End-of-Shift report
Timeframe: Dienstag 16-06-2015 18:00 − Mittwoch 17-06-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Unpatched OS X, iOS flaws allow password, token theft from keychain, apps
Six researchers from Indiana University Bloomington, Peking University and Georgia Tech have recently published a paper in which they detail the existence of critical security weaknesses in Apples OS...
http://www.net-security.org/secworld.php?id=18523
Security: Unverschlüsselte App-Updates gefährden Samsungs Smartphones
Wenn Apps ihre Aktualisierungen unverschlüsselt abholen, sind sie leicht zu manipulieren. Vor allem bei systemnahen Anwendungen ist das ein gravierendes Problem, wie ein aktueller Fall belegt, der vor allem die Galaxy-Reihe von Samsung betrifft.
http://www.golem.de/news/security-unverschluesselte-app-updates-gefaehrden-samsungs-smartphones-1506-114711-rss.html
CVE-2014-4114 and an Interesting AV Bypass Technique, (Tue, Jun 16th)
Citizenlabs recently reported on a CVE-2014-4114 campaign against pro-democracy / pro-Tibetian groups in Hong Kong. The attacks happening should not surprise anyone, nor that the attacks were sophisticated. The vulnerability itself was patched with MS14-060 and has been used by APT and crime groups for sometime. Trend Micro wrote a good write-up of the issue here. What is interesting is what, in effect, is an anti-virus bypass that was employed by the actors. This bypass was discussed in this...
https://isc.sans.edu/diary.html?storyid=19809&rss
VU#155412: Samsung Galaxy S phones fail to properly validate Swiftkey language pack updates
Vulnerability Note VU#155412 Samsung Galaxy S phones fail to properly validate Swiftkey language pack updates Original Release date: 16 Jun 2015 | Last revised: 16 Jun 2015 Overview Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, fail to properly validate Swiftkey language pack updates. Description CWE-345: Insufficient Verification of Data Authenticity - CVE-2015-2865Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, are pre-installed with a version of Swiftkey...
http://www.kb.cert.org/vuls/id/155412
EMC Unified Infrastructure Manager/Provisioning Authentication Flaw Lets Remote Users Access the System
http://www.securitytracker.com/id/1032589
Red Hat OpenSSL Locking Error in ssleay_rand_bytes() Lets Remote Users Deny Service
http://www.securitytracker.com/id/1032587
Vulnerabilities in Cisco Products
Cisco Cloud Portal Appliance Pregenerated Default Host Keys Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39380
Cisco Prime Collaboration Manager SQL Injection Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39365
Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=31998
Cisco Adaptive Security Appliance Encrypted IPSec or IKEv2 Packet Modification Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39366
[HTB23261]: OS Command Injection in Vesta Control Panel
Product: Vesta Control Panel v0.9.8Vulnerability Type: OS Command Injection [CWE-78]Risk level: Critical Creater:
http://vestacp.comAdvisory Publication: May 20, 2015 [without technical details]Public Disclosure: June 17, 2015 CVE Reference: CVE-2015-4117 CVSSv2 Base Score: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C) Vulnerability Details: High-Tech Bridge Security Research Lab discovered critical vulnerability in Vesta Control Panel, which can be exploited to execute arbitrary system commands and gain...
https://www.htbridge.com/advisory/HTB23261
VU#842780: Vesta Control Panel is vulnerable to cross-site request forgery
Vulnerability Note VU#842780 Vesta Control Panel is vulnerable to cross-site request forgery Original Release date: 16 Jun 2015 | Last revised: 16 Jun 2015 Overview Vesta Control Panel is vulnerable to a cross-site request forgery (CSRF) attack. Description CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2015-2861Vesta Control Panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has
http://www.kb.cert.org/vuls/id/842780
Bugtraq: ESA-2015-043: RSA Validation Manager Security Update for Multiple Vulnerabilities
http://www.securityfocus.com/archive/1/535777
GarrettCom Magnum Series Devices Vulnerabilities
This advisory provides mitigation details for multiple vulnerabilities in GarrettCom's Magnum 6k and Magnum 10k product lines.
https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01-0
Security update available for Adobe Photoshop CC
Adobe has released an update for Photoshop CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.
https://helpx.adobe.com/security/products/photoshop/apsb15-12.html
Security update available for Adobe Bridge CC
Adobe has released an update for Adobe Bridge CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.
https://helpx.adobe.com/security/products/bridge/apsb15-13.html
Bugtraq: VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities
http://www.securityfocus.com/archive/1/535781
[R1] PHP < 5.4.41 Vulnerabilities Affect Tenable SecurityCenter
June 15, 2015
http://www.tenable.com/security/tns-2015-06