End-of-Shift report
Timeframe: Freitag 26-02-2016 18:00 − Montag 29-02-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Fixing the Internets routing security is urgent and requires collaboration
The Internet is fragile. Many of its protocols were designed at a time when the goal was rapid network expansion based on trust among operators. Today, the Internets open nature is what makes it so great for business, education and communication, but the absence of security mechanisms at its core is something that criminals are eager to exploit.In late January, traffic to many IP (Internet Protocol) addresses of the U.S. Marine Corps was temporarily diverted through an ISP in Venezuela.
http://www.cio.com/article/3038752/fixing-the-internets-routing-security-is-urgent-and-requires-collaboration.html
Angler Exploit Kit Learns New Tricks, Finds Home On Popular Website
Angler Exploit evaded detection through new technique that bypasses Firefox and Chrome security protection.
http://threatpost.com/angler-exploit-kit-learns-new-tricks-finds-home-on-popular-website/116509/
HackingTeam Reborn; A Brief Analysis of an RCS Implant Installer
As Im generally quite occupied with my day job as Director of R&D at Synack, the weekend is when I finally have some free time to blog. This weekend I wasnt sure what Id write about until @osxreverser tweeted late Friday afternoon:...
https://objective-see.com/blog/blog_0x0D.html
The rise of polymorphic malware
97% of malware is unique to a specific endpoint, rendering signature-based security virtually useless. The data collected by Webroot throughout 2015 shows that today's threats are truly global and highly dynamic. Many attacks are staged, delivered, and terminated within a matter of hours, or even minutes, having harvested user credentials and other sensitive information. Countering these threats requires an innovative approach to attack detection that leverages advanced techniques and...
https://www.helpnetsecurity.com/2016/02/29/the-rise-of-polymorphic-malware/
ATMZombie: banking trojan in Israeli waters
On November 2015, Kaspersky Lab researchers identified ATMZombie, a banking Trojan that is considered to be the first malware to ever steal money from Israeli banks. The incident Israeli banks experienced had a very fascinating and innovative method of stealing the money.
http://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-waters/
Increasing the resilience of Europe's telecommunication infrastructures through Incident Reporting
A recent ENISA report analyses how mandatory incident reporting schemes have improved resilience and security in the EU telecoms sector. Experiences from this scheme can also serve as a model for the implementation of the forthcoming NIS Directive in other sectors.
https://www.enisa.europa.eu/media/press-releases/increasing-the-resilience-of-europe2019s-telecommunication-infrastructures-through-incident-reporting
Security: 85 Prozent der SSL-VPNs haben unsichere Konfigurationen
Zahlreiche SSL-VPNs sichern den Traffic der Nutzer nur unzureichend ab - das behauptet eine Sicherheitsfirma. Viele Anbieter würden nach wie vor SHA-1 oder MD5 verwenden. Außerdem seien rund 10 Prozent der Dienste für Heartbleed anfällig.
http://www.golem.de/news/security-85-prozent-der-ssl-vpns-haben-unsichere-konfigurationen-1602-119450-rss.html
Klickbetrug: Trojaner-Familie infiltriert immer wieder Google Play
Android-Nutzer müssen sich derzeit vor kostenlosen Apps in Acht nehmen, die sich als beliebte Spiele ausgeben. Dahinter verbergen sich Klickbetrugs-Apps, mit denen Gauner Kasse machen.
http://heise.de/-3120091
Cyber-Attack Against Ukrainian Critical Infrastructure
On December 23, 2015, Ukrainian power companies experienced unscheduled power outages impacting a large number of customers in Ukraine. This report provides an account of the events that took place based on interviews with company personnel.
https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01
OpenSSL CVE-2016-0799: heap corruption via BIO_printf
There are a couple of issues with OpenSSL's BIO_*printf() functions, defined in crypto/bio/b_print.c, that are set to be fixed in the forthcoming security release. The function that is primarily responsible for interpreting the format string and transforming this string and the functions arguments to a string is _dopr().
https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
VU#419128: IKE/IKEv2 protocol implementations may allow network amplification attacks
Vulnerability Note VU#419128 IKE/IKEv2 protocol implementations may allow network amplification attacks Original Release date: 29 Feb 2016 | Last revised: 29 Feb 2016 Overview Implementations of the IKEv2 protocol are vulnerable to network amplification attacks. Description CWE-406: Insufficient Control of Network Message Volume (Network Amplification)IKE/IKEv2 and other UDP-based protocols can be used to amplify denial-of-service attacks. In some scenarios, an amplification of up to 900%...
http://www.kb.cert.org/vuls/id/419128
F5 Security Advisory: libpng out-of-bounds read vulnerability CVE-2015-7981
https://support.f5.com:443/kb/en-us/solutions/public/k/21/sol21057235.html?ref=rss
APPLE-SA-2016-02-25-1 Apple TV 7.2.1
APPLE-SA-2016-02-25-1 Apple TV 7.2.1Apple TV 7.2.1 is now available and addresses the following:bootpAvailable for: Apple TV (3rd Generation)Impact: A malicious Wi-Fi network may be able to determine networksa device has previously accessedDescription: Upon connecting to a Wi-Fi network, iOS may havebroadcast MAC addresses of previously accessed networks via the DNAv4protocol. This issue was addressed through disabling DNAv4 onunencrypted Wi-Fi networks.CVE-IDCVE-2015-3778 : Piers...
http://prod.lists.apple.com/archives/security-announce/2016/Feb/msg00000.html
Access Governance Suite 6.0-6.4
Abstract: README for HTML Fragment Privilege Escalation Vulnerability E-Fix E-Fix Deliverable: AGS-SV-eFix022416.zipDocument ID: 5236850Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:AGS-SV-eFix022416.zip (3.83 kB)AGS-SV-eFix022416-CHECKSUM.txt (99 bytes)Products:Access Governance 6.4Access Governance 6.1Access Governance 6.2Access Governance 6.3Superceded Patches: None
https://download.novell.com/Download?buildid=Tft9udlb11s~
D-Link / Netgear FIRMADYNE Command Injection / Buffer Overflow
Topic: D-Link / Netgear FIRMADYNE Command Injection / Buffer Overflow Risk: High Text:Hello, We’d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discove...
https://cxsecurity.com/issue/WLB-2016020224
Bugtraq: [security bulletin] HPSBGN03549 rev.1 - HP IceWall Products using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution
http://www.securityfocus.com/archive/1/537637
Cisco Videoscape Distribution Suite for Internet Streaming TCP Session Handling Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160226-vds-is
Citrix Security Advisory for glibc Vulnerability CVE-2015-7547
A vulnerability has been recently disclosed in the glibc getaddrinfo() function. This issue could potentially allow an attacker to inject code into a process that calls the vulnerable function. The issue has been assigned the following CVE identifier:...
https://support.citrix.com/article/CTX206991
IBM Security Bulletins
IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM WebSphere MQ Internet Pass-Thru (CVE-2015-7575)
2016-02-26T13:23:47-05:00
http://www.ibm.com/support/docview.wss?uid=swg21977517
IBM Security Bulletin: Vulnerability in IBM Java SDK affects Rational Functional Tester (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21976947
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere BigInsights (Applicable CVEs: CVE-2015-7575, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475)
http://www.ibm.com/support/docview.wss?uid=swg21976080
IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2016-0262)
http://www.ibm.com/support/docview.wss?uid=swg21977828
IBM Security Bulletin: Current releases of the IBM SDK, Java Technology Edition are affected by CVE-2016-0603
http://www.ibm.com/support/docview.wss?uid=swg21977549
IBM Security Bulletin: Vulnerability in Apache Cordova affects IBM MobileFirst Platform Foundation (CVE-2015-8320)
http://www.ibm.com/support/docview.wss?uid=swg2C1000091
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance (CVE-2016-0475, CVE-2015-7575, CVE-2016-0448)
http://www.ibm.com/support/docview.wss?uid=swg21976366
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere eXtreme Scale (CVE-2016-0475, CVE-2015-7575, CVE-2016-0448)
http://www.ibm.com/support/docview.wss?uid=swg21976442
IBM Security Bulletin: Vulnerability in IBM Java Runtime Version 6 affects IBM Cognos Business Viewpoint (CVE-2015-7575 )
http://www.ibm.com/support/docview.wss?uid=swg21977407
IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to view work logs during purchase orders that they should not have access to (CVE-2016-0222)
http://www.ibm.com/support/docview.wss?uid=swg21976949
Security Bulletin: Vulnerabilities in OpenSSL affect IBM BladeCenter Switches (CVE-2015-3194, CVE-2015-3195)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099199
IBM Security Bulletin: Insecure Transmission Vulnerability with IBM InfoSphere Information Server (CVE-2015-7490)
http://www.ibm.com/support/docview.wss?uid=swg21975827
IBM Security Bulletin: libpng related security vulnerabilities identified in IBM Expeditor (CVE-2015-7981, CVE-2015-8126, CVE-2015-8540, CVE-2015-8472)
http://www.ibm.com/support/docview.wss?uid=swg21975904
IBM Security Bulletin: Sensitive data lingers in memory on the WebSphere DataPower XC10 Appliance
http://www.ibm.com/support/docview.wss?uid=swg21971658
IBM Security Bulletin: Sensitive data lingers in memory on the WebSphere eXtreme Scale server
http://www.ibm.com/support/docview.wss?uid=swg21971657
IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Glance denial of service vulnerability (CVE-2015-5286)
http://www.ibm.com/support/docview.wss?uid=nas8N1021122
IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Glance security vulnerability (CVE-2015-5251)
http://www.ibm.com/support/docview.wss?uid=nas8N1021121
IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Nova denial of service vulnerability (CVE-2015-3280)
http://www.ibm.com/support/docview.wss?uid=nas8N1021120