[CERT-daily] Tageszusammenfassung - Montag 23-09-2013

Mon Sep 23 18:13:22 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 20-09-2013 18:00 − Montag 23-09-2013 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** PHP updates released 19 SEP 2013 ***
---------------------------------------------
PHP 5.5.4 (Current Stable)
PHP 5.4.20 (Old Stable)
http://www.php.net/downloads.php
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16631&rss


*** Cybercriminals experiment with Socks4/Socks5/HTTP malware-infected hosts based DIY DoS tool ***
---------------------------------------------
Based on historical evidence gathered during some of the major 'opt-in botnet' type of crowdsourced DDoS (distributed denial of service) attack campaigns that took place over the last couple of years, the distribution of point'nclick DIY DoS (denial of service attack) tools continues representing a major driving force behind the success of these campaigns. A newly released DIY DoS tool aims to empower technically unsophisticated users with the necessary expertise to launch
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/QlgGvHwB40s/


*** Bugtraq: [security bulletin] HPSBST02919 rev.1 - HP XP P9000 Command View Advanced Edition Suite Software, Remote Cross Site Scripting (XSS) ***
---------------------------------------------
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP XP P9000
Command View Advanced Edition Suite Software. The vulnerability could be
remotely exploited resulting in Cross Site Scripting (XSS).

References: CVE-2013-4814 (SSRT101302)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP XP P9000 Command View Advanced Edition Suite Software v 7.0.0-00 to
earlier than 7.5.0-02 (Windows, Linux).
---------------------------------------------
http://www.securityfocus.com/archive/1/528763


*** BLYPT: A New Backdoor Family Installed via Java Exploit ***
---------------------------------------------
Recently, we have observed a new backdoor family which we've called BLYPT. This family is called BLYPT because of its used of binary large objects (blob) stored in the registry, as well as encryption. Currently, this backdoor is installed using Java exploits; either drive-by downloads or compromised web sites may be used to deliver these
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nVQjUHp2Xcc/


*** Weitere kritische Sicherheitslücke in iOS 7 aufgetaucht ***
---------------------------------------------
Über einen Bug in der Notruf-Funktion kann trotz Sperrbildschirm jede beliebige Nummer angerufen werden.
---------------------------------------------
http://futurezone.at/produkte/iphone-weitere-kritische-sicherheitsluecke-in-ios-7-aufgetaucht/27.722.558


*** Linksys WRT110 Remote Command Execution ***
---------------------------------------------
Topic: Linksys WRT110 Remote Command Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090147


*** Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets ***
---------------------------------------------
FireEye has discovered a campaign leveraging the recently announced zero-day CVE-2013-3893. This campaign, which we have labeled 'Operation DeputyDog', began as early as August 19, 2013 and appears to have targeted organizations in Japan.
---------------------------------------------
http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html


*** Operation DeputyDog Part 2: Zero-Day Exploit Analysis (CVE-2013-3893) ***
---------------------------------------------
In our previous blog post my colleagues Ned and Nart provided a detailed analysis on the APT Campaign Operation DeputyDog. The campaign leveraged a zero day vulnerability of Microsoft Internet Explorer (CVE-2013-3893). Microsoft provided an advisory and 'Fix it' blog post.
---------------------------------------------
http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-part-2-zero-day-exploit-analysis-cve-2013-3893.html


*** Angriff der Router ***
---------------------------------------------
Die ct analysiert ein sehr ungewöhnliches Botnet: Es besteht aus Routern, auch in Deutschland.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Angreifer-kapern-Router-1963578.html


*** IDF Hackers Test Readiness In Israel For Cyberattacks ***
---------------------------------------------
cold fjord points out a profile in Al-Monitor of Israels cyber-defense group, formed to test the countrys defenses to electronic warfare and information theft. Groups, really, since its run blue-vs-red style, with constant scenario preparation and intrusion attempts. The two (anonymized) leaders of the Blue and Red teams talk about the mind-set and skills that it takes to be in their unit, which they point out is not the place for soda and pizza hijinks. Says "Capt. A": "We are
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VvdZRjzDjUk/story01.htm


*** [webapps] - Wordpress Lazy SEO plugin Shell Upload Vulnerability ***
---------------------------------------------
Wordpress Lazy SEO plugin Shell Upload Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/28452


*** Cybercriminals sell access to tens of thousands of malware-infected Russian hosts ***
---------------------------------------------
Today's modern cybercrime ecosystem offers everything a novice cybercriminal would need to quickly catch up with fellow/sophisticated cybercriminals. Segmented and geolocated lists of harvested emails, managed services performing the actual spamming service, as well as DIY undetectable malware generating tools, all result in a steady influx of new (underground) market entrants, whose activities directly contribute to the overall growth of the cybercrime ecosystem. Among the most popular
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/cRy7OE78zU0/


*** Bugtraq: [ANN] Struts 2.3.15.2 GA release available - security fix ***
---------------------------------------------
The Apache Struts group is pleased to announce that Struts 2.3.15.2 is
available as a "General Availability" release.The GA designation is
our highest quality grade.
...
This release includes important security fixes:
- S2-018 - Broken Access Control Vulnerability in Apache Struts2
- S2-019 - Dynamic Method Invocation disabled by default
---------------------------------------------
http://www.securityfocus.com/archive/1/528801


*** BlackBerry zieht Messenger-App für iOS und Android zurück ***
---------------------------------------------
Die Apps, die den BlackBerry Messenger-Dienst auf iOS und Android bringen sollten, wurden nach einem Leak einer unfertigen Android-Version zurückgezogen.
---------------------------------------------
http://futurezone.at/produkte/blackberry-zieht-messenger-app-fuer-ios-und-android-zurueck/27.964.412


*** Apple zieht Apple-TV-Update 6.0 zurück ***
---------------------------------------------
Nach Update-Problemen hat Apple die Aktualisierung offenbar zunächst zurückgezogen. Sie sollte unter anderem Unterstützung für iTunes Radio für US-Kunden liefern.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Apple-zieht-Apple-TV-Update-6-0-zurueck-1964263.html


*** Chaos Computer Club hackt Apples Touch-ID ***
---------------------------------------------
Fingerabdrucksensor des iPhone 5S lässt sich mit bekannten Mitteln austricksen - CCC: Touch-ID "dumme Idee"
---------------------------------------------
http://derstandard.at/1379291683079


*** F5 BIG-IP APM Access Policy Logout Page Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability has been reported in F5 BIG-IP APM, which can be exploited by malicious people to conduct cross-site scripting attacks.
...
The vulnerability is reported in versions 10.1.0 through 10.2.4 and versions 11.1.0 through 11.3.0.
---------------------------------------------
https://secunia.com/advisories/54941


*** Apple TV Multiple Vulnerabilities ***
---------------------------------------------
A weakness and some vulnerabilities have been reported in Apple TV, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable device.
---------------------------------------------
https://secunia.com/advisories/54961


*** Data Exfiltration in Targeted Attacks ***
---------------------------------------------
Data exfiltration is the unauthorized transfer of sensitive information from a target's network to a location which a threat actor controls. Because data routinely moves in and out of networked enterprises, data exfiltration can closely resemble normal network traffic, making detection of exfiltration attempts challenging for IT security groups. Figure 1. Targeted Attack Campaign Diagram 
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bvRuzyNih3k/


*** Analysis: Spam in August 2013 ***
---------------------------------------------
The percentage of spam in email traffic in August was down 3.6 percentage points and averaged 67.6%.
---------------------------------------------
http://www.securelist.com/en/analysis/204792306/Spam_in_August_2013


*** Verschlüsselung im Web: TLS soll sicherer werden ***
---------------------------------------------
Das für die Verschlüsselung im Web meistbenutzte Verschlüsselungsprotokoll krankt an einem Designfehler. Der ließe sich sich relativ leicht beheben, wenn das Normierungsgremium mitspielt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Verschluesselung-im-Web-TLS-soll-sicherer-werden-1964846.html


*** C3CM: Part 1 - Nfsight with Nfdump and Nfsen ***
---------------------------------------------
Part one of our three-part series on C3CM will utilize Nfsight with Nfdump, Nfsen, and fprobe to conduct our identification phase. These NetFlow tools make much sense when attempting to identify the behavior of your opponent on high-volume networks that don't favor full-packet capture or inspection.
---------------------------------------------
http://holisticinfosec.org/toolsmith/pdf/august2013.pdf


*** C3CM: Part 2 - BroIDS with Logstash and Kibana ***
---------------------------------------------
Where, in part one of this three-part series, we utilized Nfsight with Nfdump, Nfsen, and fprobe to conduct our identification phase, we'll use BroIDS (Bro), Logstash, and Kibana as part of our interrupt phase.
---------------------------------------------
http://holisticinfosec.org/toolsmith/pdf/september2013.pdf


*** Citrix CloudPortal Services Manager Multiple Vulnerabilities ***
---------------------------------------------
Some vulnerabilities have been reported in Citrix CloudPortal Services Manager, where some have an unknown impact and another can be exploited by malicious users to bypass certain security restrictions.
...
The vulnerabilities are reported in versions 10.0 Cumulative Update 2 and prior.
---------------------------------------------
https://secunia.com/advisories/54664


*** OpenVZ update for kernel ***
---------------------------------------------
OpenVZ has issued an update for kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and by malicious, local users to potentially gain escalated privileges.
---------------------------------------------
https://secunia.com/advisories/54900


*** BitTorrent-Schluckauf bei Twitter löst Besorgnis aus ***
---------------------------------------------
Ein technisches Problem bei Twitter hat dazu geführt, dass das soziale Netzwerk statt dem HTML-Code seiner Share-Buttons den Nutzern Torrent-Files ausliefert. Das hat zu einiger Aufregung bei besorgten Website-Besuchern geführt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/BitTorrent-Schluckauf-bei-Twitter-loest-Besorgnis-aus-1965049.html