End-of-Shift report
Timeframe: Dienstag 12-08-2014 18:00 − Mittwoch 13-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
(Updated 2014/8/13) Syria offline - initial analysis of BGP (and explanation)
This blog post evolved over time - initially it was a mere scratchpad for notes during our initial research between 2012/11/29 and 11/30. Later, after Syria was back online again, I added a summary and some potential explanations of what might have happened at the end of this blog post.
UPDATE 2014/8/13: It seems it was the NSA that hacked a router, according to Snowden. Scroll to the end for links.
http://www.cert.at/services/blog/20121129184048-616.html
MS14-AUG - Microsoft Security Bulletin Summary for August 2014 - Version: 1.0
This bulletin summary lists security bulletins released for August 2014.
With the release of the security bulletins for August 2014, this bulletin summary replaces the bulletin advance notification originally issued August 7, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
https://technet.microsoft.com/en-us/library/security/MS14-AUG
Assessing risk for the August 2014 security updates
Today we released nine security bulletins addressing 40 unique CVEs. Two bulletins have a maximum severity rating of Critical while the other seven have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max exploit-ability Likely first 30 days impact Platform mitigations and key notes MS14-051 (Internet Explorer) Victim browses
http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspx
Microsoft-Patchday: 26 Lücken im Internet Explorer gestopft
Wie am zweiten Dienstag im Monat üblich, hat Microsoft eine Reihe von Sicherheitslücken im Internet Explorer, in Windows und in anderen Produkten geschlossen. Für den IE gibt es 26 einzelne Patches, eine Lücke wird bereits von Angreifern aktiv genutzt.
http://www.heise.de/newsticker/meldung/Microsoft-Patchday-26-Luecken-im-Internet-Explorer-gestopft-2291321.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability
CVE-2014-3339
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339
Study: Firmware Plagued By Poor Encryption and Backdoors
itwbennett writes: The first large-scale analysis of firmware has revealed poor security practices that could present opportunities for hackers probing the Internet of Things. Researchers with Eurecom, a technology-focused graduate school in France, developed a web crawler that plucked more than 30,000 firmware images from the websites of manufacturers including Siemens, Xerox, Bosch, Philips, D-Link, Samsung, LG and Belkin. In one instance, the researchers found a Linux kernel that was 10...
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/-X--LranmlI/story01.htm
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge DEF CON Researchers have unveiled 15 zero day vulnerabilities in four home and small business routers as part of the SOHOpelessly Broken hacker competition in DEF CON this week.
http://go.theregister.com/feed/www.theregister.co.uk/2014/08/13/fifteen_zero_days_found_in_hacker_router_romp/
Black Hat USA 2014 talk about hypervisor security
This week I presented at Black Hat USA. The talk is titled "Poacher turned gatekeeper: lessons learned from eight years of breaking hypervisors". The main points were: Describe the attack surface of Type 1 and Type 2 hypervisors Show that despite not being 100% bulletproof, hypervisors are still the best usable way to isolate potentially...
http://labs.bromium.com/2014/08/11/black-hat-usa-2014-talk-about-hypervisor-security/
Wireless Auditing, Intrusion Detection & Prevention System
WAIDPS is an open source wireless swissknife written in Python and work on Linux environment. This is a multipurpose tools designed for audit (penetration testing) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point).
http://www.ehacking.net/2014/08/wireless-auditing-intrusion-detection.html
SSA-635659 (Last Update 2014-08-14): Heartbleed Vulnerability in Siemens Industrial Products
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-635659.pdf
Gefälschtes Tor-Browser-Bundle mit Trojaner
Eine täuschend echte Kopie der Seite torproject.org verteilt einen Trojaner. Der Student Julien Voisin hat ihn zerlegt - und konnte Kontakt zu den Verantwortlichen herstellen.
http://www.heise.de/newsticker/meldung/Gefaelschtes-Tor-Browser-Bundle-mit-Trojaner-2291417.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
Ältere Versionen von Disqus für WordPress angreifbar
Ein Sicherheitsforscher hat Sicherheitslücken im beliebten Disqus-Plug-in für WordPress entdeckt. Administratoren sollten sicherstellen, dass die entsprechenden Updates installiert sind.
http://www.heise.de/security/meldung/Aeltere-Versionen-von-Disqus-fuer-WordPress-angreifbar-2291810.html
New Metasploit 4.10: Credentials Are the New Exploits
We’ve given credentials a new boost with Metasploit 4.10. It’s now easier to manage, reuse and report on credentials as part of a penetration test.
https://community.rapid7.com/community/metasploit/blog/2014/08/13/credentials-are-the-new-exploits-make-credentials-work-for-you-with-with-metasploit-410