[CERT-daily] Tageszusammenfassung - Freitag 20-11-2015

Fri Nov 20 18:23:38 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 19-11-2015 18:00 − Freitag 20-11-2015 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Trojanized adware family abuses accessibility service to install whatever apps it wants ***
---------------------------------------------
Shedun does not exploit a vulnerability in the service, instead it takes advantage of the service's legitimate features. By gaining the permission to use the accessibility service, Shedun is able to read the text that appears on screen, determine if an application installation prompt is shown, scroll through the permission list, and finally, press the install button without any physical interaction from the user.
---------------------------------------------
https://blog.lookout.com/blog/2015/11/19/shedun-trojanized-adware/


*** Tibbo AggreGate Platform Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for vulnerabilities in the Tibbo AggreGate SCADA/HMI package.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01


*** When Hunting BeEF, Yara rules. ***
---------------------------------------------
BeEF, The Browser Exploitation Framework, is a penetration-testing tool focusing on web browsers. You can think of it as the Metasploit for web browsers security testing. In fact, it offers several modules that may allow the attacker to, for example, steal web login credentials, switch on microphone and camera, etc.
---------------------------------------------
https://isc.sans.edu/diary/When+Hunting+BeEF%2C+Yara+rules./20395


*** HTTP Evasions Explained - Part 8 - Borderline Robustness ***
---------------------------------------------
This is part eight in a series which explains the evasions done by HTTP Evader. This part looks into the excessive and inconsistent robustness attempts done by the browser vendors and how this can be used to evade firewalls.
---------------------------------------------
http://noxxi.de/research/http-evader-explained-8-borderline-robustness.html


*** Nmap 7 Released! ***
---------------------------------------------
I encounter many folks at security conferences who havent heard about all the modern Nmap capabilities and still just use it as a simple port scanner. Folks who dont use (or at least know about) NSE, Ncat, Nping, Zenmap, Ndiff, version detection and IPv6 scanning are really missing out!
---------------------------------------------
http://seclists.org/nmap-announce/2015/6


*** contrast-rO0 ***
---------------------------------------------
A lightweight Java agent for preventing attacks against object deserialization like those discussed by @breenmachine and the original researchers @frohoff and @gebl, affecting WebLogic, JBoss, Jenkins and more.
---------------------------------------------
https://github.com/Contrast-Security-OSS/contrast-rO0


*** Metasploit module: Chkrootkit Local Privilege Escalation ***
---------------------------------------------
Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privsec. CVE: CVE-2014-0476
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015110179


*** ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting ***
---------------------------------------------
ArcSight Management Center and ArcSight Logger contain a cross-site scripting vulnerability.
---------------------------------------------
http://jvn.jp/en/jp/JVN51046809/


*** IBM Security Bulletin: IBM i Access for Windows affected by vulnerabilities CVE-2015-2023 and CVE-2015-7422 ***
---------------------------------------------
IBM i Access for Windows is affected by vulnerabilities CVE-2015-2023 and CVE-2015-7422. These vulnerabilities affect the Windows system running the IBM i Access for Windows product.
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1020996


*** IBM Security Bulletin: Multiple vulnerabilities in current releases of IBM WebSphere Real Time ***
---------------------------------------------
Java SE issues disclosed in the Oracle October 2015 Critical Patch Update, plus CVE-2015-5006
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21970978