discovery of the first known exploit. (Read more...)
https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-in-the-wild/
Hackers use cartons with sticks, may be foiled by watermelons
Translation from Russian hack-slang: Credit card, PayPal and secure server Gaining an invite to the best of the nearly 60 websites powering the cybercrime underground is only half the fight for researchers; they also need to know that credit cards are called cartons, PayPal a stick, and bulletproof servers watermelons.
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/russian_cyber_underground_update/
Android-Schwachstelle: Stagefright-Exploits wohl bald aktiv
Erste Nachweise, dass die wohl gravierende Sicherheitslücke in Android ausnutzbar ist, sind bereits im Umlauf. Patches gibt es bereits für Android und Cynanogenmod. Bis die Hersteller sie bereitstellen, könnte Stagefright aber millionenfach missbraucht worden sein.
http://www.golem.de/news/android-schwachstelle-stagefright-exploits-wohl-bald-aktiv-1508-115578-rss.html
Android MediaServer Bug Traps Phones in Endless Reboots
We have discovered a new vulnerability that allows attackers to perform denial of service (DoS) attacks on Android's mediaserver program. This causes a device's system to reboot and drain all its battery life. In more a severe case, where a related malicious app is set to auto-start, the device can be trapped in an endless reboot...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/w1VZWbnfA4c/
Your Password is Too Damn Short
Im a little tired of writing about passwords. But like taxes, email, and pinkeye, theyre not going away any time soon. Heres what I know to be true, and backed up by plenty of empirical data:
http://blog.codinghorror.com/your-password-is-too-damn-short/
Yahoo! ads! caught! spreading! CryptoWall! ransomware! AGAIN!
Unpatched Flash holes exploited to inject file-scrambling nasty Yahoo!s ad network is still being used to spread ransomware to Windows PCs a year after the last big outbreak.
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/yahoo_malware_ads/
Open source tool for deploying SSL public key pinning in iOS, OS X apps
At Black Hat USA 2015, Data Theorem and Yahoo! will be unveiling TrustKi, a new, open source security toolkit that helps developers easily include complex mobile security functionality, known as SSL p...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/jxmlYG4OZVA/secworld.php
Cybersecurity Policy and Threat Assessment for the Energy Sector
INTRODUCTION: A wake-up call An HP Enterprise Security's 2014 Global Report on the Cost of Cyber Crime by the Ponemon Institute reveals some astounding aspects of the cyber-attacks on the energy utilities. First, these assets suffered the highest average annual losses from cybercrimes ($13, 2 million), closely followed by the losses caused by computer attacks...
http://resources.infosecinstitute.com/cybersecurity-policy-and-threat-assessment-for-the-energy-sector/
Symantec Endpoint Protection: Gefährlicher Sicherheitslücken-Cocktail
Über verschiedene Schwachstellen in Symantecs End Point Protection 12.1 können sich Angreifer in Netzwerke schleichen, beliebigen Code und Befehle ausführen und anschließend ganze Systemverbunde kapern.
http://heise.de/-2768461
MatrixSSL Tiny: A TLS software implementation for IoT devices
INSIDE Secure announced the availability of MatrixSSL Tiny, the world's smallest Transport Layer Security (TLS) software implementation, to allow companies to affordably secure IoT devices with string...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/mnlQoZJr0zU/secworld.php
Bugtraq: Mozilla extensions: a security nightmare
http://www.securityfocus.com/archive/1/536133
WordPress 4.2.4 Security and Maintenance Release
August 4, 2015 | WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise...
https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/
Security Advisory: Apache vulnerability CVE-2012-0053
(SOL15273)
https://support.f5.com:443/kb/en-us/solutions/public/15000/200/sol15273.html?ref=rss
DSA-3327 squid3 - security update
Alex Rousskov of The Measurement Factory discovered that Squid3, a fullyfeatured web proxy cache, does not correctly handle CONNECT method peerresponses when configured with cache_peer and operating on explicitproxy traffic. This could allow remote clients to gain unrestrictedaccess through a gateway proxy to its backend proxy.
https://www.debian.org/security/2015/dsa-3327
SSA-504631 (Last Update 2015-08-04): Incorrect Certificate Validation in COMPAS Mobile App
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-504631.pdf
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affected IBM Workflow for Bluemix July 2015
http://www.ibm.com/support/docview.wss?uid=swg21963428
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791)
http://www.ibm.com/support/docview.wss?uid=swg21960633
IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities
http://www.ibm.com/support/docview.wss?uid=swg21962726
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Rational ClearQuest(CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21962816
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2015-0488, CVE-2015-0478, CVE-2015-1916)
http://www.ibm.com/support/docview.wss?uid=swg21902824
IBM Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM MobileFirst Platform Foundation and IBM Worklight
http://www.ibm.com/support/docview.wss?uid=swg21961179