End-of-Shift report
Timeframe: Mittwoch 07-09-2016 18:00 − Donnerstag 08-09-2016 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability
A vulnerability in session identification management functionality of the web-based management interface for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to hijack a valid user session ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc
Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1
Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an authenticated, remote attacker ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss
Return to libstagefright: exploiting libutils on Android
I’ve been investigating different fuzzing approaches on some Android devices recently, and this turned up the following rather interesting bug (CVE 2016-3861 fixed in the most recent Android Security Bulletin), deep in the ..
http://googleprojectzero.blogspot.com/2016/09/return-to-libstagefright-exploiting.html
[R1] LCE 4.8.1 Fixes Multiple Third-party Library Vulnerabilities
http://www.tenable.com/security/tns-2016-14
Critical Flaws Found in Network Management Systems
Four leading network management system providers patched nearly a dozen critical cross-site scripting vulnerabilities disclosed Wednesday by Rapid7.
http://threatpost.com/critical-flaws-found-in-network-management-systems-2/120407/
Updated DShield Blocklist
Earlier today, I updated how our block list is generated. The idea behind this is to avoid some false positives and to make the list more meaningful. As usual, ..
https://isc.sans.edu/diary.html?storyid=21453&
Stealing login credentials from a locked PC or Mac just got easier
20 seconds of physical access with a $50 device is all it takes.
http://arstechnica.com/security/2016/09/stealing-login-credentials-from-a-locked-pc-or-mac-just-got-easier/
The Limits of SMS for 2-Factor Authentication
A recent ping from a reader reminded me that Ive been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication ..
http://krebsonsecurity.com/2016/09/the-limits-of-sms-for-2-factor-authentication/
Erpressungstrojaner: FBI hofft auf mehr Anzeigen
Die Erpresser, die Computer kapern und verschlüsseln, werden immer professioneller. In den USA wünscht sich das FBI möglichst viele Anzeigen der Opfer, da jede Information im Kampf gegen die Verbrecher helfen könne.
http://heise.de/-3316101
Ten-year-old Windows Media Player hack is the new black, again
Why bother buying a zero-day when casual piracy and old code can p0wn thousands? Net scum are still finding ways to take down users with a decade-old Windows Media Player attack.
www.theregister.co.uk/2016/09/08/windows_media_player_malware_drm_security/
WordPress 4.6.1 upgrades security, fixes 15 bugs
WordPress 4.6.1 is now available. This is a security release for all previous versions and all users are strongly encouraged to update their sites immediately. The two ..
https://www.helpnetsecurity.com/2016/09/08/wordpress-4-6-1-upgrades-security/
Netzwerkanalyse: Version 2.2 von Wireshark freigegeben
Version 2.2 von Wireshark versteht eine Reihe neuer Protokolle. Zudem spricht es selbst inzwischen JSON und kann Pakete in diesem Format exportieren.
http://heise.de/-3316297
Denial of Service in extension "Speaking URLs for TYPO3" (realurl)
https://typo3.org/news/article/denial-of-service-in-extension-speaking-urls-for-typo3-realurl/
Xen Security Advisory CVE-2016-7154 / XSA-188
http://xenbits.xen.org/xsa/advisory-188.html
Xen Security Advisory CVE-2016-7094 / XSA-187
http://xenbits.xen.org/xsa/advisory-187.html
Xen Security Advisory CVE-2016-7093 / XSA-186
http://xenbits.xen.org/xsa/advisory-186.html
Xen Security Advisory CVE-2016-7092 / XSA-185
http://xenbits.xen.org/xsa/advisory-185.html
Citrix XenServer Multiple Security Updates
A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious privileged code running within a guest VM to compromise the host.
https://support.citrix.com/article/CTX216071
IBM Security Bulletin: A security vulnerability for cross-site scripting affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-2986)
This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ..
http://www.ibm.com/support/docview.wss?uid=swg21989940
IBM Security Bulletin: A vulnerability in PostgreSQL affects IBM Security Access Manager version 9 (CVE-2016-0773)
IBM Security Access Manager version 9 appliances are affected by a vulnerability in postgreSQL. CVE(s): CVE-2016-0773 Affected product(s) and affected version(s): IBM ..
http://www.ibm.com/support/docview.wss?uid=swg21989543
Urheberrecht: Datenpanne bei Abmahnsoftware
Eine Kanzlei, die gegen unrechtmäßige Nutzung von Fotos vorgeht, nutzt offenbar Software, die nachlässig konfiguriert ist. Unberechtigte Nutzer konnten Daten zu Mandaten und Abmahnungen einsehen.
http://www.golem.de/news/urheberrechte-datenpanne-bei-abmahnkanzlei-1609-123149.html