End-of-Shift report
Timeframe: Mittwoch 06-05-2015 18:00 − Donnerstag 07-05-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Cisco UCS Central Software Arbitrary Command Execution Vulnerability
A vulnerability in the web framework of Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc
eShop 6.3.11 - Remote Code Execution
https://wpvulndb.com/vulnerabilities/7967
Multiple vulnerabilities in ManageEngine Applications Manager
http://www.zerodayinitiative.com/advisories/ZDI-15-170
http://www.zerodayinitiative.com/advisories/ZDI-15-169
http://www.zerodayinitiative.com/advisories/ZDI-15-168
http://www.zerodayinitiative.com/advisories/ZDI-15-167
http://www.zerodayinitiative.com/advisories/ZDI-15-166
Macro Malware: When Old Tricks Still Work, Part 2
In the first part of this series, we discussed about the macro malware we have recently seen in the threat landscape. This second entry will delve deeper into the techniques or routines of macro malware. Unintended consequences Let us put things into ..
http://blog.trendmicro.com/trendlabs-security-intelligence/macro-malware-when-old-tricks-still-work-part-2/
APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6
Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
http://prod.lists.apple.com/archives/security-announce/2015/May/msg00000.html
Kritische Sicherheitslücke in WordPress
Wie gestern (06. Mai) bekannt wurde, gibt es eine Sicherheitslücke im "Genericons icon font package" von WordPress, welches in vielen populären Themes und Erweiterungen, darunter das ..
http://cert.at/warnings/all/20150507.html
Protect your network with DNS Firewall
If you run your own mail server, you will quickly find out that 90% of the e-mails you receive are spam. The solution ..
http://securityblog.switch.ch/2015/05/07/protect-your-network-with-dns-firewall/
Security Operations Center
Ensuring the confidentiality, integrity, and availability of a modern information technology enterprise is a big job. Cyber security breaches are becoming common news. The role of ..
http://resources.infosecinstitute.com/security-operations-center/
Analyzing Quantum Insert Attacks
A Quantum Insert Attack is a classic example of man-in-the-middle attacks which resurfaced into news among the top 10 biggest ..
http://resources.infosecinstitute.com/analyzing-quantum-insert-attacks/
Avast verdächtigt Windows-Bibliotheken als Trojaner
Der Virenwächter Avast hat DLL-Dateien von Windows als gefährlich eingestuft und in Quarantäne verschoben. Danach liefen bei betroffenen Nutzern einige Programme nicht mehr.
http://heise.de/-2638093
Falscher PC-Experte überwies während Fernwartung Geld nach Bangkok
Mehrere Hundert Euro Schaden - Bank konnte Transaktion nicht mehr rückgängig machen - Polizei warnt vor Betrugsmasche mit falschen Microsoft-Mitarbeitern
http://derstandard.at/2000015448793
How to make two binaries with the same MD5 hash
One question I was asked when I demod creating two PHP files with the same hash is; does it work on compiled binaries?
http://natmchugh.blogspot.co.uk/2015/05/how-to-make-two-binaries-with-same-md5.html