End-of-Shift report
Timeframe: Dienstag 02-02-2016 18:00 − Mittwoch 03-02-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
WordPress 4.4.2 Security and Maintenance Release
https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
Cisco WebEx Meetings Server Multiple Cross-Site Scripting Vulnerabilities
A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-wms
Sauter moduWeb Vision Vulnerabilities
This advisory contains mitigation details for three vulnerabilities in Sauter's moduWeb Vision application.
https://ics-cert.us-cert.gov/advisories/ICSA-16-033-01
GE SNMP/Web Interface Vulnerabilities
This advisory contains mitigation details for two vulnerabilities in the GE SNMP/Web Interface adapter.
https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02
DMA Locker: New Ransomware, But No Reason To Panic
A new piece of ransomware which looks a little clumsy.
https://blog.malwarebytes.org/news/2016/02/draft-dma-locker-a-new-ransomware-but-no-reason-to-panic/
Enhanced Mitigation Experience Toolkit (EMET) version 5.5 is now available
The Enhanced Mitigation Experience Toolkit (EMET) benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives. It does this by anticipating, diverting, ..
http://blogs.technet.com/b/srd/archive/2016/02/02/enhanced-mitigation-experience-toolkit-emet-version-5-5-is-now-available.aspx
DSA-3465 openjdk-6 - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography.
https://www.debian.org/security/2016/dsa-3465
Bypassing Bitrix WAF via tiny regexp error
Bitrix24 is one of the first and most secure cross-platform corporate software with integrated WAF and RASP. Lets see how we can bypass them.
https://www.htbridge.com/blog/bypassing-bitrix-web-application-firewall-via-tiny-regexp-error.html
Smartphone-Security: Root-Backdoor macht Mediatek-Smartphones angreifbar
Eine Debug-Funktion für Vergleichstests im chinesischen Markt führt dazu, dass zahlreiche Smartphones mit Mediatek-Chipsatz verwundbar sind. Angreifer können eine lokale Root-Shell aktivieren. Auch Geräte auf dem deutschen Markt könnten betroffen sein.
http://www.golem.de/news/smartphone-security-root-backdoor-macht-mediatek-smartphones-angreifbar-1602-118888-rss.html
l+f: Neuland, USA
Das Milliardenprojekt F-35 verzögert sich um mindestens ein Jahr, weil Techniker aus Sicherheitsgründen nicht auf eine Datenbank zugreifen können.
http://heise.de/-3092005
MMD-0051-2016 - Debunking a tiny ELF remote backdoor (shellcode shellshock part 2)
In September 2014 during the shellshock exploitation was in the rush I analyzed a case (MMD-0027-2014) of an ELF dropped payload via shellshock attack, with the details can be read in-->[here] Today I found an interesting ELF x32 sample that was reported several hours back, the infection vector is also ShellShock, the ..
http://blog.malwaremustdie.org/2016/02/mmd-0051-2016-debungking-tiny-elf.html
Comodo: "Sicherer" Browser mit groben Sicherheitsdefiziten
Google warnt vor der Verwendung - Hebelt Same Origin Policy des Browsers
http://derstandard.at/2000030313692
Thunderstrike 2: Sicherheitsforscher arbeiten inzwischen für Apple
Der Mac-Hersteller hat eine Sicherheitsfirma übernommen, die an der Entwicklung von "Thunderstrike 2" beteiligt war. Die Forscher zeigten Schwachstellen, die das Einschleusen eines Schädlings auf Firmware-Ebene ermöglichen – nicht nur auf Macs.
http://heise.de/-3092644
Phishing-Angriff: Nutzer sollen Amazon-Zertifikat installieren
Phishing-Angriffe gehören zu den nervigen Alltäglichkeiten von Internetnutzern. Eine spezielle Masche versucht jetzt, Android-Nutzer zur Installation eines angeblichen Sicherheitszertifikates zu bewegen. Komisch, dass das Zertifikat die Endung .apk aufweist.
http://www.golem.de/news/phishing-angriff-nutzer-sollen-amazon-zertifikat-installieren-1602-118900.html
Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability
A vulnerability in the ICMP implementation in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch could allow an unauthenticated, remote attacker to cause the switch to reload, resulting in a denial of service (DoS) condition.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci
Cisco Application Policy Infrastructure Controller Access Control Vulnerability
A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic
Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability
A vulnerability in the role-based access control of Cisco ASA-CX and Cisco Prime Security Manager (PRSM) could allow an authenticated, remote attacker to change the password of any user on the system.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm
Bypass Windows AppLocker
AppLocker is a new feature in Windows 7 and Windows Server 2008 R2 that allows you to specify which users or groups can run particular applications in your organization based on unique identities of files. If you use AppLocker, you can create rules to allow or deny applications from running.
http://en.wooyun.io/2016/01/28/Bypass-Windows-AppLocker.html