======================= = End-of-Shift report = =======================
Timeframe: Montag 26-09-2016 18:00 − Dienstag 27-09-2016 18:00 Handler: Robert Waldner Co-Handler: n/a
*** Sofacy APT Targeting OS X Machines with Komplex Trojan *** --------------------------------------------- APT gang Sofacy is targeting Mac OS X users with a Trojan that allows an attacker to execute remote commands on infected systems. --------------------------------------------- http://threatpost.com/sofacy-apt-targeting-os-x-machines-with-komplex-trojan...
*** Java-Deserialization-Cheat-Sheet *** --------------------------------------------- A cheat sheet for pentesters about Java Native Binary Deserialization vulnerabilities --------------------------------------------- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
*** Sicherheitsupdate für Django 1.8 und 1.9 veröffentlicht *** --------------------------------------------- Grund für das Update des Webframeworks ist eine Schwachstelle, die im Zusammenspiel mit Google Analytics Djangos CSRF-Schutz angreifbar macht. Das aktuelle Django 1.10 ist nicht betroffen, und ältere Varianten als 1.8 erhalten keine Security-Patches mehr. --------------------------------------------- http://heise.de/-3332611
*** Rotten Potato - Privilege Escalation from Service Accounts to SYSTEM *** --------------------------------------------- The idea behind this vulnerability is simple to describe at a high level: - Trick the 'NT AUTHORITY\SYSTEM' account into authenticating via NTLM to a TCP endpoint we control. - Man-in-the-middle this authentication attempt (NTLM relay) to locally negotiate a security token for the 'NT AUTHORITY\SYSTEM' account. This is done through a series of Windows API calls. - Impersonate the token we have just negotiated --------------------------------------------- https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-f...
*** Unsafe at any clock speed: Linux kernel security needs a rethink *** --------------------------------------------- Ars reports from the Linux Security Summit - and finds much work that needs to be done. --------------------------------------------- http://arstechnica.com/security/2016/09/linux-kernel-security-needs-fixing/
*** No wonder were being hit by Internet of Things botnets. Ever tried patching a Thing? *** --------------------------------------------- Akamai CSO laments pisspoor security design practices Internet of Things devices are starting to pose a real threat to security for the sensible part of the web, Akamais chief security officer Andy Ellis has told The Register. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/09/27/akamai_chief...
*** CVE-2016-7543 -- bash SHELLOPTS+PS4 *** --------------------------------------------- The recent bash 4.4 patched an old attack vector regarding specially crafted SHELLOPTS+PS4 environment variables against bogus setuid binaries using system()/popen(). --------------------------------------------- http://seclists.org/oss-sec/2016/q3/617
*** Siemens SCALANCE M-800/S615 Web Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a web security vulnerability in Siemens SCALANCE M-800 and S615 modules. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-271-01
*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2015-8325, CVE-2016-6210, CVE-2016-6515) *** --------------------------------------------- http://aix.software.ibm.com/aix/efixes/security/java_july2016_advisory.asc