======================= = End-of-Shift report = =======================

Timeframe: Dienstag 09-05-2017 18:00 − Mittwoch 10-05-2017 18:00 Handler: Olaf Schwarz Co-Handler: Alexander Riepl

*** EPS Processing Zero-Days Exploited by Multiple Threat Actors *** --------------------------------------------- In 2015, FireEye published details about two attacks exploiting vulnerabilities in Encapsulated PostScript (EPS) of Microsoft Office. One was a zero-day and one was patched weeks before the attack launched. Recently, FireEye identified three new zero-day vulnerabilities in Microsoft Office products that are being exploited in the wild. --------------------------------------------- http://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days...

*** Persirai: Mehr als 100.000 IP-Kameras für neues IoT-Botnetz verwundbar *** --------------------------------------------- Derzeit entsteht ein neues IoT-Botnetz, das bislang aber noch keine Angriffe durchgeführt hat. Die Malware zur Infektion nutzt eine im März veröffentlichte Sicherheitslücke aus. --------------------------------------------- https://www.golem.de/news/persirai-mehr-als-100-000-ip-kameras-fuer-neues-io...

*** Git Shell Bypass By Abusing Less (CVE-2017-8386) *** --------------------------------------------- The git-shell is a restricted shell maintained by the git developers and is meant to be used as the upstream peer in a git remote session over a ssh tunnel. The basic idea behind this shell is to restrict the allowed commands in a ssh session to the ones required by git which are as follows .. --------------------------------------------- https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-838...

*** [2017-05-10] Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App *** --------------------------------------------- Due to the lack of URI scheme validation, any external URI scheme can be invoked by the Microsoft OneDrive iOS application with out any user interaction. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170...

*** Patchday: Internet Explorer, Office und Windows im Visier von Hackern *** --------------------------------------------- Nach dem Notfall-Patch für Windows stellt Microsoft zum gewohnten Termin weitere als kritisch eingestufte Sicherheitsupdates bereit. Angreifer nutzen derzeit diverse Lücken aktiv aus. --------------------------------------------- https://heise.de/-3709022

*** Cisco: Kritische Sicherheitslücke in mehreren Switches behoben *** --------------------------------------------- Dank CIA-Tools auf Wikileaks ein Leichtes: Über einen Fehler in IOS-Switches konnte Schadcode selbst von Amateuren direkt auf dem Gerät ausgeführt werden. Damit ist jetzt Schluss, denn Cisco hat diesen Fehler offenbar behoben. --------------------------------------------- https://www.golem.de/news/cisco-kritische-sicherheitsluecke-in-mehreren-swit...

*** Feature, not bug: DNSAdmin to DC compromise in one line *** --------------------------------------------- In addition to implementing their own DNS server, Microsoft has also implemented their own management protocol for that server, to allow for easy management and integration with Active Directory domains [...] We will shallowly delve into the protocol's implementation and detail a cute feature (certainly not a bug!) which allows us, under some circumstances, to run code as SYSTEM on domain controllers, without being a domain admin. --------------------------------------------- https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-o...

*** Identifying Sources of Leaks with the Gmail "+" Feature *** --------------------------------------------- For years, Google is offering two nice features with his gmail.com platform to gain more power of your email address. You can play with the "+" (plus) sign or "." (dot) to create more email addresses linked to your primary one. Let's take an example with John who's the owner .. --------------------------------------------- https://blog.rootshell.be/2017/05/10/identifying-sources-leaks-gmail-feature...

*** IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021999 --------------------------------------------- *** IBM Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009964 --------------------------------------------- *** IBM Security Bulletin: Multiple Apache Tomcat vulnerabilities affect IBM SONAS. *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009960 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities *** http://www-01.ibm.com/support/docview.wss?uid=swg22002522 ---------------------------------------------