End-of-Shift report
Timeframe: Freitag 11-03-2016 18:00 − Montag 14-03-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
VU#713312: DTE Energy Insight app vulnerable to information exposure
The DTE Energy Insight app API allows an authenticated user to obtain and query certain limited customer information from other customers.
http://www.kb.cert.org/vuls/id/713312
Mehr als zwei Jahre alter Java-Security-Patch von Oracle immer noch verwundbar
Geht es nach dem Sicherheitsexperten Adam Gowdiak hat Oracle vor mehr als zwei Jahren eine Sicherheitslücke falsch bewertet und zudem bei dem Patch gepfuscht, der den Fehler eigentlich hätte beseitigen sollen.
http://www.heise.de/newsticker/meldung/Mehr-als-zwei-Jahre-alter-Java-Security-Patch-von-Oracle-immer-noch-verwundbar-3133437.html
The Source of All Major Android Banking Trojans Just Got Updated To V2
An anonymous reader writes: Apparently, during the past months it has started coming to the surface the fact that most top-tier Android malware was actually related, coming from a common malware variant called GM Bot, and sold for only ..
http://news.slashdot.org/story/16/03/12/1556259/the-source-of-all-major-android-banking-trojans-just-got-updated-to-v2
Google Chrome Extension Caught Stealing Bitcoin From Users
An anonymous reader writes: Bitcoin exchange portal Bitstamp is warning users of a Google Chrome extension that steals their Bitcoin when making a transfer. According to Bitstamp, this extension contains malicious code that is redirecting ..
http://news.slashdot.org/story/16/03/12/2328254/google-chrome-extension-caught-stealing-bitcoin-from-users
Armada Collective is back, extorting Financial Intuitions in Switzerland
These extortion emails usually originate from free email service providers (such as Gmail or Openmail) and are being sent to the info@ email address of the targeted financial institution. Unlike the extortion attempts conducted by Armada Collective in September 2015, we are not aware of ..
http://www.govcert.admin.ch/blog/19/armada-collective-is-back-extorting-financial-intuitions-in-switzerland
Auto vulnerability scanners turn up mostly false positives
Automated vulnerability scanners turn up mostly false positives, but even the wild goose chase that results can be cheaper for businesses than manual processes, according to NCC Group security engineer Clint Gibler.
http://www.theregister.co.uk/2016/03/14/cheap_auto_vulnerability_scanners_can_have_a_16000_opex_tag/
SSA-833048 (Last Update 2016-03-14): Vulnerability in SIMATIC S7-1200 CPUs prior to V4
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-833048.pdf
IBM Security Bulletin: GNU C library (glibc) vulnerability affects TS4500 (CVE-2015-7547)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005695
IBM Security Bulletin: glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
http://www.ibm.com/support/docview.wss?uid=isg3T1023395
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection
http://www.ibm.com/support/docview.wss?uid=swg21975835
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry (CVE-2016-0475 CVE-2016-0448 CVE-2015-7575 CVE-2016-0466)
http://www.ibm.com/support/docview.wss?uid=isg3T1023378
Botnets Plague the Web. This AI Is Out to Stop Them
A group of Israeli researchers believe they are the first to have discovered a way to locate botnets and identify who is behind them, by planting honeypots that gather information about attacks carried out by the network, and analyzing that data with machine learning programs.
https://motherboard.vice.com/read/botnets-plague-the-web-this-ai-is-out-to-stop-them
Broken 2013 Java Patch Leads to Sandbox Bypass
A patch for a critical 2013 Java vulnerability is incomplete, and exposes Java servers and clients to a sandbox bypass, researchers at Security Explorations of Poland said.
http://threatpost.com/broken-2013-java-patch-leads-to-sandbox-bypass/116757/