[CERT-daily] Tageszusammenfassung - Donnerstag 2-10-2014

Thu Oct 2 18:06:06 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 01-10-2014 18:00 − Donnerstag 02-10-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** The Shellshock Aftershock for NAS Administrators ***
---------------------------------------------
Summary FireEye has been monitoring Shellshock-related attacks closely since the vulnerability was first made public last week. Specifically, FireEye has observed attackers attempting to exploit the BASH remote code injection vulnerability against Network Attached Storage systems (NAS). These attacks ..
---------------------------------------------
http://www.fireeye.com/blog/technical/2014/10/the-shellshock-aftershock-for-nas-administrators.html


*** ZDI-14-335: Hewlett-Packard Network Node Manager ovopi.dll Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-335/


*** Vulnerabilities in Citrix Access Gateway Plug-in for Windows could result in arbitrary code execution ***
---------------------------------------------
Vulnerabilities have been identified in an ActiveX based component of the Citrix Access Gateway Plug-in for Windows. The vulnerabilities, ..
---------------------------------------------
http://support.citrix.com/article/CTX129902


*** The Mac.BackDoor.iWorm threat in detail ***
---------------------------------------------
Doctor Webs security researchers have dissected the complex malicious program Mac.BackDoor.iWorm, a threat affecting computers running Mac OS X. As of September 29, 2014, 18,519 unique IP addresses were used by infected computers to connect the botnet created by hackers using this backdoor. The backdoor is unpacked into the directory /Library/Application Support/JavaW. Furthermore, using ..
---------------------------------------------
http://news.drweb.com/show/?i=5977&lng=en&c=9


*** New Mac OS X botnet discovered ***
---------------------------------------------
Doctor Webs security experts researched several new threats to Mac OS X. One of them turned out to be a complex multi-purpose backdoor that entered the virus database as Mac.BackDoor.iWorm. Criminals can issue commands that get this program to carry out a wide range of instructions on the infected machines. A statistical ..
---------------------------------------------
http://news.drweb.com/show/?i=5976&lng=en&c=9


*** Norton Security: Symantec bestätigt Ende von Norton Antivirus ***
---------------------------------------------
Norton Antivirus wird es als Einzelprodukt von Symantec nicht mehr geben. Nur bestehende Einzellizenzen lassen sich verlängern.
---------------------------------------------
http://www.golem.de/news/norton-security-symantec-bestaetigt-ende-von-norton-antivirus-1410-109596-rss.html


*** Google zahlt 15.000 US-Dollar für Chrome-Exploits ***
---------------------------------------------
Das Unternehmen hat die Maximalsumme verdreifacht, die es an Entdecker von Chrome-Lücke auszahlt. Ausserdem winkt nun ein Eintrag in die Google Hall of Fame.
---------------------------------------------
http://www.heise.de/security/meldung/Google-zahlt-15-000-US-Dollar-fuer-Chrome-Exploits-2410829.html