Tageszusammenfassung - Dienstag 27-09-2016

End-of-Shift report

Timeframe: Montag 26-09-2016 18:00 − Dienstag 27-09-2016 18:00 Handler: Robert Waldner Co-Handler: n/a

Sofacy APT Targeting OS X Machines with Komplex Trojan

APT gang Sofacy is targeting Mac OS X users with a Trojan that allows an attacker to execute remote commands on infected systems.

http://threatpost.com/sofacy-apt-targeting-os-x-machines-with-komplex-trojan/120882/

---

Java-Deserialization-Cheat-Sheet

A cheat sheet for pentesters about Java Native Binary Deserialization vulnerabilities

https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet

---

Sicherheitsupdate für Django 1.8 und 1.9 veröffentlicht

Grund für das Update des Webframeworks ist eine Schwachstelle, die im Zusammenspiel mit Google Analytics Djangos CSRF-Schutz angreifbar macht. Das aktuelle Django 1.10 ist nicht betroffen, und ältere Varianten als 1.8 erhalten keine Security-Patches mehr.

http://heise.de/-3332611

---

Rotten Potato - Privilege Escalation from Service Accounts to SYSTEM

The idea behind this vulnerability is simple to describe at a high level: - Trick the 'NT AUTHORITY\SYSTEM' account into authenticating via NTLM to a TCP endpoint we control. - Man-in-the-middle this authentication attempt (NTLM relay) to locally negotiate a security token for the 'NT AUTHORITY\SYSTEM' account. This is done through a series of Windows API calls. - Impersonate the token we have just negotiated

https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/

---

Unsafe at any clock speed: Linux kernel security needs a rethink

Ars reports from the Linux Security Summit - and finds much work that needs to be done.

http://arstechnica.com/security/2016/09/linux-kernel-security-needs-fixing/

---

No wonder were being hit by Internet of Things botnets. Ever tried patching a Thing?

Akamai CSO laments pisspoor security design practices Internet of Things devices are starting to pose a real threat to security for the sensible part of the web, Akamais chief security officer Andy Ellis has told The Register.

http://go.theregister.com/feed/www.theregister.co.uk/2016/09/27/akamai_chief_security_officer_andy_ellis_interview_internet_of_things/

---

CVE-2016-7543 -- bash SHELLOPTS+PS4

The recent bash 4.4 patched an old attack vector regarding specially crafted SHELLOPTS+PS4 environment variables against bogus setuid binaries using system()/popen().

http://seclists.org/oss-sec/2016/q3/617

---

Siemens SCALANCE M-800/S615 Web Vulnerability

This advisory contains mitigation details for a web security vulnerability in Siemens SCALANCE M-800 and S615 modules.

https://ics-cert.us-cert.gov/advisories/ICSA-16-271-01

---

IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2015-8325, CVE-2016-6210, CVE-2016-6515)

http://aix.software.ibm.com/aix/efixes/security/java_july2016_advisory.asc