End-of-Shift report
Timeframe: Montag 04-07-2016 18:00 − Dienstag 05-07-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
EU: 450 Millonen Euro für Cyberkriminalitäts-Forschung
Im Kampf gegen Cyberkriminalität will die EU-Kommission bis 2020 insgesamt 450 Millionen Euro an Forschungsausgaben bereitstellen.
http://futurezone.at/digital-life/eu-450-millonen-euro-fuer-cyberkriminalitaets-forschung/208.008.419
Word hole patched in 2012 is unchallenged king of Office exploits
Its 2016, people, even the pirates have patched Possibly the most exploited unchallenged Microsoft Office vulnerability of the last decade was found and patched in 2012.
http://go.theregister.com/feed/www.theregister.co.uk/2016/07/05/magento_vulns/
Getting ready for the European Cyber Security Month (ECSM)
ENISA together with the European Commission and its partners are preparing for this year's cyber security month running across the EU during October, focusing each week on a different topic.
https://www.enisa.europa.eu/news/enisa-news/getting-ready-for-the-european-cyber-security-month-ecsm
Emulating and Exploiting Firmware binaries - Offensive IoT Exploitation series
Welcome to the third post in the "Offensive IoT Exploitation" series. In the previous one, we learned about how we can get started with analyzing firmware and extracting file systems. In this post, we will take it a step further by analyzing individual binaries from firmware, and even exploiting commonly found vulnerabilities. There are two...
http://resources.infosecinstitute.com/emulating-and-exploiting-firmware-binaries-offensive-iot-exploitation-series/
Exploiting Format Strings: Getting the Shell
In this article, we will have a look at how to exploit format String vulnerabilities to get a shell. Overview: In this article, we will briefly have a look at how to overwrite specific memory location, how to inject our shellcode in current memory of program and further overwrite the some desired memory address to...
http://resources.infosecinstitute.com/exploiting-format-strings-getting-the-shell/
85 Millionen Android-Geräte von HummingBad-Malware befallen
HummingBad rootet Geräte und klickt auf Werbebanner, warnen Sicherheitsforscher. Das bringe den Kriminellen 300.000 US-Dollar im Monat ein. In Deutschland sollen zehntausende Geräte infiziert sein.
http://heise.de/-3254664
SSD Advisory - Wget Arbitrary Commands Execution
A vulnerability in the way wget handles redirects allows attackers that are able to hijack a connection initiated by wget or compromise a server from which wget is downloading files from, would allow them to cause the user running wget to execute arbitrary commands.
https://blogs.securiteam.com/index.php/archives/2701
Paper: New Keylogger on the Block
In a new paper published by Virus Bulletin, Sophos researcher Gabor Szappanos takes a look at the KeyBase keylogger, sold as a commercial product and popular among cybercriminals who use it in Office exploit kits. Read more...
https://www.virusbulletin.com/blog/2016/07/paper-new-keylogger-block/
Lenovo ThinkPwn UEFI exploit also affects products from other vendors
A critical vulnerability that was recently found in the low-level firmware of Lenovo ThinkPad systems also reportedly exists in products from other vendors, including HP and Gigabyte Technology.An exploit for the vulnerability was published last week and can be used to execute rogue code in the CPUs privileged SMM (System Management Mode).This level of access can then be used to install a stealthy rootkit inside the computers Unified Extensible Firmware Interface (UEFI) -- the modern BIOS -- or...
http://www.csoonline.com/article/3091753/security/lenovo-thinkpwn-uefi-exploit-also-affects-products-from-other-vendors.html#tk.rss_applicationsecurity
Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979), (Tue, Jul 5th)
Apache released an important update today to fix a vulnerability that affects servers that have http/2 enabled and use TLS client certificates for authentication. Apache 2.4.18-20 are vulnerable if: - TLS certificates are used for authenticating clients (look for the SSLVerifyClient require directive in your configuration file) - http/2 is enabled. (see if the Protocols line includes h2 and/or h2c).">tshark -Y ssl.handshake.extensions_alpn_str == h2 -n -i en0 \ -T fields -e ip.src -e...
https://isc.sans.edu/diary.html?storyid=21223&rss
Unechte Amazon-Nachricht: Rechnung uber Ihre Verkaeufergebuehren
Kriminelle versenden vermeintliche Amazon-Benachrichtigungen. Darin behaupten sie, dass eine Steuerrechnung verfügbar sei. Interessenten, die diese einsehen wollen, sollen einen Dateianhang öffnen und ihre persönlichen Zugangsdaten bekannt geben. Dabei handelt es sich um einen Datendiebstahlsversuch.
https://www.watchlist-internet.at/phishing/unechte-amazon-nachricht-rechnung-uber-ihre-verkaeufergebuehren/
(Windows) Syslog Server "npriority" field remote Denial of Service vulnerability
Bug Description: Syslog Server 1.2.3 is a free syslog server for Windows systems. The syslog server cannot handle the content of the npriority field well, whereupon the server may be collapsed by receiving a customized packet.
http://www.securityfocus.com/archive/1/538836
VU#690343: Acer Portal app for Android does not properly validate SSL certificates
Vulnerability Note VU#690343 Acer Portal app for Android does not properly validate SSL certificates Original Release date: 05 Jul 2016 | Last revised: 05 Jul 2016 Overview The Acer Portal app for Android allows customers to connect to the Acer Cloud. The Acer Portal app, from version 3.9.3.2003 to 3.9.3.2006, does not properly validate SSL certificates when connecting to the Acer Cloud. Description CVE-2016-5648 - CWE-295: Improper Certificate ValidationThe Acer Portal app for Android, from
http://www.kb.cert.org/vuls/id/690343
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Workload Scheduler (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176)
http://www.ibm.com/support/docview.wss?uid=swg21985850
IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Tivoli Netcool/Reporter
http://www-01.ibm.com/support/docview.wss?uid=swg21986007
IBM Security Bulletin: Multiple Vulnerabilities in Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
http://www.ibm.com/support/docview.wss?uid=swg2C1000114
IBM Security Bulletin: Multiple vulnerabilities in NPM affects IBM API Connect (CVE-2016-3956, CVE-2016-2537, CVE-2016-2515)
http://www-01.ibm.com/support/docview.wss?uid=swg21986144