End-of-Shift report
Timeframe: Montag 17-08-2015 18:00 − Dienstag 18-08-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Attacking ECMAScript Engines with Redefinition
Posted by Natalie Silvanovich = function () { return n; }ECMAScript has a property where almost all functions and variables can be dynamically redefined. This can lead to vulnerabilities in situations where native code assumes a function or variable behaves a certain way when accessed or does not have certain side effects when it can in fact be redefined. Project Zero has discovered 24 vulnerabilities involving ECMAScript redefinition in Adobe Flash in the past few months and similar issues...
http://googleprojectzero.blogspot.com/2015/08/attacking-ecmascript-engines-with.html
Tool Tip: Kansa Stafford released, PowerShell for DFIR, (Mon, Aug 17th)
In his most recent post, Guy asked Are You a Hunter?. Heres one way to become one. Dave Hull has just published the Stafford release of his exemplary PowerShell DFIR tool, Kansa. For the uninitiated, Kansa is amodular incident response framework in Powershell.(PS v3 or higher preferred)that uses Powershell Remoting to run user contributed modules across hosts in an enterprise to collect data for use during incident response, breach hunts, or for building an environmental baseline. Per Daves...
https://isc.sans.edu/diary.html?storyid=20049&rss
Risky Schneider Electric SCADA Vulnerabilities Remain Unpatched
Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON.
http://threatpost.com/risky-schneider-electric-scada-vulnerabilities-remain-unpatched/114305
Ransomware goes OPEN SOURCE in the name of education
Won't somebody think of the script kiddies? Turkish security bod Utku Sen has published what appears to be the first open source ransomware that anyone to download and spread.
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/18/ransomware_goes_open_source/
How Not to Start an Encryption Company
Probably the quickest way for a security company to prompt an overwhelmingly hostile response from the security research community is to claim that its products and services are "unbreakable" by hackers. The second-fastest way to achieve that outcome is to have that statement come from an encryption company CEO who served several years in federal prison for running a $210 million Ponzi scheme. Heres the story of a company that managed to accomplish both at the same time and is now...
http://krebsonsecurity.com/2015/08/how-not-to-start-an-encryption-company/
Sicherheitsrisiko Mainframe: Großrechner aus dem Internet erreichbar
Ein Sicherheitsforscher warnt, dass Mainframes zu einem leichten Angriffsziel werden könnten.
http://www.heise.de/newsticker/meldung/Sicherheitsrisiko-Mainframe-Grossrechner-aus-dem-Internet-erreichbar-2781347.html?wt_mc=rss.ho.beitrag.rdf
1&1, GMX und Web.de: Millionen E-Mail-Postfächer waren angreifbar
Bei den E-Mail-Anbietern 1&1, Gmx und Web.de klaffte bis vor wenigen Tagen eine Sicherheitslücke, über die Angreifer unter bestimmten Umständen Zugriff auf fremde Konten bekommen konnten.
http://heise.de/-2782618
When You Can't ARPSpoof
There are times during a penetration test when you are having difficulty gaining the credentials you want from a host that has already been compromised. You have successfully socially engineered a system administrator or other user with privileges to a web application and you have established a meterpreter shell. You can dump the password hashes...
http://resources.infosecinstitute.com/when-you-cant-arpspoof/
Reflection DDoS Attacks Abusing RPC Portmapper
Level 3 Communications has discovered a new type of reflection DDoS attack that takes advantage of RPC Portmapper to overwhelm networking services.
http://threatpost.com/reflection-ddos-attacks-abusing-rpc-portmapper/114318
SAP Afaria 7 Buffer Overflow
Topic: SAP Afaria 7 Buffer Overflow Risk: High Text:Application: SAP Afaria 7 Versions Affected: SAP Afaria 7, probably others Vendor URL:
http://SAP.com Bugs: Buffer Overflow ...
http://cxsecurity.com/issue/WLB-2015080088
DSA-3336 nss - security update
Several vulnerabilities have been discovered in nss, the Mozilla NetworkSecurity Service library. The Common Vulnerabilities and Exposures projectidentifies the following problems:...
https://www.debian.org/security/2015/dsa-3336
Bugtraq: EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532)
http://www.securityfocus.com/archive/1/536244
ZDI-15-393: Foxit Reader TIFF Conversion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://www.zerodayinitiative.com/advisories/ZDI-15-393/
GnuTLS ServerKeyExchange Validation Flaw May Let Remote Users Forge Signatures
http://www.securitytracker.com/id/1033225
DFN-CERT-2015-1277. Linux-Kernel: Mehrere Schwachstellen ermöglichen einen Denial-of-Service-Angriff
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1277/
Security Notice - Statement about the Stagefright Security Vulnerability in Android OS Disclosed by Zimperium
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-445925.htm
Security Advisory - DoS Vulnerability in Huawei MBB Product
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-450877.htm
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns
http://www.ibm.com/support/docview.wss?uid=swg21964039
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM GPFS Native RAID (CVE-2015-2638, CVE-2015-4760, CVE-2015-2619, CVE-2015-2613)
http://www.ibm.com/support/docview.wss?uid=isg3T1022565
IBM Security Bulletin: Vulnerabilities in OpenSSL affect Rational RequisitePro (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791)
http://www.ibm.com/support/docview.wss?uid=swg21964441
Apache ActiveMQ Directory Traversal Flaw Lets Remote Users Upload Files and Execute Arbitrary Code
http://www.securitytracker.com/id/1033315
USN-2710-2: OpenSSH regression
Ubuntu Security Notice USN-2710-218th August, 2015openssh regressionA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryUSN-2710-1 introduced a regression in OpenSSH.Software description openssh - secure shell (SSH) for secure access to remote machines DetailsUSN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix forCVE-2015-5600 caused a regression resulting in random authenticationfailures in non-default...
http://www.ubuntu.com/usn/usn-2710-2/
VU#248692: Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities
Vulnerability Note VU#248692 Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities Original Release date: 18 Aug 2015 | Last revised: 18 Aug 2015 Overview Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass. Description The Trend Micro Deep Discovery platform "enables you to detect, analyze, and respond to today's stealthy, targeted attacks in real time." It may be...
http://www.kb.cert.org/vuls/id/248692
Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40523