End-of-Shift report
Timeframe: Dienstag 28-06-2016 18:00 − Mittwoch 29-06-2016 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
How Red Hat uses CVSSv3 to Assist in Rating Flaws
Humans have been measuring risk since the dawn of time. "Im hungry, do I go outside my awesome cave here and forage for food? There might be something bigger, scarier, and hungrier than me out there...maybe I should wait?" Successfully navigating through life is a series of Risk/Reward calculations made each and every day. Sometimes, ideally, the choices are small ("Do I want fries with that?") while others can lead to catastrophic outcomes if the scenario isnt fully
https://access.redhat.com/blogs/766093/posts/CVSSv3
How to Compromise the Enterprise Endpoint
Posted by Tavis Ormandy.Symantec is a popular vendor in the enterprise security market, their flagship product is Symantec Endpoint Protection. They sell various products using the same core engine in several markets, including a consumer version under the Norton brand. Today we're publishing details of multiple critical vulnerabilities that we discovered, including many wormable remote code execution flaws.These vulnerabilities are as bad as it gets.
http://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html
E-Mail-Verschlüsselung für jedermann: Volksverschlüsselung steht bereit
Ab sofort können Windows-Nutzer die kostenlose Volksverschlüsselungs-Software nutzen, um E-Mails verschlüsselt über gängige Clients zu verschicken.
http://heise.de/-3250728
Europäisches Konsortium für cloud-basierte Unterschriften und Siegel gegründet
Zum Start der eIDAS-Verordnung haben euopäische Signatur-Dienstleister auf Initiative von Adobe das Cloud Signature Consortium (CSC) gegründet. Es soll einen offenen Standard für cloud-basierte Signaturen und Siegel erarbeiten.
http://heise.de/-3250807
Malware gibt sich als WhatsApp aus und stiehlt Daten
Auch andere Android-Apps wie Uber oder der Google Play Store wird von der Schadsoftware imitiert, um Kreditkartendaten zu erbeuten.
http://futurezone.at/digital-life/malware-gibt-sich-als-whatsapp-aus-und-stiehlt-daten/207.034.141
Home security systems hacked with 1234 password - Update
Many smart home security systems come with standard passwords. Potential intruders can deactivate them online and use them to spy on homes - the affected systems are in use in many countries globally.
http://www.heise.de/ct/artikel/Home-security-systems-hacked-with-1234-password-3248831.html
IBM Security Bulletins
IBM Security Bulletin: WebSphere Application Server Liberty API Discovery feature has potential vulnerability (CVE-2016-2945)
http://www-01.ibm.com/support/docview.wss?uid=swg21984502
IBM Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109)
http://www.ibm.com/support/docview.wss?uid=nas8N1021361
IBM Security Bulletin: Vulnerabilities in java affect Power Hardware Management Console (CVE-2016-3426 )
http://www.ibm.com/support/docview.wss?uid=nas8N1021385
IBM Security Bulletin: Cross Site Scripting (XSS) security vulnerabilities in IBM WebSphere Commerce (CVE-2016-2862)
http://www.ibm.com/support/docview.wss?uid=swg21983625
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Productivity Center (CVE-2016-0363)
http://www.ibm.com/support/docview.wss?uid=swg21986168
IBM Security Bulletin: A vulnerability in Open Source BeanShell has been addressed by IBM Kenexa LCMS Premier (CVE-2016-2510)
http://www.ibm.com/support/docview.wss?uid=swg21985108
IBM Security Bulletin: IBM Tealeaf Customer Experience installers vulnerable to attack (CVE-2016-2542)
http://www-01.ibm.com/support/docview.wss?uid=swg21981024
IBM Security Bulletin: Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2
http://www-01.ibm.com/support/docview.wss?uid=swg21985099
Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109)
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021361
Security Bulletin: Vulnerabilities in java affect Power Hardware Management Console (CVE-2016-3426 )
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021385