Tageszusammenfassung - Montag 25-01-2016

End-of-Shift report

Timeframe: Freitag 22-01-2016 18:00 − Montag 25-01-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a

ZDI-16-023: Oracle GoldenGate Veridata File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GoldenGate. Authentication is not required to exploit this vulnerability.

http://www.zerodayinitiative.com/advisories/ZDI-16-023/

---

Hospira Multiple Products Buffer Overflow Vulnerability

Jeremy Richards of SAINT Corporation has identified a buffer overflow vulnerability in Hospira's LifeCare PCA Infusion System. Hospira has determined that LifeCare PCA Infusion Systems released prior to July 2009 that are running Communication Engine (CE) Version 1.0 or earlier are vulnerable. In response to Jeremy ..

https://ics-cert.us-cert.gov/advisories/ICSA-15-337-02

---

Security Advisory: Stored XSS in Magento

During our regular research audits for our Cloud-based WAF, we discovered a Stored XSS vulnerability affecting the Magento platform that can be easily exploited remotely. We notified the Magento team and worked with them to get it fixed.

https://blog.sucuri.net/2016/01/security-advisory-stored-xss-in-magento.html

---

'Deliberate' Backdoor Removed From Secure Conferencing Gear

AMX, a provider of audio-visual conferencing gear used in sensitive government and military locations, has removed a 'deliberate' backdoor in one of its central controller system products.

http://threatpost.com/deliberate-backdoor-removed-from-secure-conferencing-gear/115993/

---

Rsync Symlink Path Validation Flaw Lets Remote Users Write Files on the Target System

http://www.securitytracker.com/id/1034786

---

JavaScript Backdoor

Casey Smith recently shared his research on twitter, which is to reverse HTTP Shell by using JavaScript. I found it rather interesting and further analyzed this technique.

http://en.wooyun.io/2016/01/18/JavaScript-Backdoor.html

---

Snowden enttarnt falsche "Krypto-Mail" in IS-Video

Terrororganisation hatte in Botschaft mit weiteren Angriffen gedroht

http://derstandard.at/2000029688150

---

Fortinet: Mehr Hintertüren, mehr Patches

Erst in der vergangenen Woche war bekanntgeworden, dass einige Fortinet-Firewall-Produkte einen Zugang mit Standardpasswörtern ermöglichen. Jetzt hat das Unternehmen seine eigenen Produkte analysiert - und weitere verwundbare Geräte gefunden.

http://www.golem.de/news/fortinet-mehr-hintertueren-mehr-patches-1601-118720.html

---

CVE-2015-8651 (Flash up to 20.0.0.228/235) and Exploit Kits

http://malware.dontneedcoffee.com/2016/01/cve-2015-8651.html

---

Multi-Faktor-Authentifizierung: Neue vPro-Generation bringt Intel Authenticate

Mit der sechsten Generation des Core i (Skylake) und dem Start der entsprechenden Geschäftskundenplattform will Intel nun verstärkt auch Sicherheitslösungen in vPro anbieten. Eine betriebssystemunabhängige Firmware und direktes Ansprechen der Grafikkarte sollen Keylogger chancenlos lassen.

http://www.golem.de/news/multi-faktor-authentifizierung-neue-vpro-generation-bringt-intel-authenticate-1601-118728.html

---

RSA Conference disables Twitter password-collecting form

After a storm of criticism and shaming over the blurb-tweeting feature, the organizers said that they had used OAuth and hadnt collected passwords.

https://nakedsecurity.sophos.com/2016/01/25/rsa-conference-disables-twitter-password-collecting-form/

---

Linux kernel : Denial of service with specially crafted key file.

An issue with ASN1.1 DER decoder was reported that a specially created key can lead to a kernel panic via x509 certificate DER signature parsing.

http://www.openwall.com/lists/oss-security/2016/01/25/2

---

Sicherheitspatches: Angreifer können Webseiten mit Magento-Shop kapern

Magento sichert sein Shop-System ab. Dabei schließt der Anbieter zwei als kritisch eingestufte Lücken, über die Angreifer Admin-Sessions übernehmen können.

http://heise.de/-3083645

---

Hard-Coded Password Found in Lenovo File-Sharing App

Lenovos SHAREit file-sharing app for Windows and Android has been patched against vulnerabilities that put private data at risk.

http://threatpost.com/hard-coded-password-found-in-lenovo-file-sharing-app/115998/

---

Hack Brief: Don't Be Trolled by This iPhone-Crashing Link Meme

Pranksters are passing a link to "crashsafari.com" around social media, which immediately crashes iPhones and iPads.

http://www.wired.com/2016/01/hack-brief-dont-be-trolled-by-this-iphone-crashing-link-meme/