[CERT-daily] Tageszusammenfassung - Dienstag 27-08-2013

Tue Aug 27 18:31:48 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 26-08-2013 18:00 − Dienstag 27-08-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** [Video] ThreatVlog, Episode 1: Tor and Apple exploits revealed ***
---------------------------------------------
What is Tor? Is it really secure? What about the Apple App Store approval process? Are all these applications really looked at? In today's episode, Grayson Milbourne covers the exploitation of the Tor network through Firefox and a proof of concept showing just how insecure Apple app testing can be.
---------------------------------------------
http://blog.webroot.com/2013/08/20/tor-and-apple-exploits-revealed/


*** [Video] ThreatVlog, Episode 2: Keyloggers and your privacy ***
---------------------------------------------
Commercial and black hat keyloggers can infect any device, from your PC at home to the phone in your hand. What exactly are these programs trying to steal? How can this data be used harmfully against you? And what can you do to protect all your data and devices from this malicious data gathering? In...
---------------------------------------------
http://blog.webroot.com/2013/08/26/video-threatvlog-episode-2-keyloggers-and-your-privacy/


*** "thereisnofatebutwhatwemake" - Turbo-charged cracking comes to long passwords ***
---------------------------------------------
Cracking really long passwords just got a whole lot faster and easier.
---------------------------------------------
http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/


*** Feature Phone Hack Can Block Calls, Texts On Some Networks ***
---------------------------------------------
Trailrunner7 writes, quoting Threat Post "By tweaking the firmware on certain kinds of phones, a hacker could make it so other phones in the area are unable to receive incoming calls or SMS messages, according to research presented at the USENIX Security Symposium. The hack involves modifying the baseband processor on some Motorola phones and tricking some older 2G GSM networks into not delivering calls and messages. By watching the messages sent from phone towers and not delivering them
---------------------------------------------
http://it.slashdot.org/story/13/08/26/2254224/feature-phone-hack-can-block-calls-texts-on-some-networks


*** Patch Management Guidance from NIST, (Tue, Aug 27th) ***
---------------------------------------------
The National Institute of Standards and Technology (NIST) released a new version of guidance around Patch Management last week, NIST SP800-40. The latest release takes a broader look at etnerprise patch management than the previous version, so well worth the read.   Patch Management is clearly called out as a "Quick Win" in Critical Control #3 "Secure Configurations for Hardware and Software". Additionally, Patch Management is something that is required by many of the cyber
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16445&rss


*** NSA: Hardening Tips For Mac OS X ***
---------------------------------------------
....The National Security Agency (NSA) offers "Hardening Tips for Mac OS X" a tri-fold security brochure for the agencys Information Assurance Mission. Its packed with useful tips...... Siehe auch: http://www.nsa.gov/ia/_files/factsheets/macosx_10_6_hardeningtips.pdf
---------------------------------------------
http://www.nsa.gov/ia/_files/factsheets/macosx_hardening_tips.pdf


*** The SCADA That Cried Wolf: Who's Really Attacking Your ICS Devices- Part 2 ***
---------------------------------------------
The concern on ICS/SCADA security gained prominence due to high-profile attacks targeting these devices, most notably Flame and Stuxnet. However, we noted recent findings, which prove that the interest in ICS/SCADA devices as attack platforms is far from waning. We've all read about how insecure ICS/SCADA devices are and how certain threat actors are targeting...
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/the-scada-that-cried-wolf-whos-really-attacking-your-ics-devices-part-2/


*** Malware-Erkennung für Medizingeräte ***
---------------------------------------------
US-Informatiker wollen über Veränderungen im Stromverbrauch von Medizingeräten Datenschädlinge im Gesundheitsbereich feststellen.
---------------------------------------------
http://www.heise.de/security/meldung/Malware-Erkennung-fuer-Medizingeraete-1934978.html


*** Security Bulletin: IBM Notes & Domino fixes for multiple vulnerabilities in IBM JRE ***
---------------------------------------------
IBM Notes and Domino are vulnerable to multiple attacks listed in the Oracle Java SE Critical Patch Update Advisories (February, April and June 2013) as well as miscellaneous client-side attacks listed below. The repaired IBM JRE is available in Notes and Domino 8.5.3 Fix Pack 5 and is also planned for Notes and Domino 9.0.1.  CVE(s): CVE-2013-0464, CVE-2012-3325, and CVE-2011-4858  Affected product(s) and affected version(s):  IBM Notes and Domino 9.0 IBM Notes and Domino 8.5.x IBM Notes and...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_notes_domino_fixes_for_multiple_vulnerabilities_in_ibm_jre1?lang=en_us


*** Security Bulletin: IBM Notes & Domino fixes for multiple vulnerabilities in IBM JRE ***
---------------------------------------------
IBM Notes and Domino are vulnerable to multiple attacks listed in the Oracle Java SE Critical Patch Update Advisories (February, April and June 2013) as well as miscellaneous client-side attacks listed below. The repaired IBM JRE is available in Notes and Domino 8.5.3 Fix Pack 5 and is also planned for Notes and Domino 9.0.1.  CVE(s): CVE-2013-0809, CVE-2013-1493, CVE-2013-3012, CVE-2013-3011, CVE-2013-3010, CVE-2013-3009, CVE-2013-3008, CVE-2013-3007, CVE-2013-3006, CVE-2013-2455, and
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_notes_domino_fixes_for_multiple_vulnerabilities_in_ibm_jre2?lang=en_us


*** Security Bulletin: IBM Security SiteProtector System can be affected by a vulnerability in the IBM Eclipse Help System (IEHS) (CVE-2013-0467) ***
---------------------------------------------
IBM Security SiteProtector System can be affected by a vulnerability in the IBM Eclipse Help System (IEHS). This vulnerability could allow a remote attacker to obtain the source code of the Help System.  CVE(s): and CVE-2013-0467  Affected product(s) and affected version(s): IBM Security SiteProtector System: 2.8.1 and 2.9   Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21647392
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_security_siteprotector_system_can_be_affected_by_a_vulnerability_in_the_ibm_eclipse_help_system_iehs_cve_2013_0467?lang=en_us


*** Security Bulletin: IBM Content Collector - Eclipse Help System Cross Site Scripting Vulnerability (CVE-2013-0464) ***
---------------------------------------------
Cross-Site Scripting vulnerability exists in IBM Eclipse Help System, a component bundled with IBM Content Collector, which is used to display the IBM Content Collector help content.  CVE(s): and CVE-2013-0464  Affected product(s) and affected version(s): IBM Content Collector 3.0   Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21646473 X-Force Database:
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_content_collector_eclipse_help_system_cross_site_scripting_vulnerability_cve_2013_0464?lang=en_us


*** IBM Lotus iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1028954


*** Sixnet Universal Protocol Undocumented Function Codes ***
---------------------------------------------
OVERVIEW: This updated advisory is a follow-up to the original advisory titled ICSA-13-231-01 Sixnet Universal Protocol Undocumented Function Codes that was published August 19, 2013, on the ICS-CERT Web page. Independent researcher Mehdi Sabraoui has identified undocumented function codes in Sixnet's universal protocol. Sixnet has produced a new version of the remote terminal unit (RTU) firmware that mitigates this vulnerability.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01A


*** RoundCube Webmail Edit Email Script Insertion Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54536


*** IBM DB2 / DB2 Connect Unspecified Security Bypass Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54644


*** Atlassian 4.x Confluence Sensitive Information Leakage ***
---------------------------------------------
Topic: Atlassian 4.x Confluence Sensitive Information Leakage Risk: Low Text:Since vendor does not seem to care about this issue more than a year after initial report (https://jira.atlassian.com/browse/C...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080213