End-of-Shift report
Timeframe: Montag 09-05-2016 18:00 − Dienstag 10-05-2016 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
[Xen-announce] Xen Security Advisory 179 (CVE-2016-3710, CVE-2016-3712) - QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks
Qemu VGA module allows banked access to video memory using the window at 0xa00000 and it supports different access modes with different address calculations. But an attacker can easily change access modes after setting the bank ..
http://lists.xen.org/archives/html/xen-announce/2016-05/msg00001.html
Finding Conditional SEO Spam in Drupal
Nobody likes spam. It's never fun (unless you're watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of ..
https://blog.sucuri.net/2016/05/seo-spam-in-drupal-database.html
DSA-3572 websvn - security update
Nitin Venkatesh discovered that websvn, a web viewer for Subversion repositories, is susceptible to cross-site scripting attacks viaspecially crafted file and directory names in repositories.
https://www.debian.org/security/2016/dsa-3572
Gamarue, Nemucod, and JavaScript
JavaScript is now being used largely to download malware because it's easy to obfuscate the code and it has a small size. Most recently, one of the most predominant JavaScript malware that has been spreading other malware is Nemucod. This ..
https://blogs.technet.microsoft.com/mmpc/2016/05/09/gamarue-nemucod-and-javascript/
Don�t Put Off Till Tomorrow What You Should Start Today (Part 1)
For some, the upcoming EU legislative changes (the General Data Protection Regulation, referred to as GDPR, and the Network and Information Security Directive, referred to as the NIS Directive) may have seemed like they ..
http://researchcenter.paloaltonetworks.com/2016/05/cso-dont-put-off-till-tomorrow-what-you-should-start-today-part-1/
Performing network forensics with Dshell. Part 1: Basic usage, (Mon, May 9th)
I found out recently there is a very interesting tool that enables some interesting capabilities to perform network forensics from a PCAP capture file. It"> in the command prompt. There is a major keyword that launches ..
https://isc.sans.edu/diary.html?storyid=21035
This is what a root debug backdoor in the Linux kernel looks like
Allwinners all-loser code makes it into shipped firmware A root backdoor for debugging Android gadgets managed to end up in shipped firmware - and were surprised this sort of colossal blunder doesnt happen more often.
www.theregister.co.uk/2016/05/09/allwinners_allloser_custom_kernel_has_a_nasty_root_backdoor/
DSA-3573 qemu - security update
https://www.debian.org/security/2016/dsa-3573
SS7 spookery on the cheap allows hackers to impersonate mobile chat subscribers
Flaws in the mobile signalling protocols can be abused to read messaging apps such as WhatsApp and Telegram.
www.theregister.co.uk/2016/05/10/ss7_mobile_chat_hack/
Security Advisory: ImageMagick vulnerability CVE-2016-3714
https://support.f5.com:443/kb/en-us/solutions/public/k/03/sol03151140.html
Let's stop talking password flaws and instead discuss access management
A good bit of attention has been given to a new report that suggests that there are organizations that don't change their administrative passwords at all, ever. While it may be a bit eye opening that many IT professionals said they did not ..
https://www.helpnetsecurity.com/2016/05/10/password-flaws-access-management/
xt:Commerce: Dringende Patches ohne Details
Der Anbieter des Online-Shop-Systems xt:Commerce verteilt aktuell einen Sicherheitspatch. Betroffene Admins sollten die abgesicherten Versionen mit "sehr hoher ..
http://heise.de/-3200152
Hacker Challenges
Want to get started hacking things but don't want to do anything illegal? Here are some challenges others have made to help you practice some hacking skills. By participating in the challenges you could learn the following ..
https://www.tunnelsup.com/hacker-challenges/
Ransomware Is Not a 'Malware Problem' - It's a Criminal Business Model
Today Unit 42 published our latest paper on ransomware, which has quickly become one of the greatest cyberthreats facing organizations around the world. As a business model, ransomware has proven to be highly effective ..
http://researchcenter.paloaltonetworks.com/2016/05/unit-42-ransomware-trends/
Lateral Movement: Do You Have Enough Eyes?
Sophisticated attackers can find their way into a corporate network in many ways. An attack could come from an external source, through the exploitation of a service, or by being brought in by a user whose laptop has been infected while ..
http://resources.infosecinstitute.com/lateral-movement-do-you-have-enough-eyes/
Böse Bilder: Akute Angriffe auf Webseiten über ImageMagick
Die Gnadenfrist ist abgelaufen. Wer ein ungepatchtes ImageMagick auf seinem Server einsetzt, sollte schnellstens handeln, denn nun sind Exploits im Umlauf.
http://heise.de/-3200773
Xen Security Advisory CVE-2016-3710,CVE-2016-3712 / XSA-179
http://xenbits.xen.org/xsa/advisory-179.txt
IBM Security Bulletin: Vulnerabilities in OpenSource PHP Affect IBM Lotus Protector For Mail Security (CVE-2016-3142 )
http://www.ibm.com/support/docview.wss?uid=swg21981983
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
http://www.ibm.com/support/docview.wss?uid=swg2C1000128
Hackers paradise: Outdated Internet Explorer, Flash installs in enterprises
Two in five Flash users DO update. Surprised? A quarter of all Windows devices are running outdated and unsupported versions of Internet Explorer, exposing users to more ..
www.theregister.co.uk/2016/05/10/ie_flash_vulns_rife/