End-of-Shift report
Timeframe: Montag 31-08-2015 18:00 − Dienstag 01-09-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
How the SIEM Solution Can Help in Achieving PCI-DSS
We all know that PCI-DSS is one of the toughest compliances/certifications to hold, but organizations that seek to be PCI-DSS compliant can greatly benefit if they incorporate a SIEM solution around the Card Holder Data Environment (CDE). In this article, we will learn how the SIEM solution can be leveraged to satisfy a majority of...
http://resources.infosecinstitute.com/how-the-siem-solution-can-help-in-achieving-pci-dss/
Microsoft accused of adding spy features to Windows 7, 8
The privacy impact of Windows telemetry features continues to be scrutinized.
http://arstechnica.com/information-technology/2015/08/microsoft-accused-of-adding-spy-features-to-windows-7-8/
ORX Locker, the new Darknet Ransomware-as-a-service platform
Security experts at Sensecy have uncovered ORX-Locker, a Darknet Ransomware-as-a-service platform that could allow everyone to become a cyber criminal. It is becoming even easier to become a cyber-criminal thanks to the model of sale known as malware-as-a-service that offers off-the-shelf malware for rent or sale. Recently malware authors started to offer also Ransomware-as-a-Service (RaaS), in...
http://securityaffairs.co/wordpress/39753/cyber-crime/orx-locker-raas.html
3430
l+f: Simuliertes Firmennetz als Spielwiese für Hacker
Im simulierten Netzwerk des Penetration Test Lab kann man virtuellen Systemen mit echten Pentesting-Tools auf den Zahn fühlen.
http://heise.de/-2795897
Android: Mehr Smartphones mit vorinstallierter Malware
Zwischenhändler sollen immer mehr Modelle aus dem Android-Lager vor dem Verkauf manipulieren, indem sie beliebte Apps mit Malware-Komponenten ausstatten und auf den Geräten installieren.
http://heise.de/-2794608
MassVet finds unknown malicious apps in app stores in 10 Sec
A group of researchers have developed a method dubbed Mass Vetting (MassVet) to find unknown malicious apps in app stores in 10 Seconds. A group of University researchers has created a new method for detecting malicious apps running on an Android devices called MassVet. MassVet doesn't use the old method of signatures scanning, instead it compares...
http://securityaffairs.co/wordpress/39762/malware/massvet-android-scan.html
iOS-Trojaner ermöglichte Einkauf im App Store mit gehackten Accounts
Palo Alto Networks hat Details zu der letzte Woche entdeckten Hintertür in mehreren in China verteilten Jailbreak-Apps und Tweaks genannt. Demnach arbeitet die Malware äußerst trickreich. Gestohlen wurden 225.000 iCloud-Accounts.
http://heise.de/-2795857
Tired of memorizing passwords? A Turing Award winner came up with this algorithmic trick
Passwords are a bane of life on the Internet, but one Turing Award winner has an algorithmic approach that he thinks can make them not only easier to manage but also more secure.The average user has some 20 passwords today, and in general the easier they are to remember, the less secure they are. When passwords are used across multiple websites, they become even weaker.Manuel Blum, a professor of computer science at Carnegie Mellon University who won the Turing Award in 1995, has been working...
http://www.csoonline.com/article/2978170/data-protection/tired-of-memorizing-passwords-a-turing-award-winner-came-up-with-this-algorithmic-trick.html#tk.rss_applicationsecurity
What Can you Learn from Metadata?
An Australian reporter for the ABC, Will Ockenden published a bunch of his metadata, and asked people to derive various elements of his life. They did pretty well, even though they were amateurs, which should give you some idea what professionals can do....
https://www.schneier.com/blog/archives/2015/09/what_can_you_le.html
Cisco AsyncOS for Cisco Email Security Appliance and Cisco Web Security Appliance Cluster Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39785
Cisco ASR 1000 Series Aggregation Services Routers Data-Plane Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40708
DSA-3346 drupal7 - security update
Several vulnerabilities were discovered in Drupal, a content managementframework:
https://www.debian.org/security/2015/dsa-3346
IBM Security Bulletins
https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_gb
Bugtraq: [security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information
http://www.securityfocus.com/archive/1/536363
Bugtraq: [security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information
http://www.securityfocus.com/archive/1/536364
DFN-CERT-2015-1329: MediaWiki: Mehrere Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1329/
Security Advisory: Apache HTTP server vulnerability CVE-2008-0455
(SOL17201)
https://support.f5.com:443/kb/en-us/solutions/public/17000/200/sol17201.html?ref=rss
USN-2727-1: GnuTLS vulnerabilities
Ubuntu Security Notice USN-2727-11st September, 2015gnutls28 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04SummaryGnuTLS could be made to crash or run programs if it processed a speciallycrafted certificate.Software description gnutls28 - GNU TLS library DetailsIt was discovered that GnuTLS incorrectly handled parsing CRL distributionpoints. A remote attacker could possibly use this issue to cause a denialof service, or execute arbitrary
http://www.ubuntu.com/usn/usn-2727-1/
USN-2726-1: Expat vulnerability
Ubuntu Security Notice USN-2726-131st August, 2015expat vulnerabilityA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryExpat could be made to crash or run programs as your login if it opened aspecially crafted file.Software description expat - XML parsing C library DetailsIt was discovered that Expat incorrectly handled malformed XML data. If auser or application linked against Expat were tricked into opening acrafted
http://www.ubuntu.com/usn/usn-2726-1/
VU#361684: Router devices do not implement sufficient UPnP authentication and security
Vulnerability Note VU#361684 Router devices do not implement sufficient UPnP authentication and security Original Release date: 31 Aug 2015 | Last revised: 31 Aug 2015 Overview Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures. Description The UPnP protocol allows automatic device discovery and interaction with devices on a network. The UPnP protocol was originally designed with the threat model of
http://www.kb.cert.org/vuls/id/361684
VU#201168: Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities
Vulnerability Note VU#201168 Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities Original Release date: 31 Aug 2015 | Last revised: 31 Aug 2015 Overview Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-5987DNS queries originating from the Belkin N600, such as those to resolve the names of firmware
http://www.kb.cert.org/vuls/id/201168