End-of-Shift report
Timeframe: Dienstag 02-08-2016 18:00 − Mittwoch 03-08-2016 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
MICROSOFT LIVE ACCOUNT CREDENTIALS LEAKING FROM WINDOWS 8 AND ABOVE
Discovered in 1997 by Aaron Spangler and never fixed, the WinNT/Win95 Automatic Authentication Vulnerability (IE Bug #4) is certainly an excellent vintage. In Windows 8 and 10, the same bug has now been found to potentially leak the user's Microsoft Live account login and (hashed) password information, which is also used to access OneDrive, Outlook, Office, Mobile, Bing, Xbox Live, MSN and Skype (if used with a Microsoft account).
https://hackaday.com/2016/08/02/microsoft-live-account-credentials-leaking-from-windows-8-and-above/
Internet-Telefonie: Datenschützer raten zu Perfect Forward Secrecy
Die Internationale Arbeitsgruppe zum Datenschutz in der Telekommunikation empfiehlt den Einsatz von sicherer Verschlüsselung bei Apps für VoIP oder Chats. Anbieter sollten möglichst wenig personenbezogene Informationen speichern.
http://heise.de/-3285356
SAP ASE file creation vulnerability (CVE-2016-6196)
Recently SAP released a patch for an Adaptive Server Enterprise vulnerability that allows legitimate database users to create files on disk where the server process can write to. This is useful when doing a chained database attack - first create...
https://www.trustwave.com/Resources/SpiderLabs-Blog/SAP-ASE-file-creation-vulnerability-(CVE-2016-6196)/
The Dark Side of Certificate Transparency, (Wed, Aug 3rd)
I am a big fan of the idea behind Certificate Transparency [1]. The real problem with SSL (and TLS... it really doesnt matter for this discussion) is not the weak ciphers or subtle issues with algorithms (yes, you should still fix it), but the certificate authority trust model. It has been too easy in the past to obtain a fraudulent certificate [2]. There was little accountability when it came to certificate authorities issuing test certificates, or just messing up, and validating the wrong...
https://isc.sans.edu/diary.html?storyid=21329&rss
Windows 10 Anniversary Update fordert signierte Treiber schärfer ein
Seit der 64-Bit-Version von Windows Vista verlangt Microsoft digital signierte Treiber für PC-Komponenten; die jüngste Windows-10-Version 1607 (Redstone) schraubt die Anforderungen höher.
http://heise.de/-3285419
Unsichere SMS-Authentifizierung: Telegram-Accounts in Iran offenbar gehackt
Der Messengerdienst Telegram gilt vielen als sichere Alternative zu Whatsapp. Doch es ist durchaus möglich, Sicherheitsvorkehrungen auszuhebeln und an Accounts zu gelangen.
http://www.golem.de/news/unsichere-sms-authentifizierung-telegram-accounts-in-iran-offenbar-gehackt-1608-122489-rss.html
FossHub kompromittiert: Software-Installer mit Malware infiziert
Die Download-Plattform FossHub ist gehackt worden. Die Hacker haben die Installer von verbreiteten Open-Source-Programmen mit Malware infiziert die den Bootloader überschreibt.
http://heise.de/-3286347
A brief introduction to Forensic Readiness
Introduction As defined in the RFC 2350 (Expectations for Computer Security Incident Response), the security incident is any adverse event which compromises some aspect of computer or network security. The definition of an incident may vary between organizations but generally is related to the compromise of confidentiality (i.e. document theft), integrity (i.e. alteration of the...
http://resources.infosecinstitute.com/a-brief-introduction-to-forensic-readiness/
Finding and Enumerating Processes within Memory-Part 1
In this article series, we will learn about how processes reside in memory and various ways to find and enumerate them. I will be using Volatility plugins to find processes in memory. Once we know how to find processes within memory, in Part 2 we will see how to enumerate through them. Note: The scope...
http://resources.infosecinstitute.com/finding-and-enumerating-processes-within-memory-part-1/
Social Engineering: Wie man anderen mit Schokolade das Passwort entlocken kann
Wissenschafter belegen erschreckend leichtfertigen Umgang mit vertraulichen Daten
http://derstandard.at/2000042272093-406
Four high-profile vulnerabilities in HTTP/2 revealed
Imperva released a new report at Black Hat USA 2016, which documents four high-profile vulnerabilities researchers at the Imperva Defense Center found in HTTP/2, the new version of the HTTP protocol that serves as one of the main building blocks of the Worldwide Web. HTTP/2 introduces new mechanisms that effectively increase the attack surface of business critical web infrastructure which then becomes vulnerable to new types of attacks. Imperva researchers took an in-depth look at...
https://www.helpnetsecurity.com/2016/08/03/vulnerable-http2/
Stealing payment card data and PINs from POS systems is dead easy
Many of the large payment card breaches that hit retail and hospitality businesses in recent years were the result of attackers infecting point-of-sale systems with memory-scraping malware. But there are easier ways to steal this sort of data, due to a lack of authentication and encryption between card readers and the POS payment applications.POS systems are specialized computers. They typically run Windows and have peripherals like keyboards, touch screens, barcode scanners and card readers...
http://www.cio.com/article/3102922/stealing-payment-card-data-and-pins-from-pos-systems-is-dead-easy.html#tk.rss_security
Nagios Core Access Control Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1036513
Moxa SoftCMS SQL Injection Vulnerability
This advisory contains mitigation details for a SQL injection vulnerability in Moxas SoftCMS.
https://ics-cert.us-cert.gov/advisories/ICSA-16-215-01
Siemens SINEMA Server Privilege Escalation Vulnerability
This advisory contains mitigation details for a privilege escalation vulnerability in the Siemens SINEMA Server.
https://ics-cert.us-cert.gov/advisories/ICSA-16-215-02