End-of-Shift report
Timeframe: Montag 28-11-2016 18:00 − Dienstag 29-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
Bruce Schneier zur Netz-Sicherheit: "Die Ära von Spaß und Spielen ist vorbei"
Der renommierte Sicherheits-Experte warnte auf dem Security-Kongress der Telekom vor einer grenzenlosen Vernetzung. Staatliche Regulierung sei unausweichlich.
https://www.heise.de/newsticker/meldung/Bruce-Schneier-zur-Netz-Sicherheit-Die-Aera-von-Spass-und-Spielen-ist-vorbei-3507457.html
PayPal Fixes OAuth Token Leaking Vulnerability
PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application. The vulnerability was publicly disclosed on Monday by Antonio Sanso, a senior software engineer at Adobe, after he came across the issue while testing his own OAuth client.
http://threatpost.com/paypal-fixes-oauth-token-leaking-vulnerability/122136/
Vuln: WordPress Image Gallery Plugin HTML Injection Vulnerability
http://www.securityfocus.com/bid/94565
A Rowhammer ban-hammer for all, and its all in software
Sorry to go all MC Hammer on you, but boffins tell bit-flippers you cant touch this A group of German researchers reckon theyve cracked a pretty hard nut indeed: how to protect all x86 architectures from the 'Rowhammer' memory bug.
http://go.theregister.com/feed/www.theregister.co.uk/2016/11/29/a_rowhammer_banhammer_for_all_and_its_all_in_software/
Tenda / D-Link / TP-Link DHCP Cross Site Scripting
https://cxsecurity.com/issue/WLB-2016110233
Every Windows 10 in-place Upgrade is a SEVERE Security risk
[...] There is a small but CRAZY bug in the way the "Feature Update" (previously known as "Upgrade") is installed. The installation of a new build is done by reimaging the machine and the image installed by a small version of Windows called Windows PE (Preinstallation Environment).
http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html
F-Secure: QUICK TIP: How To Make Your Passwords Uncrackable
TL;DR: 'The trick is to use a really long random password for each online account,' he tells us. 'The password length should be at least 20 symbols and numbers, but preferably 32.'
https://safeandsavvy.f-secure.com/2016/09/14/quick-tip-how-to-make-your-passwords-uncrackable/
Azure Security Best Practices
Moving applications and workloads to the cloud is a big draw for organizations, primarily due to the favorable economics, ease of deployment, and the flexibility and scale that the cloud provides. Microsoft Azure is one cloud platform seeing rising adoption in the past year. You may be contemplating moving workloads to Azure, particularly if you are a Microsoft shop. But like most organizations moving to the cloud, you are probably concerned about the security of your Azure environment.
https://www.alienvault.com/blogs/security-essentials/azure-security-best-practices
TYPO3 CMS 7.6.14 released
This version is a regression fix release for TYPO3 CMS 7.6.13 concerning the usage of the Composer mode with additional third party PHP libraries. This version contains bugfixes concerning Composer only.
https://typo3.org/news/article/typo3-cms-7614-released/
Kontonummern und E-Mail: Daten von Mitfahrgelegenheit.de gestohlen
Kontonummern und E-Mail-Adressen von ehemaligen Nutzern betroffen - Wenige Österreicher betroffen
http://derstandard.at/2000048456695
TR-069 NewNTPServer Exploits: What we know so far, (Tue, Nov 29th)
[This is a cleaned up version to summarize yesterdays diary about the attacks against DSL Routers] What is TR-069 TR-069 (or its earlier version TR-064) is a standard published by the Broadband Forum. The Broadband Forum is an industry organization defining standards used to manage broadband networks. It focuses heavily on DSL type modems and more recently included fiber optic connections. TR stands for Technical Report. TR-069 is considered the Broadband Forums Flagship Standard.
https://isc.sans.edu/diary.html?storyid=21763&rss
Security Advisory: BIG-IP SPDY and HTTP/2 profile vulnerability CVE-2016-7475
https://support.f5.com:443/kb/en-us/solutions/public/k/01/sol01587042.html?ref=rss
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark
http://www-01.ibm.com/support/docview.wss?uid=swg21994185
IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect WebSphere Dashboard Framework (CVE-2016-5573, CVE-2016-5597)
http://www-01.ibm.com/support/docview.wss?uid=swg21994184
IBM Security Bulletin: Vulnerabilities in IBM Java SDK and IBM Java Runtime affect Web Experience Factory (CVE-2016-5573, CVE-2016-5597)
http://www-01.ibm.com/support/docview.wss?uid=swg21994181
IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition
https://www-01.ibm.com/support/docview.wss?uid=swg21985393
IBM Security Bulletin: Multiple OpenSource Expat XML Vulnerabilities affect IBM DB2 Net Search Extender for Linux, Unix and Windows
http://www.ibm.com/support/docview.wss?uid=swg21992933
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Extreme Scale (CVEs-2016-3485)
http://www.ibm.com/support/docview.wss?uid=swg21993946
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus ( CVE-2016-2107,CVE-2016-2176)
http://www.ibm.com/support/docview.wss?uid=swg21992894
IBM Security Bulletin: IBM Integration Bus and WebSphere Message Broker, upon installation, set incorrect permissions for an object ( CVE-2016-0394 )
http://www-01.ibm.com/support/docview.wss?uid=swg21985013
IBM Security Bulletin: Vulnerability has been identified in View All User Domain Tasks of IBM Cloud Orchestrator (CVE-2016-0202 )
http://www.ibm.com/support/docview.wss?uid=swg2C1000134
IBM Security Bulletin: FileNet Workplace XT can be affected by the File Extension validation vulnerability (CVE-2016-8921)
http://www.ibm.com/support/docview.wss?uid=swg21994018
IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified.
http://www.ibm.com/support/docview.wss?uid=ssg1S1009589
IBM Security Bulletin: GPFS security vulnerabilities in IBM Storwize V7000 Unified (CVE-2016-2985 and CVE-2016-2984)
http://www.ibm.com/support/docview.wss?uid=ssg1S1009324