End-of-Shift report
Timeframe: Mittwoch 13-08-2014 18:00 − Donnerstag 14-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Safari: Apple behebt diverse Sicherheitslücken
Der Hersteller hat in der Nacht zum Donnerstag seinen hauseigenen Browser für verschiedene Betriebssysteme aktualisiert. Für Entwickler stellte Apple außerdem eine weitere Vorschauversion von OS X 10.9.5 bereit.
http://www.heise.de/security/meldung/Safari-Apple-behebt-diverse-Sicherheitsluecken-2292200.html
Vulnerability in Spotify Android App May Lead to Phishing
We have discovered a vulnerability that affects versions of the Spotify app for Android older than 1.1.1. If exploited, the vulnerability can allow bad guys to control what is being displayed on the app interface. This vulnerability can be potentially abused by cybercriminals to launch phishing attacks that may result to information loss or theft.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ZJMVGX3NMwk/
Portal: Tor für mobile Router
Anonymes Surfen mit Tor ist noch sicherer, wenn die Software nicht auf dem eigenen Rechner läuft. Die Software Portal integriert Tor in der Firmware Openwrt und lässt sich so auf ausgewählten mobilen Routern nutzen.
http://www.golem.de/news/portal-tor-fuer-mobile-router-1408-108575-rss.html
Tiny Malware PoC: Malware Without IAT, DATA OR Resource Section
Have you ever wondered about having an EXE without any entry in IAT (Import Address Table) at all? Well, I knew that its possible, but never saw an actual exe file without IAT entry. So I developed an application which is 1,536 bytes and still does basic annoying malware things.
http://www.codeandsec.com/PoC-Tiny-Malware-Without-IAT-DATA-Or-Resource-Section
SAMHAIN v3.1.2 Released
The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially different operating systems, providingcentralized logging and maintenance, although it can also be used as standalone application on a single host.
http://www.toolswatch.org/2014/08/samhain-v3-1-2-released/
ZeroLocker
Recently in the news we saw FireEye and Fox-IT provide the ability to decrypt files encrypted by older crpytolocker variants. They used the command and control servers seized by the FBI during operation Tovar. Since they have access to those RSA keys they essentially have the password required for every single file encrypted by a Cryptolocker variant that used Evgeniy Bogachev's botnet.
http://www.webroot.com/blog/2014/08/14/zero-locker/
JSA10643 - 2014-08 Security Bulletin: Juniper Secure Analytics (JSA)/Security Threat Response Manager (STRM): Multiple vulnerabilities resolved by third party software upgrades.
http://kb.juniper.net/index/content&id=JSA10643&actp=RSS
JSA10642 - 2014-08 Security Bulletin: Network and Security Manager NSM: Multiple vulnerabilities
http://kb.juniper.net/index/content&id=JSA10642&actp=RSS
Disqus 2.7.5 Cross Site Request Forgery / Cross Site Scripting
Topic: Disqus 2.7.5 Cross Site Request Forgery / Cross Site Scripting Risk: Medium Text:<!-- Exploit for Disqus for Wordpress admin stored CSRF+XSS up to v2.7.5 Blog post explainer:
https://www.nikcub.com/posts/...
http://cxsecurity.com/issue/WLB-2014080064
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information
http://www.securitytracker.com/id/1030732
SSA-310688 (Last Update 2014-08-14): Denial-of-Service Vulnerability in SIMATIC S7-1500 CPU
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-310688.pdf
SSA-234763 (Last Update 2014-08-14): OpenSSL Vulnerabilities in Siemens Industrial Products
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234763.pdf
Next End-of-Shift report on 2014-08-18