End-of-Shift report
Timeframe: Donnerstag 01-12-2016 18:00 − Freitag 02-12-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
BitUnmap: Attacking Android Ashmem
Posted by Gal Beniamini, Project ZeroThe law of leaky abstractions states that "all non-trivial abstractions, to some degree, are leaky". In this blog post we'll explore the ashmem shared memory interface provided by Android and see how false assumptions about its internal operation can result in security vulnerabilities affecting core system code.
http://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html
Exploited Script in WordPress Theme Sends Spam
As WordPress continues to grow in popularity, so does its library. New and experienced developers are creating themes and plugins - which creates diverse directories. While this is useful to the WordPress community, the nature of mass creation can account for coding errors and vulnerabilities. Even premium themes have security issues. We often find code that is developed with good intentions but without taking security measures into consideration.
https://blog.sucuri.net/2016/12/exploited-script-wordpress-themes-send-spam.html
Blockchain Technology Explained - An Executive Summary
This article provides an executive summary on the Blockchain technology, what it is, how it works, and why everyone is excited about it.
https://www.whitehatsec.com/blog/blockchain-technology/
[0day] Bypassing Apples System Integrity Protection
Read how an attacker can bypass Apples SIP, via the local OS upgrade process
https://objective-see.com/blog/blog_0x14.html
One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild
Recently, Google researchers discovered a local privilege escalation vulnerability in Windows which was being used in zero-day attacks, including those carried out by the Pawn Storm espionage group. This is an easily exploitable vulnerability which can be found in all supported versions of Windows, from Windows 7 to Windows 10. By changing one bit, the attacker can elevate the privileges of a thread, giving administrator access to a process that would not have it under normal circumstances.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bcdzgHcT2VE/
Protecting Powershell Credentials (NOT), (Fri, Dec 2nd)
If youre like me, youve worked through at least one Powershell tutorial, class or even a how-to blog. And youve likely been advised to use the PSCredential construct to store credentials. The discussion usually covers that this a secure way to collect credentials, then store them in a variable for later use. You can even store them in a file and read them back later. Awesome - this solves a real problem you thought - or does it? For instance, to collect credentials for a VMware vSphere...
https://isc.sans.edu/diary.html?storyid=21779&rss
Remote management app exposes millions of Android users to hacking
Poor implementation of encryption in a popular Android remote management application exposes millions of users to data theft and remote code execution attacks.According to researchers from mobile security firm Zimperium, the AirDroid screen sharing and remote control application sends authentication information encrypted with a hard-coded key. This information could allow man-in-the-middle attackers to push out malicious AirDroid add-on updates, which would then gain the permissions of the app...
http://www.cio.com/article/3146916/security/remote-management-app-exposes-millions-of-android-users-to-hacking.html#tk.rss_security
DFN-CERT-2016-1971: Google Chrome: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1971/
ZDI-16-617: Dell SonicWALL Universal Management Suite ImagePreviewServlet SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL Universal Management Suite. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-16-617/
F5 Security Advisory: Apache Tomcat vulnerability CVE-2016-6816
https://support.f5.com:443/kb/en-us/solutions/public/k/50/sol50116122.html?ref=rss
F5 Security Advisory: Apache Tomcat vulnerability CVE-2016-8735
https://support.f5.com:443/kb/en-us/solutions/public/k/49/sol49820145.html?ref=rss
USN-3148-1: Ghostscript vulnerabilities
Ubuntu Security Notice USN-3148-11st December, 2016ghostscript vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryGhostscript could be made to crash, run programs, or disclose sensitiveinformation if it processed a specially crafted file.Software description ghostscript - PostScript and PDF interpreter DetailsTavis Ormandy discovered multiple vulnerabilities in the way that
http://www.ubuntu.com/usn/usn-3148-1/
ICS-CERT Advisories
Siemens SICAM PAS Vulnerabilities
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01
Moxa NPort Device Vulnerabilities
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module Vulnerabilities
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03
Advantech SUSIAccess Server Vulnerabilities
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04
Smiths-Medical CADD-Solis Medication Safety Software Vulnerabilities
https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in PHP affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1024545
IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1024478
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2016 CPU (CVE-2016-5573, CVE-2016-5597) that is bundled with IBM WebSphere Application Server Patterns.
http://www.ibm.com/support/docview.wss?uid=swg21993759
IBM Security Bulletin: Vulnerabilities in redis affect PowerKVM (CVE-2015-4335, CVE-2013-7458)
http://www.ibm.com/support/docview.wss?uid=isg3T1024538
IBM Security Bulletin: Authentication vulnerability affects IBM Integration Bus V10.0.0.4 onwards (CVE-2016-8918 )
http://www.ibm.com/support/docview.wss?uid=swg21995079
IBM Security Bulletin: The WebAdmin context for WebSphere Message Broker Version 8 allows directory listings (CVE-2016-6080)
http://www.ibm.com/support/docview.wss?uid=swg21995004
IBM Security Bulletin: IBM Mobile Connect is vulnerable to the Sweet32: Birthday Attacks (CVE-2016-2183)
http://www.ibm.com/support/docview.wss?uid=swg21994927
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2016-5573, CVE-2016-5597, CVE-2016-3485)
http://www-01.ibm.com/support/docview.wss?uid=swg21994297
IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products
http://www.ibm.com/support/docview.wss?uid=ssg1S1009581
IBM Security Bulletin: Vulnerabilities in OpenSource libxml2 affect IBM Security Guardium (CVE-2016-2073)
http://www-01.ibm.com/support/docview.wss?uid=swg21984606