[CERT-daily] Tageszusammenfassung - Donnerstag 12-11-2015

Daily end-of-shift report team at cert.at
Thu Nov 12 18:13:38 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 11-11-2015 18:00 − Donnerstag 12-11-2015 18:01
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** Distributed Vulnerability Search - Told via Access Logs ***
---------------------------------------------
Sometimes just a few lines of access logs can tell a whole story: Many ongoing attacks against WordPress and Joomla sites use a collection of known vulnerabilities in many different plugins, themes and components. This helps hackers maximize the number of sites they can compromise. Google Dorks Do you ever think about how hackers find...
---------------------------------------------
https://blog.sucuri.net/2015/11/distributed-vulnerability-search-told-via-access-logs.html




*** Latest Android phones hijacked with tidy one-stop-Chrome-pop ***
---------------------------------------------
Chinese researcher burns exploit for ski trip. PacSec: Googles Chrome for Android has been popped in a single exploit that could lead to the compromise of any handset.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/11/12/mobile_pwn2own/




*** Samsung S6 calls open to man-in-the-middle base station snooping ***
---------------------------------------------
Their cheap man-in-the-middle attack requires an OpenBTS base station to be established and located near target handsets. Handsets will automatically connect to the bogus station. The malicious base station then pushes firmware to the phones baseband processor (the chip that handles voice calls, and which isnt directly accessible to end users). ... The Register would speculate that since the Qualcomm silicon in question isnt unique to Samsung kit, other researchers are probably setting to work...
---------------------------------------------
http://www.theregister.co.uk/2015/11/12/mobile_pwn2own1/




*** Geschäftsgeheimnisse: Sicherheitsforscher warnt vor TTIP ***
---------------------------------------------
Das Freihandelsabkommmen TTIP hat eine weitere Gegnergruppe: IT-Sicherheitsforscher. Das jedenfalls sagt René Pfeiffer, Organisator der Deepsec in Wien. Er fürchtet, dass Informationen über Sicherheitsrisiken damit noch stärker unterbunden werden.
---------------------------------------------
http://www.golem.de/news/geschaeftsgeheimnisse-sicherheitsforscher-warnt-vor-ttip-1511-117419.html




*** Outlook-Probleme: Microsoft fixt Sicherheits-Update für Windows ***
---------------------------------------------
Microsoft hat ein fehlerhaftes Update zurückgezogen und durch eine gefixte Version ersetzt. Nach der Installation soll Outlook nicht mehr abstürzen. Doch es gibt noch weitere Probleme.
---------------------------------------------
http://heise.de/-2919456




*** Pentesting SAP Applications : An Introduction ***
---------------------------------------------
Introduction to SAP SAP (Systems-Applications-Products) is a software suite that offers standard business solutions; it is used by thousands of customers across the globe to manage their business. In other words, SAP systems provide the capability to manage financial, asset, and cost accounting, production operations and materials, personnel and many more tasks. Before we jump...
---------------------------------------------
http://resources.infosecinstitute.com/pen-stesting-sap-applications-part-1/




*** EMV Protocol Fuzzer ***
---------------------------------------------
The world-wide introduction of the Europay, MasterCard and Visa standard (EMV), to facilitate communication between smartcards and EMV-enabled devices, such as point-of-sale (POS) terminals and automatic teller machines (ATMs), has altered the security landscape of the daily markets. Surprisingly limited public research exists addressing security aspects of hardware and software specific implementations. This is something we wanted to put right and therefore started a new research programme to...
---------------------------------------------
https://labs.mwrinfosecurity.com/blog/2015/11/11/emv-protocol-fuzzer/




*** Got a time machine? Good, you can brute-force 2FA ***
---------------------------------------------
Security researcher Gabor Szathmari says the problem is that if your 2FA tokens depend on the network time protocol (NTP), its too easy for a sysadmin to put together an attackable implementation. As he explains in two posts.., if an attacker can trick NTP, they can mount a brute-force attack against the security tokens produced by Google Authenticator (the example in the POC) and a bunch of other Time-based One-time Password Algorithm-based (TOTP) 2FA mechanisms.
---------------------------------------------
http://www.theregister.co.uk/2015/11/12/got_a_time_machine_good_you_can_bruteforce_2fa/




*** Spam and phishing in Q3 2015 ***
---------------------------------------------
The dating theme is typical for spam emails, but in the third quarter of 2015 we couldn't help but notice the sheer variety appearing in these types of mailings. We came across some rather interesting attempts to deceive recipients and to bypass filters, as well as new types of spam mailings that were bordering on fraud.
---------------------------------------------
https://securelist.com/analysis/quarterly-spam-reports/72724/spam-and-phishing-in-q3-2015/




*** Oracle WebLogic Server: CVE-2015-4852 patched, (Thu, Nov 12th) ***
---------------------------------------------
Lost in the hoopla around Microsoft and Adobe patch Tuesday was a critical patch released by Oracle which addressed CVE-2015-4852. CVE-2105-4852is a critical vulnerability in Apache Commons which affects Oracle WebLogic Server. This vulnerability permits remote exploitation without authentication and should be patchedas soon as practical. More information can be found at the Oracle Blog. -- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ -...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20369&rss




*** Cisco Cloud Web Security DNS Hijack, (Thu, Nov 12th) ***
---------------------------------------------
We have received a report that a domain critical in delivering the Cisco Cloud Web Security product had for a while earlier today been hijacked. The report indicates thatthe DNS entrys forscansafe.net were hijacked and pointed to 208.91.197.132, a site which both VirusTotal and Web of Trust indicate has a reputation for delivering malware.">Guidance that has been provided to customers is that the issue has been resolved but that the TTL on the DNS entries are 48 hours so it will take a...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20371&rss




*** Volatility 2.5 released ***
---------------------------------------------
This is the first release since the publication of The Art of Memory Forensics! It adds support for Windows 10 (initial), Linux kernels 4.2.3, and Mac OS X El Capitan. Additionally, the unified output rendering gives users the flexibility of asking for results in various formats (html, sqlite, json, xlsx, dot, text, etc.) while simplifying things for plugin developers. In short, less code...
---------------------------------------------
http://www.volatilityfoundation.org/?_escaped_fragment_=25/c1f29




*** Die Apache Software Foundation zu dem Java Commons Collection/Java (De)Serialization Problem ***
---------------------------------------------
Die Apache Software Foundation zu dem Java Commons Collection/Java (De)Serialization Problem12. November 2015Die Apache Software Foundation hat dazu einen ausführlichen Blog-Post verfasst. Die Money Quote daraus: "Even when the classes implementing a certain functionality cannot be blamed for this vulnerability, and fixing the known cases will also not make the usage of serialization in an untrusted context safe, there is still demand to fix at least the known cases, even when this...
---------------------------------------------
http://www.cert.at/services/blog/20151112140918-1625.html




*** R-Scripts VRS 7R Multiple Stored XSS And CSRF Vulnerabilities ***
---------------------------------------------
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Stored cross-site scripting vulnerabilitity was also discovered. The issue is triggered when input passed via multiple POST parameters is not properly sanitized before being returned to the user. This can be exploited to execute...
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5274.php




*** Cisco FireSight Management Center Web Framework Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151111-fmc




*** Google Picasa CAMF Section Integer Overflow Vulnerability ***
---------------------------------------------
2) Severity Rating: Highly critical Impact: System Access Where: From remote ... 4) Solution Update to version 3.9.140 Build 259.
---------------------------------------------
http://www.securityfocus.com/archive/1/536878




*** Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 ***
---------------------------------------------
A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host. This vulnerability affects all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1.
---------------------------------------------
http://support.citrix.com/article/CTX202583




*** Security Notice - Statement on Security Researchers Revealing a Security Vulnerability in Huawei HG630a&HG630a-50 on Packet Storm Website ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-461898.htm


More information about the Daily mailing list