=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 02-10-2014 18:00 − Freitag 03-10-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Why is your Mac all for sudden using Bing as a search engine?, (Thu, Oct 2nd) ***
---------------------------------------------
Even as a Mac user, you may have heard about Bing, at least you may have seen it demonstrated in commercials [1]. But if your default search engine on your Mac is all for sudden switched to Bing, this may be due to another piece of legacy software that some Mac users may have a hard time living ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18753
*** ZDI-14-349: (0Day) Microsoft Internet Explorer ScriptEngine Use-After-Free Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-349/
*** ZDI-14-346: (0Day) Apple OS X IOHIDSecurePromptClient Denial Of Service Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-346/
*** Security incidents are up - and pricier! - but infosec budgets are dwindling ***
---------------------------------------------
The number of security incidents is popping, as are associated costs to mop them up, according to a report from PcW. Global corporate security budgets, meanwhile, seem to be hiding in the closet, just hoping it all goes away.
---------------------------------------------
http://nakedsecurity.sophos.com/2014/10/03/security-incidents-are-up-and-pr…
*** OPSec for security researchers ***
---------------------------------------------
Perfect OPSec is almost impossible. However implementing basic OPSec practices should become second nature for every researcher. You will be more careful and hopefully, avoid rookie mistakes like talking too much and bragging about your research.
---------------------------------------------
https://securelist.com/blog/research/66911/opsec-for-security-researchers/
*** BadUSB: Der USB-Stick als digitale Waffe ***
---------------------------------------------
Speicher gibt sich als anderes Gerät aus - Forscher veröffentlichen Anleitung und Werkzeuge im Internet
---------------------------------------------
http://derstandard.at/2000006383347
*** US-Bericht: Über 80 Millionen Konten bei JPMorgan von Hacker-Angriff betroffen ***
---------------------------------------------
Bei dem im August aufgedeckten Großangriff auf US-Amerikanische Banken, konten Hacker offenbar detaillierte Informationen von Kunden erbeuten.
---------------------------------------------
http://www.heise.de/security/meldung/US-Bericht-Ueber-80-Millionen-Konten-b…
*** Bugtraq: Elasticsearch vulnerability CVE-2014-6439 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533602
*** HPSBMU02895 SSRT101253 rev.3 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Command-injection vulnerability for COMMAND-Shell Scripts ***
---------------------------------------------
What if we told you that a normal user in your network could take over the control of your Windows file-servers by just creating a special (but no so complex) directory-name in one of the directories he has access to?
---------------------------------------------
http://www.thesecurityfactory.be/command-injection-windows.html
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 01-10-2014 18:00 − Donnerstag 02-10-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** The Shellshock Aftershock for NAS Administrators ***
---------------------------------------------
Summary FireEye has been monitoring Shellshock-related attacks closely since the vulnerability was first made public last week. Specifically, FireEye has observed attackers attempting to exploit the BASH remote code injection vulnerability against Network Attached Storage systems (NAS). These attacks ..
---------------------------------------------
http://www.fireeye.com/blog/technical/2014/10/the-shellshock-aftershock-for…
*** ZDI-14-335: Hewlett-Packard Network Node Manager ovopi.dll Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-335/
*** Vulnerabilities in Citrix Access Gateway Plug-in for Windows could result in arbitrary code execution ***
---------------------------------------------
Vulnerabilities have been identified in an ActiveX based component of the Citrix Access Gateway Plug-in for Windows. The vulnerabilities, ..
---------------------------------------------
http://support.citrix.com/article/CTX129902
*** The Mac.BackDoor.iWorm threat in detail ***
---------------------------------------------
Doctor Webs security researchers have dissected the complex malicious program Mac.BackDoor.iWorm, a threat affecting computers running Mac OS X. As of September 29, 2014, 18,519 unique IP addresses were used by infected computers to connect the botnet created by hackers using this backdoor. The backdoor is unpacked into the directory /Library/Application Support/JavaW. Furthermore, using ..
---------------------------------------------
http://news.drweb.com/show/?i=5977&lng=en&c=9
*** New Mac OS X botnet discovered ***
---------------------------------------------
Doctor Webs security experts researched several new threats to Mac OS X. One of them turned out to be a complex multi-purpose backdoor that entered the virus database as Mac.BackDoor.iWorm. Criminals can issue commands that get this program to carry out a wide range of instructions on the infected machines. A statistical ..
---------------------------------------------
http://news.drweb.com/show/?i=5976&lng=en&c=9
*** Norton Security: Symantec bestätigt Ende von Norton Antivirus ***
---------------------------------------------
Norton Antivirus wird es als Einzelprodukt von Symantec nicht mehr geben. Nur bestehende Einzellizenzen lassen sich verlängern.
---------------------------------------------
http://www.golem.de/news/norton-security-symantec-bestaetigt-ende-von-norto…
*** Google zahlt 15.000 US-Dollar für Chrome-Exploits ***
---------------------------------------------
Das Unternehmen hat die Maximalsumme verdreifacht, die es an Entdecker von Chrome-Lücke auszahlt. Ausserdem winkt nun ein Eintrag in die Google Hall of Fame.
---------------------------------------------
http://www.heise.de/security/meldung/Google-zahlt-15-000-US-Dollar-fuer-Chr…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 30-09-2014 18:00 − Mittwoch 01-10-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** How RAM Scrapers Work: The Sneaky Tools Behind the Latest Credit Card Hacks ***
---------------------------------------------
In the world of hacking, every malicious tool has its heyday---that period when it rules the underground forums and media headlines and is the challenger keeping computer security pros on their toes. Viruses and worms have each had their day in the spotlight. Remote-access Trojans, which allow a hacker to ..
---------------------------------------------
http://www.wired.com/2014/09/ram-scrapers-how-they-work/
*** Node.js eval() code execution ***
---------------------------------------------
Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of input prior to being used in an eval() call. An attacker could exploit this vulnerability to inject and execute arbitrary PHP code on the system.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/96728
*** Advertising firms struggle to kill malvertisements ***
---------------------------------------------
One provider finds a vulnerable advertising tool that allowed attackers access ..
---------------------------------------------
http://arstechnica.com/security/2014/09/advertising-firms-struggle-to-kill-…
*** Gedanken nach meinem shellshock ***
---------------------------------------------
Zum Thema Shellshock ist mir heute nach diesem Artikel wiederholt richtig klar geworden, dass das ganze dieses mal nicht so einfach ist wie Heartbleed - die Diversität mit der sich bash bugs (bzw. shell mis-interpretationen) verstecken ist interessant!Nach lesen des Artikels kann man sich ..
---------------------------------------------
http://www.cert.at/services/blog/20140930221128-1263.html
*** Several vulnerabilities in extension phpMyAdmin (phpmyadmin) ***
---------------------------------------------
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting and Cross-Site Request Forgery.
---------------------------------------------
http://www.typo3.org/news/article/several-vulnerabilities-in-extension-phpm…
*** Splunk Enterprise 6.1.4 and 5.0.10 address four vulnerabilities ***
---------------------------------------------
Splunk Enterprise versions 6.1.4 and 5.0.10 address the following vulnerabilities: OpenSSL TLS protocol downgrade attack (SPL-88585, SPL-88587, SPL-88588, CVE-2014-3511) Persistent cross-site scripting (XSS) via ..
---------------------------------------------
http://www.splunk.com/view/SP-CAAANHS
*** Attackers exploiting Shellshock (CVE-2014-6721) in the wild ***
---------------------------------------------
Yesterday, a new vulnerability affecting Bash (CVE-2014-6271) was published. The new vulnerability allows attackers to execute arbitrary commands formatting an environmental variable using a specific format. It affects Bash (the Bourne Again SHell), the default command shell for Linux and ..
---------------------------------------------
https://www.alienvault.com/open-threat-exchange/blog/attackers-exploiting-s…
*** TimThumb is No Longer Supported or Maintained ***
---------------------------------------------
http://www.binarymoon.co.uk/2014/09/timthumb-end-life/
*** Multiple vulnerabilities in HP products ***
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Multiple product vulnerabilities: all TP-Link "2-series" switches, all TP-Link VxWorks-based product ***
---------------------------------------------
Telnet is available and cannot be disabled (confirmed by vendor) SSHv1 enabled by default if SSH is enabled (confirmed by vendor)
---------------------------------------------
http://seclists.org/fulldisclosure/2014/Oct/6
*** SchneiderWEB Server Directory Traversal Vulnerability ***
---------------------------------------------
This advisory provides firmware updates for a directory traversal vulnerability in Schneider Electric's SchneiderWEB, a web HMI.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-273-01
*** Rockwell Micrologix 1400 DNP3 DOS Vulnerability ***
---------------------------------------------
This advisory provides a Rockwell Automation firmware revision that mitigates ..
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-254-02
*** Firefox/Chrome: BERserk hätte verhindert werden können ***
---------------------------------------------
Die Sicherheitslücke BERserk ist nur deshalb ein Problem, weil einige Zertifizierungsstellen sich nicht an gängige Empfehlungen für RSA-Schlüssel halten. Mit BERserk akzeptieren Firefox und Chrome gefälschte Zertifikate.
---------------------------------------------
http://www.golem.de/news/firefox-chrome-berserk-haette-verhindert-werden-ko…
*** Studie: Malware ist Hauptgefährdung für Unternehmens-IT ***
---------------------------------------------
Laut der aktuellen /Microsoft-Sicherheitsstudie hat die Bedrohung der Unternehmens-IT durch Malware die bisherige Nummer ..
---------------------------------------------
http://www.heise.de/security/meldung/Studie-Malware-ist-Hauptgefaehrdung-fu…
*** Sicherheitslücke in Xen-Hypervisor betraf Cloud-Anbieter ***
---------------------------------------------
Ein Programmierfehler in der Virtualisierungssoftware zwang Amazon und Rackspace, zahlreiche virtuelle Maschinen neu zu starten. Inzwischen ist die Lücke in der freien Software geschlossen.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsluecke-in-Xen-Hypervisor-be…
*** Critical FreePBX RCE Vulnerability (ALL Versions) ***
---------------------------------------------
We have been made aware of a critical Zero-Day Remote Code Execution and Privilege Escalation exploit within the legacy 'FreePBX ARI Framework module/Asterisk Recording Interface (ARI)'. This affects any user who has installed FreePBX prior to version ..
---------------------------------------------
http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versi…