[CERT-daily] Tageszusammenfassung - Freitag 24-10-2014

Fri Oct 24 18:11:59 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 23-10-2014 18:00 − Freitag 24-10-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Operation Pawn Storm: Putting Outlook Web Access Users at Risk ***
---------------------------------------------
In our recently released report, Operation Pawn Storm, we talked about an operation that involved three attack scenarios. For this post, we will talk about the third scenario: phishing emails that redirect victims to fake Outlook Web Access login pages. What's most notable about this is that it is simple, effective, and can be easily replicated. Through one...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/CrAgUjYrv14/


*** Has the "Sandworm" zero-day exploit burrowed back to the surface? ***
---------------------------------------------
You may have noticed that Microsoft recently published a Security Advisory that sounds a lot like the "Sandworm" vulnerability all over again. Paul Ducklin explains...
---------------------------------------------
http://nakedsecurity.sophos.com/2014/10/24/has-the-sandworm-exploit-burrowed-back/


*** The Insecurity of Things : Part One ***
---------------------------------------------
Everyday we read about some newfangled internet connected device being released. Things we use everyday are being made "smart" with some rushed-to-production software embedded in a cheap micro-controller. Fitness trackers, smoke alarms, televisions, cars, wall-outlets, even water-bottles. Internet connected-water bottles? What a time to be alive!
---------------------------------------------
http://www.xipiter.com/musings/the-insecurity-of-things-part-one


*** The Insecurity of Things: Part Two ***
---------------------------------------------
When we last left off, we were setting the stage for sharing what the Interns found in a handful of "IOT" or internet connected devices they purchased. So well be starting with a simple one. One that only required simple techniques to compromise it. This first device is a "Smart"-Home Controller. For a bit of background on whats going on here, please see "Part One" of this series otherwise were going to jump right in but first a disclaimer:...
---------------------------------------------
http://www.xipiter.com/musings/the-insecurity-of-things-part-two


*** The Case of the Modified Binaries ***
---------------------------------------------
After creating and using a new exitmap module, I found downloaded binaries being patched through a Tor exit node in Russia. Tor is a wonderful tool for protecting the identity of journalists, their sources, and even regular users around the world; however, anonymity does not guarantee security.
---------------------------------------------
http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/


*** Sipgate: Dienste nach DDoS-Angriff wiederhergestellt ***
---------------------------------------------
Nachdem Sipgate über Nacht seine Dienste teilweise wiederhergestellt hatte, ist das Unternehmen am Freitagmorgen erneut einem DDoS-Angriff ausgesetzt worden. Jetzt sollen die Dienste wieder funktionieren.
---------------------------------------------
http://www.golem.de/news/sipgate-dienste-nach-ddos-angriff-wiederhergestellt-1410-110078-rss.html


*** QuickTime-Update für Windows schließt Bündel an Sicherheitslücken ***
---------------------------------------------
Insgesamt vier Fehler steckten in der Windows-Version von Apples Multimedia-Unterstützung, die sich von Angreifern über manipulierte Dateien ausnützen lassen sollen.
---------------------------------------------
http://www.heise.de/security/meldung/QuickTime-Update-fuer-Windows-schliesst-Buendel-an-Sicherheitsluecken-2431624.html


*** Manipulating WordPress Plugin Functions to Inject Malware ***
---------------------------------------------
Most authors of website malware usually rely on the same tricks, making it easy for malware researchers to spot obfuscated code, random files that don't belong, and malicious lines injected at the top of a file. However, it can become difficult when the malware is buried deep within the lines of code on normal files.
---------------------------------------------
http://blog.sucuri.net/2014/10/manipulating-wordpress-plugin-functions-to-inject-malware.html


*** Filr 1.1 - Security Update 1 ***
---------------------------------------------
Abstract: This patch addresses the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability on the Filr 1.1.0 appliance.Document ID: 5194317Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:readme-Filr-1.1.0.654.HP.txt (1.26 kB)Filr-1.1.0.654.HP.zip (5.64 MB)Products:Filr 1.1Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=3wpN2nVj2D8~


*** Filr - Security Update 3 ***
---------------------------------------------
Abstract: This patch addresses the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability on the Filr 1.0.0 and 1.0.1 appliances.Document ID: 5194316Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:readme-Filr-1.0.0-SU3.txt (2.49 kB)readme-Filr-1.0.1-SU3.txt (2.49 kB)Filr-1.0.0-SU3.zip (5.64 MB)Filr-1.0.1-SU3.zip (5.64 MB)Products:Filr 1.0Filr 1.0.1Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=_N6A9M3Jvig~


*** Cisco IOS and IOS XE Software Ethernet Connectivity Fault Management Vulnerability ***
---------------------------------------------
CVE-2014-3409
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3409


*** Bugtraq: [SECURITY] [DSA 3055-1] pidgin security update ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533797


*** ZDI-14-368: Apple OS X GateKeeper Bypass Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-368/