End-of-Shift report
Timeframe: Montag 23-11-2015 18:00 − Dienstag 24-11-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Stealthy GlassRAT Spies on Commercial Targets
RSA has uncovered GlassRAT, a spy tool targeting commercial targets thats signed with a stolen certificate from a large developer in China.
http://threatpost.com/stealthy-glassrat-spies-on-commercial-targets/115453/
Multiple vulnerabilities in Cisco products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-vts
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-fire
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150520-CVE-2015-0741
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-asa
Multiple vulnerabilities in Apache Commons affecting IBM products
http://www.ibm.com/support/docview.wss?uid=swg21971377
http://www.ibm.com/support/docview.wss?uid=swg21971376
http://www.ibm.com/support/docview.wss?uid=swg21971415
http://www.ibm.com/support/docview.wss?uid=swg21971412
http://www.ibm.com/support/docview.wss?uid=swg21971246
IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by operating system command vulnerability (CVE-2015-7426)
http://www.ibm.com/support/docview.wss?uid=swg21971484
IBM Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2015-7416
http://www.ibm.com/support/docview.wss?uid=nas8N1020995
IBM Security Bulletin: IBM Smart Analytics System 5600 is affected by a vulnerability in IBM GPFS (CVE-2015-1788)
http://www.ibm.com/support/docview.wss?uid=swg21969177
IBM Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect Sytem Storage DS8000
http://www.ibm.com/support/docview.wss?uid=ssg1S1005448
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect AppScan Standard (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931)
http://www.ibm.com/support/docview.wss?uid=swg21970847
Security Advisory - Overflow Vulnerabilities in SNMPv3
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-260601.htm
Worlds most complex cash register malware plunders millions in US
ModPos kernel monster threatens haul during festive shopping blitz The worlds most complex sales till malware has been discovered ... after it ripped millions of bank cards from US retailers ..
www.theregister.co.uk/2015/11/24/modpos_point_of_sale_malware/
Break a dozen secret keys, get a million more for free
For many years NIST has officially claimed that AES-128 has "comparable strength" to 256-bit ECC, namely 128 "bits of security". Ten years ago, in a talk "Is 2255−19 big enough?", I disputed this claim. The underlying attack algorithms had already been known for years, and its not hard to see their impact on key-size selection; but somehow NIST hadnt gotten ..
http://blog.cr.yp.to/20151120-batchattacks.html
Steam Weak File Permissions Privilege Escalation
A low privileged user could modify the steam.exe binary and obtain code execution with elevated privileges upon an administrator login or execution of steam.exe
http://www.securityfocus.com/archive/1/536961
Security Advisory - Memory Overflow Vulnerability in the Huawei Smartphone
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462918.htm
Root-CA-Zertifikat: Dell will eDellRoot über Update entfernen
Dell versichert, dass Besitzer eines Dell-Computers das vom Hersteller standardmäßig installierte gefährliche CA-Zertifikat über ein Update deinstallieren oder per Hand dauerhaft entfernen können.
http://heise.de/-3015616
3 Attacks on Cisco TACACS+: Bypassing the Ciscos auth
I would like to tell the results of my little security research of TACACS+ protocol.
http://agrrrdog.blogspot.ca/2015/11/3-attacks-on-cisco-tacacs-bypassing.html
Hackers do the Haka - Part 1
Haka is an open source network security oriented language that allows writing security rules and protocol dissectors. In this first part of a two-part series, we will focus on writing security rules.
http://thisissecurity.net/2015/11/23/hackers-do-the-haka-part-1/
Heap Overflow in PCRE
There are two variants of PCRE, the classic one and PCRE2. PCRE2 is not affected. ... If you use PCRE with potentially untrusted regular expressions you should update immediately. There is no immediate risk if you use regular expressions from a trusted source with an untrusted input.
https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html
Ermittlern gelingt Schlag gegen weltweit agierende Phisher-Bande
Das LKA Sachsen hat fünf Tatverdächtige verhaftet, die bandenmäßig mit Betrugsanrufen PIN-Codes für Online-Zahlungsgutscheine abgephisht haben sollen.
http://heise.de/-3016944
WP Page Widget <= 2.7 - Authenticated Reflected Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8317
Social Share Button <= 2.1 - Authenticated Persistent Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8326
Google kann Android-Geräte aus der Ferne entsperren
Google kann offensichtlich die Bildschirmsperren der meisten Android-Geräte auf Behördenanordnung zurücksetzen. Das geht aus dem Bericht eines New Yorker Bezirksstaatsanwalt hervor. Der einzige Schutz dagegen ist die Vollverschlüsselung.
http://heise.de/-3015984
WP Live Chat Support <= 4.3.5 - Unauthenticated Blind SQL Injection
https://wpvulndb.com/vulnerabilities/8343
WR ContactForm <= 1.1.9 - Authenticated SQL Injection
https://wpvulndb.com/vulnerabilities/8341