End-of-Shift report
Timeframe: Dienstag 05-04-2016 18:00 − Mittwoch 06-04-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Security Advisory posted for Adobe Flash Player (APSA16-01)
A Security Advisory (APSA16-01) has been published regarding a critical vulnerability (CVE-2016-1019) in Adobe Flash Player. Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP with Flash Player version 20.0.0.306 and earlier.
https://blogs.adobe.com/psirt/?p=1330
Security: Ungepatchte Flash-Lücke wird aktiv ausgenutzt
Es ist mal wieder Flash-Player-deinstallieren-Tag. Eine derzeit ungepatchte Sicherheitslücke wird aktiv ausgenutzt, immerhin existiert ein Workaround. Adobe will aber bald reagieren.
http://www.golem.de/news/security-ungepatchte-flash-luecke-wird-aktiv-ausgenutzt-1604-120169-rss.html
Server software poses soft target for ransomware
An alternate method for infecting computers with ransomware signals a shift in tactics by cybercriminals that could put businesses at greater risk, according to Symantec.A type of ransomware called Samsam has been infecting organizations but is not installed in the usual way."Samsam is another variant in a growing number of variants of ransomware, but what sets it apart from other ransomware is how it reaches its intended targets by way of unpatched server-side software," Symantec...
http://www.cio.com/article/3052553/server-software-poses-soft-target-for-ransomware.html#tk.rss_security
SAP Security - Think Different
Today we will discuss how SAP Security differs from traditional IT security. While in most cases security is security, no matter what we discuss, in SAP area there are some unique features. First of all, it is the question of responsibility. It's not a secret that SAP is owned and managed by business, which, to...
http://resources.infosecinstitute.com/sap-security-think-different/
Gpg4win 2.3.1 released
New in Gpg4win Version 2.3.1 (2015-04-05)
- GpgOL now has an option dialog where S/MIME can be disabled.
- GpgOL now supports the 64 Bit version of Microsoft Outlook.
- ...
https://lists.wald.intevation.org/pipermail/gpg4win-announce/2016-April/000068.html
Researchers release PoC exploit for broken IBM Java patch
Polish firm Security Explorations has had enough of broken patches for security vulnerabilities it has reported to vendors. On Monday, the company's CEO Adam Gowdiak has published on the Full Disclosure mailing list the technical details and PoC code for exploiting a security issue in IBM Java that has been poorly patched by the vendor. The flaw was discovered by Security Explorations researchers in early 2013. This is the 6th instance of a broken patch...
https://www.helpnetsecurity.com/2016/04/06/broken-ibm-java-patch/
AdLoad: an advertisement bombarder
The AdLoad PUP is an infection that presents its victims with a great variation of advertisements, fake alerts, dubious offers, and even other PUPs. It targets users by location and OS.Categories: PUPs Threat analysisTags: adloadadvertisementfake alertMalwarebytesPieter ArntzPUPscam(Read more...)
https://blog.malwarebytes.org/threat-analysis/2016/04/adload-an-advertisement-bombarder/
FBI Warns of Dramatic Increase in Business E-Mail Scams
FBI officials are warning potential victims of a dramatic rise in the business e-mail compromise scam or "B.E.C.", [...] Law enforcement globally has received complaints from victims in every U.S. state and in at least 79 countries. [...] This amounted to more than $2.3 billion in losses.
https://www.fbi.gov/phoenix/press-releases/2016/fbi-warns-of-dramatic-increase-in-business-e-mail-scams
Crypto ransomware targets called by name in spear-phishing blast
Once the domain of espionage, personalized scams embraced by profit-driven scammers.
http://arstechnica.com/security/2016/04/crypto-ransomware-targets-called-by-name-in-spear-phishing-blast/
CONIKS
CONIKS is an new easy-to-use transparent key-management system: CONIKS is a key management system for end users capable of integration in end-to-end secure communication services. The main idea is that users should not have to worry about managing encryption keys when they want to communicate securely, but they also should not have to trust their secure communication service providers to...
https://www.schneier.com/blog/archives/2016/04/coniks.html
DeepSec 2015 Videos (Youtube Playlist)
DeepSec 2015 IN-DEPTH SECURITY CONFERENCE - 17th to 20th November 2015 The Imperial Riding School Vienna, Austria
https://www.youtube.com/playlist?list=PLBA0WdWrcrCHpBtNgK-H64_S6-xBpzILR
ICS/SCADA Threat Intelligence Sharing Portal (March 31, 2016)
The EastWest Institute and the US Department of Homeland Securitys ICS-CERT have launched a portal for operators of critical infrastructure around the world to share threat information...
http://www.sans.org/newsletters/newsbites/r/18/27/308
Von Moorhühnern, Autounfällen und veralteter Software
Peter fährt mit seinem Auto für dessen tourliche Untersuchung auf Fahrtüchtigkeit - kurz, Pickerl - zu seiner vertrauten Autowerkstatt. Nach rund einer halben Stunde sagt ihm der Mechaniker, dass die Bremsleitungen seines Autos stark korrodiert seien und es nur noch eine Frage der Zeit wäre, bis diese platzen und es folglich zu einem Ausfall der Bremsen käme. Peter schluckt: "Na, da hab ich...
http://www.cert.at/services/blog/20160406112228-1706.html
VLC Media Player Buffer Overflow in Processing WAV Files Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1035456
Security Advisory: Java vulnerabilities CVE-2016-4066 and CVE-2016-0483
https://support.f5.com:443/kb/en-us/solutions/public/k/50/sol50118123.html?ref=rss
DSA-3542 mercurial - security update
Several vulnerabilities have been discovered in Mercurial, a distributedversion control system. The Common Vulnerabilities and Exposures projectidentifies the following issues:
https://www.debian.org/security/2016/dsa-3542
DFN-CERT-2016-0556: Red Hat JBoss Enterprise Application Platform: Zwei Schwachstellen ermöglichen einen Denial-of-Service-Angriff
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0556/
Pro-face GP-Pro EX HMI Vulnerabilities
This advisory contains mitigation details for hard-coded credentials in Pro-face's GP-Pro EX HMI software.
https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01
Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerabilities
This advisory was originally posted to the US-CERT secure Portal library on March 1, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for vulnerabilities in Eaton Lighting Systems' EG2 Web Control application.
https://ics-cert.us-cert.gov/advisories/ICSA-16-061-03
Rockwell Automation Integrated Architecture Builder Access Violation Memory Error
This advisory was originally posted to the US-CERT secure Portal library on February 25, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for an access violation memory error in Rockwell Automation's Integrated Architecture Builder application.
https://ics-cert.us-cert.gov/advisories/ICSA-16-056-01
Bugtraq: op5 v7.1.9 Remote Command Execution
http://www.securityfocus.com/archive/1/537992
Bugtraq: CA20160405-01: Security Notice for CA API Gateway
http://www.securityfocus.com/archive/1/537991
[HTB23286]: SQL Injection in SocialEngine
Product: SocialEngine v4.8.9Vulnerability Type: SQL Injection [CWE-89]Risk level: High Creater: WebligoAdvisory Publication: December 21, 2015 [without technical details]Public Disclosure: April 6, 2016 CVE Reference: Pending CVSSv2 Base Score: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L] Vulnerability Details: High-Tech Bridge Security Research Lab discovered SQL-Injection vulnerability in a popular social networking software SocialEngine. The vulnerability can be exploited to gain
https://www.htbridge.com/advisory/HTB23286
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in Samba affect IBM i
http://www.ibm.com/support/docview.wss?uid=nas8N1021200
IBM Security Bulletin: IBM TRIRIGA Application Platform Privilege Escalation (CVE-2016-0342)
http://www.ibm.com/support/docview.wss?uid=swg21980252
IBM Security Bulletin: IBM TRIRIGA Application Platform Cross Site Request Forgery Vulnerability (CVE-2016-0346)
http://www.ibm.com/support/docview.wss?uid=swg21980237
IBM Security Bulletin: IBM TRIRIGA Application Platform Information disclosure (CVE-2016-0345)
http://www.ibm.com/support/docview.wss?uid=swg21980233
IBM Security Bulletin: IBM TRIRIGA Application Platform Information Disclosure (CVE-2016-0343)
http://www.ibm.com/support/docview.wss?uid=swg21980229
IBM Unauthenticated access to information in IBM TRIRIGA Application Platform (CVE-2016-0312)
http://www.ibm.com/support/docview.wss?uid=swg21979762
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM BigFix Remote Control and IBM Endpoint Manager for Remote Control (CVE-2015-3194)
http://www.ibm.com/support/docview.wss?uid=swg21978415
IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702)
http://www.ibm.com/support/docview.wss?uid=swg21978869
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4.
http://www.ibm.com/support/docview.wss?uid=swg21978941
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM MQ Appliance
http://www.ibm.com/support/docview.wss?uid=swg21979829
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2016-0800, CVE-2016-0705 and CVE-2016-0797)
http://www.ibm.com/support/docview.wss?uid=swg21980451
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Netezza Host Management
http://www.ibm.com/support/docview.wss?uid=swg21979983
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect Tivoli Workload Scheduler (CVE-2016-0705, CVE-2016-0702, CVE-2016-0800, CVE-2016-0701)
http://www.ibm.com/support/docview.wss?uid=swg21979602
IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment, Tivoli Provisioning Manager for Images
http://www.ibm.com/support/docview.wss?uid=swg21979311
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704)
http://www.ibm.com/support/docview.wss?uid=swg21978489