End-of-Shift report
Timeframe: Freitag 01-07-2016 18:00 − Montag 04-07-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Spotlight: WPBeginner's Approach to WordPress Security
WPBeginner offers tutorials, tips, and tricks for WordPress beginners to improve their sites. With over 150K Twitter followers and almost 10 million monthly visitors, the website is undeniably popular. The high-quality content provided by WPBeginner helps WordPress users make better decisions and gain awareness of their options. Using research and thought leadership, WPBeginner offers guidance...
https://blog.sucuri.net/2016/07/spotlight-wpbeginner-website-security.html
SQLite developers need to push the patch
Tempfile permissions a can of worms SQLite has pushed out an update to fix a local tempfile bug, to address concerns that the bug could be exploitable beyond the merely local.
http://go.theregister.com/feed/www.theregister.co.uk/2016/07/04/sqlite_developers_need_to_push_the_patch/
Verschlüsselung: Sicherheitslücke bei Start Encrypt
Sicherheitsforscher haben im Client der Lets Encrypt-Alternative Start Encrypt zahlreiche Probleme gefunden, die die Ausstellung gültiger Zertifikate für beliebige URLs ermöglichte. Der Client hatte zudem zahlreiche weitere Probleme, die jetzt behoben sein sollen.
http://www.golem.de/news/verschluesselung-sicherheitsluecke-bei-start-encrypt-1607-121900-rss.html
Zero-Day-Sicherheitslücke gefährdet Lenovo-Notebooks
Durch eine schwerwiegende Zero-Day-Lücke in der Firmware von Lenovos Thinkpads kann unter Umständen beliebiger Programmcode auf dem System ausgeführt werden.
http://futurezone.at/produkte/zero-day-sicherheitsluecke-gefaehrdet-lenovo-notebooks/207.874.326
Gratis-Tools entschlüsseln Erpressungstrojaner
Der Sicherheitssoftware-Hersteller AVG stellt kostenlose Werkzeuge zur Verfügung, mit denen man sich gegen diverse Verschlüsselungstrojaner wehren kann.
http://futurezone.at/digital-life/gratis-tools-entschluesseln-erpressungstrojaner/207.881.149
Großes Sicherheits-Update für Foxit Reader und Phantom
In dem PDF-Anzeigeprogramm Foxit Reader klaffen kritische Sicherheitslöcher, die das Update auf Version 8.0 stopft. Ebenfalls betroffen ist der PDF-Editor Phantom.
http://heise.de/-3253936
UPC UBEE EVW3226 WPA2 Password Reverse Engineering
TL;DR: We reversed default WPA2 password generation routine for UPC UBEE EVW3226 router. This blog contains firmware analysis, reversing writeup, function statistical analysis and proof-of-concept generator.
https://deadcode.me/blog/2016/07/01/UPC-UBEE-EVW3226-WPA2-Reversing.html
Security Alert: Adwind RAT Spotted in Targeted Attacks with Zero AV Detection
The malware economy is alive and well! And cyber criminals are making big money by using this business model. The re-emergence of Adwind RAT provides additional proof to support this. This Java-based malware has been spotted over the weekend in several targeted attacks against Danish companies. Given that the malicious email employed to deceive victims...
https://heimdalsecurity.com/blog/security-alert-adwind-rat-targeted-attacks-zero-av-detection/
Bugtraq: HTTP session poisoning in EMC Documentum WDK-based applications causes arbitrary code execution and privilege elevation
http://www.securityfocus.com/archive/1/538819
DSA-3613 libvirt - security update
Vivian Zhang and Christoph Anton Mitterer discovered that setting anempty VNC password does not work as documented in Libvirt, avirtualisation abstraction library. When the password on a VNC server isset to the empty string, authentication on the VNC server will bedisabled, allowing any user to connect, despite the documentationdeclaring that setting an empty password for the VNC server prevents allclient connections. With this update the behaviour is enforced bysetting the password expiration
https://www.debian.org/security/2016/dsa-3613
DSA-3614 tomcat7 - security update
The TERASOLUNA Framework Development Team discovered a denial of servicevulnerability in Apache Commons FileUpload, a package to make iteasy to add robust, high-performance, file upload capability to servletsand web applications. A remote attacker can take advantage of this flawby sending file upload requests that cause the HTTP server using theApache Commons Fileupload library to become unresponsive, preventing theserver from servicing other requests.
https://www.debian.org/security/2016/dsa-3614
Sierra Wireless AirLink Raven XE and XT Gateway Vulnerabilities
NCCIC/ICS-CERT is aware of a public report of three vulnerabilities affecting the Sierra Wireless AirLink Raven XE and XT gateways. According to this report, the affected products allow unauthenticated access to directories on the system, which may allow remote file upload, download, and system reboot.
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-182-01
ZDI-16-405: Trihedral VTScada Path Out-Of-Bounds Indexing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-16-405/
ZDI-16-404: Trihedral VTScada Filter Bypass Information Disclosure Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-16-404/
ZDI-16-403: Trihedral VTScada Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-16-403/
IBM Security Bulletins
IBM Security Bulletin: : Multiple Vulnerabilities in OpenSSL affect IBM Security Guardium
http://www-01.ibm.com/support/docview.wss?uid=swg21984609
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Notes Standard Client
http://www-01.ibm.com/support/docview.wss?uid=swg21983686
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Control Center (CVE-2016-3427 and CVE-2016-3426)
http://www.ibm.com/support/docview.wss?uid=swg21986174
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime Version 7 affect IBM Content Collector for SAP Applications (CVE-2016-3426 CVE-2016-0264)
http://www-01.ibm.com/support/docview.wss?uid=swg21985957
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Guardium
http://www-01.ibm.com/support/docview.wss?uid=swg21985729
IBM Security Bulletin: IBM Sterling Connect:Direct FTP+ for Windows installers are vulnerable to attack (CVE-2016-4560)
http://www-01.ibm.com/support/docview.wss?uid=swg21982722
IBM Security Bulletin: OpenSource Oracle MySQL Vulnerability affects IBM Security Guardium (CVE-2016-2047)
http://www-01.ibm.com/support/docview.wss?uid=swg21984605
IBM Security Bulletin: : Vulnerabilities in OpenSSL affect IBM Security Guardium (CVE-2015-3197)
http://www-01.ibm.com/support/docview.wss?uid=swg21984601