End-of-Shift report
Timeframe: Dienstag 24-02-2015 18:00 − Mittwoch 25-02-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Security Advisory - WP-Slimstat 3.9.5 and lower
Advisory for: WP-Slimstat Security Risk: Very high Exploitation level: Remote DREAD Score: 8/10 Vulnerability: Weak Cryptographic keys leading to SQL injections Patched Version: 3.9.6 WP-Slimstat's users should update as soon as possible! During a routine audit for our WAF, we discovered a security bug that an attacker could, by breaking the plugin's weak "secret" key, use to perform a SQL...
http://blog.sucuri.net/2015/02/security-advisory-wp-slimstat-3-9-5-and-lower.html
Finding Unknown Malware
If you have ever been given the mission to "Find Evil" on a compromised system, you understand the enormity of that tasking. In this technical presentation, Alissa will introduce sound methodology for identifying malware, using strategies based on "Knowing Normal", "Data Reduction" and "Least Frequency of Occurrence" in order to identify malicious binaries and common methods of persistence. The skills and tools presented here will aid in efficient...
http://blog.malwareresearch.institute/video/2015/02/24/finding-unknown-malware
A new strain of banking trojan VAWTRAK uses Macros and abuses Windows PowerShell
Security experts at TrendMicro observed significant improvements in VAWTRAK banking trojan which couples use malicious macros and Windows PowerShell. Early 2015 the Microsoft Malware Protection Center (MMPC) issued an alert about a surge in the infections of malware using macros to spread their malicious code. The experts MMPC have observed a significant increase in enable-macros ...
http://securityaffairs.co/wordpress/34107/cyber-crime/vawtrak-uses-macros-windows-powershell.html
Scanning Internet-exposed Modbus devices for fun & fun
[...] here is a scan I have run against the whole IPv4 address space, looking for Internet-exposed Modbus services.
http://pierre.droids-corp.org/blog/html/2015/02/24/scanning_internet_exposed_modbus_devices_for_fun___fun.html
"Surreptitiously Weakening Cryptographic Systems"
New paper: "Surreptitiously Weakening Cryptographic Systems," by Bruce Schneier, Matthew Fredrikson, Tadayoshi Kohno, and Thomas Ristenpart. Abstract: Revelations over the past couple of years highlight the importance of understanding malicious and surreptitious weakening of cryptographic systems. We provide an overview of this domain, using a number of historical examples to drive development of a weaknesses taxonomy. This allows comparing different...
https://www.schneier.com/blog/archives/2015/02/surreptitiously_1.html
Mozilla Thunderbird Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1031792
Mozilla Firefox Multiple Flaws Let Remote Users Deny Service, Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1031791
FreeBSD IGMP Integer Overflow Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031798
Splunk Enterprise 6.2.2 addresses two vulnerabilities
Description Splunk Enterprise version 6.2.2 addresses two vulnerabilities Multiple vulnerabilities in OpenSSL prior to 1.0.1k (SPL-95203, CVE-2014-3572, CVE-2015-0204) Splunk Web crashes due to specific HTTP requests (SPL-93754) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in...
http://www.splunk.com/view/SP-CAAANV8
Software Toolbox Top Server Resource Exhaustion Vulnerability
This advisory provides mitigation details for a resource exhaustion vulnerability in the Software Toolbox Top Server application.
https://ics-cert.us-cert.gov//advisories/ICSA-15-055-01
Kepware Resource Exhaustion Vulnerability
This advisory provides mitigation details for a resource exhaustion vulnerability in the Kepware Technologies DNP Master Driver for the KEPServerEX Communications Platform.
https://ics-cert.us-cert.gov//advisories/ICSA-15-055-02
Schneider Electric Invensys Positioner Buffer Overflow Vulnerability
This advisory provides mitigation details for a buffer overflow vulnerability in the Device Type Manager software for Schneider Electric's Invensys SRD Control Valve Positioner product line.
https://ics-cert.us-cert.gov//advisories/ICSA-15-055-03
HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Disclosure of Information
A potential security vulnerability has been identified with HP System Management Homepage running OpenSSL on Linux and Windows. This vulnerability is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04571379
IBM Security Bulletins
Rational Reporting for Development Intelligence - OpenSSL support for SSL 3.0 Fallback protection + 3 other CVEs
http://www.ibm.com/support/docview.wss?uid=swg21697194
AppScan Enterprise can be affected by multiple vulnerabilities (CVE-2014-6136, CVE-2014-8918)
http://www.ibm.com/support/docview.wss?uid=swg21697249
Rational Insight - Jazz Reporting Service report results can be viewed without user log-in (CVE-2014-6115)
http://www.ibm.com/support/docview.wss?uid=swg21697034
Rational Reporting for Development Intelligence - Jazz Reporting Service report results can be viewed without user log-in (CVE-2014-6115)
http://www.ibm.com/support/docview.wss?uid=swg21697035
Tivoli Storage Manager client encryption key password vulnerability (CVE-2014-4818)
http://www.ibm.com/support/docview.wss?uid=swg21697022
Tivoli Common Reporting(TCR) iFixes for Security Vulnerability
http://www.ibm.com/support/docview.wss?uid=swg21695800
Multiple vulnerabilities in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)
http://www.ibm.com/support/docview.wss?uid=swg21697112
Vulnerabilities in OpenSSL affect IBM Systems Director (CVE-2014-3513 and CVE-2014-3567)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097159
Rational Insight - OpenSSL support for SSL 3.0 Fallback protection + 3 other CVEs
http://www.ibm.com/support/docview.wss?uid=swg21697193
Cisco UCS C-Series Integrated Management Controller Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633