End-of-Shift report
Timeframe: Montag 04-04-2016 18:00 − Dienstag 05-04-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Chrome Extension Caught Hijacking Users Browsers
An anonymous reader writes: Google has intervened and banned the Better History Chrome extension from the Chrome Web Store after users reported that it started taking over their browsing experience and redirecting them to pages showing ads. As it turns out, the extension was sold off to an unnamed buyer who started adding malicious code that would redirect the users traffic through a proxy, showing ads and collecting analytics on the users traffic habits. This same malicious code has also been...
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/4tdNNvCWAQs/chrome-extension-caught-hijacking-users-browsers
Microsoft account-hijacking hole closed 48 hours after bug report
Token-harvesting attack meant one login could open doors to multiple Microsoft services British researcher Jack Whitton has reported a Microsoft account hijacking authentication bug that would have been another arrow in an attackers phishing quiver, save for the fact that Microsoft fixed it.
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/05/microsoft_brews_serves_accounthijack_hole_patch_in_two_days/
Sicherheitslücken: Angreifer können Open-Xchange Code unterjubeln
In Open-Xchange klaffen zwei Schwachstellen, über die Kriminelle im schlimmsten Fall Sessions kapern können. Sicherheitspatches wurden bereits verteilt.
http://heise.de/-3162127
Update your ManageEngine Password Manager Pro ASAP!
Security researcher Sebastian Perez has revealed eight serious security vulnerabilities in ManageEngine Password Manager Pro (PMP), a password management software for enterprises, and has released details and PoC code for each of them. The solution has already been updated with fixes, so if your enterprise is using it to control the access to shared administrative/privileged passwords, you should update to the latest version and build (v8.3, build 8303) as soon as possible (if you haven't...
https://www.helpnetsecurity.com/2016/04/05/update-manageengine-password-manager-pro/
One Conference 2016 Protecting Bits and Atoms: Cyber security is a precondition for our future
Cyber security, and therefore being able to use all the possibilities that ICT offers, is a precondition for the undisturbed functioning of society and for our future. With these words, State secretary Dijkhoff (Security and Justice) emphasizes the importance of the international One Conference 2016 of the National Cyber Security Center (NCSC). We cant be passive on what is to come. The speed of the developments in the digital domain require a continuous effort of both public and private...
https://www.ncsc.nl/english/current-topics/news/one-conference-2016-protecting-bits-and-atoms-cyber-security-is-a-precondition-for-our-future.html
Firefox Add-On Flaw Leaves Apple And Windows Computers Open To Attack
Researchers say reliance on an outdated Firefox extension platform opens the door for remote system attacks on Mac OS and Windows systems.
http://threatpost.com/firefox-add-on-flaw-leaves-apple-and-windows-computers-open-to-attack/117183/
Keep Windows machines infected abusing Windows Desired State Configuration (DSC)
Two forensics experts have demonstrated how to abuse the Windows Desired State Configuration (DSC) feature to gain persistence on the compromised machine. At the last Black Hat Asia, the forensics experts Matt Hastings and Ryan Kazanciyan from Tanium have demonstrated how to abuse the Windows Desired State Configuration (DSC) feature to gain persistence on the compromised machine. The DSC...
http://securityaffairs.co/wordpress/46006/hacking/abusing-windows-dsc.html
Complete Tour of PE and ELF: Part 4
Since we have completed the PE structure, now it is time to look at the ELF structure which is somewhat easier to understand as compared to PE. For ELF structure, we will be looking at both the linking view and execution view of a binary. Sections are similar to what we saw in PE structure...
http://resources.infosecinstitute.com/complete-tour-of-pe-and-elf-part-4/
Passwort-Test von CNBC: Unverschlüsselt und unverantwortlich
In einem Artikel des Nachrichtensenders CNBC konnten Leser die Sicherheit ihrer Kennwörter testen. Was kann dabei schon schiefgehen? Eine ganze Menge, wie Sicherheitsforscher aufzeigen.
http://heise.de/-3162731
Google fixes 39 Android flaws, some allow hackers to take over your phone
Google has released one of the largest Android monthly security updates, fixing a total of 39 vulnerabilities - 15 rated critical, including four that can lead to a complete device compromise.The patches, which are included in new firmware images that were released Monday for the companys Nexus devices, will also be published to the Android Open Source Project over the next 24 hours.They include a fix for a vulnerability that Google warned about two weeks ago and which is already being...
http://www.cio.com/article/3052201/google-fixes-39-android-flaws-some-allow-hackers-to-take-over-your-phone.html#tk.rss_security
About the security content of iOS 9.3
This document describes the security content of iOS 9.3.
https://support.apple.com/en-us/HT206166
DFN-CERT-2016-0548: BlackBerry powered by Android: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0548/
DFN-CERT-2016-0549: Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Administratorrechten
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0549/
Sophos Cyberoam NG Series Multiple Cross-Site Scripting Vulnerabilities
Multiple reflected XSS issues were discovered in Cyberoam NG appliances. Input passed via the ipFamily, applicationname and username GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitised before being returned to the user. Adding arbitrary X-Forwarded-For HTTP header to a request makes the appliance also prone to a XSS issue. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5313.php
DSA-3541 roundcube - security update
High-Tech Bridge Security Research Lab discovered that Roundcube, awebmail client, contained a path traversal vulnerability. This flawcould be exploited by an attacker to access sensitive files on theserver, or even execute arbitrary code.
https://www.debian.org/security/2016/dsa-3541
USN-2945-1: XChat-GNOME vulnerability
Ubuntu Security Notice USN-2945-14th April, 2016xchat-gnome vulnerabilityA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryXChat-GNOME could be made to expose sensitive information over the network.Software description xchat-gnome - simple and featureful IRC client for GNOME DetailsIt was discovered that XChat-GNOME incorrectly verified the hostname in anSSL certificate. An attacker could trick XChat-GNOME into trusting...
http://www.ubuntu.com/usn/usn-2945-1/
USN-2944-1: Libav vulnerabilities
Ubuntu Security Notice USN-2944-14th April, 2016libav vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTSSummaryLibav could be made to crash or run programs as your login if it opened aspecially crafted file.Software description libav - Multimedia player, server, encoder and transcoder DetailsIt was discovered that Libav incorrectly handled certain malformed mediafiles. If a user were tricked into opening a crafted media file, anattacker could...
http://www.ubuntu.com/usn/usn-2944-1/
Bugtraq: [SE-2012-01] Broken security fix in IBM Java 7/8
http://www.securityfocus.com/archive/1/537973
Open-Xchange Input Validation Flaws Let Remote Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1035469
Bugtraq: [security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information
http://www.securityfocus.com/archive/1/537977