Tageszusammenfassung - Dienstag 5-01-2016

End-of-Shift report

Timeframe: Montag 04-01-2016 18:00 − Dienstag 05-01-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

ProxieBack sneakily uses the victims server to bypass its own security

Palo Alto Networks has come across a new family of proxy-creating malware, called ProxyBack, that the company believes has been in the wild since 2014 and may have more than 20 versions now running.

http://www.scmagazine.com/proxieback-sneakily-uses-the-victims-server-to-bypass-its-own-security/article/462417/

Hocus-pocus! The stupidity of cybersecurity predictions

Every year, some publication asks me to come up with a list of my top 10 predictions for the security field, and every year I tell them they might as well just dust off an article I wrote a year earlier, with maybe a couple of buzzwords and a new technology added on. What you can generally expect in any given year is more of the same, with some slight variations.That doesn't stop people from making predictions, though. Vendors and supposed experts can't seem to control the urge, but...

http://www.cio.com/article/3019071/security/hocus-pocus-the-stupidity-of-cybersecurity-predictions.html

Matthew Garrett: Apple-Rechner eignen sich nicht für vertrauliche Arbeiten

Zwar kann mit UEFI Secure Boot und TPMs der Startprozess von Windows- und Linux-Rechnern einigermaßen abgesichert werden - dies ließe sich aber verbessern, sagt Security-Experte Matthew Garrett. Katastrophal sei die Lage dagegen bei Apple.

http://www.golem.de/news/matthew-garrett-apple-rechner-eignen-sich-nicht-fuer-vertrauliche-arbeiten-1601-118332-rss.html

Comcast Home Security System Vulnerable to Attack

Comcast's Xfinity Home Security System is vulnerable to attacks that interfere with its ability to detect and alert to home intrusions.

http://threatpost.com/comcast-home-security-system-vulnerable-to-attack/115774/

Using IDAPython to Make Your Life Easier: Part 3

In the first two posts of this series (Part 1 and Part 2), we discussed using IDAPython to make your life as a reverse engineer easier. Now let's look at conditional breakpoints. While debugging in...

http://researchcenter.paloaltonetworks.com/2016/01/using-idapython-to-make-your-life-easier-part-3/

HTML5 Security Cheat Sheet

This OWASP cheat sheet serves as a guide for implementing HTML5 in a secure fashion. Contents include:Communication APIsStorage APIsGeolocationWeb WorkersSandboxed FramesOffline ApplicationsAnd...

http://www.net-security.org/secworld.php?id=19279

Nexus Security Bulletin - January 2016

We have released a security update to Nexus devices through an over-the-air (OTA) update as part of our Android Security Bulletin Monthly Release process. [...] The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

https://source.android.com/security/bulletin/2016-01-01.html

DSA-3432 icedove - security update

Multiple security issues have been found in Icedove, Debians version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors,integer overflows, buffer overflows and other implementation errors maylead to the execution of arbitrary code or denial of service.

https://www.debian.org/security/2016/dsa-3432

Puppet Enterprise Configuration Error Lets Remote Non-Whitelisted Users Access the Target System

http://www.securitytracker.com/id/1034550

Cisco Security Advisories

IBM Security Bulleins

IBM Security Bulletin: Vulnerability in OpenSSL affects Rational Tau (CVE-2015-3194)

http://www.ibm.com/support/docview.wss?uid=swg21973108

IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Kenexa LCMS Premier on Cloud (CVE-2015-7450)

http://www.ibm.com/support/docview.wss?uid=swg21972649

IBM Security Bulletin: Vulnerabilities in OpenSource Dojo ToolKit affects IBM InfoSphere Master Data Management ( CVE-2015-5654)

http://www.ibm.com/support/docview.wss?uid=swg21972787

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Partner Gateway Advanced/Enterprise editions(CVE-2015-4872)

http://www.ibm.com/support/docview.wss?uid=swg21973241

IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2015-7456)

http://www.ibm.com/support/docview.wss?uid=ssg1S1005574

IBM Security Bulletin: Vulnerability in IBM TRIRIGA Application Platform (CVE-2015-7450)

http://www.ibm.com/support/docview.wss?uid=swg21972369

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business

http://www.ibm.com/support/docview.wss?uid=swg21973135

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2015-5006, CVE-2015-4872)

http://www.ibm.com/support/docview.wss?uid=swg21972446

IBM Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affects IBM Rational Application Developer for WebSphere Software (CVE-2015-4872)

http://www.ibm.com/support/docview.wss?uid=swg21973785

IBM Security Bulletin: IBM Tealeaf Customer Experience allows unauthorized access to system files (CVE-2015-4988)

http://www.ibm.com/support/docview.wss?uid=swg21968868

IBM Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affects IBM Rational Application Developer for WebSphere Software (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931)

http://www.ibm.com/support/docview.wss?uid=swg21972455

IBM Security Bulletin:Vulnerability in OpenSSL affects IBM PureApplication System. (CVE-2015-1788)

http://www.ibm.com/support/docview.wss?uid=swg21974116

IBM Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues

http://www.ibm.com/support/docview.wss?uid=swg21972384 Next End-of-Shift report on 2016-01-07