End-of-Shift report
Timeframe: Montag 19-09-2016 18:00 − Dienstag 20-09-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
European Cyber Security Month - NIS Quiz
This tool is designed to help you update your internet security knowledge, begin whenever you feel ready. It will take max 10 minutes and we hope youll enjoy the quiz and learn something useful!
https://cybersecuritymonth.eu/references/quiz-demonstration/intro
The banker that can steal anything
The use of root privileges is not typical for banking malware attacks, because money can be stolen in numerous other ways that dont require exclusive rights. However, in early February 2016, Kaspersky Lab discovered Trojan-Banker.AndroidOS.Tordow.a, whose creators decided that root privileges would come in handy.
http://securelist.com/blog/mobile/76101/the-banker-that-can-steal-anything/
Erpressungs-Trojaner HDDCryptor soll Computer von Opfern abriegeln
HDDCryptor verschlüsselt nicht nur Daten, sondern überschreibt offensichtlich auch den MBR von Windows-Computern und gibt infizierte Rechner erst nach einer Lösegeld-Zahlung wieder frei, warnen Sicherheitsforscher.
http://heise.de/-3327880
Encryption Week
Since CloudFlare's inception, we have worked tirelessly to make encryption as simple and as accessible as possible. Over the last two years, we've made CloudFlare the easiest way to enable encryption for web properties and internet services. From the launch of Universal SSL, which gives HTTPS to millions
https://blog.cloudflare.com/encryption-week/
Mozilla und Tor schließen Certificate-Pinning-Lücke
Durch einen Fehler beim Bau neuer Versionen von Firefox und des Tor Browsers waren diese anfällig gegen Man-in-the-Middle-Angriffe, über die Schadcode eingeschleust werden konnte.
http://heise.de/-3328039
Hacking WordPress Sites on Shared Servers
A website is only as safe as the weakest link on its shared server. Once a hacker gains access to one site on the server, they can easily infect other sites that share the same server permissions. This is called cross-site contamination. When it comes to WordPress websites, the core structure is well known by...
https://blog.sucuri.net/2016/09/hacking-wordpress-sites-shared-servers.html
Steganography... what is that?
When people think about Information Security the first word that generally comes mind is "Hacking", but there are many disciplines in security and one of them is called "Steganography", an offshoot of encryption and "data hiding". The word "steganography" can...
https://www.trustwave.com/Resources/SpiderLabs-Blog/Steganographywhat-is-that-/
Vulnerability Patched in WordPress Theme That Allows Unrestricted Uploads
A vulnerability has been patched in a popular WordPress theme called Neosense that allows an attacker to upload code without authentication.
http://threatpost.com/vulnerability-patched-in-wordpress-theme-that-allows-unrestricted-uploads/120698/
High-Tech Bridge releases a new version of its free SSL testing service
The new version of the service enables companies to easily test any SSL/TLS-based services for compliance with PCI DSS, HIPAA and NIST, while the new API provides much more flexibility for software developers.
https://www.htbridge.com/news/ssl-testing-service-api-hipaa-compliance.html
Bugtraq: ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability
http://www.securityfocus.com/archive/1/539424
Bugtraq: ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities
http://www.securityfocus.com/archive/1/539423
VMSA-2016-0014
VMware ESXi, Workstation, Fusion, and Tools updates address multiple security issues
https://www.vmware.com/security/advisories/VMSA-2016-0014.html
VMSA-2016-0010.1
VMware product updates address multiple important security issues
https://www.vmware.com/security/advisories/VMSA-2016-0010.html
ZDI-16-517: AlienVault Unified Security Management Remote Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of AlienVault Unified Security Manager. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-16-517/
ZDI-16-518: Rockwell Automation RSLogix Micro Starter Lite Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rockwell Automation RSLogix Micro Starter Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://www.zerodayinitiative.com/advisories/ZDI-16-518/
Vuln: QEMU hw/usb/hcd-xhci.c Information Disclosure Vulnerability
http://www.securityfocus.com/bid/93029
Security Advisories Relating to Symantec Products - Symantec Decomposer Engine Security Update
Symantec has released an update to address two issues in the RAR file parser component of the antivirus decomposer engine used by multiple Symantec products. Parsing of maliciously formatted RAR container files may cause an application-level denial of service condition.
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160919_00
IBM Security Bulletins
IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting attack (CVE-2016-5955)
http://www.ibm.com/support/docview.wss?uid=swg21990054
IBM Security Bulletin: Multiple vulnerabilities in libtiff affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1024132
IBM Security Bulletin: Multiple vulnerabilities in libxml2 affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1024088
IBM Security Bulletin: Rational Asset Analyzer (CVE-2016-5967)
http://www-01.ibm.com/support/docview.wss?uid=swg21990215
IBM Security Bulletin: Vulnerabilities in node.js processing affect IBM DataPower Gateways
http://www-01.ibm.com/support/docview.wss?uid=swg21990050
IBM Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-1181 and CVE-2016-1182)
http://www.ibm.com/support/docview.wss?uid=swg21989496
IBM Security Bulletin: IBM Connections Security Update for Multiple Vulnerabilities
http://www-01.ibm.com/support/docview.wss?uid=swg21989067
IBM Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty (CVE-2016-0378)
http://www-01.ibm.com/support/docview.wss?uid=swg21981529