End-of-Shift report
Timeframe: Donnerstag 11-02-2016 18:00 − Freitag 12-02-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
SC Congress: "flakey kettles and dolls that swear at you"
Ken Munro, managing director of Pen Test Partners, showed the SC Congress just how easy it is to crack a whole range of IoT nonsense
http://www.scmagazine.com/sc-congress-flakey-kettles-and-dolls-that-swear-at-you/article/473437/
Determining Physical Location on the Internet
Interesting research: "CPV: Delay-based Location Verification for the Internet": Abstract: The number of location-aware services over the Internet continues growing. Some of these require the clients geographic location for security-sensitive applications. Examples include location-aware authentication, location-aware access policies, fraud prevention, complying with media licensing, and regulating online gambling/voting. An adversary can evade existing geolocation techniques, e.g.,...
https://www.schneier.com/blog/archives/2016/02/determining_phy.html
New Trojan threatens users' bank accounts
February 12, 2016 Banking Trojans are considered to be one of the most dangerous threats. Not only they have a complex architecture but they are also capable to perform a wide variety of functions. Yet, some attackers do not disdain to contrive rather primitive malicious programs such as, for example, Trojan.Proxy2.102, which was examined by Doctor Web specialists. Trojan.Proxy2.102 steals money from victims' bank accounts using the following method. Once launched, it installs a root...
http://news.drweb.com/show/?i=9840&lng=en&c=9
Vermehrte Scans und Workarounds zu Ciscos ASA-Lücke
Die Angreifer sammeln offenbar bereits aktiv Informationen zu möglicherweise verwundbaren Systemen, während die Verteidiger noch mit den Tücken des Updates kämpfen.
http://heise.de/-3100443
Download.com and Others Bundle Superfish-Style HTTPS Breaking Adware
It's a scary time to be a Windows user. Lenovo was bundling HTTPS-hijacking Superfish adware, Comodo ships with an even worse security hole called PrivDog, and dozens of other apps like LavaSoft are doing the same. It's really bad, but if you want your encrypted web sessions to be hijacked just head to CNET Downloads or any freeware site, because they are all bundling HTTPS-breaking adware now.
http://www.howtogeek.com/210265/download.com-and-others-bundle-superfish-style-https-breaking-adware/
How to Avoid Potentially Unwanted Programs
We've come up with a PUPs cheat sheet that businesses can use to train IT staff and users. A little PUPs awareness, if you will. Read on to learn more about how you get PUPs, Categories: Online SecurityTags: avoidpotentially unwanted programsPUP(Read more...)
https://blog.malwarebytes.org/online-security/2016/02/how-to-avoid-potentially-unwanted-programs/
How to use the traffic light protocol - TLP
The TLP or Traffic Light Protocol is a set of designations designed to help sharing of sensitive information. It has been widely adopted in the CSIRT and security community. The originator of the information labels the information with one of four colours. These colours indicate what further dissemination, if any, can be undertaken by the recipient. Note that the colours only mark the level of dissemination, not the sensitivity level (although they often align).
https://www.vanimpe.eu/2015/08/21/use-traffic-light-protocol-tlp/
D-Link DSL-2750B Remote Command Execution
Topic: D-Link DSL-2750B Remote Command Execution Risk: High Text:After some playing around Ive noticed something interesting during login phase: by sending wrong credentials, user is redirec...
https://cxsecurity.com/issue/WLB-2016020128
Sophos UTM 9 Cross Site Scripting
Topic: Sophos UTM 9 Cross Site Scripting Risk: Low Text: -- Vendor: -- Sophos (
https://www.sophos.com) -- Affected Products/Versions: -- Produc...
https://cxsecurity.com/issue/WLB-2016020117
ASUS Router Administrative Interface Exposure
Topic: ASUS Router Administrative Interface Exposure Risk: Low Text:Asus wireless routers running ASUSWRT firmware (in other words, anything with an RT- in the model name) have a design flaw in w...
https://cxsecurity.com/issue/WLB-2016020116
ZCM 11.3.x - Fix for CVE-2015-5970 ZCM ZENworks ChangePassword XPath Injection Information Disclosure Vulnerability - See TID 7017240
Abstract: Vulnerability overview: CVE-2015-5970 An XPath injection exists in the ChangePassword RPC method implementation. By combining this with an entity reference to a file on the appliance, an attacker can exfiltrate arbitrary text files from the vulnerable device.This issue has been found and reported by cpnrodzc7 working with HPs Zero Day Initiative (ZDI-CAN-3136). Patch overview: This patch contains the necessary files and installation information to correct the below issue on ZCM 11.3.x
https://download.novell.com/Download?buildid=vt0EO0DgaX8~
ZCM 11.4.x - Fix for CVE-2015-5970 ZCM ZENworks ChangePassword XPath Injection Information Disclosure Vulnerability - See TID 7017240
Abstract: Vulnerability overview: CVE-2015-5970 An XPath injection exists in the ChangePassword RPC method implementation. By combining this with an entity reference to a file on the appliance, an attacker can exfiltrate arbitrary text files from the vulnerable device.This issue has been found and reported by cpnrodzc7 working with HPs Zero Day Initiative (ZDI-CAN-3136). Patch overview: This patch contains the necessary files and installation information to correct the below issue on ZCM 11.4.x
https://download.novell.com/Download?buildid=SOM6P0NdZ5U~
PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges
http://www.securitytracker.com/id/1035005
DFN-CERT-2016-0260: Mozilla Firefox, Firefox ESR: Zwei Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0260/
DFN-CERT-2016-0263: Cacti: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0263/