End-of-Shift report
Timeframe: Freitag 15-01-2016 18:00 − Montag 18-01-2016 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to execute a stored cross-site scripting (XSS) attack against a user of the Cisco FireSIGHT Management Center web interface.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT
Easily Exploitable Vulnerability Could Cause Physical Damage to Industrial Motors
http://www.sans.org/newsletters/newsbites/r/18/4/307
Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability
Cisco FireSIGHT Management Center (MC) contains a DOM-based cross-site scripting vulnerability (XSS) in the management page. An unauthenticated, remote attacker could persuade a user to perform a malicious action, allowing the attacker to perform a XSS attack.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1
IBM Security Bulletin: Vulnerabilities in GNU grep utility affect IBM Security Network Protection (CVE-2012-5667, and CVE-2015-1345)
The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. Security vulnerabilities have been discovered in grep utility used with IBM Security Network Protection.
http://www.ibm.com/support/docview.wss?uid=swg21972209
IBM Security Bulletin: IBM WebSphere Application Server Liberty Profile vulnerability affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2015-2017)
WebSphere Application Server Liberty Profile that is embedded in TADDM could allow a remote attacker to has access to the customer app or a form which sends the contents in a header will be able to split the response and add headers to the response. The customer application will allow cross-site scripting, web cache poisoning, and other similar exploits.
http://www.ibm.com/support/docview.wss?uid=swg21974782
Cisco Adaptive Security Appliance Information Disclosure Vulnerability
A vulnerability in the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional attacks.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-asa
The SLOTH attack and IKE/IPsec
The IKE daemons in RHEL7 (libreswan) and RHEL6 (openswan) are not vulnerable to the SLOTH attack. But the attack is still interesting to look at . The SLOTH attack released today is a new transcript collision attack against ..
https://securityblog.redhat.com/2016/01/15/the-sloth-attack-and-ikeipsec/
Schwere Lücke bei Überwachungskameras von Hofer und Aldi
Sicherheitsexperten warnen vor Überwachungskameras der Marke Maginon. Diese erlauben den ungeschützten Zugriff auf Bild und Ton, aber auch WLAN- und E-Mail-Passwörter.
http://futurezone.at/produkte/schwere-luecke-bei-ueberwachungskameras-von-hofer-und-aldi/175.586.501
LostPass
I have discovered a phishing attack against LastPass that allows an attacker to steal a LastPass users email, password, and even two-factor auth code, giving full access to all passwords and documents stored in LastPass.
https://www.seancassidy.me/lostpass.html
Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012 - and a new network attack
Hot Potato (aka: Potato) takes advantage of known issues in Windows to gain local privilege escalation in default configurations, namely NTLM relay (specifically HTTP->SMB relay) and NBNS spoofing.
http://foxglovesecurity.com/2016/01/16/hot-potato/
HTTP Evasions Explained - Part 10 - Lazy Browsers
The previous parts of this series looked at firewalls and browsers as black boxes which just behave that way for unknown reason. For this part I took a closer look at the source code of Chromium and Firefox. This way Ive found even more ways to construct HTTP which is insanely broken but still gets accepted by the ..
http://noxxi.de/research/http-evader-explained-10-lazy-browsers.html
nic.at bringt "Security-Lock" für Domains
Schutz soll verhindern, dass eine Domain irrtümlich unerreichbar oder manipuliert wird
http://derstandard.at/2000029286062