[CERT-daily] Tageszusammenfassung - Dienstag 27-09-2016

Tue Sep 27 18:03:40 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 26-09-2016 18:00 − Dienstag 27-09-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Sofacy APT Targeting OS X Machines with Komplex Trojan ***
---------------------------------------------
APT gang Sofacy is targeting Mac OS X users with a Trojan that allows an attacker to execute remote commands on infected systems.
---------------------------------------------
http://threatpost.com/sofacy-apt-targeting-os-x-machines-with-komplex-trojan/120882/


*** Java-Deserialization-Cheat-Sheet ***
---------------------------------------------
A cheat sheet for pentesters about Java Native Binary Deserialization vulnerabilities
---------------------------------------------
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet


*** Sicherheitsupdate für Django 1.8 und 1.9 veröffentlicht ***
---------------------------------------------
Grund für das Update des Webframeworks ist eine Schwachstelle, die im Zusammenspiel mit Google Analytics Djangos CSRF-Schutz angreifbar macht. Das aktuelle Django 1.10 ist nicht betroffen, und ältere Varianten als 1.8 erhalten keine Security-Patches mehr.
---------------------------------------------
http://heise.de/-3332611


*** Rotten Potato - Privilege Escalation from Service Accounts to SYSTEM ***
---------------------------------------------
The idea behind this vulnerability is simple to describe at a high level: - Trick the 'NT AUTHORITY\SYSTEM' account into authenticating via NTLM to a TCP endpoint we control.
- Man-in-the-middle this authentication attempt (NTLM relay) to locally negotiate a security token for the 'NT AUTHORITY\SYSTEM' account. This is done through a series of Windows API calls.
- Impersonate the token we have just negotiated
---------------------------------------------
https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/


*** Unsafe at any clock speed: Linux kernel security needs a rethink ***
---------------------------------------------
Ars reports from the Linux Security Summit - and finds much work that needs to be done.
---------------------------------------------
http://arstechnica.com/security/2016/09/linux-kernel-security-needs-fixing/


*** No wonder were being hit by Internet of Things botnets. Ever tried patching a Thing? ***
---------------------------------------------
Akamai CSO laments pisspoor security design practices Internet of Things devices are starting to pose a real threat to security for the sensible part of the web, Akamais chief security officer Andy Ellis has told The Register.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/09/27/akamai_chief_security_officer_andy_ellis_interview_internet_of_things/


*** CVE-2016-7543 -- bash SHELLOPTS+PS4 ***
---------------------------------------------
The recent bash 4.4 patched an old attack vector regarding specially crafted SHELLOPTS+PS4 environment variables against bogus setuid binaries using system()/popen().
---------------------------------------------
http://seclists.org/oss-sec/2016/q3/617


*** Siemens SCALANCE M-800/S615 Web Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a web security vulnerability in Siemens SCALANCE M-800 and S615 modules.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-271-01


*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2015-8325, CVE-2016-6210, CVE-2016-6515) ***
---------------------------------------------
http://aix.software.ibm.com/aix/efixes/security/java_july2016_advisory.asc