End-of-Shift report
Timeframe: Dienstag 04-08-2015 18:00 − Mittwoch 05-08-2015 18:00
Handler: n/a
Co-Handler: n/a
Nuclear EK traffic patterns in August 2015, (Wed, Aug 5th)
Introduction About two weeks ago, Nuclear exploit kit (EK)changed its URL patterns. Now it looks a bit likeAngler EK. Kafeine originally announced the change on 2015-07-21 [1], and we collected examples the next day. Heres how Nuclear EK looked on" /> Here" /> Now that were into August 2015,URL patterns for Nuclear EK have altered again. These changes are similar to weve seen withAngler EK since June 2015 [3]. Theyre not the same URL patternsas Angler, but the changes are...
https://isc.sans.edu/diary.html?storyid=20001&rss
Wait, what? TrueCrypt decrypted by FBI to nail doc-stealing sysadmin
Do the Feds know something we dont about crypto-tool? Or did bloke squeal his password? Discontinued on-the-fly disk encryption utility TrueCrypt was unable to keep out the FBI in the case of a US government techie who stole copies of classified military documents. How the Feds broke into the IT bods encrypted TrueCrypt partition isnt clear.
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/truecrypt_decrypted_by_fbi/
WordPress-Update schließt sechs Sicherheitslücken
Die Version 4.2.4 des Content-Management-Systems behebt unter anderem eine SQL-Injection-Lücke, durch die Angreifer die Installation übernehmen können.
http://heise.de/-2771541
Man-In-The-Cloud Owns Your DropBox, Google Drive -- Sans Malware
Using no malware or stolen passwords, new attack can compromise your cloud synch services and make your good files malicious.
http://www.darkreading.com/cloud/man-in-the-cloud-owns-your-dropbox-google-drivesans-malware-/d/d-id/1321501?_mc=RSS_DR_EDT
Email Security Awareness: How To Get Quick Results
Phishing and Spear phishing attacks on the rise Phishing and spear phishing attacks are the most effective attack vectors. Despite the high level of awareness of the cyber threats, bad actors still consider email their privileged attack vector. According to the security experts at Trend Micro firm, spear phishing is the attack method used in...
http://resources.infosecinstitute.com/email-security-awareness-how-to-get-quick-results/
Finding Vulnerabilities in Core WordPress: A Bug Hunter's Trilogy, Part I
In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts - describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only "Subscriber" user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web...
http://blog.checkpoint.com/2015/08/04/wordpress-vulnerabilities-1/
Android-Schwachstelle: Telekom schaltet wegen Stagefright-Exploits direktes MMS ab
MMS-Nutzer müssen wegen einer Android-Schwachstelle auf die direkte Zustellung verzichten. Die Telekom will so ihre Kunden schützen.
http://www.golem.de/news/android-schwachstelle-telekom-schaltet-wegen-stagefright-exploits-direktes-mms-ab-1508-115600-rss.html
MVEL as an attack vector
Java-based expression languages provide significant flexibility when using middleware products such as Business Rules Management System (BRMS). This flexibility comes at a price as there are significant security concerns in their use. In this article MVEL is used in JBoss...
https://securityblog.redhat.com/2015/08/05/mvel-as-an-attack-vector/
Root-Exploit: Apple bereitet offenbar Patch mit MacOS 10.10.5 vor
Der Mac-Hersteller setzt einem Bericht zufolge zunächst auf verschiedene Maßnahmen, um die Ausnutzung einer Rechteausweitungslücke zur Malware-Installation zu erschweren. Das ausstehende Update auf OS X 10.10.5 soll die Schwachstelle dann beseitigen.
http://heise.de/-2772715
Bugtraq: [SECURITY] [DSA 3328-2] wordpress regression update
http://www.securityfocus.com/archive/1/536135
Apple OS X DYLD_PRINT_TO_FILE Environment Variable Validation Flaw Lets Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1033177
[2015-08-05] Websense Content Gateway stack buffer overflow in handle_debug_network
A stack-based buffer overflow was identified in the Websense Content Manager administrative interface, which allows execution of arbitrary code.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150805-0_Websense_Content_Gateway_stack_buffer_overflow_in_handle_debug_network_v10.txt
Security Advisory - CF Card Information Leak Vulnerability on Multiple Huawei Products
The CF cards on some Huawei switches contain some sensitive information in plaintext. Once an attacker gets such a CF card, it may result in the leak of sensitive information (HWPSIRT-2015-07048).
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446634.htm
Security_Advisory-Two Security Vulnerabilities in the ME906 Wireless Module
The upgrade package of the ME906 wireless module contains the hash values of the root account and password. An attacker can obtain the password of the root account through reverse cracking, connect to the serial port of the wireless module, and enter the root account and password to log in to the operating system of the module. (HWPSIRT-2015-02009) | This module implements upgrade check using CRC16, which is insecure. Much study is done for reversely cracking this algorithm. (HWPSIRT-2015-06032)
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446601.htm