End-of-Shift report
Timeframe: Freitag 21-02-2014 18:00 − Montag 24-02-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Researchers Develop Complete Microsoft EMET Bypass
Researchers at Bromium Labs are expected to deliver a paper today that explains how they were able to bypass all of the memory protection mitigations in Microsofts Enhanced Mitigation Experience Toolkit
http://threatpost.com/researchers-develop-complete-microsoft-emet-bypass/104437
Apples SSL/TLS bug (22 Feb 2014)
Yesterday, Apple pushed a rather spooky security update for iOS that suggested that something was horribly wrong with SSL/TLS in iOS but gave no details. Since the answer is at the top of the Hacker News thread, I guess the cats out of the bag already and were into the misinformation-quashing stage now.
https://www.imperialviolet.org/2014/02/22/applebug.html
An In-depth Analysis of Linux/Ebury
ESET has been analyzing and tracking an OpenSSH backdoor and credential stealer named Linux/Ebury. The result of this work on the Linux/Ebury malware family is part of a joint research effort with CERT‑Bund, the Swedish National Infrastructure for Computing, the European Organization for Nuclear Research (CERN) and other organizations forming an international Working Group.
http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/
Microsoft Windows Crash Reports Reveal New APT, POS Attacks
You never know what youll glean from a Windows crash report: security researchers recently unearthed a previously unknown advanced persistent threat campaign as well as a new point-of-sale system attack by perusing and analyzing those crash reports also known as Dr. Watson.
http://www.darkreading.com/attacks-breaches/microsoft-windows-crash-reports-reveal-n/240166207
NIST Unveils Crypto Standards Proposal
Because of concerns of possible National Security Agency meddling with its cryptographic standards, the National Institute of Standards and Technology has issued a draft report proposing revisions in how it develops cryptographic standards.
http://www.govinfosecurity.com/nist-unveils-crypto-standards-proposal-a-6519
Freier Zugriff auf Fernsteuerungen für Industrieanlagen
Ein Projekt der FU Berlin dokumentiert, dass weltweit tausende Industrieanlagen über das Internet erreichbar, aber nur unzureichend geschützt sind. Es entstand eine interaktive Karte, auf der potenziell angreifbare Anlagen eingezeichnet sind.
http://www.heise.de/security/meldung/Freier-Zugriff-auf-Fernsteuerungen-fuer-Industrieanlagen-2114521.html
Security vulnerabilities found in 80% of best-selling SOHO wireless routers
Tripwire has analyzed the security provided by the most popular wireless routers used in many small and home offices and found that 80 percent of Amazon's top 25 best-selling SOHO wireless router models have security vulnerabilities.
http://www.net-security.org/secworld.php?id=16399
eGroupWare Multiple PHP Object Injection Vulnerabilities
https://secunia.com/advisories/57047
JBoss RichFaces Malformed Push Request Denial of Service Vulnerability
https://secunia.com/advisories/57053
Barracuda Firewall Exception Handling Cross Site Scripting
Topic: Barracuda Firewall Exception Handling Cross Site Scripting Risk: Low Text:Document Title: Barracuda Bug Bounty #36 Firewall - Client Side Exception Handling Web Vulnerability References ...
http://cxsecurity.com/issue/WLB-2014020186
DSA-2866 gnutls26
certificate verification flaw
http://www.debian.org/security/2014/dsa-2866
ICONICS GENESIS32 Insecure ActiveX Control
NCCIC/ICS-CERT discovered a vulnerability in the ICONICS GENESIS32 application during resolution of unrelated products. ICONICS has produced a patch for all vulnerable versions of its GENESIS32 product. ICONICS GENESIS32 Version 9.0 and newer are not vulnerable to this ActiveX vulnerability.
https://ics-cert.us-cert.gov/advisories/ICSA-14-051-01
HPSBMU02964 rev.1 - HP Service Manager, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues
Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, unauthorized access, disclosure of Information, and authentication issues.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04117626
ASUS router drive-by code execution via XSS and authentication bypass
Several ASUS routers include reflected Cross-Site Scripting (CWE-79) and authentication bypass (CWE-592) vulnerabilities. An attacker who can lure a victim to browse to a web site containing a specially crafted JavaScript payload can execute arbitrary commands on the router as administrator (root). No user interaction is required.
https://sintonen.fi/advisories/asus-router-auth-bypass.txt