[CERT-daily] Tageszusammenfassung - Donnerstag 22-05-2014

Thu May 22 18:11:06 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 21-05-2014 18:00 − Donnerstag 22-05-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** 145 Millionen Kunden von eBay-Hack betroffen ***
---------------------------------------------
Unbekannte haben einen grossen Teil der Kundendatenbank der Online-Handelsplattform kopiert. Während der Druck auf eBay steigt, gibt es erste Hinweise, dass die gestohlenen Daten schon missbraucht werden.
---------------------------------------------
http://www.heise.de/security/meldung/145-Millionen-Kunden-von-eBay-Hack-betroffen-2195974.html


*** Multiple Vulnerabilities in Cisco NX-OS-Based Products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos


*** SA-CONTRIB-2014-057 - Password policy - General logic error ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-057, Project: Password policy (third-party module), Version: 7, Security risk: Moderately critical; This module enables you to define password policies with various constraints on allowable user passwords. The history constraint, when enabled, disallows a users password from being changed to match a specified number of their ..
---------------------------------------------
https://drupal.org/node/2271839


*** SA-CONTRIB-2014-055 - Require Login - Access bypass ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-055, Project: Require Login (third-party module), Version: 7, Security risk: Moderately critical; This module enables you to restrict access to a site for all non-authenticated users.The module does not protect the front page, thereby exposing any sensitive information on the front page to anonymous users.This vulnerability is mitigated by the fact that private/sensitive information ..
---------------------------------------------
https://drupal.org/node/2271837


*** SA-CONTRIB-2014-056 - Commerce Moneris - Information Disclosure ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-056, Project: Commerce Moneris (third-party module), Version: 7, Security risk: Critical; Commerce Moneris is a payment module that integrates the Moneris payment system with Drupal Commerce.The module stores credit card data in a commerce order object unnecessarily for the purpose of passing the credit card information to the payment gateway. The credit card information is ..
---------------------------------------------
https://drupal.org/node/2271823


*** SA-CONTRIB-2014-054 - Views - Access Bypass ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-054, Project: Views (third-party module), Version: 7, Security risk: Moderately critical; The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented.The module doesnt sufficiently check handler access when returning the list of handlers ..
---------------------------------------------
https://drupal.org/node/2271809


*** IBM Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Portal ***
---------------------------------------------
IBM WebSphere Application Server is shipped as a component of IBM WebSphere Portal. Information about a security vulnerabilities affecting IBM WebSphere Application Server has been published in security bulletins.  CVE(s): CVE-2014-0963  Affected product(s) ..
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_security_vulnerabilities_have_been_identified_in_ibm_websphere_application_server_shipped_with_ibm_websphere_portal?lang=en_us


*** A peek inside a newly launched all-in-one E-shop for cybercrime-friendly services ***
---------------------------------------------
Cybercriminals continue diversifying their portfolios of standardized fraudulent services, in an attempt to efficiently monetize their malicious 'know-how', further contributing to the growth of the cybercrime ecosystem. In a series of blog posts highlighting the emergence of the boutique cybercrime-friendly E-shops, we've been emphasizing on the over-supply of compromised/stolen accounting data, efficiently aggregated ..
---------------------------------------------
http://www.webroot.com/blog/2014/05/21/peek-inside-newly-launched-one-e-shop-cybercrime-friendly-services/


*** Redmond wont fix IE 8 zero day, says harden up instead ***
---------------------------------------------
Phishers get fresh code execution bait Microsoft has decided not to fix an IE 8 zero-day first identified seven months ago, instead telling users to harden up their browsers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/05/22/ie_8_zero_day_dumped_after_7_months_redmond_says_harden_up/


*** Hacker wollen Apples iOS-Aktivierungssperre geknackt haben ***
---------------------------------------------
Eine Team aus den Niederlanden und Marokko behauptet, die in iCloud integrierte Funktion ausgehebelt zu haben, mit der Apple die Nutzung geklauter iPhones und iPads verhindern will - angeblich per Man-in-the-Middle-Angriff. Bislang fehlen viele Details.
---------------------------------------------
http://www.heise.de/security/meldung/Hacker-wollen-Apples-iOS-Aktivierungssperre-geknackt-haben-2195353.html


*** Multiple Vulnerabilities in TYPO3 CMS ***
---------------------------------------------
It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Overall Severity: Medium
---------------------------------------------
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/


*** XML Schema, DTD, and Entity Attacks - A Compendium of Known Techniques ***
---------------------------------------------
The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. ... When used incorrectly, certain aspects of these document definition and validation features can lead to security vulnerabilities in applications that use XML. This document attempts to provide an up to date reference on these attacks, enumerating all publicly known techniques applicable to the most popular XML parsers in use while exploring a few novel attacks as well.
---------------------------------------------
http://packetstorm.interhost.co.il/papers/general/XMLDTDEntityAttacks.pdf