End-of-Shift report
Timeframe: Mittwoch 02-09-2015 18:00 − Donnerstag 03-09-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Neuer Banking-Trojaner taucht auch in Österreich auf
IBM-Forscher haben mit "Shifu" einen neuen Trojaner identifiziert, der es auf Banken aus Deutschland, Japan und Österreich abgesehen hat.
http://futurezone.at/digital-life/neuer-banking-trojaner-taucht-auch-in-oesterreich-auf/150.654.930
New Versions of Carbanak Banking Malware Seen Hitting Targets in U.S. and Europe
New variants of the notorious Carbanak Trojan has surfaced in Europe and the United States, and researchers say that the malware now has its own proprietary communications protocol and the samples seen so far have been digitally signed. Carbanak has been in use for several years, and researchers at Kaspersky Lab earlier this year revealed the...
http://threatpost.com/new-versions-of-carbanak-banking-malware-seen-hitting-targets-in-u-s-and-europe/114522
Cross-Site-Scripting: Netflix stellt Tool zum Auffinden von Sicherheitslücken vor
Der Streamingdienst Netflix erstellt nicht nur aufwendige Eigenproduktionen, sondern entwickelt auch Sicherheitstools. Jetzt hat das Unternehmen ein Werkzeug zum Auffinden von Schwächen von Cross-Site-Scripting vorgestellt.
http://www.golem.de/news/cross-site-scripting-netflix-stellt-tool-zum-auffinden-von-sicherheitsluecken-vor-1509-116117-rss.html
New Android Ransomware Communicates over XMPP
A new strain of Android ransomware disguised as a video player app uses an instant messaging protocol called XMPP to receive commands and communicate with the command and control server.
http://threatpost.com/new-android-ransomware-communicates-over-xmpp/114530
CVE-2015-5722: Parsing malformed keys may cause BIND to exit due to a failed assertion in buffer.c
Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from a zone containing a deliberately malformed key.
https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/
CVE-2015-5986: An incorrect boundary check can trigger a REQUIRE assertion failure in openpgpkey_61.c
An incorrect boundary check in openpgpkey_61.c can cause named to terminate due to a REQUIRE assertion failure. This defect can be deliberately exploited by an attacker who can provide a maliciously constructed response in answer to a query.
https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/
Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs
Symantec Ghost Explorer Utility Tool Out-of-Bounds Array Indexing
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150902_00
EMC Atmos XML External Entity Processing Flaw Lets Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1033456
Bugtraq: [SYSS-2015-016] Avaya one-X Agent - Hard-coded Cryptographic Key
http://www.securityfocus.com/archive/1/536386
Bugtraq: Checkmarx CxQL Sandbox bypass (CVE-2014-8778)
http://www.securityfocus.com/archive/1/536387
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect Watson Explorer, Watson Content Analytics, and OmniFind Enterprise Edition (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931)
http://www.ibm.com/support/docview.wss?uid=swg21965348
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Proventia Network Enterprise Scanner (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3216)
http://www.ibm.com/support/docview.wss?uid=swg21965845
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Controller (CVE-2015-1793)
http://www.ibm.com/support/docview.wss?uid=swg21965725
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Security Network Controller (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21964035
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Sterling Connect:Direct Browser User Interface
http://www.ibm.com/support/docview.wss?uid=swg21965448
IBM Security Bulletin: Multiple Security Issues in IBM Media Server Due to OpenSSL Issues
http://www.ibm.com/support/docview.wss?uid=swg21963783
IBM Security Bulletin: Multiple security vulnerabilities have been identified in IBM Security Identity Manager Virtual Appliance (CVE-2015-1788 and CVE-2015-1885)
http://www.ibm.com/support/docview.wss?uid=swg21964241
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Flex System Power Compute Node Firmware (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=isg3T1022656
ZDI-15-418: (0Day) Borland AccuRev Reprise License Server edit_lf_process Remote Code Execution Vulnerability
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Ejh3XZSEdr0/
ZDI-15-417: (0Day) Borland AccuRev Reprise License Server edit_lf_get_data Command lf Parameter Path Traversal Read Vulnerability
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/hC9GLRY4Jiw/
ZDI-15-416: (0Day) Borland AccuRev Reprise License Server service_setup_doit Command Stack Buffer Overflow Vulnerability
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/BQougUpI_Ys/
ZDI-15-415: (0Day) Borland AccuRev Reprise License Management Server Path Traversal Remote Code Execution Vulnerability
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/WM0upaoUI1c/
ZDI-15-414: (0Day) Borland AccuRev Reprise License Server activate_doit Command actserver Parameter Stack Buffer Overflow Vulnerability
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Nr36Je9oEJU/
ZDI-15-413: (0Day) Borland AccuRev Reprise License Server diagnostics_doit Command outputfile Parameter File Overwrite Denial of Service Vulnerability
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/fhh7V-Xsyjc/
ZDI-15-412: (0Day) Borland AccuRev Reprise License Server activate_doit Command akey Parameter Stack Buffer Overflow Vulnerability
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/q60XWhjbHKo/
ZDI-15-411: (0Day) Borland AccuRev SaveContentServiceImpl Servlet Path Traversal Remote File Read And Deletion Vulnerabilities
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/oMSmmw2PaFA/