End-of-Shift report
Timeframe: Mittwoch 04-03-2015 18:00 − Donnerstag 05-03-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
MICROSYS PROMOTIC Stack Buffer Overflow
This advisory provides mitigation details for a stack-based buffer overflow vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application.
https://ics-cert.us-cert.gov//advisories/ICSA-15-062-01
Adobe Launches Web Application Vulnerability Disclosure Program on HackerOne
In recognition of the important role that independent security researchers play in keeping Adobe customers safe, today Adobe launches a web application ..
https://blogs.adobe.com/psirt/?p=1179
SA-CONTRIB-2015-063 - Webform - Cross Site Scripting (XSS)
The module doesn't sufficiently escape user data presented to administrative users in the webform results table. This issue affects the 7.x-4.x branch only. This vulnerability is mitigated by the fact that an attacker ..
https://www.drupal.org/node/2445935
Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0657
Cisco Secure Access Control Server Default Tomcat Administration Interface Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2130
Toshiba Bluetooth Stack Untrusted Service Path Lets Local Users Gain System Privileges
http://www.securitytracker.com/id/1031825
BIND DNSSEC Guide
ISC has new documentation introducing DNSSEC, configuring BIND for common DNSSEC features, and basic DNSSEC troubleshooting. ISCs BIND DNSSEC Guide, co-written with DeepDive Networking, covers DNSSEC requirements, setting up a validating resolver, maintaining signed authoritative zones, and ..
http://users.isc.org/~jreed/dnssec-guide/dnssec-guide.html
SANS ICS410 Vienna
SANS presents the essential ICS/SCADA training course, ICS410 ICS Security Essentials. This specialist training event is running with the support of the International Atomic Energy Agency (IAEA) and follows the IAEAs International Conference on Computer Security in a Nuclear World which takes place the preceding week in Vienna.
https://www.sans.org/event/ics410-vienna-with-iaea
Malware "Casper": Wie die Franzosen in Syrien spionieren
Sicherheitsforscher analysieren Schadprogramm, das wohl von Frankreichs Geheimdiensten eingesetzt wird
http://derstandard.at/2000012513213
Format Injection Vulnerability in Duo Security Web SDK
Format Injection is not a new bug, but it was never described as a subclass of A1 Injection. You probably already hate me for giving it a name (at least I didn't create a logo!) but calling it an 'injection' is too general.
http://sakurity.com/blog/2015/03/03/duo_format_injection.html
The State Of The Internet
One great idea behind the internet is to connect devices from nearly every position on earth. Well, this idea sometimes has its drawbacks. In order to get an overview about devices that are actually connected, the University of ..
https://splone.com/blog/2015/3/4/the-state-of-the-internet
Schutz vor Freak Attack: Diese Browser sind betroffen
Der Freak-Angriff kompromittiert unzählige verschlüsselte Webseiten und Angreifer könnten sensible Daten ausspionieren. Ob man für die Attacke anfällig ist, hängt aber vom eingesetzten Betriebssystem, Webbrowser und der besuchten Internetseite ab.
http://heise.de/-2567655
OpenSSL Cookbook 2nd Edition released
Today we're releasing the second edition of OpenSSL Cookbook, Feisty Ducks free OpenSSL book. This edition is a major update, with some improvements to the existing text and new content added. The new edition has about 95 pages, an increase of about 35 pages.
http://blog.ivanristic.com/2015/03/openssl-cookbook-second-edition-released.html
Utilizing NLP To Detect APT in DNS
Imagine that after a nice, relaxing long weekend, you come in to work Monday morning at your job at the bank. While waking up with a cup of coffee, you begin checking email. Among the usual messages, there's a message about a security update and you click it. Security updates are so common these days that it's ..
https://labs.opendns.com/2015/03/05/nlp-apt-dns/
l+f: Abgelaufenes SSL-Zertifikat bei Visa
Wenn der Browser beim Besuch von Visa.de einen Zertifikatswarnung anzeigt, kann ein Angriff im Gange sein – oder der Admin hat vergessen, wann das Zertifikat abläuft.
http://heise.de/-2568054
VB2014 paper: Leaving our ZIP undone: how to abuse ZIP to deliver malware apps
Gregory Panakkal explains there are different ways of looking at APK files - and that sometimes has unintended consequences.Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we ..
http://www.virusbtn.com/blog/2015/03_05.xml
Domain Trusts: Why You Should Care
Red teams have been abusing Windows domain trusts for years with great success, but the topic is still underrepresented in public infosec discussions. While the community has started to talk more about Active Directory ..
http://www.harmj0y.net/blog/redteaming/domain-trusts-why-you-should-care/
Decoding ZeuS Disguised as an .RTF File
While going through emails that were reported by our internal users using Reporter, I came across a particularly nasty looking phishing email that had a .doc attachment. At first when I detonated the sample in my VM, it seemed that the attackers weaponized the attachment incorrectly. ..
http://phishme.com/decoding-zeus-disguised-as-an-rtf-file/