[CERT-daily] Tageszusammenfassung - Donnerstag 8-05-2014

Thu May 8 18:14:25 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 07-05-2014 18:00 − Donnerstag 08-05-2014 18:00
Handler:     L. Aaron Kaplan
Co-Handler:  Stephan Richter


*** The State of Cryptography in 2014, Part 2: Hardware, Black Swans, and What To Do Now ***
---------------------------------------------
We continue our look into the state of cryptography in 2014; Part 1 was posted earlier this week. Is Hardware Security Any Better? We closed the first post by asking: is hardware any more trustworthy? One would think that it is - but it's not. Recently, chip vendors have been incorporating cryptography into their CPUs or chipsets. Usually,...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5erAjAwWMmU/


*** SIRv16: Cybercriminal tactics trend toward deceptive measures ***
---------------------------------------------
Microsoft's Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110 countries/regions worldwide. The report is designed to help IT and security professionals better protect themselves and their organizations from cyberattacks. Malware data is gathered from the Malicious Software Removal Tool (MSRT), which is used to calculate the infection rate...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/05/07/sirv16-cybercriminal-tactics-trend-toward-deceptive-measures.aspx


*** Case Study: Analyzing the Origins of a DDoS Attack ***
---------------------------------------------
Recently a client was experiencing a massive layer 7 DDOS attack, generating tens of thousands of random HTTP requests per second to the server. The architecture of the website included a cluster of three web servers responsible for handling all incoming traffic, which did little to alleviate the pressures brought about the attack. An interestingRead More
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/7nrfa2OwFuo/map-of-a-ddos-attack.html


*** Systemkamera Samsung NX300 öffnet Hackern Tür und Tor ***
---------------------------------------------
Die Kamera enthält eine ganze Reihe von Sicherheitslücken, inklusive einem weit offen stehenden X-Server und einem reprogrammierbaren NFC-Chip. Angreifer könnten diese nutzen, um Schadcode auf dem Gerät auszuführen.
---------------------------------------------
http://www.heise.de/security/meldung/Systemkamera-Samsung-NX300-oeffnet-Hackern-Tuer-und-Tor-2185191.html


*** April 2014 virus activity review from Doctor Web ***
---------------------------------------------
April 30, 2014 April 2014 proved to be quite fruitful in terms of the emergence of new threats. In particular, Doctor Webs security researchers discovered a new multi-purpose backdoor targeting Windows. Also registered were numerous incidents involving adware browser extensions for Mac OS X. In addition, a variety of signatures for Android malware were added to the virus databases.
---------------------------------------------
http://news.drweb.com/show/?i=4376&lng=en&c=9


*** Volafox Mac OS X Memory Analysis Toolkit ***
---------------------------------------------
Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:...
---------------------------------------------
http://www.sectechno.com/2014/05/04/volafox-mac-os-x-memory-analysis-toolkit/


*** Security: Gravierende Lücke in AVG Remote Administration ***
---------------------------------------------
Nutzer, die das Fernwartungspaket AVG Remote Administration nutzen, sollten dringend einen aktuellen Patch installieren. Bisher war es möglich, dass Angreifer über das Programm Code einschleusen konnten - aber das ist nicht die einzige Lücke, weitere stehen noch offen.
---------------------------------------------
http://www.golem.de/news/security-gravierende-luecke-in-avg-remote-administration-1405-106335-rss.html


*** [2014-05-08] Multiple critical vulnerabilities in AVG Remote Administration ***
---------------------------------------------
Attackers are able to completely compromise the AVG Admin server (part of AVG Remote Administration) system as they can gain full access at the application and system level by exploiting remote code execution, authentication bypass, missing entity authentication and insecure encryption vulnerabilities. Attackers can also manage endpoints and possibly deploy attacker-controlled code on endpoints.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140508-0_AVG_Remote_Administration_Multiple_critical_vulnerabilities_v10.txt


*** Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players ***
---------------------------------------------
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute arbitrary code on the system of a targeted user.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex


*** SA-CONTRIB-2014-049 - Organic Groups (OG) - Access Bypass ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-049Project: Organic groups (third-party module)Version: 7.xDate: 2014-May-07Security risk: Moderately criticalExploitable from: RemoteVulnerability: Access bypassDescriptionOrganic groups (OG) enables users to create and manage their own groups. Each group can have subscribers, and maintains a group home page where subscribers communicate amongst themselves.OG doesnt sufficiently check the permissions when a group member is pending or blocked status within...
---------------------------------------------
https://drupal.org/node/2261245


*** Ruby on Rails Implicit Render Bug Lets Remote Users Obtain Files From the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1030210


*** HP Security Bulletins ***
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260505


*** Vuln: vBulletin Multiple Cross Site Scripting Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/66972


*** Vuln: SAP Solution Manager Background Processing Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/67107


*** Vuln: SAP NetWeaver Portal WD Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/67104


*** Security Advisory-Radius Vulnerability on Some Huawei Devices ***
---------------------------------------------
On huawei Campus Switch, AR, SRG,WLAN devices, the RADIUS component cannot handle malformed RADIUS packets. This vulnerability allows attackers to repeatedly restart the device, causing a DoS attack (Vulnerability ID: HWPSIRT-2014-0307).
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-334751.htm