[CERT-daily] Tageszusammenfassung - Montag 12-01-2015

Daily end-of-shift report team at cert.at
Mon Jan 12 18:07:16 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 09-01-2015 18:00 − Montag 12-01-2015 18:00
Handler:     Robert Waldner
Co-Handler:  n/a



*** SnoopSnitch Android app notifies users of IMSI catchers, SS7 attacks ***
---------------------------------------------
SnoopSnitch requires a rooted device with a Qualcomm chipset that runs stock Android 4.1 or higher.
---------------------------------------------
http://www.scmagazine.com/free-app-flags-attempts-to-spy-on-mobile-phones/article/391870/




*** Cisco WebEx Vulnerabilities ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8034
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8036
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0582
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8035




*** SAP NetWeaver Business Client for HTML Input Validation Flaws Permit Cross-Site Scripting Attacks ***
---------------------------------------------
A vulnerability was reported in SAP NetWeaver Business Client for HTML. A remote user can conduct cross-site scripting attacks.
The Business Client for HTML component does not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser.
---------------------------------------------
http://www.securitytracker.com/id/1031509




*** PLAID: Die seltsame Welt der ISO-Standards ***
---------------------------------------------
Auf der Real World Crypto berichten Sicherheitsforscher über ihre Erfahrungen mit der ISO. Bei der Standardisierung des Authentifizierungsprotokolls PLAID offenbart sich teilweise eine erschreckende Unkenntnis in Sachen Kryptographie.
---------------------------------------------
http://www.golem.de/news/plaid-die-seltsame-welt-der-iso-standards-1501-111601-rss.html




*** Dan J. Bernstein: Krypto-Algorithmen sicher designen ***
---------------------------------------------
Der Kryptograph Dan Bernstein fordert auf der Real World Crypto seine Kollegen auf, kryptographische Algorithmen so zu designen, dass ein fehlerhafter Einsatz vermieden wird. Es sei keine gute Idee, immer den Programmierern die Schuld zu geben.
---------------------------------------------
http://www.golem.de/news/dan-j-bernstein-krypto-algorithmen-sicher-designen-1501-111605-rss.html




*** Google No Longer Provides Patches for WebView Jelly Bean and Prior ***
---------------------------------------------
Google will no longer be providing security patches for vulnerabilities reported to affect only versions of Android's native WebView prior to 4.4. In other words, Google is now only supporting the current named version of Android (Lollipop, or 5.0) and the prior named version (KitKat, or 4.4). Jelly Bean (versions 4.0 through 4.3) and earlier will no longer see security patches for WebView from Google ...
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2015/01/11/google-no-longer-provides-patches-for-webview-jelly-bean-and-prior




*** Securitys revamped index of pain readies for release ***
---------------------------------------------
Comments sought on draft Common Vulnerability Scoring System 3.0 bug rating scheme
The great unwashed has been afforded an opportunity to comment on a new scheme for classifying the severity of infosec vulnerabilities issued by the National Institute of Standards and Technology.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/01/12/securitys_revamped_index_of_pain_readies_for_release/




*** Ntpdc Local Buffer Overflow ***
---------------------------------------------
Alejandro Hdez (@nitr0usmx) recently tweeted about a trivial buffer overflow in ntpdc, a deprecated NTP query tool still available and packaged with any NTP install. He posted a screenshot of the crash as the result of a large buffer passed into a vulnerable gets call. After digging into it a bit, I decided it'd be a fun exploit to write, and it was. There are a few quarks to it that make it of particular interest, of which I've detailed below.
---------------------------------------------
http://hatriot.github.io/blog/2015/01/06/ntpdc-exploit/




*** Deciphering the landscape for Privacy by Design. ENISA publishes its recommendations for policy makers, data protection authorities and experts ***
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/deciphering-the-landscape-for-privacy-by-design




*** Windows Elevation of Privilege in User Profile Service ***
---------------------------------------------
Platform: Windows 8.1 Update 32/64 bit (No other OS tested)
When a user logs into a computer the User Profile Service is used to create certain directories and mount the user hives (as a normal user account cannot do so). ... However there seems to be a bug in the way it handles impersonation, the first few resources in the profile get created under the user's token, but this changes to impersonating Local System part of the way through.
---------------------------------------------
https://code.google.com/p/google-security-research/issues/detail?id=123




*** Do we need regular IT security fire drills? ***
---------------------------------------------
IT security 'fire drills', supported by executive management and the risk committee should be conducted regularly in organizations, in order to understand the appropriate course of action in advance of a security breach. ... Organizations need to move beyond focusing purely on the prevention of security incidents, and start to concentrate on what they will do when an incident occurs.
---------------------------------------------
http://www.net-security.org/secworld.php?id=17810




*** Diving into a Silverlight Exploit and Shellcode - Analysis and Techniques ***
---------------------------------------------
http://www.checkpoint.com/downloads/partners/TCC-Silverlight-Jan2015.pdf




*** Open-Source USB Exploitation Library - Teensyduino ***
---------------------------------------------
What is Paensy? Paensy [pan-zee] is a combination of the word payload and Teensy - Paensy is an attacker-oriented, C-based library written for the development of Teensy devices. Paensy simplifies and optimizes mundane tasks and allows an easier platform for scripting.
---------------------------------------------
http://malware.cat/?p=89




*** Protecting yourself from Powershell based VBA Macro Attacks ***
---------------------------------------------
As some of you may know, I released a standalone Powershell script that will automatically generate a malicious VBA macro using different payloads and persistence methods. This can be found here: https://github.com/enigma0x3/Generate-Macro/blob/master/Generate-Macro.ps1 As a response, I have gotten a few questions from sysadmins about protecting their organizations from an attack like this. Since this type of attack relies on social engineering, there are only a handful of things you can do to
---------------------------------------------
https://enigma0x3.wordpress.com/2015/01/11/protecting-yourself-from-powershell-based-vba-macro-attacks/






More information about the Daily mailing list