End-of-Shift report
Timeframe: Montag 21-09-2015 18:00 − Dienstag 22-09-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Leaked D-Link security key allows hackers to disguise malware as legit
A leak of a major technology companys security key has been discovered, allowing hackers to convince Windows that their malware is legit.
...
While the key expired in early September, that still means that potential cyber-criminals had six months with which to sign their malware with D-Link's leaked key and bypass Microsoft Windows security measures by masquerading as a trusted piece of software.
http://www.scmagazine.com/leaked-d-link-security-key-allows-hackers-to-disguise-malware-as-legit/article/439815/
Apple watchOS2 Includes Host of Code-Execution Patches
Apple watchOS2 arrived with a host of security patches, including fixes for more than a dozen code-execution bugs.
http://threatpost.com/apple-watchos2-includes-host-of-code-execution-patches/114754/
How Exploit Kit Operators are Misusing Diffie-Hellman Key Exchange
Feedback from the Trend Micro Smart Protection Network has allowed us to discover that the notorious Angler and Nuclear exploit kits have included the latest Flash vulnerability (CVE-2015-5560) in their regular update. This means that systems with Adobe Flash Player 18.0.0.209 and earlier are vulnerable; however users running the latest version of Flash (18.0.0.232) are not affected.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XRj7PRLQnjU/
Swiss Advertising network compromised and distributing a Trojan
On September 11, 2015, MELANI / GovCERT.ch got informed by security researcher Kafeine about a popular advertising network in Switzerland that obviously got compromised by cybercriminals, leading to an exploit kit called Niteris. ... While investigating the incident, we noticed that the Exploit Kit that was injected into the Ad network was only serving malware when the visitor had a German or French User-Agent (HTTP Header Accept-Language).
http://www.govcert.admin.ch/blog/13/swiss-advertising-network-compromised-and-distributing-a-trojan
Xen Security Advisory 142 - libxl fails to honour readonly flag on disks with qemu-xen
Callers of libxl can specify that a disk should be read-only to the guest. However, there is no code in libxl to pass this information to qemu-xen (the upstream-based qemu); and indeed there is no way in qemu to make a disk read-only. ... Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images.
http://lists.xenproject.org/archives/html/xen-announce/2015-09/msg00003.html
NCSC publishes revised ICT security guidelines for web applications
In February 2012 the National Cyber Security Centre (NCSC) published the ICT security guidelines for web applications, a guide to developing, administering and providing web applications and the associated infrastructure more securely. The guidelines are broadly applicable to ICT solutions based on web applications.
https://www.ncsc.nl/english/current-topics/news/ncsc-publishes-revised-ict-security-guidelines-for-web-applications.html
Cisco Spark Mobile Application Man-in-the-Middle Vulnerability
A vulnerability in the Cisco Spark mobile application could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the affected device.
http://tools.cisco.com/security/center/viewAlert.x?alertId=41127
HOW TO: Setting up Encrypted Communications Channels in Oracle Database
In this article, I will explain how to set up an encrypted communications channel in Oracle Database. This is the third in a series of blog posts Ive published about encryption as it relates to databases.
https://www.trustwave.com/Resources/SpiderLabs-Blog/HOW-TO--Setting-up-Encrypted-Communications-Channels-in-Oracle-Database/
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli Workload Scheduler (CVE-2015-0478 and others)
http://www.ibm.com/support/docview.wss?uid=swg21966551
IBM Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Algorithmics One Core, Algo Risk Application, and Counterparty Credit Risk (CVE-2015-2808)
http://www.ibm.com/support/docview.wss?uid=swg21965555
IBM Security Bulletin: Multiple vulnerabilities in NTP, Hivex, glibc, libuser, BIND affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
http://www.ibm.com/support/docview.wss?uid=swg21966274
IBM Security Bulletin: Cross-Site Scripting vulnerabilities affect IBM Emptoris Strategic Supply Management Platform, Emptoris
http://www.ibm.com/support/docview.wss?uid=swg21966754
IBM Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Cast Iron
http://www.ibm.com/support/docview.wss?uid=swg21967077
IBM Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect IBM Algorithmics One Core, Algo Risk Application, and Counterparty Credit Risk (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21965554
IBM Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller and Storwize Family (CVE-2015-1831)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005335
Security Bulletin: Venom vulnerability affects IBM Flex System Manager (FSM) (CVE-2015-3456)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098681
IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, CVE-2015-0204)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005334