End-of-Shift report
Timeframe: Montag 01-09-2014 18:00 − Dienstag 02-09-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Bugtraq: Avira License Application - Cross Site Request Forgery Vulnerability
An independent Vulnerability Laboratory Researcher discovered a cross site request forgery vulnerability in the official Avira license account system web-application.
http://www.securityfocus.com/archive/1/533288
Dodging Browser Zero Days - Changing your Orgs Default Browser Centrally
In a recent story about "whats a sysadmin to do?", we suggested that since our browsers seem to take turns with zero days lately, that system administrator should have processes in place to prepare for when their corporate standard browser has a major vulnerability that doesnt yet have ..
https://isc.sans.edu/diary.html?storyid=18601
[webapps] - WordPress Slideshow Gallery Plugin 1.4.6 - Shell Upload Vulnerability
http://www.exploit-db.com/exploits/34514
[webapps] - Mulitple WordPress Themes (admin-ajax.php, img param) - Arbitrary File Download
http://www.exploit-db.com/exploits/34511
Net-snmp SNMP Trap Processing Flaw Lets Remote Users Crash snmptrapd
http://www.securitytracker.com/id/1030789
Industrial software website used in watering hole attack
AlienVault Labs has discovered a watering hole attack thats using a framework developed for reconnaissance as the primary infection vector.The criminals responsible for the incident compromised an unnamed industrial software firms website, suggesting the potential for future attacks against ..
http://www.csoonline.com/article/2600772/data-protection/industrial-software-website-used-in-watering-hole-attack.html
The Secret Life of SIM Cards
SIM cards can do more than just authenticate your phone with your carrier. Small apps can be installed and run directly on the SIM separate from and without knowledge of the phone OS. ... This talk, based on our experience building SIM apps for the Toorcamp GSM network, explains what (U)SIM Toolkit Applications are, how they work, and how to develop them.
http://www.ehacking.net/2014/08/the-secret-life-of-sim-cards.html
IPv6 insecurities on 'IPv4-only' networks
When people hear about IPv6-specific security issues, they frequently tend to rate this as an argument in favour of delaying or avoiding IPv6 deployment on their enterprise or campus network. Even without IPv6 being consciously deployed, however, some of the IPv6-related security issues were already introduced to most networks many years ago.
http://securityblog.switch.ch/2014/08/26/ipv6-insecurities-on-ipv4-only-networks/
Using WPS on your Wi-Fi router may be even more dangerous than you think
In 2011, a researcher found that WPS was 10,000 times easier to crack than it was supposed to be. Now, another researcher has found that cracking it may be 10,000 times easier again...
http://nakedsecurity.sophos.com/2014/09/02/using-wps-may-be-even-more-dangerous/
TYPO3-EXT-SA-2014-010: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: cwt_feedit, eu_ldap, flatmgr, jh_opengraphprotocol, ke_dompdf, lumophpinclude, news_pack, sb_akronymmanager, st_address_ma, weeaar_googlesitemap,. wt_directory
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010/
A Google Site Meant to Protect You Is Helping Hackers Attack You
It's long been suspected that hackers and nation-state spies are using Google's antivirus site to test their tools before unleashing them on victims. Now Brandon Dixon, an independent security researcher, has caught them in the act, tracking several high-profile hacking groups - including, surprisingly, two well-known nation-state teams - as they used VirusTotal to hone their code and develop their tradecraft.
http://www.wired.com/2014/09/how-hackers-use-virustotal