End-of-Shift report
Timeframe: Montag 24-11-2014 18:00 − Dienstag 25-11-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Remote Code Execution in Popular Hikvision Surveillance DVR
A number Hikvision digital video recorders contain vulnerabilities that an attacker could remotely exploit in order to gain full control of those devices.
http://threatpost.com/remote-code-execution-in-popular-hikvision-surveillance-dvr/109552
Multiple Dell SonicWALL products code execution
Multiple Dell SonicWALL products could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the failure to validate user data prior to executing a command in the GMS ViewPoint ..
http://xforce.iss.net/xforce/xfdb/98911
Obfuscated Flash Files Make Their Mark in Exploit Kits
In recent years, we noticed that more and more malicious Adobe Flash (.SWF) files are being incorporated into exploit kits like the Magnitude Exploit Kit, the Angler Exploit Kit, and the Sweet Orange Exploit Kit. However, we did some more ..
http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-flash-files-gain-the-upper-hand-with-new-obfuscation-techniques/
The Other Side of Masque Attacks: Data Encryption Not Found in iOS Apps
Based on our research into the iOS threat Masque Attacks announced last week, Trend Micro researchers have found a new way that malicious apps installed through successful Masque Attacks can pose a threat to iOS devices: by accessing unencrypted data used by legitimate apps. According to reports, ..
http://blog.trendmicro.com/trendlabs-security-intelligence/the-other-side-of-masque-attacks-data-encryption-not-found-in-ios-apps/
Docker docker pull privilege escalation
Docker could allow a remote attacker to gain elevated privileges on the system, caused by an error in the docker pull and the docker load operations. An attacker could exploit this vulnerability to gain elevated privileges on the system.
http://xforce.iss.net/xforce/xfdb/98924
Docker image privilege escalation
Docker could allow a remote attacker to gain elevated privileges on the system, caused by the ability to modify the default run profile of containers by images. attacker could exploit this vulnerability to gain elevated privileges on the system.
http://xforce.iss.net/xforce/xfdb/98925
WordPress wpDataTables 1.5.3 SQL Injection
http://cxsecurity.com/issue/WLB-2014110163
WordPress wpDataTables 1.5.3 Shell Upload
http://cxsecurity.com/issue/WLB-2014110162
[oCERT 2014-008] heap overflow, remote code execution in libFLAC
FLAC is an open source lossless audio codec supported by several software and music players. The libFLAC project, an open source library implementing reference encoders and decoders for native FLAC and Ogg FLAC audio content, suffers from multiple implementation issues. In particular, a stack overflow and a heap overflow condition, which may ..
http://www.ocert.org/advisories/ocert-2014-008.html
Chrome läutet Ende für Browser-Plugins ein
Ab Jänner werden sämtliche NPAPI-Plugins blockiert - Silverlight und Java betroffen
http://derstandard.at/2000008592582
Hacker legen Sony Pictures komplett lahm
Unbekannte haben am Montag den Firmenbetrieb bei Sony Pictures zum Erliegen gebracht. Sie sollen sämtliche Computer im Firmennetz der Sony-Tochter gekapert haben. Auch das Play-Store-Konto von Sony soll betroffen sein.
http://www.heise.de/security/meldung/Hacker-legen-Sony-Pictures-komplett-lahm-2462889.html
Secret Malware in European Union Attack Linked to U.S. and British Intelligence
Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept.
https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/
EU-Experten: Exporte von Spähsoftware sollen stärker kontrolliert werden
Wirtschaftsminister Gabriel will den Export von Spähsoftware auf EU-Ebene einschränken. Erste Firmen suchen aber schon Wege, um der Exportkontrolle zu entgehen.
http://www.golem.de/news/eu-experten-exporte-von-spaehsoftware-sollen-staerker-kontrolliert-werden-1411-110754.html