[CERT-daily] Tageszusammenfassung - Dienstag 1-07-2014

Daily end-of-shift report team at cert.at
Tue Jul 1 18:08:09 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 30-06-2014 18:00 − Dienstag 01-07-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** Microsoft Darkens 4MM Sites in Malware Fight ***
---------------------------------------------
Millions of Web sites were shuttered Monday morning after Microsoft executed a legal sneak attack against a malware network thought to be responsible for more than 7.4 million infections of Windows PCs worldwide.
---------------------------------------------
http://krebsonsecurity.com/2014/07/microsoft-darkens-4mm-sites-in-malware-fight/




*** Apple Releases Security Updates for OS X, Safari, iOS devices, and Apple TV ***
---------------------------------------------
Apple has released security updates for Mac OS X, Safari, iOS devices, and Apple TV to address multiple vulnerabilities, some of which could allow attackers to execute arbitrary code with system privileges or cause an unexpected application termination.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2014/07/01/Apple-Releases-Security-Updates-OS-X-Safari-iOS-devices-and-Apple




*** [2014-06-30] Multiple vulnerabilities in IBM Algorithmics RICOS ***
---------------------------------------------
Abusing multiple vulnerabilities within IBM Algorithmics RICOS, an attacker can take over foreign user accounts and bypass authorization mechanisms.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt




*** JBoss Seam org.jboss.seam.web.AuthenticationFilter code execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/94090




*** ICS Focused Malware ***
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-178-01




*** CERT-Bund: Trojaner-Opfer ändern Passwörter, PCs bleiben infiziert ***
---------------------------------------------
Die Auswertung von zehntausenden kompromittierten Mail-Zugangsdaten zeigt, dass ein beträchtlicher Teil der Opfer zwar sein Passwort ändert, allerdings schnell erneut zum Opfer wird - möglicherweise, weil der Rechner nicht desinfiziert wurde.
---------------------------------------------
http://www.heise.de/security/meldung/CERT-Bund-Trojaner-Opfer-aendern-Passwoerter-PCs-bleiben-infiziert-2243405.html




*** [2014-07-01] Stored cross site scripting in EMC Documentum eRoom ***
---------------------------------------------
Due to improper input validation, EMC Documentum eRoom suffers from multiple stored cross-site scripting vulnerabilities, which allow an attacker to steal other users sessions, to impersonate other users and to gain unauthorized access to documents hosted in eRooms.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140701-0_EMC_Documentum_eRoom_Stored_XSS_v10.txt




*** Apple testet Zwei-Faktor-Authentifizierung auf iCloud.com ***
---------------------------------------------
Künftig sollen auch auf Apples Cloud-Portal Zugangsdaten besser abgesichert werden. Gestern war die Funktion kurzzeitig freigegeben.
---------------------------------------------
http://www.heise.de/security/meldung/Apple-testet-Zwei-Faktor-Authentifizierung-auf-iCloud-com-2243841.html




*** Verwirrung um Microsofts Sicherheits-Newsletter ***
---------------------------------------------
Wer Windows-Rechner administriert, weiss den Security-Notifications-Newsletter von Microsoft zu schätzen. Letzte Woche kündigte das Unternehmen an, diesen einzustellen - um die Entscheidung kurz darauf zu revidieren.
---------------------------------------------
http://www.heise.de/security/meldung/Verwirrung-um-Microsofts-Sicherheits-Newsletter-2243456.html




*** Cyberspying Campaign Comes With Sabotage Option ***
---------------------------------------------
New research from Symantec spots US and Western European energy interests in the bulls eye, but the campaign could encompass more than just utilities.
---------------------------------------------
http://www.darkreading.com/vulnerabilities---threats/advanced-threats/cyberspying-campaign-comes-with-sabotage-option/d/d-id/1278990




*** Geodo: New Cridex Version Combines Data Stealer and Email Worm ***
---------------------------------------------
Recent efforts by our Research Lab has revealed new activity related to Cridex. As you may recall, Cridex is a data stealer also referred to as Feodo, and Bugat. The new Cridex version we are seeing now, aka Geodo, combines a self-spreading infection method - effectively turning each bot in the botnet ..
---------------------------------------------
http://www.seculert.com/blog/2014/07/geodo-new-cridex-version-combines-data-stealer-and-email-worm.html




*** Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters) ***
---------------------------------------------
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to upload any file remotely to the vulnerable website (i.e., no authentication is required). This is a serious vulnerability, The MailPoet plugin (wysija-newsletters) ..
---------------------------------------------
http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html




*** IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) Potential IPMI credentials Exposure ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/90880






More information about the Daily mailing list