End-of-Shift report
Timeframe: Dienstag 20-01-2015 18:00 − Mittwoch 21-01-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Windows Firewall Hook Enumeration
tl;dr: We're going look in detail at Microsoft Windows Firewall Hook drivers from Windows 2000, XP and 20003. This functionality was leverage ...
https://www.nccgroup.com/en/blog/2015/01/windows-firewall-hook-enumeration/
DSA-3133 privoxy - security update
https://www.debian.org/security/2015/dsa-3133
Siemens SCALANCE X-300/X408 Switch Family DOS Vulnerabilities
This advisory provides mitigation details for denial-of-service vulnerabilities in the Siemens SCALANCE X-300/X408 switch family.
https://ics-cert.us-cert.gov//advisories/ICSA-15-020-01
Schneider Electric ETG3000 FactoryCast HMI Gateway Vulnerabilities
This advisory provides mitigation details for multiple vulnerabilities in Schneider Electric's ETG3000 series FactoryCast HMI Gateways.
https://ics-cert.us-cert.gov//advisories/ICSA-15-020-02
Oracle Critical Patch Update Advisory - January 2015
Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ..
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Google publiziert ungepatchte Lücke in OS X 10.9.5
Nachdem der Internetriese im Rahmen seiner Responsible-Disclosure-Politik in den vergangenen Monaten gleich drei offene Windows-Lücken öffentlich machte, ist nun erstmals auch Apple dran. Der Konzern hatte offenbar nicht in der geforderten Zeit reagiert.
http://heise.de/-2523449
Cisco 2015 Annual Security Report: Java ist sicherer geworden
2013 war kein gutes Jahr für Java, denn etliche Sicherheitslücken sorgten für verunsicherte Anwender. Gut, dass Oracle offenbar die richtigen Weichen gestellt hat, denn im vergangenen Jahr wurden deutlich weniger Lücken festgestellt.
http://heise.de/-2523408
Windows Server 2003 Reaches End of Life In July
Several readers sent word that were now less than six months away from the end of support for Windows Server 2003. Though the operating systems usage peaked in 2009, it still runs on millions of machines, and many IT departments are just now starting to look at replacements. Although ..
http://tech.slashdot.org/story/15/01/21/0423229/windows-server-2003-reaches-end-of-life-in-july
Bash data exfiltration through DNS (using bash builtin functions)
After gaining 'blind' command execution access to a compromised Linux host, data exfiltration can be difficult when the system ibinbash2s protected by a firewall.
https://forsec.nl/2015/01/bash-data-exfiltration-through-dns-using-bash-builtin-functions/
Discovering and remediating an active but disused botnet
On a network I help manage, we kept getting malicious DNS alerts for 'luna1.pw' on an appliance we had installed. Due to the way the network was configured, we were able to see the name request coming in but no traffic activity. This ..
http://colin.keigher.ca/2015/01/discovering-and-remediating-active-but.html
rt-sa-2014-010
The signature check of FRITZ!Box firmware images is flawed. Malicious
code can be injected into firmware images without breaking the RSA
signature. The code will be executed either if a manipulated firmware
image is uploaded by the victim or if the victim confirms an update on
the webinterface during a MITM attack.
https://www.redteam-pentesting.de/advisories/rt-sa-2014-010.txt
Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK
This is a fast post. I will update it heavily in the coming hours/days. I spotted an instance of Angler EK which is sending three different bullets targeting Flash Player :
http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html