[CERT-daily] Tageszusammenfassung - Donnerstag 10-07-2014

Thu Jul 10 18:44:48 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 09-07-2014 18:00 − Donnerstag 10-07-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** MSRT July 2014 - Caphaw ***
---------------------------------------------
This month we added Win32/Caphaw and Win32/Bepush to the Malicious Software Removal Tool (MSRT). Caphaw is a malware family that can be used by criminals to gain access to your PC - the ultimate goal is to steal your financial or banking-related information. The graph below shows the number of machine encounters we have seen since September 2013.   Figure 1: Caphaw encounters Caphaw can be installed on a PC via malicious links posted on Facebook, YouTube, and Skype. It can also spread through
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/07/08/msrt-july-2014-caphaw.aspx


*** International Authorities Take Down Shylock Banking Malware ***
---------------------------------------------
Europol announced today that it, along with international law enforcement and industry partners, conducted a successful takedown of the infrastructure supporting the Shylock banking malware.
---------------------------------------------
http://threatpost.com/international-authorities-take-down-shylock-banking-malware/107122


*** Certificate Errors in Office 365 Today, (Thu, Jul 10th) ***
---------------------------------------------
It looks like theres a mis-assignment of certificates today at Office 365. After login, the redirect to portal.office.com reports the following error: portal.office.com uses an invalid security certificate.  The certificate is only valid for the following names: *.bing.com, *.platform.bing.com, bing.com, ieonline.microsoft.com, *.windowssearch.com, cn.ieonline.microsoft.com, *.origin.bing.com, *.mm.bing.net, *.api.bing.com, ecn.dev.virtualearth.net, *.cn.bing.net, *.cn.bing.com, *.ssl.bing.com,
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18371&rss


*** ZDI-14-224: (0Day) Embarcadero ER/Studio Data Architect TSVisualization ActiveX loadExtensionFactory Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Embarcadero ER/Studio Data Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-224/


*** SA-CONTRIB-2014-069 - Logintoboggan - Access Bypass and Cross Site Scripting (XSS) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-069Project: LoginToboggan (third-party module)Version: 7.xDate: 2014-July-09Security risk: Moderately criticalExploitable from: RemoteVulnerability: Cross Site Scripting, Access bypassDescriptionThis module enables you to customise the standard Drupal registration and login processes.Cross Site ScriptingThe module doesnt filter user-supplied information from the URL resulting in a reflected Cross Site Scripting (XSS) vulnerability.Access BypassThe module
---------------------------------------------
https://www.drupal.org/node/2300369


*** Cisco WebEx Meetings Client Vulnerabilities ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3311


*** Cisco Unified Communications Manager DNA Vulnerabilities ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3318
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3317
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315


*** Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products ***
---------------------------------------------
cisco-sa-20140709-struts2
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2


*** Infoblox NetMRI Input Validation Flaw Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030541


*** [2014-07-10] Multiple critical vulnerabilities in Shopizer webshop ***
---------------------------------------------
The webshop software Shopizer is affected by multiple critical vulnerabilities. Attackers are able to completely compromise the system through arbitrary code execution or manipulate product prices or customer data.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-0_Shopizer_v1_multiple_critical_vulnerabilities_part1_v10.txt


*** [2014-07-10] Multiple high risk vulnerabilities in Shopizer webshop ***
---------------------------------------------
The webshop software Shopizer is affected by multiple high risk vulnerabilities. Attackers are able to bypass authentication / authorization and access invoice data of other customers.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-1_shopizer_v1_multiple_high_risk_vulnerabilities_part2_v10.txt


*** [2014-07-10] Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system ***
---------------------------------------------
Unauthenticated attackers are able to reconfigure the Schrack MICROCONTROL emergency light system by accessing the file system via telnet or FTP. Furthermore a weak default password can be exploited.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt


*** [2014-07-10] Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu ***
---------------------------------------------
The vulnerability in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu enables an attacker to extract all the configured passwords without authentication. The attacker can use the extracted passwords to access the WebVisu and control the system.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-3_WAGO_Controller_WebVisu_Password_Disclosure_v10.txt


*** Vulnerability in Citrix XenDesktop could result in unauthorized access to another users desktop ***
---------------------------------------------
Severity: High Description of Problem A vulnerability has been identified in Citrix XenDesktop that could result in a user gaining unauthorized interactive access to another user's desktop.
---------------------------------------------
http://support.citrix.com/article/CTX139591


*** HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP Cloud Service Automation. The vulnerability could be exploited to allow unauthorized access and disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04368546


*** HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Software Operation Orchestration. The vulnerabilities could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04368523


*** Vuln: PHP unserialize() Function Type Confusion Security Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/68237