[CERT-daily] Tageszusammenfassung - Mittwoch 5-11-2014
Daily end-of-shift report
team at cert.at
Wed Nov 5 18:17:40 CET 2014
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 04-11-2014 18:00 − Mittwoch 05-11-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Tool Tip: vFeed, (Wed, Nov 5th) ***
---------------------------------------------
I have had a number of occasions lately to use or talk about vFeed from Toolswatch.org (@toolwatch). NJ a useful Python CLI tool that pulls CVEs and other Mitre datasets. From the vFeed Github repo: vFeed framework is an open source naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML schema. It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18917&rss
*** Perfider Schädling haust in der Registry ***
---------------------------------------------
Viren sind typischerweise in Dateien Zuhause, die mal besser und mal schlechter auf dem System versteckt sind. Ein neuer Trojaner kommt ohne Dateien aus, wodurch man ihn schwer aufspüren kann. Er wird seit kurzem auch über ein Exploit-Kit verteilt.
---------------------------------------------
http://www.heise.de/security/meldung/Perfider-Schaedling-haust-in-der-Registry-2442082.html
*** Which Messaging Technologies Are Truly Safe and Secure? ***
---------------------------------------------
In the face of widespread Internet data collection and surveillance, we need a secure and practical means of talking to each other from our phones and computers. Many companies offer "secure messaging" products - but how can users know if these systems actually secure? The Electronic Frontier Foundation (EFF) released its Secure Messaging Scorecard today, evaluating dozens of messaging technologies on a range of security best practices.
---------------------------------------------
https://www.eff.org/press/releases/which-messaging-technologies-are-truly-safe-and-secure
*** Crypto collision used to hijack Windows Update goes mainstream ***
---------------------------------------------
Final nail in the coffin for the MD5 hash The cryptographic hash collision attack used by cyberspies to subvert Microsofts Windows Update has gone mainstream, revealing that MD5 is hopelessly broken.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/05/md5_hash_collision/
*** New Phishing Technique Outfoxes Site Owners: Operation Huyao ***
---------------------------------------------
We've found a new phishing technique targeting online shopping sites that may significantly change the threat landscape for phishing sites. Conventional phishing sites require an attacker to replicate the targeted site; a more accurate copy is more likely to fool intended victims. This technique we found allows for the creation of nearly perfect copies...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/SfVy0fROxfs/
*** Novembers Issue of the OUCH Newsletter is available, covering Social Engineering! http://www.securingthehuman.org/ouch, (Wed, Nov 5th) ***
---------------------------------------------
-- Alex Stanford - GIAC GWEB GSEC, Research Operations Manager, SANS Internet Storm Center (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18921&rss
*** Mehr Updates gegen die UEFI-Sicherheitslücke ***
---------------------------------------------
Für die vor Monaten entdeckte Sicherheitslücke in UEFI-Firmware stellen nun mehr PC- und Mainboard-Hersteller Patches bereit, andere geben Entwarnung - und manche forschen noch.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Mehr-Updates-gegen-die-UEFI-Sicherheitsluecke-2442775.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
*** .onion-Domains: Falsches Zertifikat für Tor-Facebook ***
---------------------------------------------
Einem Sicherheitsforscher ist es gelungen, ein gefälschtes Zertifikat für die .onion-URL von Facebook ausstellen zu lassen. Facebook ist seit kurzem über das Tor-Netzwerk erreichbar. (Soziales Netz, Facebook)
---------------------------------------------
http://www.golem.de/news/onion-domains-falsches-zertifikat-fuer-tor-facebook-1411-110337-rss.html
*** Bugtraq: CVE-2014-6617 Softing FG-100 Backdoor Account ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533902
*** Bugtraq: KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read ***
---------------------------------------------
KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read
---------------------------------------------
http://www.securityfocus.com/archive/1/533901
*** Cross-Site Scripting vulnerability in extension phpMyAdmin (phpmyadmin) ***
---------------------------------------------
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting.
---------------------------------------------
http://www.typo3.org/news/article/cross-site-scripting-vulnerability-in-extension-phpmyadmin-phpmyadmin/
*** Advisory (ICSA-14-308-01) ABB RobotStudio and Test Signal Viewer DLL Hijack Vulnerability ***
---------------------------------------------
Ivan Sanchez of WiseSecurity Team has identified a dll hijack vulnerability in the ABB RobotStudio and Test Signal Viewer applications. ABB has produced new versions that mitigate this vulnerability. Mr. Sanchez has tested the new version to validate that it resolves the vulnerability.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01
*** Axway Secure Transport 5.1 SP2 Arbitary File Upload via CSRF ***
---------------------------------------------
Topic: Axway Secure Transport 5.1 SP2 Arbitary File Upload via CSRF Risk: Medium Text:<!-- # Exploit Title: Axway Secure Transport 5.1 SP2 Arbitary File Upload via CSRF # Exploit author: Emmanuel Law # Public ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014110021
*** Multiple Vulnerabilities in Cisco Small Business RV Series Routers ***
---------------------------------------------
cisco-sa-20141105-rv
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv
*** DSA-3064 php5 ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3064
*** FreeBSD setlogin() Lets Local Users Obtain Portions of Kernel Memory ***
---------------------------------------------
http://www.securitytracker.com/id/1031169
*** FreeBSD OpenSSH Child Process Deadlock Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031168
*** IBM Security Bulletins related to POODLE (CVE-2014-3566) ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_liberty_for_java_for_ibm_bluemix_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_support_assistant_team_server_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_sterling_connect_express_for_unix_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_sterling_connect_express_for_microsoft_windows_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_multi_enterprise_integration_gateway_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_case_manager_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_build_forge_security_advisory_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_sdk_for_node_js_in_ibm_bluemix_cve_2014_3566?lang=en_us
*** Other IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_express_is_affected_by_the_following_vulnerability_cve_2014_0107?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_express_is_affected_by_the_following_vulnerability_cve_2014_0863?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_apache_denial_of_service_vulnerability_in_qradar_cve_2014_0118?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_express_is_affected_by_the_following_openssl_vulnerabilities_cve_2014_0224?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_express_is_affected_by_the_following_tomcat_vulnerability_cve_2013_4322?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_express_is_affected_by_the_following_vulnerabilities_cve_2014_0878_cve_2014_0460?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_express_is_affected_by_the_following_vulnerabilities_cve_2014_0416_cve_2014_0411_cve_2014_0423?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_smart_analytics_system_5600_is_affected_by_a_vulnerability_in_the_gnu_c_library_cve_2014_5119?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_smart_analytics_system_5600_is_affected_by_multiple_vulnerabilities_in_the_ibm_sdk_java_trade_technology_edition_version_6?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_websphere_mq_is_affected_by_a_vulnerability_in_gskit_cve_2014_0076?lang=en_us
More information about the Daily
mailing list