[CERT-daily] Tageszusammenfassung - Dienstag 5-04-2016
Daily end-of-shift report
team at cert.at
Tue Apr 5 18:15:43 CEST 2016
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 04-04-2016 18:00 − Dienstag 05-04-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Chrome Extension Caught Hijacking Users Browsers ***
---------------------------------------------
An anonymous reader writes: Google has intervened and banned the Better History Chrome extension from the Chrome Web Store after users reported that it started taking over their browsing experience and redirecting them to pages showing ads. As it turns out, the extension was sold off to an unnamed buyer who started adding malicious code that would redirect the users traffic through a proxy, showing ads and collecting analytics on the users traffic habits. This same malicious code has also been...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/4tdNNvCWAQs/chrome-extension-caught-hijacking-users-browsers
*** Microsoft account-hijacking hole closed 48 hours after bug report ***
---------------------------------------------
Token-harvesting attack meant one login could open doors to multiple Microsoft services British researcher Jack Whitton has reported a Microsoft account hijacking authentication bug that would have been another arrow in an attackers phishing quiver, save for the fact that Microsoft fixed it.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/05/microsoft_brews_serves_accounthijack_hole_patch_in_two_days/
*** Sicherheitslücken: Angreifer können Open-Xchange Code unterjubeln ***
---------------------------------------------
In Open-Xchange klaffen zwei Schwachstellen, über die Kriminelle im schlimmsten Fall Sessions kapern können. Sicherheitspatches wurden bereits verteilt.
---------------------------------------------
http://heise.de/-3162127
*** Update your ManageEngine Password Manager Pro ASAP! ***
---------------------------------------------
Security researcher Sebastian Perez has revealed eight serious security vulnerabilities in ManageEngine Password Manager Pro (PMP), a password management software for enterprises, and has released details and PoC code for each of them. The solution has already been updated with fixes, so if your enterprise is using it to control the access to shared administrative/privileged passwords, you should update to the latest version and build (v8.3, build 8303) as soon as possible (if you haven't...
---------------------------------------------
https://www.helpnetsecurity.com/2016/04/05/update-manageengine-password-manager-pro/
*** One Conference 2016 Protecting Bits and Atoms: Cyber security is a precondition for our future ***
---------------------------------------------
Cyber security, and therefore being able to use all the possibilities that ICT offers, is a precondition for the undisturbed functioning of society and for our future. With these words, State secretary Dijkhoff (Security and Justice) emphasizes the importance of the international One Conference 2016 of the National Cyber Security Center (NCSC). We cant be passive on what is to come. The speed of the developments in the digital domain require a continuous effort of both public and private...
---------------------------------------------
https://www.ncsc.nl/english/current-topics/news/one-conference-2016-protecting-bits-and-atoms-cyber-security-is-a-precondition-for-our-future.html
*** Firefox Add-On Flaw Leaves Apple And Windows Computers Open To Attack ***
---------------------------------------------
Researchers say reliance on an outdated Firefox extension platform opens the door for remote system attacks on Mac OS and Windows systems.
---------------------------------------------
http://threatpost.com/firefox-add-on-flaw-leaves-apple-and-windows-computers-open-to-attack/117183/
*** Keep Windows machines infected abusing Windows Desired State Configuration (DSC) ***
---------------------------------------------
Two forensics experts have demonstrated how to abuse the Windows Desired State Configuration (DSC) feature to gain persistence on the compromised machine. At the last Black Hat Asia, the forensics experts Matt Hastings and Ryan Kazanciyan from Tanium have demonstrated how to abuse the Windows Desired State Configuration (DSC) feature to gain persistence on the compromised machine. The DSC...
---------------------------------------------
http://securityaffairs.co/wordpress/46006/hacking/abusing-windows-dsc.html
*** Complete Tour of PE and ELF: Part 4 ***
---------------------------------------------
Since we have completed the PE structure, now it is time to look at the ELF structure which is somewhat easier to understand as compared to PE. For ELF structure, we will be looking at both the linking view and execution view of a binary. Sections are similar to what we saw in PE structure...
---------------------------------------------
http://resources.infosecinstitute.com/complete-tour-of-pe-and-elf-part-4/
*** Passwort-Test von CNBC: Unverschlüsselt und unverantwortlich ***
---------------------------------------------
In einem Artikel des Nachrichtensenders CNBC konnten Leser die Sicherheit ihrer Kennwörter testen. Was kann dabei schon schiefgehen? Eine ganze Menge, wie Sicherheitsforscher aufzeigen.
---------------------------------------------
http://heise.de/-3162731
*** Google fixes 39 Android flaws, some allow hackers to take over your phone ***
---------------------------------------------
Google has released one of the largest Android monthly security updates, fixing a total of 39 vulnerabilities - 15 rated critical, including four that can lead to a complete device compromise.The patches, which are included in new firmware images that were released Monday for the companys Nexus devices, will also be published to the Android Open Source Project over the next 24 hours.They include a fix for a vulnerability that Google warned about two weeks ago and which is already being...
---------------------------------------------
http://www.cio.com/article/3052201/google-fixes-39-android-flaws-some-allow-hackers-to-take-over-your-phone.html#tk.rss_security
*** About the security content of iOS 9.3 ***
---------------------------------------------
This document describes the security content of iOS 9.3.
---------------------------------------------
https://support.apple.com/en-us/HT206166
*** DFN-CERT-2016-0548: BlackBerry powered by Android: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0548/
*** DFN-CERT-2016-0549: Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Administratorrechten ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0549/
*** Sophos Cyberoam NG Series Multiple Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
Multiple reflected XSS issues were discovered in Cyberoam NG appliances. Input passed via the ipFamily, applicationname and username GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitised before being returned to the user. Adding arbitrary X-Forwarded-For HTTP header to a request makes the appliance also prone to a XSS issue. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5313.php
*** DSA-3541 roundcube - security update ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered that Roundcube, awebmail client, contained a path traversal vulnerability. This flawcould be exploited by an attacker to access sensitive files on theserver, or even execute arbitrary code.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3541
*** USN-2945-1: XChat-GNOME vulnerability ***
---------------------------------------------
Ubuntu Security Notice USN-2945-14th April, 2016xchat-gnome vulnerabilityA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryXChat-GNOME could be made to expose sensitive information over the network.Software description xchat-gnome - simple and featureful IRC client for GNOME DetailsIt was discovered that XChat-GNOME incorrectly verified the hostname in anSSL certificate. An attacker could trick XChat-GNOME into trusting...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2945-1/
*** USN-2944-1: Libav vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-2944-14th April, 2016libav vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTSSummaryLibav could be made to crash or run programs as your login if it opened aspecially crafted file.Software description libav - Multimedia player, server, encoder and transcoder DetailsIt was discovered that Libav incorrectly handled certain malformed mediafiles. If a user were tricked into opening a crafted media file, anattacker could...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2944-1/
*** Bugtraq: [SE-2012-01] Broken security fix in IBM Java 7/8 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537973
*** Open-Xchange Input Validation Flaws Let Remote Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1035469
*** Bugtraq: [security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537977
More information about the Daily
mailing list