End-of-Shift report
Timeframe: Mittwoch 22-07-2015 18:00 − Donnerstag 23-07-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Flash zero-day monster Angler dominates exploit kit crime market
If only you could buy shares SophosLabs researcher Fraser Howard says the Angler exploit kit is dominating the highly-competitive underground malware market, growing from exploding a quarter to 83 percent of market share within nine months .
http://go.theregister.com/feed/www.theregister.co.uk/2015/07/23/sophos_angler_ek/
Hintergrund: Das Geschäft mit den Zero Days
Der Verkauf von bisher unbekannten Sicherheitslücken, sogenannten Zero Days, scheidet die Geister. Manche halten dieses Geschäft für unmoralisch, andere sagen, es sollte illegal sein. Vor allem ist es aber wohl sehr lukrativ.
http://heise.de/-2757303
Security: Schwachstelle erlaubt lokale Rechteausweitung in OS X 10.10
Ein Fehler in Apples OS X 10.10.4 erlaubt es, sich administrative Privilegien zu verschaffen. Die Schwachstelle kann nur lokal ausgenutzt werden und wurde in der Beta von OS X 10.11 bereits behoben.
http://www.golem.de/news/security-schwachstelle-erlaubt-lokale-rechteausweitung-in-os-x-10-10-1507-115388-rss.html
3 important questions raised by Wired's car hack
Wired.com broke a shocking but hardly surprising story on July 21st. The reporter was driving his Jeep on the highway when strange things started to happen. First the fan and radio went on and later the whole car came to a stop. On the highway! Andy Greenburg was not in control of the car anymore.
http://safeandsavvy.f-secure.com/2015/07/23/3-important-questions-raised-by-wireds-car-hack/
Löchrige VMs: Den PGP-Schlüssel des Nachbarn klauen
Teilt man sich auf einem virtuellen Server die gleiche Hardware mit anderen VMs, kann man diese ausspionieren. Dabei lassen sich auf überraschend vielen Wegen Side-Channel-Angriffe durchführen.
http://heise.de/-2760695
Hacking Team: a zero-day market case study
This article documents Hacking Teams third-party acquisition of zero-day (0day) vulnerabilities and exploits. The recent compromise of Hacking Teams email archive offers one of the first public case studies of the market for 0days. Because of its secretive nature, this market has been the source of endless debates on the ethics of its participants. The archive also offers insight into the capabilities and limits of offensive-intrusion software developers. Hacking Team was seriously exploit...
http://tsyrklevich.net/2015/07/22/hacking-team-0day-market/
Securing Cookies using HTTP Headers
In the previous articles in this series on defending against web attacks using HTTP headers, we have seen the usage of X-Frame-Options and X-XSS-Protection headers. In this article, we will see some HTTP headers to secure cookies. Introduction: Cookies are one of the most sensitive items during a user's session. An authentication cookie is as...
http://resources.infosecinstitute.com/defending-against-web-attacks-using-http-headers-part-3/
Another Day, Another Patch
FreeBSD users were treated this week to an interesting new denial of service attack vector. All supported versions of the OS are affected by the bug, which has now been patched. Junos OS, which is based on FreeBSD, is also affected. If you're a FreeBSD admin and you haven't patched, feel free to disappear now and do so. Don't worry, we'll be here when you're done - Right, now that's out of the way, we can peruse the vulnerability at our leisure. The bug...
https://blog.team-cymru.org/2015/07/another-day-another-patch/
SBA Afterworks Summer Special: Hacking Team Hacked? => Lessons Learned!
August 06, 2015 - 5:00 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien
https://www.sba-research.org/events/security-afterworks-hacking-team-hacked-lessons-learned/
Sicherheitsupdate für WordPress
WordPress 4.2.3 stopft unter anderem ein Sicherheitsloch, durch die Nutzer mit bestimmten Rechten die gesamte Site kompromittieren können.
http://heise.de/-2761788
Microsofts Advanced Threat Analytics soll Firmennetze schützen
Microsoft will Firmennetze mit Advanced Threat Analytics gegen Angriffe und Eindringlinge wappnen. Die Software setzt am Active Directory an, soll lernfähig sein und präsentiert Verdächtiges in einer Zeitleiste.
http://heise.de/-2761360
Cisco IOS Software TFTP Server Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-tftp
Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp
Cisco Application Policy Infrastructure Controller Access Control Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic
Cisco IOS XR LPTS Network Stack Remote Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40068
Security Advisory: PCRE library vulnerability CVE-2015-2325
(SOL16983)
https://support.f5.com:443/kb/en-us/solutions/public/16000/900/sol16983.html?ref=rss
Security Advisory: Multiple PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
(SOL16993)
https://support.f5.com:443/kb/en-us/solutions/public/16000/900/sol16993.html?ref=rss
DSA-3312 cacti - security update
Multiple SQL injection vulnerabilities were discovered in cacti, a webinterface for graphing of monitoring systems.
https://www.debian.org/security/2015/dsa-3312
DSA-3313 linux - security update
Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a privilege escalation or denial of service.
https://www.debian.org/security/2015/dsa-3313
EMC Avamar Lets Remote Users Traverse the Directory to View Files on the Target System
http://www.securitytracker.com/id/1033026
USN-2676-1: NBD vulnerabilities
Ubuntu Security Notice USN-2676-122nd July, 2015nbd vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in NBD.Software description nbd - Network Block Device protocol DetailsIt was discovered that NBD incorrectly handled IP address matching. Aremote attacker could use this issue with an IP address that has a partialmatch and bypass access restrictions. This...
http://www.ubuntu.com/usn/usn-2676-1/
Time Tracker - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-135
Advisory ID: DRUPAL-SA-CONTRIB-2015-135Project: Time Tracker (third-party module)Version: 7.xDate: 2015-July-22Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Scripting, Multiple vulnerabilitiesDescriptionThis module enables you to track time on entities and comments.The module doesnt sufficiently filter notes added to time entries, leading to an XSS/JavaScript injection vulnerability. This vulnerability is mitigated by...
https://www.drupal.org/node/2537866
OSF for Drupal - Critical - Multiple vulnerabilities - SA-CONTRIB-2015-134
Advisory ID: DRUPAL-SA-CONTRIB-2015-134Project: OSF for Drupal (third-party module)Version: 7.xDate: 2015-July-22Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Scripting, Access bypass, Cross Site Request ForgeryDescriptionThe Open Semantic Framework (OSF) for Drupal is a middleware layer that allows structured data (RDF) and associated vocabularies (ontologies) to "drive" tailored tools and data displays within...
https://www.drupal.org/node/2537860
FTC Uconnect Vulnerability
NCCIC/ICS-CERT is aware of a public report and video of researchers demonstrating remote exploits on a magazine reporter's automobile. The report and video focus on unauthorized remote access to the Fiat Chrysler Automobile (FCA) Connect automotive infotainment system. ICS-CERT is issuing this alert to provide notice of this report and video, and that a patch is available from the FCA.
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-203-01
WordPress 4.2.3 Security and Maintenance Release
July 23, 2015
https://wordpress.org/news/2015/07/wordpress-4-2-3/
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in current releases of IBM WebSphere Real Time
http://www.ibm.com/support/docview.wss?uid=swg21962496
IBM Security Bulletin: Current Release of IBM SDK for Node.js in IBM Bluemix is affected by CVE-2015-5380
http://www.ibm.com/support/docview.wss?uid=swg21962754
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tealeaf Customer Experience (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21959030
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2015-4000, CVE-2015-0478, CVE-2015-1916).
http://www.ibm.com/support/docview.wss?uid=swg21962216
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK (CVE-2015-0478, CVE-2015-0488, and CVE-2015-1916) and with Diffie-Hellman ciphers (CVE-2015-4000) may affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID)
http://www.ibm.com/support/docview.wss?uid=swg21961812
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron (CVE-2015-0478, CVE-2015-0488)
http://www.ibm.com/support/docview.wss?uid=swg21961728
IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Workload Deployer (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293)
http://www.ibm.com/support/docview.wss?uid=swg21962334
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool (CVE-2015-0410 and CVE-2014-6593)
http://www.ibm.com/support/docview.wss?uid=swg21962370