End-of-Shift report
Timeframe: Montag 07-03-2016 18:00 − Dienstag 08-03-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
PhishLabs on the growing sophistication of business email scams
At the 2016 RSA Conference, CSOs Steve Ragan chats with Joseph Opacki from PhishLabs about how cyber-criminals are becoming increasingly smarter about targeting specific high-end business users to try and steal data or money.
http://www.cio.com/video/63026/phishlabs-on-the-growing-sophistication-of-business-email-scams#tk.rss_security
Google plugs 19 holes in newest Android security update
In the March 2016 security update for the Android Open Source Project (AOSP), Google has fixed 19 security issues, seven of which are considered to be critical. Among these, and admittedly the most important to patch, are two remote code execution vulnerabilities in - yes, you've guessed it - Mediaserver. Mediaserver is a service in Android that allows the device to index media files that are located on it. The vulnerabilities in question (CVE-2016-0815, CVE-2016-0816)...
https://www.helpnetsecurity.com/2016/03/08/android-security-update/
Free and Commercial Tools to Implement the Center for Internet Security (CIS) Security Controls, Part 12: Controlled Use of Administrative Privileges
This is Part 12 of a How-To effort to compile a list of tools (free and commercial) that can help IT administrators comply with what was formerly known as the "SANS Top 20 Security Controls". It is now known as the Center for Internet Security (CIS) Security Controls. A summary of the previous posts is here: Part 1 - we looked at Inventory of Authorized and Unauthorized Devices. Part 2 - we looked at Inventory of Authorized and Unauthorized Software. Part 3 - we looked at Secure...
https://www.alienvault.com/blogs/security-essentials/free-and-commercial-tools-to-implement-the-center-for-internet-security-cis-security-controls-part-12-controlled-use-of-administrative-privileges
Cloud sellers who acted on Heartbleed sink when it comes to DROWN
An out-stretched arm slowly disappears... Response to the critical web-crypto-blasting DROWN vulnerability in SSL/TLS by cloud services has been much slower than the frantic patching witnessed when the Heartbleed vulnerability surfaced two years ago.
http://go.theregister.com/feed/www.theregister.co.uk/2016/03/08/drown_vulnerability_web_crypto_cloud/
Erpressungs-Trojaner Keranger: Wie Sie Ihren Mac schützen
Erstmals zielt funktionstüchtige Ransomware auf OS-X-Nutzer ab. Nach der Infektion bleiben drei Tage, bis "Keranger" Dokumente verschlüsselt. Nutzer sollten prüfen, ob sie betroffen sind - und Gegenmaßnahmen ergreifen.
http://heise.de/-3130854
Security Bulletins Posted
Security Bulletins for Adobe Digital Editions (APSB16-06) as well as Adobe Acrobat and Reader (APSB16-09) have been published. Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant security bulletin. A security...
https://blogs.adobe.com/psirt/?p=1322
DFN-CERT-2016-0402: ISC DHCP: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0402/
DFN-CERT-2016-0405: PuTTY: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0405/
DFN-CERT-2016-0400: BlackBerry powered by Android: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes mit den Rechten des Mediaservers
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0400/
Bugtraq: ESA-2016-012: EMC Documentum xCP - User Information Disclosure Vulnerability
http://www.securityfocus.com/archive/1/537712
[R3] OpenSSL 20160301 Advisory Affects Tenable Nessus
http://www.tenable.com/security/tns-2016-03
Security Advisory: Libpng vulnerability CVE-2015-8472
https://support.f5.com:443/kb/en-us/solutions/public/k/81/sol81903701.html?ref=rss
Security Advisory: OpenSSL vulnerabilities CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800
https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23196136.html?ref=rss
IBM Security Bulletins
IBM Security Bulletin: GNU C library (glibc) and OpenSSL vulnerabilities affect WebSphere Cast Iron. (CVE-2015-7547 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-1794)
http://www.ibm.com/support/docview.wss?uid=swg21978339
IBM Security Bulletin: Multiple vulnerabilities in current releases of IBM SDK for Node.js in IBM Bluemix (CVE-2015-3197, CVE-2016-2086, CVE-2016-2216)
http://www.ibm.com/support/docview.wss?uid=swg21977242
IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM XIV Gen2 (CVE-2016-0777, CVE-2016-0778)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005618
IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM XIV Gen3 (CVE-2016-0777, CVE-2016-0778)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005619
IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM XIV Gen3 systems and IBM XIV Management Tools (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005615