End-of-Shift report
Timeframe: Dienstag 01-09-2015 18:00 − Mittwoch 02-09-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Demystifying File and Folder Permissions
If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the same core ideas. The file permissions in Linux, Mac, and Windows computers are very similar to the file and folder permissions in Apache, Nginx, and IIS servers. You can right-clickRead More The post Demystifying File and Folder Permissions appeared first on Sucuri Blog.
https://blog.sucuri.net/2015/09/demystifying-file-and-folder-permissions.html
Whats the situation this week for Neutrino and Angler EK?, (Wed, Sep 2nd)
Introduction Last month in mid-August 2015, an actor using Angler exploit kit (EK) switched to Neutrino EK [1]. A few days later, we found that actor using Angler again [2]. This week, were back to seeingNeutrino EK from the same actor. Neutrino EK from this actor is sending TeslaCrypt 2.0 as the payload. We also saw another actor use Angler EK to pushBedep during the same timeframe. Todays diary looks at two infection chains from Tuesday 2015-09-01, one for Angler EK and another for Neutrino.
https://isc.sans.edu/diary.html?storyid=20101&rss
Verschlüsselung: Microsoft, Google und Mozilla schalten RC4 2016 ab
Es ist ein überfälliger Schritt: Microsoft, Google und Mozilla haben angekündigt, den unsicheren Verschlüsselungsalgorithmus RC4 ab 2016 in ihren Produkten endgültig nicht mehr zu verwenden. Ein konkretes Datum nennt bislang jedoch nur Mozilla.
http://www.golem.de/news/verschluesselung-microsoft-google-und-mozilla-schalten-rc4-2016-ab-1509-116075-rss.html
Per Web und USB-Stick: Smart-TVs vielfältig angreifbar
Mit vergleichsweise simplen Methoden haben Sicherheitsforscher App-Nutzerdaten von Medienabspielern und Smart TVs ausgelesen. Dabei konnten sie auch die Kamera aktivieren und bis auf die Root-Ebene vordringen.
http://heise.de/-2797227
Router-Lücken: Belkin N600 DB macht es den Hackern einfach
Die Beschreibung der Lücken in Belkins Heimrouter liest sich wie ein Handbuch mit Negativbeispielen der Firmware-Programmierung. Angreifer können die Nutzer des Routers unter anderem auf beliebige Webseiten umleiten. Abhilfe gibt es nicht.
http://heise.de/-2800853
IBM: CoreBot malware - simple but dangerous info stealer
IBMs X-Force research team has uncovered a new piece of data-swiping malware whose modular design allows it to be quickly altered and made even more dangerous.
http://www.scmagazine.com/x-force-team-uncovers-data-swiping-malware/article/436064/
Factoring RSA Keys With TLS Perfect Forward Secrecy
What is being disclosed today? Back in 1996, Arjen Lenstra described an attack against an optimization (called the Chinese Remainder Theorem optimization, or RSA-CRT for short). If a fault happened during the computation of a signature (using the RSA-CRT optimization),...
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
Adware-Installer erschleicht Zugriff auf den Mac-Schlüsselbund
Ein neuer Adware-Installer nutzt nach Angabe von Sicherheitsforschern einen simplen Trick, um sich ohne weiteres Zutun des Nutzers Zugang zum Schlüsselbund von OS X einzuräumen.
http://heise.de/-2802238
Cisco NX-OS Malformed ARP Header Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40748
VU#903500: Seagate 36C wireless hard-drive contains multiple vulnerabilities
Vulnerability Note VU#903500 Seagate 36C wireless hard-drive contains multiple vulnerabilities Original Release date: 01 Sep 2015 | Last revised: 01 Sep 2015 Overview The Seagate 36C wireless hard-drive contains multiple vulnerabilities. Description CWE-798: Use of Hard-coded Credentials - CVE-2015-2874 The Seagate 36C wireless hard-drive provides undocumented Telnet services accessible by using the default credentials of root as username and the default password.CWE-425: Direct Request
http://www.kb.cert.org/vuls/id/903500
ZDI-15-408: Hewlett-Packard LoadRunner Controller Scenario File Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability could allow attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://www.zerodayinitiative.com/advisories/ZDI-15-408/
Siemens RUGGEDCOM ROS IP Forwarding Vulnerability
This advisory provides mitigation details for an IP forwarding vulnerability in older versions of Siemens RUGGEDCOM ROS.
https://ics-cert.us-cert.gov/advisories/ICSA-15-244-01
Edimax BR6228nS/BR6228nC - Multiple vulnerabilities
Topic: Edimax BR6228nS/BR6228nC - Multiple vulnerabilities Risk: Medium Text:# Title: Edimax BR6228nS/BR6228nC - Multiple vulnerabilities # Date: 01.09.15 # Vendor: edimax.com # Firmware version: 1.22 ...
http://cxsecurity.com/issue/WLB-2015090013
Security Advisory - No Authentication Vulnerability on the Serial Port of the UAP2105
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-452865.htm
[HTB23269]: Cross-Site Request Forgery in Cerb
Product: Cerb v7.0.3Vulnerability Type: Cross-Site Request Forgery [CWE-352]Risk level: Medium Creater: Webgroup Media LLCAdvisory Publication: August 12, 2015 [without technical details]Public Disclosure: September 2, 2015 CVE Reference: CVE-2015-6545 CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Vulnerability Details: High-Tech Bridge Security Research Lab discovered CSRF vulnerability in Cerb platform, which can be exploited to perform Cross-Site Request Forgery attacks against
https://www.htbridge.com/advisory/HTB23269
DFN-CERT-2015-1353: Xen: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1353/
Bugtraq: ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability
http://www.securityfocus.com/archive/1/536377
SiS Windows VGA Display Manager Multiple Privilege Escalation
Topic: SiS Windows VGA Display Manager Multiple Privilege Escalation Risk: Medium Text:KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation Title: SiS Windows VGA Display Manager Mult...
http://cxsecurity.com/issue/WLB-2015090019
XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation
Topic: XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Risk: Medium Text:KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Title: XGI Windows VGA Display Manag...
http://cxsecurity.com/issue/WLB-2015090018
IBM Security Bulletins
IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM SONAS (CVE-2015-2613)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005343
IBM Security Bulletin: HTTP Request smuggling vulnerability may affect IBM HTTP Server (CVE-2015-3183)
http://www.ibm.com/support/docview.wss?uid=swg21963361
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience
http://www.ibm.com/support/docview.wss?uid=swg21960713
IBM Security Bulletin: IBM WebSphere MQ 7.0.1 potential denial of service (CVE-2015-2013)
http://www.ibm.com/support/docview.wss?uid=swg21962479
IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects TS3100/TS3200 (CVE-2015-4000)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005368&myns=s034&mynp=OCSTCMML7&mynp=OCHW211&mync=E&cm_sp=s034-_-OCSTCMML7-OCHW211-_-E
IBM Security Bulletin: IBM Maximo Asset Management could allow a local attacker to obtain information due to the autocomplete feature on password input fields (CVE-2015-1933)
http://www.ibm.com/support/docview.wss?uid=swg21965080
IBM Security Bulletin: Default Password Requirements are weak on new installations of IBM Maximo Asset Management (CVE-2015-1934)
http://www.ibm.com/support/docview.wss?uid=swg21964855
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098599