[CERT-daily] Tageszusammenfassung - Dienstag 28-01-2014

Daily end-of-shift report team at cert.at
Tue Jan 28 18:12:12 CET 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 27-01-2014 18:00 − Dienstag 28-01-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Making Your Printer Say "Feed Me a Kitten" and Also Exfiltrate Sensitive Data ***
---------------------------------------------
As of this last release, PJL (HP's Printer Job Language) is now a grown-up Rex::Proto protocol! Since extending a protocol in Metasploit is beyond the scope of this post, we'll just be covering how to use the PoC modules included with the new protocol. Feel free to dig around in lib/rex/proto/pjl*, though!
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/01/23/hacking-printers-with-metasploit




*** Coordinated malware eradication ***
---------------------------------------------
Today, as an industry, we are very effective at disrupting malware families, but those disruptions rarely eradicate them. Instead, the malware families linger on, rearing up again and again to wreak havoc on our customers.  To change the game, we need to change the way we work. It is counterproductive when you think about it. The antimalware ecosystem encompasses many strong groups: security vendors, service providers, CERTs, anti-fraud departments, and law enforcement. Each group uses their...
---------------------------------------------
https://blogs.technet.com/b/mmpc/archive/2014/01/27/industry-needs-to-work-together-to-eradicate-malware.aspx




*** Trustworthy electronic signatures, secure e-Government and trust: the way forward for improving EU citizens' trust in web services, outlined by EU Agency ENISA ***
---------------------------------------------
The EU's cyber security Agency, ENISA, is publishing a series of new studies about the current security practices of Trust Service Providers (TSPs) and recommendations for improving cross-border trustworthiness and interoperability for the new regulated TSPs and for e-Government services using them.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/trustworthy-electronic-signatures-secure-e-government-and-trust-the-way-forward-for-improving-eu-citizens2019-trust-in-web-services-outlined-by-eu-agency-enisa




*** Android VPN redirect vuln now spotted lurking in Kitkat 4.4 ***
---------------------------------------------
Now may be a good time to check this out, says securo-bod Israeli researchers who specialise in ferreting out Android vulns have discovered a new flaw in KitKat 4.4 that allows an attacker to redirect secure VPN traffic to a third-party server.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/01/28/android_vpn_vuln_also_in_kitkat_44/




*** File Infectors and ZBOT Team Up, Again ***
---------------------------------------------
File infectors and ZBOT don't usually go together, but we recently saw a case where these two kinds of threats did. This particular file infector - PE_PATNOTE.A - appends its code to all executable files on the infected system,...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/n_0oP1-kYzo/




*** Login-Diebstahl: Warnung vor manipuliertem Filezilla-Client ***
---------------------------------------------
Avast warnt vor manipulierten Programmversionen des beliebten Filezilla-Clients. Wer die falsche Version des FTP-Programms nutzt, gibt Kriminellen die Zugangsdaten für die verwendeten FTP-Server. Betroffen sind nur Anwender, die Filezilla von der falschen Quelle heruntergeladen haben.
---------------------------------------------
http://www.golem.de/news/login-diebstahl-warnung-vor-manipuliertem-filezilla-client-1401-104213-rss.html




*** Blog: A cross-platform java-bot ***
---------------------------------------------
Early this year, we received a malicious Java application for analysis, which turned out to be a multi-platform bot capable of running on Windows, Mac OS and Linux. The bot was written entirely in Java. The attackers used vulnerability CVE-2013-2465 to infect users with the malware.
---------------------------------------------
http://www.securelist.com/en/blog/8174/A_cross_platform_java_bot




*** DDoS attacks become smarter, faster and more severe ***
---------------------------------------------
DDoS attacks will continue to be a serious issue in 2014 - as attackers become more agile and their tools become more sophisticated, according to Radware. Their report was compiled using data from over 300 cases and the Executive Survey consisting of personal interviews with 15 high-ranking security executives.
---------------------------------------------
http://www.net-security.org/secworld.php?id=16268




*** Worldwide Infrastructure Security Report ***
---------------------------------------------
Arbor's annual Worldwide Infrastructure Security Report offers unique insight from network operators on the front lines in the global battle against network threats.
---------------------------------------------
http://www.arbornetworks.com/resources/infrastructure-security-report




*** SI6 Networks IPv6 Toolkit ***
---------------------------------------------
A security assessment and troubleshooting tool for the IPv6 protocols
---------------------------------------------
http://www.si6networks.com/tools/ipv6toolkit/




*** Security Bulletin: Multiple vulnerabilities in IBM QRadar SIEM (CVE-2014-0838, CVE-2014-0835, CVE-2014-0836, CVE-2014-0837) ***
---------------------------------------------
Multiple vulnerabilities exist in the AutoUpdate settings page and the AutoUpdate process within the IBM QRadar SIEM that when used together could result in remote code execution.
---------------------------------------------
https://www-304.ibm.com/support/docview.wss?uid=swg21663066




*** VU#686662: Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities ***
---------------------------------------------
Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. If users have not deployed either of these filters then they are not affected.
---------------------------------------------
http://www.kb.cert.org/vuls/id/686662




*** VU#863369: Mozilla Thunderbird does not adequately restrict HTML elements in email message content ***
---------------------------------------------
Mozilla Thunderbird does not adequately restrict HTML elements in email content, which could allow an attacker to execute arbitrary script when a specially-crafted email message is forwarded or replied to.  ---------------------------------------------
http://www.kb.cert.org/vuls/id/863369


More information about the Daily mailing list