End-of-Shift report
Timeframe: Montag 11-07-2016 18:00 − Dienstag 12-07-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Security updates available for Adobe Flash Player (APSB16-25)
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Platform: Windows, Macintosh, Linux and ChromeOS
https://helpx.adobe.com/security/products/flash-player/apsb16-25.html
Bugtraq: Persistent Cross-Site Scripting in WP Live Chat Support plugin
A persistent Cross-Site Scripting (XSS) vulnerability has been found in
the WP Live Chat Support plugin. By using this vulnerability an attacker
can supply malicious code on behalf of a logged on WordPress user in
order to perform a wide variety of actions, such as stealing victims'
session tokens or login credentials, performing arbitrary actions on
their behalf, and logging their keystrokes.
http://www.securityfocus.com/archive/1/538871
Serious flaw fixed in widely used WordPress plug-in
If youre running a WordPress website and you have the hugely popular All in One SEO Pack plug-in installed, its a good idea to update it as soon as possible. The latest version released Friday fixes a flaw that could be used to hijack the sites admin account.The vulnerability is in the plug-ins Bot Blocker functionality and can be exploited remotely by sending HTTP requests with specifically crafted headers to the website.The Bot Blocker feature is designed to detect and block spam bots based
http://www.csoonline.com/article/3093379/security/serious-flaw-fixed-in-widely-used-wordpress-plug-in.html#tk.rss_applicationsecurity
Hiding in White Text: Word Documents with Embedded Payloads, (Wed, Jul 6th)
This is a guest diary by Yaser Mansour. Due to the extensive use of images, please note that all the images are clickable to view them at full size. A PDF version of this diary is available here Malicious macros in Office documents are not new, and several samples have been analyzed here at the ISC Diary website. Usually, the macro script is used to drop the second stage malware either by reaching to the internet or by extracting a binary embedded in the Office document itself.
https://isc.sans.edu/diary.html?storyid=21227&rss
Jigsaw Ransomware Decrypted, Again
Jigsaw ransomware's encryption has been thwarted by Check Point researchers that discover a fatal flaw.
http://threatpost.com/jigsaw-ransomware-decrypted-again/119186/
[RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries
The application basically offers a Cross-Site Request Forgery protection using the a Struts-based token called "token". While many administrative functionalities like adding new users are protected on this way, the following HTTP POST-based functions are missing this token and are therefore vulnerable to CSRF:
http://www.securityfocus.com/archive/1/538877
[security bulletin] HPSBHF03608 rev.1 - HPE iMC PLAT and other Network Products using Apache Java Commons Collection (ACC), Remote Execution of Arbitrary Code
Potential Security Impact: Remote Execution of Arbitrary Code VULNERABILITY SUMMARY: A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HPE iMC PLAT and other network products. The vulnerability could be exploited remotely to allow execution of arbitrary code.
http://www.securityfocus.com/archive/1/538880
SSA-301706 (Last Update 2016-07-12): GNU C Library Vulnerability in Industrial Products
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf
The July 2016 issue of our SWITCH Security Report is available!
A new issue of our monthly SWITCH Security Report has just been released.
The topics covered in this report are:
* DAO-ism on the ethereal plane - hacker bags cryptocurrency worth USD 50 million
* Ransomware - smart, greedy and unkillable
* CANVAS ready to launch - bridging cybersecurity and ethics
* US border guards want to be your Facebook friend - and other news on anti-terror measures
The Security Report is available in both English and German.
https://securityblog.switch.ch/2016/07/12/july-2016-issue-switch-security-report/
Erpressungs-Trojaner Ranscam schickt Daten unwiederbringlich ins digitale Nirwana
Wie jede Ransomware behauptet auch Ranscam, alle als Geiseln genommenen persönlichen Daten nach einer Lösegeldzahlung freizugeben. In diesem Fall haben das die Drahtzieher aber grundsätzlich gar nicht vorgesehen, warnen Sicherheitsforscher.
http://heise.de/-3265137
SFG: Furtim's Parent
The Labs team at SentinelOne recently discovered a sophisticated malware campaign specifically targeting at least one European energy company.
https://sentinelone.com/blogs/sfg-furtims-parent/