[CERT-daily] Tageszusammenfassung - Dienstag 3-06-2014

Tue Jun 3 18:06:24 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 02-06-2014 18:00 − Dienstag 03-06-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Energy Bill Spam Campaign Serves Up New Crypto Malware ***
---------------------------------------------
Everyone hates getting bills, and with each new one it seems like the amount due just keeps getting higher and higher. However, Symantec recently discovered an energy bill currently being ..
---------------------------------------------
http://www.symantec.com/connect/blogs/energy-bill-spam-campaign-serves-new-crypto-malware


*** Writing robust Yara detection rules for Heartbleed ***
---------------------------------------------
This blog walks through the methodology and process of writing robust Yara rules to detect either Heartbleed vulnerable OpenSSL statically linked or shared libraries which omit version information. Although Yara is designed for pattern matching and typically used by malware researchers we'll show how we can also use it to detect vulnerable binaries.
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/06/writing-robust-yara-detection-rules-for-heartbleed/


*** Huawei-Router lassen sich aus dem Internet kapern ***
---------------------------------------------
Eine Reihe von Schwachstellen in zwei Mobilnetz-Routern von Huawei ermglichen es, die Geräte aus dem Internet zu kapern. Eine der Schwachstellen hatte Huawei schon einmal geschlossen - offensichtlich nicht gründlich genug.
---------------------------------------------
http://www.heise.de/security/meldung/Huawei-Router-lassen-sich-aus-dem-Internet-kapern-2214983.html


*** TYPO3-EXT-SA-2014-009: Cross-Site Scripting in news ***
---------------------------------------------
It has been discovered that the extension "News system" (news) is susceptible to Cross-Site Scripting
---------------------------------------------
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-009/


*** Vulnerabilities in All in One SEO Pack Wordpress Plugin Put Millions of Sites At Risk ***
---------------------------------------------
Multiple Serious vulnerabilities have been discovered in the most famous "All In One SEO Pack" plugin for WordPress, that put millions of Wordpress websites at risk.
---------------------------------------------
https://thehackernews.com/2014/05/vulnerabilities-in-all-in-one-seo-pack.html


*** (0Day) Rocket Servergraph Admin Center for TSM userRequest save_server_groups Command Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rocket Servergraph Admin Center for Tivoli Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the userRequest servlet. It is possible to inject arbitrary operating system commands when the servlet ..
---------------------------------------------
http://zerodayinitiative.com/advisories/ZDI-14-166/


*** Using nmap to scan for DDOS reflectors ***
---------------------------------------------
As we have seen in past diaries about reflective DDOS attacks they are certainly the flavor of the day.  US-CERT claims  there are several UDP based protocols that are potential attack vectors.  In my experience the most prevalent ones are DNS, NTP, SNMP, and CharGEN.  Assuming you have permission; Is there an easy way to do good data gathering for these ports on your network? Yes, as a matter of a fact it can be done in one simple nmap command.
---------------------------------------------
https://isc.sans.edu/diary/Using+nmap+to+scan+for+DDOS+reflectors/18193


*** dbus-glib pam_fprintd Local Root Exploit ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060009


*** DCMTK Privilege Escalation ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060011