End-of-Shift report
Timeframe: Dienstag 12-01-2016 18:00 − Mittwoch 13-01-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Security Bulletins Posted for Adobe Acrobat and Reader
Security Bulletins for Adobe Acrobat and Reader (APSB16-02) have been published. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant security bulletin. This posting ..
https://blogs.adobe.com/psirt/?p=1311
There Goes The Neighborhood - Bad Actors on GMHOST Alexander Mulgin Serginovic
Whether they encourage it or not, some network operators become known and favored by criminals such as those that operate exploit kit (EK) and malware infrastructure. After ..
http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.html
MS16-JAN - Microsoft Security Bulletin Summary for January 2016 - Version: 1.0
https://technet.microsoft.com/en-us/library/security/MS16-JAN
Raising the Dead
It's a bit late for Halloween but the ability to resurrect the dead (processes that is) is an interesting type of security issue when dealing with multi-user Windows systems such as Terminal Servers. Specifically this blog is about this issue which I reported to Microsoft and was fixed in bulletin ..
http://googleprojectzero.blogspot.com/2016/01/raising-dead.html
FortiOS SSH Undocumented Interactive Login Vulnerability
http://www.fortiguard.com/advisory/fortios-ssh-undocumented-interactive-login-vulnerability
Ransomware Strikes Websites
Ransomware is one of the most insidious types of malware that one can come across. These infections will encrypt all files on the target computer as well as any hard drives connected to the machine - pictures, videos, text files - you ..
https://blog.sucuri.net/2016/01/ransomware-strikes-websites.html
Triaging the exploitability of IE/EDGE crashes
Both Internet Explorer (IE) and Edge have seen significant changes in order to help protect customers from security threats. This work has featured a number of mitigations that together have not only rendered classes of vulnerabilities not-exploitable, but also dramatically raised the cost ..
http://blogs.technet.com/b/srd/archive/2016/01/12/triaging-the-exploitability-of-ie-edge-crashes.aspx
Die smarte Türklingel verrät das WLAN-Passwort
Eine Gegensprechanlage, die mit dem Smartphone zusammenarbeitet. Klingt eigentlich praktisch, doch leider weist das Gerät Sicherheitsmängel auf, wie Hacker jetzt herausfanden.
http://www.golem.de/news/internet-of-things-die-smarte-tuerklingel-verraet-das-wlan-passwort-1601-118497.html
Backdoor bei Fortinet vermutet: Firma spricht von Lücke
Alternative Login-Methode in Software entdeckt – Patch bereits 2014 veröffentlicht
http://derstandard.at/2000028972976
A Case of Too Much Information: Ransomware Code Shared Publicly for 'Educational Purposes', Used Maliciously Anyway
Researchers, whether independent or from security vendors, have a responsibility to properly disseminate the information they gathered to help the industry as well as users. Even with the best intentions, improper disclosure of sensitive information ..
http://blog.trendmicro.com/trendlabs-security-intelligence/a-case-of-too-much-information-ransomware-code-shared-publicly-for-educational-purposes-used-maliciously-anyway/
Security: Verizon routet 4 Millionen Spammer-IPs
IPv4-Adressen sind ein knappes Gut. Doch der US-Anbieter Verizon reagiere trotzdem nicht auf Missbrauchsmitteilungen, kritisiert eine Sicherheitsfirma.
http://www.golem.de/news/security-verizon-routet-4-millionen-spammer-ips-1601-118506.html
[HTB23279]: Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module
High-Tech Bridge Security Research Lab discovered multiple SQL Injection vulnerabilities in mcart.xls Bitrix module, which can be exploited to execute arbitrary SQL queries and obtain potentially sensitive data, modify information in database and gain complete control over the vulnerable website.
https://www.htbridge.com/advisory/HTB23279
[HTB23283]: Remote Code Execution in Roundcube
High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in a popular webmail client Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the vulnerable server.
https://www.htbridge.com/advisory/HTB23283
Hacking Team's Leak Helped Researchers Hunt Down a Zero-Day
Researchers at Kaspersky Lab have, for the first time, discovered a valuable zero-day exploit after intentionally going on the hunt for it.
http://www.wired.com/2016/01/hacking-team-leak-helps-kaspersky-researchers-find-zero-day-exploit/
Denial-of-Service Flaw Patched in DHCP
The Internet Systems Consortium (ISC) on Tuesday patched a denial-of-service vulnerability in numerous versions of DHCP.
http://threatpost.com/denial-of-service-flaw-patched-in-dhcp/115875/
The SLOTH attack and IKE/IPsec
Executive Summary: The IKE daemons in RHEL7 (libreswan) and RHEL6 (openswan) are not vulnerable to the SLOTH attack. But the attack is still interesting to look at . The SLOTH attack released today is a new transcript collision attack against ..
https://securityblog.redhat.com/2016/01/13/the-sloth-attack-and-ikeipsec/