End-of-Shift report
Timeframe: Donnerstag 07-01-2016 18:00 − Freitag 08-01-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Upcoming Security Updates for Adobe Acrobat and Reader (APSB16-02)
A prenotification Security Advisory (APSB16-02) has been posted regarding upcoming updates for Adobe Acrobat and Reader scheduled for Tuesday, January 12, 2016. We will continue to provide updates on the upcoming release via the Security Advisory as well as the...
https://blogs.adobe.com/psirt/?p=1308
Android-powered smart TVs targeted by malicious apps
Smart TVs running older versions of Android are being targeted by several websites offering apps containing malware, according to Trend Micro.The security vendor wrote on Thursday that it found a handful of app websites targeting people in the U.S. and Canada by offering the malicious apps.The apps are exploiting a flaw in Android that dates to 2014, showing that many smart TVs do not have the latest patches."Most smart TVs today use older versions of Android, which still contain this...
http://www.cio.com/article/3020357/android-powered-smart-tvs-targeted-by-malicious-apps.html#tk.rss_security
Good news, OAuth is almost secure
Boffins turn up a couple of protocol vulns in Facebooks login stanard German boffins believe there are protocol flaws in Facebooks ubiquitous OAuth protocol that render it vulnerable to attack.
http://go.theregister.com/feed/www.theregister.co.uk/2016/01/08/good_news_oauth_is_ialmosti_secure/
Anschlussmissbrauch durch schwerwiegende Lücke bei o2
Seit über einem Jahr versucht o2 eine Schwachstelle im DSL-Netz zu schließen, durch die man fremde VoIP-Anschlüsse kapern kann. Bisher ist das nur zum Teil gelungen.
http://heise.de/-3066225
Checkpoint chaps hack whacks air-gaps flat
Bought a shiny IP KVM? Uh-oh 32c3 Checkpoint malware men Yaniv Balmas and Lior Oppenheim have developed an air gap-hopping malware system that can quietly infect, plunder, and maintain persistence on networked and physically separated computers.
http://go.theregister.com/feed/www.theregister.co.uk/2016/01/08/checkpoint_chaps_hack_whacks_airgaps_flat/
Streaming-Dongle EZCast öffnet Hintertür ins Heimnetzwerk
Sicherheitsforscher haben Schwachstellen im HDMI-Dongle EZCast entdeckt. Über die können sich Angreifer Zugang zum Heimnetzwerk des Anwenders verschaffen - unabhängig davon, wie gut das Netz sonst geschützt ist.
http://heise.de/-3066210
Sicherheitspatches: VMware unterbindet Rechteausweitung
VMware dichtet seine Anwendungen ESXi, Fusion, Player und Workstation ab. Die abgesicherten Versionen stehen für Linux, OS X und Windows bereit. Von der Lücke scheint aber nur Windows bedroht zu sein.
http://www.heise.de/newsticker/meldung/Sicherheitspatches-VMware-unterbindet-Rechteausweitung-3066757.html?wt_mc=rss.ho.beitrag.rdf
Blocking Shodan isnt some sort of magical fix that will protect your data
Earlier this week, a threat alert from Check Point singled out Shodan as a risk to enterprise operations. The advisory warns Check Point customers about the service, highlighting some of the instances where sensitive data was exposed to the public because Shodan indexed it. When asked about the advisory [archive], Ron Davidson, Head of Threat Intelligence and Research at Check Point, said the company was seeing an increase in the variety and frequency of suspect scans, "including scanners...
http://www.csoonline.com/article/3020108/techology-business/blocking-shodan-isnt-some-sort-of-magical-fix-that-will-protect-your-data.html#tk.rss_applicationsecurity
Apple beseitigt gravierende QuickTime-Sicherheitslücken für Windows
Angreifer können mit Hilfe einer manipulierten Videodatei Schadcode einschleusen, erklärt Apple. Das Update beseitigt die Schwachstellen in Windows 7 und Vista.
http://heise.de/-3067145
Cracking Damn Insecure and Vulnerable App (DIVA) - Part 2:
In the previous article, we have seen the solutions for the first two challenges. In this article we will discuss the insecure data storage vulnerabilities in DIVA.
http://resources.infosecinstitute.com/cracking-damn-insecure-and-vulnerable-app-diva-part-2/
rt-sa-2015-005
o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials
https://www.redteam-pentesting.de/advisories/rt-sa-2015-005.txt
VMSA-2016-0001
VMware ESXi, Fusion, Player, and Workstation updates address important guest privilege escalation vulnerability
http://www.vmware.com/security/advisories/VMSA-2016-0001.html
PHP Bugs May Let Remote Users Obtain Potentially Sensitive Information, Gain Elevated Privileges, or Execute Arbitrary Code
http://www.securitytracker.com/id/1034608
APPLE-SA-2016-01-07-1 QuickTime 7.7.9
APPLE-SA-2016-01-07-1 QuickTime 7.7.9[Re-sending with a valid signature]QuickTime 7.7.9 is now available and addresses the following:QuickTimeAvailable for: Windows 7 and Windows VistaImpact: Viewing a maliciously crafted movie file may lead to an [...]
http://prod.lists.apple.com/archives/security-announce/2016/Jan/msg00001.html
DFN-CERT-2016-0001: Mozilla Firefox, Network Security Services, OpenSSL, GnuTLS: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0001/
USN-2865-1: GnuTLS vulnerability
Ubuntu Security Notice USN-2865-18th January, 2016gnutls26, gnutls28 vulnerabilityA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryGnuTLS could be made to expose sensitive information over the network.Software description gnutls26 - GNU TLS library gnutls28 - GNU TLS library DetailsKarthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectlyallowed MD5 to be used for TLS 1.2 connections. If a remote...
http://www.ubuntu.com/usn/usn-2865-1/
Bugtraq: [security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS)
http://www.securityfocus.com/archive/1/537254
Security Advisory: Privilege escalation vulnerability CVE-2015-7393
https://support.f5.com:443/kb/en-us/solutions/public/k/75/sol75136237.html?ref=rss
Security Advisory: BIG-IP AOM password sync vulnerability CVE-2015-8611
https://support.f5.com:443/kb/en-us/solutions/public/k/05/sol05272632.html?ref=rss
Security Advisory: F5 Path MTU Discovery vulnerability CVE-2015-7759
https://support.f5.com:443/kb/en-us/solutions/public/k/22/sol22843911.html?ref=rss