(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft Internet Explorer and Edge CVE-2016-3391 Information Disclosure Vulnerability

A few months after hackers broke into Bangladesh's central bank and came close to getting away with $1 billion (~£800M), researchers have uncovered evidence that a separate hacking group is targeting the same payment network.

The researchers, from security firm Symantec, said in a blog post published Tuesday that they recently found new tools that target users of SWIFT, a payment network banks use to transfer payments that are sometimes in the range of hundreds of millions of dollars. The malicious tools monitor SWIFT messages sent to infected computers for International Bank Account Numbers or other keywords relating to specific transactions. When the tools encounter a message that contains a targeted text string, they use a "suppressor" component to move it out of the local file system to prevent it from being seen or recovered by the intended recipient.

"One of the files found along with the suppressor was a small disk wiper, which overwrites the first 512 bytes of the hard drive," Symantec researchers wrote. "The area contains the Master Boot Record (MBR) which is required for the drive to be accessible without special tools. We believe this tool is used to cover the attackers' tracks when they abandon the system and/or to thwart investigators."

Read 3 remaining paragraphs | Comments

MatrixSSL VU#396440 Heap Based Buffer Overflow and Multiple Denial of Service Vulnerabilities
HarfBuzz CVE-2015-8947 Denial of Service Vulnerability
OpenStack Glance CVE-2016-0757 Security Bypass Vulnerability
Microsoft Internet Explorer CVE-2016-3298 Multiple Information Disclosure Vulnerabilities
Oracle Java SE CVE-2015-4835 Remote Security Vulnerability

Microsoft published nine bulletins plus one bulletin affecting Adobe Flash. These bulletins fix 43 vulnerabilities in Microsoft software, and 11 in Flash.

Several of the bulletins address vulnerabilities that are already exploited in the wild. Most of these vulnerabilities are information disclosure vulnerabilities. One of them,%%cve:2016-3393%% is a remote code execution vulnerability which is why I labeled it as Patch Now.

For more details, see how summary here:


or our API for automatic processing of the data.


Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
nginx Multiple Denial of Service Vulnerabilities
[security bulletin] HPSBPV03516 rev.2 - HP VAN SDN Controller, Multiple Vulnerabilities
Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
Facebook API v2.1 - RFC6749 Open Redirect Vulnerability
Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities
Wireshark NCP Dissector 'packet-ncp2222.inc' Denial of Service Vulnerability
[SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities

Enlarge (credit: Jorge Láscar)

Researchers have devised a way to place undetectable backdoors in the cryptographic keys that protect websites, virtual private networks, and Internet servers. The feat allows hackers to passively decrypt hundreds of millions of encrypted communications as well as cryptographically impersonate key owners.

The technique is notable because it puts a backdoor—or in the parlance of cryptographers, a "trapdoor"—in 1,024-bit keys used in the Diffie-Hellman key exchange. Diffie-Hellman significantly raises the burden on eavesdroppers because it regularly changes the encryption key protecting an ongoing communication. Attackers who are aware of the trapdoor have everything they need to decrypt Diffie-Hellman-protected communications over extended periods of time, often measured in years. Knowledgeable attackers can also forge cryptographic signatures that are based on the widely used digital signature algorithm.

As with all public key encryption, the security of the Diffie-Hellman protocol is based on number-theoretic computations involving prime numbers so large that the problems are prohibitively hard for attackers to solve. The parties are able to conceal secrets within the results of these computations. A special prime devised by the researchers, however, contains certain invisible properties that make the secret parameters unusually susceptible to discovery. The researchers were able to break one of these weakened 1,024-bit primes in slightly more than two months using an academic computing cluster of 2,000 to 3,000 CPUs.

Read 19 remaining paragraphs | Comments

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks
SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT)
[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks
libgit2 CVE-2016-8568 Out-of-Bounds Read Denial of Service Vulnerability
libgit2 CVE-2016-8569 Null Pointer Dereference Denial of Service Vulnerability
Internet Storm Center Infocon Status