End-of-Shift report
Timeframe: Freitag 09-01-2015 18:00 − Montag 12-01-2015 18:00
Handler: Robert Waldner
Co-Handler: n/a
SnoopSnitch Android app notifies users of IMSI catchers, SS7 attacks
SnoopSnitch requires a rooted device with a Qualcomm chipset that runs stock Android 4.1 or higher.
http://www.scmagazine.com/free-app-flags-attempts-to-spy-on-mobile-phones/article/391870/
Cisco WebEx Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8034
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8036
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0582
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8035
SAP NetWeaver Business Client for HTML Input Validation Flaws Permit Cross-Site Scripting Attacks
A vulnerability was reported in SAP NetWeaver Business Client for HTML. A remote user can conduct cross-site scripting attacks.
The Business Client for HTML component does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser.
http://www.securitytracker.com/id/1031509
PLAID: Die seltsame Welt der ISO-Standards
Auf der Real World Crypto berichten Sicherheitsforscher über ihre Erfahrungen mit der ISO. Bei der Standardisierung des Authentifizierungsprotokolls PLAID offenbart sich teilweise eine erschreckende Unkenntnis in Sachen Kryptographie.
http://www.golem.de/news/plaid-die-seltsame-welt-der-iso-standards-1501-111601-rss.html
Dan J. Bernstein: Krypto-Algorithmen sicher designen
Der Kryptograph Dan Bernstein fordert auf der Real World Crypto seine Kollegen auf, kryptographische Algorithmen so zu designen, dass ein fehlerhafter Einsatz vermieden wird. Es sei keine gute Idee, immer den Programmierern die Schuld zu geben.
http://www.golem.de/news/dan-j-bernstein-krypto-algorithmen-sicher-designen-1501-111605-rss.html
Google No Longer Provides Patches for WebView Jelly Bean and Prior
Google will no longer be providing security patches for vulnerabilities reported to affect only versions of Android's native WebView prior to 4.4. In other words, Google is now only supporting the current named version of Android (Lollipop, or 5.0) and the prior named version (KitKat, or 4.4). Jelly Bean (versions 4.0 through 4.3) and earlier will no longer see security patches for WebView from Google ...
https://community.rapid7.com/community/metasploit/blog/2015/01/11/google-no-longer-provides-patches-for-webview-jelly-bean-and-prior
Securitys revamped index of pain readies for release
Comments sought on draft Common Vulnerability Scoring System 3.0 bug rating scheme
The great unwashed has been afforded an opportunity to comment on a new scheme for classifying the severity of infosec vulnerabilities issued by the National Institute of Standards and Technology.
http://go.theregister.com/feed/www.theregister.co.uk/2015/01/12/securitys_revamped_index_of_pain_readies_for_release/
Ntpdc Local Buffer Overflow
Alejandro Hdez (@nitr0usmx) recently tweeted about a trivial buffer overflow in ntpdc, a deprecated NTP query tool still available and packaged with any NTP install. He posted a screenshot of the crash as the result of a large buffer passed into a vulnerable gets call. After digging into it a bit, I decided it'd be a fun exploit to write, and it was. There are a few quarks to it that make it of particular interest, of which I've detailed below.
http://hatriot.github.io/blog/2015/01/06/ntpdc-exploit/
Deciphering the landscape for Privacy by Design. ENISA publishes its recommendations for policy makers, data protection authorities and experts
http://www.enisa.europa.eu/media/news-items/deciphering-the-landscape-for-privacy-by-design
Windows Elevation of Privilege in User Profile Service
Platform: Windows 8.1 Update 32/64 bit (No other OS tested)
When a user logs into a computer the User Profile Service is used to create certain directories and mount the user hives (as a normal user account cannot do so). ... However there seems to be a bug in the way it handles impersonation, the first few resources in the profile get created under the user's token, but this changes to impersonating Local System part of the way through.
https://code.google.com/p/google-security-research/issues/detail?id=123
Do we need regular IT security fire drills?
IT security 'fire drills', supported by executive management and the risk committee should be conducted regularly in organizations, in order to understand the appropriate course of action in advance of a security breach. ... Organizations need to move beyond focusing purely on the prevention of security incidents, and start to concentrate on what they will do when an incident occurs.
http://www.net-security.org/secworld.php?id=17810
Diving into a Silverlight Exploit and Shellcode - Analysis and Techniques
http://www.checkpoint.com/downloads/partners/TCC-Silverlight-Jan2015.pdf
Open-Source USB Exploitation Library - Teensyduino
What is Paensy? Paensy [pan-zee] is a combination of the word payload and Teensy - Paensy is an attacker-oriented, C-based library written for the development of Teensy devices. Paensy simplifies and optimizes mundane tasks and allows an easier platform for scripting.
http://malware.cat/?p=89
Protecting yourself from Powershell based VBA Macro Attacks
As some of you may know, I released a standalone Powershell script that will automatically generate a malicious VBA macro using different payloads and persistence methods. This can be found here:
https://github.com/enigma0x3/Generate-Macro/blob/master/Generate-Macro.ps1 As a response, I have gotten a few questions from sysadmins about protecting their organizations from an attack like this. Since this type of attack relies on social engineering, there are only a handful of things you can do to
https://enigma0x3.wordpress.com/2015/01/11/protecting-yourself-from-powershell-based-vba-macro-attacks/