[CERT-daily] Tageszusammenfassung - Donnerstag 16-10-2014

Daily end-of-shift report team at cert.at
Thu Oct 16 18:22:04 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 15-10-2014 18:00 − Donnerstag 16-10-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Otmar Lendl

*** Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software ***
---------------------------------------------
cisco-sa-20141015-vcs
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs




*** SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability ***
---------------------------------------------
cisco-sa-20141015-poodle
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle




*** JSA10656 - 2014-10 Out of Cycle Security Bulletin: Multiple products affected by SSL "POODLE" vulnerability (CVE-2014-3566) ***
---------------------------------------------

---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10656&actp=RSS




*** SA-CONTRIB-2014-098 - CKEditor - Cross Site Scripting (XSS) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-098Project: CKEditor - WYSIWYG HTML editor (third-party module)Version: 6.x, 7.xDate: 2014-October-15Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionThe CKEditor module (and its predecessor, FCKeditor module) allows Drupal to replace textarea fields with CKEditor 3.x/4.x (FCKeditor 2.x in case of FCKeditor module) - a visual HTML editor, sometimes called WYSIWYG editor.Both
---------------------------------------------
https://www.drupal.org/node/2357029




*** [DSA 3052-1] wpa security update ***
---------------------------------------------
CVE ID : CVE-2014-3686 Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process.
---------------------------------------------
https://lists.debian.org/debian-security-announce/2014/msg00238.html




*** The October 2014 issue of our SWITCH Security Report is available! ***
---------------------------------------------
A new issue of our monthly SWITCH Security Report has just been released. The topics covered in this report are: Same again? Fingerprint sensor on new iPhone 6 hacked using same method as for previous model Up in the air: 
---------------------------------------------
http://securityblog.switch.ch/2014/10/15/the-october-2014-issue-of-our-switch-security-report-is-available/




*** MindshaRE: Statically Extracting Malware C2s Using Capstone Engine ***
---------------------------------------------
I decided to share a technique I've been playing around with to pull C2 and other configuration information out of malware that does not store all of its configuration information in a set structure or in the resource section ... Being able to statically extract this information becomes important in the event that the malware does not run properly in your sandbox, the C2s are down or you don?t have thetime / sandbox bandwidth to manually run and extract the information from network indicators.
---------------------------------------------
https://www.arbornetworks.com/asert/2014/10/mindshare-statically-extracting-malware-c2s-using-capstone-engine




*** C&C Botnet Detection over SSL ***
---------------------------------------------
...we have designed, implemented and validated a method to detect botnet C&C communication channels over SSL, the security protocol standard de-facto. ... Our analysis also indicates that 0.6% of the SSL connections were broken.
---------------------------------------------
http://essay.utwente.nl/65667/1/Riccardo_Bortolameotti_MasterThesis.pdf




*** VB2014 paper: DNSSEC - how far have we come? ***
---------------------------------------------
Nick Sullivan describes how DNSSEC uses cryptography to add authentication and integrity to DNS responses.Over the next months, we will be sharing conference papers as well as video recordings of the presentations. Today, we have added DNSSEC - how far have we come? by CloudFlares Nick Sullivan.It is rather scary to think about how much of the Internet depends on DNS, and how little guarantee that protocol provides about its responses being correct. The Kaminsky attack is well mitigated these
---------------------------------------------
http://www.virusbtn.com/blog/2014/10_16.xml?rss




*** Factsheet Vulnerability in libxml2 ***
---------------------------------------------
On 16 October 2014, a vulnerability was reported in libxml2, a library for the processing of eXtensible Markup Language (XML). XML is a language for the exchange of structured information between applications. Attackers can use this vulnerability to disrupt the availability of (web) applications through a so called Denial-of-Service (DoS) attack.
---------------------------------------------
http://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/factsheets/vulnerability-in-libxml2.html




*** POODLE attack takes bytes out of your encrypted data - heres what to do ***
---------------------------------------------
Heartbleed, Shellshock, Sandworm...and now POODLE. Its a security hole that could let crooks read your encrypted web traffic. Paul Ducklin takes you through how it works, and what you can do to avoid it, in plain (well, plain-ish) English...
---------------------------------------------
http://feedproxy.google.com/~r/nakedsecurity/~3/nyUmrkuhxuM/



More information about the Daily mailing list