End-of-Shift report
Timeframe: Mittwoch 06-04-2016 18:00 − Donnerstag 07-04-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Trojaner infiziert 3,2 Millionen Android-Geräte
Über 100 Apps im offiziellen Google Play Store wurden mit einem Trojaner ausgeliefert. Millionen Android-User sind laut Sicherheitsforschern betroffen.
http://futurezone.at/digital-life/trojaner-im-google-play-store-infiziert-3-2-millionen-android-geraete/191.279.960
Phishing Email That Knows Your Address
An anonymous reader writes: BBC is reporting about a new type of phishing email that includes the recipients home address. The publication, citing sources, claims that thousands of people have already received such malicious emails. Clicking on the email apparently installs malware such as Cryptlocker ransomware on the recipients computing device. From the report, "Members of the BBC Radio 4s You and Yours team were among those who received the scam emails, claiming they owed hundreds of
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/7bIiICdWlco/phishing-email-that-knows-your-address
Cisco warns of critical risks from web bugs and insecure SSH keys
Fresh round of network security patches served Cisco has released a fresh crop of security advisories, including warnings for critical flaws in the UCS, Prime Infrastructure and Evolved Programmable Network Manager (EPNM) that would allow an attacker to gain root access over its products.
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/06/cisco_warns_critical_flaws_three_products/
IETF-Tagung: Neue Vorschläge zum Sichern des Mailtransports
Mailserver hinken sicherheitsmäßig immer noch hinter Webservern her, wie ein TLS-Check der IHK Stuttgart jüngst verdeutlichte. Mailprovider haben sich nun zusammengetan, um bei der IETF mit "Strict Transport Security" voranzukommen.
http://heise.de/-3163818
Boffins boost IETF crypto efforts
Nice elliptic curves, now show us your hardware so we can do this to TLS A pair of German engineers want to give a push to the adoption of new crypto in the IETF by pushing the curves in RFC 7748 into hardware.
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/07/boffins_boost_ietf_crypto_efforts/
Remote code execution found and fixed in Apache OpenMeetings
Password token snatch might explain that unexpected weirdo in your next online meeting Recurity Labs hacker Andreas Lindh has found four vulnerabilities, including a remote code execution hole, in Apache OpenMeetings. The flaws mean attackers could hijack installations of the popular virtual meetings and shared whiteboard application.
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/07/apache_openmeetings_remote_code_exec/
Panama Papers: Die katastrophale IT-Sicherheitspraxis von Mossack Fonseca
Der Panama-Leaks-Firma Mossack Fonseca ist offenbar nicht nur das Steuerrecht herzlich egal - sondern auch die IT-Security. Kein TLS, Drown und uralte Versionen von Drupal und Outlook Web Access machen es Angreifern leicht.
http://www.golem.de/news/panama-papers-die-katastrophale-it-sicherheitspraxis-von-mossack-fonseca-1604-120194-rss.html
Bypassing Phone Security through Social Engineering
This works: Khan was arrested in mid-July 2015. Undercover police officers posing as company managers arrived at his workplace and asked to check his driver and work records, according to the source. When they disputed where he was on a particular day, he got out his iPhone and showed them the record of his work. The undercover officers asked to...
https://www.schneier.com/blog/archives/2016/04/bypassing_phone.html
Complete Tour of PE and ELF: Section Headers
In the previous part, we have discussed the ELF and Program Header. In this article, we will cover the remaining part i.e. section headers. We will also see what effect packers have on binaries headers. Below is the structure of Section Header Sh_name: Remember in ELF Header we talked about string table. sh_name is an...
http://resources.infosecinstitute.com/complete-tour-of-pe-and-elf-part-5/
Kärntner Unternehmen wurde Opfer eines Verschlüsselungs-Trojaners
Produktionsmaschine fiel in der Folge für einen Tag aus
http://derstandard.at/2000034398697
EUROCRYPT 2016 - supported by SBA Research
May 08, 2016 - May 12, 2016 - All Day Aula der Wissenschaften Wollzeile 27A Vienna
https://www.sba-research.org/events/eurocrypt-2016-supported-by-sba-research/
ECRYPT-CSA Workshop on Cryptographic protocols for small devices - supported by SBA Research
May 13, 2016 - All Day TU Wien Karlsplatz 13 1040 Wien
https://www.sba-research.org/events/ecrypt-csa-workshop-on-cryptographic-protocols-for-small-devices/
UPDATED: Security Advisory posted for Adobe Flash Player (APSA16-01)
A Security Advisory (APSA16-01) has been published regarding a critical vulnerability (CVE-2016-1019) in Adobe Flash Player. UPDATE: Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running *Windows 10 and earlier* with Flash Player...
https://blogs.adobe.com/psirt/?p=1330
Juniper Networks Completes ScreenOS Update
As we committed to in our January 8, 2016 blog, we have replaced the cryptographic algorithm in the latest release of ScreenOS 6.3.
https://forums.juniper.net/t5/Security-Incident-Response/Juniper-Networks-Completes-ScreenOS-Update/ba-p/290368
Bugtraq: CVE-2016-3672 - Unlimiting the stack not longer disables ASLR
http://www.securityfocus.com/archive/1/537996
DFN-CERT-2016-0567: McAfee Email Gateway: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0567/
Panda Security URL Filtering Privilege Escalation
Topic: Panda Security URL Filtering Privilege Escalation Risk: Medium Text:* CVE: CVE-2015-7378 * Vendor: Panda Security * Reported by: Kyriakos Economou * Date of Release: 05/04/2016 * Affected Pro...
https://cxsecurity.com/issue/WLB-2016040048
Panda Endpoint Administration Agent Privilege Escalation
Topic: Panda Endpoint Administration Agent Privilege Escalation Risk: Medium Text:* CVE: CVE-2016-3943 * Vendor: Panda Security * Reported by: Kyriakos Economou * Date of Release: 05/04/2016 * Affected Pro...
https://cxsecurity.com/issue/WLB-2016040047
Security Advisory: Java vulnerabilities CVE-2016-0466 and CVE-2016-0483
https://support.f5.com:443/kb/en-us/solutions/public/k/50/sol50118123.html?ref=rss
HP Security Bulletins
Bugtraq: [security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information
http://www.securityfocus.com/archive/1/538003
Bugtraq: [security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF)
http://www.securityfocus.com/archive/1/538005
HPE Universal Configuration Management Database Unspecified Flaw Lets Remote Users Obtain Information and Perform Redirect Attacks
http://www.securitytracker.com/id/1035505
HPSBNS03571 rev.1 - HPE NonStop Virtual TapeServer (VTS), Remote Arbitrary Code Execution, Denial of Service (DoS), Unauthorized Information Disclosure
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05073516
HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05073504
Cisco Security Advisories
Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode
Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts
Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2
Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1
Cisco UCS Invicta Default SSH Key Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM Pure Power Integration Manager (PPIM) (CVE-2016-0777, CVE-2016-0778)
http://www.ibm.com/support/docview.wss?uid=isg3T1023271
IBM Security Bulletin: SLOTH - Weak MD5 Signature Hash vulnerability may affect DS8000
http://www.ibm.com/support/docview.wss?uid=ssg1S1005735
IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-4872)
http://www.ibm.com/support/docview.wss?uid=swg21980641
IBM Security Bulletin:A vulnerability in IBM Java SDK affects IBM Image Construction and Composition Tool. (CVE-2015-4872)
http://www.ibm.com/support/docview.wss?uid=swg21980640
IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM Workload Deployer. (CVE-2015-4872)
http://www.ibm.com/support/docview.wss?uid=swg21980638
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Internet Pass-Thru (CVE-2015-4872)
http://www.ibm.com/support/docview.wss?uid=swg21979712
IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM PureApplication System. (CVE-2015-4872)
http://www.ibm.com/support/docview.wss?uid=swg21980639
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director (CVE-2015-4872 CVE-2015-4840 CVE-2015-4903 )
http://www.ibm.com/support/docview.wss?uid=isg3T1023588
IBM Security Bulletin: IBM InfoSphere Master Data Management Collaborative Edition affected by Privilege Escalation security vulnerabilities (CVE-2015-7424)
http://www.ibm.com/support/docview.wss?uid=swg21971542
IBM Security Bulletin: Multiple vulnerabilities have been identified in IBM Business Process Manager, and bundled products shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise
http://www.ibm.com/support/docview.wss?uid=swg2C1000112
IBM Security Bulletin: IBM TRIRIGA Application Platform Cross Site Scripting Vulnerability (CVE-2016-0344)
http://www.ibm.com/support/docview.wss?uid=swg21980234