End-of-Shift report
Timeframe: Freitag 11-11-2016 18:00 − Montag 14-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
No payment necessary: Fighting back against ransomware
Any IT professional who's ever had an experience with malware knows how fast an intrusive attack can happen, and how difficult it can be to educate employees to be vigilant against such threats. And with ransomware attacks only growing, having information, tools and technologies to help protect your network can mean the difference between serious...
https://blogs.technet.microsoft.com/mmpc/2016/11/11/no-payment-necessary-fighting-back-against-ransomware/
New Guide on How to Fix Hacked Joomla! Sites
Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the internet today. For that reason, we are glad that our team includes a former contributor who helped create the official Joomla! docs on website security. We have also participated in various Joomla! events around the world, and our cofounder Dre Armeda is a keynote speaker at the upcoming Joomla! World Conference in Vancouver, Canada. Continue reading New
https://blog.sucuri.net/2016/11/new-guide-fix-hacked-joomla-sites.html
Vuln: Docker Multiple Security Bypass Vulnerabilities
Vulnerable: Docker 1.12, Docker 1.6.1, Docker 1.6, Docker 1.3.3, Docker 1.4.1, Docker 1.3.2, Docker 1.3.1, Docker 1.3.0, Docker 1.12.3, Docker 1.12.2, Docker 1.0.0
http://www.securityfocus.com/bid/94272
Vuln: Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerabilities
Sophos Web Appliance is prone to a privilege-escalation vulnerability and remote code-execution vulnerabilities.
Attackers can leverage these issues to gain elevated privileges or execute arbitrary commands within the context of the affected application.
Sophos Web Appliance 4.2.1.3 is vulnerable; other versions may also be affected.
http://www.securityfocus.com/bid/94274
OWASP ModSecurity Core Rule Set Version 3.0 Released
Need a new set of generic attack detection rules for your web application firewall? Try the new OWASP ModSecurity Core Rule Set version 3.0.0! Long-time Slashdot reader dune73 writes: The OWASP CRS is a widely-used Open Source set of generic rules designed to protect users against threats like the OWASP Top 10. The rule set is most often deployed in conjunction with an existing Web Application Firewall like ModSecurity.
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/DKhaxHVZD-s/owasp-modsecurity-core-rule-set-version-30-released
MikroTik RouterOS 6.36.2 Cross Site Scripting
Topic: MikroTik RouterOS 6.36.2 Cross Site Scripting
Risk: Low
https://cxsecurity.com/issue/WLB-2016110115
VMSA-2016-0019
VMware product updates address local privilege escalation vulnerability in linux kernel
https://www.vmware.com/security/advisories/VMSA-2016-0019.html
Kaspersky Lab Black Friday Threat Overview 2016
Our research shows that, over the last few years, the holiday period which starts on so-called Black Friday was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year.
http://securelist.com/analysis/publications/76615/kaspersky-lab-black-friday-threat-overview-2016/
[2016-11-14] Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2
Attackers are able to control the SolarEagle V2.00 / MPPT Solar Controller SMART2 device as authentication is broken. Furthermore attackers can eavesdrop the unencrypted communication or denial service.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161114-0_I-Panda_SolarEagle_Multile_vulnerabilities_v10.txt
Adult Friend Finder: 412 Milionen Accounts von Datingseite gehackt
Nach dem Ashley-Madison-Hack gibt es einen weiteren großen Einbruch in ein Datingnetzwerk. Angreifer veröffentlichten 412 Millionen Accountdaten des Webseitennetzwerkes rund um Adult Friend Finder.
http://www.golem.de/news/adult-friend-finder-412-milionen-accounts-von-datingseite-gehackt-1611-124440-rss.html
Vuln: Jenkins Java Deserialization Remote Code Execution Vulnerability
Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.
http://www.securityfocus.com/bid/94281
[TYPO3-announce] Vulnerabilities in multiple third party TYPO3 CMS extensions
several vulnerabilities have been found in the following third party TYPO3 extensions:
- "Store Locator" (locator)
- "Code Highlighter" (mh_code_highlighter)
- "Shibboleth Authentication" (shibboleth_auth)
- "Secure Download Form" (rs_securedownload)
- "Member Infosheets" (if_membersheet)
- "TC Directmail" (tcdirectmail)
http://lists.typo3.org/pipermail/typo3-announce/2016/000388.html
NIST Small Business Information Security guide for Small businesses
The NIST Small Business Information Security: The Fundamentals guide aims to provide basic cybersecurity recommendations to small businesses.
http://securityaffairs.co/wordpress/53423/breaking-news/nist-small-business-information-security.html
[CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE
Versions Affected: Apache OpenMeetings 3.1.0
Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack The issue was fixed in 3.1.2. All users are recommended to upgrade to Apache OpenMeetings 3.1.3
http://www.securityfocus.com/archive/1/539751
Recordings from AppSecUSA 2016 in Washington, DC
https://www.youtube.com/playlist?list=PLpr-xdpM8wG8DPozMmcbwBjFn15RtC75N
E-Mail-Sicherheitslücke in LTE-Router von Drei
Jeder Nutzer, der sich mit einem Drei-Smartphone bei einem Drei-LTE-Router anmeldet, hat Zugriff auf die E-Mails des Router-Besitzers.
https://futurezone.at/produkte/e-mail-sicherheitsluecke-in-lte-router-von-drei/230.656.314
Updated Good Practice Guide on National Cyber Security Strategies by ENISA
https://www.enisa.europa.eu/news/enisa-news/updated-good-practice-guide-on-national-cyber-security-strategies-by-enisa
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities.
...
Cisco investigated its product line to determine which products may be affected by these vulnerabilities and the impact of the vulnerabilities on each affected product. For information about whether a product is affected, refer to the “Vulnerable Products” and “Products Confirmed Not Vulnerable” sections of this advisory.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl
Master Decryption Keys and Decryptor for the Crysis Ransomware Released.
The master decryption keys for the CrySiS Ransomware have been released this morning in a post on the BleepingComputer.com forums. At approximately 1 AM EST, a member named crss7777 created a post in the CrySiS support topic at BleepingComputer with a Pastebin link to a file containing the master decryption keys and how to use them. [...]
http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/
IBM Security Bulletins
IBM Security Bulletin: Multiple security vulnerabilities have been addressed in LMS 5.0 on Cloud
http://www.ibm.com/support/docview.wss?uid=swg21993982
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2016-6304, CVE-2016-6303, CVE-2016-2178, CVE-2016-6306 and CVE-2016-2183)
http://www.ibm.com/support/docview.wss?uid=ssg1S1009586
IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images
http://www-01.ibm.com/support/docview.wss?uid=swg21992898
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM SONAS (CVE-2016-2183)
http://www.ibm.com/support/docview.wss?uid=ssg1S1009585
IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty which may impact IBM Streams (CVE-2016-5986)
http://www-01.ibm.com/support/docview.wss?uid=swg21993612
IBM Security Bulletin: A Security Vulnerability has been fixed in IBM Security Privileged Identity Manager (CVE-2016-5964)
http://www.ibm.com/support/docview.wss?uid=swg21994065
IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS.
http://www.ibm.com/support/docview.wss?uid=ssg1S1009590
IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM WebSphere Portal (CVE-2016-3092)
http://www-01.ibm.com/support/docview.wss?uid=swg21989359
IBM Security Bulletin: IBM Connections Security Update
http://www.ibm.com/support/docview.wss?uid=swg21990864
IBM Security Bulletin: GPFS security vulnerabilities in IBM Storwize V7000 Unified (CVE-2016-0392)
http://www.ibm.com/support/docview.wss?uid=ssg1S1009571