=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 02-10-2013 18:00 − Donnerstag 03-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Cisco IOS XR Software Memory Exhaustion Vulnerability ***
---------------------------------------------
Cisco IOS XR Software Memory Exhaustion Vulnerability
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** IBM WebSphere MQ Security Vulnerability: Multiple security vulnerabilities in IEHS ***
---------------------------------------------
Multiple security vulnerabilities exist in the IBM Eclipse Help System which is used to provide the product Information Centers for IBM WebSphere MQ and IBM WebSphere MQ File Transfer Edition. Debug Information displayed in browser (CVE-2013-0599) - XSS Alert vulnerability (CVE-2013-0464) - Application source code can be downloaded (CVE-2013-0467)
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_websphere_mq_secu…
*** Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service ***
---------------------------------------------
Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service
---------------------------------------------
http://www.exploit-db.com/exploits/28679
*** IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code ***
---------------------------------------------
IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code
---------------------------------------------
http://www.securitytracker.com/id/1029117
*** SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution ***
---------------------------------------------
SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100017
*** Bugtraq: RootedCON 2014 - Call For Papers ***
---------------------------------------------
RootedCON 2014 - Call For Papers
---------------------------------------------
http://www.securityfocus.com/archive/1/528963
*** Denial of service vulnerability in Citrix NetScaler ***
---------------------------------------------
A Citrix NetScaler component is affected by a denial of service vulnerability. Attackers can keep the appliance in a constant reboot loop resulting in total loss of availability.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013…
*** Tor and the Silk Road takedown ***
---------------------------------------------
Weve had several requests by the press and others to talk about the Silk Road situation today. We only know whats going on by reading the same news sources everyone else is reading. In this case weve been watching carefully to try to learn if there are any flaws with Tor that we need to correct. So far, nothing about this case makes us think that there are new ways to compromise Tor (the software or the network).
---------------------------------------------
https://blog.torproject.org/blog/tor-and-silk-road-takedown
*** Survey Finds Manufacturers Afflicted with a False Sense of Cyber Security ***
---------------------------------------------
Though manufacturers think they're doing a better job safeguarding data, cybersecurity breaches are increasing. So says a PricewaterhouseCoopers (PwC) study, which finds that "while organizations have made significant security improvements, they have not kept pace with today's determined adversaries."
---------------------------------------------
http://news.thomasnet.com/IMT/2013/10/02/survey-finds-manufacturers-afflict…
*** The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins ***
---------------------------------------------
here are 20 of the best free tools for monitoring devices, services, ports or protocols and analysing traffic on your network. Even if you may have heard of some of these tools before, we're sure you'll find a gem or two amongst this list ...
---------------------------------------------
http://www.gfi.com/blog/the-top-20-free-network-monitoring-and-analysis-too…
*** 18 Free Security Tools for SysAdmins ***
---------------------------------------------
Here are 18 of the best free security tools for password recovery, password management, penetration testing, vulnerability scanning, steganography and secure data wiping. ... Even if you may have heard of some of these tools before, I'm confident that you'll find a gem or two amongst this list.
---------------------------------------------
http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/
*** Could the EU cyber security directive cost companies billions? ***
---------------------------------------------
Many of the world's largest enterprises are not prepared for the new European Union Directive on cyber security, which states that organizations that do not have suitable IT security in place to protect their digital assets will face extremely heavy fiscal penalties. The directive, which was adopted in July this year, will require that organizations circulate early warnings of cyber risks and incidents, and that actual security incidents are reported to cyber security authorities.
---------------------------------------------
http://www.net-security.org/secworld.php?id=15694
*** On Anonymous ***
---------------------------------------------
Gabriella Coleman has published an interesting analysis of the hacker group Anonymous: Abstract: Since 2010, digital direct action, including leaks, hacking and mass protest, has become a regular feature of political life on the Internet. The source, strengths and weakness of this activity are considered in this paper through an in-depth analysis of Anonymous, the protest ensemble that has been...
---------------------------------------------
https://www.schneier.com/blog/archives/2013/10/on_anonymous.html
*** RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue ***
---------------------------------------------
RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue
---------------------------------------------
https://secunia.com/advisories/55153
*** Ryan Naraine on Virus Bulletin 2013, Zero Days and Cyberwarfare ***
---------------------------------------------
Dennis Fisher talks with Ryan Naraine about the news from the Virus Bulletin 2013 conference, whether the use of zero days is overrated and the collateral damage that can result from cyberwarfare attacks.
---------------------------------------------
http://threatpost.com/ryan-naraine-on-virus-bulletin-2013-zero-days-and-cyb…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 01-10-2013 18:00 − Mittwoch 02-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** CSAM! Send us your logs!, (Tue, Oct 1st) ***
---------------------------------------------
Today is the beginning of Cyber Security Awareness Month. Apparently the months official theme is "Our Shared Responsibility," We at the SANS Internet Storm Center want your logs! Send us packets, malware, all your logs, log snippets, observations, things that go bump on the net, things that make you go HMMMM, or just send us email to discuss InfoSec. What can we do as individuals to increase information security and encourage secure practices among co-workers, friends, and family?
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16691&rss
*** Apple Spikes As Phishing Target ***
---------------------------------------------
According to news stories, Apple is now the most valuable brand in the world. One party that would agree: cybercriminals, who are now targeting Cupertino in increasing numbers. Earlier in the year, the number of identified Apple phishing sites would only be in the hundreds per month, as seen in the chart below: Figure 1. […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroApple Spikes As Phishing Target
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/rwX5MEZpPOs/
*** VLC Media Player Buffer Overflow in MP4A Packetizer Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
A remote user can create a specially crafted file that, when loaded by the target user, will trigger a buffer overflow in the mp4a packetizer and execute arbitrary code on the target system. The code will run with the privileges of the target user.
---------------------------------------------
http://www.securitytracker.com/id/1029120
*** "microsoft support" calls - now with ransomware, (Wed, Oct 2nd) ***
---------------------------------------------
Most of us are familiar with the "microsoft support" call. A phone call is received, the person states they are from "microsoft support" and they have been alerted that your machine is infected. The person will assist you by having you install a remote desktop tool such as teamviewer or similar (we have seen many different versions). Previously they would install software that would bug you until you paid the "subscription fee". As the father of a friend found
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16703&rss
*** Bugtraq: Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies ***
---------------------------------------------
in <..> I showed a elaborated way for privilege elevation using IExpress (and other self-extracting) installers containing *.MSI or *.MSP which works "in certain situations".
The same IExpress installer(s) but allow a TRIVIAL to exploit privilege escalation which works in all situations too:
Proof of concept (run on a fully patched Windows 7 SP1):
---------------------------------------------
http://www.securityfocus.com/archive/1/528955
*** Gate: LG teilt Smartphones in zwei Hälften ***
---------------------------------------------
Auch LG versucht, dem Thema BYOD den Schrecken zu nehmen. Gate splittet das Smartphone hierzu in zwei Bereiche: einen für Berufliches, einen für Privates.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Gate-LG-teilt-Smartphones-in-zwei-Ha…
*** Zero-Day-Lücke im Internet Explorer im Visier von Cyberkriminellen ***
---------------------------------------------
Integration ins Metasploit-Framework erlaubt einfache Ausnutzung
---------------------------------------------
http://derstandard.at/1379292812878
*** Zero Days Are Not the Bugs You’re Looking For ***
---------------------------------------------
BERLIN–The technology industry often is used by politicians, executives and others as an example of how to adapt quickly and shift gears in the face of disruptive changes. But the security community has been doing defense in basically the same way for several decades now, despite the fact that the threat landscape has changed dramatically, […]
---------------------------------------------
http://threatpost.com/zero-days-are-not-the-bugs-youre-looking-for/102481
*** PolarSSL RSA Private Key Recovery Weakness ***
---------------------------------------------
A weakness has been reported in PolarSSL, which can be exploited by malicious people to disclose certain sensitive information.
...
The weakness is reported in versions prior to 1.2.9 and 1.3.0.
---------------------------------------------
https://secunia.com/advisories/55084
*** Siemens Scalance X-200 Series Switches Authentication Security Bypass Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Siemens Scalance X-200 Series Switches, which can be exploited by malicious people to bypass certain security restrictions.
...
The vulnerability is reported in the following products and versions:
* SCALANCE X-200 versions prior to 4.5.0.
---------------------------------------------
https://secunia.com/advisories/55126
*** A History of Hard Conditions: Exploiting Linksys CVE-2013-3568 ***
---------------------------------------------
Earlier this summer Craig Young posted on Bugtraq about a root command injection vulnerability on the Linksys WRT110 router.
...
Our awesome Joe Vennix figured out the vulnerability and how to exploit it to get a session, even on a restricted Linux environment like the Linksys one. Since the experience can be useful for others exploiting embedded devices, here it is!
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/10/02/a-history…
*** Researchers Ponder When to Notify Users of Public Vulnerability Exploits ***
---------------------------------------------
BERLIN–Just whispering the words “vulnerability disclosure” within earshot of a security researcher or vendor security response team members can put you in fear for your life these days. The debate is so old and worn out that there is virtually nothing new left to say or chew on at this point. However, the question of […]
---------------------------------------------
http://threatpost.com/researchers-ponder-when-to-notify-users-of-public-vul…
*** ZeroAccess: The Most Profitable Botnet ***
---------------------------------------------
In March of this year, researchers on Symantecs Security Response team began looking at ways in which they might be able to "sinkhole" (takedown) ZeroAcess — one of the worlds largest botnets. But then… in late June, the botnet started updating itself, removing the flaw that the researchers hoped to take advantage of. Faced with the choice of some or nothing, the team moved to sinkhole what they could. And that was over 500,000 bots.A very commendable effort!Ross Gibb and
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002614.html
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 30-09-2013 18:00 − Dienstag 01-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Asus RT-N66U 3.0.0.4.374_720 Cross Site Request Forgery ***
---------------------------------------------
The Asus RT-N66U is a home wireless router. Its web application has a CSRF vulnerability that allows an attacker to execute arbitrary commands on the target device.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090194
*** What kind of target are you? ***
---------------------------------------------
Some attackers want money or data, while others hope to make you look bad. What do you have that might put you on a hackers hit list?
---------------------------------------------
http://www.csoonline.com/article/740614/what-kind-of-target-are-you-?source…
*** BYOD: Eigenes Handy als Notlösung ***
---------------------------------------------
Neue Studie zeigt: Eigene Geräte im Beruf verwenden die meisten Anwender nur, weil ihnen die IT nicht die ausreichende Ausrüstung bieten kann für diese Mitarbeiter ist Bring Your Own Device eine Notlösung.
---------------------------------------------
http://www.heise.de/newsticker/meldung/BYOD-Eigenes-Handy-als-Notloesung-19…
*** Blog: Ad Plus instead of AdBlock Plus ***
---------------------------------------------
Fake and malicious AdBlock Plus brings to your Android not an Ad protection but more Ad than even before.
---------------------------------------------
http://www.securelist.com/en/blog/208214071/Ad_Plus_instead_of_AdBlock_Plus
*** Hand Me Downs: Exploit and Infrastructure Reuse Among APT Campaigns ***
---------------------------------------------
Since we first reported on Operation DeputyDog, at least three other Advanced Persistent Threat (APT) campaigns known as Web2Crew, Taidoor, and th3bug have made use of the same exploit to deliver their own payloads to their own targets.
---------------------------------------------
http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/hand-me-downs-…
*** Open-Xchange AppSuite multiple session hijacking ***
---------------------------------------------
Open-Xchange AppSuite multiple session hijacking
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87557
*** Open-Xchange AppSuite /ajax/defer servlet CRLF injection ***
---------------------------------------------
Open-Xchange AppSuite /ajax/defer servlet CRLF injection
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87558
*** Sweet murmuring Siri opens stalking security hole in iOS 7 ***
---------------------------------------------
Siri, hand over my contacts and history now. It has not been a good week for Apple on the security front, and theres no relief in sight after an Israeli researcher found a way to access a locked iPhones contacts and messages database using Siri.
---------------------------------------------
http://www.theregister.co.uk/2013/09/30/sweettalking_siri_opens_stalking_se…
*** World War C: Understanding Nation-State Motives Behind Today´s Advanced Cyber Attacks ***
---------------------------------------------
This report describes the unique characteristics of cyber attack campaigns waged by governments worldwide. We hope that, armed with this knowledge, security professionals can better identify their attackers and tailor their defenses accordingly...
---------------------------------------------
http://www.fireeye.com/resources/pdfs/fireeye-wwc-report.pdf
*** It´s your digital life. Being safer online - citizens in focus of 1st European Cyber Security Month ***
---------------------------------------------
The EU´s cyber security agency ENISA, together with the European Commission´s DG CONNECT, is launching the first fully fledged European Cyber Security Month campaign. During the month of October, more than 40 public and private stakeholders will promote cyber security among citizens and children, and advocate for a change in the perception of cyber-threats.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/it2019s-your-digital-life-b…
*** PayPal: Zweiter Faktor optional ***
---------------------------------------------
Die iOS-App des Bezahldienstes PayPal kann sich ohne zusätzlichen Code aus Hardware-Token oder SMS beim Server anmelden, selbst wenn der Benutzer Zwei-Faktor-Authentifizierung aktiviert hat. Das führt das Sicherheitskonzept ad absurdum.
---------------------------------------------
http://www.heise.de/security/meldung/PayPal-Zweiter-Faktor-optional-1970328…
*** Quarter of TWO-MILLION-strong zombie PC army lured to their deaths ***
---------------------------------------------
Pied piper Symantec says it led infected computers into sinkhole Symantec has claimed credit for luring a significant lump of the powerful ZeroAccess botnet into a sinkhole.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/10/01/zeroaccess_…