End-of-Shift report
Timeframe: Mittwoch 07-10-2015 18:00 − Donnerstag 08-10-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
ZDI-15-461: Solarwinds Log and Event Manager Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Log and Event Manager. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-15-461/
ZDI-15-460: Solarwinds Storage Manager ProcessFileUpload.jsp File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Storage Manager. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-15-460/
Forscher demonstriert Lücke im PGP-Standard
Durch die Rückwärtskompatibilität könnten Angreifer verschlüsselte und signierte Nachrichten nachträglich manipulieren. Immerhin geben aktuelle GnuPG-Versionen dann einen Hinweis auf mögliche Probleme.
http://heise.de/-2840052
SHA1 algorithm securing e-commerce and software could break by year's end
Researchers warn widely used algorithm should be retired sooner.
http://arstechnica.com/security/2015/10/sha1-crypto-algorithm-securing-internet-could-break-by-years-end/
Zero-Day Exploit Found in Avast Antivirus
Avast was vulnerable to malicious HTTPS connections One of Googles security experts found a zero-day exploit inside the Avast antivirus, which the company has recently patched.
http://news.softpedia.com/news/zero-day-exploit-found-in-avast-antivirus-493958.shtml
New mystery Windows-smashing RAT found in corporate network
Tin foil VXer wraps new Trojan in cloak and evasion tricks Malware man Yotam Gottesman has found a somewhat mysterious remote access Trojan on a corporate network that sports highly capable evasion techniques.
www.theregister.co.uk/2015/10/08/monker_rat/
Hack gegen Looppay: Samsung betont Sicherheit von Samsung Pay
Im Februar schluckte Samsung das Startup Looppay und integrierte dessen Technik in den mobilen Bezahldienst Samsung Pay. Kurz darauf schlichen sich Hacker in die Rechner des Startups, wie nun herauskam.
http://heise.de/-2840660
Wieder WLAN/SOHO router - remote root
Wie viele der kleinen WLAN Router (auch "SOHO" Router - small home and office router - genannt), hat auch Netgear bei der Sicherheit vom Web Interface gepatzt - so scheint es. Heute wurde bekannt, dass Netgear WNR1000v4 Router (eventuell sind auch andere Modelle betroffen) mit den folgenden Firmware ..
http://www.cert.at/services/blog/20151008163157-1605.html
How I Hacked Hotmail
At Synack we really enjoy great vulnerabilities, whether in web, mobile, host or even in completely outrageous devices and systems (satellite hacking anyone?). But we always keep the great findings that we and the SRT have made for our customers confidential. So while this ..
https://www.synack.com/labs/blog/how-i-hacked-hotmail/