End-of-Shift report
Timeframe: Donnerstag 03-04-2014 18:00 − Freitag 04-04-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
SMBEXEC Rapid Post Exploitation Tool
Smbexec is a tool that you can use for penetration testing domain controllers, the program allows to run post exploitation for domain accounts and expand the access to targeted network. this makes pentester have a full access without any privilege requirement.
http://www.sectechno.com/2014/03/30/smbexec-rapid-post-exploitation-tool/
IBM Security Bulletin: Fixes available for Cross Site Scripting vulnerabilities in IBM WebSphere Portal (CVE-2014-0828 and CVE-2014-0901)
Fixes are available for Cross Site Scripting vulnerabilities in IBM WebSphere Portal.
CVE(s): CVE-2014-0828 and CVE-2014-0901
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_cross_site_scripting_vulnerabilities_in_ibm_websphere_portal_cve_2014_0828_and_cve_2014_0901?lang=en_us
IBM Security Bulletin: WebSphere Partner Gateway Advanced/Enterprise is affected by vulnerabilities that exist in the IBM SDK for Java (CVE-2014-0411)
WebSphere Partner Gateway Advanced/Enterprise uses IBM SDK for Java that is based on Oracle JDK . Oracle has released January 2014 critical patch updates (CPU) which contain security vulnerability fixes. The IBM SDK for Java has been updated to incorporate these fixes. CVE(s): CVE-2014-0411
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_websphere_partner_gateway_advanced_enterprise_is_affected_by_vulnerabilities_that_exist_in_the_ibm_sdk_for_java_cve_2014_0411?lang=en_us
OTRS Help Desk clickjacking
OTRS Help Desk could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks.
http://xforce.iss.net/xforce/xfdb/92233
iOS 7.1 bug enables iCloud account deletion, disabling Find My iPhone, without password
A bug demonstrated by a YouTube user on Wednesday may enable a thief to delete an iCloud account, disable Find My iPhone, and ultimately restore the device, without the need of a password.
http://feedproxy.google.com/~r/SCMagazineHome/~3/kToL7uqo4FE/
Your files held hostage by CryptoDefense? Dont pay up! The decryption key is on your hard drive
Blunder discovered in latest ransomware infecting PCs A basic rookie programming error has crippled an otherwise advanced piece of ransomware dubbed CryptoDefense – but the crap coders are still pulling in more than $30,000 a month from unwary punters.…
http://go.theregister.com/feed/www.theregister.co.uk/2014/04/03/cryptodefense_rsa_private_key_on_disk/
Advance Notification Service for the April 2014 Security Bulletin Release
Today we provide advance notification for the release of four bulletins, two rated Critical and two rated Important in severity. These updates address issues in Microsoft Windows, Office and Internet Explorer. The update provided through MS14-017 fully addresses the Microsoft Word issue first described in Security Advisory 2953095. This advisory also included a Fix it to disable opening rich-text format (RTF) files within Microsoft Word. Once the security update is applied, you should disable
http://blogs.technet.com/b/msrc/archive/2014/04/03/advance-notification-service-for-the-april-2014-security-bulletin-release.aspx
Schneider Electric OPC Factory Server Buffer Overflow
OVERVIEW Researcher Wei Gao, formerly of IXIA, has identified a buffer overflow vulnerability in the Schneider Electric OPC Factory Server (OFS) application. Schneider Electric has produced a patch that mitigates this vulnerability. Wei Gao has tested the patch to validate that it resolves the vulnerability.This vulnerability could be exploited remotely.
http://ics-cert.us-cert.gov/advisories/ICSA-14-093-01
Adware: A new approach
Here at the Microsoft Malware Protection Center (MMPC) we understand advertising is part of the modern computing experience. However, we want to give our customers choice and control regarding what happens with their computers. To that end we have recently undergone some changes to both the criteria we use to classify a program as adware and how we remediate it when we find it. This blog will help explain the new criteria and how it affects some programs. Our updated objective criteria
http://blogs.technet.com/b/mmpc/archive/2014/04/03/adware-a-new-approach.aspx
Zeus malware found with valid digital certificate
A recently discovered variant of the Zeus banking Trojan was found to use a legitimate digital signature to avoid detection from Web browsers and anti-virus systems.Security vendor Comodo reported Thursday finding the variant 200 times while monitoring and analyzing data from users of its Internet security system. The variant includes the digital signature, a rootkit and a data-stealing malware component."Malware with a valid digital signature is an extremely dangerous situation," the
http://www.csoonline.com/article/2140021/data-protection/zeus-malware-found-with-valid-digital-certificate.html#tk.rss_applicationsecurity
Linux-PAM "pam_timestamp" Module Two Directory Traversal Vulnerabilities
Two vulnerabilities have been reported in Linux-PAM, which can be exploited by malicious people to bypass certain security restrictions.
https://secunia.com/advisories/57317
E-Mail-Konten gehackt: BSI will Millionen betroffene Nutzer informieren
Behörden und Provider wollen die Nutzer über den Hack von E-Mail-Konten informieren. Wie und wann die Aktion starten soll, steht aber noch nicht fest. (Spam, Computer)
http://www.golem.de/news/e-mail-konten-gehackt-bsi-will-millionen-betroffene-nutzer-informieren-1404-105620-rss.html
TLS-Bibliotheken: Fehler finden mit fehlerhaften Zertifikaten
Mit Hilfe von fehlerhaften X.509-Zertifikaten haben Forscher zahlreiche zum Teil sicherheitskritische Bugs in TLS-Bibliotheken gefunden. Erneut wurde dabei eine gravierende Sicherheitslücke in GnuTLS entdeckt. (Browser, Technologie)
http://www.golem.de/news/tls-bibliotheken-fehler-finden-mit-fehlerhaften-zertifikaten-1404-105621-rss.html
Cisco Emergency Responder - Multiple vulnerabilities
Cross-Site Scripting -
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2114
Cross-Site Request Forgery -
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2115
Open Redirect -
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2117
Dynamic Content Modification -
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2116
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2114
PHP 5.4.27 released, (Fri, Apr 4th)
A new version of PHP has been released. The announcement comments: "The PHP development team announces the immediate availability of PHP 5.4.27. 6 bugs were fixed in this release, including CVE-2013-7345 in fileinfo module."
http://isc.sans.edu/diary.html?storyid=17901&rss
April 8th: Not Just About XP
April 8th will soon be upon us! And that means…Countdown Clocks…the end of extended support for Windows XP. But not just XP. Office 2003 is also reaching its life.And thats especially important to know because theres currently an Office vulnerability in the wild.Microsoft released its Security Bulletin Advance Notification yesterday: And the good news is: a patch for the Word vulnerability appears to be in the pipeline.
http://www.f-secure.com/weblog/archives/00002690.html
Dealing with Disaster - A Short Malware Incident Response, (Fri, Apr 4th)
I had a client call me recently with a full on service outage - his servers werent reachable, his VOIP phones were giving him more static than voice, and his Exchange server wasnt sending or receiving mail - pretty much everything was offline. I VPNd in (I was not onsite) and started with the firewall, because things were bad enough thats all I could initially get to from a VPN session.
http://isc.sans.edu/diary.html?storyid=17905&rss
Cisco IOS XR Software ICMPv6 Redirect Vulnerability
A vulnerability in Internet Control Message Protocol version 6 (ICMPv6) processing of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to affect IPv4 and IPv6 traffic passing through an affected device.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2144
Researchers Uncover Interesting Browser-Based Botnet
Security researchers discovered an odd DDoS attack against several sites recently that relied on a persistent cross-site scripting vulnerability in a major video Web site and hijacked users’ browsers in order to flood the site with traffic. The attack on the unnamed site involved the use of injected Javascript on the site which would execute in […]
http://threatpost.com/researchers-uncover-interesting-browser-based-botnet/105250