End-of-Shift report
Timeframe: Freitag 27-02-2015 18:00 − Montag 02-03-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Abusing Blu-ray Players Pt. 1 - Sandbox Escapes
tl;drIn today's (28 February) closing keynote talk at the Abertay Ethical Hacking Society's Secuir-Tay conference I discussed how it was po ...
https://www.nccgroup.com/en/blog/2015/02/abusing-blu-ray-players-pt-1-sandbox-escapes/
dnstest - Monitor Your DNS for Hijacking
In light of the latest round of attacks against and/or hijacking of DNS, it occurred to me that most people really don't know what to do about it. More importantly, many companies don't even notice they've been attacked until a customer complains. Especially for smaller companies who may not have as many customers, or only...
https://blog.whitehatsec.com/dnstest-monitor-your-dns-for-hijacking/
Virtualization Incident Response
Virtualization is a game changer, this session looks at the new world of virtualization and the impact on Incident Response & Computer Forensics. Details include answers to several important questions: Is forensics more difficult or perhaps actually easier in the virtual realm? What do I image if the Data Store has PI from 200 different companies on it that are not subjects to the investigation? Where are virtual machine files stored? What files are of forensic value? What about all of...
http://blog.malwareresearch.institute/video/2015/02/27/virtualization-incident-response
TorrentLocker campaign uses email authentication to tune the operations
The emails of a new TorrentLocker campaign use Domain-based Message Authentication, Reporting and Conformance (DMARC) to avoid detection and collect data. Cyber criminals are continuously improving the technique to spread malicious code and avoid detection systems. Recently security experts at Trend Micro noticed an improvement in the evasion techniques implemented by malware authors to spread the...
http://securityaffairs.co/wordpress/34268/cyber-crime/new-torrentlocker-campaign.html
The Rmnet botnet is very much alive!
February 27, 2015 Despite the numerous reports of news agencies that Europol held massive operation to stop the Rmnet botnet, Doctor Webs analysts continue to monitor this botnets activity. According to the media reports, the staff of British polices office engaged in combating cyber crimes, together with experts from Germany, Italy and the Netherlands, has suppressed the activity of several major Rmnets command and control servers. According to the news reports, on February 24, 2015 command...
http://news.drweb.com/show/?i=9310&lng=en&c=9
The return of the dangerous Trojan for Mac OS X
February 27, 2015 Doctor Web analysts conducted a research of a new version of the backdoor Trojan for Mac OS X named Mac.BackDoor.OpinionSpy.3. This malicious program is intended to spy on Mac users: it can collect and transmit information about loaded web pages to the attackers, analyze the traffic passing through the computers network card, intercept the network packets sent by instant messaging programs and perform some other dangerous features. Mac.BackDoor.OpinionSpy programs have been...
http://news.drweb.com/show/?i=9309&lng=en&c=9
OWASP ProActive Controls: Part 1
What is OWASP ProActive Controls? In one line, this project can be explained as "Secure Coding Practices by Developers for Developers". OWASP ProActive Controls is a document prepared for developers who are developing or are new to developing software/application with secure software development. This OWASP project lists 10 controls that can help a developer implement...
http://resources.infosecinstitute.com/owasp-proactive-controls-part-1/
Xen Hypervisor Flaws Force Amazon, Rackspace to Reboot Servers (SecurityWeek)
Rackspace, Amazon, Linode and likely other cloud providers will reboot some of their servers over the next week after they patch several vulnerabilities affecting the Xen open-source hypervisor.
http://www.securityweek.com/xen-hypervisor-flaws-force-amazon-rackspace-reboot-servers
Zero-Day-Lücken in Seagates Business NAS
Wer ein Business-NAS von Seagate nutzt, sollte sicherstellen, dass es nicht über das Internet erreichbar ist. Im Webinterface klaffen kritische Lücken, zu denen bereits ein passender Exploit kursiert.
http://heise.de/-2563240
Cisco ACE 4710 Application Control Engine and Application Networking Manager Cross-Site Request Forgery Vulnerability
CVE-2015-0651
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651
Cisco Unified Web Interaction Manager Cross-Site Scripting Vulnerability
CVE-2015-0655
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0655
IBM Security Bulletin: A page in IBM Curam Universal Access contains a risk of Sensitive Information Exposure(CVE-2014-4804)
2015-02-27T18:10:56-05:00
http://www.ibm.com/support/docview.wss?uid=swg21695931
Jetty 9.2.8 Shared Buffer Leakage
Topic: Jetty 9.2.8 Shared Buffer Leakage Risk: High Text:GDS LABS ALERT: CVE-2015-2080 JetLeak Vulnerability Remote Leakage Of Shared Buffers In Jetty Web Server SYNOPSIS == Go...
http://cxsecurity.com/issue/WLB-2015020151
Apache Standard Taglibs 1.2.1 XXE / Remote Command Execution
Topic: Apache Standard Taglibs 1.2.1 XXE / Remote Command Execution Risk: High Text:CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags Severity: Important Vendor: The Apache Software Foundation ...
http://cxsecurity.com/issue/WLB-2015020154
HPSBST03274 rev.1 - HP XP P9000 Command View Advanced Edition Software Online Help for Windows and Linux, Remote Cross-site Scripting (XSS)
Potential security vulnerabilities have been identified with HP XP P9000 Command View Advanced Edition Software Online Help for Windows and Linux. The vulnerabilities could be exploited resulting in remote Cross-site scripting (XSS).
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582371
IP Blacklist Cloud - SQL Injection
https://wpvulndb.com/vulnerabilities/7816
WP-ViperGB 1.3.10 - XSS Weakness and CSRF
https://wpvulndb.com/vulnerabilities/7817