Daily December 2014

daily@lists.cert.at

1 participants
18 discussions

Tageszusammenfassung - Donnerstag 11-12-2014
by Daily end-of-shift report 11 Dec '14

11 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 10-12-2014 18:00 − Donnerstag 11-12-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Critical vulnerability affecting HD FLV Player *** --------------------------------------------- We've been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla!, WordPress and custom websites. It was silently patched on Joomla! and WordPress, leaving the custom website version vulnerable. Furthermore, websites .. --------------------------------------------- http://blog.sucuri.net/2014/12/critical-vulnerability-in-joomla-hd-flv-play… *** Underground black market: Thriving trade in stolen data, malware, and attack services *** --------------------------------------------- The underground market is still booming after recent major data breaches. The price of stolen email accounts has dropped substantially, but the value of .. --------------------------------------------- http://www.symantec.com/connect/blogs/underground-black-market-thriving-tra… *** Odd new ssh scanning, possibly for D-Link devices, (Wed, Dec 10th) *** --------------------------------------------- I noticed it in my own logs overnight and also had a couple of readers (both named Paul) report some odd new ssh scanning overnight. The scanning involves many sites, likely a botnet, attempting to ssh in as 3 users, D-Link, admin, .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19055 *** Microsoft Enables Removal of SSL 3.0 Fallback In IE *** --------------------------------------------- Microsoft has given Windows admins the option to remove the SSL 3.0 fallback from Internet Explorer. By disabling SSL 3.0, IE is no longer vulnerable to POODLE attacks. --------------------------------------------- http://threatpost.com/microsoft-enables-removal-of-ssl-3-0-fallback-in-ie/1… *** FreeBSD Buffer Overflow in libc stdio Lets Local Users Deny Service or Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1031343 *** FreeBSD file(1) and libmagic(3) File Processing Flaws Let Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031344 *** WordPress Uninstall <= 1.1 - WordPress Deletion via CSRF *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7715 *** Mysterious Turla Linux backdoor also for Solaris? *** --------------------------------------------- There has been numerous reports about the mysterious Linux backdoor connected to Turla, an APT family. The malware has some pretty interesting features, the most interesting being its ability to sniff the network interface. More specifically, it .. --------------------------------------------- https://www.f-secure.com/weblog/archives/00002775.html *** Regin *** --------------------------------------------- Wir haben in der Woche ab dem 24. November 2014 zum Thema Regin regelmässige Status-Updates an die GovCERT Constituency (in unserer Rolle als GovCERT Austria), die potentiell betroffenen Sektoren (im Rahmen des ATC) und den CERT-Verbund verschickt.Dieser Blogpost stellt unsere Timeline .. --------------------------------------------- http://www.cert.at/services/blog/20141211105745-1339.html *** Patch-Debakel: Microsoft zieht erneut Update zurück *** --------------------------------------------- Nach einem fehlerhaften Rollup-Update für Exchange musste Microsoft nun auch einen Patch für die Root-Zertifikate in Windows zurückziehen. Probleme mit Updates und Patches hatte Microsoft in letzter Zeit des öfteren. --------------------------------------------- http://www.heise.de/security/meldung/Patch-Debakel-Microsoft-zieht-erneut-U… *** Cyber-Spionage: Auf Roter Oktober folgt Cloud Atlas *** --------------------------------------------- Eine neue Angriffswelle mit gezielten Attacken droht: Cloud Atlas soll die nächste digitale Spionagekampagne sein. Die Malware sei eine aktualisierte Variante von Roter Oktober, sagen IT-Sicherheitsexperten. --------------------------------------------- http://www.golem.de/news/cyber-spionage-auf-roter-oktober-folgt-cloud-atlas…

1 0

Tageszusammenfassung - Mittwoch 10-12-2014
by Daily end-of-shift report 10 Dec '14

10 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 09-12-2014 18:00 − Mittwoch 10-12-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Adobe Security Bulletins Posted *** --------------------------------------------- http://blogs.adobe.com/psirt/?p=1149 *** VMSA-2014-0013 *** --------------------------------------------- VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability. VMware vCloud Automation Center has a remote privilege escalation vulnerability. This issue may allow an authenticated vCAC user to obtain administrative access to vCenter Server. --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0013.html *** MS14-DEC - Microsoft Security Bulletin Summary for December 2014 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-DEC *** Multiple vulnerabilities in SAP SQL Anywhere *** --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-415/ http://www.zerodayinitiative.com/advisories/ZDI-14-414/ http://www.zerodayinitiative.com/advisories/ZDI-14-413/ http://www.zerodayinitiative.com/advisories/ZDI-14-412/ *** ZDI-14-411: Lexmark MarkVision Enterprise ReportDownloadServlet Information Disclosure Vulnerability *** --------------------------------------------- The specific flaw exists within the ReportDownloadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. An attacker can leverage this vulnerability to read files under the context of SYSTEM. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-411/ *** ZDI-14-410: Lexmark MarkVision Enterprise GfdFileUploadServlet Remote Code Execution Vulnerability *** --------------------------------------------- The specific flaw exists within the GfdFileUploadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. An attacker can leverage this vulnerability to write files under the context of SYSTEM and achieve remote code execution. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-410/ *** X Multiple Memory Corruption Flaws Let Remote Users Deny Service and Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1031326 *** Yokogawa FAST/TOOLS XML External Entity *** --------------------------------------------- This advisory provides mitigation details for an XML external entity processing vulnerability in the Yokogawa FAST/TOOLS application. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-343-01 *** Trihedral VTScada Integer Overflow Vulnerability *** --------------------------------------------- This advisory provides mitigation details for an integer overflow vulnerability in Trihedral Engineering Ltd's VTScada application. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02 *** .Bank hires Symantec to check credentials *** --------------------------------------------- Soon you might be able to trust that financial email The launch of new .bank domain names is one step closer with the announcement that Symantec has been chosen to act as the credentials verifier for the top-level domain .. --------------------------------------------- http://www.theregister.co.uk/2014/12/10/bank_hires_symantec_to_check_creden… *** Nach Hack: Sony-Sicherheitszertifikat zur Malware-Tarnung genutzt *** --------------------------------------------- Es ist wohl der verheerendste Angriff auf die IT-Sicherheit eines Unternehmens, den es je gegeben hat. Seit Tagen tauchen immer neue interne Informationen aus dem Netzwerk von Sony Pictures auf. Neben bislang .. --------------------------------------------- http://derstandard.at/2000009194439 *** Cloud Atlas: RedOctober APT is back in style *** --------------------------------------------- Two years ago, we published our research into RedOctober, a complex cyber-espionage operation targeting diplomatic embassies worldwide. We named it RedOctober because we started this investigation in October 2012, an unusually hot month. --------------------------------------------- http://securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-bac… *** DFN-CERT-2014-1622: Red Hat Package Manager (RPM): Zwei Schwachstellen ermöglichen die Ausführung beliebiger Befehle *** --------------------------------------------- Zwei Schwachstellen im Red Hat Package Manager (RPM) ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebiger Befehle während der Paketinstallation und damit die Übernahme des Systems. Die Schwachstelle .. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2014-1622/ *** F5 BIG-IP SSLv3 Decoding Function Lets Remote Users Decrypt TLS Traffic *** --------------------------------------------- A vulnerability was reported in F5 BIG-IP. A remote user can decrypt TLS sessions in certain cases. The system may accept incorrect TLS padding when terminating TLSv1 CBC connections. A remote user can with the ability to conduct a man-in-the-middle attack can force a client to use a vulnerable SSLv3 decoding function with TLS and then conduct a BEAST-style of attack to decrypt portions of the session. --------------------------------------------- http://www.securitytracker.com/id/1031338 *** Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS *** --------------------------------------------- An attacker could forge a request, which modifies anchor only links on the homepage of a TYPO3 installation in a way that they point to arbitrary domains, if the .. --------------------------------------------- http://www.typo3.org/news/article/link-spoofing-and-cache-poisoning-vulnera… *** Störungen bei 1&1-Webhosting wegen DDos-Attacke *** --------------------------------------------- Weil das DNS-System von 1&1 angegriffen wird, sind sowohl Webhosting als auch Mail von 1&1 zeitweise nicht über Domains erreichbar. --------------------------------------------- http://www.heise.de/security/meldung/Stoerungen-bei-1-1-Webhosting-wegen-DD… *** Sony Pictures wurde vor Angriff auf IT-Infrastruktur angeblich erpresst *** --------------------------------------------- Die Umstände des Hacker-Angriffs auf Sony Pictures werden immer verwirrender. Eine Geldforderung legt einen kriminellen Hintergrund nahe. Zugleich fordern die Hacker aber angeblich auch, die Nordkorea-Komödie "The Interview" zu stoppen. --------------------------------------------- http://www.heise.de/security/meldung/Sony-Pictures-wurde-vor-Angriff-auf-IT… *** X.ORG: Wieder Jahrzente alte Lücken im X-Server *** --------------------------------------------- Der X-Server ist von 13 Sicherheitslücken betroffen, die sich auf verschiedene Implementierungen auswirken können. Die älteste reicht fast 30 Jahre in die erste Version von X11 zurück. Andeutungen auf die Fehler gab es bereits auf dem 30C3 vor einem Jahr. --------------------------------------------- http://www.golem.de/news/x-org-wieder-jahrzente-alte-luecken-im-x-server-14…

1 0

Tageszusammenfassung - Dienstag 9-12-2014
by Daily end-of-shift report 09 Dec '14

09 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-12-2014 18:00 − Dienstag 09-12-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Advance Notification Service for the December 2014 Security Bulletin Release *** --------------------------------------------- Today, we provide advance notification for the release of seven Security Bulletins. Three of these updates are rated Critical and four are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer (IE), Office and Exchange. As per our monthly process, we've scheduled the Security Bulletin release for the second Tuesday of the month, December 9, 2014, at approximately 10 a.m. PDT. Until then, please review the ANS summary page for more information to help... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2014/12/04/advance-notification-ser… *** Leveraging the WordPress Platform for SPAM *** --------------------------------------------- We've all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comments, comment spam isn't a major problem for most websites these days. I have seen however, a new trend starting to emerge when it comes to spam involving WordPress. In recent years... --------------------------------------------- http://blog.sucuri.net/2014/12/leveraging-the-wordpress-platform-for-spam.h… *** SSLv3: Kaspersky-Software hebelt Schutz vor Poodle-Lücke aus *** --------------------------------------------- Das Paket Kaspersky Internet Security kann auch bei Browsern, die unsichere Verbindungen per SSLv3 nicht unterstützen, das veraltete Protokoll dennoch aktivieren. Patchen will das der Hersteller erst 2015, es gibt aber schon jetzt eine einfache Lösung. --------------------------------------------- http://www.golem.de/news/sslv3-kaspersky-software-hebelt-schutz-vor-poodle-… *** Sicherheitslücken: Java-Sandbox-Ausbrüche in Googles App Engine *** --------------------------------------------- Ein Forscherteam hat diverse Möglichkeiten und Lücken gefunden, aus der Java-Sandbox von Googles App Engine auszubrechen. Dadurch seien sogar beliebige Systemaufrufe im darunter liegenden Betriebssystem möglich. --------------------------------------------- http://www.golem.de/news/sicherheitsluecken-java-sandbox-ausbrueche-in-goog… *** DNS-Server BIND, PowerDNS und Unbound droht Endlosschleife *** --------------------------------------------- Eine Sicherheitslücke in den drei DNS-Servern kann dazu ausgenutzt werden, die Software lahmzulegen. Dazu muss ein Angreifer allerdings die Zonen manipulieren oder einen bösartigen DNS-Resolver einschleusen. --------------------------------------------- http://www.heise.de/security/meldung/DNS-Server-BIND-PowerDNS-und-Unbound-d… *** The Penquin Turla - A Turla/Snake/Uroburos Malware for Linux *** --------------------------------------------- So far, every single Turla sample weve encountered was designed for the Microsoft Windows family, 32 and 64 bit operating systems. The newly discovered Turla sample is unusual in the fact that its the first Turla sample targeting the Linux operating system that we have discovered. --------------------------------------------- https://securelist.com/blog/research/67962/the-penquin-turla-2/ *** Setting Up Your Gadgets Securely *** --------------------------------------------- I'm sure that many of us will take home brand new iPhones and Android devices and set it up just the way we want our personal devices to be. We should take a minute to remember, however, that because these devices are so personal to us, the damage a hacked smartphone can do to is significant. Imagine what would happen if a hacker stole your personal data. We don't have to imagine, however, as this has happened to many users in 2014. At the very least, this is embarrassing to the user... --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/setting-up-your-… *** Social Engineering improvements keep Rogues/FakeAV a viable scam *** --------------------------------------------- The threat landscape has been accustomed to rogues for a while now. They've been rampant for the past few years and there likely isn't any end in sight to this scam. These aren't complex pieces of malware by any means and typically don't fool the average experienced user, but that's because they're aimed at the inexperienced user. We're going to take a look at some of the improvements seen recently in the latest round of FakeAVs that lead to their success. --------------------------------------------- http://www.webroot.com/blog/2014/12/05/social-engineering-improvements-keep… *** MediaWiki unspecified cross-site request forgery *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99151 *** MediaWiki unspecified code execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99152 *** [Xen-announce] Xen Security Advisory 114 (CVE-2014-9065, CVE-2014-9066) - p2m lock starvation *** --------------------------------------------- http://lists.xen.org/archives/html/xen-announce/2014-12/msg00001.html *** [TYPO3-announce] Announcing TYPO3 CMS 6.2.8 LTS *** --------------------------------------------- The TYPO3 Community has just released TYPO3 CMS version 6.2.8 LTS, which is now ready for you to download. This version is maintenance releases and contains bug fixes. The packages can be downloaded here: http://typo3.org/download/ --------------------------------------------- http://typo3.org/news/article/typo3-cms-628-released/ *** Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin) *** --------------------------------------------- It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting, Denial of Service and Local File Inclusion. --------------------------------------------- http://www.typo3.org/news/article/multiple-vulnerabilities-in-extension-php…

1 0

Tageszusammenfassung - Freitag 5-12-2014
by Daily end-of-shift report 05 Dec '14

05 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-12-2014 18:00 − Freitag 05-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** MS14-DEC - Microsoft Security Bulletin Advance Notification for December 2014 - Version: 1.0 *** --------------------------------------------- This is an advance notification of security bulletins that Microsoft is intending to release on December 9, 2014. This bulletin advance notification will be replaced with the December bulletin summary on December 9, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-DEC *** Missing Exchange Patch Expected Among December Patch Tuesday Bulletins *** --------------------------------------------- Microsofts December 2014 advanced Patch Tuesday notification includes three critical bulletins and a missing Exchange patch originally scheduled for November. --------------------------------------------- http://threatpost.com/missing-exchange-patch-expected-among-december-patch-… *** Details Emerge on Sony Wiper Malware Destover *** --------------------------------------------- Kaspersky Lab has published an analysis of Destover, the wiper malware used in the attacks against Sony Pictures Entertainment, and its similarities to Shamoon and DarkSeoul. --------------------------------------------- http://threatpost.com/details-emerge-on-sony-wiper-malware-destover/109727 *** Upcoming Security Updates for Adobe Reader and Acrobat (APSB14-28) *** --------------------------------------------- December 4, 2014 --------------------------------------------- http://blogs.adobe.com/psirt/?p=1147 *** Upcoming Adobe Reader, Acrobat Update to Patch Sandbox Escape *** --------------------------------------------- Adobe announced security updates for Reader and Acrobat that likely include patches for a sandbox escape vulnerability. Googles Project Zero released details and exploit code earlier this week. --------------------------------------------- http://threatpost.com/upcoming-adobe-reader-acrobat-update-to-patch-sandbox… *** Weekly Metasploit Wrapup: On Unicorns and Wizards *** --------------------------------------------- This week, we shipped a brand new exploit for the "unicorn" bug in Microsoft Internet Explorer, CVE-2014-6332, not-so-prosaically entitled, Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution. This is a big deal client-side vulnerability for the usual reason that Internet Explorer 11 accounts for about a quarter of browser traffic today; nearly always, remote code execution bugs in latest IE are usually particularly dangerous to leave unpatched in your environment. The buzz around this bug, though, is that it's been exploitable... --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/12/04/weekly-me… *** Schwachstelle: Yosemite schreibt Firefox-Eingaben mit *** --------------------------------------------- Unter Mac OS X 10.10 werden sämtliche Eingaben im Browser Firefox protokolliert. Mozilla spricht von einer schweren Schwachstelle, die in der aktuellen Version des Browsers geschlossen ist. Die Protokolldateien sind allgemein zugänglich und sollten gelöscht werden. --------------------------------------------- http://www.golem.de/news/schwachstelle-yosemite-schreibt-firefox-eingaben-m… *** Demo-Exploit für kritische Kerberos-Lücke in Windows Server *** --------------------------------------------- Höchste Zeit zu patchen: Mit dem Python Kerberos Exploitation Kit können sich Angreifer sonst zum Enterprise-Admin machen. --------------------------------------------- http://www.heise.de/security/meldung/Demo-Exploit-fuer-kritische-Kerberos-L… *** ZDI-14-403: (0Day) Microsoft Internet Explorer display:run-in Use-After-Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-403/ *** ZDI: (0Day) 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 multiple Vulnerabilities *** --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-393 http://www.zerodayinitiative.com/advisories/ZDI-14-394 http://www.zerodayinitiative.com/advisories/ZDI-14-395 http://www.zerodayinitiative.com/advisories/ZDI-14-396 http://www.zerodayinitiative.com/advisories/ZDI-14-397 *** DSA-3090 iceweasel - security update *** --------------------------------------------- Multiple security issues have been found in Iceweasel, Debians versionof the Mozilla Firefox web browser: Multiple memory safety errors, bufferoverflows, use-after-frees and other implementation errors may lead tothe execution of arbitrary code, the bypass of security restrictions ordenial of service. --------------------------------------------- https://www.debian.org/security/2014/dsa-3090 *** Security Advisory: libxml2 vulnerability CVE-2014-3660 *** --------------------------------------------- (SOL15872) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15872.htm… *** Novell Patches and Security Updates *** --------------------------------------------- https://download.novell.com/Download?buildid=gV_oiDtqRV0~ https://download.novell.com/Download?buildid=vPrLP1Ai9zY~ https://download.novell.com/Download?buildid=GuVaYIx6DDo~ https://download.novell.com/Download?buildid=lHQCbRDbSMI~ https://download.novell.com/Download?buildid=Tlic28DXD3o~ https://download.novell.com/Download?buildid=zhVqTr2nsdg~ *** MediaWiki Bugs Permit Cross-Site Request Forgery and API Code Injection Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1031301 *** Security Advisories for VMware vSphere *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0012.html http://www.vmware.com/security/advisories/VMSA-2014-0008.html http://www.vmware.com/security/advisories/VMSA-2014-0002.html *** HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Insight Remote Support Clients running SSLv3 which may impact WBEM, WS-MAN and WMI connections from monitored devices to a HP Insight Remote Support Central Management Server (CMS). --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… Next End-of-Shift report on 2014-12-09

1 0

Tageszusammenfassung - Donnerstag 4-12-2014
by Daily end-of-shift report 04 Dec '14

04 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-12-2014 18:00 − Donnerstag 04-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** An Analysis of the "Destructive" Malware Behind FBI Warnings *** --------------------------------------------- TrendLabs engineers were recently able to obtain a malware sample of the "destructive malware" described in reports about the Federal Bureau of Investigation (FBI) warning to U.S. businesses last December 2. According to Reuters, the FBI issued a warning to businesses to remain vigilant against this new "destructive" malware in the wake of the recent Sony Pictures... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ZsHCPcPYoQk/ *** Sony Got Hacked Hard: What We Know and Don't Know So Far *** --------------------------------------------- A week into the Sony hack, however, there is a lot of rampant speculation but few solid facts. Here's a look at what we do and don't know about what's turning out to be the biggest hack of the year. --------------------------------------------- http://feeds.wired.com/c/35185/f/661467/s/41179d61/sc/28/l/0L0Swired0N0C20A… *** Automating Incident data collection with Python, (Thu, Dec 4th) *** --------------------------------------------- One of my favorite Python modules isImpacketby the guys at Core Labs. Among other things it allows me to create Python scripts that can speak to Windows computers over SMB. I can use it to map network drives, kill processes on a remote machine and much more. During an incident having the ability to reach out to allthe machines in your environment to list or kill processes is very useful. Python andImpacketmake this very easy. Check it out. After installing Impacketall of the awesome modules are... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19025&rss *** Escaping the Internet Explorer Sandbox: Analyzing CVE-2014-6349 *** --------------------------------------------- Applications that have been frequently targeted by exploits frequently add sandboxes to their features in order to harden their defenses against these attacks. To carry out a successful exploit, an attacker will have to breach these sandboxes to run malicious code. As a result, researchers will pay particular attention to exploits that are able to... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OnnBY6zHrlw/ *** Android Hacking and Security, Part 15: Hacking Android Apps Using Backup Techniques *** --------------------------------------------- In the previous article, we had an introduction on how to analyze Android application specific data using Android backup techniques. This article builds on the previous article. We are going to see how local data storage or basic checks that are performed on a local device can be exploited on... --------------------------------------------- http://resources.infosecinstitute.com/android-hacking-security-part-15-hack… *** WebSocket Security Issues *** --------------------------------------------- Overview In this article, we will dive into the concept of WebSocket introduced in HTML 5, security issues around the WebSocket model, and the best practices that should be adopted to address security issues around WebSocket. Before going straight to security, let's refresh our concepts on WebSocket. Why Websocket and... --------------------------------------------- http://resources.infosecinstitute.com/websocket-security-issues/ *** Avoiding Mod Security False Positives with White-listing *** --------------------------------------------- We have already discussed in my previous articles how to configure Mod Security Firewall with OWASP rules and also analysed the different types of logs which Mod Security generates. While analysing the logs, we have seen that the OWASP rules generate a lot of false positive results, as these rules [...]The post Avoiding Mod Security False Positives with White-listing appeared first on InfoSec Institute. --------------------------------------------- http://resources.infosecinstitute.com/avoiding-mod-security-false-positives… *** Apple veröffentlicht Updates für Safari-Browser - und zieht sie wieder zurück *** --------------------------------------------- Laut Apple soll Safari 8.0.1 unter anderem Fehler im Zusammenhang mit iCloud-Diensten beheben. Gleichzeitig wurden Safari 6.2.1 und 7.1.1 für ältere OS-X-Versionen veröffentlicht. Apple hat die Updates allerdings kommentarlos offline genommen. --------------------------------------------- http://www.heise.de/security/meldung/Apple-veroeffentlicht-Updates-fuer-Saf… *** Quantum Attack on Public-Key Algorithm *** --------------------------------------------- This talk (and paper) describe a lattice-based public-key algorithm called Soliloquy developed by GCHQ, and a quantum-computer attack on it. News article.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/12/quantum_attack_.html *** The TYPO3 community publishes TYPO3 CMS 7.0 *** --------------------------------------------- Following our new release cycle, TYPO3 CMS 7.0 is the first sprint release on our way towards the final 7 LTS which will be released in fall 2015. 7.0 will not receive regular bugfix releases, an upgrade to 7.1 should be installed after its release in around 8 weeks instead - see our roadmap for more details. --------------------------------------------- https://typo3.org/news/article/the-typo3-community-publishes-typo3-cms-70-a… *** Cisco Unified Computing System (UCS) Manager Information Disclosure Vulnerability *** --------------------------------------------- CVE-2014-8009 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** SA-CONTRIB-2014-117 - Hierarchical Select - Cross Site Scripting (XSS) *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-117Project: Hierarchical Select (third-party module)Version: 6.xDate: 2014-December-03Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:All/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingDescriptionThe Hierarchical Select module provides a "hierarchical_select" form element, which is a greatly enhanced way for letting the user select items in a taxonomy. The module does not sanitize some of the user-supplied data... --------------------------------------------- https://www.drupal.org/node/2386615 *** SA-CONTRIB-2014-116 -Webform Invitation - Cross Site Scripting *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-116Project: Webform Invitation (third-party module)Version: 7.xDate: 2014-December-03Security risk: 8/25 ( Less Critical) AC:Basic/A:User/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionThis module enables you to create custom invitation codes for Webforms.The module failed to sanitize node titles.This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Webform: Create new... --------------------------------------------- https://www.drupal.org/node/2386387 *** Security Advisory - High Severity - WordPress Download Manager *** --------------------------------------------- Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote File Inclusion Risk Version: Read More --------------------------------------------- http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-do… *** Security Advisory-DLL Hijacking Vulnerability on Huawei USB Modem products *** --------------------------------------------- Dec 04, 2014 18:26 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** DSA-3086 tcpdump - security update *** --------------------------------------------- Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service, leaking sensitive information from memory or, potentially, execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2014/dsa-3086 *** DSA-3089 jasper - security update *** --------------------------------------------- Josh Duart of the Google Security Team discovered heap-based bufferoverflow flaws in JasPer, a library for manipulating JPEG-2000 files,which could lead to denial of service (application crash) or theexecution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2014/dsa-3089 *** DSA-3088 qemu-kvm - security update *** --------------------------------------------- Paolo Bonzini of Red Hat discovered that the blit region checks wereinsufficient in the Cirrus VGA emulator in qemu-kvm, a fullvirtualization solution on x86 hardware. A privileged guest user coulduse this flaw to write into qemu address space on the host, potentiallyescalating their privileges to those of the qemu host process. --------------------------------------------- https://www.debian.org/security/2014/dsa-3088 *** DSA-3087 qemu - security update *** --------------------------------------------- Paolo Bonzini of Red Hat discovered that the blit region checks wereinsufficient in the Cirrus VGA emulator in qemu, a fast processoremulator. A privileged guest user could use this flaw to write into qemuaddress space on the host, potentially escalating their privileges tothose of the qemu host process. --------------------------------------------- https://www.debian.org/security/2014/dsa-3087 *** GNU cpio Heap Overflow in process_copy_in() Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031285

1 0

Tageszusammenfassung - Mittwoch 3-12-2014
by Daily end-of-shift report 03 Dec '14

03 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-12-2014 18:00 − Mittwoch 03-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Shodan Add-on for Firefox *** --------------------------------------------- It's now possible to see what information Shodan has available on a server from within Firefox thanks to the new Shodan add-on created by @PaulWebSec and @romainletendart! It's a minimalistic yet powerful add-on to see what the website you're visiting is exposing to the Internet. And the add-on will also tell you other information about the IP,... --------------------------------------------- http://shodanio.wordpress.com/2014/12/02/shodan-add-on-for-firefox/ *** Böse Schlüssel werden zum Problem für GnuPG *** --------------------------------------------- Ein Forscherteam hat demonstriert, wie einfach sich die IDs zu GnuPG-Schlüsseln fälschen lassen und kurzerhand böse Duplikate des kompletten Strong-Sets erzeugt. Das umfasst rund 50.000 besonders eng vernetzte und vertrauenswürdige Schlüssel. --------------------------------------------- http://www.heise.de/security/meldung/Boese-Schluessel-werden-zum-Problem-fu… *** IBM Fixes Serious Code Execution Bug in Endpoint Manager Product *** --------------------------------------------- IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered it said the bug could be used to compromise not... --------------------------------------------- http://threatpost.com/ibm-fixes-serious-code-execution-bug-in-endpoint-mana… *** An interesting case of the CVE-2014-8439 exploit *** --------------------------------------------- We have recently seen an exploit targeting the Adobe Flash Player vulnerability CVE-2014-8439 (we detect it as Exploit:SWF/Axpergle). This exploit is being integrated into multiple exploit kits, including the Nuclear exploit kit (Exploit:JS/Neclu) and the Angler exploit kit (Exploit:JS/Axpergle). Adobe released a patch in November to address this exploit (APSB14-26). Coincidentally, our investigation shows that Adobe released a patch to address a different exploit and that patch appears to... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/12/02/an-interesting-case-of-t… *** Keeping Your Website Safe From WordPress's XSS Vulnerability *** --------------------------------------------- Last month, a Finnish IT company by the name of Klikki Oy identified a critical vulnerability in WordPress - one which has been present in the platform for approximately four years. It allows attackers to enter comments which include malicious JavaScript. Once the script in these comments is executed, the attacker could then do anything from infecting the PCs of visitors to completely hijacking the website; locking the original administrator out of their account. --------------------------------------------- http://www.ahosting.net/blog/keeping-your-website-safe-from-wordpresss-xss-… *** A Physical Security Policy Can Save Your Company Thousands of Dollars *** --------------------------------------------- Investments in cybersecurity and physical security are proportionally connected to your organization's improved financial picture for a long-term perspective. Our digital lives are getting smaller as technology simplifies our communications, but cyber attacks are also prevalent. While the Internet radically changes the way organizations operate globally, from handling sensitive data to offshore outsourcing of IT architecture, the payoffs of security are significant and can't be... --------------------------------------------- http://resources.infosecinstitute.com/physical-security-policy-can-save-com… *** Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment *** --------------------------------------------- The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test. --------------------------------------------- http://hack-tools.blackploit.com/2014/12/samurai-web-testing-framework-30-l… *** New LusyPOS malware is a cross between Dexter and Chewbacca *** --------------------------------------------- A new piece of Point-of-Sale RAM scraping malware has been submitted to VirusTotal and analyzed by researchers, who found that its a cross between two older and different POS malware families and is offered for sale on underground markets for $2,000. --------------------------------------------- http://www.net-security.org/malware_news.php?id=2926 *** The Future of Auditory Surveillance *** --------------------------------------------- Interesting essay on the future of speech recognition, microphone miniaturization, and the future ubiquity of auditory surveillance.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/12/the_future_of_a.html *** DSA-3084 openvpn *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3084 *** Bugtraq: ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/534135 *** Bugtraq: ESA-2014-160: RSA Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/534136 *** F5 Security Advisories *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/100/sol15147.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/100/sol15158.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/300/sol15329.htm… *** Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-14-329-02 Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published November 25, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for two vulnerabilities within products utilizing the Siemens WinCC application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-14-329-02A *** Elipse SCADA DNP3 Denial of Service *** --------------------------------------------- Independent researchers Adam Crain and Chris Sistrunk have identified a DNP3 denial of service vulnerability in the Elipse SCADA application. Elipse has produced a new version of the DNP3 driver that mitigates this vulnerability. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-14-303-02 *** Emerson ROC800 Multiple Vulnerabilities (Update A) *** --------------------------------------------- This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson Process Management's ROC800 remote terminal units (RTUs) products (ROC800, ROC800L, and DL8000). --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A *** Yokogawa CENTUM and Exaopc Vulnerability (Update A) *** --------------------------------------------- Tod Beardsley of Rapid7 Inc. and Jim Denaro of CipherLaw have identified an authentication vulnerability and released proof-of-concept (exploit) code for the Yokogawa CENTUM CS 3000 series and Exaopc products. JPCERT and Yokogawa have mitigated this vulnerability. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A *** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_powerkvm_2_issues… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Dienstag 2-12-2014
by Daily end-of-shift report 02 Dec '14

02 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 01-12-2014 18:00 − Dienstag 02-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Researcher Releases Database of Known-Good ICS and SCADA Files *** --------------------------------------------- A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones. The database, known as WhiteScope, comprises nearly 350,000 files, including executables and DLLs,... --------------------------------------------- http://threatpost.com/researcher-releases-database-of-known-good-ics-and-sc… *** CVE-2014-1824 - A New Windows Fuzzing Target *** --------------------------------------------- As time progresses, due to constant fuzzing and auditing many common Microsoft products are becoming reasonably hard targets to fuzz and find interesting crashes. There are two solutions to this: write a better fuzzer (http://lcamtuf.coredump.cx/afl/) or pick a less audited target. In a search for less audited attack surface, we are brought to MS14-038, Vulnerability... --------------------------------------------- http://blog.beyondtrust.com/cve-2014-1824-searching-for-windows-attack-surf… *** Kritische Lücke legt OpenVPN-Server lahm *** --------------------------------------------- Wer einen OpenVPN-Server betreibt, sollte diesen umgehend auf den aktuellen Stand bringen. Durch eine Schwachstelle können Angreifer dessen Erreichbarkeit erheblich beeinträchtigen. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Luecke-legt-OpenVPN-Server-l… *** Operation DeathClick *** --------------------------------------------- The era of spear phishing and the waterhole attack, which uses social engineering, has come to an end. Hackers are now moving their tricky brains towards targeted Malvertising - a type of attack that uses online advertising to spread malware. A recent campaign termed "Operation death click" displays a new form of cyber-attack focused on specific targets. The attack is also defined as micro targeted malvertising. In this newly targeted variation of malvertising, the hackers are --------------------------------------------- http://resources.infosecinstitute.com/operation-deathclick/ *** 3Q 2014 Security Roundup: Vulnerabilities Under Attack *** --------------------------------------------- Our report on the threats seen in 3Q 2014 shows us that once again, software vulnerabilities are the most favored cybercriminal targets. Following the second quarter's infamous Heartbleed vulnerability came another serious vulnerability in open-source software: Shellshock. Having gone unnoticed for years, the Shellshock incident suggests that there might be more vulnerabilities in Bash or in... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4qiLKTUdqhM/ *** Betrügerische E-Mails im Namen des Finanzministeriums in Umlauf *** --------------------------------------------- Täuschend echte Phishing-Masken in Design von FinanzOnline --------------------------------------------- http://derstandard.at/2000008913504 *** JSA10607 - 2014-01 Security Bulletin: Junos: Memory-consumption DoS attack possible when xnm-ssl or xnm-clear-text service enabled (CVE-2014-0613) *** --------------------------------------------- Product Affected: This issue can affect any product or platform running Junos OS. Problem: When xnm-ssl or xnm-clear-text is enabled within the [edit system services] hierarchy level of the Junos configuration, an unauthenticated, remote user could exploit the XNM command processor to consume excessive amounts of memory. This, in turn, could lead to system instability or other performance issues. --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10607 *** Security advisory - High severity - InfiniteWP Client WordPress plugin *** --------------------------------------------- Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation and potential Object Injection vulnerability. Patched Version: 1.3.8 If you're using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of our Website FirewallRead More --------------------------------------------- http://blog.sucuri.net/2014/12/security-advisory-high-severity-infinitewp-c… *** Security Bulletin: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management (CVE-2014-6140) *** --------------------------------------------- A vulnerability exists in IBM Endpoint Manager Mobile Device Management component, where an attacker could misuse cookies to execute arbitrary code. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21691701 *** Security Advisory: PHP vulnerability CVE-2013-2110 *** --------------------------------------------- (SOL15876) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15876.htm… *** Security Advisory: SOAP parser vulnerability CVE-2013-1824 *** --------------------------------------------- (SOL15879) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15879.htm… *** Yokogawa FAST/TOOLS XML information disclosure *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99018 *** EntryPass N5200 Credential Disclosure *** --------------------------------------------- Topic: EntryPass N5200 Credential Disclosure Risk: Low Text:Advisory: EntryPass N5200 Credentials Disclosure EntryPass N5200 Active Network Control Panels allow the unauthenticated do... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120010 *** 1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting *** --------------------------------------------- Topic: 1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting Risk: Low Text: # # # SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security # # # # CVE ID: ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120009 *** Security Advisory-Multiple Vulnerabilities on Huawei P2 product *** --------------------------------------------- Dec 02, 2014 15:22 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…

1 0

Tageszusammenfassung - Montag 1-12-2014
by Daily end-of-shift report 01 Dec '14

01 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 28-11-2014 18:00 − Montag 01-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** [Update] (Keine) Sicherheitsheitslücke in Ciscos H.264-Modul für Firefox *** --------------------------------------------- Cisco hat eine Sicherheitswarnung wegen seines jüngst für Firefox bereitgestellten Video-Codecs herausgegeben. [update]Allerdings soll dies nicht die im aktuellen Webbrowser verwendete Version betreffen.[/update] --------------------------------------------- http://www.heise.de/security/meldung/Update-Keine-Sicherheitsheitsluecke-in… *** EVIL researchers dupe EVERY 32 bit GPG print *** --------------------------------------------- Keys fall in four seconds Researchers have found collision attacks for 32 bit GPG keys leaving the superseded technology well and truly dead. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/12/01/evil_resear… *** Critical denial of service vulnerability in OpenVPN servers *** --------------------------------------------- A critical denial of service security vulnerability affecting OpenVPN servers was recently brought to our attention. A fixed version of OpenVPN (2.3.6) will be released today/tomorrow (1st Dec 2014) at around 18:00 UTC. --------------------------------------------- https://forums.openvpn.net/topic17625.html *** FIN4: Stealing Insider Information for an Advantage in Stock Trading? *** --------------------------------------------- FireEye tracks a threat group that we call “FIN4,” whose intrusions seem to have a different objective: to obtain an edge in stock trading. FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies. The group specifically targets the emails of C-level executives, legal counsel, regulatory, risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information. --------------------------------------------- https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.ht… *** ENISA survey: New Directions in securing personal Data *** --------------------------------------------- Under the growing interest in the areas of personal data protection and cryptography, ENISA has launched a project with the objective to detect the existing technological gaps in the fields. --------------------------------------------- http://www.enisa.europa.eu/media/news-items/enisa-survey-new-directions-in-… *** Flushing out the Crypto Rats - Finding "Bad Encryption" on your Network, (Mon, Dec 1st) *** --------------------------------------------- Just when folks get around to implementing SSL, we need to retire SSL! Not a week goes buy that a client isnt asking me about SSL (or more usually TLS) vulnerabilities or finding issue son their network. In a recent case, my client had just finished a datacenter / PCI audit, and had one of his servers come up as using SSL 2.0, which of course has been deprecated since 1996 - the auditors recommendation was to update to SSL 3.0 (bad recommendation, keep reading on). When he then updated to SSL... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19009&rss *** AGbot DDoS Attacks Internet VNC Servers *** --------------------------------------------- Last week, our FortiGuard Labs Threat Intelligence system was able to capture a DDoS attack targeting internet VNC servers. The attack was raised by a brand new IrcBot, which we are detecting as W32/AGbot.AB!tr. Let's now dig into the details of this attack. --------------------------------------------- http://blog.fortinet.com/post/agbot-ddos-attacks-internet-vnc-servers *** Researchers identify POS malware targeting ticket machines, electronic kiosks *** --------------------------------------------- Electronic kiosks and ticketing systems are being targeted by a new type of point-of-sale (POS) threat known as "d4re|dev1|," which acts as an advanced backdoor with remote administration and has RAM scraping and keylogging features, according to IntelCrawler. --------------------------------------------- http://www.scmagazine.com/researchers-identify-pos-malware-targeting-ticket… *** Early version of new POS malware family spotted *** --------------------------------------------- A security researcher came across what appears to be a new family of point-of-sale malware that few antivirus programs were detecting. Nick Hoffman, a reverse engineer, wrote the Getmypass malware shares traits that are similar to other so-called RAM scrapers, which collect unencrypted payment card data held in a payment system's memory. --------------------------------------------- http://www.cio.com/article/2853274/early-version-of-new-pos-malware-family-… *** Sandbox Escape Bug in Adobe Reader Disclosed *** --------------------------------------------- Details and exploit code for a vulnerability in Adobe Reader have surfaced and the bug can be used to break out of the Reader sandbox and execute arbitrary code. The bug was discovered earlier this year by a member of Google's Project Zero and reported to Adobe, which made a change to Reader that made it... --------------------------------------------- http://threatpost.com/sandbox-escape-bug-in-adobe-reader-disclosed/109637 *** Using Shodan from the Command-Line *** --------------------------------------------- Have you ever needed to write a quick script to download data from Shodan? Or setup a cronjob to check what Shodan found on your network recently? How about getting a list of IPs out of the Shodan API? For the times where you'd like to have easy script-friendly access to Shodan there's now a new command-line tool appropriately called shodan. --------------------------------------------- http://shodanio.wordpress.com/2014/12/01/using-shodan-from-the-command-line/ *** l+f: Türsteuerung mit Hintertür *** --------------------------------------------- Beim Türsteuerungsmodul Entrypass N5200 ist der Name Programm: Rein kommt jeder - zumindest wenn er nicht durch die Tür sondern übers Netz kommt. --------------------------------------------- http://www.heise.de/security/meldung/l-f-Tuersteuerung-mit-Hintertuer-24700… *** Dridex Phishing Campaign uses Malicious Word Documents, (Mon, Dec 1st) *** --------------------------------------------- This is a guest diary submitted by Brad Duncan. During the past few months, Botnet-based campaigns have sent waves of phishing emails associated with Dridex. Today, well examine a wave that occurred approximately 3 weeks ago. The emails contained malicious Word documents, and with macros enabled, these documents infected Windows computers with Dridex malware. Various people have posted about Dridex [1] [2], and some sites like Dynamoos blog [3] and TechHelpList [4] often report on these and --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19011&rss *** Malware: Gefälschte Telekom-Rechnungen mit vollständigen Kundennamen *** --------------------------------------------- Die seit November 2014 kursierenden Mails mit Malware in Form von Dateianhängen an vermeintlichen Rechnungen der Telekom haben eine neue Qualität erreicht. Die Empfänger werden darin nun mit ihrem Vor- und Nachnamen angesprochen. --------------------------------------------- http://www.golem.de/news/malware-gefaelschte-telekom-rechnungen-mit-vollsta… *** Clubbing Seals - Exploring the Ecosystem of Third-party Security Seals *** --------------------------------------------- Is this website secure? Well, it just contains statically generated content and holds no personal information, so most likely it is. But how would you be able to tell whether it actually is secure? This problem is exactly what security seal providers are trying to tackle. These seal providers offer a service which allows website owners to show their customers that their website is secure, and therefore safe to use. This works as follows:... --------------------------------------------- https://vagosec.org/2014/11/clubbing-seals/ *** Raiffeisen warnt vor Trojaner beim Online-Banking *** --------------------------------------------- Keine "Test-Überweisungen" durchführen --------------------------------------------- http://derstandard.at/2000008856256 *** DSA-3081 libvncserver *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3081 *** DSA-3080 openjdk-7 *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3080 *** DSA-3083 mutt *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3083 *** DSA-3082 flac *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3082 *** Security Notice-Statement on Multiple Vulnerabilities in Huawei P2 Smartphone *** --------------------------------------------- Nov 29, 2014 17:47 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** Vuln: LibYAML and Perl YAML-LibYAML Module scanner.c Remote Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/71349 *** Bugtraq: CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 *** --------------------------------------------- http://www.securityfocus.com/archive/1/534124

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily December 2014