[CERT-daily] Tageszusammenfassung - Donnerstag 6-02-2014

Thu Feb 6 18:07:54 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 05-02-2014 18:00 − Donnerstag 06-02-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Target Hackers Broke in Via HVAC Company ***
---------------------------------------------
Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/JuvkO7plF2E/


*** Angriffe auf Fritzboxen: AVM empfiehlt Abschaltung der Fernkonfiguration ***
---------------------------------------------
Nach ersten Fällen von Telefonie-Missbrauch halten Angriffe auf Fritzboxen über die Fernkonfiguration an. Um Schäden vorzubeugen, sollen Fritzbox-Nutzer die Funktion vorübergehend deaktivieren.
---------------------------------------------
http://www.heise.de/security/meldung/Angriffe-auf-Fritzboxen-AVM-empfiehlt-Abschaltung-der-Fernkonfiguration-2106542.html


*** Demystifying Point of Sale Malware and Attacks ***
---------------------------------------------
Cybercriminals have an insatiable thirst for credit card data. There are multiple ways to steal this information on-line, but Point of Sales are the most tempting target. An estimated 60 percent of purchases at retailers' Point of Sale (POS) are paid for using a credit or debit card. Given that large retailers may process thousands of transactions daily though their POS, it stands to reason that POS terminals have come into the crosshairs of cybercriminals seeking large volumes of credit...
---------------------------------------------
http://www.symantec.com/connect/blogs/demystifying-point-sale-malware-and-attacks


*** Malware Uses ZWS Compression for Evasion Tactic ***
---------------------------------------------
Cybercriminals can certainly be resourceful when it comes to avoiding detection. We have seen many instances wherein malware came equipped with improved evasion techniques, such as preventing execution of analysis tools, hiding from debuggers, blending in with normal network traffic, along with various JavaScript techniques. Security researchers have now come across malware that uses a legitimate compression technique to go unnoticed by security solutions.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-uses-zws-compression-for-evasion-tactic/


*** New Asprox Variant Goes Above and Beyond to Hijack Victims ***
---------------------------------------------
[UPDATE] After further analysis, this threat was identified as Asprox botnet and not Zbot
---------------------------------------------
http://research.zscaler.com/2014/02/new-zbot-variant-goes-above-and-beyond.html


*** OpenLDAP 2.4.36 Remote Users Deny Of Service ***
---------------------------------------------
Topic: OpenLDAP 2.4.36 Remote Users Deny Of Service Risk: Medium Text:It was discovered that OpenLDAP, with the rwm overlay to slapd, could segfault if a user were able to query the directory and i...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020032


*** Rockwell RSLogix 5000 Password Vulnerability ***
---------------------------------------------
OVERVIEW: This advisory was originally posted to the US-CERT secure Portal library on January 21, 2014, and is now being released to the NCCIC/ICS-CERT Web site.Independent researcher Stephen Dunlap has identified a password vulnerability in the Rockwell Automation RSLogix 5000 software. Rockwell Automation has produced a new version that mitigates this vulnerability.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01


*** NETGEAR Router D6300B Telnet Backdoor Lets Remote Users Gain Root Access ***
---------------------------------------------
http://www.securitytracker.com/id/1029727


*** DSA-2855 libav ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2014/dsa-2855


*** Security Bulletin: IBM Domino IMAP Server Denial of Service Vulnerability (CVE-2014-0822) ***
---------------------------------------------
The IMAP server in IBM Domino contains a denial of service vulnerability. A remote unauthenticated attacker could exploit this security vulnerability to cause a crash of the Domino server. The fix for this issue is available as a hotfix and is planned to be incorporated in all upcoming Interim Fixes, Fix Packs and Maintenance Releases.
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21663023


*** Bugtraq: ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/530929


*** Vulnerabilities in Drupal Third-Party Modules ***
---------------------------------------------
https://drupal.org/node/2187453
https://drupal.org/node/2189509
https://drupal.org/node/2189643
https://drupal.org/node/2189751


*** WordPress WooCommerce SagePay Direct Payment Gateway Cross-Site Scripting Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/56801