[CERT-daily] Tageszusammenfassung - Donnerstag 8-01-2015

Thu Jan 8 18:22:21 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 07-01-2015 18:00 − Donnerstag 08-01-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Why patch management is ALSO REQUIRED in ICS infrastructure, (Wed, Jan 7th) ***
---------------------------------------------
Security patch management is a delicate issue in critical infrastructure. This is caused for the specific configuration, operating system version and related software required by the ICS platform. Most support contracts states that any modification outside the parameters stated by the manufacturer will void the relation and release manufacturer and seller from any responsibility about malfunction and any consequence on the industrial process. Unfortunately, when we talk about ICS software...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19157&rss


*** Assessing the risk of POODLE, (Thu, Jan 8th) ***
---------------------------------------------
One of the biggest security announcements in the last year was definitely the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability, which marked the real end of SSLv3. In a contrast with many other previously identified vulnerabilities in encryption algorithms used by SSLv3, this vulnerability is viable, and can be exploited by an attacker without jumping over too many obstacles or requiring large resources the POODLE vulnerability is real. While this raised quite a bit of...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19159&rss


*** wmap - A Chrome Extension for Taking Screenshots of Web Services In Bulk ***
---------------------------------------------
wmap is a Chrome extension written mostly in JavaScript which uses the Chrome browser to generate HTML screenshot reports of web services.
---------------------------------------------
http://thehackerblog.com/wmap-a-chrome-extension-for-taking-screenshots-of-web-services/


*** B-Sides Ljubljana ***
---------------------------------------------
First Security B-Sides Ljubljana is about to *happen*. BSides is community driven information security conference that will be held March 12th in Ljubljana, Slovenia, day after Cloud Security Alliance CEE Summit 2015. Call for papers is now online.
---------------------------------------------
http://bsidesljubljana.si/


*** Bypassing OpenSSL Certificate Pinning in iOS Apps ***
---------------------------------------------
When mobile applications communicate with an API or web service, this should generally happen via TLS/SSL (e.g., HTTPS). ... Since any of the CAs may issue a certificate for any hostname/server, security-conscious applications should "pin" the expected server certificate in the application, i.e., not accept any certificate but the one issued by the known-good CA which the application developer uses.
---------------------------------------------
http://chargen.matasano.com/chargen/2015/1/6/bypassing-openssl-certificate-pinning-in-ios-apps.html


*** PowerShell Toolkit: PowerSploit ***
---------------------------------------------
PowerSploit is a collection of PowerShell scripts which can prove to be very useful during some exploitation and mostly post-exploitation phases of a penetration test. To get the latest version of PowerSploit, visit this URL: https://github.com/mattifestation/PowerSploit If you have GIT, then you can simply run the following command to get...
---------------------------------------------
http://resources.infosecinstitute.com/powershell-toolkit-powersploit/


*** Using Free Tools To Detect Attacks On ICS/SCADA Networks ***
---------------------------------------------
ICS/SCADA experts say open-source network security monitoring software is a simple and cheap way to catch hackers targeting plant operations.
---------------------------------------------
http://www.darkreading.com/perimeter/using-free-tools-to-detect-attacks-on-ics-scada-networks/d/d-id/1318527


*** State of the Internet: Attack traffic, DDoS, IPv4 and IPv6 ***
---------------------------------------------
Akamai today released its latest State of the Internet report, which provides insight into key global statistics such as connection speeds and broadband adoption across fixed and mobile networks, over...
---------------------------------------------
http://www.net-security.org/secworld.php?id=17798


*** Windows exploitation in 2014 ***
---------------------------------------------
Today, we published our research about Windows exploitation in 2014. This report contains interesting information about vulnerabilities in Microsoft Windows and Office patched over the course of the year, drive-by download attacks and mitigation techniques.
---------------------------------------------
http://www.welivesecurity.com/2015/01/08/windows-exploitation-2014/


*** Netskope Cloud Report - January 2015 ***
---------------------------------------------
In this quarterly Netskope Cloud Report, a key find in that as many as 15 percent of business users have had their credentials compromised. Since up to half of users re-use passwords for multiple accounts, the likelihood of users logging into business-critical apps with these credentials is high, putting business-sensitive data at risk.
---------------------------------------------
https://www.netskope.com/reports/netskope-cloud-report-january-2015/


*** Deobfuscating Malicious Macros Using Python ***
---------------------------------------------
Over the past few weeks, weve observed cybercriminals spamming users, particularly in the UK, using document files embedded with malicious macros masquerading as invoices. The attachment is either a Word or an Excel document file. Here are some examples incorporating brands based in the UK: Users must enable macros in order for these malicious documents to work. In some cases, the documents include instructions for enabling macros. You may think of document macro viruses as a thing...
---------------------------------------------
http://blog.spiderlabs.com/2015/01/tips-for-deobfuscating-the-malicious-macros-using-python.html


*** vBulletin Releases Serious Vulnerability in VBSEO ***
---------------------------------------------
The vBulletin team sent an email yesterday to all their clients about a potential security vulnerability on VBSEO. VBSEO is widely used SEO module for vBulletin that was discontinued last year. This makes the problem worse, no patches will be released for it. If you are using VBSEO, you have 3 options: Completely remove VBSEO...
---------------------------------------------
http://blog.sucuri.net/2015/01/serious-vulnerability-on-vbseo.html


*** Aviator Going Open Source ***
---------------------------------------------
One of the most frequent criticisms we've heard at WhiteHat Security about Aviator is that it's not open source. There were a great many reasons why we didn't start off that way, not the least of which was getting the legal framework in place to allow it, but we also didn't want our efforts to...
---------------------------------------------
https://blog.whitehatsec.com/aviator-going-open-source/


*** Evolving Microsofts Advance Notification Service in 2015 ***
---------------------------------------------
Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved, prompting us to evaluate our existing information and distribution channels. This desire to improve is why customers may have seen us introduce myBulletins to provide bulletin reports tailored to...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2015/01/07/evolving-advance-notification-service-ans-in-2015.aspx


*** OpenSSL Fixes Eight Security Vulnerabilities ***
---------------------------------------------
The OpenSSL Project has released several new versions of the software that fix eight security vulnerabilities, including several certificate issues and a couple of denial-of-service flaws. The patches included in OpenSSL 1.0.0p, 1.0.1k and 0.98zd are not for critical or high-risk vulnerabilities, but they do fix some interesting vulnerabilities. Two of the bugs are rated moderate and the other...
---------------------------------------------
http://threatpost.com/openssl-fixes-eight-security-vulnerabilities/110279
https://www.openssl.org/news/secadv_20150108.txt


*** Cisco Secure Access Control Server Privilege Escalation Vulnerability ***
---------------------------------------------
CVE-2014-8027
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027


*** Cisco Secure Access Control Server Multiple Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
CVE-2014-8028
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8028


*** Cisco Secure Access Control Server Open Redirect Vulnerability ***
---------------------------------------------
CVE-2014-8029
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8029


*** Brother MFC-J4410DW Cross Site Scripting ***
---------------------------------------------
Topic: Brother MFC-J4410DW Cross Site Scripting Risk: Low Text:Class Cross-Site Scripting Remote Yes Disclosed 9th October 2014 Published 7th January 2015 Credit Dave Daly of Dionach (vu...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015010034


*** Pirelli Router WPA weak security ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/99682


*** SA-CONTRIB-2015-010 - Log Watcher - Cross Site Request Forgery (CSRF) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-010Project: Log Watcher (third-party module)Version: 6.xDate: 2015-January-07Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryDescriptionLog Watcher allows you to monitor your site logs in a systematic way by setting up scheduled aggregations for specific log types.The report administration links are not properly protected from CSRF. A malicious user could cause a log
---------------------------------------------
https://www.drupal.org/node/2403463


*** SA-CONTRIB-2015-007 - Htaccess - Cross Site Request Forgery (CSRF) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-007Project: htaccess (third-party module)Version: 7.xDate: 2015-January-07Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryDescriptionThe Htaccess module allows the creation and deployment of .htaccess files based on custom settings.Some administration links were not properly protected from Cross Site Request Forgery (CSRF). A malicious user could cause an administrator to deploy or
---------------------------------------------
https://www.drupal.org/node/2403445


*** SA-CONTRIB-2015-005 - WikiWiki - SQL injection ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-005Project: WikiWiki (third-party module)Version: 6.xDate: 2015-January-07Security risk: 22/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:AllVulnerability: SQL InjectionDescriptionWikiWiki module gives you one place to create, share and find wiki pages in your site.The module did not sanitize user input inside a database query thereby leading to a SQL Injection vulnerability.CVE identifier(s) issuedA CVE identifier will be requested, and
---------------------------------------------
https://www.drupal.org/node/2403375