Daily May 2014

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - Freitag 30-05-2014
by Daily end-of-shift report 30 May '14

30 May '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 29-05-2014 18:00 − Freitag 30-05-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Third-Party Auth Token Theft: The Big Picture *** --------------------------------------------- Nothing sets the technical journalists abuzz like the prospect of a catastrophic, Internet-wide vulnerability. Fresh off the very legitimate excitement over Heartbleed, some media outlets were hoping for a new scoop with "Covert Redirections". Spoiler alert: there's no catastrophe. For those that haven't heard, this started with a paper and series of blog posts by Wang Jing. Wang describes an attack against websites that use third-party authentication services and are... --------------------------------------------- http://blog.spiderlabs.com/2014/05/third-party_auth_token_theft_the_big_pic… *** Ende von Truecrypt: Entwickler hat angeblich Interesse verloren *** --------------------------------------------- Einer der Entwickler von Truecrypt hat sich angeblich zu Wort gemeldet und die Beweggründe für das plötzliche Aus erklärt: Man habe das Interesse verloren. Einer Weiterentwicklung durch die Community steht er demnach kritisch gegenüber. --------------------------------------------- http://www.heise.de/security/meldung/Ende-von-Truecrypt-Entwickler-hat-ange… *** Hintergrund: Truecrypt ist unsicher - und jetzt? *** --------------------------------------------- Sollten wir jetzt wirklich alle auf Bitlocker umsteigen, wie es die Truecrypt-Entwickler vorschlagen? Einen echten Nachfolger wird es jedenfalls so bald nicht geben - und daran sind nicht zu letzt auch die Truecrypt-Entwickler schuld. --------------------------------------------- http://www.heise.de/security/artikel/Truecrypt-ist-unsicher-und-jetzt-22114… *** ThreadFix v2.1M1 Released *** --------------------------------------------- ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. ThreadFix is licensed under the Mozilla Public License (MPL) version 2.0. --------------------------------------------- http://www.toolswatch.org/2014/05/threadfix-v2-1m1-released/ *** New Attack Methods Can brick Systems, Defeat Secure Boot, Researchers Say *** --------------------------------------------- IDG News Service - The Secure Boot security mechanism of the Unified Extensible Firmware Interface (UEFI) can be bypassed on around half of computers that have the feature enabled in order to install bootkits, according to a security researcher. --------------------------------------------- http://www.cio.com/article/753439/New_Attack_Methods_Can_39_brick_39_System… *** Thieves Planted Malware to Hack ATMs *** --------------------------------------------- A recent ATM skimming attack in which thieves used a specialized device to physically insert malicious software into a cash machine may be a harbinger of more sophisticated scams to come. --------------------------------------------- http://krebsonsecurity.com/2014/05/thieves-planted-malware-to-hack-atms/ *** Heartbleed-Bug: OpenSSL bekommt Security-Audit und zwei Festangestellte *** --------------------------------------------- Die Linux-Foundation sammelt Geld für Kern-Infrastruktur wie OpenSSL und gibt nun erste Pläne bekannt. Beraten sollen das Projekt Linux-Kernel-Hacker und Bruce Schneier sowie Eben Moglen. --------------------------------------------- http://www.golem.de/news/heartbleed-bug-openssl-bekommt-security-audit-und-… *** When Networks Turn Hostile *** --------------------------------------------- We've previously discussed how difficult it is to safely connect to networks when on the go. This is particularly true on vacations and holidays, where the availability of Internet access is one of the most important factors when looking for a place to stay. In fact, many holiday lodges and hotels today have made Wi-Fi access an... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/CL6K-SnbQJQ/ *** Triangle MicroWorks Uncontrolled Resource Consumption *** --------------------------------------------- Adam Crain of Automatak and Chris Sistrunk of Mandiant have identified an uncontrolled resource consumption vulnerability in Triangle MicroWorks products and third-party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01 *** Cogent Datahub Vulnerabilities *** --------------------------------------------- Independent researcher Alain Homewood has identified four vulnerabilities in the Cogent Real-Time Systems DataHub application. Cogent Real-Time Systems has produced a new version that mitigates three of the four identified vulnerabilities; they have recommended a mitigation for the unresolved vulnerability. The researcher has tested the new version to validate that it resolves three of the four vulnerabilities. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 *** VMSA-2014-0005 *** --------------------------------------------- VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0005.html *** VMSA-2014-0002.3 *** --------------------------------------------- VMware vSphere updates to third party libraries --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0002.html *** ElasticSearch Dynamic Script Arbitrary Java Execution *** --------------------------------------------- Topic: ElasticSearch Dynamic Script Arbitrary Java Execution Risk: High Text:## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-fr... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014050154 *** VU#325636: Huawei E303 contains a cross-site request forgery vulnerability *** --------------------------------------------- Vulnerability Note VU#325636 Huawei E303 contains a cross-site request forgery vulnerability Original Release date: 30 May 2014 | Last revised: 30 May 2014 Overview The built-in web interface of Huawei E303 devices contains a cross-site request forgery vulnerability. Description Huawei E303 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to send and receive SMS messages using the connected cellular network. CWE-352: --------------------------------------------- http://www.kb.cert.org/vuls/id/325636 *** VU#124908: Dell ML6000 and Quantum Scalar i500 tape backup system command injection vulnerability *** --------------------------------------------- Vulnerability Note VU#124908 Dell ML6000 and Quantum Scalar i500 tape backup system command injection vulnerability Original Release date: 30 May 2014 | Last revised: 30 May 2014 Overview Dell ML6000 and Quantum Scalar i500 tape backup system contain a command injection vulnerability. Description CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)Dells and Quantums advisories state the following:The tape librarys remote user interface... --------------------------------------------- http://www.kb.cert.org/vuls/id/124908

1 0

Tageszusammenfassung - Mittwoch 28-05-2014
by Daily end-of-shift report 28 May '14

28 May '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 27-05-2014 18:00 − Mittwoch 28-05-2014 18:00 Handler: Christian Wojner Co-Handler: Stephan Richter *** Spam Campaign Spreading Malware Disguised as HeartBleed Bug Virus Removal Tool *** --------------------------------------------- At the beginning of April, a vulnerability in the OpenSSL cryptography library, also known as the Heartbleed bug, made headlines around the world.read more --------------------------------------------- http://www.symantec.com/connect/blogs/spam-campaign-spreading-malware-disgu… *** [2014-05-28] Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress *** --------------------------------------------- Attackers are able to completely compromise the voice recording / surveillance solution "NICE Recording eXpress" as they can gain access to the system and database level and listen to recorded calls without prior authentication or exploit a root backdoor account. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Apple Ransomware Targeting iCloud Users Hits Australia *** --------------------------------------------- A handful of iPhone, iPad and Mac users, largely confined to Australia, awoke Tuesday to discover their devices had been taken hostage by ransomware. --------------------------------------------- http://threatpost.com/apple-ransomware-targeting-icloud-users-hits-australi… *** iPhone-"Entführung" per Fernzugriff: Apple betont, dass iCloud sicher ist *** --------------------------------------------- In einem Statement heißt es, die derzeit in Australien die Runde machenden Erpressungsversuche, bei denen Angreifer Apple-Hardware aus der Ferne sperren, hätten nichts mit Sicherheitsproblemen in der iCloud zu tun. Schlechte Passwörter seien schuld. --------------------------------------------- http://www.heise.de/security/meldung/iPhone-Entfuehrung-per-Fernzugriff-App… *** Bugtraq: LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/532224 *** Kali-Linux: Pentesting-Stick mit Verschlüsselung und Notfallknopf *** --------------------------------------------- Wer Kali Linux auf einen USB-Stick installiert, kann die Datenpartition mit Version 1.0.7 endlich verschlüsseln. Das schützt brisante Daten vor neugierigen Blicken. Darüber hinaus gibt es einen Selbstzerstörungs-Mechanismus. --------------------------------------------- http://www.heise.de/security/meldung/Kali-Linux-Pentesting-Stick-mit-Versch… Next End-of-Shift report on 2015-05-30

1 0

Tageszusammenfassung - Dienstag 27-05-2014
by Daily end-of-shift report 27 May '14

27 May '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 26-05-2014 18:00 − Dienstag 27-05-2014 18:00 Handler: Christian Wojner Co-Handler: Stephan Richter *** Mac OS X: VirusTotal veröffentlicht Uploader *** --------------------------------------------- Der von Google aufgekaufte Viren-Scan-Dienst hat ein Tool veröffentlicht, mit dem Mac-Nutzer suspekte Dateien und Programme zur Prüfung hochladen können. VirusTotal erhofft sich tieferen Einblick in OS-X-Schadsoftware. --------------------------------------------- http://www.heise.de/security/meldung/Mac-OS-X-VirusTotal-veroeffentlicht-Up… *** Malicious Redirections to Porn Websites *** --------------------------------------------- The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infections had a similar pattern where they only targeted mobile devices. They are highly conditional as well making it challenging for webmasters to detect. Lets take a minute to explain... --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/aMQhA3--dfg/website-infection… *** Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass *** --------------------------------------------- Accounts accessed from Wi-Fi hotspots and other unsecured networks are wide open. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/yKbonlXYDrk/ *** Youve got Mail! But someone else is reading it in Outlook for Android *** --------------------------------------------- Researchers say Redmond forgot to encrypt messages stored on Android SD cards Researchers have plucked privacy holes in Microsofts Outlook Android app that expose user data when user security setting screws were not tightened. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/05/27/prying_priv… *** Mt. Gox: Bitcoin-Preise angeblich durch Bots manipuliert *** --------------------------------------------- Neue Spekulation um die insolvente Bitcoin-Börse Mt. Gox: Laut einer Analyse sollen Bots die Preise an der Börse getrieben und mindestens rund 570.000 Bitcoins aufgekauft haben. --------------------------------------------- http://www.heise.de/newsticker/meldung/Mt-Gox-Bitcoin-Preise-angeblich-durc… *** Fernwartungsfunktion: Onlineganoven entführen Macs und iPhones *** --------------------------------------------- Mit "Find My iPhone" und "Find My Mac" können Nutzer geklaute Hardware über ihre Apple ID sperren. Gerät diese in falsche Hände, können das aber auch Erpresser. In Australien sollen solche "Entführungen" gerade öfter vorkommen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Fernwartungsfunktion-Onlineganoven-e… *** cPanel cgiemail Character Injection Flaw Lets Remote Users Send SPAM via the System *** --------------------------------------------- A remote user can inject newline characters via certain parameters to modify email fields and send SPAM to arbitrary destination addresses via cgiemail. --------------------------------------------- http://www.securitytracker.com/id/1030287 *** Avast-Forum fällt Hackerangriff zum Opfer *** --------------------------------------------- Unbekannten gelang es, Nutzernamen, E-Mail-Adressen und verschlüsselte Passwörter von 350.000 Nutzern zu kopieren. Der Firmenchef des Antivirenherstellers hält es für möglich, dass die Hacker an Klartext-Passwörter kommen. --------------------------------------------- http://www.heise.de/security/meldung/Avast-Forum-faellt-Hackerangriff-zum-O… *** Multiple Vulnerabilities in TYPO3 CMS *** --------------------------------------------- It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. --------------------------------------------- http://typo3.org/news/article/multiple-vulnerabilities-in-typo3-cms-1/ *** Amazons AWS bietet Verschlüsselung auf Blockebene *** --------------------------------------------- Nutzer von Amazons Cloud-Angeboten können ihre auf virtuellen Laufwerken gespeicherten Daten verschlüsseln. --------------------------------------------- http://www.heise.de/security/meldung/Amazons-AWS-bietet-Verschluesselung-au… *** Top 10 Windows Server Security Misconfigurations *** --------------------------------------------- Introduction According to Wikipedia, 32.6% of servers on the Internet are running Microsoft Windows. The purpose of this article is to create awareness among system administrators and managers about some of the areas on which it is important to focus when implementing a new Windows build or when hardening the security of an existing server. The Survey One of the activities of the @NCCGroupInfosec team is to perform build reviews on clients' systems, looking for any misconfigurations that... --------------------------------------------- https://www.nccgroup.com/en/blog/2014/05/top-10-windows-server-security-mis… *** Zeus-Carberp Hybrid Trojan Pops Up *** --------------------------------------------- Researchers have discovered a new hybrid Trojan that combines elements of two of the more notorious crimeware strains of the last few years: Zeus and Carberp. It's not uncommon for malware writers to steal bits and pieces of code from one another, but both Zeus and Carberp were once exclusively private tools, but the source... --------------------------------------------- http://threatpost.com/zeus-carberp-hybrid-trojan-pops-up/106283

1 0

Tageszusammenfassung - Montag 26-05-2014
by Daily end-of-shift report 26 May '14

26 May '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 23-05-2014 18:00 − Montag 26-05-2014 18:00 Handler: Christian Wojner Co-Handler: Stephan Richter *** Long run compromised accounting data based type of managed iframe-ing service spotted in the wild *** --------------------------------------------- In a cybercrime ecosystem dominated by DIY (do-it-yourself) malware/botnet generating releases, populating multiple market segments on a systematic basis, cybercriminals continue seeking new ways to acquire and efficiently monetize fraudulently obtained accounting data, for the purpose of achieving a positive ROI (Return on Investment) on their fraudulent operations. In a series of blog posts, we've been detailing the existence of commercially available server-based malicious... --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/HvVQ_hnfyXQ/ *** RAT in a jar: A phishing campaign using Unrecom + IOC's *** --------------------------------------------- In the past two weeks, we have observed an increase in attack activity against the U.S. state and local government, technology, advisory services, health, and financial sectors through phishing emails with what appears to be a remote access trojan (RAT) known as Unrecom. The attack has also been observed against the financial sector in Saudi Arabia and Russia. --------------------------------------------- http://www.fidelissecurity.com/webfm_send/382 (PDF) http://www.fidelissecurity.com/files/files/FTA1013_RAT_in_a_jar_IOCs.xlsx *** Hackers claim MitM attack enables iCloud security feature bypass *** --------------------------------------------- Hackers claim that the iOS Activation Lock, a feature that makes it harder for crooks to use and sell lost or stolen Apple mobile devices, can be bypassed in a MitM attack. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/kJtdTS-KQeU/ *** US may block visas for Chinese hackers attending DefCon, Black Hat *** --------------------------------------------- Organizers of those conferences skeptical of the move to exclude Chinese nationals. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/Cny7FF2H8rU/ *** Warnung vor Update-Hack für Windows XP *** --------------------------------------------- Mit einem Trick kann man dem Update-Server von Microsoft vormachen, man betreibe eine Spezialversion von Windows XP, die noch bis April 2019 mit Updates versorgt wird. Das ist allerdings nicht ganz ungefährlich. --------------------------------------------- http://www.heise.de/newsticker/meldung/Warnung-vor-Update-Hack-fuer-Windows…

1 0

Tageszusammenfassung - Freitag 23-05-2014
by Daily end-of-shift report 23 May '14

23 May '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 22-05-2014 18:00 − Freitag 23-05-2014 18:00 Handler: Robert Waldner Co-Handler: n/a *** (0Day) SAP Sybase ESP Remote Code Execution Vulnerabilities *** --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-142/ http://www.zerodayinitiative.com/advisories/ZDI-14-143/ http://www.zerodayinitiative.com/advisories/ZDI-14-144/ http://www.zerodayinitiative.com/advisories/ZDI-14-145/ http://www.zerodayinitiative.com/advisories/ZDI-14-146/ http://www.zerodayinitiative.com/advisories/ZDI-14-147/ http://www.zerodayinitiative.com/advisories/ZDI-14-148/ ... http://www.zerodayinitiative.com/advisories/ZDI-14-158/ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-141/ *** SBA Research: Heartbleed-Betroffene in Österreich beheben Problem unzureichend *** --------------------------------------------- Das österreichische COMET-Kompetenzzentrum SBA Research hat aufgrund der aktuellen Bedrohungslage durch die Heartbleed-Schwachstelle eine Analyse über die Behebung der Schwachstelle durchgeführt. Dabei ist es für die Administratoren der betroffenen Server nicht nur wichtig, die OpenSSL-Bibliothek zu aktualisieren, sondern auch, Benutzer der Seite zur Passwort-Anderung aufzufordern und die SSL-Zertifikate inklusive kryptografischer Schlüssel zu erneuern. --------------------------------------------- http://www.sba-research.org/2014/05/23/heartbleedpresse/ *** Multiple D-Link Routers Cross Site Scripting / Information Disclosure *** --------------------------------------------- Topic: Multiple D-Link Routers Cross Site Scripting / Information Disclosure Risk: High Text:The following five D-Link model routers suffer from several vulnerabilities including Clear Text Storage of Passwords, Cross S... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014050127 *** Redmond reversal pops IE8 patch in pipeline *** --------------------------------------------- Bug not so bad, Microsoft says, but if you wont upgrade well get around to it eventually Microsoft has announced it will now patch a zero day Internet Explorer 8 vulnerability seven months after it was reported. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/05/23/redmond_rev… *** Cookie-Klau durch zwei Monate alte eBay-Lücke *** --------------------------------------------- In Auktionen eingeschleuste Skripte können Sitzungs-Cookies angreifen oder auch Malware verbreiten. eBay ist offenbar seit zwei Monaten informiert, hat das Problem aber bislang nicht behoben. --------------------------------------------- http://www.heise.de/newsticker/meldung/Cookie-Klau-durch-zwei-Monate-alte-e…

1 0

Tageszusammenfassung - Donnerstag 22-05-2014
by Daily end-of-shift report 22 May '14

22 May '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 21-05-2014 18:00 − Donnerstag 22-05-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** 145 Millionen Kunden von eBay-Hack betroffen *** --------------------------------------------- Unbekannte haben einen grossen Teil der Kundendatenbank der Online-Handelsplattform kopiert. Während der Druck auf eBay steigt, gibt es erste Hinweise, dass die gestohlenen Daten schon missbraucht werden. --------------------------------------------- http://www.heise.de/security/meldung/145-Millionen-Kunden-von-eBay-Hack-bet… *** Multiple Vulnerabilities in Cisco NX-OS-Based Products *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** SA-CONTRIB-2014-057 - Password policy - General logic error *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-057, Project: Password policy (third-party module), Version: 7, Security risk: Moderately critical; This module enables you to define password policies with various constraints on allowable user passwords. The history constraint, when enabled, disallows a users password from being changed to match a specified number of their .. --------------------------------------------- https://drupal.org/node/2271839 *** SA-CONTRIB-2014-055 - Require Login - Access bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-055, Project: Require Login (third-party module), Version: 7, Security risk: Moderately critical; This module enables you to restrict access to a site for all non-authenticated users.The module does not protect the front page, thereby exposing any sensitive information on the front page to anonymous users.This vulnerability is mitigated by the fact that private/sensitive information .. --------------------------------------------- https://drupal.org/node/2271837 *** SA-CONTRIB-2014-056 - Commerce Moneris - Information Disclosure *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-056, Project: Commerce Moneris (third-party module), Version: 7, Security risk: Critical; Commerce Moneris is a payment module that integrates the Moneris payment system with Drupal Commerce.The module stores credit card data in a commerce order object unnecessarily for the purpose of passing the credit card information to the payment gateway. The credit card information is .. --------------------------------------------- https://drupal.org/node/2271823 *** SA-CONTRIB-2014-054 - Views - Access Bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-054, Project: Views (third-party module), Version: 7, Security risk: Moderately critical; The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented.The module doesnt sufficiently check handler access when returning the list of handlers .. --------------------------------------------- https://drupal.org/node/2271809 *** IBM Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Portal *** --------------------------------------------- IBM WebSphere Application Server is shipped as a component of IBM WebSphere Portal. Information about a security vulnerabilities affecting IBM WebSphere Application Server has been published in security bulletins. CVE(s): CVE-2014-0963 Affected product(s) .. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** A peek inside a newly launched all-in-one E-shop for cybercrime-friendly services *** --------------------------------------------- Cybercriminals continue diversifying their portfolios of standardized fraudulent services, in an attempt to efficiently monetize their malicious 'know-how', further contributing to the growth of the cybercrime ecosystem. In a series of blog posts highlighting the emergence of the boutique cybercrime-friendly E-shops, we've been emphasizing on the over-supply of compromised/stolen accounting data, efficiently aggregated .. --------------------------------------------- http://www.webroot.com/blog/2014/05/21/peek-inside-newly-launched-one-e-sho… *** Redmond wont fix IE 8 zero day, says harden up instead *** --------------------------------------------- Phishers get fresh code execution bait Microsoft has decided not to fix an IE 8 zero-day first identified seven months ago, instead telling users to harden up their browsers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/05/22/ie_8_zero_d… *** Hacker wollen Apples iOS-Aktivierungssperre geknackt haben *** --------------------------------------------- Eine Team aus den Niederlanden und Marokko behauptet, die in iCloud integrierte Funktion ausgehebelt zu haben, mit der Apple die Nutzung geklauter iPhones und iPads verhindern will - angeblich per Man-in-the-Middle-Angriff. Bislang fehlen viele Details. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-wollen-Apples-iOS-Aktivierungss… *** Multiple Vulnerabilities in TYPO3 CMS *** --------------------------------------------- It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Overall Severity: Medium --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-s… *** XML Schema, DTD, and Entity Attacks - A Compendium of Known Techniques *** --------------------------------------------- The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. ... When used incorrectly, certain aspects of these document definition and validation features can lead to security vulnerabilities in applications that use XML. This document attempts to provide an up to date reference on these attacks, enumerating all publicly known techniques applicable to the most popular XML parsers in use while exploring a few novel attacks as well. --------------------------------------------- http://packetstorm.interhost.co.il/papers/general/XMLDTDEntityAttacks.pdf

1 0

Tageszusammenfassung - Mittwoch 21-05-2014
by Daily end-of-shift report 21 May '14

21 May '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 20-05-2014 18:00 − Mittwoch 21-05-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Ebay: Kundendaten bei Hackerangriff gestohlen *** --------------------------------------------- Hacker hatten im Februar und März Zugriff auf Kundendaten --------------------------------------------- http://derstandard.at/2000001422781 *** Enterprises Still Lax on Privileged User Access Controls *** --------------------------------------------- The results of a survey commissioned by Raytheon demonstrate that enterprises still dont have a firm grasp on privileged users and their activities on corporate networks. --------------------------------------------- http://threatpost.com/enterprises-still-lax-on-privileged-user-access-contr… *** iBanking: Exploiting the Full Potential of Android Malware *** --------------------------------------------- http://www.symantec.com/connect/blogs/ibanking-exploiting-full-potential-an… *** World's most pricey trojan is veritable Swiss Army knife targeting Android *** --------------------------------------------- Malicious Android app contains remote bugging, SMS interception, and much more. --------------------------------------------- http://arstechnica.com/security/2014/05/worlds-most-pricey-trojan-is-verita… *** Siemens Industrial Products OpenSSL Heartbleed Vulnerability (Update B) *** --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-105-03B *** [2014-05-21] Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4 *** --------------------------------------------- The software CoSoSys Endpoint Protector is affected by critical, unauthenticated SQL injection vulnerabilities and backdoor accounts. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Security App of the Week: WP Security Audit Log *** --------------------------------------------- WP Security Audit Log is a WordPress plugin that logs all the actions and events that take place under your website's hood. The plugin is useful not only in case of a data breach, but also for preventing one. The plugin is designed to generate a security alert when certain actions are detected. For instance, .. --------------------------------------------- http://news.softpedia.com/news/Security-App-of-the-Week-WP-Security-Audit-L… *** Hook Analyser 3.1 - Malware Analysis Tool *** --------------------------------------------- Hook Analyser is a freeware application which allows an investigator/analyst to perform 'static & run-time / dynamic' analysis of suspicious applications, also gather (analyse & co-related) threat intelligence related information (or data) from various open sources on the Internet. --------------------------------------------- http://www.darknet.org.uk/2014/05/hook-analyser-3-1-malware-analysis-tool/ *** Why You Should Ditch Adobe Shockwave *** --------------------------------------------- This author has long advised computer users who have Adobes Shockwave Player installed to junk the product, mainly on the basis that few sites actually require the browser plugin, and because its yet another plugin that requires constant updating. But I was positively shocked this week to learn that this software introduces a far more pernicious problem: Turns out, .. --------------------------------------------- http://krebsonsecurity.com/2014/05/why-you-should-ditch-adobe-shockwave/ *** LSE stellt Authentifizierungs-Tool LinOTP unter Open-Source-Lizenz *** --------------------------------------------- Das Authentifizierungswerkzeug LinOTP steht ab sofort als Open-Source-Produkt zum kostenlosen Download bereit. --------------------------------------------- http://www.heise.de/newsticker/meldung/LSE-stellt-Authentifizierungs-Tool-L… *** Bugs in your TV *** --------------------------------------------- Introduction As part of our research into the Internet of Things (IoT), we were asked to look at the current generation of Smart TVs and see whether they posed any new issues when used in the home or office. In particular, the latest sets come with built-in cameras (for use with video chat applications, .. --------------------------------------------- https://www.nccgroup.com/en/blog/2014/05/bugs-in-your-tv/

1 0

Tageszusammenfassung - Dienstag 20-05-2014
by Daily end-of-shift report 20 May '14

20 May '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 19-05-2014 18:00 − Dienstag 20-05-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Blackshades - Coordinated Takedown Leads to Multiple Arrests *** --------------------------------------------- The FBI, Europol and several other law enforcement agencies have arrested dozens of individuals suspected of cybercriminal activity centered around the malware known as Blackshades (a.k.a. W32.Shadesrat).read more --------------------------------------------- http://www.symantec.com/connect/blogs/blackshades-coordinated-takedown-lead… *** Moodle Bugs Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1030256 *** Silverlight finally becomes popular ... with criminals *** --------------------------------------------- Angler exploit kit targets Redmonds unloved rich web application kit Silverlight has become a choice target for VXers who are foisting nasty exploit kits on users through hacked advertising networks. --------------------------------------------- http://www.theregister.co.uk/2014/05/20/silverlight_attacks_spike_as_ekers_… *** Cisco IOS XR DHCPv6 Processing Flaw Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1030259 *** Bugtraq: t214: Call for Papers 2014 (Helsinki / Finland) *** --------------------------------------------- http://www.securityfocus.com/archive/1/532154 *** When Networks Turn Hostile *** --------------------------------------------- We've previously discussed how difficult it is to safely connect to networks when on the go. This is particularly true on vacations and holidays, where the availability of Internet access is one of the most important factors when looking for a place to stay. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/when-networks-tu… *** Cisco IOS Software IPv6 Denial of Service Vulnerability *** --------------------------------------------- cisco-sa-20110928-ipv6 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Sicherheitslücke in iTunes: BSI drängt zum Update *** --------------------------------------------- Eine durch Apples Medien-Software verursachte Schwachstelle erlaubt lokalen Nutzern einen umfassenden Zugriff auf andere Benutzerkonten - das Bundesamt für Sicherheit in der Informationstechnik rät zum Update auf Version 11.2.1. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsluecke-in-iTunes-BSI-draeng…

1 0

Tageszusammenfassung - Montag 19-05-2014
by Daily end-of-shift report 19 May '14

19 May '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 16-05-2014 18:00 − Montag 19-05-2014 18:00 Handler: Robert Waldner Co-Handler: n/a *** January-April 2014 *** --------------------------------------------- The 'NCCIC/ICS-CERT Monitor' newsletter offers a means of promoting preparedness, information sharing, and collaboration with the 16 critical infrastructure sectors. ICS-CERT accomplishes this on a day-to-day basis through sector briefings, meetings, conferences, and information product releases. This publication highlights recent activities and information products affecting industrial control systems (ICSs), and provides a look ahead at upcoming ICS-related events. --------------------------------------------- http://ics-cert.us-cert.gov//monitors/ICS-MM201404 *** IBM Security Bulletin: Fixes available for vulnerability in Apache Commons FileUpload contained in IBM WebSphere Portal (CVE-2014-0050) *** --------------------------------------------- Fixes available for a denial of service vulnerability in the open source library Apache Commons FileUpload which affects IBM WebSphere Portal. CVE(s): CVE-2014-0050 Affected product(s) and affected version(s): WebSphere Portal 8 WebSphere Portal 7 WebSphere Portal 6.1.x --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Rational ClearCase *** --------------------------------------------- IBM WebSphere Application Server is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. CVE(s): CVE-2014-0964 Affected product(s) and affected version(s): IBM Rational ClearCase, CM Server component, release 7.1.x (7.1.0.x, 7.1.1.x, and 7.1.2.x). --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** Mozilla gründet "Winter of Security" *** --------------------------------------------- Studenten können bei Mozillas Programm für ihr Studium ein Projekt durchführen, das eine Bedeutung auch außerhalb der Universität hat. Begleitet wird die Arbeit von einem Entwickler. --------------------------------------------- http://www.heise.de/security/meldung/Mozilla-gruendet-Winter-of-Security-21… *** Malvertising Up By Over 200% *** --------------------------------------------- An anonymous reader writes "Online Trust Alliance (OTA) Executive Director and President Craig Spiezle testified before the U.S. Senates Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations, outlining the risks of malicious advertising, and possible solutions to stem the rising tide. According to OTA research, malvertising increased by over 200% in 2013 to over 209,000 incidents, generating over 12.4 billion malicious ad impressions. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ZUq6VAva50Y/story01.htm *** DDoS Trojans attack Linux *** --------------------------------------------- May 15, 2014 The fallacy that Linux is fully protected against malware thanks to the specific features of its architecture makes life much easier for intruders distributing such software. In May 2014, Doctor Webs security analysts identified and examined a record-high number of Trojans for Linux, a large portion of which is designed to (distributed denial of service) attacks. These programs share common features: first, they carry out DDoS attacks via various protocols, and second, they appear .. --------------------------------------------- http://news.drweb.com/show/?i=5760&lng=en&c=9 *** Security: Datenbank informiert über Identitätsklau *** --------------------------------------------- Eine Datenbank gibt Informationen darüber, ob Passwörter oder Kontodaten eines Nutzers auf einschlägigen Foren zu finden sind. Die vom Hasso-Plattner-Institut bereitgestellten Informationen unterscheiden sich von denen des BSI. --------------------------------------------- http://www.golem.de/news/security-datenbank-informiert-ueber-identitaetskla… *** Cisco ASA Crafter RADIUS Packets Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the implementation of the Remote Authentication Dial-in User Services (RADIUS) code of Cisco ASA Software could allow an authenticated, remote attacker to cause an affected system to reload. The vulnerability is due to insufficient validation of RADIUS packets including crafted attributes. An attacker could exploit this vulnerability by sending crafted RADIUS packets to the affected system. The attacker must know the RADIUS shared secret and inject the crafted packet while a RADIUS exchange is in progress. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Mid-2014 Tech Security Rundown: 5 Current Exploits Worth Knowing About *** --------------------------------------------- Here are just a few of the security threats that have risen to prominence in recent months. ... Rotbrow Mobile Side Channel Leakage IoT Hardware & Software Ad Network Intrusion Out of Harm's Way Besides these exploits, web users must contend with on-going threats like SQL injection and cross-site scripting. --------------------------------------------- http://hackersnewsbulletin.com/2014/05/mid-2014-tech-security-rundown-5-cur… *** Online-Banking: Verstärkte Angriffe auf das mTAN-Verfahren *** --------------------------------------------- Experten warnen vor verstärkten Infektionen mit dem Android-Trojaner FakeToken. Die Software kopiert empfangene SMS, die TANs enthalten. Ganoven können dann das Konto des Opfers leer räumen. --------------------------------------------- http://www.heise.de/security/meldung/Online-Banking-Verstaerkte-Angriffe-au… *** Kryptographie: Schnellerer Algorithmus für das diskrete Logarithmusproblem *** --------------------------------------------- Auf der Eurocrypt-Konferenz ist ein schnellerer Algorithmus für eine spezielle Variante des diskreten Logarithmusproblems vorgestellt worden. Dieses Problem ist die Grundlage zahlreicher kryptographischer Verfahren, doch eine direkte Bedrohung für real eingesetzte Algorithmen gibt es zur Zeit nicht. --------------------------------------------- http://www.golem.de/news/kryptographie-schnellerer-algorithmus-fuer-das-dis…

1 0

Tageszusammenfassung - Freitag 16-05-2014
by Daily end-of-shift report 16 May '14

16 May '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 15-05-2014 18:00 − Freitag 16-05-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** CSWorks Software SQL Injection Vulnerability *** --------------------------------------------- Researcher John Leitch, working with HP's Zero Day Initiative (ZDI), has identified an SQL injection vulnerability in CSWorks' CSWorks software framework. CSWorks has produced an updated version that mitigates this vulnerability. This vulnerability could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-135-01 *** Statistik: Verschlüsselter Datenverkehr nimmt zu *** --------------------------------------------- Laut einer Studie steigt seit Beginn der Enthüllungen des Whistleblowsers Edward Snowden der Anteil an SSL-verschlüsselten Verbindungen im Internet. Die Zunahmen in den USA und Europa unterscheiden sich aber. --------------------------------------------- http://www.heise.de/security/meldung/Statistik-Verschluesselter-Datenverkeh… *** Torque 2.5.13 Buffer Overflow *** --------------------------------------------- Topic: Torque 2.5.13 Buffer Overflow Risk: High Text:A buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014050086 *** Apple Releases OS X 10.9.3, Fixes Serious Flaw in iTunes *** --------------------------------------------- Apple has released a new version of OS X Mavericks, which includes all of the security fixes it pushed out last month. OS X 10.9.3 includes the patches for the so-called triple handshake SSL vulnerability, as well as fixes for several remote code-execution vulnerabilities. --------------------------------------------- http://threatpost.com/apple-releases-os-x-10-9-3-fixes-serious-flaw-in-itun… *** Understanding how Fuzzing Relates to a Vulnerability like Heartbleed *** --------------------------------------------- Fuzzing is a security-focused testing technique in which a compiled program is executed so that the attack surface can be tested as it actually runs. The attack surfaces are the components of code that accept user input. Since this is the most vulnerable part of code, it should be rigorously tested with anomalous data. --------------------------------------------- http://labs.bromium.com/2014/05/14/understanding-how-fuzzing-relates-to-a-v… *** iTunes: Apple schließt problematische Lücke in PC-Version *** --------------------------------------------- Das Update 11.2 stopft ein Leck, über das es unter Windows XP SP3 bis 8 möglich war, iTunes-Zugangsdaten zu stehlen. --------------------------------------------- http://www.heise.de/security/meldung/iTunes-Apple-schliesst-problematische-… *** PayPal Fixes Serious Account Hijacking Bug in Manager *** --------------------------------------------- PayPal patched a hole in its Manager functionality this week that could have made it easy for an attacker to hijack an admin's account, change their password and steal their personal information -- not to mention their savings. --------------------------------------------- http://threatpost.com/paypal-fixes-serious-account-hijacking-bug-in-manager…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily May 2014