End-of-Shift report
Timeframe: Dienstag 23-08-2016 18:00 − Mittwoch 24-08-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
The SWEET32 Issue, CVE-2016-2183
Today, Karthik Bhargavan and Gaetan Leurent from Inria have unveiled a new attack on Triple-DES, SWEET32, Birthday attacks on 64-bit block ciphers in TLS and OpenVPN. It has been assigned CVE-2016-2183. This post gives a bit of background and describes what OpenSSL is doing. For more details, see their website.
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
"Wildfire" Ransomware Extinguished by Tool From NoMoreRansom; Unlock Files for Free
Intel Security and Kaspersky Lab, partners in the project NoMoreRansom, are pleased to announce today the availability of a decryption tool for victims of the Wildfire variant of ransomware. This tool is available following successful collaboration with the Dutch police and the European Cybercrime Centre. This strong public-private partnership has led to the seizure of...
https://blogs.mcafee.com/mcafee-labs/wildfire-ransomware-extinguished-tool-nomoreransom-unlock-files-free/
BSI veröffentlicht Update zu den Top 10 Bedrohungen für Industrial Control Systems
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) beobachtet die Bedrohungslage für Industrial Control Systems deshalb kontinuierlich. Die schwerwiegendsten Gefahren sowie passende Gegenmaßnahmen fasst das BSI seit 2012 im Dokument "Industrial Control System Security - Top 10 Bedrohungen und Gegenmaßnahmen" zusammen. Für das Jahr 2016 hat das Bundesamt nun ein Update des Papiers herausgegeben.
https://www.allianz-fuer-cybersicherheit.de/ACS/DE/_/infos/20160823_Update_ICS_Top10.html
NSA-Exploit ExtraBacon soll deutlich mehr Cisco-Firewalls bedrohen
Untersuchungen von Sicherheitsforschern legen nahe, dass auch neuere Version der Cisco Adaptive Security Appliance (ASA) angreifbar sind.
http://heise.de/-3303629
Privilege Escalation on Linux with Live examples
Introduction One of the most important phase during penetration testing or vulnerability assessment is Privilege Escalation. During that step, hackers and security researchers attempt to find out a way (exploit, bug, misconfiguration) to escalate between the system accounts. Of course, vertical privilege escalation is the ultimate goal. For many security researchers, this is a fascinating...
http://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/
Forscher sehen Löcher in Apples iOS-Sandbox
Die iOS-Sandbox weist Wissenschaftlern zufolge "bedenkliche Sicherheitslücken" auf, die Apps den eigentlich verwehrten Zugriff auf Nutzerdaten ermöglichen - und Eingriff ins System. Apple will die Schwachstellen offenbar mit iOS 10 schließen.
http://heise.de/-3304068
VMSA-2016-0013
VMware Identity Manager and vRealize Automation updates address multiple security issues
https://www.vmware.com/security/advisories/VMSA-2016-0013.html
Moxa OnCell Vulnerabilities
This advisory contains mitigation details for several vulnerabilities in Moxa's OnCell products.
https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01
Huawei Security Advisories
Security Advisory - IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-ipv6-en
Security Advisory - Weak Encryption Algorithm Vulnerability in Huawei Servers
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-02-server-en
Security Advisory - XXE Vulnerability in the E9000
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-e9000-en
Security Advisory - Uncontrolled Format String Vulnerability on Multiple Products
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-vrp-en
Security Advisory - Reset Password and Information Leak Vulnerabilities in Huawei UMA
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-02-uma-en
Security Advisory - Two Command Injection Vulnerabilities in Huawei UMA
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-uma-en
Security Advisory - Information Leak Vulnerability in Huawei FusionSphere Product
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-xenstore-en