End-of-Shift report
Timeframe: Montag 21-03-2016 18:00 − Dienstag 22-03-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Moodle Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information and Bypass Security Restrictions and Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1035333
Libxml2 Memory Allocation Error in xmlStringGetNodeList() Lets Remote Users Consume Excessive Memory Resources
http://www.securitytracker.com/id/1035335
D-Link DWR-932 Authentication Bypass / Password Disclosure
https://cxsecurity.com/issue/WLB-2016030115
AsusTEK asio.sys MSR Manipulation
https://cxsecurity.com/issue/WLB-2016030116
Google slings critical patch at exploited Linux kernel root hole
Android re-installation ahoy to sink privilege elevation that opens avenue for rooting apps Google has shipped an out-of-band patch for Android shuttering a bug that is under active exploitation to root devices.
www.theregister.co.uk/2016/03/22/google_slings_critcial_patch_at_exploited_linux_kernel_root_hole/
IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affects IBM Rational DOORS Next Generation
http://www.ibm.com/support/docview.wss?uid=swg21978747
IBM Security Bulletin: Lotus Quickr 8.5 for WebSphere Portal January 2016 CPU (CVE-2016-0448)
http://www.ibm.com/support/docview.wss?uid=swg21977579
Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2015-7575)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099195
IBM Security Bulletin: Vulnerability in Apache Cordova affects IBM MobileFirst Platform Foundation (CVE-2015-5256)
http://www.ibm.com/support/docview.wss?uid=swg2C1000109
Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2015-5600)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098977
Samba-Entwickler warnen vor Lücke auch in Windows
Badlock heißt eine kritische Sicherheitslücke, die Samba-Entwickler in ihrer eigenen Software, aber auch in Windows entdeckt haben. Sie warnen die Betreiber solcher Server eindringlich, am 12. April Zeit für das Einspielen von Patches einzuplanen.
http://heise.de/-3148379
Deluge of Apple Patches Fix iMessage Crypto Bug, Much More
Apple deployed patches for nearly all of its products, including Safari, OS X, iOS, Apple TV's tvOS, and watchOS on Monday.
http://threatpost.com/deluge-of-apple-patches-fix-imessage-crypto-bug-much-more/116926/
"E-ISAC and SANS Report On The Ukrainian Grid Attack"
Yesterday the SANS ICS team released its Defense Use Case (DUC) #5 analyzing the cyber-attack that impacted Ukraine on December 23, 2015. The paper is written from the perspective of what lessons that can be learned from the event. The ..
http://ics.sans.org/blog/2016/03/22/e-isac-and-sans-report-on-the-ukrainian-grid-attack
A look at Locky ransomware
The Locky ransomware was first spotted in the wild last month in February 2016. Locky came to limelight when it hit the Hollywood Hospital last month causing the hospital to pay bitcoins worth 17,000$ USD in ransom. Locky is known to ..
http://research.zscaler.com/2016/03/a-look-at-locky-ransomware.html