End-of-Shift report
Timeframe: Donnerstag 09-02-2017 18:00 − Freitag 10-02-2017 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
ENISA study on the security aspects of virtualization
The report provides an analysis on the current status of security of virtualization, by presenting current technologies affected, risks, efforts, gaps, and the impact the latter have on environments based on virtualization technologies.
https://www.enisa.europa.eu/news/enisa-news/enisa-study-on-the-security-aspects-of-virtualization
A Feeding Frenzy to Deface WordPress Sites
In this report we share data on the ongoing flood of WordPress REST-API exploits we are seeing in the wild. We include data on 20 different site defacement campaigns we are currently tracking.
https://www.wordfence.com/blog/2017/02/rest-api-exploit-feeding-frenzy-deface-wordpress-sites/
RCE Attempts Against the Latest WordPress REST API Vulnerability
We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability. These RCE attempts started today after a few days of attackers (mostly defacers) rushing to vandalize as many pages as they could. The RCE attempts we are seeing in the wild do not affect every WordPress sites, only the ones using plugins that allow for PHP execution from within posts and pages.
https://blog.sucuri.net/2017/02/rce-attempts-against-the-latest-wordpress-rest-api-vulnerability.html
De-Anonymizing Browser History Using Social-Network Data
Interesting research: "De-anonymizing Web Browsing Data with Social Networks":Abstract: Can online trackers and network adversaries de-anonymize web browsing data readily available to them? We show -- theoretically, via simulation, and through experiments on real user data -- that de-identified web browsing histories can\ be linked to social media profiles using only publicly available data. Our approach is based on a simple observation: each person has a distinctive social network,...
https://www.schneier.com/blog/archives/2017/02/de-anonymizing_1.html
CERT updates insider threat guidebook
The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University released the fifth edition of the Common Sense Guide to Mitigating Insider Threats. The guide describes 20 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so.
https://www.helpnetsecurity.com/2017/02/10/insider-threat-guidebook/
ENISA issues Smartphone Development Guidelines
ENISA publishes an update of the Smartphone Development Guidelines.
https://www.enisa.europa.eu/news/enisa-news/enisa-issues-smartphone-development-guidelines
Hacking Guatemala's DNS - Spying on Active Directory Users By Exploiting a TLD Misconfiguration
In search of new interesting high-impact DNS vulnerabilities I decided to take a look at the various top-level domains (TLDs) and analyze their configurations for errors. Upon some initial searching it turns out there is a nice open source service which helps DNS administrators scan their domains for misconfigurations called DNSCheck written by The Internet Foundation in Sweden. This tool helps highlight all sorts of odd DNS misconfigurations such as having an...
https://thehackerblog.com/hacking-guatemalas-dns-spying-on-active-directory-users-by-exploiting-a-tld-misconfiguration/
Unpatched (0day) jQuery Mobile XSS
TL;DR - Any website that uses jQuery Mobile and has an open redirect is now vulnerable to XSS - and theres nothing you can do about it, theres not even patch
http://sirdarckcat.blogspot.co.at/2017/02/unpatched-0day-jquery-mobile-xss.html
Multiple cross-site scripting vulnerabilities in Webmin
Webmin contains multiple cross-site scripting vulnerabilities.
http://jvn.jp/en/jp/JVN34207650/
Western Digital My Cloud 2.21.119 Authentication Bypass
Topic: Western Digital My Cloud 2.21.119 Authentication Bypass Risk: High Text: Authentication bypass vulnerability in Western Digital My Cloud Remco Verm...
https://cxsecurity.com/issue/WLB-2017020093
Hanwha Techwin Smart Security Manager
This advisory contains mitigation detail for remote code execution vulnerabilities in Hanwha Techwins Smart Security Manager.
https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01
DFN-CERT-2017-0251: Xen, QEMU: Eine Schwachstelle ermöglicht das Ausspähen von Informationen und die Eskalation von Privilegien
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0251/
IBM Security Bulletins
IBM Security Bulletin: Potential Cross-site scripting vulnerability in WebSphere Application Server (CVE-2017-1121)
http://www-01.ibm.com/support/docview.wss?uid=swg21997743
IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php5 vulnerabilities (CVE-2016-6911, CVE-2016-8670)
http://www.ibm.com/support/docview.wss?uid=isg3T1024834
IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a kernel vulnerability
http://www.ibm.com/support/docview.wss?uid=isg3T1024807
IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple cURL/libcURL vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)
http://www.ibm.com/support/docview.wss?uid=isg3T1024808
IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a libgcrypt vulnerability (CVE-2016-6313)
http://www.ibm.com/support/docview.wss?uid=isg3T1024832
IBM Security Bulletin: Vulnerability in OpenSSL affect Rational Tau (CVE-2016-2180)
http://www-01.ibm.com/support/docview.wss?uid=swg21994132
IBM Security Bulletin: Vulnerability in OpenSSL affect Rational Tau (CVE-2016-2177)
http://www-01.ibm.com/support/docview.wss?uid=swg21993836
IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple glibc vulnerabilities (CVE-2016-1234, CVE-2016-3706, CVE-2016-4429)
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024831