[CERT-daily] Tageszusammenfassung - Donnerstag 11-05-2017

Daily end-of-shift report team at cert.at
Thu May 11 18:18:23 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 10-05-2017 18:00 − Donnerstag 11-05-2017 18:00
Handler:     Olaf Schwarz
Co-Handler:  Alexander Riepl


*** Cisco WebEx Meetings Server Information Disclosure Vulnerability ***
---------------------------------------------
A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170510-cwms




*** Google Wont Patch A Critical Android Flaw Before 'Android O' Release ***
---------------------------------------------
Millions of Android smartphones are at serious risk of "screen hijack" vulnerability that allows hackers to steal your passwords, bank details, as well as helps ransomware apps extort money from victims. The worse thing is that Google says it wont be patched until the release of Android O version ..
---------------------------------------------
http://thehackernews.com/2017/05/android-permissions-vulnerability.html




*** Microsoft Bans SHA-1 Certificates in Edge and Internet Explorer ***
---------------------------------------------
Starting yesterday, via updates delivered in the May 2017 Patch Tuesday, Microsoft browsers such as Edge and Internet Explorer, have begun flagging websites as insecure if they use SSL/TLS certificates signed with the SHA-1 algorithm.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-bans-sha-1-certificates-in-edge-and-internet-explorer/




*** Most companies falsely believe their Active Directory is secure ***
---------------------------------------------
A majority of companies falsely believe their Active Directory (AD) is secure, according to a new survey conducted jointly by Skyport Systems and Redmond Magazine. The response from more than 300 IT professionals located in North America revealed that AD security is in fact underperforming at those companies participating in the survey, leaving organizations open to attack from outside hackers and insider threats. 
---------------------------------------------
https://www.helpnetsecurity.com/2017/05/11/active-directory-insecurity/




*** Bugtraq: ESA-2017-017: RSA Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540552




*** HP-Notebooks: Audio-Treiber belauscht Tastatur ***
---------------------------------------------
Bei der Sicherheits-Analyse von HP-Business-Notebooks stießen Sicherheitsforscher auf ein merkwürdiges Keylogging. Dabei schreibt der Audio-Treiber alle Tastatureingaben einschließlich der Passwörter des Anwenders in eine öffentlich lesbare Datei.
---------------------------------------------
https://heise.de/-3710250




*** Chainsaw of Custody: Manipulating forensic evidence the easy way ***
---------------------------------------------
When it comes to computer forensics, or for that matter forensics in general, one of the main challenges is to ensure that evidence that is collected is not tampered with. To achieve this, computer forensic experts adhere to a strict protocol and use many specialized ..
---------------------------------------------
http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html




*** DFN-CERT-2017-0825/">NVIDIA GPU-Treiber: Mehrere Schwachstellen ermöglichen u.a. das Eskalieren von Privilegien ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0825/




*** Edge Security Flaw Allows Theft of Facebook and Twitter Credentials ***
---------------------------------------------
Argentinian security researcher Manuel Caballero has discovered another vulnerability in Microsofts Edge browser that can be exploited to bypass a security protection feature and steal data such as passwords from other sites, or cookie files that contain sensitive information.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/edge-security-flaw-allows-theft-of-facebook-and-twitter-credentials/




*** Analyzing the doublepulsar kernel dll injection technique ***
---------------------------------------------
Like many in the security industry, we have been busy the last few days investigating the implications of the Shadow Brokers leak with regard to attack detection. Whilst there is a lot of interesting content, one particular component that attracted our attention initially was the DOUBLEPULSAR payload. This is because it ..
---------------------------------------------
https://www.countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/




*** Asus-Router können beim Vorbeisurfen im Netz gekapert werden ***
---------------------------------------------
Eine ganze Reihe Router der RT-Serie von Asus beinhalten eine CSRF-Lücke und weitere Schwachstellen, die es unter Umständen möglich machen, die Einstellungen des Gerätes aus dem Web zu ändern. Updates stehen bereit.
---------------------------------------------
https://heise.de/-3712001




*** OpenVPN 2.4.1: Quarkslab and Cryptography Engineering LCC audit overview ***
---------------------------------------------
OpenVPN 2.4.1 was simultaneously reviewed by Quarkslab (funded by OSTIF) and Cryptography Engineering LCC (funded by Private Internet Access). The reports have been published on OSTIFs and PIAs web pages [..] This page lists the findings in their respective reports and shows how the issues were resolved.
---------------------------------------------
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits


More information about the Daily mailing list