End-of-Shift report
Timeframe: Donnerstag 06-08-2015 18:00 − Freitag 07-08-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Updated DGA Changer Malware Generates Fake Domain Stream
Researchers at Seculert have discovered the latest twist to DGA Changer, which now is able to generate a fake stream of domains if it detects it's being executed in a virtual machine.
http://threatpost.com/updated-dga-changer-malware-generates-fake-domain-stream/114159
BLEKey Device Breaks RFID Physical Access Controls
A device called BEKey which is the size of a quarter and can be installed in 60 seconds on a proximity card reader could potentially be used to break physical access controls in 80 percent of deployments.
http://threatpost.com/blekey-device-breaks-rfid-physical-access-controls/114163
BIND Denial of Service Vulnerability Blamed on Windows 2000 Compatibility Code
The BIND implementation of the Domain Name System (DNS) is a critical part of the infrastructure of the Internet. For example, almost all of the 13 root name servers use BIND. On July 28 a vulnerability was published in BIND that could be anonymously exploited by an attacker. To crash the server, all an attacker would have to...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OQsKsP-w1DU/
Schwachstelle: Certifi-Gate erlaubt Zertifikatsmissbrauch unter Android
Bösartige Apps können in Android legitime Zertifikate nutzen, um erhöhte Rechte zu erhalten. Die Entdecker der Schwachstelle haben dieser den Namen Certifi-Gate gegeben. Google bestätigt die Lücke, betont aber, dass Apps im Play Store auf ein solches Missbrauchspotential überprüft würden.
http://www.golem.de/news/schwachstelle-certifi-gate-erlaubt-zertifikatsmissbrauch-unter-android-1508-115633-rss.html
HTTPS: BGP-Angriff gefährdet TLS-Zertifikatssystem
Auf der Black Hat weisen Sicherheitsforscher auf ein Problem mit TLS-Zertifizierungsstellen hin: Die Prüfung, wem eine Domain gehört, findet über ein ungesichertes Netz statt. Dieser Weg ist angreifbar - beispielsweise mittels des Routingprotokolls BGP.
http://www.golem.de/news/https-bgp-angriff-gefaehrdet-tls-zertifikatssystem-1508-115632-rss.html
Kryptographie: Rechenfehler mit großen Zahlen
Kryptographische Algorithmen benötigen oft Berechnungen mit großen Ganzzahlen. Immer wieder werden Fehler in den entsprechenden Bibliotheken gefunden. Diese können zu Sicherheitslücken werden.
http://www.golem.de/news/kryptographie-rechenfehler-mit-grossen-zahlen-1508-115636-rss.html
Zwölf Sicherheitslücken in PHP geschlossen, Support für Version 5.5 ausgelaufen
Das PHP-Entwickerteam hat seinen Interpreter sicherer gemacht und weist darauf hin, dass der Support für Version 5.5 vor kurzem abgelaufen ist. Wer kann, sollte auf Version 5.6 umsteigen.
http://heise.de/-2774343
The GasPot experiment: Hackers target gas tanks
Physically tampering with gasoline tanks is dangerous enough, given how volatile gas can be. Altering a fuel gauge can cause a tank to overflow, and a simple spark can set everything ablaze. But imagi...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/5bYYfndJK74/secworld.php
Auto-Hacking: Gehackte Teslas lassen sich bei voller Fahrt ausschalten
Insgesamt sechs Lücken haben IT-Sicherheitsforscher in der Software der Automobile von Tesla entdeckt. Über sie gelang es ihnen, die Kontrolle über das Fahrzeug zu übernehmen.
http://www.golem.de/news/auto-hacking-gehackte-teslas-lassen-sich-bei-voller-fahrt-ausschalten-1508-115641-rss.html
Firefox exploit found in the wild
Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1.
https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
CrackLord: Gratis-Tool zum Steuern von Cracking-Clustern
Forscher haben mit CrackLord eine Open-Source-Software vorgestellt, die CPU-/GPU-Cluster zum Cracken von Passwörtern ansteuert und Aufgaben verwaltet und verteilt.
http://heise.de/-2774582
Scada-Sicherheit: Siemens-PLC wird zum Einbruchswerkzeug
Über die oftmals frei aus dem Internet zugänglichen Programmable Logic Controller (PLC) zum Steuern von Scada-Systemen können Angreifer Scanner zum Spionieren in Industrie-Systeme schmuggeln. Die dafür nötige Software steht frei zum Download.
http://heise.de/-2774812
Citrix XenServer Security Update for CVE-2015-5154
A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to compromise the host ...
http://support.citrix.com/article/CTX201593
USN-2706-1: OpenJDK 6 vulnerabilities
Ubuntu Security Notice USN-2706-16th August, 2015openjdk-6 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTSSummarySeveral security issues were fixed in OpenJDK 6.Software description openjdk-6 - Open Source Java implementation DetailsSeveral vulnerabilities were discovered in the OpenJDK JRE related toinformation disclosure, data integrity, and availability. An attackercould exploit these to cause a denial of service or expose sensitivedata...
http://www.ubuntu.com/usn/usn-2706-1/
Security Advisory: Java SE vulnerabilities CVE-2015-2590 and CVE-2015-4732
(SOL17079)
https://support.f5.com:443/kb/en-us/solutions/public/17000/000/sol17079.html?ref=rss
DSA-3329 linux - security update
Several vulnerabilities have been discovered in the Linux kernelthat may lead to a privilege escalation, denial of service orinformation leak.
https://www.debian.org/security/2015/dsa-3329
Apache Subversion Bugs Let Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1033215
IBM Security Bulletins
IBM Security Bulletin: A Security Vulnerability, exists in the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software (CVE-2015-1835)
http://www.ibm.com/support/docview.wss?uid=swg21962128
IBM Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM Security Identity Governance
http://www.ibm.com/support/docview.wss?rs=0&uid=swg21963438
IBM Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects the IBM FlashSystem V840 (CVE 2015-4000)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005344
IBM Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects the IBM FlashSystem 840 (CVE 2015-4000)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005339
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21960191
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tivoli Monitoring (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21962739
IBM Security Bulletin: A vulnerability in Open Source Struts affects the IBM FlashSystem 840 (CVE 2015-1831)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005329
IBM Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem V840 (CVEs 2015-0204, 2015-0488, and 2015-1916)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005328
IBM Security Bulletin: A vulnerability in Open Source Struts affect the IBM FlashSystem V840 (CVE 2015-1831)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005331
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-0488, CVE-2015-0478, CVE-2015-1916)
http://www.ibm.com/support/docview.wss?uid=swg21883959
IBM Security Bulletin: Multiple vulnerabilities in the unzip utility affect IBM Security Access Manager for Mobile.
http://www.ibm.com/support/docview.wss?uid=swg21963158
IBM Security Bulletin: Multiple vulnerability in Product IBM Tivoli Common Reporting(CVE-2015-0488, CVE-2015-0478, CVE-2015-2808, CVE-2015-1916, CVE-2014-0227, CVE-2015-0209 , CVE-2015-0286 , CVE-2015-0289)
http://www.ibm.com/support/docview.wss?uid=swg21963024
IBM Security Bulletin: A vulnerability in Open Source OpenSSL affects the IBM FlashSystem 840 (CVE 2015-0286)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005341
IBM Security Bulletin: Vulnerability in Open Source Apache Tomcat affect the IBM FlashSystem V840, (CVE-2014-0227)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005204