Tageszusammenfassung - Dienstag 26-08-2014

End-of-Shift report

Timeframe: Montag 25-08-2014 18:00 − Dienstag 26-08-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

Barracuda Networks Web Security Flex multiple modules cross-site scripting

Barracuda Networks Web Security Flex is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by multiple modules. A remote attacker could exploit this vulnerability using the Domain Alias, LDAP Host or Bind DN/Username field to inject malicious script into a Web page which would be ..

http://xforce.iss.net/xforce/xfdb/95445


Trolling Memory for Credit Cards in POS / PCI Environments, (Tue, Aug 26th)

In a recent penetration test, I was able to parlay a network oversight into access to a point of sale terminal. Given the discussions these days, the next step for me was an obvious one - memory analysis. My first step was to drive to the store I had compromised and purchase an ..

https://isc.sans.edu/diary.html?storyid=18579


Point of Sale Terminal Protection - "Fortress PCI at the Mall", (Tue, Aug 26th)

This is a very broad topic, but over the last few months Ive seen some really nicly protected PCI termainls. Especially since many POS environments are still running Windows XP, this is an important topic to discuss. Things that Ive seen done very well: First of all, only allow access to the POS app - retail staff generally dont require access to email or the internet, at ..

https://isc.sans.edu/diary.html?storyid=18581


Netis Routers Leave Wide Open Backdoor

Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cybercriminals to easily run arbitrary ..

http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/


Attack flogged through shiny-clicky social media buttons

66,000 users popped by malicious Flash fudging add-on Web admins beware: social media buttons that load scripts from unknown external sites could see your sites foisting the FlashPack exploit ..

http://go.theregister.com/feed/www.theregister.co.uk/2014/08/26/ek_flogged_through_shinyclicky_social_media_buttons/


Glibc: Fehlerhaftes Null-Byte führt zu Root-Zugriff

Mitgliedern von Googles Project Zero ist es gelungen, einen kleinen Fehler in der Glibc auszunutzen, um unter einem Linux-System Root-Zugriff zu erhalten. Dafür mussten zahlreiche Hürden überwunden werden.

http://www.golem.de/news/glibc-fehlerhaftes-null-byte-fuehrt-zu-root-zugriff-1408-108814-rss.html