[CERT-daily] Tageszusammenfassung - Montag 24-08-2015

Mon Aug 24 18:03:26 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 21-08-2015 18:00 − Montag 24-08-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Extortionists Target Ashley Madison Users ***
---------------------------------------------
People who cheat on their partners are always open to extortion by the parties involved. But when the personal details of millions of cheaters gets posted online for anyone to download - as is the case with the recent hack of infidelity hookup ..
---------------------------------------------
http://krebsonsecurity.com/2015/08/extortionists-target-ashley-madison-users/


*** Exploring a 'Malwarebytes Anti-Malware for Windows 10 - website' ***
---------------------------------------------
Here at Malwarebytes, we offer support for a wide variety of Windows Operating Systems - from XP right up to Windows 10. The latter OS is the starting point for this blog post, with a website located ..
---------------------------------------------
https://blog.malwarebytes.org/online-security/2015/08/exploring-an-mbam-for-windows-10-website/


*** One font vulnerability to rule them all #4: Windows 8.1 64-bit sandbox escape exploitation ***
---------------------------------------------
This is the final part #4 of the 'One font vulnerability to rule them all' blog post series. In the previous posts, we introduced the 'blend' PostScript operator vulnerability and successfully used it to first exploit Adobe Reader, and later escape ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2015/08/one-font-vulnerability-to-rule-them-all_21.html


*** Cisco Wireless LAN Controller IPv6 IAPP WIPS Report Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40586


*** BSI: Richtlinie für sicheren Mail-Transport zeigt bereits Wirkung ***
---------------------------------------------
Mit dem Erscheinen der Richtlinie wird leichter verständlich, weshalb Web.de und GMX nicht nur die PGP-Verschlüsselung für Mails eingeführt haben, sondern überraschend auch auf die Sicherheitstechniken DNSSEC und DANE setzen.
---------------------------------------------
http://heise.de/-2788316


*** MMD-0039-2015 - ChinaZ made new malware: ELF Linux/BillGates.Lite ***
---------------------------------------------
There are tweets I posted which is related to this topic, Our team spotted the sample a week ago. And this post is the promised details, I am sorry for the delay for limited resource that we have since for a week I focused to help ..
---------------------------------------------
http://blog.malwaremustdie.org/2015/08/mmd-0039-2015-chinaz-made-new-malware.html


*** Google Analyticator <= 6.4.9.4 - Multiple Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8159


*** Sending Windows Event Logs to Logstash ***
---------------------------------------------
This topic is not brand new, there exists plenty of solutions to forward Windows event logs to Logstash (OSSEC, Snare or NXlog amongst many others). They perform a decent job to collect events on running systems ..
---------------------------------------------
https://blog.rootshell.be/2015/08/24/sending-windows-event-logs-to-logstash/


*** Mass FTP Crawling ***
---------------------------------------------
The combination of interesting files one can find on public FTP servers plus the technical expertise required to make a decent search engine motivated me to write Findex and ultimately this article.
---------------------------------------------
http://findex.cedsys.nl/research/mass-ftp-crawling/


*** Bundestags-IT nach Reparatur wieder online ***
---------------------------------------------
Das IT-System des Deutschen Bundestags ist nach mehrtägigen Reparaturarbeiten am Montag wieder hochgefahren worden. Nach Behebung der Folgen eines Hackerangriffs ging das System wieder ans Netz, wie eine Parlamentssprecherin bestätigte. Die Abgeordneten und Mitarbeiter wurden demnach per Lautsprecher am Montagvormittag über den Neustart des Systems informiert.
---------------------------------------------
http://derstandard.at/2000021189218


*** Compromising a honeypot network through the Kippo password when logstash exec is used ***
---------------------------------------------
We have been playing with Honeypots lately (shoutout to Theo and Sebastian for adding their honeypots to the network), collecting and visualizing the data from the honeypots is done ..
---------------------------------------------
https://forsec.nl/2015/08/compromising-a-honeypot-network-through-the-kippo-password-when-logstash-exec-is-used/


*** Exploiting the Mercury Browser for Android ***
---------------------------------------------
The Mercury Browser for Android suffers from an insecure Intent URI scheme implementation and a path traversal vulnerability within a custom web server used to support its WiFi Transfer feature. Chaining these vulnerabilities together can allow a ..
---------------------------------------------
http://rotlogix.com/2015/08/23/exploiting-the-mercury-browser-for-android/


*** Username Enumeration against OpenSSH/SELinux with CVE-2015-3238 ***
---------------------------------------------
I recently disclosed a low-risk vulnerability in Linux-PAM versions prior to 1.2.1 which allows attackers to conduct username enumeration and denial of service attacks. The purpose of this post is to provide more technical details around this vulnerability.
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/