End-of-Shift report
Timeframe: Montag 22-05-2017 18:00 − Dienstag 23-05-2017 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
EU security think tank ENISA looks for IoT security, cant find any
Proposes baseline security spec, plus stickers to prove thing-makers have complied European network and infosec agency ENISA has taken a look at Internet of Things security, and doesnt much like what it sees.
http://go.theregister.com/feed/www.theregister.co.uk/2017/05/23/enisa_proposes_internet_of_things_security_standards/
Biometrie: Iris-Scanner des Galaxy S8 kann einfach manipuliert werden
Schon wieder zeigt sich: Biometrische Merkmale sind praktisch zum Entsperren von Geräten - sicher sind sie hingegen nicht. Ein Hacker hat gezeigt, dass sich der Irisscanner des Galaxy S8 von Samsung mit einem einfachen Foto und einer Kontaktlinse austricksen lässt.
https://www.golem.de/news/biometrie-iris-scanner-des-galaxy-s8-kann-einfach-manipuliert-werden-1705-127987-rss.html
Preloading in Internet Explorer 11 sends complete browsing history to Microsoft
Your entire browsing history will periodically be sent to Microsoft. The data sent includes all addresses you visit and when you visited them (derived from that is also how long you spent on each page), and the address of the page that referred you to each page.
https://ctrl.blog/entry/ie11-flip-out-privacy
Windows 10 UAC Bypass Uses "Apps & Features" Utility
Malware authors have a new UAC bypass technique at their disposal that they can use to install malicious apps on devices running Windows 10.
https://www.bleepingcomputer.com/news/security/windows-10-uac-bypass-uses-apps-and-features-utility/
Hackers can use subtitles to take over millions of devices running VLC, Kodi, Popcorn Time and Stremio
Check Point researchers revealed a new attack vector threatening millions of users of popular media players, including VLC, Kodi (XBMC), Popcorn Time and Stremio. By crafting malicious subtitle files for films and TV programmes, which are then downloaded by viewers, attackers can potentially take complete control of any device running the vulnerable platforms.
https://www.helpnetsecurity.com/2017/05/23/subtitle-hack/
[2017-05-23] Arbitrary File Upload & Stored XSS in InvoicePlane
Multiple high risk vulnerabilities, such as arbitrary file upload and stored cross site-scripting, within the InvoicePlane software allow an attacker to compromise the affected server.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170523-0_InvoicePlane_Upload_arbitrary_files_stored_XSS_v10.txt
BIG-IP Azure cloud vulnerability CVE-2017-6131
BIG-IP Azure cloud vulnerability CVE-2017-6131. Security Advisory. Security Advisory Description. In some circumstances ...
https://support.f5.com/csp/article/K61757346
Cisco Integrated Management Controller Remote Code Execution Vulnerability
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (CIMC) could allow an unauthenticated, remote attacker to perform unauthorized remote command execution on the affected device.The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. Successful exploitation...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3
Cisco Integrated Management Controller Privilege Escalation Vulnerability
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (CIMC) could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device.The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to elevate the privileges of user accounts configured on the device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in NTP affect IBM Flex System Chassis Management Module (CMM)
https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5099561
IBM Security Bulletin: Vulnerabilities in xorg-x11-libX11 affect IBM Flex System Chassis Management Module (CMM)
https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5099564
IBM Security Bulletin: Vulnerabilities in cURL affect IBM Flex System Chassis Management Module (CMM)
https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5099562
IBM Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager
https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5099576
IBM Security Bulletin: Vulnerabilities in tcpdump affect IBM Flex System Chassis Management Module (CMM)
https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5099568
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Web Experience Factory
http://www.ibm.com/support/docview.wss?uid=swg22003695
IBM Security Bulletin: Directory Traversal vulnerabilities impact IBM Network Advisor.
http://www.ibm.com/support/docview.wss?uid=ssg1S1009700
IBM Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerability (CVE-2016-6816)
http://www.ibm.com/support/docview.wss?uid=swg22003660
IBM Security Bulletin: Open Source cURL Libcurl, used by BigFix Platform, has security vulnerabilities (CVE-2016-8617 CVE-2016-8624 CVE-2016-8621)
http://www-01.ibm.com/support/docview.wss?uid=swg22001818
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager (CVE-2016-5597, CVE-2016-5554)
http://www-01.ibm.com/support/docview.wss?uid=swg22002446
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web (CVE-2016-5597, CVE-2016-5554)
http://www-01.ibm.com/support/docview.wss?uid=swg22002445