End-of-Shift report
Timeframe: Dienstag 22-09-2015 18:00 − Mittwoch 23-09-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Cisco AnyConnect Secure Mobility Client for Windows Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=41136
Bypass Developed for Microsoft Memory Protection, Control Flow Guard
A researcher at Bromium is expected at DerbyCon to disclose a memory corruption mitigation bypass of Microsoft Control Flow Guard.
http://threatpost.com/bypass-developed-for-microsoft-memory-protection-control-flow-guard/114768/
Hack Brief: Mobile Manager's Security Hole Would Let Hackers Wipe Phones
The vulnerability in the SAP Afaria mobile management system affected all mobile phones used by 6,300 companies.
http://www.wired.com/2015/09/hack-brief-popular-mobile-phone-manager-open-lock-wipe-hacks/
Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=41128
Making our users unlearn what we taught them, (Wed, Sep 23rd)
Remember back in the ancient days, when macro viruses were rampant, and we security geeks instructed our flock of virus scared users to never click on a .DOC attachment in an email, but that a .PDF was perfectly fine? Fast forward a couple ..
https://isc.sans.edu/diary.html?storyid=20177
Hackers upload bot code to Imgur in 8Chan attack
A nasty vulnerability in Imgur was used by attackers to hide malicious code in images, commandeer visitors browsers, and hose the 4Chan and 8Chan image ..
www.theregister.co.uk/2015/09/23/imgur_attack/
New security features in HPs printers can detect rogue BIOS and firmware modifications
HP refers to this capability as "self-healing security," but its actually a set of code integrity checking mechanisms that security researchers have asked embedded ..
http://www.infoworld.com/article/2985389/printers/hp-adds-protection-against-firmware-attacks-to-enterprise-printers.html
Kaspersky: Mo Unpackers, Mo Problems.
As well as fuzzing, I've been auditing and reviewing the design, resulting in identifying multiple major flaws that Kaspersky are actively working on resolving. These issues affect everything from network intrusion detection, ssl interception ..
http://googleprojectzero.blogspot.de/2015/09/kaspersky-mo-unpackers-mo-problems.html
PHP Malware Finder
PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. ... Detection is performed by crawling the filesystem and testing files against a set of YARA rules. Yes, its that simple!
https://github.com/nbs-system/php-malware-finder
.htaccess Tricks in Global.asa Files
As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual paths (e.g mod_rewrite), auto-append code to PHP scripts, etc. In the world of IIS/ASP there is also an equivalent - Global.asa ..
https://blog.sucuri.net/2015/09/htaccess-tricks-in-global-asa-files.html
XCodeGhost iOS app infection toll rises to FOUR THOUSAND
The number of XCodeGhost-infected iOS apps, initially pegged at 39, has exploded to more than 4,000. ... The Register has asked FireEye for the names of some of the prominent affected ..
http://www.theregister.co.uk/2015/09/23/xcodeghost_ios_app_infection_toll_rises_to_four_thousand/
iOS 9: Erneut Umgehung der Gerätesperre möglich
Neues Betriebssystem, neuer Trick: Erneut wurde ein Lockscreen-Bug entdeckt, mit dem der Zugriff auf Daten von iPhone & Co. auch ohne Eingabe von PIN-Code oder Fingerabdruckfreigabe möglich ist.
http://heise.de/-2824001
Security: Lenovo sammelt seit fast einem Jahr Nutzerdaten
Ein dritter Fall von fraglichem Umgang mit Nutzerdaten ist bei Lenovo bekanntgeworden. Auf Geräten der Thinkpad-, Thinkcentre- und Thinkstation-Modellreihen kann sich Lenovo-Software befinden, die seit fast einem Jahr das Nutzerverhalten beobachtet.
http://www.golem.de/news/security-lenovo-sammelt-nutzerdaten-seit-fast-einem-jahr-1509-116455.html
Firefox 41 ist da: Mehr Sicherheit und Instant Messaging
http://derstandard.at/2000022666280
Reflected Cross-Site Scripting (XSS) in iTop
High-Tech Bridge Security Research Lab discovered vulnerability in iTop, which can be exploited to perform Cross-Site Scripting (XSS) attacks against web application users. iTop is a critical application, which is used to cover the entire set of ITIL processes. Successful attack on this web ..
https://www.htbridge.com/advisory/HTB23268
ENISA Cyber Europe 2014 - After Action Report
ENISAs After Action Report of the pan-European cybersecurity exercise Cyber Europe 2014 (CE2014) was approved by the EU Member States and gives a high-level overview of the complex cybersecurity exercise that was carried out in 2014. The full after action report includes an engaging action plan which ENISA and Member States are committed to implement.
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cce/cyber-europe/ce2014/ce2014-after-action-report
Open-Xchange Security Advisory 2015-09-23
Vulnerability Details: Dialogs for printing content were vulnerable to execute injected script code at object properties that get printed. Risk: Malicious script code can be executed within a users context. This can lead to session hijacking ..
http://www.securityfocus.com/archive/1/536523
Apple will betroffene Nutzer über XcodeGhost-Apps informieren
Der iPhone-Hersteller hat eine 'Top 25'-Liste der infizierten Apps angekündigt und will Angriffen in XcodeGhost-Manier die Grundlage entziehen. Nutzer sollen zudem in Kenntnis gesetzt werden, wenn sie kompromittierte Apps heruntergeladen haben.
http://heise.de/-2824328