End-of-Shift report
Timeframe: Montag 10-08-2015 18:00 − Dienstag 11-08-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Beliebige SSL-Zertifikate durch Missbrauch der Uralt-Internettechnik BGP
Das für das globale Internet unabdingbare Border Gateway Protocol (BGP) lässt sich leicht manipulieren. Ein Hacker beschrieb auf der Black Hat, wie man darüber gültige SSL-Zertifikate für beliebige Domains ausstellen lassen kann.
http://heise.de/-2774454
Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=36968
Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=33996
CVE-2015-2419 - Internet Explorer Double-Free in Angler EK
The Angler Exploit Kit (EK) recently added support for an Internet Explorer (IE) vulnerability (CVE-2015-2419) that was patched in July 2015. Quickly exploiting recently patched vulnerabilities is standard for Angler EK authors, but the target has been Adobe Flash Player since the ..
https://www.fireeye.com/blog/threat-research/2015/08/cve-2015-2419_inte.html
The Italian Connection: An analysis of exploit supply chains and digital quartermasters
On July 5, 2015 an unknown hacker publicly announced on Twitter that he had breached the internal network of Hacking Team - an Italian pentesting company known ..
http://blog.shadowserver.org/2015/08/10/the-italian-connection-an-analysis-of-exploit-supply-chains-and-digital-quartermasters/
QNAP Turbo NAS Series Devices Multiple Flaws Let Remote Users Conduct Cross-Site Scripting Attacks, Traverse the Directory, Execute Arbitrary Code, and Gain Elevated Privileges
http://www.securitytracker.com/id/1033224
QNAP Logging Error Lets Local Users Obtain Disk Encryption Keys
http://www.securitytracker.com/id/1033223
Internal modem can be exploited by malware to gain persistence
Two security experts at the last Def Con hacking conference have demonstrated how Internal LTE/3G modems can be hacked to help malware survive OS reinstalls Many users totally ignore that LTE/3G modems built into new business laptops and ..
http://securityaffairs.co/wordpress/39252/hacking/internal-modem-hacking.html
Who's Behind Your Proxy? Uncovering Bunitu's Secrets
In our previous analysis we showed how the Bunitu Trojan was distributed via the Neutrino exploit kit in various malvertising campaigns. After spending more time analyzing ..
https://blog.malwarebytes.org/botnets/2015/08/whos-behind-your-proxy-uncovering-bunitus-secrets/
Watch out for Costly Mobile Ads
There are lots of ways you can have a bad hair day with a mobile device - a rogue app from the Play Store, a dubious file from a non-official source or even a phish attack which takes advantage of a mobile's smaller screen size. A less annoying issue is pop-ups, adverts ..
https://blog.malwarebytes.org/online-security/2015/08/watch-out-for-costly-mobile-ads/
Tanksysteme ungeschützt im Netz: Leichte Beute für Hacker
Bankomatkassen an Zapfsäulen wurden bereits zum Ziel von Hackerangriffen, um Daten zu stehlen. Doch Tankstellen könnten von Kriminellen im Internet auch für weitaus gefährlichere Attacken ins Visier genommen werden. Das Forscherteam von Rapid7 fand laut "Wired" ..
http://derstandard.at/2000020547838
Vulnerabilities iframe <= 3.0
https://wpvulndb.com/vulnerabilities/8150
https://wpvulndb.com/vulnerabilities/8149
Threat Group-3390 Targets Organizations for Cyberespionage
Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers investigated activities associated with Threat Group-3390[1] (TG-3390). Analysis of TG-3390s operations, targeting, and tools led CTU researchers to assess with moderate confidence ..
http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/
Instant KARMA Might Still Get You
About a year ago, I started looking into Android applications that arent validating SSL certificates. Users of these applications could be at risk if they fall victim to a man-in-the-middle (MITM) attack. Earlier this year, I also wrote about ..
https://insights.sei.cmu.edu/cert/2015/08/instant-karma-might-still-get-you.html
Dynamic DNS Security and Potential Threats
Recently I began to notice a trend that Dynamic DNS providers have been repeatedly abused as a part of malware campaigns. How is dynamic DNS a threat to your enterprise? What can be done to mitigate this threat? Before we answer these questions, ..
https://www.alienvault.com/blogs/security-essentials/dynamic-dns-security-and-potential-threats
Another Android hole: "OCtoRuTA" - One (Java) Class to Rule Them All
Yet another large-scale vulnerability has been revealed in Android. This one lets an otherwise innocent-looking app go rogue, and enjoy privileges normally limited to the trusted parts of Android.
https://nakedsecurity.sophos.com/2015/08/11/another-android-hole-octoruta-one-java-class-to-rule-them-all/
Kali Linux 2.0 Released
We're still buzzing and recovering from the Black Hat and DEF CON conferences where we finished presenting our new Kali Linux Dojo, which was a blast. With the help of a few good people, the Dojo rooms were set up ready for the masses - where many ..
https://www.kali.org/releases/kali-linux-20-released/
Security Updates Available for Adobe Flash Player (APSB15-19)
A security bulletin (APSB15-19) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an ..
https://blogs.adobe.com/psirt/?p=1254
Mobilfunkdaten bei Facebook massenhaft auslesbar
Einem Entwickler ist es gelungen, mit einem kleinen Skript binnen weniger Minuten zahlreiche Mobilfunknummern von Nutzern über Facebook abzufragen. Sicherheitsexperten drängen auf eine andere Voreinstellung.
http://heise.de/-2776623