End-of-Shift report
Timeframe: Mittwoch 17-06-2015 18:00 − Donnerstag 18-06-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
OS X and iOS Unauthorized Cross Application Resource Access (XARA), (Thu, Jun 18th)
The last couple of days, a paper with details about XARA vulnerabilities in OS X and iOS is getting a lot of attention [1]. If you havent seen the term XARA before, then this is probably because cross-application-resource-access was normal in the past. Different applications has access to each others data as long as the same user ran them. But more recently, operating systems like OS X and iOS made attempts to sandbox applications and isolate applications from each other even if the same user...
https://isc.sans.edu/diary.html?storyid=19815&rss
Apple OS X and iOS in the vulnerability spotlight - meet "CORED," also known as "XARA"
The security issue of the week has arrived in iOS and OS X, and its attracted a funky name already. The researchers called it XARA, but others had different ideas, and dubbed it "CORED." As in "Apple CORED."
http://feedproxy.google.com/~r/nakedsecurity/~3/Q4IwUfvQIVM/
IT-Sicherheitskonferenz FIRST: Ohne Vertrauen geht nichts, aber das Vertrauen geht
Die FIRST-Konferenz in Berlin beschäftigte sich damit, wie die Sicherheit von Computernetzen verbessert werden kann. Am Ende stand die Erkenntnis, dass die Arbeit komplizierter wird, weil Staaten zunehmend in IT-Sicherheit eingreifen.
http://heise.de/-2716841
Caching Out: The Value of Shimcache for Investigators
During a recent investigation, we found references to timestamps associated with probable malicious files that preceded the earliest known date of compromise. These Application Compatibility Cache (“Shimcache”) timestamps were the only evidence linked to this timeframe.
https://www.fireeye.com/blog/threat-research/2015/06/caching_out_the_val.html
Uncovering Tor users: where anonymity ends in the Darknet
Intelligence services have not disclosed any technical details of how they detained cybercriminals who created Tor sites to distribute illegal goods; in particular, they are not giving any clues how they identify cybercriminals who act anonymously. This may mean that the implementation of the Tor Darknet contains some vulnerabilities and/or configuration defects that make it possible to unmask any Tor user. In this research, we will present practical examples to demonstrate how Tor users may...
http://securelist.com/analysis/publications/70673/uncovering-tor-users-where-anonymity-ends-in-the-darknet/
Drupal-Lücken erlauben das Kapern von Admin-Konten
In Drupal 6 und 7 klaffen vier Sicherheitslücken. Die schwerwiegendste erlaubt es Angreifer, Admin-Konten des CMS über OpenID zu kapern. Updates, welche die Lücken schließen, stehen zum Download bereit.
http://heise.de/-2715975
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-002
Advisory ID: DRUPAL-SA-CORE-2015-002Project: Drupal core Version: 6.x, 7.xDate: 2015-June-17Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypass, Information Disclosure, Open Redirect, Multiple vulnerabilitiesDescriptionImpersonation (OpenID module - Drupal 6 and 7 - Critical)A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their
https://www.drupal.org/SA-CORE-2015-002
Security Advisories for Drupal Third-Party Modules
https://www.drupal.org/security/contrib
Bugtraq: [security bulletin] HPSBGN03350 rev.1 - HP SiteScope Using RC4, Remote Disclosure of Information
http://www.securityfocus.com/archive/1/535785
Bugtraq: [security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Information
http://www.securityfocus.com/archive/1/535786
Cisco IOS XR IPv6 Packet Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39383
Cisco IOS XR SSH Disconnect Error Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=39402
Symantec Endpoint Protection Manager and Client Issues
Revisions None Severity CVSS2Base ScoreImpactExploitabilityCVSS2 VectorSEPM Auth User Blind SQLi in PHP prepared state...
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150617_00
[R2] PHP < 5.4.41 Vulnerabilities Affect Tenable SecurityCenter
http://www.tenable.com/security/tns-2015-06
Rack denial of service
http://xforce.iss.net/xforce/xfdb/103917
SQL Injection in EXT:sb_akronymmanager
It has been discovered that the extension "Akronymmanager" (sb_akronymmanager) is susceptible to SQL Injection
http://www.typo3.org/news/article/sql-injection-in-extsb-akronymmanager/
pure-ftpd 1.0.39 remote denial of service in glob_()
Topic: pure-ftpd 1.0.39 remote denial of service in glob_() Risk: Medium Text:Version 1.0.40 of pure-FTPd fixes a potential denial of service issue. From the NEWS file: - The process handling a user...
http://cxsecurity.com/issue/WLB-2015060101