[CERT-daily] Tageszusammenfassung - Dienstag 11-02-2014

Daily end-of-shift report team at cert.at
Tue Feb 11 18:14:09 CET 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 10-02-2014 18:00 − Dienstag 11-02-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release ***
---------------------------------------------
Update as of February 10, 2014 We are adding two updates to the February release. There will be Critical-rated updates for Internet Explorer and VBScript in addition to the previously announced updates scheduled for release on February 11, 2014. These updates have completed testing and will be included in tomorrow's release. This brings the total for Tuesday's release to seven bulletins, four Critical. Please review the ANS summary page for updated information to help customers...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/02/10/advance-notification-service-for-february-2014-security-bulletin-release.aspx




*** IBMs remote firmware configuration protocol ***
---------------------------------------------
I spent last week looking into the firmware configuration protocol used on current IBM system X servers. IBM provide a tool called ASU for configuring firmware settings, either in-band (ie, running on the machine you want to reconfigure) or out of band (ie, running on a remote computer and communicating with the baseboard management controller - IMM in IBM-speak). Im not a fan of using vendor binaries for this kind of thing. They tend to be large (ASU is a 20MB executable) and difficult to
---------------------------------------------
http://mjg59.dreamwidth.org/29210.html




*** Das Ende des Magnetstreifens - USA wechseln auf Chip&Pin ***
---------------------------------------------
Die USA ist eine Hochburg für den Betrug mit geklauten Kreditkartendaten. Doch ab 2015 soll damit Schluss sein -- Visa und Mastercard stellen auf die in Europa seit langem üblichen Karten mit SmartCard-Chip um.
---------------------------------------------
http://www.heise.de/security/meldung/Das-Ende-des-Magnetstreifens-USA-wechseln-auf-Chip-Pin-2110204.html




*** Survey: Just 1 in 3 Euro biz slackers meets card security standards ***
---------------------------------------------
Yet PCI-DSS has largely been a failure, wails securo-bod European businesses are lagging far behind the rest of the world in compliance with global payment card industry security standards, according to a new survey.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/02/11/pci_survey_verizon/




*** NTP-Reflection: Cloudflare meldet massiven DDoS-Angriff ***
---------------------------------------------
Der Netzwerksicherheitsanbieter Cloudflare hat in der Nacht einen massiven DDoS-Angriff auf einen seiner Kunden gemeldet. Es handele sich um einen NTP-Reflection-Angriff, der größer sein soll als der Angriff auf Spamhaus Mitte 2013. (Server, DE-CIX)
---------------------------------------------
http://www.golem.de/news/ntp-reflection-cloudfare-meldet-massiven-ddos-angriff-1402-104491-rss.html




*** Anti-Diebstahl-Software für Notebooks als Einfallstor ***
---------------------------------------------
Sicherheitsexperten haben die auf Notebooks oft vorinstallierte Anwendung Computrace unter die Lupe genommen. Ergebnis: Die Software hat eine massive Sicherheitslücke. Außerdem lässt sie sich nicht immer deaktivieren.
---------------------------------------------
http://www.heise.de/security/meldung/Anti-Diebstahl-Software-fuer-Notebooks-als-Einfallstor-2110747.html




*** The Mask/Careto: Hochentwickelter Cyberangriff auf Energieunternehmen ***
---------------------------------------------
Bis Januar 2014 war die Cyberwaffe The Mask aktiv, die Sicherheitslücken in Kaspersky-Software und im Adobe Flash Player ausnutzte. Die Malware arbeitet mit Rootkit, Bootkit und Versionen für Mac OS X, Linux, Android und iOS und löscht ihre Logdateien durch überschreiben.
---------------------------------------------
http://www.golem.de/news/the-mask-careto-hochentwickelter-cyberangriff-auf-energieunternehmen-1402-104493-rss.html




*** Blog: The Careto/Mask APT: Frequently Asked Questions ***
---------------------------------------------
The Mask is an advanced threat actor that has been involved in cyber-espionage operations since at least 2007.
---------------------------------------------
http://www.securelist.com/en/blog/208216078/The_Careto_Mask_APT_Frequently_Asked_Questions




*** Five OAuth Bugs Lead to Github Hack ***
---------------------------------------------
A Russian researcher was able to take five low severity OAuth bugs and string them together to create what he calls a "simple but high severity exploit" in Github.
---------------------------------------------
http://threatpost.com/five-oauth-bugs-lead-to-github-hack/104178




*** Your PenTest Tools Arsenal ***
---------------------------------------------
When it comes about information security one of the major problems is to set your PenTest Tools Arsenal. The truth is there are too many tools out there and it would take forever to try half of them to see if it fit your needs. Over the years, there are some well established tools that most of security professionals use them but that doesn't mean that out there are not unknown still very good pentest tools.
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/02/11/your-pentest-tools-arsenal




*** Symantec Web Gateway Security Management Console Multiple Security Issues ***
---------------------------------------------
Symantec Web Gateway (SWG) Appliance management console is susceptible to both local and remote access cross-site scripting (XSS) and local access SQL injection (sqli) vulnerabilities. Successful exploitation may result in an authorized user gaining unauthorized access to files on the management console or possibility being able to manipulate the backend data base. There is also potential for remote hijacking of an authorized user session with associated privileges.
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00




*** Schneider ClearSCADA File Parsing Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/56880




*** [webapps] - WiFi Camera Roll 1.2 iOS - Multiple Vulnerabilities ***
---------------------------------------------
http://www.exploit-db.com/exploits/31573




*** IBM WebSphere Portal Arbitrary File Upload Security Bypass Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/56805




*** Bugtraq: Open-Xchange Security Advisory 2014-02-10 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/531005




*** parcimonie (0.6 to 0.8, included) possible correlation between key fetches ***
---------------------------------------------
Topic: parcimonie (0.6 to 0.8, included) possible correlation between key fetches Risk: Low Text:Hi, Holger Levsen  discovered that parcimonie [1], a privacy-friendly helper to refresh a GnuPG k...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020072




*** Joomla JomSocial Remote Code Execution Vulnerability ***
---------------------------------------------
The JomSocial team just released an update that fixes a very serious remote code execution vulnerability that affects any JomSocial version older than 3.1.0.4. From their hot-fix update: Yesterday we released version 3.1.0.4 which fixes two vulnerabilities. As a result of the first vulnerability, our own site was hacked. Thankfully, our security experts spotted the...
---------------------------------------------
http://blog.sucuri.net/2014/02/joomla-jomsocial-remote-code-execution-vulnerability.html




*** Perl Regex Processing Flaw Lets Remote and Local Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1029735




*** Titan FTP Server 10.32 Build 1816 Directory Traversals ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020075




*** Avaya Call Management System (CMS) Security Issue and Two Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/56926




*** Google Android addJavascriptInterface code execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/90998


More information about the Daily mailing list