[CERT-daily] Tageszusammenfassung - Mittwoch 18-03-2015
Daily end-of-shift report
team at cert.at
Wed Mar 18 18:25:45 CET 2015
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 17-03-2015 18:00 − Mittwoch 18-03-2015 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Malware Hunting with the Sysinternals Tools ***
---------------------------------------------
This session provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. Mark Russinovich demonstrates their malware-hunting capabilities by presenting several real-world cases that used the tools to identify and clean malware, and concludes by...
---------------------------------------------
http://blog.malwareresearch.institute/video/2015/03/17/malware-hunting-with-the-sysinternals-tools
*** Pass the hash!, (Wed, Mar 18th) ***
---------------------------------------------
No, this isnt about sharing a hallucinogen-laced bong for a smoke. The hash were referring to here is the one that Wikipedia aptly but unhelpfully defines as a derivation of data, notably used in cryptographic hash functions. Passing the hash is a form of login credential theft that is quite prevalent. In it, an attacker captures the encoded session password (the hash) from one computer, and then re-uses it to illicitly access another computer. On (most configurations of) the Microsoft Windows...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19479&rss
*** SSL Labs unveils free open source tool, new APIs ***
---------------------------------------------
Qualys SSL Labs now includes free assessment APIs, accompanied by a free open source tool that can be used for bulk and automated testing of websites. These new enhancements provide the same results a...
---------------------------------------------
http://www.net-security.org/secworld.php?id=18096
*** Apple-Browser: Update für drei Safari-Versionen behebt Sicherheitslücken ***
---------------------------------------------
Apple hat in der Nacht zum Mittwoch Aktualisierungen für Safari unter OS X Mountain Lion, OS X Mavericks und OS X Yosemite veröffentlicht. Damit werden teils schwerwiegende Fehler ausgebügelt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Apple-Browser-Update-fuer-drei-Safari-Versionen-behebt-Sicherheitsluecken-2578006.html?wt_mc=rss.ho.beitrag.rdf
*** Fatally flawed RC4 should just die, shout angry securobods ***
---------------------------------------------
Its the Swiss Cheese of infosec and were all gazing through its holes Security researchers have banged another nail into the coffin of the ageing RC4 encryption algorithm.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/03/18/kill_rc4_say_security_researchers/
*** Mobile Android, iOS Apps Still Vulnerable to FREAK Attacks ***
---------------------------------------------
FireEye scanned iOS and Android apps downloaded billions of times in aggregate and determined that, despite the availability of patches, because the apps still connect to vulnerable HTTPS servers, they're subject to FREAK attacks.
---------------------------------------------
http://threatpost.com/mobile-android-ios-apps-still-vulnerable-to-freak-attacks/111695
*** Cisco Content Services Switch (11500) Unauthenticated Port Forwarding Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=37889
*** VU#868948: HP ArcSight contains multiple vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#868948 HP ArcSight contains multiple vulnerabilities Original Release date: 17 Mar 2015 | Last revised: 17 Mar 2015 Overview HP ArcSight contains multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE PendingHP ArcSight Logger 5.3.1.6838.0 configuration import file upload capability does not sanitize file names, which allows a remote, authenticated attacker to put arbitrary files into the document root. This vulnerability...
---------------------------------------------
http://www.kb.cert.org/vuls/id/868948
*** Security Advisory - Resource Management Vulnerability in the AR1220 ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417840.htm
*** Security Advisory - Directory File Deletion Vulnerability in UDS ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417839.htm
*** Security Advisory - Multiple Injection Vulnerabilities in UDS ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417837.htm
*** [DSA 3195-1] php5 security update ***
---------------------------------------------
Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-2305 - Guido Vranken discovered a heap overflow in the ereg extension (only applicable to 32 bit systems). ... CVE-2015-0231 - Stefan Esser discovered a use-after-free in the unserialisation of objects. CVE-2015-0232 - Alex Eubanks discovered incorrect memory management in the exif extension. CVE-2015-0273 - Use-after-free in the unserialisation of DateTimeZone.
---------------------------------------------
https://lists.debian.org/debian-security-announce/2015/msg00080.html
*** XZERES 442SR Wind Turbine Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a cross-site request forgery vulnerability in XZERES's 442SR turbine generator operating system.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-076-01
*** Honeywell XL Web Controller Directory Traversal Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a directory traversal vulnerability in Honeywell's XL Web Controller.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-076-02
More information about the Daily
mailing list