End-of-Shift report
Timeframe: Freitag 30-09-2016 18:00 − Montag 03-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Security Advisory: NAT64 vulnerability CVE-2016-5745
BIG-IP devices using NAT64 are vulnerable to an unauthenticated remote attack that may allow modification of the BIG-IP system configuration. (CVE-2016-5745)
https://support.f5.com:443/kb/en-us/solutions/public/k/64/sol64743453.html?ref=rss
imagemagick mogrify global buffer overflow
Topic: imagemagick mogrify global buffer overflow Risk: High Text:Hi, imagemagick identify suffers of a global buffer overflow issue, which I reported and has been patched...
https://cxsecurity.com/issue/WLB-2016100007
Ubiquiti UniFi Critical Vulnerability
Vulnerability Details:
You are able to connect to the access points database, because of an broken authentication (OWASP TOP10). So you are
able to modify the database and read the data. An possible scenario you'll find in PoC section.
Risk:
An attacker gets access to the database and for e.g. is able to change the admins password, like you see in PoC below.
https://cxsecurity.com/issue/WLB-2016100006
Bundeskriminalamt plant Mobilversion des Bundestrojaners
Das BKA will den Einsatz des Bundestrojaners auf Smartphones und Tablets ausweiten. Das geht aus Haushaltsunterlagen des Bundestages hervor, die Süddeutsche Zeitung, NDR und WDR einsehen konnten.
https://heise.de/-3339512
Source Code for IoT Botnet 'Mirai' Released
The source code that powers the "Internet of Things" (IoT) botnet responsible for launching the historically large distributed denial-of-service (DDoS) attack against KrebsOnSecurity last month has been publicly released, virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, DVRs and other easily hackable IoT devices.
https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/
cJSON buffer out of bound read
I would like to report a buffer out of bound read problem in cJSON, which
is a embeddable JSON parser, used (I imagine) in embedded devices, or even
bigger stuff like the ps4...
https://cxsecurity.com/issue/WLB-2016100013
Default Credentials Considered Harmful
The use of default credentials by vendors is an outdated, dangerous throwback to 20th century practices that has no business being used in todays world. It is this specific antique practice that is directly responsible for the existence of the record-breaking denial-of-service botnet recently used to censor Brian Krebs and the similar attack on OVH - these botnets only exist because default credentials were implemented on devices, in flagrant violation of best-practices ...
https://www.alienvault.com/blogs/security-essentials/default-credentials-considered-harmful
The Short Life of a Vulnerable DVR Connected to the Internet, (Sun, Oct 2nd)
Most devices connected to the Internet these days arent maintained and monitored personal computers. Instead, they are devices who are often not understood as computers but as things, giving rise to the term Internet of Things or IoT. Over two years ago, we reported about how exploited DVRs are used to attack other devices across the internet. Back then, like today, the vulnerability was an open telnet server with a trivial default password.
https://isc.sans.edu/diary.html?storyid=21543&rss
Researchers Break MarsJoke Ransomware Encryption
Victims infected with the MarsJoke ransomware can now decrypt their files; researchers cracked the encryption in the CTB-Locker lookalike last week.
http://threatpost.com/researchers-break-marsjoke-ransomware-encryption/121022/
Security Design: Stop Trying to Fix the User
Every few years, a researcher replicates a security study by littering USB sticks around an organizations grounds and waiting to see how many people pick them up and plug them in, causing the autorun function to install innocuous malware on their computers. These studies are great for making security professionals feel superior. The researchers get to demonstrate their security expertise and use the results as "teachable moments" for others. "If only everyone was more security
https://www.schneier.com/blog/archives/2016/10/security_design.html
IBM Security Bulletins
IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i
http://www.ibm.com/support/docview.wss?uid=nas8N1021643
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software (CVE-2016-3508, CVE-2016-3500, CVE-2016-3458, CVE-2016-3485)
http://www-01.ibm.com/support/docview.wss?uid=swg21991383
IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects Web Experience Factory (CVE-2016-3485)
http://www.ibm.com/support/docview.wss?uid=swg21990405
IBM Security Bulletin: IBM B2B Advanced Communications is vulnerable to cross-site scripting due to the vulnerability of 10x (CVE-2016-5892)
http://www-01.ibm.com/support/docview.wss?uid=swg21991148
IBM Security Bulletin: Vulnerability in Apache Commons affects IBM B2B Advanced Communications (CVE-2016-3092)
http://www-01.ibm.com/support/docview.wss?uid=swg21990424
IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple libxml2 vulnerabilities
http://www.ibm.com/support/docview.wss?uid=isg3T1024318
IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple openssl vulnerabilities
http://www.ibm.com/support/docview.wss?uid=isg3T1024319
IBM Security Bulletin: Vulnerability in IBM Runtime Environments Java Technology Edition, Versions 6, 7, 8 affect Transformation Extender Design Studio (CVE-2016-3426)
http://www-01.ibm.com/support/docview.wss?uid=swg21990356
IBM Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server
http://www.ibm.com/support/docview.wss?uid=swg21990451
IBM Security Bulletin: OpenStack Glance vulnerabilities affect IBM Cloud Manager with OpenStack (CVE-2016-0757)
http://www.ibm.com/support/docview.wss?uid=isg3T1024348