[CERT-daily] Tageszusammenfassung - Donnerstag 25-06-2015

Daily end-of-shift report team at cert.at
Thu Jun 25 18:09:24 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 24-06-2015 18:00 − Donnerstag 25-06-2015 18:00
Handler:     Robert Waldner
Co-Handler:  n/a



*** Paper: Using .NET GUIDs to help hunt for malware ***
---------------------------------------------
Tool to extract identifiers incorporated into VirusTotal.
The large number of new malware samples found each day hasnt made malware analysis an easier task, and researchers could use anything that helps them automate this task. Today, we publish a paper by Cylance researcher Brian Wallace, who looks at two globally unique identifiers (GUIDs) found in malware created using .NET, which can help link multiple files to the same Visual Studio project.
---------------------------------------------
http://www.virusbtn.com/blog/2015/06_24a.xml?rss





*** The Powershell Diaries - Finding Problem User Accounts in AD, (Wed, Jun 24th) ***
---------------------------------------------
Powershell has gotten a lot of attention lately as a pentesters tool of choice, since it has access to pretty much every low-level system function in the Microsoft ecosystem, and the AV industry isnt dealing well with that yet (aside from ignoring powershell completely that is). But what about day-to-day system administration? Really, the possibilities for admins are just as limitless as for pentesters - thats what Powershell was invented for after all !
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19833&rss




*** Shibboleth authentication - Moderately critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-129 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-129
Project: Shibboleth authentication (third-party module)
Version: 6.x, 7.x
Date: 2015-June-24
Security risk: 13/25 ( Moderately Critical) 
AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting
Description
Shibboleth authentication module allows users to log in and get permissions based on federated (SAML2) authentication.The module didnt filter the text that is displayed as a login link.
---------------------------------------------
https://www.drupal.org/node/2511518




*** HybridAuth Social Login - Less Critical - Access bypass - SA-CONTRIB-2015-127 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-127
Project: HybridAuth Social Login (third-party module)
Version: 7.x
Date: 2015-June-24
Security risk: 8/25 ( Less Critical) 
AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:UncommonVulnerability: Access bypass
Description
The HybridAuth Social Login module enables you to allow visitors to authenticate or login to a Drupal site using their identities from social networks like Facebook or Twitter.
---------------------------------------------
https://www.drupal.org/node/2511410





*** Web security subtleties and exploitation of combined vulnerabilities, (Thu, Jun 25th) ***
---------------------------------------------
The goal of a penetration test is to report all identified vulnerabilities to the customer. Of course, every penetration tester puts most of his effort into finding critical security vulnerabilities: SQL injection, XSS and similar, which have the most impact for the tested web application (and, indeed, it does not hurt a penetration testers ego when such a vulnerability is identified :)
However, I strongly push towards reporting of every single vulnerability, no matter how harmless it might appear ...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19837&rss




*** Samsung deaktiviert keine Sicherheitsupdates von Windows ***
---------------------------------------------
PR-Desaster im Eigenbau: Samsung veröffentlicht ein Tool namens "disable_Windowsupdate.exe". Doch das macht gar nicht das, was der Name vermuten lässt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Samsung-deaktiviert-keine-Sicherheitsupdates-von-Windows-2724602.html?wt_mc=rss.ho.beitrag.rdf





*** Von wegen Schutz: NOD32 erlaubt das Kapern von Rechnern ***
---------------------------------------------
Statt die Nutzer zu schützen erlaubte NOD32 von Eset es Angreifern, die Rechner der Opfer komplett zu übernehmen. Das Update, welches die Lücke schließt, sollte schleunigst eingespielt werden.
---------------------------------------------
http://heise.de/-2728967




*** SSA-142512 (Last Update 2015-06-25): Cross-Site Scripting Vulnerability in Climatix BACnet/IP Communication Module ***
---------------------------------------------
SSA-142512 (Last Update 2015-06-25): Cross-Site Scripting Vulnerability in Climatix BACnet/IP Communication Module
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-142512.pdf




*** Multiple vulnerabilities in Cisco products ***

*** Cisco Wireless LAN Controller Command Injection Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39517

*** Cisco IOS XR MPLS LDP Packet Processing Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39509

*** Cisco Unified Presence Server Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39504

*** Cisco IM and Presence Service Leaked Encrypted Passwords Privilege Escalation Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39505

*** Cisco IM and Presence Service SQL Injection Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39506


More information about the Daily mailing list