End-of-Shift report
Timeframe: Donnerstag 08-09-2016 18:00 − Freitag 09-09-2016 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine Denial of Service Vulnerability
A vulnerability in the SSL/TLS functions of the Cisco ACE30 Application Control Engine Module and the Cisco ACE 4700 Series Application Control Engine Appliances could allow an unauthenticated, remote attacker to cause a denial of ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160908-ace
DSA-3662 inspircd - security update
It was discovered that incorrect SASL authentication in the InspircdIRC server may lead to users impersonating other users.
https://www.debian.org/security/2016/dsa-3662
ZDI-16-505: AlienVault Unified Security Management get_directive_kdb directive_id SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-16-505/
ZDI-16-504: AlienVault Unified Security Management Multiple PHP Scripts Remote Code Execution Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-16-504/
Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler ..
http://support.citrix.com/article/CTX216642
iPrint Appliance 2.0 Hot Patch 1
https://download.novell.com/Download?buildid=S7GK9olwBDk~
iPrint Appliance 2.1 Hot Patch 1
https://download.novell.com/Download?buildid=lVbNSynhgHU~
Asterisk RTP Session Management Bug Lets Remote Authenticated Users Consume Excessive Resources on the Target System
http://www.securitytracker.com/id/1036750
Asterisk Error in Processing Unknown Endpoints Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1036749
Collecting Users Credentials from Locked Devices, (Fri, Sep 9th)
Its a fact: When a device can be physically accessed, you may consider it as compromised. And if the device is properly hardened, its just a matter of time. The best ..
https://isc.sans.edu/diary.html?storyid=21461
Samsung Android Security Updates
SMR-SEP-2016 - Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.
http://security.samsungmobile.com/smrupdate.html
Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files
Taking advantage of legitimate sites for command-and-control (C&C) purposes is typically done by most malware to avoid rousing suspicion from their targets. While ..
http://blog.trendmicro.com/trendlabs-security-intelligence/picture-perfect-crylocker-ransomware-sends-user-information-as-png-files/
Your Seagate Central NAS could be hosting mining malware
If you have discovered cryptocurrency mining malware on your system, have removed it, and got compromised again without an idea about how it happened, it could be that the ..
https://www.helpnetsecurity.com/2016/09/09/seagate-central-nas-hosting-malware/
Chrome soll vor nicht verschlüsselnden Webseiten warnen
Zunächst brandmarkt der Browser nur Seiten, die Passwörter oder Kreditkarteninformationen enthalten. Nach und nach soll die Warnung dann ausgeweitet werden.
http://heise.de/-3317393
Red Hat JBoss Enterprise Application Platform Input Validation Flaw Lets Remote Users Conduct HTTP Response Splitting and Content Injection Attacks
http://www.securitytracker.com/id/1036758
HTTPS: Google Chrome will vor unverschlüsselten Webseiten warnen
Wie umgehen mit unverschlüsselten Webseiten? Google will in Chrome künftig warnen, wenn unverschlüsselte Webseiten Passwörter und Kreditkartendaten abfragen. Doch das ist nur der Beginn der Planungen.
http://www.golem.de/news/https-google-chrome-will-vor-unverschluesselten-webseiten-warnen-1609-123199.html
Asterisk RTP Session Management Bug Lets Remote Authenticated Users Consume Excessive Resources on the Target System
http://www.securitytracker.com/id/1036750
Asterisk Error in Processing Unknown Endpoints Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1036749
Collecting Users Credentials from Locked Devices, (Fri, Sep 9th)
Its a fact: When a device can be physically accessed, you may consider it as compromised. And if the device is properly hardened, its just a matter of time. The best ..
https://isc.sans.edu/diary.html?storyid=21461
Samsung Android Security Updates
SMR-SEP-2016 - Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.
http://security.samsungmobile.com/smrupdate.html
Picture Perfect: CryLocker Ransomware Uploads User Information as PNG Files
Taking advantage of legitimate sites for command-and-control (C&C) purposes is typically done by most malware to avoid rousing suspicion from their targets. While ..
http://blog.trendmicro.com/trendlabs-security-intelligence/picture-perfect-crylocker-ransomware-sends-user-information-as-png-files/
Your Seagate Central NAS could be hosting mining malware
If you have discovered cryptocurrency mining malware on your system, have removed it, and got compromised again without an idea about how it happened, it could be that the ..
https://www.helpnetsecurity.com/2016/09/09/seagate-central-nas-hosting-malware/
Chrome soll vor nicht verschlüsselnden Webseiten warnen
Zunächst brandmarkt der Browser nur Seiten, die Passwörter oder Kreditkarteninformationen enthalten. Nach und nach soll die Warnung dann ausgeweitet werden.
http://heise.de/-3317393
Red Hat JBoss Enterprise Application Platform Input Validation Flaw Lets Remote Users Conduct HTTP Response Splitting and Content Injection Attacks
http://www.securitytracker.com/id/1036758