End-of-Shift report
Timeframe: Dienstag 26-01-2016 18:00 − Mittwoch 27-01-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
BGP Route Hijacking - An Overview
BGP is the mechanism by which autonomous networks exchange "reachability" information between each other. A network with an assigned or allocated prefix of addresses "advertises" the block of addresses to a neighboring BGP speaking router, this is known as BGP peering. There is little hiding what BGP peering networks announce between each other. When two networks are reasonably small, and their assigned prefixes are limited and well known, enforcement of announcements...
https://blog.team-cymru.org/2016/01/bgp-route-hijacking-an-overview/
More Fake Facebook "Security System Page" Scams
We take a look at some variations on the same kind of Facebook scam currently doing the rounds.Categories: Fraud/Scam AlertTags: facebookphishphishingscam(Read more...)
https://blog.malwarebytes.org/fraud-scam/2016/01/more-fake-facebook-security-system-page-scams/
If youre one of millions using Magento - stop whatever youre doing and patch now
Ecommerce websites can be hijacked via critical flaw A huge security hole has been found in popular ecommerce platform Magento, requiring an immediate update.
http://go.theregister.com/feed/www.theregister.co.uk/2016/01/26/urgent_magento_update/
New Magic ransomware abuses open-source educational code
Malware based on open-source code, created for educational purposes only, has been spotted in the wild by Bleeping Computers Lawrence Abrams.
http://www.scmagazine.com/new-magic-ransomware-abuses-open-source-educational-code/article/467512/
Verschlüsselung: IETF standardisiert zwei weitere elliptische Kurven
Die IETF hat die beiden elliptischen Kurven Curve25519 und Curve448 als RFC für Krypto-Funktionen offiziell abgesegnet. Eine Standardisierung der Kurven für den Schlüsselaustausch bei TLS wird ebenfalls erwartet.
http://heise.de/-3084830
Security: Wenn der Drucker zum anonymen Fileserver wird
Sicherheitsprobleme liegen oft bei den Anwendern von IT-Produkten. In einem aktuellen Fall zeigt ein Sicherheitsforscher, dass Angreifer auf ungeschützten Netzwerkdruckern von Hewlett-Packard anonym Dateien ablegen können.
http://www.golem.de/news/security-wenn-der-drucker-zum-anonymen-fileserver-wird-1601-118772-rss.html
The Rising Sophistication of Network Scanning
In this article I would like to show you a hidden system that is hard at work scanning thousands, maybe millions, of unsuspecting devices. And Ill show how this system efficiently harvests each devices personal IP address and hands it off to a scanner, which proceeds to run a port/security scan against each unsuspecting victim for vulnerabilities.
http://netpatterns.blogspot.co.uk/2016/01/the-rising-sophistication-of-network.html
SQL Injection Analysis
It is one thing to be able to execute a simple SQL injection attack; it is another to do a proper investigation of such an attack. Unfortunately, there is not much information on SQL Injection analysis. This article will assist in providing some tools for basic Incident Response. It can be fairly easily translated to...
http://resources.infosecinstitute.com/sql-injection-analysis/
RuhrSec 2016 - supported by SBA Research
April 28, 2016 - April 29, 2016 - All Day Veranstaltungszentrum, Ruhr-Universität Bochum Universitätsstraße 150 Bochum
https://www.sba-research.org/events/ruhrsec-2016/
TP-Link-Router mit vorhersehbarem Standard-WLAN-Passwort
Angreifer können das werkseitige WLAN-Passwort von einer TP-Link-Router-Serie vergleichsweise einfach herausfinden und sich so Zugang zum Netzwerk verschaffen. Weitere Serien könnten ebenfalls betroffen sein.
http://heise.de/-3085482
Apple can read your iMessages despite them being encrypted
Despite Apple taking a pro-encryption stance, with its CEO Tim Cook insisting that iMessages are safely encrypted, it turns out that if users backup data using iCloud Backup, they need to be aware that although Apple stores the backup in encrypted form, it uses its own key.
http://www.scmagazine.com/apple-can-read-your-imessages-despite-them-being-encrypted/article/467675/
Bugtraq: [security bulletin] HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS)
http://www.securityfocus.com/archive/1/537368
Bugtraq: [security bulletin] HPSBGN03536 rev.1 - HP IceWall Products running OpenSSL, Remote and Local Denial of Service (DoS)
http://www.securityfocus.com/archive/1/537367
pfSense Firewall 2.2.5 Cross Site Request Forgery
Topic: pfSense Firewall 2.2.5 Cross Site Request Forgery Risk: Low Text:<!-- # Exploit Title: pfSense Firewall 2.2.5 Cross-Site Request Forgery # Date: 23-01-2016 # Software Link:
http://mirror.a...
https://cxsecurity.com/issue/WLB-2016010178
Cisco Small Business SG300 Managed Switch Web Framework GUI Function Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-sbms
Cisco RV220W Management Authentication Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220
Cisco Wide Area Application Service CIFS Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs
MICROSYS PROMOTIC Memory Corruption Vulnerability
This advisory contains mitigation details for a memory corruption vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application.
https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01
Rockwell Automation MicroLogix 1100 PLC Overflow Vulnerability
This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Rockwell Automation's Allen-Bradley MicroLogix 1100 programmable logic controller systems.
https://ics-cert.us-cert.gov/advisories/ICSA-16-026-02
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM MQ Appliance (CVE-2016-0777)
http://www.ibm.com/support/docview.wss?uid=swg21975158
IBM Security Bulletin: A vulnerability in the GSKit component of Communications Server for Data Center Deployment, AIX, Linux, System z, and Windows (CVE-2016-0201)
http://www.ibm.com/support/docview.wss?uid=swg21974589
IBM Security Bulletin: A vulnerability in the GSKit component of Content Manager Enterprise Edition (CVE-2016-0201)
http://www.ibm.com/support/docview.wss?uid=swg21974700
IBM Security Bulletin: A vulnerability in the GSKit component of IBM Content Collector for SAP Applications (CVE-2016-0201)
http://www.ibm.com/support/docview.wss?uid=swg21974333
IBM Security Bulletin: A vulnerability in the GSKit component of IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-0201)
http://www.ibm.com/support/docview.wss?uid=swg21974407
IBM Security Bulletin: A vulnerability has been addressed in the GSKit component of IBM Security Directory Server (CVE-2016-0201)
http://www.ibm.com/support/docview.wss?uid=swg21975404
IBM Security Bulletin: A vulnerability in the GSKit component of IBM Personal Communications (CVE-2016-0201)
http://www.ibm.com/support/docview.wss?uid=swg21974947
IBM Security Bulletin: Vulnerabilities in openssl affect Power Hardware Management Console (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)
http://www.ibm.com/support/docview.wss?uid=nas8N1021091
IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Kenexa LMS along with IBM Kenexa Participate, IBM Kenexa LCMS on Cloud (CVE-2015-7450)
http://www.ibm.com/support/docview.wss?uid=swg21972995
IBM Security Bulletin: Security Bulletin: Vulnerabilities in Java affect Power Hardware Management Console (CVE-2015-4843 CVE-2015-4868 CVE-2015-4806 CVE-2015-4872 CVE-2015-4911 CVE-2015-4893 CVE-2015-4842 CVE-2015-4803)
http://www.ibm.com/support/docview.wss?uid=nas8N1021090
IBM Security Bulletin: Two vulnerabilities exist in IBM Case Foundation and FileNet Business Process Manager (CVE-2012-5784 and CVE-2014-3596)
http://www.ibm.com/support/docview.wss?uid=swg21965451
IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM MQ Appliance (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21974599
IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects RIT and RTCP in Rational Test Workbench, RTCP and RIT Agent in Rational Test Virtualization Server, and RIT Agent in Rational Performance Test Server (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21974922
IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM i (CVE-2015-7575).
http://www.ibm.com/support/docview.wss?uid=nas8N1021096
IBM Security Bulletin: A vulnerability in the GSKit component of IBM MQ Appliance (CVE-2016-0201)
http://www.ibm.com/support/docview.wss?uid=swg21974598
IBM Security Bulletin: A vulnerability in the GSKit component of IBM Security SiteProtector System (CVE-2016-0201)
http://www.ibm.com/support/docview.wss?uid=swg21974980
IBM Security Bulletin: A vulnerability in the GSKit component of Content Manager OnDemand for Multiplatforms (CVE-2016-0201)
http://www.ibm.com/support/docview.wss?uid=swg21974698
IBM Security Bulletin: A vulnerability in the GSKit component of IBM Sterling Connect:Direct for UNIX (CVE-2016-0201)
http://www.ibm.com/support/docview.wss?uid=swg21974884
IBM Security Bulletin: IBM Platform Application Center Standard Edition is affected by a security vulnerability (CVE-2015-7450)
http://www.ibm.com/support/docview.wss?uid=isg3T1023269
IBM Security Bulletin: Vulnerabilities in the GSKit component of Transformation Extender (CVE-2016-0201, CVE-2015-7421, CVE-2015-7420)
http://www.ibm.com/support/docview.wss?uid=swg21972246
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
http://www.ibm.com/support/docview.wss?uid=swg21973723