End-of-Shift report
Timeframe: Freitag 31-07-2015 18:00 − Montag 03-08-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
One font vulnerability to rule them all #1: Introducing the BLEND vulnerability
Posted by Mateusz Jurczyk of Google Project ZeroLast month, I presented parts of my PostScript font security research at the REcon security conference in Montreal, in a talk titled "One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced exploitation". This talk discussed the exploitation process of a vulnerability found in the implementation of a BLEND Charstring instruction, discovered in a user-mode Adobe Reader's CoolType...
http://googleprojectzero.blogspot.com/2015/07/one-font-vulnerability-to-rule-them-all.html
Schwachstellen: Fernzugriff öffnet Autotüren
Einem Hacker ist es gelungen, sich in die Software Onstar Remotelink des US-Autoherstellers General Motors einzuklinken. Damit lässt sich das Fahrzeug entriegeln und sogar starten. Wegfahren konnte er mit dem gehackten Fahrzeug aber nicht.
http://www.golem.de/news/schwachstellen-fernzugriff-oeffnet-autotueren-1508-115533-rss.html
Angriff auf Dell-Firmware nach Tiefschlaf
Nach dem Aufwachen aus dem Standby vergisst die Firmware einiger Dell-Rechner, sich selbst vor Schreibzugriffen zu schützen. So könnten Angreifer Schadcode in die Firmware schleusen.
http://heise.de/-2766940
Sicherheitslücken im Android-Multimedia-System eskalieren
Die Schwachstellen im Multimedia-System sind gefährlicher als zuerst vermutet: Mit manipulierten MP4-Videos könnten Angreifer Kontrolle übers Smartphone erlangen.
http://heise.de/-2766925
Your Security Policy Is So Lame, (Sun, Aug 2nd)
Every person should avoid lame security policies because of the lack of clarity they leave behind. Often times we find ourselves forced into creating security policies due to compliance requirements. Is there a way to lean into this requirement and get value beyond the checkbox? I certainly think so and would like to share some ideas on how you can do this as well. ">I personally avoided being the policy guy">">The following are several tips and tricks you can use to
https://isc.sans.edu/diary.html?storyid=19991&rss
Microsoft Windows 10 spies on you by default
While Microsoft is offering for free it new Windows 10 OS, security experts argue that the cost for user privacy is much higher. Microsoft Windows 10 is the new operating system of the IT giant, the newborn already reached more than 14 million downloads in just two days. The experts who have already analyzed Windows 10...
http://securityaffairs.co/wordpress/39042/digital-id/windows-10-privacy.html
BIND9 - Denial of Service Exploit in the Wild
BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and is used by most DNS providers. A week ago, the Internet Systems Consortium (ISC) team released a patch for a serious denial of service vulnerability (CVE-2015-5477) that allows a remote...
http://feedproxy.google.com/~r/sucuri/blog/~3/RmxRTNcW95o/bind9-denial-of-service-exploit-in-the-wild.html
Chrome extensions crocked with simple attack
Security-enhancer HTTPS Everywhere switched off with this one weird trick Detectify researcher Mathias Karlsson says attackers can remove Google Chrome extensions, including the popular HTTPS Everywhere extension, if users do nothing else but visit a web page.
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/03/detectify_disabling_chrome_extensions_https_everywhere/
Hijacking Satellite Communications with a $1,000 Device
A security researcher demonstrated how to hack a satellite tracking technology with a $1,000 device made of off the shelf components. Colby Moore, a security expert from security firm Synack, will present in a talk at the next Black Hat Conference how to hack satellite tracking technology by using a $1,000 device made of off...
http://securityaffairs.co/wordpress/39051/digital-id/hijacking-satellite-communications.html
Researchers Create First Firmware Worm That Attacks Macs
The common wisdom is that Apple computers are more secure than PCs. It turns out this isnt true.
http://www.wired.com/2015/08/researchers-create-first-firmware-worm-attacks-macs/
Anonymisierung: Weiterer Angriff auf das Tor-Netzwerk beschrieben
Forscher haben eine weitere Möglichkeit entdeckt, Benutzerzugriffe auf Tors Hidden Services zu entlarven. Ihr Angriff benötige aber eine gehörige Portion Glück, schreiben sie. Auch die Tor-Betreiber wiegeln ab.
http://www.golem.de/news/anonymisierung-weiterer-angriff-auf-das-tor-netzwerk-beschrieben-1508-115547-rss.html
Your SSH Server On Port 8080 Is No Longer "Hidden" Or "Safe", (Mon, Aug 3rd)
I am seeing some scanning for SSH servers on port 8080 in web server logs for web servers that listen on this port. So far, I dont see any scans like this for web servers listening on port 80. In web server logs, the scan is reflected as an Invalid Method (error 501) as the web server only sees the banner provided by the SSHclient, and of course can not respond. For example: 222.186.21.180 - - [03/Aug/2015:08:31:55 +0000] SSH-2.0-libssh2_1.4.3 501 303 - - This IP address in this example is for...
https://isc.sans.edu/diary.html?storyid=19995&rss
Designing the Perfect Security Awareness Newsletter
Even in smaller organizations, a regular security awareness newsletter can support effective, participative security. While your organization's editorial rules could be a creative break on a really great newsletter, the following tips can help you build up an effective one that will be welcomed by associates and be an asset to the organization's security. Do...
http://resources.infosecinstitute.com/designing-the-perfect-security-awareness-newsletter/
Windows 10 Upgrade Spam Carries CTB-Locker Ransomware
Spam messages spoofing Microsoft and promising a free Windows 10 upgrade instead drop the CTB-Locker crypto-ransomware on compromised machines.
http://threatpost.com/windows-10-upgrade-spam-carries-ctb-locker-ransomware/114114
Google Android Buffer Overflows in DHCP Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1033124
D-Link DCS-2103 1.20 CSRF / Cross Site Scripting
Topic: D-Link DCS-2103 1.20 CSRF / Cross Site Scripting Risk: Medium Text:Hello list! There are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in D-Link DCS-2103 (IP camera). ...
http://cxsecurity.com/issue/WLB-2015080016
VU#360431: Chiyu Technology fingerprint access control contains multiple vulnerabilities
Vulnerability Note VU#360431 Chiyu Technology fingerprint access control contains multiple vulnerabilities Original Release date: 31 Jul 2015 | Last revised: 31 Jul 2015 Overview Multiple models of Chiyu Technology fingerprint access control devices contain a cross-site scripting (XSS) vulnerability and an authentication bypass vulnerability. Description CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - CVE-2015-2870According to the reporter, tags are...
http://www.kb.cert.org/vuls/id/360431
Juniper Pulse Secure TCP Hardware Acceleration Flaw Lets Remote Users Access Data on the Target System
http://www.securitytracker.com/id/1033166
FortiSandbox WebUI Multiple XSS vulnerabilities
Topic: FortiSandbox WebUI Multiple XSS vulnerabilities Risk: Low Text:[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source:
http://hyp3rlinx.altervista.org/a...
http://cxsecurity.com/issue/WLB-2015080004
DSA-3322 ruby-rack - security update
Tomek Rabczak from the NCC Group discovered a flaw in thenormalize_params() method in Rack, a modular Ruby webserver interface.A remote attacker can use this flaw via specially crafted requests tocause a `SystemStackError` and potentially cause a denial of servicecondition for the service.
https://www.debian.org/security/2015/dsa-3322
DSA-3326 ghostscript - security update
William Robinet and Stefan Cornelius discovered an integer overflow inGhostscript, the GPL PostScript/PDF interpreter, which may result indenial of service or potentially execution of arbitrary code if aspecially crafted file is opened.
https://www.debian.org/security/2015/dsa-3326
DSA-3325 apache2 - security update
Several vulnerabilities have been found in the Apache HTTPD server.
https://www.debian.org/security/2015/dsa-3325
DSA-3323 icu - security update
Several vulnerabilities were discovered in the International Componentsfor Unicode (ICU) library.
https://www.debian.org/security/2015/dsa-3323
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) - IBM Java SDK updates July 2015
http://www.ibm.com/support/docview.wss?uid=swg21963354
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Intrusion Prevention System
http://www.ibm.com/support/docview.wss?uid=swg21962039
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web
http://www.ibm.com/support/docview.wss?uid=swg21963096
IBM Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects IBM Security Network Intrusion Prevention System (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=swg21962045
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack (CVE-2015-0486 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-2808
http://www.ibm.com/support/docview.wss?uid=isg3T1022548
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry (CVE-2015-0486 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-2808
http://www.ibm.com/support/docview.wss?uid=isg3T1022550
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business
http://www.ibm.com/support/docview.wss?uid=swg21963126
IBM Security Bulletin: Multiple vulnerabilities in the unzip utility affect IBM Security Access Manager for Web
http://www.ibm.com/support/docview.wss?uid=swg21963094
IBM Security Bulletin: Vulnerabilities in unzip affect IBM Security Network Intrusion Prevention System (CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, and CVE-2014-9636 )
http://www.ibm.com/support/docview.wss?uid=swg21962038