End-of-Shift report
Timeframe: Donnerstag 07-04-2016 18:00 − Freitag 08-04-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Schweizer News-Site verbreitet Schadcode: Behörden und Firmen reagieren
Weil darüber offenbar gehäuft Schadcode verbreitet wird, haben nun die Schweizer Bundesverwaltung und mehrere große Unternehmen des Landes den Zugang ihrer Mitarbeiter zu einer der größten News-Sites des Landes gesperrt.
http://heise.de/-3165287
Security Features Nobody Implements, (Thu, Apr 7th)
Nobody may be wording it a bit strong. But adoption of these security features is certainly not taking off. If you can think of any features I forgot, then please comment: DNSSEC That is probably my favorite issue. DNSSEC fixes on of the most important protocols. Without it, spoofing is always possible, and in some cases not even terribly hard. I think there are a number of reasons it is not implemented: If you implement it, there is a good chance that you make your domain non-reachable if you...
https://isc.sans.edu/diary.html?storyid=20921&rss
Open-source vulnerabilities database shuts down
An open-source project dedicated to cataloguing a huge range of computer security flaws has closed its doors as of Tuesday, according to an announcement on the Open-Source Vulnerability Database's blog.The OSVDB, which was founded in 2002, was meant to be an independent repository for security information, allowing researchers to compare notes without oversight from large corporate software companies.One of its founders was HD Moore, a well-known hacker and security researcher, best known...
http://www.cio.com/article/3053695/open-source-tools/open-source-vulnerabilities-database-shuts-down.html#tk.rss_security
SBA Research @ Cyber-Physical Systems Week 2016
We will participate in the events of CPS Week 2016 (Vienna, Austria, April 11-14, 2016). On Monday (April 11), Johanna Ullrich presents our work on "The Quest for Privacy in the Consumer Internet of Things" at the International Workshop on Consumers and the Internet of Things (ConsIoT 2016). A live webcast by the IoEtv will...
https://www.sba-research.org/2016/04/08/sba-research-cyber-physical-systems-week-2016/
Adobe fixes CVE-2016-1019 Zero-Day exploited to serve ransomware
Cyber criminals are exploiting the Flash player zero-day vulnerability (CVE-2016-1019) affecting Flash Player 21.0.0.197 and earlier disclosed by Adobe. Cyber criminals are already exploiting the Flash player zero-day vulnerability (CVE-2016-1019) affecting Flash Player 21.0.0.197 and earlier (CVE-2016-1019) disclosed by Adobe this week. Researchers at security firm Proofpoint confirmed that cyber gangs are exploiting it to distribute a ransomware dubbed Cerber.
http://securityaffairs.co/wordpress/46107/malware/adobe-fixes-cve-2016-1019.html
Breaking Semantic Image CAPTCHAs
Interesting research: Suphannee Sivakorn, Iasonas Polakis and Angelos D. Keromytis, "I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs": Abstract: Since their inception, captchas have been widely used for preventing fraudsters from performing illicit actions. Nevertheless, economic incentives have resulted in an armsrace, where fraudsters develop automated solvers and, in turn, captcha services tweak their design to break the...
https://www.schneier.com/blog/archives/2016/04/breaking_semant.html
Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access
The Lemur Vehicle Monitors BlueDriver is an aftermarket automotive device that connects to a vehicles OBD-II port and provides information about the vehicles performance. The BlueDriver does not require a PIN for Bluetooth access, which allows anyone in range to send arbitrary commands to the vehicles CAN bus.
https://www.kb.cert.org/vuls/id/615456
DSA-3545 cgit - security update
Several vulnerabilities were discovered in cgit, a fast web frontend forgit repositories written in C. A remote attacker can take advantage ofthese flaws to perform cross-site scripting, header injection or denialof service attacks.
https://www.debian.org/security/2016/dsa-3545
DSA-3544 python-django - security update
Several vulnerabilities were discovered in Django, a high-level Pythonweb development framework. The Common Vulnerabilities and Exposuresproject identifies the following problems:
https://www.debian.org/security/2016/dsa-3544
Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160407-cic
Symantec ITMS Inventory Solution Application Denial Functionality Bypass
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160407_00
Security Updates Available for Adobe Flash Player (APSB16-10)
A Security Bulletin (APSB16-10) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin. Adobe...
https://blogs.adobe.com/psirt/?p=1334
SSA-751155 (Last Update 2016-04-08): Denial-of-Service Vulnerability in SCALANCE S613
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-751155.pdf
SSA-623229 (Last Update 2016-04-08): DROWN Vulnerability in Industrial Products
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229.pdf
SSA-301706 (Last Update 2016-04-08): GNU C Library Vulnerability in Industrial Products
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Chassis Management Module (CMM)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099307
Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Chassis Management Module (CVE-2016-0777, CVE-2016-0778)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099309
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260
Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Master Data Management
http://www.ibm.com/support/docview.wss?uid=swg21980207
IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Standards Processing Engine and IBM Transformation Extender Advanced (CVE-2015-1283)
http://www.ibm.com/support/docview.wss?uid=swg21977266&myns=swgother&mynp=OCSSDF7K&mync=E&cm_sp=swgother-_-OCSSDF7K-_-E
IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Standards Processing Engine and IBM Transformation Extender Advanced (CVE-2015-3183)
http://www.ibm.com/support/docview.wss?uid=swg21977267&myns=swgother&mynp=OCSSDF7K&mync=E&cm_sp=swgother-_-OCSSDF7K-_-E