[CERT-daily] Tageszusammenfassung - Dienstag 22-10-2013

Tue Oct 22 18:11:08 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 21-10-2013 18:00 − Dienstag 22-10-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Fake Dropbox Password Reset Spam Leads to Malware ***
---------------------------------------------
A new spam campaign has been circulating over the last few weeks in hopes of duping users of the popular cloud storage service Dropbox. The e-mails purport to come from the service but instead lead those who click through to a malware landing page.
---------------------------------------------
http://threatpost.com/fake-dropbox-password-reset-spam-leads-to-malware/102635


*** New DIY compromised hosts/proxies syndicating tool spotted in the wild ***
---------------------------------------------
Compromised, hacked hosts and PCs are a commodity in underground markets today. More cybercriminals are populating the market segment with services tailored to fellow cybercriminals looking for access to freshly compromised PCs to be later abused in a variety of fraudulent/malicious ways, all the while taking advantage of their clean IP reputation. Naturally, once the commoditization took place, cybercriminals quickly realized that the supply of such hosts also shaped several different market...
---------------------------------------------
http://www.webroot.com/blog/2013/10/21/new-diy-compromised-hostsproxies-syndicating-tool-spotted-wild/


*** Cryptolocker Update, Request for Info, (Tue, Oct 22nd) ***
---------------------------------------------
It was briefly mentioned in a previous posting, but the Cryptolocker ransomware is still going strong. In essence, post infection is encrypts all of your "document" files based on file extension and then gives the user 72 hours to pay the ransom ($300 USD or 2 BTC). It is one f the few pieces of ransomware that does encryption right so at present, short of paying the ransom, there is no other means to decrypt. Bleeping Computer has a good write up, but below are the TL;DR highlights. 
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16871&rss


*** Touch ID: Biometrics Dont Make For Good Passwords ***
---------------------------------------------
Theres an Apple event scheduled for tomorrow which will showcase this years iPad lineup. Among the more credible rumors is that at least one version of the iPad will include Apples Touch ID, its fingerprint identity sensor.And so it seems somewhat inevitable that all of our "smart" devices will soon include fingerprint readers.That being the case, we strongly recommend the following by @dustinkirkland: • Fingerprints are Usernames, not PasswordsWe welcome intelligent use of
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002624.html


*** Defending Against Crypto Backdoors ***
---------------------------------------------
We already know the NSA wants to eavesdrop on the Internet. It has secret agreements with telcos to get direct access to bulk Internet traffic. It has massive systems like TUMULT, TURMOIL, and TURBULENCE to sift through it all. And it can identify ciphertext -- encrypted information -- and figure out which programs could have created it. But what the...
---------------------------------------------
https://www.schneier.com/blog/archives/2013/10/defending_again_1.html


*** Security Bulletins: Citrix XenServer Multiple Security Updates ***
---------------------------------------------
A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.2.
---------------------------------------------
http://support.citrix.com/article/CTX139295


*** Vuln: 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/46936


*** WordPress Portable phpMyAdmin Plugin Security Bypass Security Issue ***
---------------------------------------------
https://secunia.com/advisories/55270


*** WatchGuard Extensible Threat Management and System Manager Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55388


*** Vuln: D-Link DIR-605L CAPTCHA Data Stack Based Buffer Overflow Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/56330


*** Bugtraq: [CVE-2013-2751, CVE-2013-2752] NETGEAR ReadyNAS Remote Root ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529364


*** Cisco ASA VPN Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the VPN authentication code that handles parsing of the username from the certificate on the Cisco ASA firewall could allow an unauthenticated, remote attacker to cause a reload of the affected device.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5544


*** Security Bulletin: IBM SONAS fix available for Cross Frame Scripting vulnerability via Graphical User Interface (CVE-2013-5376) ***
---------------------------------------------
An issue in IBM SONAS allows remote attackers to access the system as an authorized administrative user.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_sonas_fix_available_for_cross_frame_scripting_vulnerability_via_graphical_user_interface_cve_2013_5376?lang=en_us


*** Security Bulletin: IBM SONAS Fix Available for SONAS Cross Protocol Vulnerability (CVE-2013-0500) ***
---------------------------------------------
IBM SONAS includes a flaw in the handling of special files created by an NFS client resulting in a vulnerability reported against IBM SONAS.   ---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_sonas_fix_available_for_sonas_cross_protocol_vulnerability_cve_2013_0500?lang=en_us


*** IBM WebSphere Message Broker and IBM Integration Bus Security Vulnerability: XML4J denial of service attack (CVE-2013-5372) ***
---------------------------------------------
XML4J is vulnerable to a denial of service attack triggered by a specially crafted XML document
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21653087


*** IBM Domino / iNotes Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55405
https://secunia.com/advisories/55409


*** IBM WebSphere DataPower XC10 Two Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55402


*** F5 BIG-IP Traffic Management Microkernel Component Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1029220