Tageszusammenfassung - Dienstag 25-11-2014

End-of-Shift report

Timeframe: Montag 24-11-2014 18:00 − Dienstag 25-11-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a

Remote Code Execution in Popular Hikvision Surveillance DVR

A number Hikvision digital video recorders contain vulnerabilities that an attacker could remotely exploit in order to gain full control of those devices.

http://threatpost.com/remote-code-execution-in-popular-hikvision-surveillance-dvr/109552


Multiple Dell SonicWALL products code execution

Multiple Dell SonicWALL products could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the failure to validate user data prior to executing a command in the GMS ViewPoint ..

http://xforce.iss.net/xforce/xfdb/98911


Obfuscated Flash Files Make Their Mark in Exploit Kits

In recent years, we noticed that more and more malicious Adobe Flash (.SWF) files are being incorporated into exploit kits like the Magnitude Exploit Kit, the Angler Exploit Kit, and the Sweet Orange Exploit Kit. However, we did some more ..

http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-flash-files-gain-the-upper-hand-with-new-obfuscation-techniques/


The Other Side of Masque Attacks: Data Encryption Not Found in iOS Apps

Based on our research into the iOS threat Masque Attacks announced last week, Trend Micro researchers have found a new way that malicious apps installed through successful Masque Attacks can pose a threat to iOS devices: by accessing unencrypted data used by legitimate apps. According to reports, ..

http://blog.trendmicro.com/trendlabs-security-intelligence/the-other-side-of-masque-attacks-data-encryption-not-found-in-ios-apps/


Docker docker pull privilege escalation

Docker could allow a remote attacker to gain elevated privileges on the system, caused by an error in the docker pull and the docker load operations. An attacker could exploit this vulnerability to gain elevated privileges on the system.

http://xforce.iss.net/xforce/xfdb/98924


Docker image privilege escalation

Docker could allow a remote attacker to gain elevated privileges on the system, caused by the ability to modify the default run profile of containers by images. attacker could exploit this vulnerability to gain elevated privileges on the system.

http://xforce.iss.net/xforce/xfdb/98925


WordPress wpDataTables 1.5.3 SQL Injection

http://cxsecurity.com/issue/WLB-2014110163


WordPress wpDataTables 1.5.3 Shell Upload

http://cxsecurity.com/issue/WLB-2014110162


[oCERT 2014-008] heap overflow, remote code execution in libFLAC

FLAC is an open source lossless audio codec supported by several software and music players. The libFLAC project, an open source library implementing reference encoders and decoders for native FLAC and Ogg FLAC audio content, suffers from multiple implementation issues. In particular, a stack overflow and a heap overflow condition, which may ..

http://www.ocert.org/advisories/ocert-2014-008.html


Chrome läutet Ende für Browser-Plugins ein

Ab Jänner werden sämtliche NPAPI-Plugins blockiert - Silverlight und Java betroffen

http://derstandard.at/2000008592582


Hacker legen Sony Pictures komplett lahm

Unbekannte haben am Montag den Firmenbetrieb bei Sony Pictures zum Erliegen gebracht. Sie sollen sämtliche Computer im Firmennetz der Sony-Tochter gekapert haben. Auch das Play-Store-Konto von Sony soll betroffen sein.

http://www.heise.de/security/meldung/Hacker-legen-Sony-Pictures-komplett-lahm-2462889.html


Secret Malware in European Union Attack Linked to U.S. and British Intelligence

Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept.

https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/


EU-Experten: Exporte von Spähsoftware sollen stärker kontrolliert werden

Wirtschaftsminister Gabriel will den Export von Spähsoftware auf EU-Ebene einschränken. Erste Firmen suchen aber schon Wege, um der Exportkontrolle zu entgehen.

http://www.golem.de/news/eu-experten-exporte-von-spaehsoftware-sollen-staerker-kontrolliert-werden-1411-110754.html