End-of-Shift report
Timeframe: Dienstag 18-08-2015 18:00 − Mittwoch 19-08-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
SANS Incident Response Survey 2015 Infographic
So, you have a security policy, a blue team tasked with protecting your organization and an incident response plan. What happens when the inevitable occurs - you are attacked? SANS just released their 2015 Incident Response survey, summarizing results from 507 survey respondents who shared the top attack types they are seeing, and what is (and it not) working today in terms of incident response. The good news: malware, data breaches and Advanced Persistent Threats (APT's) were all...
https://www.alienvault.com/blogs/security-essentials/sans-incident-response-survey-2015-infographic-1
Who should be responsible for IT security?
Hot potato, or hot job? Typically, when a cybersecurity problem arises, it's the IT department that gets it in the neck. Ostensibly, that makes sense. After all, if someone is in your network mining your database for corporate secrets, it's hardly the office manager or the accounts receivable department's lookout, right?
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/18/responsibility_for_it_security/
Kehrtwende bei Mail-Sicherheit: Web.de und GMX führen DANE ein
Mit seinen beiden Diensten gehört United Internet zu den Gründern der Initiative "E-Mail made in Germany", die ein eigenes Verfahren für die Absicherung des Mail-Transports einsetzt. Dennoch soll nun die moderne DANE-Technik hinzukommen.
http://heise.de/-2782473
Später lesen: Schwerwiegende Backend-Lücken in Pocket nachgewiesen
Ohne viel Aufwand hat ein Sicherheitsforscher auf die Backend-Infrastruktur von Pocket zugreifen können. Die Fehler sind zwar inzwischen behoben, dem Streit um die Aufnahme der App zum späteren Lesen in den Firefox-Browser könnte dies aber neuen Anschub geben.
http://www.golem.de/news/spaeter-lesen-schwerwiegende-backend-luecken-in-pocket-nachgewiesen-1508-115846-rss.html
Outsourcing critical infrastructure (such as DNS), (Wed, Aug 19th)
Migrating everything to cloud or various online services is becoming increasingly popular in last couple of years (and will probably not stop). However, leaving our most valuable jewels with someone else makes a lot of security people (me included) nervous. During some of the latest external penetration tests I noticed an increasing trend of companies moving some of their services to various cloud solutions or to their providers.target.com. IN ANSWER SECTION: target.com. 1365 IN NS
https://isc.sans.edu/diary.html?storyid=20057&rss
IE Bug Exploited In Wild After Microsoft Releases Out-Of-Band Patch
Remote code execution vulnerability in Internet Explorer versions 7 through 11 being used to drop PlugX RAT.
http://www.darkreading.com/attacks-breaches/ie-bug-exploited-in-wild-after-microsoft-releases-out-of-band-patch/d/d-id/1321820
MS15-093 - Critical: Security Update for Internet Explorer (3088903) - Version: 1.0
This security update resolves a vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
https://technet.microsoft.com/en-us/library/security/MS15-093
Security Hotfix Available for LiveCycle Data Services (APSB15-20)
A Security Bulletin (APSB15-20) has been published regarding a hotfix for LiveCycle DS. This hotfix addresses an important vulnerability that could result in information disclosure. Adobe recommends users apply the hotfix using the instructions provided in the "Solution" section of the Security Bulletin.
https://blogs.adobe.com/psirt/?p=1259
Fortinet FortiGate/FortiOS MAC Authentication Flaw Lets Remote Users Modify Data on the Target System
http://www.securitytracker.com/id/1033256
Security Notice - Statement on "Fingerprints on Mobile Devices: Abusing and Leaking" at the Black Hat Conference
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-450997.htm
DSA-3337 gdk-pixbuf - security update
Gustavo Grieco discovered a heap overflow in the processing of BMP imageswhich may result in the execution of arbitrary code if a malformed imageis opened.
https://www.debian.org/security/2015/dsa-3337
Security Advisory: ICMP packet processing vulnerability CVE-2015-5058
https://support.f5.com:443/kb/en-us/solutions/public/17000/000/sol17047.html?ref=rss
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime and IBM WebSphere Application Server Liberty Profile affect WebSphere Appliance Management Center
http://www.ibm.com/support/docview.wss?uid=swg21963684
IBM Security Bulletin: Websphere Message Broker and IBM Integration Bus are affected by access control vulnerability (CVE-2015-2018)
http://www.ibm.com/support/docview.wss?uid=swg21961734
Security Bulletin: Vulnerabilities in SSLv3 and GNU C library (glibc) affect multiple products shipped with Intelligent Cluster (CVE-2014-3566, CVE-2015-0235)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098516
Cisco TelePresence Video Communication Server Expressway Command Execution Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40522
Cisco Unified Interaction Manager Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40555
Cisco TelePresence Video Communication Server Expressway Arbitrary File Injection Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40518
Multiple Cisco Finesse Cross-Site Scripting Vulnerabilities
http://tools.cisco.com/security/center/viewAlert.x?alertId=40436