[CERT-daily] Tageszusammenfassung - Dienstag 10-06-2014

Daily end-of-shift report team at cert.at
Tue Jun 10 18:19:34 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 06-06-2014 18:00 − Dienstag 10-06-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** Microsoft preps seven fixes, two critical, for Patch Tuesday release ***
---------------------------------------------
The critical patches will remediate remote code execute (RCE) bugs in Windows, IE, Office and Microsoft Lync.
---------------------------------------------
http://www.scmagazine.com/microsoft-preps-seven-fixes-two-critical-for-patch-tuesday-release/article/351559/




*** Microsoft will Uralt-Lücke bei Internet Explorer ausmerzen ***
---------------------------------------------
Sieben Update-Pakete für kommenden Patchday angekündigt - Support für XP fraglich
---------------------------------------------
http://derstandard.at/2000001862657




*** Security updates available for Adobe Flash Player (APSB14-16) ***
---------------------------------------------
Adobe has released security updates for Adobe Flash Player 13.0.0.214 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.359 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:...
---------------------------------------------
https://helpx.adobe.com/security/products/flash-player/apsb14-16.html




*** Microsoft Fixing Windows 8 Flaws, But Leaving Them In Windows 7 ***
---------------------------------------------
mask.of.sanity sends this news from El Reg: "Microsoft has left Windows 7 exposed by only applying security upgrades to its newest operating systems. Researchers found the gaps after they scanned 900 Windows libraries using a custom diffing tool and uncovered a variety of security functions that were updated in Windows 8 but not in 7. They said the shortcoming could lead to the discovery of zero day vulnerabilities. The missing safe functions were part of Microsofts dedicated libraries...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Rz2E0q7KOps/story01.htm




*** Coordinated malware eradication nears launch ***
---------------------------------------------
Good news: the coordinated malware eradication preparations are almost done. We have held several roundtable meetings at industry events around the world, and the last two are scheduled for June and July. We had insightful conversations with a diverse group of experts from across the antimalware industry. The ideas have converged into a shared vision of how we'll work together to put pressure on the malware ecosystem. I am excited for the first coordinated eradication campaigns to...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/06/04/coordinated-malware-eradication-nears-launch.aspx




*** Routersicherheit: Fritzbox sucht automatisch nach Firmware-Updates ***
---------------------------------------------
AVM hat eine Konsequenz aus der schweren Sicherheitslücke seiner Router gezogen. Eine Laborversion ermöglicht nun ein automatisches Update der Firmware.
---------------------------------------------
http://www.golem.de/news/routersicherheit-fritzbox-sucht-automatisch-nach-firmware-updates-1406-107040-rss.html




*** Backstage with the Gameover Botnet Hijackers ***
---------------------------------------------
When youre planning to rob the Russian cyber mob, youd better be sure that you have the element of surprise, that you can make a clean getaway, and that you understand how your target is going to respond. Todays column features an interview with two security experts who helped plan and execute this weeks global, collaborative effort to hijack the Gameover Zeus botnet, an extremely resilient and sophisticated crime machine that helped an elite group of thieves steal more than $100 million from
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/QUb7mFxjXlc/




*** Extracting the payload from a CVE-2014-1761 RTF document ***
---------------------------------------------
Background In March Microsoft published security advisory 2953095, detailing a remote code execution vulnerability in multiple versions of Microsoft Office (CVE-2014-1761). A Technet blog was released at the same time which contained excellent information on how a typical malicious document would be constructed. NCC Group's Cyber Defence Operations team used the information in the Technet blog to identify a malicious document within our malware zoo that exploited this vulnerability which...
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/06/extracting-the-payload-from-a-cve-2014-1761-rtf-document/




*** Weve Set Up a One-Click Test For GameOver ZeuS ***
---------------------------------------------
Today weve published a new, quick way to check if your computer is infected by GameOver ZeuS (GOZ). Last week the GOZ botnet was disrupted by international law enforcement together with industry partners, including ourselves.It is of critical importance to realize GOZ was disrupted - not dismantled. Its not technically impossible for the botnet administrators to reclaim control in the near future. More than one million computers are infected by GOZ, time is of the essence.To assist with...
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002712.html




*** Cyber-Kriminalität kostet laut Studie weltweit über 400 Mrd. Dollar ***
---------------------------------------------
In Österreich beträgt der Schaden 0,41 Prozent des Bruttoinlandsproduktes
---------------------------------------------
http://derstandard.at/2000001878950




*** "Red Button" Attack Could Compromise Some Smart TVs ***
---------------------------------------------
A vulnerability in an emerging interactive television standard could open up number of smart TVs to untraceable drive-by attacks.
---------------------------------------------
http://threatpost.com/red-button-attack-could-compromise-some-smart-tvs/106547




*** Chrome OS leaks data to Google before switching on a VPN, says GCHQ ***
---------------------------------------------
UK spy-base wing in new advice for BlackBerry, and Google OSes The sexy-named Communications Electronics Security Group (CESG) - the bit of GCHQ that helps Brits protect secrets from foreign spies (never mind GCHQ) - has issued new advice for securing BlackBerry OS 10, Android and Chrome OS 32.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/06/10/security_guidance_for_blackberry_1021_android_44_and_chrome_os/




*** Zeus Alternative "Pandemiya" Emerges in Cybercrime Underground ***
---------------------------------------------
Pandemiya has all the capabilities that are typical among banking Trojans, such as injecting fake elements into websites, capturing screenshots of the users computer screen, and encrypting its communications with the control panel. What sets Pandemiya apart from all other banking Trojans is the fact that it has been written from scratch without sharing any source code with Zeus, Fleyder said.
---------------------------------------------
https://www.securityweek.com/zeus-alternative-pandemiya-emerges-cybercrime-underground




*** iOS Malware Does Exist ***
---------------------------------------------
Before somebody asks me (again) whether there are any iOS malware or not, I decided to consolidate the information for you.
---------------------------------------------
https://blog.fortinet.com/iOS-malware-do-exist/




*** Cisco Wireless LAN Controller Cisco Discovery Protocol Denial of Service Vulnerability ***
---------------------------------------------
CVE-2014-3291
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291




*** Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014) ***
---------------------------------------------
Severity: High Overview The OpenSSL security advisory released on the 5 th of June 2014 disclosed six security vulnerabilities in this open source component; these are described below:
---------------------------------------------
http://support.citrix.com/article/CTX140876




*** SAP Hard-Coded Credentials ***
---------------------------------------------
Topic: SAP Hard-Coded Credentials Risk: Medium Text: Onapsis Security Advisories:Multiple Hard-coded Usernames (CWE-798) have been found and patched in a variety of SAP componen...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060046




*** MediaWiki Input Validation Flaw in Special:PasswordReset Permits Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1030364




*** VU#758382: Unauthorized modification of UEFI variables in UEFI systems ***
---------------------------------------------
Vulnerability Note VU#758382 Unauthorized modification of UEFI variables in UEFI systems Original Release date: 09 Jun 2014 | Last revised: 09 Jun 2014   Overview Certain firmware implementations may not correctly protect and validate information contained in certain UEFI variables. Exploitation of such vulnerabilities could potentially lead to bypass of security features and/or denial of service for the platform.  Description According to Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam...
---------------------------------------------
http://www.kb.cert.org/vuls/id/758382




*** Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability ***
---------------------------------------------
CVE-2014-3287
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287




*** WebEx Meeting Server Sensitive Information Disclosure Vulnerability ***
---------------------------------------------
CVE-2014-3294
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3294




*** Vuln: Cisco Wireless LAN Controller CVE-2014-3291 Denial of Service Vulnerability ***
---------------------------------------------
Cisco Wireless LAN Controller CVE-2014-3291 Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/67926




*** IBM Security Bulletin: Denial of Service attack possible on Cúram instances using Apache Commons FileUpload (CVE-2014-0050) ***
---------------------------------------------
A version of Apache Commons FileUpload shipped with Cúram is vulnerable to a denial of service attack.  CVE(s): CVE-2014-0050  Affected product(s) and affected version(s):   Cúram Social Program Management  All products are affected when running code releases 4.5 SP10, 5.0, 5.2, 5.2 SP1, 5.2 SP4, 5.2 SP4 DE, 5.2 SP5, 5.2 SP6, 6.0 SP2, 6.0.3.0, 6.0.4.0, 6.0.4.3, 6.0.4.4, 6.0.4.5, 6.0.5.2, 6.0.5.3, 6.0.5.4.    Refer to the following reference URLs for remediation and additional...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_denial_of_service_attack_possible_on_c%25C3%25BAram_instances_using_apache_commons_fileupload_cve_2014_0050?lang=en_us




*** WebTitan: Multiple critical vulnerabilities ***
---------------------------------------------
product: WebTitan vulnerable version: 4.01 (Build 68) fixed version: 4.04 impact: critical ... 1) SQL Injection 2) Remote command execution 3) Path traversal 4) Unprotected Access
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt


More information about the Daily mailing list