End-of-Shift report
Timeframe: Mittwoch 16-12-2015 18:00 − Donnerstag 17-12-2015 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Press Backspace 28 times to own unlucky Grub-by Linux boxes
Integer underflow fault means you can get into rescue mode and rummage around A pair of researchers from the University of Valencias Cybersecurity research group have found that if you press backspace 28 times, its possible to bypass authentication during boot-up on some Linux machines.
http://go.theregister.com/feed/www.theregister.co.uk/2015/12/17/press_backspace_28_times_to_own_any_grubby_linux_box/
Checklist - How to Secure Your WordPress Website
We know that you care about what you build and protecting it is incredibly important. Hacks happen, and it's your job to reduce their likelihood to the lowest probability possible. We built this checklist of best practices to help you harden your website and protect you and your users from hacks.
https://www.wordfence.com/learn/checklist-how-to-secure-your-wordpress-website/
Privileged Access Workstations
Privileged Access Workstations (PAWs) provide a dedicated operating system for sensitive tasks that is protected from Internet attacks and threat vectors. Separating these sensitive tasks and accounts from the daily use workstations and devices provides very strong protection from phishing attacks, application and OS vulnerabilities, various impersonation attacks, and credential theft attacks such as keystroke logging, Pass-the-Hash, and Pass-The-Ticket.
https://technet.microsoft.com/en-US/library/mt634654.aspx
F-Secure: Sandboxed Execution Environment
Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors (Qemu, VirtualBox, LXC) can be employed to run the Test Environments. Plugins can be added to a Test Environment which provides an Event mechanism synchronisation for their interaction. Users can enable and configure the plugins through a JSON configuration file.
https://github.com/F-Secure/see
How do you know if your smartphone has been compromised?
Signs that may indicate a mobile infection: Has your phone been compromised? #1: You notice the system or apps behaving strangely #2: Your call or message history includes some unknown entries ...
http://www.welivesecurity.com/2015/12/16/know-smartphone-compromised/
XSS, SQLi bugs found in several Network Management Systems
Network Management System (NMS) offerings by Spiceworks, Ipswitch, Opsview and Castle Rock Computing have been found sporting several cross-site scripting and SQL injection flaws that could be exploit...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/hQ6oQHF5luA/secworld.php
POS Malware Families: An insight into the Behavior of POS Malware
In a previous blog, we discussed why Point of Sale (POS) devices remain such an attractive target and described some different attack methods. As you can see from the infographic below, retail and POS have been (pardon the pun) "Targets" on an ongoing basis for the past few years, and the trend doesn't appear to be reversing, even with technologies such as EMV and P2PE. In this blog, we describe some of the different families of POS malware. POS Malware Common Features...
https://feeds.feedblitz.com/~/128665939/0/alienvault-blogs~POS-Malware-Families-An-insight-into-the-Behavior-of-POS-Malware
Xen Security Advisories
XSA-155 - paravirtualized drivers incautious about shared memory contents
http://xenbits.xen.org/xsa/advisory-155.html
XSA-157 - Linux pciback missing sanity checks leading to crash
http://xenbits.xen.org/xsa/advisory-157.html
XSA-164 - qemu-dm buffer overrun in MSI-X handling
http://xenbits.xen.org/xsa/advisory-164.html
XSA-165 - information leak in legacy x86 FPU/XMM initialization
http://xenbits.xen.org/xsa/advisory-165.html
XSA-166 - ioreq handling possibly susceptible to multiple read issue
http://xenbits.xen.org/xsa/advisory-166.html
DFN-CERT-2015-1948: Samba: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1948/
Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm
Security Advisory: BIND vulnerability CVE-2015-8000
https://support.f5.com:443/kb/en-us/solutions/public/k/34/sol34250741.html?ref=rss
Multiple SQL Injection Vulnerabilities in Citrix Command Center Web User Interface Java Servlets
A number of SQL Injection vulnerabilities have been identified in the Administration Web UI servlets used by Citrix Command Center. These vulnerabilities, if exploited, could allow an authenticated user to insert malicious SQL queries into the application, potentially causing the alteration or deletion of system data.
http://support.citrix.com/article/CTX203787
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM API Management (CVE-2015-1788)
http://www.ibm.com/support/docview.wss?uid=swg21965259
IBM Security Bulletin: Fix available for Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2015-7447)
http://www.ibm.com/support/docview.wss?uid=swg21973152
IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Content Manager Services for Lotus Quickr (CVE-2015-7450)
http://www.ibm.com/support/docview.wss?uid=swg21973096
IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by privilege escalation vulnerability (CVE-2015-7429)
http://www.ibm.com/support/docview.wss?uid=swg21973087
IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by unauthorized access vulnerability (CVE-2015-7420)
http://www.ibm.com/support/docview.wss?uid=swg21973086
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) - IBM Java SDK updates October 2015
http://www.ibm.com/support/docview.wss?uid=swg21973355
IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (IHS) affect IBM Security SiteProtector System (CVE-2015-1283, CVE-2015-3183 and CVE-2015-4947)
http://www.ibm.com/support/docview.wss?uid=swg21972470
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Content Collector for SAP Applications (CVE-2015-1788)
http://www.ibm.com/support/docview.wss?uid=swg21973147
IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Cinder information disclosure vulneraility (CVE-2015-1851)
http://www.ibm.com/support/docview.wss?uid=nas8N1020980
IBM Security Bulletin: Infosphere BigInsights is affected by a vulnerability in DB2 that allows users to truncate any table even though the owner of the table has not granted any privilege to any user/role/group (CVE-2015-5020)
http://www.ibm.com/support/docview.wss?uid=swg21967923
IBM Security Bulletin: Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2015-1788)
http://www.ibm.com/support/docview.wss?uid=swg21970400
IBM Security Bulletin: Vulnerability in Apache Commons affects OpenPages GRC Platform with Application Server (CVE-2015-7450)
http://www.ibm.com/support/docview.wss?uid=swg21972345
IBM Security Bulletin: IBM Curam Social Program Management is Vulnerable to Reflected Cross-Site Scripting (CVE-2015-7402)
http://www.ibm.com/support/docview.wss?uid=swg21970661
ZDI-15-641: Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/LfsseiLCccs/
ZDI-15-643: Foxit Reader Will Print Action Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/28dKwkM6_5M/
ZDI-15-642: Foxit Reader Will Save Document Action Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/uY-c98zZjQI/
ZDI-15-644: Foxit Reader FlateDecode Heap Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/s3waojIPu0E/