End-of-Shift report
Timeframe: Donnerstag 17-09-2015 18:00 − Freitag 18-09-2015 17:55
Handler: Alexander Riepl
Co-Handler: n/a
Important security notice regarding signing key and distribution of Red Hat Ceph Storage on Ubuntu and CentOS
Last week, Red Hat investigated an intrusion on the sites of both the Ceph community project (ceph.com) and Inktank (download.inktank.com), which were hosted on a computer system outside of Red Hat infrastructure. download.inktank.com provided ..
https://securityblog.redhat.com/2015/09/17/important-security-notice-regarding-signing-key-and-distribution-of-red-hat-ceph-storage-on-ubuntu-and-centos/
Analyzing Proxy Based Spam Networks
We are no strangers to Blackhat SEO techniques, we've actually spent a great deal of time working and sharing various bits of information related to Blackhat SEO techniques over the years. What we haven't shared, however, is the idea of Proxy-based Spam Networks (PSN). It's not because it wasn't interesting, it's ..
https://blog.sucuri.net/2015/09/analyzing-proxy-based-spam-networks.html
Cisco Prime Network Registrar Privilege Escalation Vulnerability
A vulnerability in the default configuration of the Cisco Prime Network Registrar (CPNR) virtual appliance (OVA) which could allow an authenticated, local attacker to gain root privileges.
http://tools.cisco.com/security/center/viewAlert.x?alertId=41041
WordPress Malware - Active VisitorTracker Campaign
We are seeing a large number of WordPress sites compromised with the 'visitorTracker_isMob' malware code. This campaign started 15 days ago, but only in the last few days have we started to see it gain traction; really affecting a large number of ..
https://blog.sucuri.net/2015/09/wordpress-malware-active-visitortracker-campaign.html
WP Shop <= 3.4.3.18 - Cross-Site Scripting (XSS) & CSRF
https://wpvulndb.com/vulnerabilities/8192
Researchers seek ransomware samples for their generic solution
VB2015 presentation to include demonstration of technique against recent samples.The scary hack thats on the rise is how Wireds Kim Zetter described ransomware in an overview article posted yesterday. Indeed, encrypting your files and demanding a ransom to decrypt them has become a very lucrative cybercriminal ..
http://www.virusbtn.com/blog/2015/09_18.xml
Router Security / SYNful Knock
Wir bekamen Anfragen zum Thema SYNful Knock. Uns war das keine Warnung wert, daher fasst dieser Blogpost unseren Standpunkt zusammen:Management Summary Der SYNful Knock Angriff ist keine neue Kategorie von Bedrohungen. Es gibt ..
http://www.cert.at/services/blog/20150918112023-1598.html
Sicherheitslücke: D-Link vergisst private Code-Signing-Schlüssel im Quellcode
Dem Hardwarehersteller D-Link ist ein peinlicher Fehler unterlaufen. Im Quellcode der Firmware für eine Überwachungskamera vergaßen die Entwickler private Code-Signing-Schlüssel. Der Hersteller hat bereits reagiert.
http://www.golem.de/news/peinlich-d-link-vergisst-private-code-signing-schluessel-im-quellcode-1509-116386.html
Pwnage Per Port - 22/open/tcp//ssh
Hello and welcome to the first installment of Pwnage Per Port! Today we will be discussing the oh-so-important SSH service which runs (most commonly) on TCP port 22. Not sure what Pwnage Per Port is? Head on over here for a quick rundown on what you can expect!
http://l.avala.mp/blog/pwnage-per-port-22opentcpssh/
Triaging PowerShell Exploitation with Rekall
David recently published his article Spotting the Adversary so I figured Id continue the trend and focus on Blue Team tactics in this post.
http://www.redblue.team/2015/09/triaging-powershell-exploitation-with.html
Cisco ASA Software Version Information Disclosure Vulnerability
A vulnerability in the SSL VPN code of Cisco ASA Software could allow an unauthenticated, remote attacker to obtain information about the Cisco ASA Software version. This information could be used for reconnaissance attacks.
http://tools.cisco.com/security/center/viewAlert.x?alertId=35946
Kritische Sicherheitslücke: Bug in Bugzilla
Die Bugverwaltung von Firefox gibt schon zum zweiten Mal im September vertrauliche Daten preis - doch diesmal sind auch andere Projekte betroffen. Ein Patch steht bereit.
http://www.golem.de/news/kritische-sicherheitsluecke-bug-in-bugzilla-1509-116393.html