End-of-Shift report
Timeframe: Donnerstag 03-11-2016 18:00 − Freitag 04-11-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Extracting Malware Transmitted Via Telnet, (Thu, Nov 3rd)
One charactersitcs of many of the telnet explois we have seen over the last few years has been the transmission of malware using echo commands. Even the recent versions of Mirai used this trick. Reconstruction the malware from packet captures can be a little bit tricky, in particular if you are trying to automate the process. So here is what I have been doing for my honeypot DVR: First of all, the DVR is connected to a remote controlled power outlet, to make it easy to reboot it as needed. I do...
https://isc.sans.edu/diary.html?storyid=21673&rss
Moving Beyond EMET
EMET - Then and Now Microsoft's Trustworthy Computing initiative was 7 years old in 2009 when we first released the Enhanced Mitigation Experience Toolkit (EMET). Despite substantial improvements in Windows OS security during that same period, it was clear that the way we shipped Windows at the time (3-4 years between major releases) was simply...
https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/
Mobile subscriber identity numbers can be exposed over Wi-Fi
For a long time, law enforcement agencies and hackers have been able to track the identity and location of mobile users by setting up fake cellular network towers and tricking their devices to connect to them. Researchers have now found that the same thing can be done much more cheaply with a simple Wi-Fi hotspot.The devices that pose as cell towers are known in the industry as IMSI catchers, with the IMSI (international mobile subscriber identity) being a unique number tied to a mobile...
http://www.cio.com/article/3138469/security/mobile-subscriber-identity-numbers-can-be-exposed-over-wi-fi.html#tk.rss_security
Outlook Web Access Two-Factor Authentication Bypass Exists
Two-factor authentication protecting Outlook Web Access and Office 365 portals can be bypassed-and the situation likely cannot be fixed, a researcher has disclosed.
http://threatpost.com/outlook-web-access-two-factor-authentication-bypass-exists/121777/
DNS Analysis and Tools
In this article, we will take a look at the complete DNS process, DNS lookup, DNS reverse lookup, DNS zone transfer, etc. along with some tools to analyze & enumerate DNS traffic. Domain Name System (DNS) is a naming system used to convert human readable domain names like infosecinstitute.com into a numerical IP address. The...
http://resources.infosecinstitute.com/dns-analysis-and-tools/
Security Advisory: Configuration utility CSRF vulnerability
https://support.f5.com:443/kb/en-us/solutions/public/k/61/sol61045143.html?ref=rss
cURL/libcurl Multiple Bugs Let Remote Users Inject Cookies, Reuse Connections, and Execute Arbitrary Code and Let Local Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
http://www.securitytracker.com/id/1037192
Security Notice - Statement on Black Hat Europe 2016 Revealing Security Vulnerability in Huawei Mate Smart Phone
http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20161104-01-smartphone-en
Moxa OnCell Security Vulnerabilities
This advisory contains mitigation vulnerabilities for authorization bypass and disclosed OS commanding vulnerabilities in Moxa's OnCell Security Software.
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01
Schneider Electric Magelis HMI Resource Consumption Vulnerabilities
This advisory contains mitigation details for resource consumption vulnerabilities affecting Schneider Electric's Magelis human-machine interface products.
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02
Schneider Electric IONXXXX Series Power Meter Vulnerabilities
This advisory is a follow-up to the alert titled ICS-ALERT-16-256-02 Schneider Electric ION Power Meter CSRF Vulnerability that was published September 12, 2016, on the NCCIC/ICS-CERT web site. This advisory contains mitigation details for a cross-site request forgery and no access control vulnerabilities in Schneider Electric's IONXXXX series power meters.
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03
IBM Security Bulletin
IBM Security Bulletin: IBM i is affected by several vulnerabilities (CVE-2016-2183 and CVE-2016-6329)
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
IBM Security Bulletin: Vulnerabilities in OpenSSH and OpenSSL affect GPFS for Windows V3.5
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024394
IBM Security Bulletin: Cross-site scripting vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-2926)
http://www-01.ibm.com/support/docview.wss?uid=swg21993444
IBM Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM InfoSphere Information Server (CVE-2012-6153 CVE-2014-3577)
http://www-01.ibm.com/support/docview.wss?uid=swg21982420