[CERT-daily] Tageszusammenfassung - Dienstag 8-07-2014

Tue Jul 8 18:15:53 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 07-07-2014 18:00 − Dienstag 08-07-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Multi Platform *Coin Miner Attacking Routers on Port 32764, (Mon, Jul 7th) ***
---------------------------------------------
Thanks to reader Gary for sending us in a sample of a *Coin miner that he found attacking Port 32764. Port 32764 was recently found to offer yet another backdoor on Sercomm equipped devices. We covered this backdoor before [1] The bot itself appears to be a variant of the "zollard" worm sean before by Symantec [2]. Symantecs writeup describes the worm as attacking a php-cgi vulnerability, not the Sercomm backdoor. But this worm has been seen using various exploits. Here some quick,...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18353&rss


*** When Adware Goes Bad: The Installbrain and Sefnit Connection ***
---------------------------------------------
"Monetize On Non-buyers" is the bold motto of InstallBrain-adware that turns out to have been developed by an Israeli company called iBario Ltd. This motto clearly summarizes the potential risks adware companies can introduce to users, especially when they install stuff on...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nRXcb4Udr5o/


*** IEEE expands malware initiatives ***
---------------------------------------------
Clearing-house for software metadata Standards body the IEEE has launched two new anti-malware initiatives designed to help software and security vendors spot malware thats been inserted into other software, and improve the performance of malware detection by cutting down on false positives.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/08/ieee_expands_malware_initiatives/


*** NTT Group 2014 Global Threat Intelligence Report ***
---------------------------------------------
The NTT Group 2014 Global Threat Intelligence Report (GTIR) emphasizes that the security basics, when done right, can be enough to mitigate and even avoid high-profile, costly data breaches altogether. Using statistics and real-world case studies, the report shows that combining threat avoidance and threat response capabilities into a strategic approach provides the best chance to reduce the impact of threats.
---------------------------------------------
http://www.solutionary.com/research/threat-reports/annual-threat-report/ntt-group-gtir-2014/


*** Paper: VBA is not dead! ***
---------------------------------------------
Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate.
---------------------------------------------
http://www.virusbtn.com/news/2014/07_07.xml?rss


*** Android Vulnerability Allows Applications to Make Unauthorized Calls without Permissions ***
---------------------------------------------
A major vulnerability believed to be present in most versions of Android can allow a malicious Android applications on the Android app store to make phone calls on a user's device, even when they lack the necessary permissions. The critical vulnerability was identified and reported to Google Inc. late last year by researchers from German security firm Curesec. The researchers believe the...
---------------------------------------------
http://thehackernews.com/2014/07/android-vulnerability-allows.html


*** Google Android / eduroam-Zugangsdaten ***
---------------------------------------------
Bei mobilen Geräten mit Android-Betriebssystem ist die Default-Konfiguration für die Option CA-Zertifikat für WLAN-Verbindungen "keine Angabe". Konkret bedeutet dieses als normal dokumentierte Verhalten, dass die Prüfung der Zertifikatskette komplett deaktiviert ist, d.h. jedes beliebige Zertifikat wird ohne weitere Warnung akzeptiert. Erschwerend kommt hinzu,...
---------------------------------------------
https://www.dfn-cert.de/aktuell/Google-Android-Eduroam-Zugangsdaten.html


*** How not to tell your customers how much you care about their security ***
---------------------------------------------
Weve written before about "what not to do" when sending emails to your customers. Heres another example, with an explanation of why doing the right thing will be better for everyone - including your marketing team! - in the long run.
---------------------------------------------
http://nakedsecurity.sophos.com/2014/07/08/how-not-to-tell-your-customers-how-much-you-care-about-their-security/


*** Metadaten gegen Viren-Fehlerkennugen ***
---------------------------------------------
Die IEEE hat eine Datenbank für Metadaten von Binaries gestartet. Sie liefert Informationen, über die ein Virenscanner eindeutig feststellen kann, ob eine Datei gutartig ist.
---------------------------------------------
http://www.heise.de/security/meldung/Metadaten-gegen-Viren-Fehlerkennugen-2251769.html


*** GKsu and VirtualBox Root Command Execution by Filename (CVE-2014-2943) ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu


*** Bugtraq: Backdoor access to Techboard/Syac devices ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532665


*** [remote] - Oracle Event Processing FileUploadServlet Arbitrary File Upload ***
---------------------------------------------
http://www.exploit-db.com/exploits/33989


*** Vuln: GitList CVE-2014-4511 Unspecified Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/68253


*** Security Advisory-Apache Struts2 vulnerability on Huawei multiple products ***
---------------------------------------------
Jul 07, 2014 21:09
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm


*** Apple iTunes 11.2.2 Insecure Libraries ***
---------------------------------------------
Topic: Apple iTunes 11.2.2 Insecure Libraries Risk: High Text:Hi @ll, Apples current iTunes 11.2.2 for Windows comes with the following COMPLETELY outdated and vulnerable 3rd party libr...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070042


*** Apache Syncope Insecure Password Generation ***
---------------------------------------------
Topic: Apache Syncope Insecure Password Generation Risk: Medium Text:CVE-2014-3503: Insecure Random implementations used to generate passwords in Apache Syncope Severity: Major Vendor: The ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070039


*** Vuln: WordPress Easy Banners Plugin easy-banners.php Cross Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/68281


*** Vuln: WordPress Custom Banners Plugin options.php Cross Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/68279


*** TYPO3 CMS 4.5.35, 6.1.10 and 6.2.4 released ***
---------------------------------------------
The TYPO3 Community announces the versions 4.5.35, 6.1.10 and 6.2.4 of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes.
---------------------------------------------
https://typo3.org/news/article/typo3-cms-4535-6110-and-624-released/


*** HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04343424