End-of-Shift report
Timeframe: Freitag 05-02-2016 18:00 − Montag 08-02-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Magento PCI Compliance Issues and Theft Over TLS
With about 30% of the market share, Magento is gradually becoming a "WordPress" of the ecommerce world. Like WordPress, it becomes a major target for hackers due to its popularity. However, in the case of Magento, the main goal that hackers pursue is to steal money, either from shop customers or the shop owners. During...
https://blog.sucuri.net/2016/02/theft-over-tls-or-illusion-of-pci-compliance.html
Extracting and distributing information on incidents, or what is PROKI
In the last blogpost, I promised to write something about our new project PROKI. PROKI is the abbreviation of the Czech phrase for "prediction and protection against cyber incidents" and in this project, our team set two goals for itself.
http://en.blog.nic.cz/2016/02/05/extracting-and-distributing-information-on-incidents-or-what-is-proki/
GitHub bug bounty hunting
Last month, I went hunting for security bugs in GitHub, a popular platform for sharing and collaborating on code. After spending many hours mapping out GitHub's infrastructure, and testing for weaknesses without any significant results or leads, I shifted my focus to the service providers. This is a write-up about two of the issues I found, which both have since been addressed.
https://medium.com/@ircbot/github-bug-bounty-hunting-741de324be1c
Netgear-Router-Software: Schwachstelle ermöglicht Dateiupload und Download
Die Router-Verwaltungssoftware Netgear Management System hat ein Sicherheitsproblem. Angreifer können zwischen einer Remote-Code-Execution und einer Directory-Traversal-Schwachstelle wählen. Einen Patch gibt es bislang nicht.
http://www.golem.de/news/netgear-router-software-schwachstelle-ermoeglicht-dateiupload-und-download-1602-118987-rss.html
Bankomat-Trick: Geld abheben, Kontostand bleibt gleich
Die Angriffe auf Finanzinstitute werden immer erfinderischer. Eine neue Schadsoftware bucht Finanzbeträge aufs Konto zurück, nachdem diese bei Bankomaten abgehoben wurden.
http://futurezone.at/digital-life/bankomat-trick-geld-abheben-kontostand-bleibt-gleich/179.639.223
T9000 backdoor steals documents, records Skype conversations, victims actions
A new backdoor Trojan with spyware capabilities is being used in targeted attacks against organizations based in the United States. It has been dubbed T9000, since its a newer, improved version of th...
http://www.net-security.org/malware_news.php?id=3199
Avast SafeZone Browser Lets Attackers Access Your Filesystem
Just two days after Comodos Chromodo browser was publicly shamed by Google Project Zero security researcher Tavis Ormandy, its now Avasts turn to be scorned for failing to provide a "secure" browser for its users.
http://news.softpedia.com/news/avast-safezone-browser-lets-attackers-access-your-filesystem-499990.shtml
Adwind: FAQ
Adwind - a cross-platform RAT, multifunctional malware program which is distributed through a single malware-as-a-service platform. Different versions of the Adwind malware have been used in attacks against at least 443,000 private users, commercial and non-commercial organizations around the world.
http://securelist.com/blog/research/73660/adwind-faq/
Java installer flaw shows why you should clear your Downloads folder
On most computers, the default download folder quickly becomes a repository of old and unorganized files that were opened once and then forgotten about. A recently fixed flaw in the Java installer highlights why keeping this folder clean is important.On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason is that older Java...
http://www.cio.com/article/3030707/security/java-installer-flaw-shows-why-you-should-clear-your-downloads-folder.html#tk.rss_security
Netgear Pro NMS 300 Code Execution / File Download
Topic: Netgear Pro NMS 300 Code Execution / File Download Risk: High Text:>> Remote code execution / arbitrary file download in NETGEAR ProSafe Network Management System NMS300 >> Discovered by Pedro ...
https://cxsecurity.com/issue/WLB-2016020070
Oracle Security Alert for CVE-2016-0603 - 5 February 2016
To be successfully exploited, this vulnerability requires that an unsuspecting user be tricked into visiting a malicious web site and download files into the user's system before installing Java SE 6, 7 or 8. Though relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user’s system.
http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html
Bugtraq: [security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution
http://www.securityfocus.com/archive/1/537461
Bugtraq: [security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities
http://www.securityfocus.com/archive/1/537460
0Day Vulnerabilities in Advantech WebAccess
http://www.zerodayinitiative.com/advisories/ZDI-16-146/
http://www.zerodayinitiative.com/advisories/ZDI-16-147/
http://www.zerodayinitiative.com/advisories/ZDI-16-148/
http://www.zerodayinitiative.com/advisories/ZDI-16-149/
http://www.zerodayinitiative.com/advisories/ZDI-16-150/
http://www.zerodayinitiative.com/advisories/ZDI-16-151/
http://www.zerodayinitiative.com/advisories/ZDI-16-152/
http://www.zerodayinitiative.com/advisories/ZDI-16-153/
http://www.zerodayinitiative.com/advisories/ZDI-16-154/
http://www.zerodayinitiative.com/advisories/ZDI-16-155/
SSA-253230 (Last Update 2016-02-08): Vulnerabilities in SIMATIC S7-1500 CPU
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-253230.pdf
Bugtraq: Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys)
http://www.securityfocus.com/archive/1/537471
WooCommerce - Store Toolkit Plugin Privilege Escalation <= 1.5.6
https://wpvulndb.com/vulnerabilities/8385
IBM Security Bulletins
IBM Security Bulletin: A vulnerability in net-snmp affects IBM DataPower Gateways (CVE-2015-5621)
http://www.ibm.com/support/docview.wss?uid=swg21975340
IBM Security Bulletin: A cross-site scripting vulnerability has been identified in IBM Security Access Manager for Web (CVE-2015-8531)
http://www.ibm.com/support/docview.wss?uid=swg21974651
IBM Security Bulletin: IBM Security Access Manager for Web is affected by multiple NTP vulnerabilities
http://www.ibm.com/support/docview.wss?uid=swg21974652
IBM Security Bulletin: Vulnerabilities in Net-SNMP affect IBM Security Access Manager for Web (CVE-2014-3565, CVE-2015-5621)
http://www.ibm.com/support/docview.wss?uid=swg21974644
IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM QRadar SIEM, and QRadar Incident Forensics (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21976113
IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM DataPower Gateways (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21974965
IBM Security Bulletin: Information disclosure vulnerability found in IBM WebSphere Commerce (CVE-2015-7444)
http://www.ibm.com/support/docview.wss?uid=swg21974307
IBM Security Bulletin: IBM Security Access Manager for Web is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)
http://www.ibm.com/support/docview.wss?uid=swg21974648
IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by Network Security Services (NSS) vulnerabilities (CVE-2015-7181, CVE-2015-7182, CVE-2015-7183)
http://www.ibm.com/support/docview.wss?uid=swg21974650
IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Security Access Manager for Web (CVE-2015-7421, CVE-2015-7420)
http://www.ibm.com/support/docview.wss?uid=swg21974750
IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Security Access Manager for Mobile (CVE-2015-7421, CVE-2015-7420)
http://www.ibm.com/support/docview.wss?uid=swg21974747
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Mobile
http://www.ibm.com/support/docview.wss?uid=swg21973139
IBM Security Bulletin: A libxml vulnerability affects IBM Security Access Manager for Web (CVE-2015-1819)
http://www.ibm.com/support/docview.wss?uid=swg21974737
IBM Security Bulletin: A vulnerability in XML processing affects IBM DataPower Gateways (CVE-2015-1819)
http://www.ibm.com/support/docview.wss?uid=swg21975341
IBM Security Bulletin: IBM Tivoli Storage Manager ASNODENAME Vulnerability (CVE-2015-7408)
http://www.ibm.com/support/docview.wss?uid=swg21975957
IBM Security Bulletin: A Linux-PAM vulnerability affects IBM Security Access Manager for Web (CVE-2015-3238)
http://www.ibm.com/support/docview.wss?uid=swg21974738
IBM Security Bulletin: A Linux-PAM vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-3238)
http://www.ibm.com/support/docview.wss?uid=swg21975882
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Web (CVE-2014-8121)
http://www.ibm.com/support/docview.wss?uid=swg21974653
IBM Security Bulletin: A vulnerability in nss-softokn affects IBM Security Access Manager for Web (CVE-2015-2730)
http://www.ibm.com/support/docview.wss?uid=swg21974657
IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a Denial of Service attack, and Sensitive Information Exposure. (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)
http://www.ibm.com/support/docview.wss?uid=swg21976148