[CERT-daily] Tageszusammenfassung - Dienstag 4-11-2014

Daily end-of-shift report team at cert.at
Tue Nov 4 18:08:05 CET 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 03-11-2014 18:00 − Dienstag 04-11-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Smuggler - An interactive 802.11 wireless shell without the need for authentication or association ***
---------------------------------------------
I've always been fascinated by wireless communications. The ability to launch seemingly invisible packets of information up into the air without even the need to consider aerodynamics itself seems like some kind of magic. In my quest to become a wireless wizard I started looking at the 802.11 wireless protocol to find out a little more about it. I had always noticed when looking at wireless management frames in various packet dumps that a wealth of additional (and somewhat optional)...
---------------------------------------------
http://blog.spiderlabs.com/2014/11/smuggler-an-interactive-80211-wireless-shell-without-the-need-for-authentication-or-association.html




*** Some samples in Rotten Tomato campaign not effectively executed ***
---------------------------------------------
Researchers at Sophos provided additional details on the malware used in the attacks.
---------------------------------------------
http://www.scmagazine.com/some-samples-in-rotten-tomato-campaign-not-effectively-executed/article/381052/




*** Whois someone else?, (Tue, Nov 4th) ***
---------------------------------------------
A couple of weeks ago, I already covered the situation where a cloud IP address gets re-assigned, and the new owner still sees some of your traffic. Recently, one of our clients had the opposite problem: They had changed their Internet provider, and had held on to the old address range for a decent decay time. They even confirmed with a week-long packet capture that there was no afterglow on the link, and then dismantled the setup. Until last week, when they got an annoyed rant into their...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18911&rss




*** New version of Backoff detected, malware variant dubbed ROM ***
---------------------------------------------
Researchers at Fortinet detailed the new variant on Monday, and urged businesses to keep their AV up to date.
---------------------------------------------
http://www.scmagazine.com/new-version-of-backoff-detected-malware-variant-dubbed-rom/article/381054/




*** Practical Reflected File Download and JSONP ***
---------------------------------------------
This week introduced us to a new web attack vector, which the researcher dubbed "Reflected File Download" [RFD] . It's a very interesting attack which has potential to do some severe damage, especially in social engineering contexts. Full details of the reflected file download attack can be found here:...
---------------------------------------------
http://blog.davidvassallo.me/2014/11/02/practical-reflected-file-download-and-jsonp/




*** Content Security Policy Builder ***
---------------------------------------------
Content Security Policy is a new HTML5 web security feature. Your website can now explicitly tell browsers what sources of content - images, scripts, frames etc - are to be trusted. A new Content-Security-Policy HTTP header is used to announce that policy.
---------------------------------------------
https://cspbuilder.info/static/




*** Exploiting CVE-2014-4113 on Windows 8.1 ***
---------------------------------------------
On the 14th of October 2014 both CrowdStrike1 and FireEye2 published a blog post describing a new zero-day privilege escalation vulnerability on Windows. The CrowdStrike article explains that this new vulnerability was identified in the process of tracking a supposedly highly advanced adversary group named HURRICANE PANDA and has been actively exploited in the wild for at least five month. ... So I was curious if and how the vulnerability might be exploitable on the most current version of...
---------------------------------------------
http://dl.packetstormsecurity.net/papers/attack/CVE-2014-4113.pdf




*** Google Releases Nogotofail Tool to Test Network Security ***
---------------------------------------------
The last year has produced a rogues' gallery of vulnerabilities in transport layer security implementations and new attacks on the key protocols, from Heartbleed to the Apple gotofail flaw to the recent POODLE attack. To help developers and security researchers identify applications that are vulnerable to known SSL/TLS attacks and configuration problems, Google is releasing a...
---------------------------------------------
http://threatpost.com/google-releases-nogotofail-tool-to-test-network-security/109143




*** Customer confusion over new(ish) gTLDs targeting financial services ***
---------------------------------------------
Introduction For the last decade and a bit, banking customers have been relentlessly targeted by professional phishers with a never-ending barrage of deceitful emails, malicious websites and unstoppable crimeware - each campaign seeking to relieve the victim of their online banking credentials and funds. In the battle for the high-ground, many client-side and server-side security technologies have been invented and consequently circumvented over the years. Now we're about to enter a...
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/11/customer-confusion-over-newish-gtlds-targeting-financial-services/




*** Linksys Patches (Most) Routers Running SMART Wi-Fi Firmware ***
---------------------------------------------
Linksys released updates for routers running its SMART Wi-Fi firmware, patching vulnerabilities leading to credential theft and information disclosure. Two popular models, however, remain unpatched.
---------------------------------------------
http://threatpost.com/linksys-patches-most-routers-running-smart-wi-fi-firmware/109146




*** GNU Binutils peXXigen.c denial of service ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98420




*** ZDI-14-371: (0Day) Denon AVR-3313CI Friendlyname Persistent Cross-Site Scripting Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to insert persistent JavaScript on vulnerable installations of the Denon AVR-3313CI audio/video receivers web portal. Authentication is not required to persist the attack. However, user interaction is required to exploit this vulnerability in that the target must visit a malicious page.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-371/




*** ZDI-14-372: (0Day) Visual Mining NetCharts Server File Upload Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Visual Mining NetCharts Server. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-372/




*** Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability ***
---------------------------------------------
cisco-sa-20130109-uipphone
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone




*** DSA-3063 quassel ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3063




*** DSA-3062 wget ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3062


More information about the Daily mailing list