End-of-Shift report
Timeframe: Dienstag 10-02-2015 18:00 − Mittwoch 11-02-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
MS15-FEB - Microsoft Security Bulletin Summary for February 2015 - Version: 1.0
MS15-009 Security Update for Internet Explorer
MS15-010 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution
MS15-011 Vulnerability in Group Policy Could Allow Remote Code Execution
MS15-012 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
MS15-013 Vulnerability in Microsoft Office Could Allow Security Feature Bypass
MS15-014 Vulnerability in Group Policy Could Allow Security Feature Bypass
MS15-015 Vulnerability in Microsoft Windows Could Allow Elevation of Privilege
MS15-016 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure
MS15-017 Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege
https://technet.microsoft.com/en-us/library/security/MS15-FEB
Vorsicht! Microsoft-Patch legt Rechner lahm
An seinem Februar-Patchday schließt Microsoft 56 Lücken - und beschert Windows-Nutzern auch neue Probleme. Durch ein älteres Update, das nun automatisch verteilt wird, hängt der Rechner beim Installieren fest.
http://heise.de/-2545913
SSL Is Officially Declared Dead
On January 30, 2015, QSAs received the latest edition of the Council's Assessor Newsletter. Buried in that edition was the following statement. "The impacting change is related to several vulnerabilities in the SSL protocol. Because of this, no version of SSL meets PCI SSCs definition of strong cryptography, and updates to the standards are needed to address this issue." ... Therefore, those of you still using SSL to secure transmissions containing cardholder data (CHD) need to ...
https://pciguru.wordpress.com/2015/02/07/ssl-is-officially-declared-dead/
MS15-011 & MS15-014: Hardening Group Policy
Today we are releasing MS15-011 & MS15-014 which harden group policy and address network access vulnerabilities that can be used to achieve remote code execution (RCE) in domain networks. The MS15-014 update addresses an issue in Group Policy update which can be used to disable client-side global SMB Signing requirements, bypassing an existing security feature built into the product. MS15-011 adds new functionality, hardening network file access to block access to untrusted, attacker
http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx
Internet of Thieves: All that shiny home security gear is crap, warns HP
If you can monitor your house across the web, so can everyone else
In a recent study, every connected home security system tested by HP contained significant vulnerabilities, including but not limited to password security, encryption, and authentication issues.
http://www.theregister.co.uk/2015/02/10/iot_home_insecurity/
ZDI-15-041: Samsung Security Manager ActiveMQ Broker Service DELETE Method Denial of Service Vulnerability
This vulnerability allows remote attackers to delete files of their choosing from systems running vulnerable installations of Samsung Security Manager. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-15-041/
Security Advisory- Local Denial of Service Vulnerability in Huawei Ascend P7
Huawei Ascend P7 (Sophia-L09) uses Android 4.4, which is the upgrade version of EMUI 3.0.
The phone module crashes when a third-party app sends specific broadcast messages or enables specific UIs.
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-414153.htm
Security Advisory - Privilege Escalation Vulnerability in Huawei Mate7
Android versions earlier than 5.0 are affected by the vulnerability, which allows an attacker to escalate privilege. Huawei Mate7 is affected by the vulnerability
CVE-2014-7911
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-414174.htm
Offene Key-Value Stores
Offene Key-Value Stores11. Februar 2015Wie Heise berichtet wurden in den letzten Tagen von einer Gruppe Studenten zehntausende vollständig ungesicherte Instanzen der NoSQL-Datenbank MongoDB im Internet entdeckt. In den meisten Fällen war nicht nur lesender Zugriff sondern auch die Manipulation von Datensätzen möglich.
http://www.cert.at/services/blog/20150211085411-1367.html
Research, Low-Level, Vulnerabilities, Exploitation
Today, Microsoft released their latest Patch Tuesday. This Patch includes a fix for vulnerability CVE-2015-0057, an IMPORTANT-rated exploitable vulnerability which we responsibly disclosed to Microsoft a few months ago. As part of our research, we revealed this privilege escalation vulnerability which, if exploited, enables a threat actor to complete control of a Windows machine.
http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/
Google Play Store X-Frame-Options (XFO) Gaps Enable Android Remote Code Execution (RCE)
Due to a lack of complete coverage for X-Frame-Options (XFO) support on Googles Play Store web application domain, a malicious user can leverage either a Cross-Site Scripting (XSS) vulnerability in a particular area of the Google Play Store web application, or a Universal XSS (UXSS) targeting affected browsers, to remotely install and launch the main intent of an arbitrary Play Store provided Android package (APK). Affected Platforms: Many versions of Android 4.3 (Jelly Bean) and earlier ship ...
https://community.rapid7.com/community/metasploit/blog/2015/02/10/r7-2015-02-google-play-store-x-frame-options-xfo-gaps-enable-android-remote-code-execution-rce
NetFlow Collection and Analysis Using NFCAPD, Python, and Splunk
NetFlow data is often collected for network monitoring and management, but it has many applications for the security analyst. NetFlow data can be used to identify variations from established traffic baselines, traffic originating from critical systems, and communications with known bad external hosts. Many edge devices support the generation of NetFlow data, but the collection and analysis often requires commercial tools. Options based on open source and free tools will allow an analyst to ...
https://www.sans.org/reading-room/whitepapers/incident/netflow-collection-analysis-nfcapd-python-splunk-35747
Firmware: Hacker veröffentlicht Anleitung für UEFI-Rootkits
Ein russischer Hacker hat eine Anleitung veröffentlicht, wie Rootkits über manipulierte UEFIs eingepflanzt werden können. Wie leicht es ist, aktuelle UEFI-Implementierungen anzugreifen, hatten Hacker bereits auf dem 31C3 demonstriert.
http://www.golem.de/news/firmware-hacker-veroeffentlicht-anleitung-fuer-uefi-rootkits-1502-112305-rss.html
Cisco Security Advisories
Cisco Secure Access Control System SQL Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs
Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0609
Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0608
Cisco IOS Measurement Aggregation and Correlation Engine Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0609
Cisco IOS Measurement Aggregation and Correlation Engine Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0608
Cisco IOS ACL Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0610
Cisco TelePresence IX5000 Series Web Management Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0611