End-of-Shift report
Timeframe: Montag 31-03-2014 18:00 − Dienstag 01-04-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
Report: RSA endowed crypto product with second NSA-influenced code
Extended Random like "dousing yourself with gasoline," professor warns.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/TbwAXYKTq34/
Old School Code Injection in an ATM .dll
During our last ATM review engagement, we found some interesting executable files that were run by Windows Services under Local System account. These binaries had weak file permissions that allowed us to modify them using the standard ATM user account. As a proof of concept, I decided to inject some code into one of them to take full control of the system. This post is about the technique I used to inject the code into a .dll used by one of the Windows Services. I’m sure there are many
http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/CRAp6jZhvVE/injecting-code-into-a-dll.html
A Look at the GnuTLS X.509 Verification Code Flaw
... it was found that the GnuTLS X.509 certificate verification code fails to properly handle certain error conditions that may occur during the certificate verification process. While verifying the certificate, GnuTLS would report it as successful verification of the certificate, even though verification should have resulted in a failure. This means that invalid certificates may be accepted as valid,
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/iSFhF7R9kFI/
Creating an intelligent “sandbox” for coordinated malware eradication
Hello from China where I am presenting on coordinated malware eradication at the 2014 PC Security Labs Information Security Conference. Coordinated malware eradication was also the topic of my last blog. I said the antimalware ecosystem must begin to work with new types of partners if we are going to move from the current state of uncoordinated malware disruption, to a state of coordinated malware eradication.
http://blogs.technet.com/b/mmpc/archive/2014/03/31/creating-an-intelligent-sandbox-for-coordinated-malware-eradication.aspx
Its not the breach that kills you, its the cover-up
Its how you handle yourself during and after a breach that will determine just how detrimental the breach actually is for your organization.
http://feedproxy.google.com/~r/SCMagazineHome/~3/Mi55LWhfA9c/
Managing Windows XP’s Risks in a Post-Support World
There are now less than two weeks left until Microsoft terminates support for the incredibly long-lived Windows XP. Rarely has a tech product lasted as long as XP has – from XP’s launch on October 25, 2001 to its last Patch Tuesday on April 8, 2014 a total of 12 years, 5 months, and two […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroManaging Windows XP’s Risks in a Post-Support World
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fSwrdK2qOeg/
EMC Cloud Tiering Appliance Request Validation Flaw Lets Remote Users View Files
A vulnerability was reported in EMC Cloud Tiering Appliance. A remote user can view files on the target system.
The '/api/login' script does not properly validate user-supplied input. A remote user can supply a specially crafted XML External Entity (XXE) link to view files on target system with root privileges.
http://www.securitytracker.com/id/1029979
Grazer Linuxtage 2014: "Sicherheit im Netz" mit freier Software
Alternative Software-Szene lädt an der FH-Joanneum zu Workshops und Vorträgen
http://derstandard.at/1395363812795
Horde webmail - Open Redirect Vulnerability
An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation.
This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.
http://cxsecurity.com/issue/WLB-2014040004
ModSecurity HTTP Requests Chunked Encoding Security Bypass Vulnerability
Martin Holst Swende has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an error in the "modsecurity_tx_init()" function (apache2/modsecurity.c), which can be exploited to bypass the HTTP request body processing via a specially crafted request using chunked encoding.
https://secunia.com/advisories/57444
ct-Special "Umstieg auf Linux" am Kiosk erhältlich
Umsteigen auf Linux – warum nicht? Linux bietet eine Menge Vorteile – nicht nur für XP-Anwender, die demnächst keine Sicherheits-Fixes von Microsoft mehr erhalten. Das neue Sonderheft der ct-Redaktion hilft beim sanften Umstieg von Windows auf Linux.
http://www.heise.de/newsticker/meldung/c-t-Special-Umstieg-auf-Linux-am-Kiosk-erhaeltlich-2157549.html?wt_mc=rss.ho.beitrag.rdf
IBM WebSphere Portal Two Cross-Site Scripting Vulnerabilities
Two vulnerabilities have been reported in IBM WebSphere Portal, which can be exploited by malicious people to conduct cross-site scripting attacks.
https://secunia.com/advisories/57592
cPanel Multiple Vulnerabilities
Two weaknesses, a security issue, and multiple vulnerabilities have been reported in cPanel, which can be exploited by malicious, local users to disclose potentially sensitive information and manipulate certain data, by malicious users to disclose potentially sensitive information, conduct script insertion attacks, manipulate certain data, and compromise a vulnerable system and by malicious people to conduct spoofing and cross-site scripting attacks and bypass certain security restrictions.
https://secunia.com/advisories/57576
VU#893726: Zyxel P660 series modem/router denial of service vulnerability
Zyxel P660 series modem/router contains a denial of service vulnerability when parsing a high volume of SYN packets on the web management interface.
http://www.kb.cert.org/vuls/id/893726
Cisco Security Manager HTTP Header Redirection Vulnerability
A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to inject a crafted HTTP header which will cause a web page redirection to a possible malicious website.
The vulnerability is due to insufficient validation user input of user input before using it as an HTTP header value. An attacker could exploit this vulnerability by convincing a user to access a crafted URL.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2138
Cisco WSA HTTP Header Injection Vulnerability
A vulnerability in the web framework of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could cause a web page redirection to a possible malicious website.
The vulnerability is due to insufficient validation of user input before using it as an HTTP header value. An attacker could exploit this vulnerability by persuading a user to access a crafted URL.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2137