End-of-Shift report
Timeframe: Dienstag 03-09-2013 18:00 − Mittwoch 04-09-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Hintergrund: Browser-SSL entschlüsselt
Mit einem kleinen Trick speichern Firefox und Chrome die verwendeten Schlüssel so, dass Wireshark die damit verschlüsselten Daten gleich dekodieren kann.
http://www.heise.de/security/artikel/Browser-SSL-entschluesselt-1948431.html
Software Developer Says Mega Master Keys Are Retrievable
hypnosec writes that software developer Michael Koziarski has released a bookmarklet "which he claims has the ability to reveal Mega users master key. Koziarski went on to claim that Mega has the ability to grab its users keys and use them to access their files. Dubbed MegaPWN, the tool not only reveals a users master key, but also gives away a users RSA private key exponent. MEGApwn is a bookmarklet that runs in your web browser and displays your supposedly secret MEGA master key, showing
http://yro.slashdot.org/story/13/09/03/1720223/software-developer-says-mega-master-keys-are-retrievable
Cidox Trojan Spoofs HTTP Host Header to Avoid Detection
Lately, we have seen a good number of samples generating some interesting network traffic through our automated framework. The HTTP network pattern generated contains a few interesting parameters, names like "&av" (for antivirus?) and "&vm="(VMware?), The response received looked to be encrypted, which drew my attention. Also, all the network traffic contained the same host Read more...
http://blogs.mcafee.com/mcafee-labs/cidox-trojan-spoofs-http-host-header-to-avoid-detection
Styx-like Cool Exploit Kit: How It Works
While the Blackhole Exploit Kit is the most well-known of the exploit kits that affect users, other exploit kits are also well known in the Russian underground. In this post, we will look at how these other kits work, and its differences from other exploit kits. One well-known Blackhole alternative is the Styx Exploit Kit.
http://blog.trendmicro.com/trendlabs-security-intelligence/styx-exploit-pack-how-it-works/
Researchers: Oracle's Java Security Fails
Faced with an onslaught of malware attacks that leverage vulnerabilities and design weaknesses in Java, Oracle Corp. recently tweaked things so that Java now warns users about the security risks of running Java content. But new research shows that the integrity and accuracy of these warning messages can be subverted easily in any number of ways, and that Oracles new security scheme actually punishes Java application developers who adhere to it.
http://krebsonsecurity.com/2013/09/researchers-oracles-java-security-fails/
The Red Book - The SysSec Roadmap for Systems Security Research
The SysSec Red Book is a Roadmap in the area of Systems Security, as prepared by the SysSec consortium and its constituency. For preparing this roadmap a Task Force of young researchers with proven track of record in the area was assembled and collaborated with the senior researchers of SysSec. Additionally, the SysSec Community has been consulted to provide input on the contents of the roadmap.
http://www.red-book.eu/
[Video] ThreatVlog, Episode 3: NYT, Twitter, and HuffPost hacked by Syrian Electronic Army
In this episode of ThreatVlog, Grayson Milbourne covers the information behind the Syrian Electronic Army's hacking of New York Times, Twitter, and Huffington Post. Grayson includes a breakdown of the hack as well as information on how to keep your own websites protected form this malicious behavior.The post [Video] ThreatVlog, Episode 3: NYT, Twitter, and HuffPost hacked by Syrian Electronic Army appeared first on Webroot Threat Blog.
http://www.webroot.com/blog/2013/09/04/video-threatvlog-episode-3-nyt-twitter-huffpost-hacked-syrian-electronic-army/
Bugtraq: SEC Consult SA-20130904-0 :: GroupLink everything HelpDesk - undocumented password reset/admin takeover and XSS vulnerabilities
http://www.securityfocus.com/archive/1/528420
Samsung Galaxy S4 Polaris Viewer DOCX Buffer Overflow Vulnerability
https://secunia.com/advisories/54701
MediaWiki Security Release
I would like to announce the release of MediaWiki 1.21.2, 1.20.7 and 1.19.8. These releases fix 3 security related bugs that could affect users of MediaWiki.
http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html
OpenVZ update for kernel
https://secunia.com/advisories/54311
Linux Kernel PID Spoofing Privilege Escalation Vulnerability
https://secunia.com/advisories/54675
Sixnet Universal Protocol Undocumented Function Codes (Update A)
OVERVIEW: This updated advisory is a follow-up to the original advisory titled ICSA-13-231-01 Sixnet Universal Protocol Undocumented Function Codes that was published August 19, 2013, on the ICS-CERT Web page.Independent researcher Mehdi Sabraoui has identified undocumented function codes in Sixnet's universal protocol. Sixnet has produced a new version of the remote terminal unit (RTU) firmware that mitigates this vulnerability.
http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01A
Tridium Niagara Vulnerabilities (Update A)
OVERVIEW Begin Update A Part 1 of 2 This updated advisory is a follow-up to the original advisory titled ICSA-12-228-01 Tridium Niagara Multiple Vulnerabilities that was published August 15, 2012, on the ICS-CERT Web page. It is also a follow-up to ICS-ALERT-12-195-01 Tridium Niagara Directory Traversal and Weak Credential Storage Vulnerability that was published July 13, 2012, on the ICS-CERT Web page.
http://ics-cert.us-cert.gov/advisories/ICSA-12-228-01A
Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously
http://www.securitytracker.com/id/1028972
Cisco Secure Access Control System (ACS) TACACS+ Socket Denial of Service Vulnerability
https://secunia.com/advisories/54687
SAP NetWeaver "ABAD0_DELETE_DERIVATION_TABLE" SQL Injection Vulnerability
https://secunia.com/advisories/54702
Vuln: Supermicro IPMI Web Interface Multiple Vulnerabilities
http://www.securityfocus.com/bid/62094
http://www.securityfocus.com/bid/62097
http://www.securityfocus.com/bid/62098
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-0585, CVE-2013-3034, CVE-2013-3040 and CVE-2013-0599)
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-0585, CVE-2013-3034, CVE-2013-3040 and CVE-2013-0599) CVE(s): CVE-2013-0585, CVE-2013-3034, CVE-2013-3040, and CVE-2013-0599 Affected product(s) and affected version(s): IBM InfoSphere Information Server version 9.1 running on all platforms Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerabilities_exist_in_ibm_infosphere_information_server_cve_2013_0585_cve_2013_3034_cve_2013_3040_and_cve_2013_0599?lang=en_us