End-of-Shift report
Timeframe: Montag 25-08-2014 18:00 − Dienstag 26-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Barracuda Networks Web Security Flex multiple modules cross-site scripting
Barracuda Networks Web Security Flex is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by multiple modules. A remote attacker could exploit this vulnerability using the Domain Alias, LDAP Host or Bind DN/Username field to inject malicious script into a Web page which would be ..
http://xforce.iss.net/xforce/xfdb/95445
Trolling Memory for Credit Cards in POS / PCI Environments, (Tue, Aug 26th)
In a recent penetration test, I was able to parlay a network oversight into access to a point of sale terminal. Given the discussions these days, the next step for me was an obvious one - memory analysis. My first step was to drive to the store I had compromised and purchase an ..
https://isc.sans.edu/diary.html?storyid=18579
Point of Sale Terminal Protection - "Fortress PCI at the Mall", (Tue, Aug 26th)
This is a very broad topic, but over the last few months Ive seen some really nicly protected PCI termainls. Especially since many POS environments are still running Windows XP, this is an important topic to discuss. Things that Ive seen done very well: First of all, only allow access to the POS app - retail staff generally dont require access to email or the internet, at ..
https://isc.sans.edu/diary.html?storyid=18581
Netis Routers Leave Wide Open Backdoor
Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cybercriminals to easily run arbitrary ..
http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on Web admins beware: social media buttons that load scripts from unknown external sites could see your sites foisting the FlashPack exploit ..
http://go.theregister.com/feed/www.theregister.co.uk/2014/08/26/ek_flogged_through_shinyclicky_social_media_buttons/
Glibc: Fehlerhaftes Null-Byte führt zu Root-Zugriff
Mitgliedern von Googles Project Zero ist es gelungen, einen kleinen Fehler in der Glibc auszunutzen, um unter einem Linux-System Root-Zugriff zu erhalten. Dafür mussten zahlreiche Hürden überwunden werden.
http://www.golem.de/news/glibc-fehlerhaftes-null-byte-fuehrt-zu-root-zugriff-1408-108814-rss.html