Daily December 2014

daily@lists.cert.at

1 participants
18 discussions

Tageszusammenfassung - Dienstag 30-12-2014
by Daily end-of-shift report 30 Dec '14

30 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-12-2014 18:00 − Dienstag 30-12-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Can malware and hackers really cause giant physical disasters? *** --------------------------------------------- Could you really have a hacker or malware initiated meltdown? Yes, says the 2014 report of the German Office for Information Security... --------------------------------------------- https://nakedsecurity.sophos.com/2014/12/29/can-malware-and-hackers-really-… *** Will 2015 be the year we finally do something about DDoS? *** --------------------------------------------- Among the events of the past few days during the holidays was a DDoS attack on Sonys Playstation network and on Xbox Lives network. The attack was reportedly carried out by a group called Lizard Squad and by all measures is not .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19127 *** WhyDoWork AdSense 1.2 - XSS and CSRF *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7733 *** Open Season on VNC Servers Around the World *** --------------------------------------------- VNC, or Virtual Network Computing, is a way to control computers remotely across a network. Often times computers running VNC servers are on internal networks with firewalls protecting them from outside users. No one wants a malicious user to remotely connect to their computer and have their way with their computer, right? --------------------------------------------- https://medium.com/@kylestev/open-season-on-vnc-servers-around-the-world-4b… *** Stallman: Freie Software ist die Basis für IT-Sicherheit *** --------------------------------------------- Der Vater der Freien-Software-Gemeinde, Richard Stallman, hat auf dem 31C3 freie Software zum 'notwendigen Fundament der Cybersicherheit' erklärt. Proprietäre Programme entwickelten sich immer mehr zu Malware. --------------------------------------------- http://www.heise.de/security/meldung/Stallman-Freie-Software-ist-die-Basis-… *** Expect more ransomware and extortionware in 2015 *** --------------------------------------------- While we can expect to see the return of some of the issues we faced in 2014, there are still a number of new threats that we need to be aware of in the year to come. --------------------------------------------- http://www.scmagazine.com/expect-more-ransomware-and-extortionware-in-2015/… *** 31C3: Wie man ein Chemiewerk hackt *** --------------------------------------------- Die Sicherheit von Industrieanlagen wird oft beschworen, die Praxis lässt aber viel zu wünschen übrig. Beim CCC-Congress in Hamburg zeigten Hacker, wie man Industrieanlagen lahmlegen und Millionenschäden verursachen kann. --------------------------------------------- http://www.heise.de/security/meldung/31C3-Wie-man-ein-Chemiewerk-hackt-2507… *** Researchers Find 64-bit Version of Havex RAT *** --------------------------------------------- Trend Micro researchers have come across a 64-bit version of Havex, a remote access tool that has been used in cyber espionage campaigns aimed at industrial control systems. --------------------------------------------- http://www.securityweek.com/researchers-find-64-bit-version-havex-rat *** Save Our Souls (SOS) *** --------------------------------------------- Natural disasters are unexpected events that can cause severe financial and environmental loss as well as the loss of human life. As an enterprise, it is our responsibility to ensure that proper recovery strategies are in place, just .. --------------------------------------------- http://resources.infosecinstitute.com/save-souls-sos/ *** Sicherheit: BKA schaltet Botnetz mit tausenden Rechnern ab *** --------------------------------------------- Mehr als die Hälfte der Rechner eines vom BKA zerschlagenen Botnetzes sollen in Deutschland gestanden haben. In Zusammenarbeit mit dem BSI, dem Fraunhofer Institut und Antivirenherstellern wurden die betroffenen Nutzer informiert. --------------------------------------------- http://www.golem.de/news/sicherheit-bka-schaltet-botnetz-mit-tausenden-rech… *** 4G Security: Hacking USB Modem and SIM Card via SMS *** --------------------------------------------- Telecommunications operators are pushing fast and cheap 4G communications technology. Yet only the chosen few know just how insecure it is. While researching the security level of 4G communications, Positive Technologies experts managed to uncover USB modem vulnerabilities that allow a potential attacker to gain full control of the connected computer as .. --------------------------------------------- http://blog.ptsecurity.com/2014/12/4g-security-hacking-usb-modem-and-sim.ht… Next End-of-Shift report on 2015-01-02

1 0

Tageszusammenfassung - Montag 29-12-2014
by Daily end-of-shift report 29 Dec '14

29 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-12-2014 18:00 − Montag 29-12-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** DSA-3110 mediawiki - security update *** --------------------------------------------- A flaw was discovered in mediawiki, a wiki engine: thumb.php outputswikitext messages as raw HTML, potentially leading to cross-sitescripting (XSS). --------------------------------------------- https://www.debian.org/security/2014/dsa-3110 *** Multiple vulnerabilities in Info-ZIP UnZip *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99371 http://xforce.iss.net/xforce/xfdb/99373 http://xforce.iss.net/xforce/xfdb/99372 *** Evolution of Banking Malwares *** --------------------------------------------- Why are malware authors so interested in banking malware? Simply because this is where the money is! Nowadays, banking malware, specifically banking Trojans, are reaching alarming new levels of sophistication. Each day, new names .. --------------------------------------------- http://resources.infosecinstitute.com/evolution-banking-malwares-part-1/ http://resources.infosecinstitute.com/evolution-banking-malwares-part-2/ *** New Malware Campaign - WPcache-Blogger - Affects Thousands more WordPress Websites via RevSlider *** --------------------------------------------- If SoakSoak wasn't enough, we are starting to see a new malware campaign leveraging the RevSlider vulnerability and compromising thousands of WordPress sites in the last few days. --------------------------------------------- http://blog.sucuri.net/2014/12/new-malware-campaign-wpcache-blogger-affects… *** IBM Security AppScan Enterprise Bugs Let Remote Users Conduct Cross-Site Scrpting Attacks and Gain Full Control of the Target System *** --------------------------------------------- Several vulnerabilities were reported in IBM Security AppScan Enterprise. A remote user can execute arbitrary code on the target system. A remote authenticated user can execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1031427 *** Multiple vulnerabilities in IPCop *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99397 http://xforce.iss.net/xforce/xfdb/99396 http://xforce.iss.net/xforce/xfdb/99398 *** ICANN: Phishing-Angriff keine Gefahr für die Rootzone *** --------------------------------------------- Von dem in der vergangenen Woche bekannt gewordenen Phishing-Angriff auf die ICANN ging keine Gefahr für die Sicherheit der Rootzone aus, versichert die Internetverwaltung. Dennoch könnte der Vorfall der ICANN politisch schaden. --------------------------------------------- http://www.heise.de/security/meldung/ICANN-Phishing-Angriff-keine-Gefahr-fu… *** ISC.org website hacked: Scan your PC for malware if you stopped by *** --------------------------------------------- Cryptographically signed BIND, DHCP code safe, were told The website for the Internet Systems Consortium, which develops the BIND DNS and ISC DHCP tools and runs some DNS root servers, has been hacked. --------------------------------------------- http://www.theregister.co.uk/2014/12/26/isc_org_hacked/ *** Vawtrak challenges almighty ZeuS as king of the botnets (The Register) *** --------------------------------------------- Crooks behind Vawtrak, a dangerous banking Trojan, are ramping up its reach and sophistication, security firms have warned. Vawtrak currently .. --------------------------------------------- http://www.theregister.co.uk/2014/12/27/vawtrak_challenges_almighty_zeus_as… *** Online-Banking und SS7-Hack: SMS-TANs sind unsicher *** --------------------------------------------- Gleich drei Vorträge am ersten Tag des jährlichen Chaos-Kongresses widmen sich Hacks rund um Mobilfunkstandards. Bereits jetzt ist klar: Sicherheitsanwendungen, die auf SMS setzen, werden unbrauchbar. Der gute alte TAN-Zettel aus Papier dürfte mehr Sicherheit bieten. --------------------------------------------- http://www.golem.de/news/online-banking-und-ss7-hack-sms-tans-sind-unsicher… *** Wieso ein Foto ausreicht, um Fingerabdruckscanner auszutricksen *** --------------------------------------------- Wissenschaftler verwendeten Foto von Händen der deutschen Verteidigungsministerin um Fingerabdruck-Attrappe zu erstellen --------------------------------------------- http://derstandard.at/2000009814288 *** Honey Pot Entertainment - SSH, (Sat, Dec 27th) *** --------------------------------------------- The Christmas period is a nice time to play with some honeypots and share some of the info they have been collecting. Currently I only have two functioning, both of them are located in the US. Each receives 20K or more login attempts per day. Im using a standard kippo installation, running as a non root user and using authbindto run the honeypoton port 22. Results are sent to a logging server for collection. One of the honeypots has no valid password so it will always fail Im mainly interested --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19121&rss *** 31C3: Thunderstrike greift MacBooks über Thunderbolt an *** --------------------------------------------- Über eine EFI-Schwachstelle lässt sich die Firmware von MacBooks manipulieren. Einmal infiziert,lässt sich der Schädling nicht einmal durch den Austausch der Festplatte entfernen. --------------------------------------------- http://www.heise.de/security/meldung/31C3-Thunderstrike-greift-MacBooks-ueb… *** C-Programmierung: Schutz für Code Pointer *** --------------------------------------------- Bugs in der Speicherverwaltung von C-Programmen gehören zu den häufigsten Sicherheitslücken. Da es aussichtslos sein dürfte, alle Lücken zu beheben, hat Mathias Prayer eine Strategie vorgestellt, mit der sich die meisten verhindern lassen. --------------------------------------------- http://www.golem.de/news/c-programmierung-schutz-fuer-code-pointer-1412-111… *** Rocket Kitten: Die Geschichte einer Malware-Analyse *** --------------------------------------------- Mit der Analyse von Malware für eine großflächige Spearphising-Attacke konnten Datenexperten die Angreifer enttarnen. In detektivischer Kleinarbeit haben sie dabei ausgefeilte Komponenten aufgedeckt und ein Land hinter dem Angriff ausgemacht. --------------------------------------------- http://www.golem.de/news/rocket-kitten-die-geschichte-einer-malware-analyse… *** Bots übernehmen Herrschaft über das Internet *** --------------------------------------------- 56 Prozent aller Webseitenbesuche nicht mehr von Menschen – Zunahme an gefährlichen Algorithmen --------------------------------------------- http://derstandard.at/2000009572838 *** Directory traversal vulnerabilities in multiple Wordpress themes *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99444 http://xforce.iss.net/xforce/xfdb/99452 http://xforce.iss.net/xforce/xfdb/99449 http://xforce.iss.net/xforce/xfdb/99447 http://xforce.iss.net/xforce/xfdb/99445 *** Massive Sicherheitslücken bei Kredit- und Bankomatkarten enthüllt *** --------------------------------------------- IT-Sicherheitsforscher zeigen am 31C3, dass Systeme trotz PIN einfach zu knacken sind .. --------------------------------------------- http://derstandard.at/2000009849645 *** Null Byte Injection in PHP *** --------------------------------------------- The null character is a control character with the value zero. It is presented in many character sets such as ASCII (American Standard Code of for Information Interchange), Unicode (Universal Character Set) and EBCDIC .. --------------------------------------------- http://resources.infosecinstitute.com/null-byte-injection-php/ *** Lücken in Industrieanlagen: Nicht nur Banken und Webseiten sollen verteidigt werden *** --------------------------------------------- Hacker sollen sich nicht mehr um die Sicherheit des Geldes und Daten von anderen kümmern. Stattdessen gilt es, den Fokus auf Industrieanlagen zu richten, auch, um Menschenleben zu schützen. (31C3, Netzwerk) --------------------------------------------- http://www.golem.de/news/luecken-in-industrieanlagen-nicht-nur-banken-und-w… *** Prying Eyes: Inside the NSAs War on Internet Security *** --------------------------------------------- US and British intelligence agencies undertake every effort imaginable to crack all types of encrypted Internet communication. The cloud, it seems, is full of holes. The good news: New Snowden documents show that some forms of encryption still cause problems for the NSA. --------------------------------------------- http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-interne…

1 0

Tageszusammenfassung - Dienstag 23-12-2014
by Daily end-of-shift report 23 Dec '14

23 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 22-12-2014 18:00 − Dienstag 23-12-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Multiple vulnerabilities in Cisco Jabber Guest Server *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** SoakSoak Campaign Evolves - New Wave of Attacks *** --------------------------------------------- Since Sunday, we have seen a new wave of SoakSoak reinfections. The Javascript continues to evolve and load other scripts in order to infect additional websites. We have updates for concerned webmasters looking to stay on top of the threat and .. --------------------------------------------- http://blog.sucuri.net/2014/12/soaksoak-new-wave-evolution-attacks.html *** Apache CXF Certificate Validation Flaw Lets Remote Users Spoof SSL Servers *** --------------------------------------------- Apache CXF Certificate Validation Flaw Lets Remote Users Spoof SSL Servers. A remote user with the ability to conduct a man-in-the-middle attack can supply a specially crafted host name in an X.509 certificate subject's .. --------------------------------------------- http://www.securitytracker.com/id/1031419 *** Multiple vulnerabilities in VDG products *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99331 http://xforce.iss.net/xforce/xfdb/99334 http://xforce.iss.net/xforce/xfdb/99333 http://xforce.iss.net/xforce/xfdb/99332 *** Anunak: So geht Bankraub im 21. Jahrhundert *** --------------------------------------------- Die Security-Spezialisten von Fox-IT und Group-IB dokumentieren die Aktivitäten einer russischen Bande, die in die Netze von Banken eingebrochen ist und von dort aus Geldautomaten ausgeräumt hat. Rund 25 Millionen Dollar haben die so geklaut. --------------------------------------------- http://www.heise.de/security/meldung/Anunak-So-geht-Bankraub-im-21-Jahrhund… *** Top Facebook scams and malware attacks *** --------------------------------------------- Millions of people fell for Facebook scams in 2014. Though security experts, companies and tech-savvy users guard against Facebook cyber attacks, many unwary users continue to fall victim to scams on ... --------------------------------------------- http://www.net-security.org/malware_news.php?id=2935 *** BSI-Kryptohandys: Kaum Anschluss unter dieser Nummer *** --------------------------------------------- Die Geräte sind angeblich sehr sicher und gewiss sehr teuer. Doch weil die vom BSI zertifizierten Kryptohandys viele Nachteile haben, liegen sie häufig in den Schubladen. Muss das so sein? --------------------------------------------- http://www.golem.de/news/bsi-kryptohandys-kaum-anschluss-unter-dieser-numme… *** NTP Daemon unter OS X: Kurzfristiges Update schließt Zeitserver-Sicherheitslücke *** --------------------------------------------- Apple hat ein Sicherheitsupdate für OS X veröffentlicht, das jeder installieren sollte. Geschlossen wird damit eine unangenehme Sicherheitslücke im Dienst für das Network Time Protocol. --------------------------------------------- http://www.golem.de/news/ntp-daemon-unter-os-x-kurzfristiges-update-schlies… *** Linux-Kernel: Live Patching soll im Frühjahr 2015 bereitstehen *** --------------------------------------------- Die Kernel-Entwickler wollen die Live-Patching-Technik mit Linux 3.20 im kommenden Frühjahr veröffentlichen. Zuvor soll der Code in Linux-Next aufgenommen werden. Ob dies tatsächlich geschieht, steht noch aus. --------------------------------------------- http://www.golem.de/news/linux-kernel-live-patching-soll-im-fruehjahr-2015-… *** Patches Not Cure-all for Shellshock *** --------------------------------------------- Earlier this year, Linux system administrators all over the world had to deal with the Shellshock vulnerability, which could lead to malicious code being run on Linux systems. Servers running various web services were at particular risk. By now, most major distributions have been able to .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/patches-not-cure… Next End-of-Shift report on 2014-12-29

1 0

Tageszusammenfassung - Montag 22-12-2014
by Daily end-of-shift report 22 Dec '14

22 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 19-12-2014 18:00 − Montag 22-12-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** TA14-353A: Targeted Destructive Malware *** --------------------------------------------- Original release date: December 19, 2014 Systems Affected Microsoft Windows Overview US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities targeting a major entertainment .. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA14-353A *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** iTwitter <= 0.04 - XSS & CSRF *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7729 *** Network Time Protocol Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for multiple vulnerabilities within the Network Time Protocol (NTP). --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-353-01 *** Post to Twitter <= 0.7 CSRF & XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7730 *** Which NTP Servers do You Need to Patch? *** --------------------------------------------- While people generally know where their real NTP servers are, all to often they dont know that theyve got a raft of accidental NTP servers - boxes that have NTP enabled without the system maintainers knowing about it. Common servers .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19095 *** Tor-Projekt wappnet sich gegen möglichen Angriff *** --------------------------------------------- Das Tor-Projekt befürchtet eine Beschlagnahmung wichtiger Infrastruktur-Server, die das Anonymisierungsnetz unbenutzbar machen könnte. Einem anonymen Tipp zufolge stehe diese schon in wenigen Tagen bevor. --------------------------------------------- http://www.heise.de/security/meldung/Tor-Projekt-wappnet-sich-gegen-moeglic… *** Compromised Wordpress sites serving multiple malware payloads *** --------------------------------------------- During our daily log monitoring process, we observe many interesting threat events. One such event led to a compromised WordPress site campaign, which was found to serve multiple malware families including Upatre/Hencitor/Extrat Xtreme .. --------------------------------------------- http://research.zscaler.com/2014/12/compromised-wordpress-sites-serving.html *** Neue NTP-Versionen fixen Fehler im Zeit-Server *** --------------------------------------------- Mit nur einem Paket könnte ein Angreifer Zeit-Server mit dem NTP-Dienst übernehmen. Admins sollten ihre Konfiguration checken und bei Bedarf das Abhilfe versprechende Update so schnell wie möglich einspielen. --------------------------------------------- http://www.heise.de/security/meldung/Neue-NTP-Versionen-fixen-Fehler-im-Zei… *** Südkorea führt Übungen zur Hacker-Abwehr an Atomkraftwerken durch *** --------------------------------------------- Nach der Enthüllung geschützter Informationen über zwei südkoreanische Atomreaktoren im Internet hat der Betreiber eine zweitägige Übungen zur Abwehr von Cyber-Attacken begonnen. Die Übungen würden an vier von 23 Reaktorstandorten im Land durchgeführt, teilte eine Sprecherin der staatlichen Koreanischen Wasser- und Atomenergie-Gesellschaft (KHNP) am Montag mit. --------------------------------------------- http://derstandard.at/2000009692066 *** Pattern-Based Approach for In-Memory ShellCodes Detection *** --------------------------------------------- Introduction During an analysis, it can be really useful to know some common instructions with which malware, and more specifically shellcodes, achieve their goals. As we can imagine, these sets of common instructions could be used .. --------------------------------------------- http://resources.infosecinstitute.com/pattern-based-approach-memory-shellco… *** Is this URL safe? Hiding Malware in Plain Sight From Online Scanners *** --------------------------------------------- There are serveral sites which offer scanning a URL for malware. One should expect that these sites emulate a real browser good enough so that their rating can be trusted. Unfortunatly this is not the case. --------------------------------------------- http://noxxi.de/research/content-encoding-online-scanner.html *** Mikl-Leitner will Cybercrime-Gesetz bis 2018 *** --------------------------------------------- Ein Cybercrime-Gesetz soll bis zum Ende dieser Legislaturperiode, also 2018, beschlossen werden. Dieses Ziel nannte Innenministerin Johanna Mikl-Leitner (ÖVP) bei einer Pressekonferenz am Montag in Wien. Anlass war die Präsentation der Erkenntnisse aus einem Planspiel, bei dem es um einen Hackerangriff auf den Flughafen Wien und einen Erpressungsversuch mit terroristischem Hintergrund ging. --------------------------------------------- http://derstandard.at/2000009710328 *** PHP 5.6.3 unserialize() execute arbitrary code *** --------------------------------------------- A while ago the function "process_nested_data" was changed to better handle object properties. Before it was possible to create numeric object properties which would cause .. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120160

1 0

Tageszusammenfassung - Freitag 19-12-2014
by Daily end-of-shift report 19 Dec '14

19 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 18-12-2014 18:00 − Freitag 19-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Misfortune Cookie crumbles router security: 12 MILLION+ in hijack risk *** --------------------------------------------- Homes, businesses menaced by vulnerable software exposed to the internet Infosec biz Check Point says it has discovered a critical software vulnerability that allows hackers to hijack home and small business broadband routers across the web. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/12/18/misfortune_… *** Metasploit Weekly Wrapup: Get the 411 *** --------------------------------------------- This week, we released Metasploit version 4.11 to the world -- feel free to download it here if you're the sort that prefers the binary install over the somewhat Byzantine procedure for setting up a development environment. Which you should be, because the binary installers (for Windows and Linux) have all the dependencies baked in and you don't have to monkey around with much to get going. The two major features with this release center around reorganizing the bruteforce workflow to make things more sensible and usable for larger-scale password audits, and much better visualization on figuring out where the weak link is/was in the organization under test when stolen credentials were used to extend control. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/12/18/metasploi… *** Vulnerability announced: update your Git clients *** --------------------------------------------- A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. --------------------------------------------- https://github.com/blog/1938-vulnerability-announced-update-your-git-clients *** How Cybercriminals Dodge Email Authentication *** --------------------------------------------- Email authentication and validation is one method that is used to help bring down the levels of spam and phishing by identifying senders so that malicious emails can be identified and discarded. Two frameworks are in common usage today; these are SPF and DKIM. SPF (Sender Policy Framework): Defined in RFC 7208, SPF provides a... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/27Kj0gN8uNo/ *** Smart grid security certification in Europe: Challenges and Recommendations *** --------------------------------------------- ENISA issues today a report on Smart grid security certification in Europe targeted at EU Member States (MS), the Commission, certification bodies and the private sector; with information on several certification approaches across the EU and other MS and EFTA countries. It describes the specific European situation, and discusses the advantages and challenges towards a more harmonised certification practice. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/smart-grid-security-certifi… *** USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds *** --------------------------------------------- Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it's a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in... --------------------------------------------- http://threatpost.com/usbdriveby-device-can-install-backdoor-override-dns-s… *** TA14-352A: Server Message Block (SMB) Worm Tool *** --------------------------------------------- Unknown cyber-threat actors have been identified employing sophisticated malware, and Indicators of Compromise (IOC) have been provided to mitigate this threat. --------------------------------------------- http://www.exploitthis.com/2014/12/ta14-352a-server-message-block-smb-worm-… *** Save the date: ENISA Workshop on EU Threat Landscape *** --------------------------------------------- 24th February 2015, Hotel Metropole, Brussels --------------------------------------------- http://www.enisa.europa.eu/media/news-items/save-the-date-enisa-workshop-on… *** SS7 Vulnerabilities *** --------------------------------------------- There are security vulnerability in the phone-call routing protocol called SS7. The flaws discovered by the German researchers are actually functions built into SS7 for other purposes -- such as keeping calls connected as users speed down highways, switching from cell tower to cell tower -- that hackers can repurpose for surveillance because of the lax security on the network.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/12/ss7_vulnerabili.html *** Information-stealing Vawtrak malware evolves, becomes more evasive *** --------------------------------------------- SophosLabs has recently observed some cunning changes made by the authors of the dangerous banking malware Vawtrak. James Wyke explains. --------------------------------------------- https://nakedsecurity.sophos.com/2014/12/19/information-stealing-vawtrak-ma… *** Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines *** --------------------------------------------- Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and hardcoded credentials. All of the vulnerabilities are remotely exploitable and an... --------------------------------------------- http://threatpost.com/emerson-patches-series-of-flaws-in-controllers-used-i… *** Novell - Patches for GroupWise and eDirectory *** --------------------------------------------- https://download.novell.com/Download?buildid=tveSooKDw3Q~ https://download.novell.com/Download?buildid=mdWLZGP0Glk~ https://download.novell.com/Download?buildid=gHTDteZoK34~ https://download.novell.com/Download?buildid=3dJODsdcDKE~ *** Subversion mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031403 *** Subversion mod_dav_svn REPORT Request Processing Flaw Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031402 *** Honeywell Experion PKS Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for vulnerabilities in Honeywell's Experion Process Knowledge System (EPKS) application. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-352-01 *** Innominate mGuard Privilege Escalation Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a privilege escalation vulnerability affecting all mGuard devices. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-352-02 *** Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update C) *** --------------------------------------------- This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02B Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 11, 2014, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-329-02C *** Emerson ROC800 Multiple Vulnerabilities (Update B) *** --------------------------------------------- This updated advisory is a follow-up to the updated advisory titled ICSA-13-259-01A Emerson ROC800 Multiple Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-13-259-01B *** [2014-12-19] XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor *** --------------------------------------------- Two vulnerabilities in the NetIQ eDirectory iMonitor allow an attacker to take over a user session and potentially leak sensitive data. An attacker could compromise an administrative account and e.g. tamper a centralized user database. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Live Forms <= 1.2.0 - Unauthenticated Stored Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7728

1 0

Tageszusammenfassung - Donnerstag 18-12-2014
by Daily end-of-shift report 18 Dec '14

18 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 17-12-2014 18:00 − Donnerstag 18-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Is the polkit Grinch Going to Steal your Christmas?, (Wed, Dec 17th) *** --------------------------------------------- Alert Logic published a widely publizised blog outlining a common configuration problem with Polkit. To help with dissemination, Alert Logic named the vulnerability Grinch [1] . In some ways, this isnt so much a vulnerability, as more a common overlypermissive configuration of many Linux systems. It could easily be leveraged to escalate privileges beyond the intent of the polkitconfiguration. Lets first step back: In the beginning, there was sudo. Sudo served the Unix community well for many... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19077&rss *** Application Threat and Usage Report 2014 *** --------------------------------------------- The Application Usage And Threat Report provides an analysis of applications and their link to cyber threats within the enterprise. The report summarizes network traffic assessments performed wor... --------------------------------------------- http://www.net-security.org/secworld.php?id=17609 *** Erfolgreicher Angriff auf Internet-Verwaltung ICANN *** --------------------------------------------- U.a. wurde ein zentrales System, das zur Organisation bei der Einführung der neuen Top Level Domains dient, bei einem Angriff auf die ICANN kompromittiert. Die ICANN dient als Oberaufsicht über die Verwaltung von Netz-Ressourcen wie DNS und IP-Adressen. --------------------------------------------- http://www.heise.de/security/meldung/Erfolgreicher-Angriff-auf-Internet-Ver… *** Your Browser is (not) Locked *** --------------------------------------------- Most ransomware has a binary file that needs to be executed before it can infect your PC. Ransomware usually relies on social engineering or exploits to infect unsuspecting users. However, some malware authors are bypassing this requirement with a new trick - browser lockers. Unlike traditional ransomware threats that lock the entire desktop, browser lockers only lock the web browser of an infected PC. Most other malware needs a user (or other malware) to manually run it. Browser lockers... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/12/17/your-browser-is-not-lock… *** Chthonic: a New Modification of ZeuS *** --------------------------------------------- In the fall of 2014, we discovered a new banking Trojan, which caught our attention for two reasons... --------------------------------------------- http://securelist.com/blog/virus-watch/68176/chthonic-a-new-modification-of… *** Ars Technica readers urged to change passwords in wake of hack *** --------------------------------------------- In case you havent heard already, Ars Technica got hacked over the weekend, so if you are a subscribed reader now would be a good time to change your password. "At 20:00 CT on December 14, an Inte... --------------------------------------------- http://www.net-security.org/secworld.php?id=17768 *** PhpBB-Webserver geknackt, Zugangsdaten kopiert *** --------------------------------------------- Die PhpBB-Server wurden kompromittiert und sind momentan offline. Die Angreifer haben es geschafft, den Foren-Zugang eines Administrators zu kapern. --------------------------------------------- http://www.heise.de/security/meldung/PhpBB-Webserver-geknackt-Zugangsdaten-… *** Android Hacking and Security, Part 17: Cracking Android App Binaries *** --------------------------------------------- In this article, we will see how a developer can perform basic checks to programmatically detect if the app is running on an emulator and stop executing the app if an emulator is detected. We will then see how an attacker can easily bypass these checks by using some freely... --------------------------------------------- http://resources.infosecinstitute.com/android-hacking-security-part-17-crac… *** Alina POS malware "sparks" off a new variant *** --------------------------------------------- Alina is a well-documented family of malware used to scrape Credit Card (CC) data from Point of Sale (POS) software. We published a series of in-depth write-ups on the capabilities Alina possesses as well as the progression of the versions. Xylitol has a nice write-up on the Command and Control (C&C) aspects of Alina. In this blog post I'd like to discuss a variant that first cropped up in late 2013 and has been seen in the wild as recent as a month ago. Some anti-virus companies have --------------------------------------------- http://blog.spiderlabs.com/2014/12/alina-pos-malware-sparks-off-a-new-varia… *** Patch-Debakel: Microsoft bessert bei IE-Update nach *** --------------------------------------------- Die Serie an verbockten Patches scheint nicht abzureissen. Jetzt muss Microsoft bei einem Update für den Internet Explorer nachbessern, nachdem IE-11-Nutzer über Probleme mit Dialogboxen auf Webseiten geklagt hatten. --------------------------------------------- http://www.heise.de/security/meldung/Patch-Debakel-Microsoft-bessert-bei-IE… *** Exploit Kit Evolution During 2014 - Nuclear Pack, (Thu, Dec 18th) *** --------------------------------------------- This is a guest diary submitted by Brad Duncan. Nuclear exploit kit (also known as Nuclear Pack) has been around for years. Version 2.0 of Nuclear Pack was reported in 2012 [1] [2]. Blogs like malware.dontneedcoffee.com have mentioned version 3.0 of Nuclear Pack in posts during 2013 [3] [4]. This month, Nuclear Pack changed its traffic patterns. The changes are significant enough that I wonder if Nuclear Pack is at version 4. Or is this merely an evolution of version 3, as weve seen throughout --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19081&rss *** VU#843044: Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values *** --------------------------------------------- Vulnerability Note VU#843044 Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values Original Release date: 18 Dec 2014 | Last revised: 18 Dec 2014 Overview The Intelligent Platform Management Interface (IPMI) v1.5 implementations in multiple Dell iDRAC releases are vulnerable to arbitrary command injection due to use of insufficiently random session ID values. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-8272The IPMI v1.5... --------------------------------------------- http://www.kb.cert.org/vuls/id/843044 *** Cisco IronPort ESA Subject Header Length Denial of Service Vulnerability *** --------------------------------------------- CVE-2014-8016 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal *** --------------------------------------------- CVE-2014-8012 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability *** --------------------------------------------- CVE-2014-8014 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cross-Site Scripting vulnerability in wfGallery (wf_gallery) *** --------------------------------------------- It has been discovered that the extension "wfGallery" (wf_gallery) is susceptible to Cross-Site Scripting. --------------------------------------------- http://www.typo3.org/news/article/cross-site-scripting-vulnerability-in-wfg… *** SA-CONTRIB-2014-128 - Organic Groups Menu - Access bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-128Project: OG Menu (third-party module)Version: 6.x, 7.xDate: 2014-December-17Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypass, Information DisclosureDescriptionThis module enables you to associate menus with Organic Groups (OG). It allows you to create one or more menus per group, configure and apply menu permissions in a group context, add/edit menu links directly from the entity... --------------------------------------------- https://www.drupal.org/node/2395049 *** SA-CONTRIB-2014-127 - School Administration - Cross Site Scripting (XSS) *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-127Project: School Administration (third-party module)Version: 7.xDate: 2014-December-17Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionSchool Administration module enables you to keep records of all students and staff. With inner modules, it aims to be a complete school administration system.The module failed to sanitize some node titles in messages, leading to a... --------------------------------------------- https://www.drupal.org/node/2395015 *** SA-CONTRIB-2014-126 - Open Atrium - Multiple vulnerabilities *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-126Project: Open Atrium (third-party module)Version: 7.xDate: 2014-12-17Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypass, Cross Site Request Forgery, Multiple vulnerabilitiesDescriptionThis distribution enables you to create an intranet.Several of the sub modules included do not prevent CSRF on several menu callbacks.Open Atrium Discussion also does not exit correctly after... --------------------------------------------- https://www.drupal.org/node/2394979 *** Novell NetIQ Access Manager 4.0 Support Pack 1 Hot Fix 3 4.0.1-132 *** --------------------------------------------- Abstract: NetIQ Access Manager 4.0 Support Pack 1 Hot Fix 3 build (version4.0.1-132). This file contains updates for services contained in the NetIQ Access Manager 4.0 product and requires 4.0 SP1 to be installed as a minimum. NetIQ recommends that all customers running Access Manager 4.0 release code apply this patch. The purpose of the patch is to provide a bundle of fixes for issues that have surfaced since NetIQ Access Manager 4.0 SP1 was released. These fixes include updates to the Access... --------------------------------------------- https://download.novell.com/Download?buildid=i7RBltaqcVw~ *** [2014-12-18] Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA) *** --------------------------------------------- Attackers are able to fully compromise the VDG Sense video management system by gaining highest system level access rights as multiple critical vulnerabilities exist. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-12-18] OS command execution vulnerability in GParted *** --------------------------------------------- GParted does not properly sanitize strings before passing them as parameters to an OS command. Under certain conditions an attacker is able to execute system commands as user "root" by tricking a victim into using GParted to e.g. format a USB drive. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-12-18] Multiple high risk vulnerabilities in NetIQ Access Manager *** --------------------------------------------- A vulnerability in the NetIQ Access Manager allows an authenticated attacker to read local files. Moreover, several web based issues (CSRF, persistent and non-persistent XSS) allow an attacker to hijack the session of an administrator or user. An information disclosure vulnerability allows an attacker to gather internal information including service passwords. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…

1 0

Tageszusammenfassung - Mittwoch 17-12-2014
by Daily end-of-shift report 17 Dec '14

17 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 16-12-2014 18:00 − Mittwoch 17-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Schadcode nutzt Monate alte WordPress-Lücke aus *** --------------------------------------------- Der Schädling namens SoakSoak hat hunderttausende Webseiten über das Plug-in Slider Revolution befallen und spioniert die Server aus. In einigen Fällen werden auch Besucher per Drive-By-Download infiziert. --------------------------------------------- http://www.heise.de/security/meldung/Schadcode-nutzt-Monate-alte-WordPress-… *** Firefox, IE11 zero-day bugs possibly targeted in SoakSoak WordPress malware attacks *** --------------------------------------------- Attackers exploiting a bug in the Slider Revolution plugin to compromise WordPress websites with malware may also be targeting zero-day vulnerabilities in Firefox and Internet Explorer 11. --------------------------------------------- http://www.scmagazine.com/firefox-ie11-zero-day-bugs-possibly-targeted-in-s… *** Some Memory Forensic with Forensic Suite (Volatility plugins), (Tue, Dec 16th) *** --------------------------------------------- In previous diaries we have talked about memory forensics and how important it is. In this diary I will talk about a new volatility plugins called Forensic Suite written by Dave Lasalle. The suite has 14 plugins and they cover different area of memory forensics The Forensics Suite can be obtain from: http://downloads.volatilityfoundation.org/contest/2014/DaveLasalle_Forensic… . In this diary I will talk about some of the plugins Firefox history: To test this plugin first I browsed the... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19071&rss *** URL flaw discovered for airline mobile boarding passes *** --------------------------------------------- A URL flaw that impacts mobile boarding passes for airlines, such as Southwest and Delta, was discovered on Tuesday. --------------------------------------------- http://www.scmagazine.com/url-flaw-discovered-for-airline-mobile-boarding-p… *** Impact of Linux bug grinch spans servers, workstations, Android devices and more *** --------------------------------------------- Alert Logic discovered the bug, which is susceptible to exploitation due to the default installation process used by Linux. --------------------------------------------- http://www.scmagazine.com/impact-of-linux-bug-grinch-spans-servers-workstat… *** Comparing OpenBSD with FreeBSD - securitywise *** --------------------------------------------- OpenBSD and FreeBSD are both great OS that I admire and use. OpenBSD is considered more secure since it is its main goal, but FreeBSD can be tweaked to be pretty well hardened as well. Depending on the forums or to who we ask, we will have different opinions. But what are the facts? Which OS is more secure and why? --------------------------------------------- http://networkfilter.blogspot.co.at/2014/12/security-openbsd-vs-freebsd.html *** SSL Labs end of year 2014 updates *** --------------------------------------------- >From the SSL/TLS perspective, 2014 was quite an eventful year. The best way to describe what we at SSL Labs did is we kept running to stay in the same place. What I mean by this is that we spent a lot of time reacting to high profile vulnerabilities: Hearbleed, the ChangeCipherSpec protocol issue in OpenSSL, POODLE (against SSL 3 in October and against TLS in December), and others. Ultimately, this has been a very successful year for us, with millions of assessments carried out. --------------------------------------------- http://blog.ivanristic.com/2014/12/ssl-labs-end-of-year-updates.html *** Top 5 malware attacks: 35 reused components *** --------------------------------------------- CyActive identified the top five malware that returned the highest ROI for hackers with the least effort per dollar - achieved by recycling code and using the same methods from previous malware attack... --------------------------------------------- http://www.net-security.org/malware_news.php?id=2932 *** Protecting the underground electronic communications infrastructure *** --------------------------------------------- ENISA has released a new report on the Protection of Underground Electronic Communications Infrastructure. This report - targeted at Member States (MS), public institutions, owners of underground comm... --------------------------------------------- http://www.net-security.org/secworld.php?id=17763 *** The Abandoned Side of the Internet: Hijacking Internet Resources When Domain Names Expire *** --------------------------------------------- In this paper, we discuss an attacker model that accounts for the hijacking of network ownership information stored in Regional Internet Registry (RIR) databases. We show that such threats emerge from abandoned Internet resources (e.g., IP address blocks, AS numbers). When DNS names expire, attackers gain the opportunity to take resource ownership by re-registering domain names that are referenced by corresponding RIR database objects. --------------------------------------------- http://arxiv.org/abs/1412.5052 *** How the FBI Unmasked Tor Users *** --------------------------------------------- Kevin Poulson has a good article up on Wired about how the FBI used a Metasploit variant to identify Tor users.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/12/how_the_fbi_unm.html *** Fast Flux Networks Working and Detection, Part 1 *** --------------------------------------------- Introduction In this series of articles, we will learn about a not-so-new type of attack, but one of the most difficult attacks to control. Yes, we will lean about the demon Fast Flux!! In this article, we will learn about what exactly Fast Flux is, types of Fast Flux, and [...]The post Fast Flux Networks Working and Detection, Part 1 appeared first on InfoSec Institute. --------------------------------------------- http://resources.infosecinstitute.com/fast-flux-networks-working-detection-… *** What's New in Exploit Kits in 2014 *** --------------------------------------------- Around this time in 2013, the most commonly used exploit kit - the Blackhole Exploit Kit - was shut down after its creator, Paunch, was arrested by law enforcement. Since then, a variety of exploit kits has emerged and have been used by cybercriminals. The emergence of so many replacements has also meant that there... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/N44vwrIcGrM/ *** Researchers warn of new OphionLocker ransomware *** --------------------------------------------- OphionLocker doesnt diverge much from previous ransomware schemes, although it does generate a unique hardware ID based on the first hard drives serial number, the motherboards serial number and other information. --------------------------------------------- www.scmagazine.com/ophionlocker-discovered-in-the-wild-update-provided-on-t… *** Certified pre-pw0ned Android Smartphones: Coolpad Firmware Backdoor, (Wed, Dec 17th) *** --------------------------------------------- Researchers at Palo Alto found that many ROM images used for Android smart phones manufactured by Coolpad contain a backdoor, giving an attacker full control of the device. Palo Alto named the backdoor Coolreaper. With Android, it is very common for manufacturers to install additional applications. But these applications are installed on top of the Android operating system. In this case, Coolpad integrated additional functionality into the firmware of the device. This backdoor was then used by --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19075&rss *** BSI-Sicherheitsbericht: Erfolgreiche Cyber-Attacke auf deutsches Stahlwerk *** --------------------------------------------- Bei einem bislang unbekannten Angriff beschädigten die Angreifer einen Hochofen schwer. Doch neben den gezielten Angriffen auf Industrieanlagen bilanziert das BSI auch eine steigende Gefahr für Endanwender. --------------------------------------------- http://www.heise.de/security/meldung/BSI-Sicherheitsbericht-Erfolgreiche-Cy… *** Meet FlashFlood, the lightweight script that causes websites to falter *** --------------------------------------------- Bringing big database-driven sites to their knees just got a little easier. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/ir5Zy4m-thY/ *** iCloud-Daten: Forensik-Software verspricht umfangreichen Zugriff *** --------------------------------------------- Die vermutlich auch für den iCloud-Promi-Hack genutzte Forensik-Software "Phone Breaker" erweitert die Möglichkeiten, bei Apples Cloud-Dienst gespeicherte Nutzerdaten auszulesen. Unterstützung zum Fremdzugriff auf iCloud Drive soll folgen. --------------------------------------------- http://www.heise.de/security/meldung/iCloud-Daten-Forensik-Software-verspri… *** Cisco ISB8320-E High-Definition IP-Only DVR Remote Unauthenticated Access Vulnerability *** --------------------------------------------- CVE-2014-8006 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Symantec Web Gateway OS Authenticated Command Injection *** --------------------------------------------- Revisions None Severity CVSS2Base ScoreImpactExploitabilityCVSS2 VectorSymantec Web Gateway Operating System Command Injection - Low... --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** IBM Business Process Manager cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98418 *** IBM WebSphere Process Server, IBM WebSphere Enterprise Service Bus, IBM Business Process Manager information disclosure *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98488 *** IBM Business Process Manager security bypass *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/95724 *** HP Security Bulletins *** --------------------------------------------- [security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information --------------------------------------------- http://www.securityfocus.com/archive/1/534259 [security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution --------------------------------------------- http://www.securityfocus.com/archive/1/534262 [security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/534261 [security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS) --------------------------------------------- http://www.securityfocus.com/archive/1/534260 *** Patches for Novell Products *** --------------------------------------------- https://download.novell.com/Download?buildid=3dJODsdcDKE~ https://download.novell.com/Download?buildid=STisn28FRWs~ https://download.novell.com/Download?buildid=q4S96klvwhE~ https://download.novell.com/Download?buildid=Mh8CRo1Ljh8~ https://download.novell.com/Download?buildid=nlOmW2y333Q~ https://download.novell.com/Download?buildid=anuuh6CDWX8~ *** DSA-3105 heirloom-mailx - security update *** --------------------------------------------- Two security vulnerabilities were discovered in Heirloom mailx, animplementation of the mail command: --------------------------------------------- https://www.debian.org/security/2014/dsa-3105 *** DSA-3104 bsd-mailx - security update *** --------------------------------------------- It was discovered that bsd-mailx, an implementation of the mailcommand, had an undocumented feature which treats syntactically validemail addresses as shell commands to execute. --------------------------------------------- https://www.debian.org/security/2014/dsa-3104 *** SSA-134508 (Last Update 2014-12-16): Vulnerabilities in SIMATIC WinCC, PCS 7 and WinCC in TIA Portal *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** iWifi For Chat 1.1 Denial Of Service *** --------------------------------------------- Topic: iWifi For Chat 1.1 Denial Of Service Risk: Medium Text:Document Title: iWifi for Chat v1.1 iOS - Denial of Service Vulnerability References (Source): == http://w... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120110 *** iUSB 1.2 Arbitrary Code Execution *** --------------------------------------------- Topic: iUSB 1.2 Arbitrary Code Execution Risk: High Text:Document Title: iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability References (Source): == http://www.... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120109 *** Bugtraq: [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/534264 *** Security Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Product *** --------------------------------------------- Dec 17, 2014 16:09 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Schneider Electric ProClima Command Injection Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for command injection vulnerabilities in Schneider Electrics ProClima software package. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-350-01 *** Bird Feeder <= 1.2.3 CSRF & XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7727 *** DB Backup <= 4.5 - Path Traversal File Access *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7726

1 0

Tageszusammenfassung - Dienstag 16-12-2014
by Daily end-of-shift report 16 Dec '14

16 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 15-12-2014 18:00 − Dienstag 16-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Is POODLE Back for Another Byte? *** --------------------------------------------- [...] The problem is a number of other TLS implementations are optimized for performance by verifying only that the first byte of padding matches the number of padding bytes. Such implementations would accept any value for the second and subsequent padding bytes. What's worse is that the adversary doesn't need to artificially downgrade the connection to SSLv3 to exploit this issue, so the barriers to execution are lower. --------------------------------------------- https://www.fireeye.com/blog/threat-research/2014/12/is_poodle_back_fora.ht… *** RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise *** --------------------------------------------- Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to the first domain used in the malware redirection path (soaksoak.ru). After a bit more time investigating this issue, we were able to confirm that the attack vector is the RevSlider... --------------------------------------------- http://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wor… *** SoakSoak: Payload Analysis - Evolution of Compromised Sites - IE 11 *** --------------------------------------------- Thousands of WordPress sites has been hit by the SoakSoak attack lately. At this moment we know quite a lot about it. It uses the RevSlider vulnerability as a point of penetration. Then uploads a backdoor and infects all websites that share the same server account (so sites that don't use the RevSlider plugin can... --------------------------------------------- http://blog.sucuri.net/2014/12/soaksoak-payload-analysis-evolution-of-compr… *** Google Blacklists WordPress Sites Peddling SoakSoak Malware *** --------------------------------------------- Up to 100,000 sites hosted on WordPress may be vulnerable to new campaign thats pushing malware and multiple exploit kits to the browser. --------------------------------------------- http://threatpost.com/google-blacklists-wordpress-sites-peddling-soaksoak-m… *** Safari 8.0.2 Still Supporting SSLv3 with Block Ciphers, (Mon, Dec 15th) *** --------------------------------------------- In October, Apple released Security Update 2014-005, specifically with the intend to address the POODLE issue [1]. The description with the update stated: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19067&rss *** ENISA CERT training programme now available online *** --------------------------------------------- ENISA has launched a new section on its website introducing the ENISA CERT training programme. In the new section, you can find all the publicly available training resources and the training courses currently provided by ENISA. --------------------------------------------- http://www.enisa.europa.eu/media/news-items/enisa-cert-training-programme-n… *** SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability *** --------------------------------------------- CVE-2014-8730 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Internet-Sicherheit: Auch Cisco mit Poodle-Problemen *** --------------------------------------------- Ausgerechnet Firewalls und Load-Balancing-Erweiterungen des Netzwerkgeräte-Herstellers pfuschen bei der Umsetzung von TLS - und werden damit ebenfalls anfällig für Poodle-Angriffe auf die Verschlüsselung. --------------------------------------------- http://www.heise.de/security/meldung/Internet-Sicherheit-Auch-Cisco-mit-Poo… *** Android Hacking and Security, Part 16: Broken Cryptography *** --------------------------------------------- Introduction In this article, we will discuss broken cryptography in Android applications. Broken cryptography attacks come into the picture when an app developer wants to take advantage of encryption in his application. This article covers the possible ways where vulnerabilities associated with broken cryptography may be introduced in Android apps. [...]The post Android Hacking and Security, Part 16: Broken Cryptography appeared first on InfoSec Institute. --------------------------------------------- http://resources.infosecinstitute.com/android-hacking-security-part-16-brok… *** F5 Security Advisory: Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687 *** --------------------------------------------- (SOL15910) - Remote attackers may be able to cause a denial-of-service (DoS) using malformed or duplicate ASCONF chunk. --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/900/sol15910.html *** Security Advisory 2014-06: Incomplete Access Control *** --------------------------------------------- An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured. --------------------------------------------- https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/ *** Apache Buffer Overflow in mod_proxy_fcgi Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031371 *** SSA-831997 (Last Update 2014-12-15): Denial-of-Service Vulnerability in Ruggedcom ROS-based Devices *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** CA Release Automation Multiple Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and SQL Injection Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1031375 *** DokuWiki conf/mime.conf cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99291 *** Python TLS security bypass *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99294 *** CA LISA Multiple Vulns *** --------------------------------------------- Topic: CA LISA Multiple Vulns Risk: Medium Text:CA20141215-01: Security Notice for CA LISA Release Automation Issued: December 15, 2014 CA Technologies Support is alerti... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120097 *** Bugtraq: [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA *** --------------------------------------------- http://www.securityfocus.com/archive/1/534249 *** Better Search <= 1.3.4 - Reflective XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7725 *** WP Construction Mode <= 1.91 - Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7724 *** Sliding Social Icons <= 1.61 - CSRF & Stored XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7723 *** Bugtraq: "Ettercap 8.0 - 8.1" multiple vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/534248

1 0

Tageszusammenfassung - Montag 15-12-2014
by Daily end-of-shift report 15 Dec '14

15 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 12-12-2014 18:00 − Montag 15-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** ICS-CERT: BlackEnergy may be infecting WinCC systems lacking recent patch *** --------------------------------------------- BlackEnergy malware may be exploiting a vulnerability in Siemens SIMATIC WinCC software that was patched in early November. --------------------------------------------- http://www.scmagazine.com/ics-cert-urges-wincc-users-others-to-update-softw… *** BGP Hijacking Continues, Despite the Ability To Prevent It *** --------------------------------------------- An anonymous reader writes: BGPMon reports on a recent route hijacking event by Syria. These events continue, despite the ability to detect and prevent improper route origination: Resource Public Key Infrastructure. RPKI is technology that allows an operator to validate the proper relationship between an IP prefix and an Autonomous System. That is, assuming you can collect the certificates. ARIN requires operators accept something called the Relying Party Agreement. But the provider community... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/hl_eP152_h0/story01.htm *** Batten down the patches: New vuln found in Docker container tech *** --------------------------------------------- Last months patch brought new privilege escalation flaw More security woes plagued users of the Docker application containerization tech for Linux this week, after an earlier security patch was found to have introduced a brand-new critical vulnerability in the software. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/12/12/docker_vuln… *** Cisco to release flying pig - Snort 3.0 *** --------------------------------------------- Sourcefires been making bacon, now wants you to fry it Ciscos going to release a flying pig. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/12/12/cisco_to_re… *** Worm Backdoors and Secures QNAP Network Storage Devices, (Sun, Dec 14th) *** --------------------------------------------- Shellshock is far from over, with many devices still not patched andout there ready for exploitation. One set of thedevices receiving a lot of attention recently are QNAP disk storage systems. QNAP released a patch in early October, but applying the patch is not automatic and far from trivial for many users[1]. Our reader Erichsubmitted a link to an interesting Pastebin post with code commonly used in these scans [2] The attack targets a QNAP CGI script, /cgi-bin/authLogin.cgi, a well known... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19061&rss *** SoakSoak Malware Compromises 100,000+ WordPress Websites *** --------------------------------------------- This Sunday has started with a bang. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru: Our analysis is showing impacts in the order of 100s of thousands of WordPress specific websites. We cannot confirm the exact vector, but preliminary analysis is showing correlation with the Revslider vulnerability we reported a... --------------------------------------------- http://blog.sucuri.net/2014/12/soaksoak-malware-compromises-100000-wordpres… *** Man in the Middle attack vs. Cloudflares Universal SSL *** --------------------------------------------- MitM attacks are a class of security attacks that involve the compromise of the authentication of a secure connection. In essence, an attacker builds a transparent tunnel between the client and the server, but makes sure that the client negotiates the secure connection with the attacker, instead of the intended server. Thus the client instead of having a secure connection to the server, has a secure connection to the attacker, which in turn has set up its own secure connection to the server, so... --------------------------------------------- http://blog.ricardomacas.com/index.php?controller=post&action=view&id_post=4 *** 10th Annual ICS Security Summit - Orlando *** --------------------------------------------- For SCADA, Industrial Automation, and Control System Security Join us for the 10th anniversary of the Annual SANS ICS Security Summit. The Summit is the premier event to attend in 2015 for ICS cybersecurity practitioners and managers. This years summit will feature hands-on training courses focused on Attacking and Defending ICS environments, Industry specific pre-summit events, and an action packed summit agenda with the release of ICS security tools and the popular security kit for Summit --------------------------------------------- https://www.sans.org/event/ics-security-summit-2015 *** Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712) *** --------------------------------------------- V3.0 (December 12, 2014): Rereleased bulletin to announce the reoffering of Microsoft security update 2986475 for Microsoft Exchange Server 2010 Service Pack 3. The rereleased update addresses a known issue in the original offering. Customers who uninstalled the original update should install the updated version of 2986475 at the earliest opportunity. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-075 *** Two newcomers in the exploit kit market *** --------------------------------------------- Exploit kits are a great means to an end for malware distributors, who either buy them or rent them in order to widely disseminate their malicious wares. Its no wonder then that unscrupulous developers are always trying to enter the market currently cornered by Angler, Nuclear, FlashEK, Fiesta, SweetOrange, and others popular exploit kits. --------------------------------------------- http://www.net-security.org/malware_news.php?id=2929 *** RSA Authentication Manager 8.0 / 8.1 Unvalidated Redirect *** --------------------------------------------- Topic: RSA Authentication Manager 8.0 / 8.1 Unvalidated Redirect Risk: Low Text:ESA-2014-173: RSA Authentication Manager Unvalidated Redirect Vulnerability EMC Identifier: ESA-2014-173 CVE Identifier:... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120080 *** RSA Archer GRC Platform 5.x Cross Site Scripting *** --------------------------------------------- Topic: RSA Archer GRC Platform 5.x Cross Site Scripting Risk: Low Text:ESA-2014-163: RSA Archer GRC Platform Multiple Vulnerabilities EMC Identifier: ESA-2014-163 CVE Identifier: See b... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120079 *** EMC Isilon InsightIQ Cross Site Scripting *** --------------------------------------------- Topic: EMC Isilon InsightIQ Cross Site Scripting Risk: Low Text:ESA-2014-164: EMC Isilon InsightIQ Cross-Site Scripting Vulnerability EMC Identifier: ESA-2014-164 CVE Identifier: CVE-... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120078 *** Cisco Prime Security Manager Cross-Site Scripting Vulnerability *** --------------------------------------------- CVE-2014-3364 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass *** --------------------------------------------- Topic: Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Risk: Medium Text:Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit Vendor: Soitec Product web page: http://ww... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120086 *** Multiple vulnerabilities in InfiniteWP Admin Panel *** --------------------------------------------- InfiniteWP (http://www.infinitewp.com/) allows an administrator to manage multiple Wordpress sites from one control panel. According to the InfiniteWP homepage, it is used on over 317,000 Wordpress sites. The InfiniteWP Admin Panel contains a number of vulnerabilities that can be exploited by an unauthenticated remote attacker. These vulnerabilities allow taking over managed Wordpress sites by leaking secret InfiniteWP client keys, allow SQL injection, allow cracking of InfiniteWP admin --------------------------------------------- http://seclists.org/fulldisclosure/2014/Dec/43 *** Bugtraq: Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01] *** --------------------------------------------- http://www.securityfocus.com/archive/1/534241 *** [dos] - phpMyAdmin 4.0.x, 4.1.x, 4.2.x - DoS *** --------------------------------------------- http://www.exploit-db.com/exploits/35539 *** Multiple vulnerabilities in BibTex Publications (si_bibtex) *** --------------------------------------------- It has been discovered that the extension "BibTex Publications" (si_bibtex) is susceptible to Cross-Site Scripting and SQL Injection. --------------------------------------------- http://www.typo3.org/news/article/multiple-vulnerabilities-in-bibtex-public… *** Multiple vulnerabilities in Drag Drop Mass Upload (ameos_dragndropupload) *** --------------------------------------------- It has been discovered that the extension "Drag Drop Mass Upload" (ameos_dragndropupload) is susceptible to Cross-Site Scripting, Cross-Site Request Forgery and Improper Access Control. --------------------------------------------- http://www.typo3.org/news/article/improper-access-control-in-drag-drop-mass… *** Security Advisory-SSLv3 POODLE Vulnerability in Huawei Products *** --------------------------------------------- Dec 15, 2014 18:30 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** SEO Redirection <= 2.2 - Unauthenticated Stored XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7722 *** Lightbox Photo Gallery 1.0 - CSRF/XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7719 *** WP-FB-AutoConnect <= 4.0.5 - XSS/CSRF *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7721 *** Timed Popup <= 1.3 - CSRF & Stored XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7720 *** Bugtraq: CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional" *** --------------------------------------------- http://www.securityfocus.com/archive/1/534230 *** Bugtraq: CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional" *** --------------------------------------------- http://www.securityfocus.com/archive/1/534229

1 0

Tageszusammenfassung - Freitag 12-12-2014
by Daily end-of-shift report 12 Dec '14

12 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 11-12-2014 18:00 − Freitag 12-12-2014 18:00 Handler: Alexander Riepl Co-Handler: Otmar Lendl *** Archie and Astrum: New Players in the Exploit Kit Market *** --------------------------------------------- Thu, 11 Dec 2014 17:10:55 +0200 --------------------------------------------- https://www.f-secure.com/weblog/archives/00002776.html *** Researcher: Lax Crossdomain Policy Puts Yahoo Mail At Risk *** --------------------------------------------- A security researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that puts email content and contacts at risk. --------------------------------------------- http://threatpost.com/researcher-lax-crossdomain-policy-puts-yahoo-mail-at-… *** DSA-3098 graphviz - security update *** --------------------------------------------- Joshua Rogers discovered a format string vulnerability in the yyerrorfunction in lib/cgraph/scan.l in Graphviz, a rich set of graph drawingtools. An attacker could use this flaw to cause graphviz to crash orpossibly execute arbitrary code. --------------------------------------------- https://www.debian.org/security/2014/dsa-3098 *** ZDI-14-424: Honeywell OPOS Suite HWOPOSScale.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/8tlo_ZfI4BE/ *** ZDI-14-423: Honeywell OPOS Suite HWOPOSSCANNER.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/ZDVuupIJS6Q/ *** ZDI-14-422: ManageEngine NetFlow Analyzer CollectorConfInfoServlet COLLECTOR_ID Directory Traversal Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/sBfZBCsAKl4/ *** ZDI-14-421: ManageEngine Password Manager Pro UploadAccountActivities filename Directory Traversal Denial of Service Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of ManageEngine Password Manager Pro. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/agLsqjzz9u4/ *** ZDI-14-420: ManageEngine Desktop Central MSP NativeAppServlet UDID JSON Object Code Injection Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/YGf1aa88_QM/ *** Targeted Phishing Against GoDaddy Customers *** --------------------------------------------- I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it's missing a name. When you get them from a bank you don't even deal with that's a pretty good clue. However, when the phishing is well doneRead More --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/uan3MNQ2J9g/targeted-phishing… *** Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update B) *** --------------------------------------------- This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02A Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-329-02B *** Wire transfer spam spreads Upatre *** --------------------------------------------- The Microsoft Malware Protection Center (MMPC) is currently monitoring a spam email campaign that is using a wire transfer claim to spread Trojan:Win32/Upatre. It is important to note that customers running up-to-date Microsoft security software are protected from this threat. Additionally, customers with Microsoft Active Protection Service Community (MAPS) enabled also benefit from our cloud protection service. Upatre typically uses spam email campaigns to spread and then downloads other --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-spam-sprea… *** Digitaler Anschlag: Cyber-Attacke soll Ölpipeline zerstört haben *** --------------------------------------------- Ein Cyber-Angriff soll 2008 die Explosion einer Ölpipeline in der Türkei verursacht haben, wie anonyme Quellen berichten. Es gibt dafür aber nur Indizien. (Cyberwar, Virus) --------------------------------------------- http://www.golem.de/news/digitaler-anschlag-cyber-attacke-soll-oelpipeline-… *** Cross-Signed Certificates Crashes Android *** --------------------------------------------- We have discovered a vulnerability in Android that affects how cross-signed certificates are handled. No current Android release correctly handles these certificates, which are created when two certificates are signed with a looped certificate chain (certificate A signs certificate B; certificate B signs certificate A). We've already notified Google about this vulnerability, and there is no fix Post from: Trendlabs Security Intelligence Blog - by Trend MicroCross-Signed --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/K85aQffE_W0/ *** Microsoft: Neues Zertifikats-Update, noch ein zurückgezogener Patch *** --------------------------------------------- Microsoft hat ein neues Zertifikats-Update für Windows 7 und Server 2008 ausgeliefert, das die Update-Probleme beheben soll. In der Zwischenzeit musste allerdings der dritte Patch in wenigen Tagen zurückgezogen werden, da er Silverlight zerschossen hatte. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-Neues-Zertifikats-Update-noc… *** Office für Mac 2011: Microsoft beseitigt kritische Schwachstelle *** --------------------------------------------- Das Update für die OS-X-Version der Büro-Suite soll eine Sicherheitslücke in Word beseitigen, die das Einschleusen und Ausführen von Schadcode erlaubt. Auch ein kleineres Problem wird behoben. --------------------------------------------- http://www.heise.de/security/meldung/Office-fuer-Mac-2011-Microsoft-beseiti… *** Microsoft pulls Patch Tuesday fix - "Outlook can't connect to Exchange" *** --------------------------------------------- Part of Patch Tuesday is now only partly available as Microsoft recalls its already-delayed Exchange 2010 update. Paul Ducklin takes a look... --------------------------------------------- http://feedproxy.google.com/~r/nakedsecurity/~3/pyrMdTGYdYo/ *** DFN-CERT-2014-1647/">MantisBT: Mehrere Schwachstellen ermöglichen das Ausführen beliebigen Programmcodes *** --------------------------------------------- 12.12.2014 --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2014-1647/ *** OphionLocker: Joining in the Ransomware Race *** --------------------------------------------- Fri, 12 Dec 2014 16:32:35 +0200 --------------------------------------------- https://www.f-secure.com/weblog/archives/00002777.html *** SSL-Lücke: Der POODLE beißt Windows Phone 7 *** --------------------------------------------- Windows Phone 7 kann Mails nur mit dem uralten SSL-Protokoll Version 3 abholen. Das wird aber von vielen Mailservern wegen der POODLE-Lücke nicht mehr angeboten. Auf Abhilfe können Nutzer wohl nicht hoffen. (Windows Phone, E-Mail) --------------------------------------------- http://www.golem.de/news/ssl-luecke-der-poodle-beisst-windows-phone-7-1412-…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily December 2014