End-of-Shift report
Timeframe: Freitag 14-08-2015 18:00 − Montag 17-08-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
My browser visited Weather.com and all I got was this lousy malware (Updated)
New rash of malvertising attacks threatens millions of Web surfers.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/e7WRDtjeLUI/
Security: Neuer digitaler Erpressungsdienst aufgetaucht
Encryptor RaaS nennt sich ein neuer digitaler Erpressungsdienst, der im Tor-Netzwerk aufgetaucht ist. Sein Erschaffer hat offenbar bei Reddit dafür geworben. Angeblich soll es bereits erste Kunden geben.
http://www.golem.de/news/security-neuer-digitaler-erpressungsdienst-aufgetaucht-1508-115794-rss.html
Unsicheres Smart Home: "Nutzer können nichts tun"
Wiener Sicherheitsforscher warnen davor aufs vernetzte Heim mit Funk-Alarmanlagen oder Türschlösser zu setzen, weil die funkgesteuerten Anlagen viele Risiken mit sich bringen.
http://futurezone.at/digital-life/unsicheres-smart-home-nutzer-koennen-nichts-tun/147.484.799
Five points of failure in recovering from an attack
An over emphasis on defense is leaving the financial sector exposed to cyber attack. An increase in threat levels has seen the sector bolster defenses by focusing on detection and attack response but ...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/28f1ShUbbgo/secworld.php
MediaServer Takes Another Hit with Latest Android Vulnerability
The "hits" keep on coming for Android's mediaserver component. We have discovered yet another Android mediaserver vulnerability, which can be exploited to perform attacks involving arbitrary code execution. With this new vulnerability, an attacker would be able to run their code with the same permissions that the mediaserver program already has as part of its...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/G8BEug87d7k/
Google plugs Google Admin app sandbox bypass 0-day
After having had some trouble with fixing a sandbox bypass vulnerability in the Google Admin Android app, the Google Security team has finally released on Friday an update that plugs the hole. Goog...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Mf7jUvjZmF0/secworld.php
Wieder Root-Lücke in OS X Yosemite - inklusive 10.10.5
Nachdem das jüngste Update eine Rechteausweitung behoben hatte, ist nun die nächste entdeckt worden. Demonstrationscode für einen Exploit wurde bereits veröffentlicht.
http://heise.de/-2780509
BitTorrent clients can be made to participate in high-volume DoS attacks
A group of researchers have discovered a new type of DoS attack that can be pulled off by a single attacker exploiting weaknesses in the BitTorrent protocol family. The weaknesses in the Micro Tran...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/FUSeWaDyIkU/secworld.php
In eigener Sache: Wartungsarbeiten Dienstag, 18. August 2015
In eigener Sache: Wartungsarbeiten Dienstag, 18. August 2015 | 17. August 2015 | Am Dienstag, 18. August 2015, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies kann zu kurzen Service-Ausfällen führen (jeweils im Bereich weniger Minuten). Es gehen dabei keine Daten (zb Emails) verloren, es kann sich nur die Bearbeitung etwas verzögern. In dringenden Fällen können sie uns wie gewohnt...
http://www.cert.at/services/blog/20150817120322-1581.html
Windows Platform Binary Table (WPBT) - BIOS PE backdoor
[...] This feature allows a BIOS to deliver the payload of an executable, which is run in memory, silently, each time a system is booted. The executable code is run under under Session Manager context (i.e. SYSTEM).
http://www.securityfocus.com/archive/1/536181/30/0/threaded
VMSA-2015-0003.10
VMware product updates address critical information disclosure issue in JRE
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
TOTOLink Backdoor Persistence
Topic: TOTOLink Backdoor Persistence Risk: High Text:Hello, This is an update to: - Backdoor and RCE found in 8 TOTOLINK router models (
http://seclists.org/fulldisclosure/20...
http://cxsecurity.com/issue/WLB-2015080073
Bugtraq: BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities
http://www.securityfocus.com/archive/1/536220
OSIsoft PI Data Archive Server Vulnerabilities
This advisory provides mitigation details for 56 vulnerabilities that were identified in OSIsoft PI System software.
https://ics-cert.us-cert.gov/advisories/ICSA-15-225-01
Cisco Nexus Operating System Address Resolution Protocol Denial of Service Vulnerability
40469
http://tools.cisco.com/security/center/viewAlert.x?alertId=40469
Cisco TelePresence Video Communication Server Expressway Access Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40442
Cisco NX-OS Internet Group Management Protocol Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40470
F5 Security Advisories
Security Advisory: Multiple MySQL vulnerabilities
https://support.f5.com:443/kb/en-us/solutions/public/17000/100/sol17115.html?ref=rss
Security Advisory: Linux kernel vulnerability CVE-2015-1465
https://support.f5.com:443/kb/en-us/solutions/public/17000/100/sol17124.html?ref=rss
Security Advisory: Apache Commons FileUpload vulnerability CVE-2014-0050
https://support.f5.com:443/kb/en-us/solutions/public/15000/100/sol15189.html?ref=rss
Security Advisory: Linux kernel vulnerability CVE-2015-2042
https://support.f5.com:443/kb/en-us/solutions/public/17000/100/sol17118.html?ref=rss
IBM Security Bulletins
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Notes and Domino
http://www.ibm.com/support/docview.wss?uid=swg21963812
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Rational RequisitePro (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21960340
IBM Security Bulletin: Security Vulnerability in Apache Batik (CVE-2015-0250)
http://www.ibm.com/support/docview.wss?uid=swg21963994
IBM Security Bulletin: IBM WebSphere Application Server Liberty Profile vulnerability affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2015-1885)
http://www.ibm.com/support/docview.wss?uid=swg21964102
IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Content Classification CVE-2015-4760
http://www.ibm.com/support/docview.wss?uid=swg21963680
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM DataQuant for Workstation (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625)
http://www.ibm.com/support/docview.wss?uid=swg21963822
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Discovery (CVE-2015-1931 CVE-2015-2601 CVE-2015-2613 CVE-2015-2625)
http://www.ibm.com/support/docview.wss?uid=swg21963191
IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 5, affects: Websphere Dashboard Framework
http://www.ibm.com/support/docview.wss?uid=swg21963164
IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 5, affects: Lotus Widget Factory.
http://www.ibm.com/support/docview.wss?uid=swg21963161
Bugtraq: ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/archive/1/536237
Bugtraq: ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities
http://www.securityfocus.com/archive/1/536236
Bugtraq: ESA-2015-094: RSA Archer GRC Multiple Cross-Site Request Forgery Vulnerabilities
http://www.securityfocus.com/archive/1/536235
Bugtraq: ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities
http://www.securityfocus.com/archive/1/536234
WP REST API (WP API) <= 1.2.2 - Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8152
WP OAuth Server <= 3.1.4 - Insecure Pseudorandom Number Generation
https://wpvulndb.com/vulnerabilities/8153