[CERT-daily] Tageszusammenfassung - Dienstag 13-01-2015

Daily end-of-shift report team at cert.at
Tue Jan 13 18:13:31 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 12-01-2015 18:00 − Dienstag 13-01-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** Remember Corel? Its just entered .DLL hell ***
---------------------------------------------
Hijack hole found in Corel Draw and other doodleware Local zero day vulnerabilities have been disclosed in Corel applications, potentially affecting more than 100 million users.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/01/13/hijack_hole_found_in_corel/




*** Windows logging cheat sheet - Win 7/Win 2008 or later ***
---------------------------------------------
This "Windows Logging Cheat Sheet" is intended to help you get started setting up basic and necessary Windows Audit Policy and Logging. By no means is this list extensive; but it does include some very common items that should be enabled, configured, gathered and harvested for any Log Management Program. Start with these settings and add to it as you understand better what is in your logs and what you need.
---------------------------------------------
http://sniperforensicstoolkit.squarespace.com/storage/logging/Windows%20Logging%20Cheat%20Sheet%20v1.1.pdf




*** Docker Secure Deployment Guidelines ***
---------------------------------------------
The GitHub repository referenced below aims at providing some deployment guidelines for Docker developers and system administrators alike, that can be used to improve the security posture of Linux containers within a Dockerized environment.
---------------------------------------------
http://blog.gdssecurity.com/labs/2015/1/12/docker-secure-deployment-guidelines.html




*** Alert on unauthorized use of domain administrative account for Active Directory ***
---------------------------------------------
At JPCERT/CC, we have observed multiple targeted attacks against domestic organizations where attackers intruded and stay within a corporate network for long periods of time and steal information. One characteristic of these attacks is that the attackers in the network steal credentials for the domain administrator account (herein, administrator account) in Active Directory, and leverage this administrator account to launch various attacks across the network.
---------------------------------------------
https://www.jpcert.or.jp/english/at/2014/at140054.html




*** Skeleton Key Malware Analysis ***
---------------------------------------------
Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers discovered malware that bypasses authentication on Active Directory (AD) systems that implement single-factor (password only) authentication. Threat actors can use a password of their choosing to authenticate as any user. ... Skeleton Key is deployed as an in-memory patch on a victims AD domain controllers to allow the threat actor to authenticate as any user, while legitimate users can continue to authenticate as normal.
---------------------------------------------
http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/




*** KeySweeper - Arduino-based Keylogger for Wireless Keyboards ***
---------------------------------------------
Security researcher has developed a cheap USB wall charger that is capable to eavesdrop on almost any Microsoft wireless keyboard. MySpace mischief-maker Samy Kamkar has released a super-creepy keystroke logger for Microsoft wireless keyboards cunningly hidden in what appears to be a rather cheap, but functioning USB wall charger.  The stealthy Arduino-based device,...
---------------------------------------------
http://thehackernews.com/2015/01/KeySweeper-Arduino-Keyboard-Keylogger.html




*** Gitrob: Putting the Open Source in OSINT ***
---------------------------------------------
Sometimes employees might publish things that should not be publicly available. Things that contain sensitive information or things that could even lead to direct compromise of a system. This can happen by accident or because the employee does not know the sensitivity of the information. Gitrob is a command line tool that can help organizations and security professionals find such sensitive information.
---------------------------------------------
http://michenriksen.com/blog/gitrob-putting-the-open-source-in-osint/




*** Aggressive Riskware Installation on Amazon Kindle (and Android) ***
---------------------------------------------
As malware continues to grow on Android (900K malicious samples and 1,300 new per day), we sometimes forget attacks can also affect other devices... like Amazons Kindle. The Kindle indeed runs Fire OS, a fork of Android. Thus, in several cases, Android malware also work on Fire OS, and reciprocally. Proof below. ...
---------------------------------------------
http://blog.fortinet.com/post/aggressive-riskware-installation-on-amazon-kindle-and-android




*** OSXCollector: Forensic Collection and Automated Analysis for OS X ***
---------------------------------------------
OSXCollector is an open source forensic evidence collection and analysis toolkit for OS X. It was developed in-house at Yelp to automate the digital forensics and incident response (DFIR) our crack team of responders had been doing manually.
---------------------------------------------
http://engineeringblog.yelp.com/2015/01/osxcollector-forensic-collection-and-automated-analysis-for-os-x.html




*** ICS London 2015 ***
---------------------------------------------
SANS ICS London 2015 hosts four dedicated training courses for those tasked with securing Industrial Control Systems. This specialist training event takes place at the Grand Connaught Rooms in Londons West End, from April 27th to May 2nd 2015.
---------------------------------------------
https://www.sans.org/event/ics-london-2015




*** Millionen Android-Geräte mit Sicherheitslücken auf Lebenszeit ***
---------------------------------------------
Eine Kernkomponente von Android wird auf Geräten mit älteren Versionen nicht mehr mit Patches versorgt. Dabei ist vor allem deren Standardbrowser Einfallstor für Angreifer.
---------------------------------------------
http://www.heise.de/security/meldung/Millionen-Android-Geraete-mit-Sicherheitsluecken-auf-Lebenszeit-2517130.html




*** [2015-01-13] Multiple critical vulnerabilities in all snom desktop IP phones ***
---------------------------------------------
All snom desktop IP phones are affected by multiple critical security issues in all available firmware versions. Attackers are able to completely compromise the phone with root access rights and install backdoors to the device which will even survive a factory reset. Furthermore, tapping into phone calls or surveilling the room is possible.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-0_snom_IP_phones_Multiple_critical_vulnerabilities_v10_wo_poc.txt




*** [2015-01-13] Privilege Escalation & XSS & Missing Authentication in Ansible Tower ***
---------------------------------------------
Attackers are able to elevate privileges and gain access to sensitive data of other organizations in Ansible Tower.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt




*** [2015-01-13] Cross site request forgery vulnerability in XBMC / Kodi ***
---------------------------------------------
An attacker could potentially gain access to sensitive information stored on the system where XBMC / Kodi is installed by exploiting CSRF issues.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-2_Kodi_XBMC_Cross_Site_Request_Forgery_v10.txt




*** VU#533140: Tianocore UEFI implementation reclaim function vulnerable to buffer overflow ***
---------------------------------------------
Vulnerability Note VU#533140 UEFI EDK1 vulnerable to buffer overflow Original Release date: 05 Jan 2015 | Last revised: 05 Jan 2015   Overview The EDK1 UEFI reference implementation contains a buffer overflow vulnerability.   Description The open source EDK1 project provides a reference implementation of the Unified Extensible Firmware Interface (UEFI). Commercial UEFI implementations may incorporate portions of the EDK1 source code.According to Rafal Wojtczuk and Corey Kallenberg, a buffer...
---------------------------------------------
http://www.kb.cert.org/vuls/id/533140




*** Cisco WebEx Meetings Server Information Disclosure Vulnerability ***
---------------------------------------------
CVE-2015-0583
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0583




*** SSA-311299 (Last Update 2015-01-13): Vulnerabilities in iOS App SIMATIC WinCC Sm at rtClient ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-311299.pdf




*** DFN-CERT-2015-0037 - Red Hat JBoss Data Virtualization: Mehrere Schwachstellen ermöglichen u. a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0037/


More information about the Daily mailing list