End-of-Shift report
Timeframe: Donnerstag 20-11-2014 18:00 − Freitag 21-11-2014 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Rich Telemetry for Cyber Incident Response and Malicious Code Analysis on Microsoft Windows
5..4..3..2..1..launch Earlier this week we launched the first product from the research and development efforts of the NCC Group Security Labs team. NCC Group Security Labs is a combined centre within NCC Group which brings together experts from Security Technical Assurance, Security Research, Cyber Defence Operations and Security Software Development to work on innovative software solutions for real-world cyber security problems. The Problem The world of Cyber Defence Operations involves, in...
https://www.nccgroup.com/en/blog/2014/11/rich-telemetry-for-cyber-incident-response-and-malicious-code-analysis-on-microsoft-windows/
Securing Personal Data: ENISA guidelines on Cryptographic solutions
ENISA is launching two reports today. The “Algorithms, key size and parameters” report of 2014 is a reference document providing a set of guidelines to decision makers, in particular specialists designing and implementing cryptographic solutions for personal data protection within commercial organisations or governmental services for citizens. The “Study on cryptographic protocols” provides an implementation perspective, covering guidelines regarding protocols required to protect commercial online communications containing personal data.
http://www.enisa.europa.eu/media/press-releases/securing-personal-data-enisa-guidelines-on-cryptographic-solutions
Weekly Metasploit Wrapup: Exploiting Mobile Security Software
Exploiting Security Software: Android Edition
https://community.rapid7.com/community/metasploit/blog/2014/11/21/weekly-metasploit-wrapup
VB2014 paper: Sweeping the IP space: the hunt for evil on the Internet
Dhia Mahjoub explains how the topology of the AS graph can be used to uncover hotspots of maliciousness.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added Sweeping the IP space: the hunt for evil on the Internet by OpenDNS researcher Dhia Mahjoub.The Internet is often described as a network of networks. These individual networks are called Autonomous Systems (AS): collections of IPv4 and IPv6 network...
http://www.virusbtn.com/blog/2014/11_21.xml?rss
WordPress 4.0.1 Update Patches Critical XSS Vulnerability
The latest version of WordPress, 4.0.1, patches a critical cross-site scripting vulnerability in comment fields that enables admin-level control over a website.
http://threatpost.com/wordpress-4-0-1-update-patches-critical-xss-vulnerability/109519
The Internet of Things (IoT) will fail if security has no context
The Internet of Things requires a new way of thinking and acting, one that will protect a business and help it grow.
http://www.scmagazine.com/the-internet-of-things-iot-will-fail-if-security-has-no-context/article/384547/
Detekt - Free Anti-Malware Tool To Detect Govt. Surveillance Malware
Human rights experts and Privacy International have launched a free tool allowing users to scan their computers for surveillance spyware, typically used by governments and other organizations to spy on human rights activists and journalists around the world. This free-of-charge anti-surveillance tool, called Detekt, is an open source software app released in partnership with Human rights...
http://thehackernews.com/2014/11/detekt-free-anti-malware-tool-to-detect_20.html
Most Targeted Attacks Exploit Privileged Accounts
Most targeted attacks exploit privileged account access according to a new report commissioned by the security firm CyberArk.
http://threatpost.com/most-targeted-attacks-exploit-privileged-accounts/109514
Security Advisory - High severity - WP-Statistics WordPress Plugin
Advisory for: WordPress WP-Statistics Plugin Security Risk: High (DREAD score : 7/10) Exploitation level: Easy/Remote Vulnerability: Stored XSS which executes on the administration panel. Patched Version: 8.3.1 If you're using the WP-Statistics WordPress plugin on your website, now is the time to update. While doing a routine audit for our Website Firewall product, we discovered...
http://blog.sucuri.net/2014/11/security-advisory-high-severity-wp-statistics-wordpress-plugin.html
Splunk Enterprise versions 6.0.7 and 5.0.11 address three vulnerabilities
Description Splunk Enterprise versions 6.0.7 and 5.0.11 address three vulnerabilities OpenSSL session ticket memory leak (SPL-91947, CVE-2014-3567) TLS protocol enhancements related to POODLE (SPL-92062,CVE-2014-3566) Persistent cross-site scripting (XSS) via Dashboard (SPL-89216, CVE-2014-5466) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product...
http://www.splunk.com/view/SP-CAAANST
GNU C Library wordexp() command execution
http://xforce.iss.net/xforce/xfdb/98852
PCRE pcre_exec.c buffer overflow
http://xforce.iss.net/xforce/xfdb/98854
Multiple Huawei HiLink products cross-site request forgery
http://xforce.iss.net/xforce/xfdb/98858
Asterisk DB Dialplan Function Lets Remote Authenticated Users Gain Elevated Privileges
http://www.securitytracker.com/id/1031251
Asterisk CONFBRIDGE Lets Remote Authenticated Users Execute Arbitrary System Commands
http://www.securitytracker.com/id/1031250
Asterisk ConfBridge State Transition Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031247
Asterisk PJSIP Channel Driver Flaw in res_pjsip_refer Module Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031249
Asterisk PJSIP Channel Driver Race Condition Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031248
Asterisk PJSIP ACL Bug Lets Remote Users Bypass Access Controls
http://www.securitytracker.com/id/1031246
HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities
Version:1 (rev.1) - 20 June 2014 Initial release
Version:2 (rev.2) - 20 November 2014 Removed iMC Platform Products, 5900 virtual switch, and Router 8800 products. Further analysis revealed that those products as not vulnerable. Added additional products.
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04347622
ZDI-14-385: Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Dell SonicWALL Global Management System (GMS) virtual appliance. Authentication is required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-14-385/