[CERT-daily] Tageszusammenfassung - Dienstag 14-10-2014

Tue Oct 14 20:54:38 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 13-10-2014 18:00 − Dienstag 14-10-2014 18:00
Handler:     Stefan Lenzhofer
Co-Handler:  Otmar Lendl

*** Developer of hacked Snapchat web app says "Snappening" claims are hoax ***
---------------------------------------------
500 MB of images pulled from third-party site, but no user data was attached.
---------------------------------------------
http://arstechnica.com/security/2014/10/developer-of-hacked-snapchat-web-app-says-snappening-claims-are-hoax/


*** VB2014 paper: The evolution of webinjects ***
---------------------------------------------
Jean-Ian Boutin looks at the increased commoditization of webinjects.Virus Bulletin has always been about sharing information, and the Virus Bulletin conference is an important part of that. We would love to be able to share some of the discussions attendees had during the lunch and coffee breaks, the late-night or early-morning meetings in the hotel lobby, and the inspiration one gets from being around such bright minds.Of course, we are unable to do that. But what we can do is share some of
---------------------------------------------
http://www.virusbtn.com/blog/2014/10_13.xml?rss


*** Cisco AsycnOS Software ZIP Filtering By-Pass Vulnerability ***
---------------------------------------------
CVE-2014-3381
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3381


*** Exploring and Exploiting iOS Web Browsers ***
---------------------------------------------
Today we begin a three-post series about mobile security. We start with a discussion of vulnerabilities in iOS web browsers. Later this week well cover jailbreaking and the detection of it. While the release and adoption of iOS 8 may plug some of the holes discussed in this post, many users will continue to use iOS 7 for some time and may remain vulnerable. In Q1 2014, the market share of web traffic from mobile browsers exceeded 30% [1], and it is constantly growing. According to data provided
---------------------------------------------
http://blog.spiderlabs.com/2014/10/exploring-and-exploiting-ios-web-browsers.html


*** VMSA-2014-0010.12 ***
---------------------------------------------
VMware product updates address critical Bash security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0010.html


*** A Code Signature Plugin for IDA ***
---------------------------------------------
When reversing embedded code, it is often the case that completely different devices are built around a common code base, either due to code re-use by the vendor, or through the use of third-party software; this is especially true of devices running the same Real Time Operating System. For example, ...
---------------------------------------------
http://www.devttys0.com/2014/10/a-code-signature-plugin-for-ida/


*** vBulletin Input Validation Flaw in XMLRPC API Lets Remote Users Inject SQL Commands ***
---------------------------------------------
vBulletin Input Validation Flaw in XMLRPC API Lets Remote Users Inject SQL Commands
---------------------------------------------
http://www.securitytracker.com/id/1031001


*** vBulletin Input Validation Flaw in XMLRPC API Permits Cross-Site Scripting Attacks ***
---------------------------------------------
vBulletin Input Validation Flaw in XMLRPC API Permits Cross-Site Scripting Attacks
---------------------------------------------
http://www.securitytracker.com/id/1031000


*** iSIGHT discovers zero-day vulnerability CVE-2014-4114 ***
---------------------------------------------
Zero-day impacting all versions of Microsoft Windows used in Russian cyber-espionage campaign targeting NATO, European Union, Telecommunications and Energy sectors.
---------------------------------------------
http://www.isightpartners.com/2014/10/cve-2014-4114/


*** HTTPS-Zertifikate: Key Pinning schützt vor bösartigen Zertifizierungsstellen ***
---------------------------------------------
Eine bislang wenig beachtete HTTPS-Erweiterung mit dem Namen HTTP Public Key Pinning (HPKP) steht kurz vor ihrer Standardisierung. Durch Public Key Pinning könnten viele Probleme mit den Zertifizierungsstellen gelöst werden. (Google, Browser)
---------------------------------------------
http://www.golem.de/news/https-zertifikate-key-pinning-schuetzt-vor-boesartigen-zertifizierungsstellen-1410-109799-rss.html


*** Windows-Exploit: Russische Hacker greifen angeblich Nato und Regierungen an ***
---------------------------------------------
Russische Hacker sollen in den vergangenen Jahren zahlreiche Ziele im Westen und in der Ukraine angegriffen haben. Sie nutzten dabei offenbar eine Sicherheitslücke aus, die in allen aktuellen Windows-Versionen bestehen und am Dienstag gepatcht werden soll. (Microsoft, Datenschutz)
---------------------------------------------
http://www.golem.de/news/windows-exploit-russische-hacker-greifen-angeblich-nato-und-regierungen-an-1410-109827-rss.html


*** Truly scary SSL 3.0 vuln to be revealed soon: sources ***
---------------------------------------------
So worrying, no ones breathing a word until patch is out Gird your loins, sysadmins: The Register has learned that news of yet another major security vulnerability - this time in SSL 3.0 - is probably imminent.
---------------------------------------------
http://www.theregister.co.uk/2014/10/14/nasty_ssl_30_vulnerability_to_drop_tomorrow/


*** Angeblich 7 Millionen Dropbox-Passwörter im Umlauf ***
---------------------------------------------
Hacker wollen Millionen von Passwörtern für Dropbox-Accounts abgegriffen haben. Diese sollen gegen Bitcoins nun veröffentlicht werden. Dropbox streitet ab, dass die Daten echt sind.
---------------------------------------------
http://www.heise.de/security/meldung/Angeblich-7-Millionen-Dropbox-Passwoerter-im-Umlauf-2423684.html


*** VeraCrypt a Worthy TrueCrypt Alternative ***
---------------------------------------------
If youre reluctant to continue using TrueCrypt now that the open source encryption project has been abandoned, and you dont want to wait for the CipherShed fork to mature, one alternative thats well worth investigating is VeraCrypt.
---------------------------------------------
http://www.esecurityplanet.com/open-source-security/veracrypt-a-worthy-truecrypt-alternative.html


*** Apache mod_cache Null Pointer Dereference Lets Remote Users Deny Service ***
---------------------------------------------
Apache mod_cache Null Pointer Dereference Lets Remote Users Deny Service
---------------------------------------------
http://www.securitytracker.com/id/1031005


*** Analysis of the Linux backdoor used in freenode IRC network compromise ***
---------------------------------------------
Background freenode is a large IRC network providing services to Free and Open Source Software communities, and in September the freenode staff team blogged about a potential compromise of an IRC server. NCC Group's Cyber Defence Operations team provided pro bono digital forensic and reverse engineering services to assist the freenode infrastructure team with their incident response activities. In this post we discuss a subset of the information we documented about one of the components
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/10/analysis-of-the-linux-backdoor-used-in-freenode-irc-network-compromise/


*** [webapps] - Bosch Security Systems DVR 630/650/670 Series - Multiple Vulnerabilities ***
---------------------------------------------
Bosch Security Systems DVR 630/650/670 Series - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/34956


*** YouTube Ads Lead To Exploit Kits, Hit US Victims ***
---------------------------------------------
Malicious ads are a common method of sending users to sites that contain malicious code. Recently, however, these ads have showed up on a new attack platform: YouTube. Over the past few months, we have been monitoring a malicious campaign that used malicious ads to direct users to various malicious sites. Users in the United States have ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/youtube-ads-lead-to-exploit-kits-hit-us-victims/


*** IBM Security Bulletin: Vulnerabilities in Bash affect IBM SAN b-type Switches (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) ***
---------------------------------------------
Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as "Bash Bug" or "Shellshock" and two memory corruption vulnerabilities. Bash is used by IBM SAN b-type Switches.  CVE(s): CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE-2014-6278  Affected product(s) and affected version(s):   IBM MTM:       2499-816  IBM System
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_bash_affect_ibm_san_b_type_switches_cve_2014_6271_cve_2014_7169_cve_2014_7186_cve_2014_7187_cve_2014_6277_cve_2014_6278?lang=en_us


*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Endpoint Manager for Remote Control. CVE-2014-3511, CVE-2014-5139 ***
---------------------------------------------
There are multiple vulnerabilities in OpenSSL that is used by IBM Endpoint Manager for Remote Control. These issues were disclosed on August 6, 2014 by the OpenSSL Project.  CVE(s): CVE-2014-3511 and CVE-2014-5139  Affected product(s) and affected version(s):   IBM Endpoint Manager for Remote Control version 9.1.0.    Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21682034 X-Force
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_openssl_affect_ibm_endpoint_manager_for_remote_control_cve_2014_3511_cve_2014_5139?lang=en_us


*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime, affect IBM Endpoint Manager for Remote Control ***
---------------------------------------------
There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 Service Refresh 7 and earlier, and IBM Runtime Environment Java Technology Edition, Version 7 Service Refresh 7 and earlier, that is used by IBM Endpoint Manager for Remote Control. These issues were disclosed as part of the IBM Java SDK updates in July 2014.  CVE(s): CVE-2014-3086, CVE-2014-4227, CVE-2014-4262, CVE-2014-4219, CVE-2014-4209, CVE-2014-4220,
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_and_ibm_java_runtime_affect_ibm_endpoint_manager_for_remote_control?lang=en_us


*** IBM Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.35 ***
---------------------------------------------
Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 7.0.0.35, IBM WebSphere Application Server Hypervisor 7.0.0.35 and IBM HTTP Server 7.0.0.35.  CVE(s): CVE-2014-3021, CVE-2014-3083, CVE-2014-0226, CVE-2014-0231, CVE-2014-0118, CVE-2013-5704, CVE-2014-4770 and CVE-2014-4816  Affected product(s) and affected version(s):   Version 8.5 Full Profile and Liberty Profile  Version 8  Version 7    Refer to the following reference URLs for remediation and
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_35?lang=en_us


*** Jailbreak Detection Methods ***
---------------------------------------------
This post concludes our three-part series about mobile security. Todays post will outline some options for detecting jailbroken devices, should you choose to do so. Yesterday, we asked whether blocking an apps execution on jailbroken devices was worth it. Earlier this week, we described some vulnerabilities in iOS web browsers. Many iOS applications contain some sort of jailbreak detection mechanism. Some of the detection mechanisms can be bypassed by attackers (sometimes easily), whereas
---------------------------------------------
http://blog.spiderlabs.com/2014/10/jailbreak-detection-methods.html


*** Executing Apps on Jailbroken Devices ***
---------------------------------------------
This post is part two of a three-part series about mobile security. Todays post will discuss the execution of apps on jailbroken devices. Yesterday, we described some vulnerabilities in iOS web browsers. Tomorrow, well explore detecting jailbroken devices.  
---------------------------------------------
http://blog.spiderlabs.com/2014/10/executing-apps-on-jailbroken-devices.html


*** 5 steps to lock down your webmail account ***
---------------------------------------------
For most people Gmail, Outlook.com or Yahoo! Mail is their main personal account. Here are some of the most important steps to keep unwanted people out of your web-based email account.
---------------------------------------------
http://nakedsecurity.sophos.com/2014/10/14/5-steps-to-lock-down-your-webmail-account/