[CERT-daily] Tageszusammenfassung - Donnerstag 17-07-2014

Thu Jul 17 18:11:21 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 16-07-2014 18:00 − Donnerstag 17-07-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Kritische Sicherheitslücke gefährdet Router und Modems von Cisco ***
---------------------------------------------
Neun Consumer-Router und Kabelmodems von Cisco sind anfällig für eine kritische Lücke, die es Angreifern aus dem Netz ermöglicht, das Gerät zu kapern. Auch deutsche Provider setzten die betroffenen Modelle ein.
---------------------------------------------
http://www.heise.de/security/meldung/Kritische-Sicherheitsluecke-gefaehrdet-Router-und-Modems-von-Cisco-2262088.html


*** Cisco Wireless Residential Gateway Remote Code Execution Vulnerability ***
---------------------------------------------
A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm


*** Cisco Cable Modem Buffer Overflow Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
A remote user can send a specially crafted HTTP request to the target device to trigger a buffer overflow and execute arbitrary code on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1030598


*** Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
The specific flaw exists within the updating of mod_status. A race condition in mod_status allows an attacker to disclose information or corrupt memory with several requests to endpoints with handler server-status and other endpoints. By abusing this flaw, an attacker can possibly disclose credentials or leverage this situation to achieve remote code execution.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-236/


*** Zusatzinformationen zum Interview im Standard ***
---------------------------------------------
Zusatzinformationen zum Interview im Standard16. Juli 2014Wir freuen uns (fast) immer, wenn wir in Medien zitiert werden, und wir damit eine deutlich breitere Masse erreichen, als nur über unsere direkten Kanäle (Webseite, RSS, Mail, Twitter).Nur: Interviews müssen meist recht schnell gehen, Journalisten arbeiten täglich mit harten Deadlines und auf Papier gibt es beschränkten Platz und keine Hyperlinks.Daher will ich hier ein bisschen Kontext zum Interview geben, das ..
---------------------------------------------
http://www.cert.at/services/blog/20140716101643-1199.html


*** SA-CORE-2014-003 - Drupal core - Multiple vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. (Denial of Service, Cross Site Scripting, Access Bypass)
---------------------------------------------
https://www.drupal.org/SA-CORE-2014-003


*** SA-CONTRIB-2014-071 - FileField - Access bypass ***
---------------------------------------------
A vulnerability was discovered in the FileField third-party module that could allow attackers to gain access to private files.
---------------------------------------------
https://www.drupal.org/node/2304561


*** Kaum eingeführt, schon umgestellt: Apple verbessert iCloud-Mail-Verschlüsselung ***
---------------------------------------------
Nur wenige Tage nach der Einführung einer Transportverschlüsselung für Apples iCloud-Mail-Dienste bessert der Konzern nach. Zumindest einige Server genügen jetzt aktuellen Anforderungen an gute Verschlüsselung.
---------------------------------------------
http://www.heise.de/security/meldung/Kaum-eingefuehrt-schon-umgestellt-Apple-verbessert-iCloud-Mail-Verschluesselung-2261893.html


*** Pushdo Trojan outbreak: 11 THOUSAND systems infected in just 24 hours ***
---------------------------------------------
A wave of attacks by cybercrooks pushing a new variant of the resilient Pushdo Trojan has compromised more than 11,000 systems in just 24 hours.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/17/pushdo_trojan_outbreak/


*** Paper: Mayhem - a hidden threat for *nix web servers ***
---------------------------------------------
New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system.
---------------------------------------------
http://www.virusbtn.com/news/2014/07_17.xml


*** Havex, It's Down With OPC ***
---------------------------------------------
FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as 'Fertger' or 'PEACEPIPE'), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in ..
---------------------------------------------
http://www.fireeye.com/blog/technical/targeted-attack/2014/07/havex-its-down-with-opc.html