Tageszusammenfassung - Mittwoch 12-10-2016

End-of-Shift report

Timeframe: Dienstag 11-10-2016 18:00 − Mittwoch 12-10-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

VU#396440: MatrixSSL contains multiple vulnerabilities

Heap-based Buffer Overflow - CVE-2016-6890The Subject Alt Name field of X.509 certificates is not properly parsed. A specially crafted certificate may result in a heap-based buffer overflow ..

http://www.kb.cert.org/vuls/id/396440


October 2016 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security ..

https://blogs.technet.microsoft.com/msrc/2016/10/11/october-2016-security-update-release/


Security Advisory: Expat XML library vulnerability CVE-2015-1283

https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15104541.html


Top of the Junk Pile (Shady TLD research part 16)

[Sorry about neglecting the external blog during all of the Symantec excitement this summer, but we had a lot going on... This post is from our internal blog, back in July (7/08/2016), and we wanted to get it out on the site when we resumed blogging, since a lot of people have been ..

https://www.bluecoat.com/2016-10-04/top-junk-pile-shady-tld-research-part-16


MSRT October 2016 release: Adding more unwanted software detections

Unwanted software often piggy-backs on program downloads, delivered by software bundlers. These bundles, which you might have downloaded, can include software ..

https://blogs.technet.microsoft.com/mmpc/2016/10/11/msrt-october-2016-release-adding-more-unwanted-software-detections/


Four vulnerabilities found in Dell SonicWALL Email Security virtual appliance application

Digital Defense (DDI) disclosed the discovery of four security vulnerabilities found in the Dell SonicWALL Email Security virtual appliance application. The appliance is frequently deployed as a perimeter device. Further, ..

https://www.helpnetsecurity.com/2016/10/12/sonicwall-email-security-vulnerabilities/


Scan Ruby-based apps for security issues with Dawnscanner

Dawnscanner is an open source static analysis scanner designed to review the security of web applications written in Ruby. Dawnscanner’s genesis Its developer, Paolo Perego, says that he was motivated to create it back in spring ..

https://www.helpnetsecurity.com/2016/10/12/scan-ruby-based-apps-dawnscanner/


WiFi Still Remains a Good Attack Vector

WiFi networks areeverywhere! When we plan to visit a place or reserve ahotel for our holidays, we always check first if free WiFi is available (be honest, you do!). Oncewe connected our beloved devices to an external wireless ..

https://isc.sans.edu/diary.html?storyid=21583


Security Advisory - Multiple Security Vulnerabilities in Driver of Huawei Smart Phones

http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161012-01-smartphone-en


List of 2016 OWASP London Talks & Videos

https://www.youtube.com/owasplondon


VMware vRealize Operations Lets Remote Authenticated Users Gain Elevated Privileges

http://www.securitytracker.com/id/1036999


Several Exploit Kits Now Deliver Cerber 4.0

We have tracked three malvertising campaigns and one compromised site campaign using Cerber ransomware after version 4.0 (detected as as Ransom_CERBER.DLGE) was ..

http://blog.trendmicro.com/trendlabs-security-intelligence/several-exploit-kits-now-deliver-cerber-4-0/