[CERT-daily] Tageszusammenfassung - Mittwoch 23-04-2014

Wed Apr 23 18:28:42 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 22-04-2014 18:00 − Mittwoch 23-04-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Wartungsarbeiten Mailing-Listen-Server 24. April 2014 ***
---------------------------------------------
Am Nachmittag des 24. April werden wir Wartungsarbeiten an unserem Mailing-Listen-Server (lists.cert.at) durchführen. Auswirkungen: verzögerte Zustellung von Listen-Mails Administrations-Interface (Subscribe/Unsubscribe etc.) der Mailing-Listen nicht verfügbar Mailing-Listen-Archive nicht verfügbar. Wir werden uns bemühen, die Ausfälle so kurz wie möglich zu halten, können jedoch keine genaue...
---------------------------------------------
http://www.cert.at/services/blog/20140423085410-1134.html


*** DBIR: Poor Patching, Weak Credentials Open Door to Data Breaches ***
---------------------------------------------
Weak or default credentials, poor configurations and a lack of patching are common denominators in most data breaches, according to the 2014 Verizon Data Breach Investigations Report.
---------------------------------------------
http://threatpost.com/dbir-poor-patching-weak-credentials-open-door-to-data-breaches/105619


*** Millions Feedly users vulnerable to Javascript Injection attack ***
---------------------------------------------
A security researcher discovered a serious Javascript Injection vulnerability in the popular Feedly Android App impacting Millions Users.
---------------------------------------------
http://securityaffairs.co/wordpress/24209/hacking/feedly-javascript-vulnerable.html


*** Apple stopft Sicherheitslücken in iOS, OS X und WLAN-Basisstationen ***
---------------------------------------------
Die Updates sollen kritische Schwachstellen in Apples Betriebssystemen beseitigen - darunter eine weitere Lücke, die das Ausspähen von SSL-Verbindungen erlaubt. Für die AirPort-Stationen steht ein Heartbleed-Fix bereit.
---------------------------------------------
http://www.heise.de/security/meldung/Apple-stopft-Sicherheitsluecken-in-iOS-OS-X-und-WLAN-Basisstationen-2174670.html


*** Operation Francophoned: The Persistence and Evolution of a Dual-Pronged Social Engineering Attack ***
---------------------------------------------
Operation Francophoned, first uncovered by Symantec in May 2013, involved organizations receiving direct phone calls and spear phishing emails impersonating a known telecommunication provider in France, all in an effort to install malware and steal information and ultimately money from targets.
---------------------------------------------
http://www.symantec.com/connect/blogs/operation-francophoned-persistence-and-evolution-dual-pronged-social-engineering-attack


*** Blog: An SMS Trojan with global ambitions ***
---------------------------------------------
Recently, we’ve seen SMS Trojans starting to appear in more and more countries. One prominent example is Trojan-SMS.AndroidOS.Stealer.a: this Trojan came top in Kaspersky Lab's recent mobile malware ТОР 20. It can currently send short messages to premium-rate numbers in 14 countries around the world.
---------------------------------------------
http://www.securelist.com/en/blog/8209/An_SMS_Trojan_with_global_ambitions


*** ISC stellt Entwicklung an seinem BIND10-DNS-Server ein ***
---------------------------------------------
Das Unternehmen hat die letzte von ihm entwickelte Version veröffentlicht und zieht sich aus der weiteren Entwicklung zurück. Dabei sollte BIND10 ursprünglich BIND9 ablösen, das seinerzeit Hochleistungs-Server nur unzureichend ausschöpfen konnte.
---------------------------------------------
http://www.heise.de/newsticker/meldung/ISC-stellt-Entwicklung-an-seinem-BIND10-DNS-Server-ein-2175058.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** Nine patterns make up 92 percent of security incidents ***
---------------------------------------------
Verizon security researchers have found that 92 percent of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry.
---------------------------------------------
http://www.net-security.org/secworld.php?id=16725


*** Dissecting the unpredictable DDoS landscape ***
---------------------------------------------
DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage, according to Neustar.
---------------------------------------------
http://www.net-security.org/secworld.php?id=16726


*** Special Edition of OUCH: Heartbleed - Why Do I Care? http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-2014-special_en.pdf, (Wed, Apr 23rd) ***
---------------------------------------------
--  Alex Stanford - GIAC GWEB, Research Operations Manager, SANS Internet Storm Center (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=18013&rss


*** Apple splats new SSL snooping bug in iOS, OS X - but its no Heartbleed ***
---------------------------------------------
Triple-handshake flaw stalks Macs and iThings Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/04/23/apple_ssl_update/


*** Joomla Plugin Constructor Backdoor ***
---------------------------------------------
We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joomla plugin. It was so well organized that at first we didn't realize there was a backdoor even though we knew something was wrong. That's how the code of...
---------------------------------------------
http://blog.sucuri.net/2014/04/joomla-plugin-constructor-backdoor.html


*** Citrix Security Advisory for CVE-2014-0160, aka the Heartbleed vulnerability ***
---------------------------------------------
A vulnerability has been recently disclosed in OpenSSL that could result in remote attackers being able to obtain sensitive data from the process address space of a vulnerable OpenSS...
---------------------------------------------
http://support.citrix.com/article/CTX140605


*** IBM PSIRT - OpenSSL Heartbleed (CVE-2014-0160) ***
---------------------------------------------
We will continue to update this blog to include information about products. The following is a list of products affected by the Heartbleed vulnerability. Please follow the links below to view the security bulletins for the affected products.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/openssl_heartbleed_cve_2014_0160?lang=en_us


*** Information on Norton products and the Heartbleed vulnerability ***
---------------------------------------------
This article answers many of the questions that are currently being asked about the Heartbleed bug and the role that Norton products play in defending against this attack.
---------------------------------------------
https://support.norton.com/sp/en/us/home/current/solutions/v98431836_EndUserProfile_en_us


*** OpenSSL Security Vulnerability - aka. "Heartbleed Bug" - CVE-2014-0160 - Security Incident Response for D-Link Devices and Services ***
---------------------------------------------
D-Link is investigating all devices and systems that utilize the OpenSSL software library to determine if our devices and customers are affected by this security vulnerability. You will find current status below and can contact us at security at dlink.com about specific questions.
---------------------------------------------
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10022


*** Heartbleed Vulnerability in Various Products ***
---------------------------------------------
http://tomcat.apache.org/native-doc/news/2014.html
http://tomcat.apache.org/native-doc/miscellaneous/changelog.html http://www.fortiguard.com/advisory/FG-IR-14-011/ http://www.sybase.com/detail?id=1099387
https://secunia.com/advisories/58188 (Symantec Multiple Products)
https://secunia.com/advisories/58148 (Xerox WorkCentre 3315/3325)


*** VU#350089: IBM Notes and Domino on x86 Linux specify an executable stack ***
---------------------------------------------
Vulnerability Note VU#350089 IBM Notes and Domino on x86 Linux specify an executable stack Original Release date: 22 Apr 2014 | Last revised: 22 Apr 2014   Overview IBM Notes and Domino on x86 Linux are incorrectly built requesting an executable stack. This can make it easier for attackers to exploit vulnerabilities in Notes, Domino, and any of the child processes that they may spawn.  Description The build environment for the x86 Linux versions of IBM Notes and Domino incorrectly specified the...
---------------------------------------------
http://www.kb.cert.org/vuls/id/350089


*** Cisco ASA SIP Inspection Memory Leak Vulnerability ***
---------------------------------------------
A vulnerability in the Session Initiation Protocol (SIP) inspection engine code could allow an unauthenticated, remote attacker to cause a slow memory leak, which may cause instability on the affected system.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2154


*** AirPort Extreme and AirPort Time Capsule OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1030132


*** Apple OS X Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service and Local Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1030133


*** Sixnet Sixview 2.4.1 Directory Traversal ***
---------------------------------------------
Topic: Sixnet Sixview 2.4.1 Directory Traversal Risk: Medium Text:#Exploit Title: Sixnet sixview web console directory traversal #Date: 2014-04-21 #Exploit Author: daniel svartman #Vendor Ho...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014040150


*** Parallels Plesk Panel 12.x Key Disclosure ***
---------------------------------------------
Topic: Parallels Plesk Panel 12.x Key Disclosure Risk: High Text:While auditing the source code for Parallels Plesk Panel 12.x on Linux I noticed the following feature that leads to leakage o...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014040151


*** [2014-04-23] Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances ***
---------------------------------------------
An unauthenticated remote attacker can exploit the identified Path Traversal vulnerability in order to retrieve arbitrary files from the affected WD Arkeia Network Backup appliances and execute system commands.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140423-0_WD_Arkeia_Path_Traversal_v10.txt


*** Security Advisory-Improper Input Validation Vulnerability on Multiple Quidway Switch Products ***
---------------------------------------------
Once exploited, the vulnerability might cause a excessive resource (e.g. memory) consumption of the vulnerable system and even cause the system to restart in serious cases.
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-333184.htm


*** HP Security Bulletins ***
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04261644
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260385
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260637


*** Security Advisories Relating to Symantec Products - Symantec Messaging Gateway Management Console Reflected XSS ***
---------------------------------------------
Symantec's Messaging Gateway management console is susceptible to a reflected cross-site scripting (XSS) issue found in one of the administrative interface pages. Successful exploitation could result in potential session hijacking or unauthorized actions directed against the console with the privileges of the targeted user's browser.
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140422_00


*** Security Bulletin: IBM Sterling Order Management is affected by Cross Site Scripting (XSS) Vulnerability (CVE-2014-0932) ***
---------------------------------------------
IBM Sterling Order Management is vulnerable to a cross-site scripting attack which could lead to unauthorized access through the injected scripts.
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21670912


*** Django Security Issue and Multiple Vulnerabilities ***
---------------------------------------------
A security issue and multiple vulnerabilities have been reported in Django, which can be exploited by malicious people to potentially disclose certain sensitive information, manipulate certain data, and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/58201


*** Hitachi Multiple Cosminexus / uCosminexus Products Java Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/58197


*** Hitachi Multiple Cosminexus / uCosminexus Products SSL/TLS Initialization Vector Selection Weakness ***
---------------------------------------------
https://secunia.com/advisories/58240