[CERT-daily] Tageszusammenfassung - Dienstag 2-12-2014

Tue Dec 2 18:07:01 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 01-12-2014 18:00 − Dienstag 02-12-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Researcher Releases Database of Known-Good ICS and SCADA Files ***
---------------------------------------------
A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones. The database, known as WhiteScope, comprises nearly 350,000 files, including executables and DLLs,...
---------------------------------------------
http://threatpost.com/researcher-releases-database-of-known-good-ics-and-scada-files/109652


*** CVE-2014-1824 - A New Windows Fuzzing Target ***
---------------------------------------------
As time progresses, due to constant fuzzing and auditing many common Microsoft products are becoming reasonably hard targets to fuzz and find interesting crashes. There are two solutions to this: write a better fuzzer (http://lcamtuf.coredump.cx/afl/) or pick a less audited target. In a search for less audited attack surface, we are brought to MS14-038, Vulnerability...
---------------------------------------------
http://blog.beyondtrust.com/cve-2014-1824-searching-for-windows-attack-surface


*** Kritische Lücke legt OpenVPN-Server lahm ***
---------------------------------------------
Wer einen OpenVPN-Server betreibt, sollte diesen umgehend auf den aktuellen Stand bringen. Durch eine Schwachstelle können Angreifer dessen Erreichbarkeit erheblich beeinträchtigen.
---------------------------------------------
http://www.heise.de/security/meldung/Kritische-Luecke-legt-OpenVPN-Server-lahm-2472178.html


*** Operation DeathClick ***
---------------------------------------------
The era of spear phishing and the waterhole attack, which uses social engineering, has come to an end. Hackers are now moving their tricky brains towards targeted Malvertising - a type of attack that uses online advertising to spread malware. A recent campaign termed "Operation death click" displays a new form of cyber-attack focused on specific targets. The attack is also defined as micro targeted malvertising. In this newly targeted variation of malvertising, the hackers are
---------------------------------------------
http://resources.infosecinstitute.com/operation-deathclick/


*** 3Q 2014 Security Roundup: Vulnerabilities Under Attack ***
---------------------------------------------
Our report on the threats seen in 3Q 2014 shows us that once again, software vulnerabilities are the most favored cybercriminal targets. Following the second quarter's infamous Heartbleed vulnerability came another serious vulnerability in open-source software: Shellshock. Having gone unnoticed for years, the Shellshock incident suggests that there might be more vulnerabilities in Bash or in...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4qiLKTUdqhM/


*** Betrügerische E-Mails im Namen des Finanzministeriums in Umlauf ***
---------------------------------------------
Täuschend echte Phishing-Masken in Design von FinanzOnline
---------------------------------------------
http://derstandard.at/2000008913504


*** JSA10607 - 2014-01 Security Bulletin: Junos: Memory-consumption DoS attack possible when xnm-ssl or xnm-clear-text service enabled (CVE-2014-0613) ***
---------------------------------------------
Product Affected: This issue can affect any product or platform running Junos OS.
Problem: When xnm-ssl or xnm-clear-text is enabled within the [edit system services] hierarchy level of the Junos configuration, an unauthenticated, remote user could exploit the XNM command processor to consume excessive amounts of memory. This, in turn, could lead to system instability or other performance issues.
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10607


*** Security advisory - High severity - InfiniteWP Client WordPress plugin ***
---------------------------------------------
Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation and potential Object Injection vulnerability. Patched Version: 1.3.8 If you're using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of our Website FirewallRead More
---------------------------------------------
http://blog.sucuri.net/2014/12/security-advisory-high-severity-infinitewp-client-wordpress-plugin.html


*** Security Bulletin: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management (CVE-2014-6140) ***
---------------------------------------------
A vulnerability exists in IBM Endpoint Manager Mobile Device Management component, where an attacker could misuse cookies to execute arbitrary code.
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21691701


*** Security Advisory: PHP vulnerability CVE-2013-2110 ***
---------------------------------------------
(SOL15876)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15876.html?ref=rss


*** Security Advisory: SOAP parser vulnerability CVE-2013-1824 ***
---------------------------------------------
(SOL15879)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15879.html?ref=rss


*** Yokogawa FAST/TOOLS XML information disclosure ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/99018


*** EntryPass N5200 Credential Disclosure ***
---------------------------------------------
Topic: EntryPass N5200 Credential Disclosure Risk: Low Text:Advisory: EntryPass N5200 Credentials Disclosure EntryPass N5200 Active Network Control Panels allow the unauthenticated do...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014120010


*** 1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting ***
---------------------------------------------
Topic: 1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting Risk: Low Text: # # # SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security # # # # CVE ID: ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014120009


*** Security Advisory-Multiple Vulnerabilities on Huawei P2 product ***
---------------------------------------------
Dec 02, 2014 15:22
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm