End-of-Shift report
Timeframe: Dienstag 17-03-2015 18:00 − Mittwoch 18-03-2015 18:00
Handler: Robert Waldner
Co-Handler: n/a
Malware Hunting with the Sysinternals Tools
This session provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. Mark Russinovich demonstrates their malware-hunting capabilities by presenting several real-world cases that used the tools to identify and clean malware, and concludes by...
http://blog.malwareresearch.institute/video/2015/03/17/malware-hunting-with-the-sysinternals-tools
Pass the hash!, (Wed, Mar 18th)
No, this isnt about sharing a hallucinogen-laced bong for a smoke. The hash were referring to here is the one that Wikipedia aptly but unhelpfully defines as a derivation of data, notably used in cryptographic hash functions. Passing the hash is a form of login credential theft that is quite prevalent. In it, an attacker captures the encoded session password (the hash) from one computer, and then re-uses it to illicitly access another computer. On (most configurations of) the Microsoft Windows...
https://isc.sans.edu/diary.html?storyid=19479&rss
SSL Labs unveils free open source tool, new APIs
Qualys SSL Labs now includes free assessment APIs, accompanied by a free open source tool that can be used for bulk and automated testing of websites. These new enhancements provide the same results a...
http://www.net-security.org/secworld.php?id=18096
Apple-Browser: Update für drei Safari-Versionen behebt Sicherheitslücken
Apple hat in der Nacht zum Mittwoch Aktualisierungen für Safari unter OS X Mountain Lion, OS X Mavericks und OS X Yosemite veröffentlicht. Damit werden teils schwerwiegende Fehler ausgebügelt.
http://www.heise.de/newsticker/meldung/Apple-Browser-Update-fuer-drei-Safari-Versionen-behebt-Sicherheitsluecken-2578006.html?wt_mc=rss.ho.beitrag.rdf
Fatally flawed RC4 should just die, shout angry securobods
Its the Swiss Cheese of infosec and were all gazing through its holes Security researchers have banged another nail into the coffin of the ageing RC4 encryption algorithm.
http://go.theregister.com/feed/www.theregister.co.uk/2015/03/18/kill_rc4_say_security_researchers/
Mobile Android, iOS Apps Still Vulnerable to FREAK Attacks
FireEye scanned iOS and Android apps downloaded billions of times in aggregate and determined that, despite the availability of patches, because the apps still connect to vulnerable HTTPS servers, they're subject to FREAK attacks.
http://threatpost.com/mobile-android-ios-apps-still-vulnerable-to-freak-attacks/111695
Cisco Content Services Switch (11500) Unauthenticated Port Forwarding Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=37889
VU#868948: HP ArcSight contains multiple vulnerabilities
Vulnerability Note VU#868948 HP ArcSight contains multiple vulnerabilities Original Release date: 17 Mar 2015 | Last revised: 17 Mar 2015 Overview HP ArcSight contains multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE PendingHP ArcSight Logger 5.3.1.6838.0 configuration import file upload capability does not sanitize file names, which allows a remote, authenticated attacker to put arbitrary files into the document root. This vulnerability...
http://www.kb.cert.org/vuls/id/868948
Security Advisory - Resource Management Vulnerability in the AR1220
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417840.htm
Security Advisory - Directory File Deletion Vulnerability in UDS
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417839.htm
Security Advisory - Multiple Injection Vulnerabilities in UDS
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417837.htm
[DSA 3195-1] php5 security update
Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-2305 - Guido Vranken discovered a heap overflow in the ereg extension (only applicable to 32 bit systems). ... CVE-2015-0231 - Stefan Esser discovered a use-after-free in the unserialisation of objects. CVE-2015-0232 - Alex Eubanks discovered incorrect memory management in the exif extension. CVE-2015-0273 - Use-after-free in the unserialisation of DateTimeZone.
https://lists.debian.org/debian-security-announce/2015/msg00080.html
XZERES 442SR Wind Turbine Vulnerability
This advisory provides mitigation details for a cross-site request forgery vulnerability in XZERES's 442SR turbine generator operating system.
https://ics-cert.us-cert.gov/advisories/ICSA-15-076-01
Honeywell XL Web Controller Directory Traversal Vulnerability
This advisory provides mitigation details for a directory traversal vulnerability in Honeywell's XL Web Controller.
https://ics-cert.us-cert.gov/advisories/ICSA-15-076-02