End-of-Shift report
Timeframe: Donnerstag 18-12-2014 18:00 − Freitag 19-12-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Misfortune Cookie crumbles router security: 12 MILLION+ in hijack risk
Homes, businesses menaced by vulnerable software exposed to the internet Infosec biz Check Point says it has discovered a critical software vulnerability that allows hackers to hijack home and small business broadband routers across the web.
http://go.theregister.com/feed/www.theregister.co.uk/2014/12/18/misfortune_cookie/
Metasploit Weekly Wrapup: Get the 411
This week, we released Metasploit version 4.11 to the world -- feel free to download it here if you're the sort that prefers the binary install over the somewhat Byzantine procedure for setting up a development environment. Which you should be, because the binary installers (for Windows and Linux) have all the dependencies baked in and you don't have to monkey around with much to get going. The two major features with this release center around reorganizing the bruteforce workflow to make things more sensible and usable for larger-scale password audits, and much better visualization on figuring out where the weak link is/was in the organization under test when stolen credentials were used to extend control.
https://community.rapid7.com/community/metasploit/blog/2014/12/18/metasploit-weekly-wrapup
Vulnerability announced: update your Git clients
A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem.
https://github.com/blog/1938-vulnerability-announced-update-your-git-clients
How Cybercriminals Dodge Email Authentication
Email authentication and validation is one method that is used to help bring down the levels of spam and phishing by identifying senders so that malicious emails can be identified and discarded. Two frameworks are in common usage today; these are SPF and DKIM. SPF (Sender Policy Framework): Defined in RFC 7208, SPF provides a...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/27Kj0gN8uNo/
Smart grid security certification in Europe: Challenges and Recommendations
ENISA issues today a report on Smart grid security certification in Europe targeted at EU Member States (MS), the Commission, certification bodies and the private sector; with information on several certification approaches across the EU and other MS and EFTA countries. It describes the specific European situation, and discusses the advantages and challenges towards a more harmonised certification practice.
http://www.enisa.europa.eu/media/press-releases/smart-grid-security-certification-in-europe-challenges-and-recommendations
USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds
Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it's a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in...
http://threatpost.com/usbdriveby-device-can-install-backdoor-override-dns-settings-in-seconds/109976
TA14-352A: Server Message Block (SMB) Worm Tool
Unknown cyber-threat actors have been identified employing sophisticated malware, and Indicators of Compromise (IOC) have been provided to mitigate this threat.
http://www.exploitthis.com/2014/12/ta14-352a-server-message-block-smb-worm-tool.html
Save the date: ENISA Workshop on EU Threat Landscape
24th February 2015, Hotel Metropole, Brussels
http://www.enisa.europa.eu/media/news-items/save-the-date-enisa-workshop-on-eu-threat-landscape
SS7 Vulnerabilities
There are security vulnerability in the phone-call routing protocol called SS7. The flaws discovered by the German researchers are actually functions built into SS7 for other purposes -- such as keeping calls connected as users speed down highways, switching from cell tower to cell tower -- that hackers can repurpose for surveillance because of the lax security on the network....
https://www.schneier.com/blog/archives/2014/12/ss7_vulnerabili.html
Information-stealing Vawtrak malware evolves, becomes more evasive
SophosLabs has recently observed some cunning changes made by the authors of the dangerous banking malware Vawtrak. James Wyke explains.
https://nakedsecurity.sophos.com/2014/12/19/information-stealing-vawtrak-malware-evolves-becomes-more-evasive/
Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines
Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and hardcoded credentials. All of the vulnerabilities are remotely exploitable and an...
http://threatpost.com/emerson-patches-series-of-flaws-in-controllers-used-in-oil-and-gas-pipelines/109985
Novell - Patches for GroupWise and eDirectory
https://download.novell.com/Download?buildid=tveSooKDw3Q~
https://download.novell.com/Download?buildid=mdWLZGP0Glk~
https://download.novell.com/Download?buildid=gHTDteZoK34~
https://download.novell.com/Download?buildid=3dJODsdcDKE~
Subversion mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031403
Subversion mod_dav_svn REPORT Request Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031402
Honeywell Experion PKS Vulnerabilities
This advisory provides mitigation details for vulnerabilities in Honeywell's Experion Process Knowledge System (EPKS) application.
https://ics-cert.us-cert.gov//advisories/ICSA-14-352-01
Innominate mGuard Privilege Escalation Vulnerability
This advisory provides mitigation details for a privilege escalation vulnerability affecting all mGuard devices.
https://ics-cert.us-cert.gov//advisories/ICSA-14-352-02
Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update C)
This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02B Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 11, 2014, on the NCCIC/ICS-CERT web site.
https://ics-cert.us-cert.gov//advisories/ICSA-14-329-02C
Emerson ROC800 Multiple Vulnerabilities (Update B)
This updated advisory is a follow-up to the updated advisory titled ICSA-13-259-01A Emerson ROC800 Multiple Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS CERT web site.
https://ics-cert.us-cert.gov//advisories/ICSA-13-259-01B
[2014-12-19] XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor
Two vulnerabilities in the NetIQ eDirectory iMonitor allow an attacker to take over a user session and potentially leak sensitive data. An attacker could compromise an administrative account and e.g. tamper a centralized user database.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt
Live Forms <= 1.2.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/7728