End-of-Shift report
Timeframe: Dienstag 13-01-2015 18:00 − Mittwoch 14-01-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
AMD plugs firmware holes that allowed command injection
Bug your notherboard vendor for a fix, says boffin VID Chip maker AMD has patched holes across its firmware lines that could allow hackers to inject malware.
http://go.theregister.com/feed/www.theregister.co.uk/2015/01/14/amd_plugs_chip_firmware_holes/
Hintergrund: Universeller SSL-Tester SSLyze
SSL mit Kommandozeilen-Tools von Hand zu testen, ist mühselig; SSLyze nimmt Admins viel dieser Arbeit ab.
http://www.heise.de/security/artikel/Universeller-SSL-Tester-SSLyze-2470008.html
Patchday: Microsoft stopft acht Lücken in Windows
Am Januar-Patchday überrascht die Firma damit, ausschließlich Lücken in Windows zu schließen. Für den Internet Explorer wird lediglich ein Patch vom Dezember noch einmal aufgewärmt.
http://www.heise.de/newsticker/meldung/Patchday-Microsoft-stopft-acht-Luecken-in-Windows-2517423.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
MMD-0030-2015 New ELF malware on Shellshock: the ChinaZ
BackgroundThe bash Shellshock vulnerability is still proven to be one of the fastest way to spread ELF malware infection to NIX boxes in internet, along with Linux system that is still serving the vulnerable version. This fact that is not knowing only by internet security folks, but by the threat actors themself. Previously we announced linux/Mayhem malwarere was utilizing the shellshock previously, and now ELF malware actors in China is starting to utilized set of tools to spread more...
http://blog.malwaremustdie.org/2015/01/mmd-0030-2015-new-elf-malware-on.html
Security updates available for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. ... CVE number: CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309
http://helpx.adobe.com/security/products/flash-player/apsb15-01.html
Asus schließt kritische Router-Lücke
Liefert wenige Tage nach Bekanntwerden Updates für zahlreiche Geräte
http://derstandard.at/2000010378742
Amsterdam 2015 FIRST Technical Colloquium
The FIRST Amsterdam Technical Colloquium (TC) 2015 will be hosted by Cisco Systems in Amsterdam, Netherlands. The event will be a plenary style conference held on the 5th and 6th of May 2015, with optional, free training sessions on May 4th. FIRST is looking for speakers that would like to present at this Technical Colloquium. This is a GREAT opportunity to give something back to FIRST and the industry, while practicing your speaking skills and sharing your hard work.
http://www.first.org/events/colloquia/amsterdam2015
At this rate it will hit the launch codes in... 5.3 minutes.
Hello everyone, in this post I would like to analyze an Android application which purpose is to manage and generate passwords securely. On their Play Store page they claim to use DES to encrypt passwords on local device and that DES key is derivated from you PIN code...
https://bughardy.me/at-this-rate-it-will-hit-the-launch-codes-in-5-3-minutes/
MSRT January 2015 - Dyzap
This month we added the Win32/Emotet and Win32/Dyzap malware families to the Malicious Software Removal Tool. Both Emotet and Dyzap are trojans that steal personal information, including banking credentials. In a previous blog we detailed how Emotet targets German-language banking websites. In this blog, we will focus on Dyzap - another prevalent banking trojan that predominantly targets English-speaking countries. Dyzap variants target credentials for online banking, crypto...
http://blogs.technet.com/b/mmpc/archive/2015/01/13/msrt-january-2015-dyzap.aspx
4 Mega-Vulnerabilities Hiding in Plain Sight (Dark Reading)
How four recently discovered, high-impact vulnerabilities provided "god mode" access to 90% of the Internet for 15 years, and what that means for the future.
http://www.darkreading.com/vulnerabilitiesthreats/4-mega-vulnerabilities-hiding-in-plain-sight-/a/d-id/1318610
Phony Oracle Patches Making the Rounds
Attackers are circulating fake fixes for Oracle error messages and the company is warning users not to download any patches that don't come directly from Oracle.
http://threatpost.com/phony-oracle-patches-making-the-rounds/110415
Akamai: Probleme mit alten SSL-Implementierungen
Akamai verarbeitet eine Billiarde an Verbindungen pro Jahr. Brian Sniffen gibt Einblicke, was das bedeutet - und welche Schwierigkeiten darin bestehen, alte SSL-Implementierungen auszusperren. (Akamai, Android)
http://www.golem.de/news/akamai-probleme-mit-alten-ssl-implementierungen-1501-111705-rss.html
JSA10670 - 2015-01 Security Bulletin: Junos: Malformed BGP FlowSpec prefix triggers rpd crash (CVE-2014-6386)
http://kb.juniper.net/index/content&id=JSA10670&actp=RSS
JSA10668 - 2015-01 Security Bulletin: Junos: Fragmented OSPFv3 packets with IPsec AH may trigger kernel crash (CVE-2014-6385)
http://kb.juniper.net/index/content&id=JSA10668&actp=RSS
JSA10666 - 2015-01 Security Bulletin: Junos: Firewall filter fails to match on port (CVE-2014-6383)
http://kb.juniper.net/index/content&id=JSA10666&actp=RSS
JSA10665 - 2015-01 Security Bulletin: Junos: jpppd core when MX Series router receives crafted PAP Authenticate-Request (CVE-2014-6382)
http://kb.juniper.net/index/content&id=JSA10665&actp=RSS
Cisco ASA DHCPv6 Relay DoS Vulnerability
CVE-2015-0578
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0578
Cisco TelePresence VCS and Expressway High CPU Utilization Vulnerability
CVE-2015-0579
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0579
Cisco AsyncOS ISQ XSS Vulnerability
CVE-2015-0577
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0577
Cisco AnyConnect User Interface Dialog Rendered When Connecting to Arbitrary Hosts Vulnerability
CVE-2014-3314
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3314
VU#117604: Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication
Vulnerability Note VU#117604 Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication Original Release date: 13 Jan 2015 | Last revised: 13 Jan 2015 Overview Panasonic Arbitrator Back-End Server (BES) uses an unencrypted channel to transmit data. Description CWE-319: Cleartext Transmission of Sensitive InformationPanasonic Arbitrator Back-End Server (BES) uses an unencrypted channel to transmit data between the client and server. It has been reported that Active Directory
http://www.kb.cert.org/vuls/id/117604
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1031533
Foxit MobilePDF 4.4.0 Local File Inclusion / Arbitrary File Upload
Topic: Foxit MobilePDF 4.4.0 Local File Inclusion / Arbitrary File Upload Risk: High Text:Document Title: Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References (Source): ==
http://w...
http://cxsecurity.com/issue/WLB-2015010071
Lexmark MarkVision Enterprise Arbitrary File Upload
This module exploits a code execution flaw in Lexmark MarkVision Enterprise before 2.1. A directory traversal in the fdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This module has been tested successfully on Lexmark MarkVision Enterprise 2.0 with Windows 2003 SP2.
http://www.exploit-db.com/exploits/35776/
Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness
This tool checks whether a BMC machine is vulnerable to CVE-2014-8272 (
http://www.kb.cert.org/vuls/id/843044) by logging the TemporarySessionID/SessionID in each IPMI v1.5 session, and checking that these values are incremental...
http://www.exploit-db.com/exploits/35770/
Simple Security <= 1.1.5 - Two Cross-Site Scripting (XSS) Vulnerabilities
https://wpvulndb.com/vulnerabilities/7753