Events

TelcoSecDay 2020 CFP is open

We are back again with another TelcoSecDay 2020 (TSD20) which is going to happen on March 16th, 2020 as an additional event to TROOPERS. This year, it is going to be on Monday of the TROOPERS week. We are delighted to inform that the event is happening for the 9th year in a row. The CFP is open now. If you have an interesting topic related to the field of Telco Security, please make a submission. The deadline is November 17, 2019. The final notification for TSD submission is December 20, 2019.

Continue reading “TelcoSecDay 2020 CFP is open”

Continue reading
Breaking

Jenkins – Groovy Sandbox breakout (SECURITY-1538 / CVE-2019-10393, CVE-2019-10394, CVE-2019-10399, CVE-2019-10400)

Recently, I discovered a sandbox breakout in the Groovy Sandbox used by the Jenkins script-security Plugin in their Pipeline Plugin for build scripts. We responsibly disclosed this vulnerability and in the current version of Jenkins it has been fixed and the according Jenkins Security Advisory 2019-09-12 has been published. In this blogpost I want to report a bit on the technical details of the vulnerability.

Continue reading “Jenkins – Groovy Sandbox breakout (SECURITY-1538 / CVE-2019-10393, CVE-2019-10394, CVE-2019-10399, CVE-2019-10400)”

Continue reading
Misc

PSD2 – Mandatory Account Access for Third Party Providers

On September 14th the final deadline of complying with the new Payment Service Directive PSD2 will be reached. Among other things, this directive will bring quite a few technical challenges for credit institutions. These include new requirements on two-factor authentication and API access for third parties. In this blog post we will give a short overview of what this means for banks from a security perspective and outline a few of the security-related issues based on what we have been observing during recent assessments of such APIs.

Continue reading “PSD2 – Mandatory Account Access for Third Party Providers”

Continue reading
Misc

A Follow-Up on the Heisec Webinar on Emotet & Some Active Directory Security Sources

Some weeks ago, Heinrich and I had the pleasure to participate in the heisec-Webinar “Emotet bei Heise – Lernen aus unseren Fehlern”. We really enjoyed the webinar and the (alas, due to the format: too short) discussions and we hope we could contribute to understand how to make Active Directory implementations out there a bit safer in the future.

Continue reading “A Follow-Up on the Heisec Webinar on Emotet & Some Active Directory Security Sources”

Continue reading
Breaking

How to break out of restricted shells with tcpdump

During security assessments we sometimes obtain access to a restricted shell on a target system. To advance further and gain complete control of the system, the next step is usually to break out of this shell. If the restricted shell provides access to certain system binaries, these binaries can often be exploited to perform such a break out. Here we would like to show an interesting example of such a break out by using the tcpdump binary. Continue reading “How to break out of restricted shells with tcpdump”

Continue reading
Misc

LibreOffice – A Python Interpreter (code execution vulnerability CVE-2019-9848)

While waiting for a download to complete, I stumbled across an interesting blogpost. The author describes a flaw in LibreOffice that allowed an attacker to execute code. Since this was quite recent, I was interested if my version is vulnerable to this attack and how they fixed it. Thus, I looked at the sources and luckily it was fixed. What I didn’t know before however was, that macros shipped with LibreOffice are executed without prompting the user, even on the highest macro security setting. So, if there would be a system macro from LibreOffice with a bug that allows to execute code, the user would not even get a prompt and the code would be executed right away. Therefor, I started to have a closer look at the source code and found out that exactly this is the case!

 

Continue reading “LibreOffice – A Python Interpreter (code execution vulnerability CVE-2019-9848)”

Continue reading