End-of-Shift report
Timeframe: Dienstag 09-05-2017 18:00 − Mittwoch 10-05-2017 18:00
Handler: Olaf Schwarz
Co-Handler: Alexander Riepl
EPS Processing Zero-Days Exploited by Multiple Threat Actors
In 2015, FireEye published details about two attacks exploiting vulnerabilities in Encapsulated PostScript (EPS) of Microsoft Office. One was a zero-day and one was patched weeks before the attack launched. Recently, FireEye identified three new zero-day vulnerabilities in Microsoft Office products that are being exploited in the wild.
http://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.html
Persirai: Mehr als 100.000 IP-Kameras für neues IoT-Botnetz verwundbar
Derzeit entsteht ein neues IoT-Botnetz, das bislang aber noch keine Angriffe durchgeführt hat. Die Malware zur Infektion nutzt eine im März veröffentlichte Sicherheitslücke aus.
https://www.golem.de/news/persirai-mehr-als-100-000-ip-kameras-fuer-neues-iot-botnetz-verwundbar-1705-127729.html
Git Shell Bypass By Abusing Less (CVE-2017-8386)
The git-shell is a restricted shell maintained by the git developers and is meant to be used as the upstream peer in a git remote session over a ssh tunnel. The basic idea behind this shell is to restrict the allowed commands in a ssh session to the ones required by git which are as follows ..
https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
[2017-05-10] Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App
Due to the lack of URI scheme validation, any external URI scheme can be invoked by the Microsoft OneDrive iOS application with out any user interaction.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170510-0_Microsoft_OneDrive_iOS_App_Insecure_Handling_URI_schemes_v10.txt
Patchday: Internet Explorer, Office und Windows im Visier von Hackern
Nach dem Notfall-Patch für Windows stellt Microsoft zum gewohnten Termin weitere als kritisch eingestufte Sicherheitsupdates bereit. Angreifer nutzen derzeit diverse Lücken aktiv aus.
https://heise.de/-3709022
Cisco: Kritische Sicherheitslücke in mehreren Switches behoben
Dank CIA-Tools auf Wikileaks ein Leichtes: Über einen Fehler in IOS-Switches konnte Schadcode selbst von Amateuren direkt auf dem Gerät ausgeführt werden. Damit ist jetzt Schluss, denn Cisco hat diesen Fehler offenbar behoben.
https://www.golem.de/news/cisco-kritische-sicherheitsluecke-in-mehreren-switches-behoben-1705-127732.html
Feature, not bug: DNSAdmin to DC compromise in one line
In addition to implementing their own DNS server, Microsoft has also implemented their own management protocol for that server, to allow for easy management and integration with Active Directory domains [...] We will shallowly delve into the protocol's implementation and detail a cute feature (certainly not a bug!) which allows us, under some circumstances, to run code as SYSTEM on domain controllers, without being a domain admin.
https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83
Identifying Sources of Leaks with the Gmail "+" Feature
For years, Google is offering two nice features with his gmail.com platform to gain more power of your email address. You can play with the "+" (plus) sign or "." (dot) to create more email addresses linked to your primary one. Let's take an example with John who's the owner ..
https://blog.rootshell.be/2017/05/10/identifying-sources-leaks-gmail-feature/
IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138)
http://www.ibm.com/support/docview.wss?uid=nas8N1021999
IBM Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS
http://www.ibm.com/support/docview.wss?uid=ssg1S1009964
IBM Security Bulletin: Multiple Apache Tomcat vulnerabilities affect IBM SONAS.
http://www.ibm.com/support/docview.wss?uid=ssg1S1009960
IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities
http://www-01.ibm.com/support/docview.wss?uid=swg22002522