End-of-Shift report
Timeframe: Dienstag 03-05-2016 18:00 − Mittwoch 04-05-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Dev using Libarchive? Patch and push
Input validation bug opens code execution vuln The popular Libarchive open source compression library needs an update to cover a code execution vulnerability.
http://go.theregister.com/feed/www.theregister.co.uk/2016/05/04/dev_using_libarchive_patch_and_push/
Sicherheitsupdates: PHP anfällig für Remote Code Execution
Angreifer können verschiedenen PHP-Versionen aus der Ferne Schadcode unterjubeln. Drei abgesicherte Versionen schließen zwei Sicherheitslücken.
http://heise.de/-3196826
Neue Versionen von Apache Struts wehren sich gegen Schad-Code
Über eine Sicherheitslücke können Angreifer Server mit Apache Struts unter Umständen aus der Ferne attackieren und Code ausführen.
http://heise.de/-3196868
Petya: the two-in-one trojan
Petya Trojan is an unusual hybrid of an MBR blocker and data encryptor: it prevents not only the operating system from booting but also blocks normal access to files located on the hard drives of the attacked system.
http://securelist.com/blog/research/74609/petya-the-two-in-one-trojan/
Höflicher Erpressungstrojaner entschuldigt sich und bittet um Geschenke
Ein neuer Krypto-Trojaner geht um: Die Alpha Ransomware verlangt iTunes-Gutscheine vom Opfer, sonst bleiben die Daten mit AES-256 verschlüsselt. Der Erpresserbrief ist überraschend höflich, verschweigt allerdings wichtige Details.
http://heise.de/-3197135
Yet Another Padding Oracle in OpenSSL CBC Ciphersuites
Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it's in the code that fixes Lucky13.It was found by Juraj Somorovsky using a tool he developed called TLS-Attacker. Like in the "old days"...
https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
Neutrino exploit kit sends Cerber ransomware, (Wed, May 4th)
Introduction Seems like were always finding new ransomware. In early March 2016, BleepingComputer announced a new ransomware named Cerber had appeared near the end of February [1]. A few days later, the Malwarebytes blog provided further analysis and more details on subsequent Cerber samples [2]. Cerber is distributed through exploit kits (EKs) and malicious spam (malspam). Ive only seen .rtf attachments that download and install Cerber if opened in Microsoft Word [3]." /> Shown above:...
https://isc.sans.edu/diary.html?storyid=21017
Security Advisory: Stored XSS in bbPress
Exploitation Level: Easy/Remote DREAD Score: 6/10 Vulnerability: Stored XSS Patched Version: bbPress 2.5.9 During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress which is currently installed on 300,000 live websites - one of them being the popular wordpress.org support forum. Vulnerability Disclosure Timeline: April...
https://blog.sucuri.net/2016/05/security-advisory-stored-xss-bbpress-2.html
Xcode 7.3.1
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
https://support.apple.com/kb/HT206338
Cisco Prime Collaboration Assurance Open Redirect Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca
F5 Security Advisory: Multiple OpenSSL vulnerabilities CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
https://support.f5.com:443/kb/en-us/solutions/public/k/07/sol07538415.html?ref=rss
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)
http://www.ibm.com/support/docview.wss?uid=swg21982223
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2016-0799, CVE-2016-0702).
http://www.ibm.com/support/docview.wss?uid=swg21981764
IBM Security Bulletin: Potential vulnerabilities in IBM OpenPages GRC Platform with Application Server
http://www.ibm.com/support/docview.wss?uid=swg21982462
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Metrics Manager (CVE-2016-0448, CVE-2016-0466)
http://www.ibm.com/support/docview.wss?uid=swg21977134
IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition affect IBM Tivoli Network Manager IP Edition
http://www.ibm.com/support/docview.wss?uid=swg21975424
IBM Security Bulletin: Vulnerability in IBM InfoSphere Information Server installer could expose sensitive information (CVE-2015-7493)
http://www.ibm.com/support/docview.wss?uid=swg21982034
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2015-3194, CVE-2015-3195).
http://www.ibm.com/support/docview.wss?uid=swg21981765
IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Cognos Metrics Manager (CVE-2015-2017)
http://www.ibm.com/support/docview.wss?uid=swg21976798
IBM Security Bulletin: DB2 local escalation of privilege vulnerability affects IBM Tivoli Storage Manager server (CVE-2015-1947)
http://www.ibm.com/support/docview.wss?uid=swg21979698
IBM Security Bulletin: A security vulnerability has been identified in IBM Tivoli / Security Directory Server
http://www.ibm.com/support/docview.wss?uid=swg21980585
Next End-of-Shift report on 2016-05-06