End-of-Shift report
Timeframe: Mittwoch 11-05-2016 18:00 − Donnerstag 12-05-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Security Updates Available for Adobe Flash Player (APSB16-15)
A Security Bulletin (APSB16-15) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin. Adobe...
https://blogs.adobe.com/psirt/?p=1352
Tips to Prevent Ransomware in Healthcare Environments
If 2015 was the year of the healthcare breach, 2016 is shaping up to be the year of ransomware. By this time last year, 105 healthcare breaches had been reported to the U.S. Department of...
http://researchcenter.paloaltonetworks.com/2016/05/tips-to-prevent-ransomware-in-healthcare-environments/
Entpacker 7-Zip kann zum Ausführen von Schadcode missbraucht werden
Über eine Lücke im Kompressions-Tool 7-Zip können Angreifer Schadcode ausführen und eventuell auch den Rechner des Opfers kapern. Besonders brisant: Der Open-Source-Code des Tools steckt auch in Sicherheitssoftware.
http://heise.de/-3206787
US-CERT warnt Betreiber von SAP-Systemen
Anlass der Sicherheitswarnung des Computer-Notfall-Teams der USA ist ein Bericht, demzufolge mindestens 36 Organisationen in der ganzen Welt über eine SAP-Lücke angegriffen und kompromittiert wurden.
http://heise.de/-3207245
New Wave of the Test0.com/Test5.xyz Redirect Hack
Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domain. This week the default7 .com domain went down but the attackers returned with a new wave of site infections and the new redirecting domain - test5 .xyz (registered just a few...
https://blog.sucuri.net/2016/05/test0test5-com-redirect-hack-new-wave.html
Popular cache Squid skids as hacker pops lid
Yet another mess we can blame on the combination of Flash and advertising Tsinghua University postgraduate student Jianjun Chen has reported a critical cache poisoning vulnerability in the Squid proxy server, a transparent cache widely deployed by internet service providers.
http://go.theregister.com/feed/www.theregister.co.uk/2016/05/12/telco_fave_squid_skids_as_hacker_pops_lid/
Giving up Your Roots: A Root Remedy Checklist
As an IT organization, should you be concerned that your sysAdmins login as root, su to root, or sudo su to root?The post Giving up Your Roots: A Root Remedy Checklist appeared first on BeyondTrust.
https://www.beyondtrust.com/blog/root-remedy-checklist/
Facebook CTF platform is now open source
Capture the Flag competitions are a good - not to mention legal - way for hackers to build and hone their skills. But, quality CTF environments are difficult and expensive to build and run. This is a burden that Facebook aims to lighten by open sourcing the Facebook CTF platform, devised for the training of their own employees and used around the world by various organizations looking to interest kids in computer security. The now-free...
https://www.helpnetsecurity.com/2016/05/12/facebook-ctf-platform-open-source/
From the Netherlands Presidency of the EU Council: Coordinated vulnerability disclosure Manifesto signed
Approximately 30 organisations have signed the Coordinated Vulnerability Disclosure Manifesto today, in which they declare to support the principle of having a point of contact to report IT vulnerabilities to and already have this set up in their own organisations, or they plan to do so soon. By signing the manifesto, the participating...
https://www.enisa.europa.eu/news/member-states/from-the-netherlands-presidency-of-the-eu-council-coordinated-vulnerability-disclosure-manifesto-signed
DFN-CERT-2016-0770: Jenkins: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0770/
DFN-CERT-2016-0739: OpenVPN: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0739/
Security Notice - Statement on Bogner Florian Revealing Privilege Escalation Vulnerability in Huawei E5373 LTE Mobile Wi-Fi Products
http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20160512-01-e5373-en
F5 Security Advisory: Nginx vulnerabilities CVE-2016-0742, CVE-2016-0746, and CVE-2016-0747
https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23073482.html?ref=rss
BulletProof Security <= .53.3 - Multiple XSS Vulnerabilities
https://wpvulndb.com/vulnerabilities/8492
Bugtraq: [security bulletin] HPSBHF03592 rev.1 - HPE VAN SDN Controller OVA using OpenSSL, Multiple Remote Vulnerabilities
http://www.securityfocus.com/archive/1/538359
Bugtraq: [security bulletin] HPSBNS03581 rev.2 - HPE NonStop Servers running Samba (NS-Samba), Multiple Remote Vulnerabilities
http://www.securityfocus.com/archive/1/538360
Bugtraq: [security bulletin] HPSBST03598 rev.1 - HPE 3PAR OS using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution
http://www.securityfocus.com/archive/1/538365
Bugtraq: [security bulletin] HPSBST03586 rev.1 - HPE 3PAR OS, Remote Unauthorized Modification
http://www.securityfocus.com/archive/1/538364
Bugtraq: [security bulletin] HPSBST03599 rev.1 - HPE 3PAR OS running OpenSSH, Remote Denial of Service (DoS), Access Restriction Bypass
http://www.securityfocus.com/archive/1/538366
IBM Security Bulletins
IBM Security Bulletin:Vulnerability in IBM Java Runtime affect IBM Host On-Demand (CVE-2016-0363)
http://www.ibm.com/support/docview.wss?uid=swg21982489
IBM Security Bulletin: Vulnerability in Web Browser XSS Protection affects IBM Algorithmics Algo Risk Application - CVE-2016-0390
http://www.ibm.com/support/docview.wss?uid=swg21981321
IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect WebSphere Application Server shipped with SmartCloud Provisioning
http://www.ibm.com/support/docview.wss?uid=swg2C1000105
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)
http://www.ibm.com/support/docview.wss?uid=swg21982883
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Workload Deployer. (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)
http://www.ibm.com/support/docview.wss?uid=swg21982877
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus
http://www.ibm.com/support/docview.wss?uid=swg21982172
IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7488)
http://www.ibm.com/support/docview.wss?uid=swg21982874
IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7456)
http://www.ibm.com/support/docview.wss?uid=swg21982873
IBM Security Bulletin: A potential vulnerability in IBM Java SDK affect InfoSphere Streams (CVE-2015-4872)
http://www.ibm.com/support/docview.wss?uid=swg21973403