[CERT-daily] Tageszusammenfassung - Mittwoch 23-09-2015

Daily end-of-shift report team at cert.at
Wed Sep 23 18:02:57 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 22-09-2015 18:00 − Mittwoch 23-09-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl



*** Cisco AnyConnect Secure Mobility Client for Windows Privilege Escalation Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41136




*** Bypass Developed for Microsoft Memory Protection, Control Flow Guard ***
---------------------------------------------
A researcher at Bromium is expected at DerbyCon to disclose a memory corruption mitigation bypass of Microsoft Control Flow Guard.
---------------------------------------------
http://threatpost.com/bypass-developed-for-microsoft-memory-protection-control-flow-guard/114768/




*** Hack Brief: Mobile Manager's Security Hole Would Let Hackers Wipe Phones ***
---------------------------------------------
The vulnerability in the SAP Afaria mobile management system affected all mobile phones used by 6,300 companies.
---------------------------------------------
http://www.wired.com/2015/09/hack-brief-popular-mobile-phone-manager-open-lock-wipe-hacks/




*** Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41128




*** Making our users unlearn what we taught them, (Wed, Sep 23rd) ***
---------------------------------------------
Remember back in the ancient days, when macro viruses were rampant, and we security geeks instructed our flock of virus scared users to never click on a .DOC attachment in an email, but that a .PDF was perfectly fine? Fast forward a couple ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20177




*** Hackers upload bot code to Imgur in 8Chan attack ***
---------------------------------------------
A nasty vulnerability in Imgur was used by attackers to hide malicious code in images, commandeer visitors browsers, and hose the 4Chan and 8Chan image ..
---------------------------------------------
www.theregister.co.uk/2015/09/23/imgur_attack/




*** New security features in HPs printers can detect rogue BIOS and firmware modifications ***
---------------------------------------------
HP refers to this capability as "self-healing security," but its actually a set of code integrity checking mechanisms that security researchers have asked embedded ..
---------------------------------------------
http://www.infoworld.com/article/2985389/printers/hp-adds-protection-against-firmware-attacks-to-enterprise-printers.html




*** Kaspersky: Mo Unpackers, Mo Problems. ***
---------------------------------------------
As well as fuzzing, I've been auditing and reviewing the design, resulting in identifying multiple major flaws that Kaspersky are actively working on resolving. These issues affect everything from network intrusion detection, ssl interception ..
---------------------------------------------
http://googleprojectzero.blogspot.de/2015/09/kaspersky-mo-unpackers-mo-problems.html




*** PHP Malware Finder ***
---------------------------------------------
PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. ... Detection is performed by crawling the filesystem and testing files against a set of YARA rules. Yes, its that simple!
---------------------------------------------
https://github.com/nbs-system/php-malware-finder




*** .htaccess Tricks in Global.asa Files ***
---------------------------------------------
As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual paths (e.g mod_rewrite), auto-append code to PHP scripts, etc. In the world of IIS/ASP there is also an equivalent - Global.asa ..
---------------------------------------------
https://blog.sucuri.net/2015/09/htaccess-tricks-in-global-asa-files.html




*** XCodeGhost iOS app infection toll rises to FOUR THOUSAND ***
---------------------------------------------
The number of XCodeGhost-infected iOS apps, initially pegged at 39, has exploded to more than 4,000. ... The Register has asked FireEye for the names of some of the prominent affected ..
---------------------------------------------
http://www.theregister.co.uk/2015/09/23/xcodeghost_ios_app_infection_toll_rises_to_four_thousand/




*** iOS 9: Erneut Umgehung der Gerätesperre möglich  ***
---------------------------------------------
Neues Betriebssystem, neuer Trick: Erneut wurde ein Lockscreen-Bug entdeckt, mit dem der Zugriff auf Daten von iPhone & Co. auch ohne Eingabe von PIN-Code oder Fingerabdruckfreigabe möglich ist.
---------------------------------------------
http://heise.de/-2824001




*** Security: Lenovo sammelt seit fast einem Jahr Nutzerdaten ***
---------------------------------------------
Ein dritter Fall von fraglichem Umgang mit Nutzerdaten ist bei Lenovo bekanntgeworden. Auf Geräten der Thinkpad-, Thinkcentre- und Thinkstation-Modellreihen kann sich Lenovo-Software befinden, die seit fast einem Jahr das Nutzerverhalten beobachtet.
---------------------------------------------
http://www.golem.de/news/security-lenovo-sammelt-nutzerdaten-seit-fast-einem-jahr-1509-116455.html




*** Firefox 41 ist da: Mehr Sicherheit und Instant Messaging ***
---------------------------------------------
http://derstandard.at/2000022666280




*** Reflected Cross-Site Scripting (XSS) in iTop ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered vulnerability in iTop, which can be exploited to perform Cross-Site Scripting (XSS) attacks against web application users. iTop is a critical application, which is used to cover the entire set of ITIL processes. Successful attack on this web ..
---------------------------------------------
https://www.htbridge.com/advisory/HTB23268




*** ENISA Cyber Europe 2014 - After Action Report ***
---------------------------------------------
ENISAs After Action Report of the pan-European cybersecurity exercise Cyber Europe 2014 (CE2014) was approved by the EU Member States and gives a high-level overview of the complex cybersecurity exercise that was carried out in 2014. The full after action report includes an engaging action plan which ENISA and Member States are committed to implement.
---------------------------------------------
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cce/cyber-europe/ce2014/ce2014-after-action-report




*** Open-Xchange Security Advisory 2015-09-23 ***
---------------------------------------------
Vulnerability Details: Dialogs for printing content were vulnerable to execute injected script code at object properties that get printed. Risk: Malicious script code can be executed within a users context. This can lead to session hijacking ..
---------------------------------------------
http://www.securityfocus.com/archive/1/536523




*** Apple will betroffene Nutzer über XcodeGhost-Apps informieren ***
---------------------------------------------
Der iPhone-Hersteller hat eine 'Top 25'-Liste der infizierten Apps angekündigt und will Angriffen in XcodeGhost-Manier die Grundlage entziehen. Nutzer sollen zudem in Kenntnis gesetzt werden, wenn sie kompromittierte Apps heruntergeladen haben.
---------------------------------------------
http://heise.de/-2824328


More information about the Daily mailing list