End-of-Shift report
Timeframe: Dienstag 11-08-2015 18:00 − Mittwoch 12-08-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
MS15-AUG - Microsoft Security Bulletin Summary for August 2015 - Version: 1.0
https://technet.microsoft.com/en-us/library/security/MS15-AUG
Adobe, MS Push Patches, Oracle Drops Drama
Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software. Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system. Not to be left out of Patch Tuesday, Oracles chief security officer lobbed something ..
http://krebsonsecurity.com/2015/08/adobe-ms-push-patches-oracle-drops-drama/
Defending against CVE-2015-1769: a logical issue exploited via a malicious USB stick
Today Microsoft released update MS15-085 to address CVE-2015-1769, an important severity security issue in Mount Manager. It affects both client and server versions, from Windows Vista to Windows 10. The goal of this blog post ..
http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspx
MSRT August 2015: Vawtrak
As part of our ongoing effort to provide better malware protection, we are adding the following detections to the Microsoft Malicious Software Removal Tool (MSRT) this month: Win32/Vawtrak Win32/Critroni Win32/Kasidet Critroni is a ransomware malware family that can lock your files and ask ..
http://blogs.technet.com/b/mmpc/archive/2015/08/11/msrt-august-2015-vawtrak.aspx
Emerging ransomware: Troldesh
Troldesh (detected as variants of Win32/Troldesh) started to show up in the early part of 2015 and became more prevalent in June this year. Overall detections have so far lessened in July - except for a notable spike around the 8th of the month, ..
http://blogs.technet.com/b/mmpc/archive/2015/08/09/emerging-ransomware-troldesh.aspx
OpenSSH 7.0 Released
An anonymous reader writes: Today the OpenSSH project maintainers announced the release of version 7.0. This release is focusing on deprecating weak and unsafe cryptographic methods, though some of the work wont be complete until 7.1. This release removes support for the following: the legacy SSH v1 protocol, ..
http://it.slashdot.org/story/15/08/11/2340247/openssh-70-released
IoT security is RUBBISH says IoT vendor collective
Online Trust Alliance calls on gadget vendors to stop acting like clowns A vendor group whose membership includes Microsoft, Symantec, Verisign, ADT and TRUSTe reckons the Internet of Things (IoT) market is being pushed with no regard to either ..
http://www.theregister.co.uk/2015/08/12/iot_security_is_rubbish_says_iot_vendor_collective/
KCI-Angriff auf TLS missbraucht Clientzertifikate
Ein komplexer Angriff nutzt eine trickreiche Kombination aus Clientzertifikaten und einem statischen Diffie-Hellman-Schlüsselaustausch. Der Angriff ist nur in sehr speziellen Situationen relevant, doch es zeigt sich wieder einmal, dass das TLS-Protokoll selbst Sicherheitslücken hat.
http://www.golem.de/news/schluesselaustausch-kci-angriff-auf-tls-missbraucht-clientzertifikate-1508-115699.html
Hacker ermöglichen Börsen-Insidergeschäfte in Millionenhöhe
Pressemitteilungen beinhalten gelegentlich Informationen, die an der Börse viel Geld wert sind - vor allem, wenn sie vor ihrer Veröffentlichung in die Hände von Tätern gelangen, die damit Insidergeschäfte machen. In den USA wurde ein Verbrecherring zerschlagen, der über 100 Millionen US-Dollar damit verdient haben soll.
http://www.golem.de/news/pressemitteilungen-hacker-ermoeglichen-boersen-insidergeschaefte-in-millionenhoehe-1508-115704.html
Schneider Electric IMT25 DTM Vulnerability
This advisory provides mitigation details for a memory corruption vulnerability in Schneider Electric IMT25 DTM component.
https://ics-cert.us-cert.gov/advisories/ICSA-15-223-01
Blacklists miss 90% of malware blogged IP love
Correlate all the things. Threat intelligence firm RecordedFuture says popular web blacklists are missing thousands of IP addresses linked to malware data theft.
http://www.theregister.co.uk/2015/08/12/two_shady_men_walk_into_a_bar_blacklist_report/
Security: Lenovos sanktioniertes Rootkit
Nach einer kompletten Neuinstallation von Windows auf einem Lenovo-Laptop wurde zur Überraschung eines Anwenders plötzlich auch ein Lenovo-Dienst gestartet. Er vermutete eine Art Bios-Rootkit und lag damit offenbar gar nicht so falsch.
http://www.golem.de/news/security-lenovos-sanktioniertes-rootkit-1508-115717.html
Windows Service Accounts - Why They're Evil and Why Pentesters Love them!
Windows Service Accounts have been one of those enterprise neccessary evils - things that you have to have, but nobody ever talks about or considers to be a problem. All too often, these service accounts are in the Domain Admins group, ..
https://isc.sans.edu/diary.html?storyid=20029
August 2015 Security Update Release Summary
Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are ..
http://blogs.technet.com/b/msrc/archive/2015/08/11/august-2015-security-update-release-summary.aspx
Thunderstrike 2: Mac firmware worm details
This is the annotated transcript of our DefCon 23 / BlackHat 2015 talk, which presented the full details of Thunderstrike 2, the first firmware worm for Apples Macs that can spread via both software or Thunderbolt hardware accessories and writes ..
https://trmm.net/Thunderstrike2_details
Firefox Under Fire: Anatomy of latest 0-day attack
On the August 6th, the Mozilla Foundation released a security update for the Firefox web browser that fixes the CVE-2015-4495 vulnerability in Firefox's embedded PDF viewer, PDF.js. This vulnerability allows attackers to bypass the same-origin policy and execute JavaScript remotely that will be ..
http://www.welivesecurity.com/2015/08/11/firefox-under-fire-anatomy-of-latest-0-day-attack/
Finding Vulnerabilities in Core WordPress: A Bug Hunter's Trilogy, Part II - Supremacy
In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts - describing his long path of discovered flaws and vulnerabilities in ..
http://blog.checkpoint.com/2015/08/11/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-ii-supremacy/
SSD Advisory - ZendXml Multibyte Payloads XXE/XEE
The XML standard defines a concept of an external entites. XXE (XML eXternal Entity) attack is an attack on an application that parses XML input from untrusted sources using incorrectly configured XML parser. The application may be forced to open arbitrary files and/or network resources. Exploiting XXE issues on PHP applications may also lead to denial of service or in some cases (for example, when an 'expect' PHP module is installed) lead to command execution.
https://blogs.securiteam.com/index.php/archives/2550