End-of-Shift report
Timeframe: Freitag 04-03-2016 18:00 − Montag 07-03-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
When a WordPress Plugin Goes Bad
Last summer we shared a story about the SweetCaptcha WordPress plugin injecting ads and causing malvertising problems for websites that leveraged the plugin. When this plugin was removed from the official WordPress Plugin directory, the authors revived another WordPress account with a long abandoned plugin and uploaded SweetCaptcha as a "new version" of that plugin.
https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.html
Novel method for slowing down Locky on Samba server using fail2ban, (Sun, Mar 6th)
One of our loyal readers, Gebhard, pointed out a nice post (in German) on how to slow down Lockyif you are using a Samba server for filesharing in your environment. The technique takes advantage of fail2ban and some additional Samba logging to keep Locky from encrypting all the files on the share. It is worth a look. ">[de]:">[en]:
https://translate.google.com/translate?sl=autotl=enjs=yprev=_thl=enie=UTF-8u=http%3A%2F%2Fheise.de%2F-3120956edit-text= Jim Clausing,
https://isc.sans.edu/diary.html?storyid=20805&rss
KeRanger: Erste Ransomware-Kampagne bedroht Mac OS X
Ein Erpressungs-Trojaner verschlüsselt erstmals auch Daten von Mac-Nutzern. Der Schädling versteckt sich im BitTorrent-Client Transmission. Apple und die Entwickler haben bereits reagiert.
http://heise.de/-3129346
Bundestags-Hack: Angriff mit gängigen Methoden und Open-Source-Tools
Interne Dokumente bringen neue Details zum Hackerangriff auf den Bundestag im letzten Jahr ans Licht: Die Angreifer bedienten sich gängiger Methoden und setzten frei verfügbare Werkzeuge ein.
http://heise.de/-3129862
Maintainers of new generic top level domains have a hard time keeping abuse in check
Generic top-level domains (gTLDs) that have sprung up in recent years have become a magnet for cybercriminals, to the point where some of them host more malicious domains than legitimate ones.Spamhaus, an organization that monitors spam, botnet and malware activity on the Internet, has published a list of the worlds top 10 "worst TLDs" on Saturday. Whats interesting is that the list is not based on the overall number of abusive domains hosted under a TLD, but on the TLDs ratio of...
http://www.cio.com/article/3041338/maintainers-of-new-generic-top-level-domains-have-a-hard-time-keeping-abuse-in-check.html#tk.rss_security
DFN-CERT-2016-0398: Squid: Zwei Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0398/
HPE Network Automation Unspecified Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1035192
Filr 2.0 - Security Update 1
Abstract: Security Updates for glibc and nscd on the Filr, Search and MySQL 2.0.0 appliances (CVE-2015-7547).Document ID: 5237510Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:MySQL-2.0.0.182.HP.zip (21.71 MB)Filr-2.0.0.422.HP.zip (23.03 MB)Search-2.0.0.400.HP.zip (21.71 MB)Products:Filr 2Superceded Patches: None
https://download.novell.com/Download?buildid=LqikC-Hosps~
Filr 1.2 - Security Update 2
Abstract: Security Updates for glibc and nscd on the Filr, Search and MySQL 1.2.0 appliances (CVE-2015-7547).Document ID: 5237480Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:Filr-1.2.0.861.HP.zip (23.03 MB)MySQL-1.2.0.413.HP.zip (21.71 MB)Search-1.2.0.998.HP.zip (21.71 MB)Products:Filr 1.2Superceded Patches: None
https://download.novell.com/Download?buildid=PQBDzZUKFac~
Sentinel 7.4 SP1 (Sentinel 7.4.1.0) Build 2512
Abstract: Sentinel 7.4.1 upgrade for Sentinel 7.4Document ID: 5237090Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_server-7.4.1.0-2512.x86_64.tar.gz.sha256 (109 bytes)sentinel_server-7.4.1.0-2512.x86_64.tar.gz (1.74 GB)Products:SentinelSentinel 7.3Sentinel 7.3.1Sentinel 7.3.2Sentinel 7.4Sentinel 7.2Sentinel 7.2.1Sentinel 7.2.2Sentinel 7.4.1Superceded Patches: None
https://download.novell.com/Download?buildid=ZEMvbiAk5k8~
innovaphone IP222 / IP232 Denial Of Service
Topic: innovaphone IP222 / IP232 Denial Of Service Risk: Medium Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA512 Advisory ID: SYSS-2015-053 Product: innovaphone IP222/IP232 Manufacturer: inn...
https://cxsecurity.com/issue/WLB-2016030035
Bugtraq: Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link)
http://www.securityfocus.com/archive/1/537708
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in libpng affect PowerKVM (CVE-2015-8126, CVE-2015-8472)
2016-03-07T08:14:25-05:00
http://www.ibm.com/support/docview.wss?uid=isg3T1023374
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM MQ Appliance (CVE-2015-7547)
http://www.ibm.com/support/docview.wss?uid=swg21977498
IBM Security Bulletin: Multiple vulnerabilities in the GNU C Library (glibc) affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1023385
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Guardium (CVE-2015-7547)
http://www.ibm.com/support/docview.wss?uid=swg21977444
IBM Security Bulletin: Vulnerabilities in grub2 affect PowerKVM (CVE-2015-5281, CVE-2015-8370)
http://www.ibm.com/support/docview.wss?uid=isg3T1023376
IBM Security Bulletin: Vulnerability in netcf affects PowerKVM (CVE-2014-8119)
http://www.ibm.com/support/docview.wss?uid=isg3T1023367
IBM Security Bulletin: Lotus Protector for Mail affected by libcurl vulnerability (CVE-2016-0755)
http://www.ibm.com/support/docview.wss?uid=swg21977843
IBM Security Bulletin: Multiple vulnerabilities in libxml2 affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1023350
IBM Security Bulletin: Vulnerability in bind affects PowerKVM (CVE-2015-8704)
http://www.ibm.com/support/docview.wss?uid=isg3T1023372
IBM Security Bulletin: Vulnerabilities in MIT Kerberos 5 (krb5) affect PowerKVM (CVE-2014-5355, CVE-2015-2694)
http://www.ibm.com/support/docview.wss?uid=isg3T1023354
IBM Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1023349
IBM Security Bulletin: Vulnerability in xfsprogs affects PowerKVM (CVE-2012-2150)
http://www.ibm.com/support/docview.wss?uid=isg3T1023356
IBM Security Bulletin: Multiple vulnerabilities in Gnu binutils affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1023355