End-of-Shift report
Timeframe: Donnerstag 07-07-2016 18:00 − Freitag 08-07-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Pentesters (and Attackers) Love Internet Connected Security Cameras!, (Wed, Jul 6th)
A recent story making the rounds in both the infosec and public press is the recent use of internet-connected security cameras as a base for DDOS attacks. They dont have a lot of CPU, but theyre linux platforms that are easily hackable, never get updated and usually have good bandwidth available to them. This shouldnt come as any surprise to folks who are in the security business, or those who do any kind of a product eval before they plug new gear into their network. I see security cameras on...
https://isc.sans.edu/diary.html?storyid=21231&rss
D-Link Wi-Fi Camera Flaw Extends to 120 Products
A software component that exposed D-Link Wi-Fi cameras to remote attacks is also used in more than 120 other products sold by the company.
http://threatpost.com/d-link-wi-fi-camera-flaw-extends-to-120-products/119097/
Zero-day flaw lets hackers tamper with your car through BMW portal
Researchers have disclosed zero-day vulnerabilities affecting the BMW web domain and ConnectedDrive portal which remain unpatched and open to attack. According to researchers from Vulnerability Labs, there are two main bugs both related to the BMW online service web app for ConnectedDrive, the connected car hub for new, internet-connected vehicles produced by the automaker.
http://www.zdnet.com/article/hackers-can-tamper-with-car-registration-through-bmw-connected-car-portal/
CryptXXX, Cryptobit Ransomware Spreading Through Campaign
Researchers have spotted several types of ransomware, including CryptXXX and a fairly new strain, Cryptobit, being pushed through the same shady series of domains.
http://threatpost.com/cryptxxx-cryptobit-ransomware-spreading-through-campaign/119116/
BMW ConnectedDrive flaws could be misused to tamper with car settings
Security researcher Benjamin Kunz Mejri has found two vulnerabilities in the BMW ConnectedDrive web portal/web application. About the vulnerabilities in BMW ConnectedDrive The first one is a client-side cross site scripting web vulnerability that could be exploited by a remote attacker without a privileged account to inject his own malicious script codes to the client-side of the affected module context. Minimal user interaction is needed for this attack to work.
https://www.helpnetsecurity.com/2016/07/08/bmw-connecteddrive-flaws/
BSI-Lagedossier erklärt Krypto-Trojaner
Das BSI erklärt auf 35 Seiten, was es mit Ransomware auf sich hat, welche Familien wie verbreitet sind und wie man sich die Dinger vom Hals hält.
http://heise.de/-3262333
Keydnap: Mac-Malware will Passwörter aus Schlüsselbund klauen
Der als harmlose Datei getarnte Schädling versucht mit einem Trick, das Passwort des Nutzers zu erlangen. Mit Root-Rechten geht Keydnap dann auf die Jagd nach den im Schlüsselbund von OS X abgelegten Kennwörtern.
http://heise.de/-3262501
1,025 Wendy's Locations Hit in Card Breach
At least 1,025 Wendys locations were hit by a malware-driven credit card breach that began in the fall of 2015, the nationwide fast-food chain said Thursday. The announcement marks a significant expansion in a data breach that is costing banks and credit unions plenty: Previously, Wendys had said the breach impacted fewer than 300 locations.
http://krebsonsecurity.com/2016/07/1025-wendys-locations-hit-in-card-breach/
Dropping Elephant APT Targets Old Windows Flaws
Dropping Elephant, an advanced persistent threat group, is using old exploits to target unpatched version of Windows in highly effective cyber espionage campaign.
http://threatpost.com/dropping-elephant-apt-targets-old-windows-flaws/119123/
Initiative im Bundesrat: Härteres Vorgehen gegen Botnetz-Kriminalität
Wer in ein Haus einbricht, kann wegen Hausfriedensbruch oder Diebstahl zur Verantwortung gezogen werden. Wer sich Zugang zu einem fremden Rechner verschafft, soll laut einer Gesetzesinitiative ähnliches zu erwarten haben.
http://heise.de/-3262684
Security Advisories Relating to Symantec Products - Symantec Client IDS Driver PE File Memory Corruption Denial of Service
Symantecs Client Intrusion Detection System (CIDS) driver may cause a system crash when interacting with a specifically-crafted Portable Executable file.
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160707_01
Security Advisories Relating to Symantec Products - Symantec Workspace Streaming and Workspace Virtualization Path Traversal and Arbitrary File Read
Symantec Workspace Streaming (SWS) and Workspace Virtualization (SWV) management consoles were susceptible to a path traversal in a file download configuration file that could allow a malicious user who could access the vulnerable file to view unauthorized application files of specific file types. An authenticated console user could manipulate this same file to read any file on the host system. This could potentially provide additional information for staging additional attacks on the...
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160707_00
WECON LeviStudio Buffer Overflow Vulnerabilities
This advisory contains mitigation details for buffer overflow vulnerabilities in WECON's LeviStudio software.
https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01
Moxa Device Server Web Console Authorization Bypass Vulnerability
This advisory contains mitigation details for an authorization bypass vulnerability in Moxa's Device Server Web Console.
https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02
Security Advisory - Two Buffer Overflow Vulnerabilities in Wi-Fi Driver of Huawei Smart Phone
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160708-01-smartphone-en
IBM Security Bulletins
IBM Security Bulletin: Vulnerability in OpenSSL affects ProtecTIER (CVE-2016-2108)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007982
IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM MessageSight
http://www-01.ibm.com/support/docview.wss?uid=swg21986473
IBM Security Bulletin: Vulnerability in Oracle Outside In Technology affects IBM Rational DOORS Next Generation (CVE-2016-3455)
http://www.ibm.com/support/docview.wss?uid=swg21985994
IBM Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available
http://www-01.ibm.com/support/docview.wss?uid=swg21985736
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099423
IBM Security Bulletin: Vulnerability affects IBM Rational Team Concert GIT Integration (CVE-2016-2865 )
http://www.ibm.com/support/docview.wss?uid=swg21985865
IBM Security Bulletin: Vulnerability in Libcurl affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2016-0755)
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099424
IBM Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099425
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426