[CERT-daily] Tageszusammenfassung - Freitag 24-04-2015

Fri Apr 24 18:13:43 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 23-04-2015 18:00 − Freitag 24-04-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** When automation does not help, (Thu, Apr 23rd) ***
---------------------------------------------
In a lot of web application penetration tests that Ive done in last couple of years I noticed that the amount of technical vulnerabilities (i.e. XSS or SQL injection) is slowly declining.Of course, this depends on developers awareness but also on frameworks that are used for development of such applications. One of the best (or worst, depending on the point of view) is definitely .NET (yeah, I know, it feels weird to say that Microsoft is best in something security related). With .NET...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19615&rss


*** Security Advisory: NTP vulnerability CVE-2015-1798 ***
---------------------------------------------
(SOL16505)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/500/sol16505.html?ref=rss


*** CVE-2014-6284 - Probe login access vulnerability in SAP ASE ***
---------------------------------------------
The SpiderLabs team at Trustwave published a new advisory today which details issues discovered in the SAP ASE (Adaptive Server Enterprise) by Martin Rakhmanov, a SpiderLabs Senior Researcher. SAP ASE is a relational database management system for UNIX, Linux, and...
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2014-6284----Probe--login-access-vulnerability-in-SAP-ASE/


*** VMSA-2015-0003.5 ***
---------------------------------------------
VMware product updates address critical information disclosure issue in JRE
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0003.html


*** The Rise of Counterintelligence in Malware Investigations ***
---------------------------------------------
The key to operationalizing cybersecurity threat intelligence rests in the critical thinking that establishes that a given indicator is, in fact, malicious. There has been a great deal of talk about the emerging field of cybersecurity threat intelligence in recent years. CTI is the application of intelligence tactics to gain insights on adversarial actors and their tools, techniques, and procedures. However, one aspect that's not frequently discussed is the use of counterintelligence...
---------------------------------------------
http://www.darkreading.com/partner-perspectives/general-dynamics-fidelis/the-rise-of-counterintelligence-in-malware-investigations/a/d-id/1320100


*** Objectifying Cyber Intel Indicators ***
---------------------------------------------
I've had the fortune of visiting a good number of SOCs (including building some) and meeting with a number of leaders in the SOC/IR space over the years- and the better teams will tell you that you simply cannot look at every single alert that fires. Expanding upon this even more, in regards to an Intel-driven IR program, this means that you cannot simply dump all indicators into production; I've seen this fail for both immature programs (overwhelmed with alerts) as well as mature...
---------------------------------------------
http://seanmason.com/2014/08/25/objectifying-cyber-intel-indicators/


*** Honeywell XLWEB SCADA Path Traversal ***
---------------------------------------------
Topic: Honeywell XLWEB SCADA Path Traversal Risk: Medium Text:SCADA - EXPLOITING CVE-2015-0984 FOR SHELL ACCESS This post is a follow up detailing how to achieve control of the actual X...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015040161


*** Magento-Lücke wird aktiv ausgenutzt ***
---------------------------------------------
Wer einen Magento-Shop betreibt und noch nicht das jüngste Sicherheits-Update installiert hat, muss mit unerwünschten Besuchern rechnen. Hacker nutzen die Lücke aus, um SQL-Befehle in den Datenbankserver einzuschleusen.
---------------------------------------------
http://heise.de/-2620110


*** IBM Products affected by Vulnerability in RC4 stream cipher ("Bar Mitzvah Attack") and other Vulnerabilities ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us


*** Dyreza's anticrypt ***
---------------------------------------------
In the previous post, we have described how to set up a loft to monitor Dyreza with the help of virtual machines configured with breakpoints at addresses where communications appear in clear text. Configuration file updates can thus be obtained in real-time easily. Another way to monitor this kind of malware using a decentralised architecture is to implement parts of the malicious binary in a thin client, which requires to fully understand its decryption routine details.
---------------------------------------------
http://www.lexsi-leblog.com/cert-en/dyrezas-anticrypt.html


*** Antiviren-Software und Apples Schutzmechanismen für Mac OS X nutzlos ***
---------------------------------------------
Einem Sicherheitsforscher zufolge sei es trivial, einen Mac nachhaltig mit Malware zu verseuchen. Weder würde gängige Antivirensoftware helfen, noch Apples eigene Mechanismen wie XProtect oder das Signieren von Apps.
---------------------------------------------
http://heise.de/-2620049


*** HTML5 Security: Local Storage ***
---------------------------------------------
In a previous article of mine, I discussed Cross Domain Messaging in HTML5. This article walks you through another feature, called local storage, and its security. Local Storage Local storage is one of the new features added in HTML5. It was first introduced in Mozilla 1.5 and eventually embraced by the HTML5 specification. We can...
---------------------------------------------
http://resources.infosecinstitute.com/html5-security-local-storage/


*** Yubikey NEO (JavaCard OpenPGP) private key operations can be accessed without PIN ***
---------------------------------------------
The source code contains a logical flaw related to user PIN (aka PW1) verification that allows an attacker with local host privileges and/or physical proximity (NFC) to perform security operations without knowledge of the user's PIN code.
---------------------------------------------
https://developers.yubico.com/ykneo-openpgp/SecurityAdvisory%202015-04-14.html