[CERT-daily] Tageszusammenfassung - Freitag 2-05-2014

Fri May 2 18:17:34 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 30-04-2014 18:00 − Freitag 02-05-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter


*** Serious security flaw in OAuth, OpenID discovered ***
---------------------------------------------
Attackers can use the "Covert Redirect" vulnerability in both open-source login systems to steal your data and redirect you to unsafe sites.
---------------------------------------------
http://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/


*** Ubuntu schließt weitere Lücken im Unity-Sperrbildschirm ***
---------------------------------------------
Mit zwei Updates für ihren Unity-Desktop haben die Entwickler der Linux-Distribution weitere Sicherheitsprobleme behoben. Diese hätten es ermöglicht, den Sperrbildschirm unter bestimmten Umständen zu umgehen.
---------------------------------------------
http://www.heise.de/security/meldung/Ubuntu-schliesst-weitere-Luecken-im-Unity-Sperrbildschirm-2181210.html


*** Security Update Released to Address Recent Internet Explorer Vulnerability ***
---------------------------------------------
Today, we released a security update to address the Internet Explorer (IE) vulnerability first described in Security Advisory 2963983. This security update addresses every version of Internet Explorer.  While we've seen only a limited number of targeted attacks, customers are advised to install this update promptly. The majority of our customers have automatic updates enabled and so will not need to take any action as protections will be downloaded and installed automatically. If...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/05/01/security-update-released-to-address-recent-internet-explorer-vulnerability.aspx


*** Sefnit Botnet Swaps Tor for SSH ***
---------------------------------------------
Facebook security researchers spot a Sefnit/Mevade click-fraud and Bitcoin-mining botnet returning to its previous SSH command-and-control communications infrastructure.
---------------------------------------------
http://www.darkreading.com/attacks-breaches/sefnit-botnet-swaps-tor-for-ssh/d/d-id/1235007


*** Factsheet DNS Amplification ***
---------------------------------------------
DDoS-attacks have been hitting headlines the last year. In some of these attacks, attackers use a technique called DNS amplification. This factsheet will help network administrators in preventing DNS amplification attacks via their systems.
---------------------------------------------
http://www.ncsc.nl/english/current-topics/news/factsheet-dns-amplification.html


*** Apple Fixes Critical Hole in Developer Center ***
---------------------------------------------
Apple patched a potentially serious hole in its Developer Center that could have given anyone unfettered access to personal contact information for Apple employees and partners.
---------------------------------------------
http://threatpost.com/apple-fixes-critical-hole-in-developer-center/105848


*** All About Windows Tech Support Scams ***
---------------------------------------------
*Editors Notes: The purpose of this research was to see exactly how this scam is carried out, and the extent to which it is done. DO NOT TRY THIS AT HOME. We used a clean machine, off network, to monitor the activity of the scammer. Have you ever received a phone call from a tech support person claiming to be from Microsoft, and that your Windows based machine has been found to have a virus on it? These cold calls typically come from loud call centers, and are targeting the uninformed and...
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/qw_08fRmr5o/


*** SA-CONTRIB-2014-047 - Zen - Cross Site Scripting ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-047Project: Zen (third-party theme)Version: 7.xDate: 2014-April-30Security risk: Moderately criticalExploitable from: RemoteVulnerability: Cross Site ScriptingDescriptionThe Zen theme is a powerful, yet simple, HTML5 starting theme with a responsive, mobile-first grid design.The theme does not properly sanitize theme settings before they are used in the output of a page. Custom themes that have copied Zens template files (e.g. subthemes) may suffer from this
---------------------------------------------
https://drupal.org/node/2254925


*** Cross-Site Scripting Vulnerability in Citrix NetScaler Gateway, formerly Citrix Access Gateway Enterprise Edition ***
---------------------------------------------
Severity: Medium Description of Problem A Cross-Site Scripting (XSS) vulnerability has been identified in Citrix NetScaler Gateway, formerly known as Citrix Access Gateway Enterprise Edition...
---------------------------------------------
http://support.citrix.com/article/CTX140291


*** Cisco TelePresence TC and TE Bugs Let Remote Users Execute Arbitrary Code and Deny Service and Let Local Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1030181


*** AMTELCO miSecure Vulnerabilities ***
---------------------------------------------
Researcher Jared Bird of Allina Health reported multiple vulnerabilities in the AMTELCO miSecureMessage (MSM) medical messaging system. AMTELCO has an update available to all customers that mitigates the vulnerabilities.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01


*** WordPress plugin EZPZ One Click Backup Command Injection ***
---------------------------------------------
Topic: WordPress plugin EZPZ One Click Backup Command Injection Risk: High Text:Product: WordPress plugin EZPZ One Click Backup Vulnerability type: CWE-78 OS Command Injection Vulnerable versions: 12.03.10...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014050008


*** WordPress leaflet maps marker plugin SQL Injection Vulnerability ***
---------------------------------------------
Topic: WordPress leaflet maps marker plugin SQL Injection Vulnerability Risk: Medium Text: # # Exploit Title: WordPress leaflet maps marker plugin SQL Injection Vulnerability # # Author: neo.hapsis #memb...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014050010