[CERT-daily] Tageszusammenfassung - Montag 7-07-2014

Mon Jul 7 18:13:16 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 04-07-2014 18:00 − Montag 07-07-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Self-signing custom Android ROMs ***
---------------------------------------------
The security model on the Google Nexus devices is pretty straightforward. The OS is (nominally) secure and prevents anything from accessing the raw MTD devices. The bootloader will only allow the user to write to partitions if its unlocked. The recovery image will only permit you to install images that are signed with a trusted key. In combination, these facts mean that its impossible for an attacker to modify the OS image without unlocking the bootloader[1], and unlocking the bootloader wipes
---------------------------------------------
http://mjg59.dreamwidth.org/31765.html


*** Java Support ends for Windows XP, (Sat, Jul 5th) ***
---------------------------------------------
Oracle is no longer supporting Java for Windows XP and will only support Windows Vista or later. Java 8 is not supported for Windows XP and users will be unable to install on their systems. Oracle warns "Users may still continue to use Java 7 updates on Windows XP at their own risk" [1] [1] https://www.java.com/en/download/faq/winxp.xml [2] http://www.oracle.com/us/support/library/057419.pdfhttps://www.java.com/en/download/faq/winxp.xml ----------- Guy Bruneau IPSS Inc. gbruneau at
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18345&rss


*** Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager ***
---------------------------------------------
Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily to make the whole process very easy, there is a growing market out there for password managers and lockers with extra layers of security. But, if you are using the mobile version of most popular password manager from Password management company
---------------------------------------------
http://feedproxy.google.com/~r/TheHackersNews/~3/Ajpf8i6yTao/critical-vulnerability-and-privacy.html


*** Zwei Patches schließen SQL-Injection-Lücken in Ruby on Rails ***
---------------------------------------------
Zwei recht ähnliche Lücken erlaubten SQL-Injections auf Websites, die auf Ruby on Rails 2.0.0 bis 3.1.18 sowie auf 4.x aufsetzen. In mehreren Anläufen haben die Rails-Entwickler die Lücken nun geschlossen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Zwei-Patches-schliessen-SQL-Injection-Luecken-in-Ruby-on-Rails-2250189.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** Malware Analysis with pedump, (Sat, Jul 5th) ***
---------------------------------------------
Are you looking for a tool to analyze Windows Portable Executable (PE) files? Consider using pedump a ruby win32 PE binary file analyzer. It currently support DOS MZ EXE, win16 NE and win32/64 PE. There are several ways to install the ruby package; however, the simplest way is to execute "gem install pedump" from a Linux workstation. You can also download the file here or use the pedump website to upload your file for analysis. This example shows the output from the pedump website.  
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18347&rss


*** Industrial Control System Firms In Dragonfly Attack Identified ***
---------------------------------------------
chicksdaddy (814965) writes Two of the three industrial control system (ICS) software companies that were victims of the so-called "Dragonfly" malware have been identified. ... Dale Peterson of the firm Digitalbond identified the vendors as MB Connect Line, a German maker of industrial routers and remote access appliances and eWon, a Belgian firm that makes virtual private network (VPN) software that is used to access industrial control devices like programmable logic controllers.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Jr0QiFtg7lc/story01.htm


*** Coinbase wallet app in SSL/TLS SNAFU ***
---------------------------------------------
The popular Bitcoin wallet Coinbase has a security flaw in its Android apps which could allow an attacker to steal authentication codes and access users accounts, according to a security researcher. Coinbase is far from alone in leaving its wallet app users vulnerable, so what should you do to stay safe when using mobile banking apps?
---------------------------------------------
http://feedproxy.google.com/~r/nakedsecurity/~3/GsgGIYu7TA0/


*** The Rise of Thin, Mini and Insert Skimmers ***
---------------------------------------------
Like most electronic gadgets these days, ATM skimmers are getting smaller and thinner, with extended battery life. Heres a look at several miniaturized fraud devices that were pulled from compromised cash machines at various ATMs in Europe so far this year.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/8s5hQ323oMY/


*** Fridge hacked. Car hacked. Next up, your LIGHT BULBS ***
---------------------------------------------
So shall you languish in darkness - or under disco-style strobes - FOREVER Those convinced that the emerging Internet of Things (IoT) will become a hackers playground were given more grist for their mill with news on Friday that security researchers have discovered a weakness in Wi-Fi/mesh networked lightbulbs.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/07/wifi_enabled_led_light_bulb_is_hackable_shocker/


*** Anwälte: Falsche Filesharing-Abmahnung verbreitet massenhaft Malware ***
---------------------------------------------
Zwei bekannte Anwälte warnen vor gefälschten Abmahnungen wegen illegalen Musikdownloads. An den massenhaft verschickten E-Mails hängt eine Zip-Datei mit Schadcode.
---------------------------------------------
http://www.golem.de/news/anwaelte-falsche-filesharing-abmahnung-verbreitet-massenhaft-malware-1407-107705-rss.html


*** IBM Security Bulletin: Multiple vulnerabilities exist in IMS Enterprise Suite SOAP Gateway (CVE-2014-0453, CVE-2013-4286, CVE-2013-4322) ***
---------------------------------------------
The IMS Enterprise Suite SOAP Gateway is affected by multiple vulnerabilities in IBM SDK, Java Technology Edition (April Update) and Apache Tomcat.  CVE(s): CVE-2014-0453, CVE-2013-4286 and CVE-2013-4322   Affected product(s) and affected version(s):   CVE ID: CVE-2014-0453 The SOAP Gateway component of the IMS Enterprise Suite versions 2.1, 2.2, 3.1.  CVE ID: CVE-2013-4286 CVE ID: CVE-2013-4322 The SOAP Gateway component of the IMS Enterprise Suite versions 2.2, 3.1.   
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_exist_in_ims_enterprise_suite_soap_gateway_cve_2014_0453_cve_2013_4286_cve_2013_4322?lang=en_us


*** OpenSSL vulnerabilities in IBM Products ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_openssl_vulnerability_in_ibm_flex_system_v7000_cve_2014_0224?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_security_bulletin_ibm_sterling_connect_direct_for_unix_is_affected_by_the_following_openssl_vulnerabilities_cve_2014_0224?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_sdk_for_node_js_is_affected_by_the_following_openssl_vulnerabilities_cve_2014_0224_cve_2014_0221_cve_2014_0195_cve_2014_0198_cve_2010_5298_cve_2014_3470?lang=en_us


*** RealPlayer MP4 Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030524


*** [webapps] - Netgear WNR1000v3 - Password Recovery Credential Disclosure Vulnerability ***
---------------------------------------------
http://www.exploit-db.com/exploits/33984


*** VU#960193: AVG Secure Search ActiveX control provides insecure methods ***
---------------------------------------------
Vulnerability Note VU#960193 AVG Secure Search ActiveX control provides insecure methods Original Release date: 07 Jul 2014 | Last revised: 07 Jul 2014   Overview The AVG Secure Search toolbar includes an ActiveX control that provides a number of unsafe methods, which may allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user.  Description AVG Secure Search is a toolbar add-on for web browsers that "... provides an additional security layer while
---------------------------------------------
http://www.kb.cert.org/vuls/id/960193


*** Bugtraq: CVE-2014-3863 - Stored XSS in JChatSocial ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532662


*** WordPress Theme My Login for WordPress file include ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/94160