End-of-Shift report
Timeframe: Freitag 30-01-2015 18:00 − Montag 02-02-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Security Advisory for Adobe Flash Player (APSA15-02)
A Security Advisory (APSA15-02) has been published regarding a critical vulnerability (CVE-2015-0313) in Adobe Flash Player 16.0.0.296 and earlier versions for Windows, Macintosh and Linux. We are aware of reports that this ..
https://blogs.adobe.com/psirt/?p=1171
Cisco NX-OS Software TACACS+ Command Authorization Vulnerability
The vulnerability is due to incorrect processing of very long command-line interface (CLI) commands by the TACACS+ command authorization feature. An attacker could exploit this vulnerability by being locally authenticated and executing a long CLI command that is subject to command authorization. An exploit could allow the attacker to cause the device to reload.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8013
Cobham Sailor 900 VSAT Buffer Overflow Vulnerability
This alert provides early notice of uncoordinated buffer overflow vulnerability disclosure of the Cobham Sailor 900 VSAT.
https://ics-cert.us-cert.gov//alerts/ICS-ALERT-15-030-01
Analysis Of An Interesting Windows Kernel Change Mitigating Vulnerabilities In Some Security Products
Last year I started researching into the Windows kernel to get a better understanding of privilege escalation vulnerabilities. Vulnerabilities in the kernel are a serious issue as they could be used to bypass browsers sandboxes and end up compromising the entire system. In general most people ..
https://www.greyhathacker.net/?p=818
Akamai's state of the internet security
A significant increase in the number of DDoS attacks was measured in Q4 2014: a 57 percent increase compared to last quarter and a 90 percent increase compared to Q4 2013. No attack size records were broken. A new attack vector using a Christmas tree packet generated one of the quarters nine largest attacks.
http://www.stateoftheinternet.com/downloads/pdfs/2014-internet-security-report-q4.pdf
Check autorun entries with VirusTotal - Autoruns v13
Version 13 of Autoruns which was release January 29, 2015 includes a very handy feature to check unknown autorun entries with Virustotal 'automatically'. It's integrated ..
http://infected.io/41/check-autorun-entries-with-virustotal-autoruns-v13
HipChat Security Notice and Password Reset
Atlassian's security team has discovered and blocked suspicious activity on the HipChat service that resulted in unauthorized access to names, usernames, email addresses, and encrypted passwords for a very small percentage (<2%) of our users. We have no evidence that any payment information was accessed.
https://blog.hipchat.com/2015/02/01/hipchat-security-notice-and-password-reset/
Dshell
An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. Key features: Robust stream reassembly IPv4 and IPv6 support Custom output handlers Chainable decoders
https://github.com/USArmyResearchLab/Dshell
Multiple vulnerabilities in Wordpress-plugins
https://wpvulndb.com/vulnerabilities/7777
https://wpvulndb.com/vulnerabilities/7779
https://wpvulndb.com/vulnerabilities/7778
RansomWeb ransomware targets companies databases
Encryption first added as a patch, key only removed when all backups are encrypted.Make backups, they said. Then you wont have to worry about ransomware, they said.Ransomware has quickly become one of the most frustrating kinds of cyber attack. We all know that our devices could suddenly die, and if ..
http://www.virusbtn.com/blog/2015/02_02.xml
Internet Explorer 11 lässt Webseiten Anwender ausspionieren
Sicherheitsexperten haben eine Schwachstelle im Internet Explorer 11 gefunden, über die Angreifer Webseiten so manipulieren können, dass sie den Anwender ausspionieren. Ein Patch lässt noch auf sich warten – andere Web-Browser sind aber nicht anfällig.
http://heise.de/-2534975
Flash-Player deaktivieren! Schon wieder Angriffe auf ungepatchte Lücke
Und täglich grüßt die Flash-Lücke: Nur eine Woche war Ruhe, jetzt ist die nächste kritische Schwachstelle aufgetaucht. Da diese bereits ausgenutzt wird, sollte Flash wieder ein mal abgeschaltet werden.
http://heise.de/-2535100
OpenSSH: Key-Rotation für die Secure Shell
Bei der nächsten Version von OpenSSH wird es möglich sein, Server-Keys mit einem automatisierten Verfahren zu rotieren. Bislang ließen sich Schlüssel bei SSH nur mit viel ..
http://www.golem.de/news/openssh-key-rotation-fuer-die-secure-shell-1502-112096.html