Tageszusammenfassung - Montag 11-05-2015

End-of-Shift report

Timeframe: Freitag 08-05-2015 18:00 − Montag 11-05-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a

Cisco Wireless LAN Controller Wireless Web Authentication Denial of Service Vulnerability

A vulnerability in the wireless web authentication subsystem of Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

http://tools.cisco.com/security/center/viewAlert.x?alertId=38749


VMSA-2015-0003.8

http://www.vmware.com/security/advisories/VMSA-2015-0003.html


Cisco Unified Communications Manager root Shell Access Local Privilege Escalation Vulnerability

A vulnerability in the local read file of the Cisco Unified Communications Manager could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user.

http://tools.cisco.com/security/center/viewAlert.x?alertId=38763


Who's Scanning Your Network? (A: Everyone)

Not long ago I heard from a reader who wanted advice on how to stop someone from scanning his home network, or at least recommendations about to whom he should report the person doing the scanning. I couldnt believe that people actually still cared about scanning, and I told him as much: These days there are ..

http://krebsonsecurity.com/2015/05/whos-scanning-your-network-a-everyone/


NCSC publishes factsheet Help! My website has been defaced

To deface a website the attacker changes the content of existing pages or adds new ones. Hundreds of websites are defaced every day, often without being specifically targeted. It is becoming increasingly common for defacements to ..

https://www.ncsc.nl/english/current-topics/news/ncsc-publishes-factsheet-help-my-website-has-been-defaced.html


Jellyfish: Malware nistet sich in GPUs ein

Nutzt eine Malware den Prozessor einer Grafikkarte, ist sie nicht nur schwerer aufzuspüren, sondern kann auch die höhere Rechenleistung der GPU nutzen. Jellyfish will zeigen, dass solcher Schadcode funktioniert.

http://www.golem.de/news/jellyfish-malware-nistet-sich-in-gpus-ein-1505-113988.html


Yubikey: Nie mehr schlechte Passwörter

Unser Autor hat 152 Onlinekonten, die er möglichst gut absichern will. Mit dem Passwortmanager Keepass und einem sogenannten Token - dem Yubikey Neo. Eine Anleitung.

http://www.golem.de/news/yubikey-nie-mehr-schlechte-passwoerter-1505-113872-rss.html


Tor-Bridges für Amazon EC2 eingestampft

Ab sofort wird es schwerer, Nutzern alternative Zugänge zum Anonymisierungsnetz Tor zur Verfügung zu stellen. Das entsprechende Projekt für Cloud-Images wurde eingestellt.

http://heise.de/-2640793


60 Days of Watching Hackers Attack Elasticsearch

Two months ago, one of my DigitalOcean instances started attacking another host with massive amounts of bogus traffic. I was notified by the abuse team at DO that my VPS was participating in a DDoS attack. I managed to track down that the ..

https://jordan-wright.github.io/blog/2015/05/11/60-days-of-watching-hackers-attack-elasticsearch/


Finger printing: Print the Finger of an Application

When performing a Web Application Security Assessment, an important step is Fingerprinting which allows for further exploitation by an attacker. So as a security researcher/pentester, we should do well at fingerprinting the web server, which gives lot of information like application name, software version, ..

http://resources.infosecinstitute.com/finger-printing-print-the-finger-of-an-application/


Angler exploit kit using tricks to avoid referrer chain leading back to malvertisement provider

For some time I've been seeing the Angler exploit kit pop up and infect clients without through malvertising campaigns without having a referer when visitng the landing page. The reason why this is interesting is that it makes it a lot harder to track down the malicious creative IDs which can ..

http://blog.0x3a.com/post/118366451134/angler-exploit-kit-using-tricks-to-avoid-referrer