End-of-Shift report
Timeframe: Dienstag 19-01-2016 18:00 − Mittwoch 20-01-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Survey shows many businesses aren't encrypting private employee data
Many companies arent encrypting their own employees private data, according to a Sophos survey of IT decision makers in six countries.
https://nakedsecurity.sophos.com/2016/01/19/survey-shows-many-businesses-arent-encrypting-private-employee-data/
Android Malware Steals Voice-Based Two-Factor Authentication Codes (January 13 and 18, 2016)
Symantec has detected malware created for Android devices that steals single-use passcodes generated to add a layer of security to online banking authentication procedures...
http://www.sans.org/newsletters/newsbites/r/18/5/201
Dridex banking malware adds a new trick
Dridex, the banking malware that wont go away, has been improved upon once again.IBMs X-Force researchers have found that the latest version of Dridex uses a DNS (Domain Name System) trick to direct victims to fake banking websites.The technique, known as DNS cache poisoning, involves changing DNS settings to direct someone asking for a legitimate banking website to a fake site.DNS cache poisoning is a powerful attack. Even if a person types in the correct domain name for a bank, the fake...
http://www.cio.com/article/3024244/dridex-banking-malware-adds-a-new-trick.html
/tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!, (Wed, Jan 20th)
When you are performing a penetration test, you need to learn how your target is working: What kind of technologies and tools are used, how internal usernames are generated, email addresses format, ... Grabbing for such information is called the reconnaissance phase. Once you collected enough details, you can prepare your different scenarios to attack the target.All pentesters have their personal toolbox that has been enhanced day after day. In many cases, there is no real magic: to abuse or...
https://isc.sans.edu/diary.html?storyid=20631&rss
Critical Patch Update: Oracle stellt 248 Sicherheitspatches bereit
Die bislang größte Sicherheitsptach-Sammlung von Oracle ist da und fixt Lücken in Database, Java, MySQL und Co. Dieses Mal steht Oracles E-Business Suite im Mittelpunkt.
http://heise.de/-3077692
Apple Releases Patches for iOS, OS X and Safari
Apple released security updates for iOS, OS X and Safari, patching a number of kernel-level code-execution vulnerabilities.
http://threatpost.com/apple-releases-patches-for-ios-os-x-and-safari/115946/
Trojan for Android preinstalled on Phillips s307 firmware
January 20, 2016 The past year was marked by a big number of firmware Trojans for Android capable to covertly download and install various software and display annoying advertisements. Android.Cooee.1 incorporated into the graphical shell of some cheap Chinese smartphones was one of them. Virus makers obviously continued to preinstall Android.Cooee.1 into mobile devices. This time, however, Doctor Web security researchers detected the Trojan on firmware of a well-known electronics manufacturer.
http://news.drweb.com/show/?i=9792&lng=en&c=9
Primes, parameters and moduli
First a brief history of Diffie-Hellman for those not familiar with it The short version of Diffie-Hellman is that two parties (Alice and Bob) want to share a secret so they can encrypt their communications and talk securely without an...
https://securityblog.redhat.com/2016/01/20/primes-parameters-and-moduli/
Serious flaw patched in Intel Driver Update Utility
A software utility that helps users download the latest drivers for their Intel hardware components contained a vulnerability that could have allowed man-in-the-middle attackers to execute malicious code on computers.The tool, known as the Intel Driver Update Utility, can be downloaded from Intels support website. It provides an easy way to find the latest drivers for various Intel chipsets, graphics cards, wireless cards, desktop boards, Intel NUC mini PCs or the Intel Compute Stick.
http://www.cio.com/article/3024345/serious-flaw-patched-in-intel-driver-update-utility.html
Cisco Guide to Harden Cisco IOS Devices
This document contains information to help you secure your Cisco IOS system devices, which increases the overall security of your network. Structured around the three planes into which functions of a network device can be categorized, this document provides an overview of each included feature and references to related documentation.
http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html
Security Advisory: BIND vulnerability CVE-2015-8704
https://support.f5.com:443/kb/en-us/solutions/public/k/53/sol53445000.html?ref=rss
Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle
Topic: Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle Risk: Medium Text:1. Advisory Information Title: Intel Driver Update Utility MiTM Advisory ID: CORE-2016-0001 Advisory URL:
http://www.cores...
https://cxsecurity.com/issue/WLB-2016010119
Oracle Critical Patch Update Advisory - January 2016
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Oracle Linux Bulletin - January 2016
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS)
A vulnerability in Microsoft Report Viewer was addressed by HPE Performance Center. This is a Cross-Site scripting (XSS) vulnerability that could allow remote information disclosure.
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270
Xen Security Advisory CVE-2016-1571 / XSA-168
VMX: intercept issue with INVLPG on non-canonical address
http://xenbits.xen.org/xsa/advisory-168.html
Xen Security Advisory CVE-2016-1570 / XSA-167
PV superpage functionality missing sanity checks
http://xenbits.xen.org/xsa/advisory-167.html
Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-d9036
Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
DFN-CERT-2016-0109: Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe und das Ausführen beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0109/
DFN-CERT-2016-0106: NTP: Mehrere Schwachstellen ermöglichen u.a. das Darstellen falscher Informationen
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0106/
APPLE-SA-2016-01-19-3 Safari 9.0.3
APPLE-SA-2016-01-19-3 Safari 9.0.3Safari 9.0.3 is now available and addresses the following:WebKitAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,OS X El Capitan v10.11 to v10.11.2Impact: Visiting a maliciously crafted website may lead to arbitrarycode execution [...]
http://prod.lists.apple.com/archives/security-announce/2016/Jan/msg00004.html
APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001
APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update2016-001OS X El Capitan 10.11.3 and Security Update 2016-001 is now availableand addresses the following:AppleGraphicsPowerManagementAvailable for: OS X El Capitan v10.11 to v10.11. [...]
http://prod.lists.apple.com/archives/security-announce/2016/Jan/msg00003.html
APPLE-SA-2016-01-19-1 iOS 9.2.1
APPLE-SA-2016-01-19-1 iOS 9.2.1iOS 9.2.1 is now available and addresses the following:Disk ImagesAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to execute arbitrary code withkernel privileges [...]
http://prod.lists.apple.com/archives/security-announce/2016/Jan/msg00002.html
DSA-3449 bind9 - security update
It was discovered that specific APL RR data could trigger an INSISTfailure in apl_42.c and cause the BIND DNS server to exit, leading to adenial-of-service.
https://www.debian.org/security/2016/dsa-3449
Siemens OZW672 and OZW772 XSS Vulnerability
This advisory contains mitigation details for a cross-site scripting vulnerability in Siemens OZW672 and OZW772 devices.
https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01
IBM Security Bulletins
IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM FlashSystem model V840 (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005584
IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM FlashSystem model 840 (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005585
IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2016-0777, CVE-2016-0778)
http://www.ibm.com/support/docview.wss?uid=swg2C1000044
IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM SAN Volume Controller and Storwize Family (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005583
IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Sterling Connect:Express for UNIX (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21974473
IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Sterling Connect:Direct for UNIX (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21974888
IBM Security Bulletin: A vulnerability in the GSKit component of IBM WebSphere MQ (CVE-2016-0201)
http://www.ibm.com/support/docview.wss?uid=swg21974466
IBM Security Bulletin: IBM Spectrum Scale is affected by a security vulnerability (CVE-2015-7488)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005580
IBM Security Bulletin: Vulnerabilities in IBM SDK for Node.js affect IBM Business Process Manager Configuration Editor (CVE-2015-8027, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)
http://www.ibm.com/support/docview.wss?uid=swg21974459
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005579
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM API Management (CVE-2015-4872 CVE-2015-4911 CVE-2015-4893 CVE-2015-4803)
http://www.ibm.com/support/docview.wss?uid=swg21974673
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SD affect Guardium Data Reduction
http://www.ibm.com/support/docview.wss?uid=swg21973724
IBM Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs)
http://www.ibm.com/support/docview.wss?uid=swg21971951
IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express.
http://www.ibm.com/support/docview.wss?uid=swg21972376