End-of-Shift report
Timeframe: Freitag 28-08-2015 18:00 − Montag 31-08-2015 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
OWASP veröffentlicht Handbuch zum Schutz gegen automatisierte Angriffe
Als Hilfe für das Absichern von Webanwendungen hat die Non-Profit-Organisation OWASP ein Handbuch für Entwickler herausgebracht, das bislang wenig beachtete Angriffe beschreibt.
http://heise.de/-2794167
Spionage-Trojaner Regin: Symantec entdeckt 49 weitere Module
Das Sicherheitsunternehmen Symantec hatte Ende des vergangenen Jahres die Ausspähungssoftware "Regin" entdeckt. Nun warten die Experten mit neuen Einzelheiten auf.
http://heise.de/-2794176
Linux Foundation releases PARANOID internal infosec guide
Workstation security tips for system administrators. Linux Foundation project director Konstantin Ryabitsev has publicly-released the penguinistas internal hardening requirements to help sysadmins and other paranoid tech bods and system administrators secure their workstations.
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/31/harden_like_linux_foundation/
Detecting file changes on Microsoft systems with FCIV, (Mon, Aug 31st)
Microsoft releases often interesting tools to help system administrators and incident handlers to investigate suspicious activities on Windows systems. In 2012, they released a free tool called FCIV(File Checksum Integrity Verifier)(1). It is a stand alone executable which does not require any DLL or other resources. Just launch it from any location.Its goal is to browse a file system or some directories recursively and to generate MD5/SHA1 hashes of all the files found. The results are saved in a...
https://isc.sans.edu/diary.html?storyid=20091&rss
Schwachstellen in Kontrollsoftware von Kraftwerken und Raffinerien
Siemens und Schneider Electric haben eine Reihe von Lücken in SCADA-Systemen geschlossen. Zum Teil kommt die betroffene Software auch in deutschen Kraftwerken zum Einsatz.
http://heise.de/-2794724
Security: Standardpasswörter bei Heimroutern entdeckt
Mindestens fünf Router diverser Hersteller haben leicht zu erratene Standardpasswörter für den administrativen Zugang. Mit ihnen lassen sich die Geräte aus der Ferne manipulieren.
http://www.golem.de/news/security-standardpasswoerter-bei-heimroutern-entdeckt-1508-116028-rss.html
Contributor Conference: Owncloud führt Programm für Bug-Bounties ein
Hacker können nun auch mit der Sicherheitsprüfung von Owncloud Geld verdienen. Die Prämien können sich allerdings noch nicht mit denen von großen Unternehmen wie Google oder Microsoft messen.
http://www.golem.de/news/contributor-conference-owncloud-fuehrt-programm-fuer-bug-bounties-ein-1508-116016-rss.html
Whos afraid of shadow IT?
One of the biggest disruptions in the IT world is the quantity and quality of SaaS tools. From email and storage, to phone systems and infrastructure, it has never been easier to use top of the range ...
http://www.net-security.org/article.php?id=2373
KeyRaider Malware Steals Certificates, Keys and Account Data From Jailbroken iPhones
Researchers have discovered a new strain of iOS malware dubbed KeyRaider that targets jailbroken devices and has the ability to steal certificates, private keys, and Apple account information. The malware already has claimed the private Apple account data of more than 225,000 victims. The KeyRaider malware was discovered by researchers at Palo Alto Networks, who...
http://threatpost.com/keyraider-malware-steals-certificates-keys-and-account-data-from-jailbroken-iphones/114473
SSD Advisory - AppLock Multiple Vulnerabilities
The following report describes three ( 3 ) different vulnerabilities found in the AppLock, an Android application, with over 10 Millions of downloads, used to secure pictures, videos and application with a PIN code.
https://blogs.securiteam.com/index.php/archives/2558
DRDoS, UDP-Based protocols and BitTorrent
On July 1st, 2015, the security team at BitTorrent received a report [1] from Florian Adamsky about Distributed Reflective Denial of Service (DRDoS) vulnerabilities affecting several BitTorrent products making use of UDP-based [2] protocols. uTorrent, BitTorrent and BitTorrent Sync use the Micro Transport Protocol (µTP) [3] implementation in libuTP [4] as the preferred transport backend running on top of UDP. While these vulnerabilities have been described before in other alerts [5] in...
http://engineering.bittorrent.com/2015/08/27/drdos-udp-based-protocols-and-bittorrent/
Patch für Schwachstelle in Hewlett Packard lt4112 LTE/HSPA+ Gobi 4G Module (Remote Execution of Arbitrary Code)
Hewlett Packard hat ein Security Bulletin zu einer Sicherheitslücke im HP lt4112 LTE/HSPA+ Gobi 4G Module veröffentlicht. Die Schwachstelle erlaubt einem entfernten Angreifer das Ausführen beliebigen Codes. Ein Firmware-Update, welches das Problem behebt, ist verfügbar. CVE-Nummern: CVE-2015-5367, CVE-2015-5367 CVSS2 Base Score: 6.9...
http://www.cert.at/services/blog/20150831172201-1588.html
TA15-240A: Controlling Outbound DNS Access
Original release date: August 28, 2015 Systems Affected Networked systems Overview US-CERT has observed an increase in Domain Name System (DNS) traffic from client systems within internal networks to publically hosted DNS servers. Direct client access to Internet DNS servers, rather than controlled access through enterprise DNS servers, can expose an organization to unnecessary security risks and system inefficiencies. This Alert provides recommendations for improving security related to...
https://www.us-cert.gov/ncas/alerts/TA15-240A
NetIQ Access Manager 4.1 Support Pack 1 Hot Fix 1 4.1.1.1-9
Abstract: NetIQ Access Manager 4.1 Support Pack 1 Hot Fix 1 build (version 4.1.1.1-9). This file contains updates for services contained in the NetIQ Access Manager 4.1 product and requires 4.1 SP1 to be installed as a minimum. NetIQ recommends that all customers running Access Manager 4.1 release code apply this patch. The purpose of the patch is to provide a bundle of fixes for security issues that have surfaced since NetIQ Access Manager 4.1 SP1 was released. These fixes include updates to...
https://download.novell.com/Download?buildid=ceIVdhBEV2o~
Edimax PS-1206MF Web Admin Auth Bypass
Topic: Edimax PS-1206MF Web Admin Auth Bypass Risk: High Text:# Title: Edimax PS-1206MF - Web Admin Auth Bypass # Date: 30.08.15 # Vendor: edimax.com # Firmware version: 4.8.25 # Author...
http://cxsecurity.com/issue/WLB-2015080183
HPSBMU03416 rev.1 - HP Data Protector, Remote Disclosure of Information
A potential security vulnerability has been identified with HP Data Protector. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information.
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04776510
IBM Security Bulletins
IBM Security Bulletin: Potential Information Disclosure vulnerability could expose user personal data in WebSphere Commerce (CVE-2015-4980)
http://www.ibm.com/support/docview.wss?uid=swg21965013
IBM Security Bulletin: Java CVE-2015-2590
http://www.ibm.com/support/docview.wss?uid=nas8N1020888
IBM Security Bulletin: Vulnerabilities in OpenSSL affect Sterling Connect:Direct for HP NonStop (CVE-2015-1792, CVE-2015-1789, CVE-2015-1790)
http://www.ibm.com/support/docview.wss?uid=swg21963603
IBM Security Bulletin: Apache Tomcat Vulnerability in Algo Audit and Compliance (CVE-2014-0230 )
http://www.ibm.com/support/docview.wss?uid=swg21963664
IBM Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2014-0230)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005258
IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation and Rational Requirements Composer with potential for Cross Site Scripting attack (CVE-2015-1917)
http://www.ibm.com/support/docview.wss?uid=swg21713610
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Storwize V7000 Unified (CVE-2013-7423)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005316
Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Flex System Manger (FSM) (CVE-2013-2877, CVE-2014-0191, CVE-2014-3660)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098592
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) (Multiple CVEs)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098591
WordPress Responsive Thumbnail Slider 1.0 Shell Upload
Topic: WordPress Responsive Thumbnail Slider 1.0 Shell Upload Risk: High Text:<!-- # Exploit Title: Wordpress Responsive Thumbnail Slider Arbitrary File Upload # Date: 2015/8/29 # Exploit Author: Arash ...
http://cxsecurity.com/issue/WLB-2015080170