End-of-Shift report
Timeframe: Dienstag 05-01-2016 18:00 − Donnerstag 07-01-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Ab Dienstag: Aus für Internet Explorer 8, 9 und 10
Microsoft stellt ab dem 12. Jänner den Support für die veralteten Internet-Explorer-Versionen 8,9 und 10 ein. Diese erhalten künftig keine Updates mehr.
http://futurezone.at/produkte/ab-dienstag-aus-fuer-internet-explorer-8-9-und-10/173.541.768
https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support
Site Updates: ISC/DShield API and ipinfo_ascii.html Page, (Wed, Jan 6th)
We are planning a couple of updates to the ways data can be retrieved automatically from this site. The main reason for this is to make it easier for us to maintain and support some of these features. The main idea will be that we focus automatic data retrieval to our API (isc.sans.edu/api or dshield.org/api). It should be the only place that is used to have scripts retrieve data. In the past, we had a couple of other pages that supported automatic data retrieval. For example, ipinfo_ascii.html...
https://isc.sans.edu/diary.html?storyid=20577&rss
How long is your password? HTTPS Bicycle attack reveals that and more
Get your 2FA on, slackers A new attack on supposedly secure communication streams raises questions over the resilience of passwords, security researchers warn.
http://go.theregister.com/feed/www.theregister.co.uk/2016/01/06/https_bicycle/
Mozilla warns Firefox fans its SHA-1 ban could bork their security
Protection mechanism screws other protection mechanisms. What a tangled web we weave Mozilla has warned Firefox users they may be cut off from more of the web than expected - now that the browser rejects new HTTPS certificates that use the weak SHA-1 algorithm.
http://go.theregister.com/feed/www.theregister.co.uk/2016/01/07/mozilla_warns_firefox_users_that_sha1_ban_could_bork_their_security/
https://blog.mozilla.org/security/2016/01/06/man-in-the-middle-interfering-with-increased-security/
MD5/SHA1: Sloth-Angriffe nutzen alte Hash-Algorithmen aus
Neue Angriffe gegen TLS: Krypto-Forscher präsentieren mit Sloth mehrere Schwächen in TLS-Implementierungen und im Protokoll selbst. Am kritischsten ist ein Angriff auf Client-Authentifizierungen mit RSA und MD5.
http://www.golem.de/news/md5-sha1-sloth-angriffe-nutzen-alte-hash-algorithmen-aus-1601-118381-rss.html
Encrypted Blackphone Patches Serious Modem Flaw
msm1267 writes: Silent Circle, makers of the security and privacy focused Blackphone, have patched a vulnerability that could allow a malicious mobile application or remote attacker to access the devices modem and perform any number of actions. Researchers at SentinelOne discovered an open socket on the Blackphone that an attacker could abuse to intercept calls, set call forwarding, read SMS messages, mute the phone and more. Blackphone is marketed toward privacy-conscious users; it includes...
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ocmLGjQf8XY/encrypted-blackphone-patches-serious-modem-flaw
OS-X-Security-and-Privacy-Guide
This is a collection of thoughts on securing a modern Apple Mac computer using OS X 10.11 "El Capitan", as well as steps to improving online privacy. This guide is targeted to "power users" who wish to adopt enterprise-standard security, but is also suitable for novice users with an interest in improving their privacy and security on a Mac.
https://github.com/drduh/OS-X-Security-and-Privacy-Guide
Drupal - Insecure Update Process
Just a few days after installing Drupal v7.39, I noticed there was a security update available: Drupal v7.41. This new version fixes an open redirect in the Drupal core. In spite of my Drupal update process checking for updates, according to my local instance, everything was up to date: Issue #1: Whenever the Drupal update process fails, Drupal states that everything is up to date instead of giving a warning.
http://blog.ioactive.com/2016/01/drupal-insecure-update-process.html
Jetzt Update installieren: WordPress behebt XSS-Lücke
Über eine Cross-Site-Scripting-Schwachstelle können Angreifer WordPress-Installationen kompromittieren. Betroffen sind alle Versionen bis einschließlich WordPress 4.4.
http://heise.de/-3065193
https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
AVM-Router: Fritzbox-Lücke erlaubt Telefonate auf fremde Kosten
Durch eine kritische Lücke in den Fritzboxen können Angreifer etwa Telefonate auf fremde Rechnung führen und Code als Root ausführen. Die Lücke hat AVM bereits geschlossen, die Details wurden jedoch bis heute unter Verschluss gehalten.
http://heise.de/-3065588
A new, open source tool proves: Even after patching, deserializing will still kill you
Whats the problem here? ... When deserializing most objects, the code calls ObjectInputStream#resolveClass() as part of the process. This method is where all the patches and hardening against recent exploits take place. Because that method is never involved in deserializing Strings, anyone can use this to attack an application thats "fully patched" against the recent spate of attacks.
https://www.contrastsecurity.com/security-influencers/java-deserializing-open-source-tool
rt-sa-2015-001
AVM FRITZ!Box: Remote Code Execution via Buffer Overflow
https://www.redteam-pentesting.de/advisories/rt-sa-2015-001.txt
rt-sa-2014-014
AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images
https://www.redteam-pentesting.de/advisories/rt-sa-2014-014.txt
Bugtraq: [SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499)
[SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499)
http://www.securityfocus.com/archive/1/537244
DFN-CERT-2016-0023: Node.js-WS: Eine Schwachstelle ermöglicht das Ausspähen von Informationen
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0023/
DFN-CERT-2016-0028: Shotwell: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0028/
DFN-CERT-2016-0004: Mozilla Thunderbird, Debian Icedove: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes
Version 3 (2016-01-05 17:52) | Debian stellt für die Distributionen Wheezy (old stable), Jessie (stable) und Stretch (testing) Sicherheitsupdates auf die Icedove Version 38.5.0 bereit. Die Schwachstellen CVE-2015-7210 und CVE-2015-7222 werden von diesen nicht adressiert.
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0004/
Security Advisory: QEMU vulnerability CVE-2012-3515
https://support.f5.com:443/kb/en-us/solutions/public/k/13/sol13405416.html?ref=rss
Security Advisory: Out-of-bounds memory vulnerability with the BIG-IP APM system CVE-2015-8098
https://support.f5.com:443/kb/en-us/solutions/public/k/43/sol43552605.html?ref=rss
DSA-3435 git - security update
Blake Burkhart discovered that the Git git-remote-ext helper incorrectlyhandled recursive clones of git repositories. A remote attacker couldpossibly use this issue to execute arbitary code by injecting commandsvia crafted URLs.
https://www.debian.org/security/2016/dsa-3435
Advantech EKI Vulnerabilities (Update B)
This updated advisory is a follow-up to the updated advisory titled ICSA-15-344-01A Advantech EKI Vulnerabilities that was published December 15, 2015, on the NCCIC/ICS-CERT web site. This advisory provides information regarding several vulnerabilities in Advantech's EKI devices.
https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01
D-Link DCS-931L Arbitrary File Upload
Topic: D-Link DCS-931L Arbitrary File Upload Risk: High Text:## # This module requires Metasploit:
http://metasploit.com/download # Current source:
https://github.com/rapid7/metasploit-f...
https://cxsecurity.com/issue/WLB-2016010028