End-of-Shift report
Timeframe: Freitag 06-05-2016 18:00 − Montag 09-05-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
Symantec Endpoint Encryption Unquoted Service Path Local Elevation of Privilege
CVSS2 Base Score: 6.8
Symantec Endpoint Encryption (SEE) has an unquoted search path in EEDService. This could provide a non-privileged local user the ability to successfully insert arbitrary code in the root path.
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160506_00
WordPress 4.5.2 Security Release
WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.
https://wordpress.org/news/2016/05/wordpress-4-5-2/
Lenovo Patches Serious Flaw In Pre-Installed Support Tool
Reader itwbennett writes: Lenovo has made available a patch for the vulnerability in its Lenovo Solution Center, a support tool which comes pre-installed on many Lenovo laptops and desktops. The vulnerability could allow attackers to execute code with system privileges and take over computers. Users should automatically be prompted to update LSC when they open the application, but in case they arent, they should download the latest version (3.3.002) manually from Lenovos website.
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/8xQvMt43Nw8/lenovo-patches-serious-flaw-in-pre-installed-support-tool
The massive password breach that wasn't: Google says data is 98% 'bogus'
When a script kiddie sells 272 million accounts for $1, be very, very skeptical.
http://arstechnica.com/security/2016/05/the-massive-password-breach-that-wasnt-google-says-data-is-98-bogus/
Security Advisory: OpenSSL vulnerability CVE-2016-2109
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23230229.html?ref=rss
Analyzing ImageTragick Exploits in the Wild
Three days ago the ImageMagic (ImageTragick) vulnerability was released to the world. We've been actively monitoring as promised, and have started to see a few different attacks targeting the vulnerability. Interestingly enough, the attacks themselves seem to be targeted against specific customers and not mass blanket attacks, which is what you'd expect ...
https://blog.sucuri.net/2016/05/analyzing-imagetragick-exploits-in-the-wild.html
"Detecting the Siemens S7 Worm and Similar Capabilities"
An article came out on May 5th titled "Daisy-chained research spells malware worm hell for power plants and other utilities" with the subtitle of "Worlds first PLC worm spreads like cancer". Having been on the receiving end of sensationalized headlines before I empathize with the authors of the research...
http://ics.sans.org/blog/2016/05/08/detecting-the-siemens-s7-worm-and-similar-capabilities
World Password Day--Dont be an easy target
Thursday, May 5th, marks the 'celebration' of the fourth annual World Password Day.
..
* Have you updated the passwords on all of your accounts within the last three months?
* Have you enabled two-factor authentication on accounts that allow it?
*Are you using the strongest possible combinations of numbers, letters and symbols allowed by the site?
*Are you using different passwords for every account (no duplicates or very similar variations)?
http://community.hpe.com/t5/Protect-Your-Assets/World-Password-Day-Don-t-be-an-easy-target/ba-p/6856799
AlphaLocker Is the Most Professional Ransomware Kit to Date ... but security researchers already cracked it
Luckily for us, other security experts have already cracked its secrets over the past weekend, and a decrypter was published that helps any of the infected victims recover their files for free, without paying the ransom. Nevertheless, heres a small intro into how crooks are creating, advertising, and then selling ransomware on the underground market.
http://news.softpedia.com/news/alphalocker-is-the-most-professional-ransomware-kit-to-date-503776.shtml
ImageMagick Vulnerability Information
A few days ago an ImageMagick vulnerability was disclosed dubbed 'ImageTragick' that affects WordPress websites whose host has ImageMagick installed. If you control your own hosting for your WordPress site, you should look to implement the following fix(es) immediately.
https://make.wordpress.org/core/2016/05/06/imagemagick-vulnerability-information/
Wordpress-Plugin bleibt ungefixt
Ein Sicherheitsforscher deckte zwei Lücken in der Wordpress-Erweiterung Event-Registration auf; die Hersteller reagieren jedoch nicht.
http://heise.de/-3198956
Penetration Testing of a Citrix Server
Here I'll discuss how I did a pentest of a Citrix server in a lab network. First, let us understand about Windows terminal service. Microsoft Windows Terminal Services, otherwise known as Remote Desktop Services, is one of the components of Windows 2003-08 Server, which allows multiple sessions to run the application over it.
http://resources.infosecinstitute.com/penetration-testing-of-a-citrix-server/
Security Advisory - XSS Vulnerability in the Email App of Huawei Smartphone
There is a vulnerability due to the lack of output encoding for some particular characters in the email APP built in the affected Smart Phones. A successful exploitation of the vulnerability could allow an unauthenticated remote attacker to perform a cross-site scripting (XSS) attack and lead to obtain the user information.
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160507-01-emailapp-en
IBM Security Bulletins
IBM Security Bulletin: The vulnerability in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(CVE-2016-0363 and CVE-2016-0376)
http://www.ibm.com/support/docview.wss?uid=swg21982634
IBM Security Bulletin: Security Bulletin: Vulnerability in OpenSSL affects IBM InfoSphere Master Data Management (CVE-2016-2842)
http://www.ibm.com/support/docview.wss?uid=swg21982353
IBM Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified - CVE-2016-0800
http://www.ibm.com/support/docview.wss?uid=ssg1S1005717
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM SONAS - CVE-2016-0800
http://www.ibm.com/support/docview.wss?uid=ssg1S1005716
IBM Security Bulletin: Apache Tomcat vulnerability affects IBM SONAS (CVE-2015-5345)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005712
IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager HSM for Windows (CVE-2016-2542)
http://www.ibm.com/support/docview.wss?uid=swg21982741
IBM Security Bulletin: IBM Forms Viewer Installation could allow a remote attacker to execute arbitrary code on the system (CVE-2016-2542)
http://www.ibm.com/support/docview.wss?uid=swg21982440
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM SONAS (CVE-2015-7547)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005681
IBM Security Bulletin: Potential vulnerabilities in IBM OpenPages GRC Platform with Database
http://www.ibm.com/support/docview.wss?uid=swg21982461
IBM Security Bulletin: Vulnerability in TLS affects IBM SONAS (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005722
IBM Security Bulletin: Samba vulnerability issues on IBM SONAS (CVE-2015-5252, CVE-2015-5296, and CVE-2015-5299)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005693
IBM Security Bulletin: Vulnerability in Apache Cordova Android may affect IBM WebSphere Portal (CVE-2015-5256)
http://www.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/integrate/wl_integrt.dita
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM SONAS (CVE-2015-1794, CVE-2015-3194, CVE-2015-3195, and CVE-2015-3196)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005694
IBM Security Bulletin: Vulnerabilities in GSKit affect Tivoli Workload Scheduler (CVE-2015-7421, CVE-2015-7420)
http://www.ibm.com/support/docview.wss?uid=swg21982432
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Liberty for Java for IBM Bluemix April 2016 CPU (CVE-2016-3426, CVE-2016-3427)
http://www.ibm.com/support/docview.wss?uid=swg21982850