Tageszusammenfassung - Dienstag 2-09-2014

End-of-Shift report

Timeframe: Montag 01-09-2014 18:00 − Dienstag 02-09-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

Bugtraq: Avira License Application - Cross Site Request Forgery Vulnerability

An independent Vulnerability Laboratory Researcher discovered a cross site request forgery vulnerability in the official Avira license account system web-application.

http://www.securityfocus.com/archive/1/533288


Dodging Browser Zero Days - Changing your Orgs Default Browser Centrally

In a recent story about "whats a sysadmin to do?", we suggested that since our browsers seem to take turns with zero days lately, that system administrator should have processes in place to prepare for when their corporate standard browser has a major vulnerability that doesnt yet have ..

https://isc.sans.edu/diary.html?storyid=18601


[webapps] - WordPress Slideshow Gallery Plugin 1.4.6 - Shell Upload Vulnerability

http://www.exploit-db.com/exploits/34514


[webapps] - Mulitple WordPress Themes (admin-ajax.php, img param) - Arbitrary File Download

http://www.exploit-db.com/exploits/34511


Net-snmp SNMP Trap Processing Flaw Lets Remote Users Crash snmptrapd

http://www.securitytracker.com/id/1030789


Industrial software website used in watering hole attack

AlienVault Labs has discovered a watering hole attack thats using a framework developed for reconnaissance as the primary infection vector.The criminals responsible for the incident compromised an unnamed industrial software firms website, suggesting the potential for future attacks against ..

http://www.csoonline.com/article/2600772/data-protection/industrial-software-website-used-in-watering-hole-attack.html


The Secret Life of SIM Cards

SIM cards can do more than just authenticate your phone with your carrier. Small apps can be installed and run directly on the SIM separate from and without knowledge of the phone OS. ... This talk, based on our experience building SIM apps for the Toorcamp GSM network, explains what (U)SIM Toolkit Applications are, how they work, and how to develop them.

http://www.ehacking.net/2014/08/the-secret-life-of-sim-cards.html


IPv6 insecurities on 'IPv4-only' networks

When people hear about IPv6-specific security issues, they frequently tend to rate this as an argument in favour of delaying or avoiding IPv6 deployment on their enterprise or campus network. Even without IPv6 being consciously deployed, however, some of the IPv6-related security issues were already introduced to most networks many years ago.

http://securityblog.switch.ch/2014/08/26/ipv6-insecurities-on-ipv4-only-networks/


Using WPS on your Wi-Fi router may be even more dangerous than you think

In 2011, a researcher found that WPS was 10,000 times easier to crack than it was supposed to be. Now, another researcher has found that cracking it may be 10,000 times easier again...

http://nakedsecurity.sophos.com/2014/09/02/using-wps-may-be-even-more-dangerous/


TYPO3-EXT-SA-2014-010: Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: cwt_feedit, eu_ldap, flatmgr, jh_opengraphprotocol, ke_dompdf, lumophpinclude, news_pack, sb_akronymmanager, st_address_ma, weeaar_googlesitemap,. wt_directory

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010/


A Google Site Meant to Protect You Is Helping Hackers Attack You

It's long been suspected that hackers and nation-state spies are using Google's antivirus site to test their tools before unleashing them on victims. Now Brandon Dixon, an independent security researcher, has caught them in the act, tracking several high-profile hacking groups - including, surprisingly, two well-known nation-state teams - as they used VirusTotal to hone their code and develop their tradecraft.

http://www.wired.com/2014/09/how-hackers-use-virustotal