End-of-Shift report
Timeframe: Montag 29-02-2016 18:00 − Dienstag 01-03-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Bleichenbacher-Angriff: Drown entschlüsselt mit uraltem SSL-Protokoll
Kein moderner Browser unterstützt das alte SSL-Protokoll Version 2. Trotzdem kann es zum Sicherheitsrisiko werden, solange Server es aus Kompatibilitätsgründen unterstützen. Es muss nicht einmal derselbe Server sein.
http://www.golem.de/news/bleichenbacher-angriff-drown-entschluesselt-mit-uraltem-ssl-protokoll-1603-119457-rss.html
The Definitive Guide on Win32 to NT Path Conversion
Posted by James Forshaw, path'ological reverse engineer. How the Win32 APIs process file paths on Windows NT is a tale filled with backwards compatibility hacks, weird behaviour, and beauty. Incorrect handling of Win32 paths can lead to security vulnerabilities. This blog post is to try and give a definitive* guide on the different types of paths supported by the OS. I'm going to try and avoid discussion of quirks in the underlying filesystem implementations (such as NTFS...
http://googleprojectzero.blogspot.com/2016/02/the-definitive-guide-on-win32-to-nt.html
De-obfuscating malicious Vbscripts
With the returned popularity of visual basic as a first attack vector in mind, we took a look at de-obfuscating a few recent vbs files starting with a very easy one and progressing to a lot more complex script.Categories: Malware AnalysisTags: bankerclickerde-obfuscatedecryptdroppermalwareobfuscationPieter Arntztrojanvbsvbscriptworm(Read more...)
https://blog.malwarebytes.org/intelligence/2016/02/de-obfuscating-malicious-vbscripts/
Look Into Locky
Some sources say that Locky is the latest ransomware created and released in the wild by Dridex gang. Our studies indicate that it is well prepared, which means that the threat actor/s behind it has invested for it.Categories: Malware AnalysisTags: Lockyransomware(Read more...)
https://blog.malwarebytes.org/intelligence/2016/03/look-into-locky/
OpenSSL Security Advisories
CVE-2016-0800 (OpenSSL advisory) [High severity]
CVE-2016-0705 (OpenSSL advisory) [Low severity]
CVE-2016-0798 (OpenSSL advisory) [Low severity]
CVE-2016-0797 (OpenSSL advisory) [Low severity]
CVE-2016-0799 (OpenSSL advisory) [Low severity]
CVE-2016-0702 (OpenSSL advisory) [Low severity]
CVE-2016-0703 (OpenSSL advisory) [High severity]
CVE-2016-0704 (OpenSSL advisory) [Moderate severity]
https://openssl.org/news/vulnerabilities.html
VU#938151: Forwarding Loop Attacks in Content Delivery Networks may result in denial of service
Vulnerability Note VU#938151 Forwarding Loop Attacks in Content Delivery Networks may result in denial of service Original Release date: 29 Feb 2016 | Last revised: 29 Feb 2016 Overview Content Delivery Networks (CDNs) may in some scenarios be manipulated into a forwarding loop, which consumes server resources and causes a denial of service (DoS) on the network. Description CWE-400: Uncontrolled Resource Consumption (Resource Exhaustion)Content Delivery Networks (CDNs) are used to improve...
http://www.kb.cert.org/vuls/id/938151
F5 Security Advisory: Multiple NTP vulnerabilities CVE-2015-8139 and CVE-2015-8140
https://support.f5.com:443/kb/en-us/solutions/public/k/00/sol00329831.html?ref=rss
Bugtraq: [security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Service (DoS)
http://www.securityfocus.com/archive/1/537659
DFN-CERT-2016-0355: phpMyAdmin: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0355/
Bugtraq: [SYSS-2016-009] Sophos UTM 525 Web Application Firewall - Cross-Site Scripting in
http://www.securityfocus.com/archive/1/537662
IBM Security Bulletins
IBM Security Bulletin: A vulnerability in the GSKit component of Tivoli Network Manager IP Edition (CVE-2016-0201)
http://www.ibm.com/support/docview.wss?uid=swg21974785
IBM Security Bulletin: Multiple Security Vulnerabilities in Apache Tomcat affect IBM RLKS Administration and Reporting Tool
http://www.ibm.com/support/docview.wss?uid=swg21976103
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Web (CVE-2015-7547)
http://www.ibm.com/support/docview.wss?uid=swg21977374
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-7547)
http://www.ibm.com/support/docview.wss?uid=swg21977372
IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software (CVE-2016-0603)
http://www.ibm.com/support/docview.wss?uid=swg21978024
IBM Security Bulletin: Cross-Site scripting vulnerability in IBM Business Process Manager document list control (CVE-2016-0227)
http://www.ibm.com/support/docview.wss?uid=swg21978058
IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21977880
IBM Security Bulletin:A vulnerability in IBM Java SDK affects IBM Image Construction and Composition Tool. (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21977647
IBM Security Bulletin:A vulnerability in IBM Java SDK affects IBM Workload Deployer. (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21977646
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry (CVE-2016-0475 CVE-2016-0448 CVE-2015-7575 CVE-2016-0466)
http://www.ibm.com/support/docview.wss?uid=isg3T1023408
Security Bulletin: Vulnerability in IBM Java SDK affects IBM System Networking Switch Center (CVE-2015-7575)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099203
IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM PureApplication System. (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21978026
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Mobile
http://www.ibm.com/support/docview.wss?uid=swg21976765
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business
http://www.ibm.com/support/docview.wss?uid=swg21976678
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Software Architect, Software Architect for WebSphere Software & Rational Software Architect RealTime
http://www.ibm.com/support/docview.wss?uid=swg21976894
IBM Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Tivoli System Automation Application Manager (CVE-2015-5254)
http://www.ibm.com/support/docview.wss?uid=swg21977546