=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 30-07-2014 18:00 − Donnerstag 31-07-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Innominate mGuard Unauthorized Leakage of System Data ***
---------------------------------------------
Exploitation of this vulnerability could allow a remote unauthenticated user access to release configuration information. While this is a minor vulnerability, it represents a method for further network reconnaissance.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-189-02
*** How safe is your quantified self? Tracking, monitoring, and wearable tech ***
---------------------------------------------
Self-tracking enthusiasts are generating a torrent of personal information through apps and devices. Is this data safe from prying eyes?
---------------------------------------------
http://www.symantec.com/connect/blogs/how-safe-your-quantified-self-trackin…
*** Why the Security of USB Is Fundamentally Broken ***
---------------------------------------------
Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the ..
---------------------------------------------
http://www.wired.com/2014/07/usb-security/
*** TA14-212A: Backoff Point-of-Sale Malware ***
---------------------------------------------
“Backoff” is a family of PoS malware and has been discovered recently. The malware family has been witnessed on at least three separate forensic investigations. Researchers have identified three primary variants to the “Backoff” malware including ..
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA14-212A
*** Takedowns: Touchdown or Turnover? ***
---------------------------------------------
Over the last several months malware takedowns have made headlines. But what is really involved in such an operation? The recent takedowns have been a collaborative effort mostly between the private sector and government entities, with academic researchers also playing a role. While some operations included arrests, and others included a civil lawsuit, ..
---------------------------------------------
http://www.seculert.com/blog/2014/07/takedowns-touchdown-or-turnover.html
*** 3 security mistakes small companies make and how to avoid them ***
---------------------------------------------
Dedicated IT staff are a luxury most very small businesses do without but those organisations still need to find a way to secure their computers against cyber ciminals who arent looking to cut them a break just because they're small.
---------------------------------------------
http://nakedsecurity.sophos.com/2014/07/31/3-security-mistakes-small-compan…
*** How to Hunt Down Phishing Kits ***
---------------------------------------------
Sites like phishtank and clean-mx act as crowdsourced phishing detection and validation. By knowing how to look, you can consistently find interesting information about how attackers work, and the tools they use to conduct phishing campaigns. This post will give an example of how phishing kits are used, how to find them, as well as show a case study into other ..
---------------------------------------------
https://jordan-wright.github.io/blog/2014/07/30/how-to-hunt-down-phishing-k…
*** Spy of the Tiger ***
---------------------------------------------
A recent report documents a group of attackers known as 'PittyTiger' that appears to have been active since at least 2011; however, they may have been operating as far back as 2008. We have been monitoring the activities of this ..
---------------------------------------------
http://www.fireeye.com/blog/technical/threat-intelligence/2014/07/spy-of-th…
*** Angriff auf Videospiele-Hersteller: Hacker haben es auf Quellcode abgesehen ***
---------------------------------------------
Die Hacker der "Threat Group 3279" sind seit Jahren aktiv und versuchen, Quellcode von Spielen zu stehlen und die Sicherheitsvorkehrungen der dazugehörigen DRM-Systeme zu knacken. Die Gruppe soll aus China stammen.
---------------------------------------------
http://www.heise.de/security/meldung/Angriff-auf-Videospiele-Hersteller-Hac…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 29-07-2014 18:00 − Mittwoch 30-07-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** 22 Jump Street, Transformers Are Top Movie Lures for Summer ***
---------------------------------------------
Summertime has become synonymous with blockbuster movies. Unfortunately, these movies have become a go-to social engineering lure used by cybercriminals. Just like in previous years, Trend Micro engineers searched for possible threats related to movies released during the summer. This year, 22 Jump Street was the top movie used for social ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/22-jump-street-t…
*** Google Android Certificate Chain Validation Flaw Lets Applications Gain Elevated Privileges ***
---------------------------------------------
The software does not properly validate an application's certificate chain. An application can supply a specially crafted application identity certificate to impersonate a privileged application and gain access to vendor-specific device administration extensions.
---------------------------------------------
http://www.securitytracker.com/id/1030654
*** Erpressungs-Trojaner CTB-Locker verschlüsselt sicher und verwischt Spuren ***
---------------------------------------------
Wenn man diesem Schädling zum Opfer fällt, gibt es wenig Hoffnung für die eigenen Daten. Diese sind mit State-of-the-Art-Verschlüsselung gesichert und der Trojaner kommuniziert nur verschlüsselt über das Tor-Netz mit seinen Kontrollservern.
---------------------------------------------
http://www.heise.de/security/meldung/Erpressungs-Trojaner-CTB-Locker-versch…
*** Symantec Endpoint Protection 0day ***
---------------------------------------------
In a recent engagement, we had the opportunity to audit the Symantec Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise.
---------------------------------------------
http://www.offensive-security.com/vulndev/symantec-endpoint-protection-0day/
*** Scan Shows Possible Heartbleed Fix Failures ***
---------------------------------------------
Of more than 1,600 Global 2000 firms, only 3% of their public-facing servers have been fully and properly locked down from the Heartbleed vulnerability that was first revealed ..
---------------------------------------------
http://www.darkreading.com/vulnerabilities---threats/vulnerability-manageme…
*** Tor security advisory: "relay early" traffic confirmation attack ***
---------------------------------------------
On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.
---------------------------------------------
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-…
*** Internet of Things: Kreditkartennummern und das Passwort 1234 ***
---------------------------------------------
Hersteller von vernetzten Geräten gehen sorglos mit deren Sicherheit um. Kaputte Webinterfaces, überflüssige Kreditkarteninformationen und zu einfache Passwörter wie 1234 machen viele Geräte angreifbar.
---------------------------------------------
http://www.golem.de/news/internet-of-things-kreditkartennummern-und-das-pas…
*** Multiple vulnerabilities in Kunena Forum Extension for Joomla ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532933http://www.securityfocus.com/archive/1/532932
*** Multiple vulnerabilities in SAP products ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/94932http://xforce.iss.net/xforce/xfdb/94931http://xforce.iss.net/xforce/xfdb/94930http://xforce.iss.net/xforce/xfdb/94922http://xforce.iss.net/xforce/xfdb/94923http://xforce.iss.net/xforce/xfdb/94921
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 28-07-2014 18:00 − Dienstag 29-07-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Critroni/Onion - Newest Addition to Encrypting Ransomware ***
---------------------------------------------
In my last blog post about a week ago, I talked about how Cryptolocker and the like are not dead and we will continue to see more of them in action. It's a successful 'business model' and I don't see it going away anytime soon. Not even a few days after my post a new encrypting ransomware emerged. This ..
---------------------------------------------
http://www.webroot.com/blog/2014/07/25/critroni-new-encrypting-ransomware/
*** Interesting HTTP User Agent "chroot-apach0day", (Mon, Jul 28th) ***
---------------------------------------------
Our reader Robin submitted the following detect: Ive got a site that was scanned this morning by a tool that left these entries in the logs: [HTTP_USER_AGENT] => chroot-apach0day ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18453
*** Cisco Prime Data Center Network Manager Input Validation Flaw Permits Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1030652
*** Hacker klauten Pläne für Israels Raketenschild "Iron Dome" ***
---------------------------------------------
Bei einem Hackerangriff auf drei israelische Waffenschmieden sollen Hacker der chinesischen Regierung in den Jahren 2011 und 2012 haufenweise wichtige Daten zu dem Raketenabwehrsystem erbeutet haben. Die Angreifer sollen der Spezialeinheit 61398 angehören.
---------------------------------------------
http://www.heise.de/security/meldung/Hacker-klauten-Plaene-fuer-Israels-Rak…
*** Android crypto blunder exposes users to highly privileged malware ***
---------------------------------------------
The majority of devices running Google's Android operating system are susceptible to hacks that allow malicious apps to bypass a key security sandbox so they can steal user credentials, read e-mail, and access payment histories and other sensitive data, researchers have warned.
---------------------------------------------
http://arstechnica.com/security/2014/07/android-crypto-blunder-exposes-user…
*** Changes in the Asprox Botnet ***
---------------------------------------------
In this blog post, we took a quick overview of Asprox's functions and saw the updates that it has made to its C&C code. With added RSA encryption, another C&C command, and updated messaging format, it does not look like Asprox will stop evolving. We will continue to monitor Asprox for any changes and will keep you updated.
---------------------------------------------
https://blog.fortinet.com/Changes-in-the-Asprox-Botnet/
*** How Cybercrime Exploits Digital Certificates ***
---------------------------------------------
Security experts recognize 2011 as the worst year for certification authorities. The number of successful attacks against major companies reported during the year has no precedent, many of them had serious consequences.
---------------------------------------------
http://resources.infosecinstitute.com/cybercrime-exploits-digital-certifica…
*** Security: Antivirenscanner machen Rechner unsicher ***
---------------------------------------------
Ein Datenexperte hat sich aktuelle Virenscanner angesehen. Viele seien durch einfache Fehler angreifbar, meint er. Da sie tief ins System eingreifen, stellen sie eine besondere Gefahr dar - obwohl sie eigentlich schützen sollen.
---------------------------------------------
http://www.golem.de/news/security-antivirenscanner-machen-rechner-unsicher-…
*** Elasticsearch-Lücke verwandelt Amazon-Cloud-Server in DDoS-Zombies ***
---------------------------------------------
Durch eine Sicherheitslücke in einer älteren Elasticsearch-Version können Angreifer beliebigen Schadcode ausführen. Das wird momentan dazu genutzt, Server in Amazons EC2-Cloud zu kapern und für DDoS-Angriffe zu missbrauchen.
---------------------------------------------
http://www.heise.de/security/meldung/Elasticsearch-Luecke-verwandelt-Amazon…
*** Multiple vulnerabilities in Oxwall 1.7.0 ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070156http://cxsecurity.com/issue/WLB-2014070155
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 25-07-2014 18:00 − Montag 28-07-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Cisco WebEx Meetings Server Authenticated Encryption Vulnerability ***
---------------------------------------------
A vulnerability in the user.php script of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Cacti cross-site scripting ***
---------------------------------------------
Cacti is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the Full Name field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting ..
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/94862
*** Cisco WebEx Meetings Server OutlookAction Class Vulnerability ***
---------------------------------------------
A vulnerability in the OutlookAction Class of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Cisco WebEx Meetings Server Web Framework Vulnerability ***
---------------------------------------------
A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability occurs because sensitive information is passed in a query string. An attacker could ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Service Drains Competitors' Online Ad Budget ***
---------------------------------------------
The longer one lurks in the Internet underground, the more difficult it becomes to ignore the harsh reality that for nearly every legitimate online business there is a cybercrime-oriented anti-business. Case in point: Todays post looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors.
---------------------------------------------
http://krebsonsecurity.com/2014/07/service-drains-competitors-online-ad-bud…
*** Daimler: Mit eigener Hacker-Gruppe gegen Sicherheitslücken ***
---------------------------------------------
Der Automobilhersteller Daimler beschäftigt eine fest angestellte Gruppe von Datenspezialisten, deren Aufgabe es ist, das eigene Firmennetzwerk zu attackieren. So sollen Sicherheitslücken schneller aufgespürt werden.
---------------------------------------------
http://www.golem.de/news/daimler-mit-eigener-hacker-gruppe-gegen-sicherheit…
*** Ubiquiti UbiFi Controller 2.4.5 Password Hash Disclosure ***
---------------------------------------------
If remote logging is enabled on the UniFi controller, syslog messages
are sent to a syslog server. Contained within the syslog messages is
the admin password that is used by both the UniFi controller, and all
managed Access Points. This CVE was ..
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070146
*** Tails: Zero-Day im Invisible Internet Project ***
---------------------------------------------
In der Linux-Distribution Tails befindet sich eine Sicherheitslücke, über die Nutzeridentitäten aufgedeckt werden können. Die Schwachstelle ist nicht in Tor, sondern im Invisible-Internet-Project-Netzwerk zu finden.
---------------------------------------------
http://www.golem.de/news/tails-zero-day-im-invisible-internet-project-1407-…
*** DANE disruptiv: Authentifizierte OpenPGP-Schlüssel im DNS ***
---------------------------------------------
Pretty Good Privacy soll das DNS zur Schlüsselpropagierung nutzen. Auf der Liste der Entwickler der Internet Engineering Task Force (IETF) steht als nächstes die Zulassung eigenen Schlüsselmaterials.
---------------------------------------------
http://www.heise.de/security/meldung/DANE-disruptiv-Authentifizierte-OpenPG…
*** Behind the Android.OS.Koler distribution network ***
---------------------------------------------
Android.OS.Koler.a a ransomware program that blocks the screen of an infected device and requests a ransom in order to unlock the device. An entire network of malicious porn sites linked to a traffic direction system that redirects the victim to different payloads targeting not only mobile devices but any other visitor.
---------------------------------------------
https://securelist.com/blog/research/65189/behind-the-android-os-koler-dist…
*** Dissecting the CVE-2013-2460 Java Exploit ***
---------------------------------------------
In this vulnerability, code is able to get the references of some restricted classes which are cleverly used for privilege escalation and bypassing the JVM sandbox. The vulnerable 'invoke' method of the 'sun.tracing.ProviderSkeleton' class is used to ..
---------------------------------------------
http://research.zscaler.com/2014/07/dissecting-cve-2013-2460-java-exploit.h…
*** Anatomy of an iTunes phish - tips to avoid getting caught out ***
---------------------------------------------
Even if youd back yourself to spot a phish every time, heres a step-by-step account that might help to save your friends and family in the future...
---------------------------------------------
http://nakedsecurity.sophos.com/2014/07/28/anatomy-of-an-itunes-phish-tips-…
*** ICS 3C - ICS Cybersecurity Council Conference ***
---------------------------------------------
ICS 3C gathers experts and decision makers placing Cybersecurity at the heart of a Pan-European Dialogue on solutions for securing critical processes.
---------------------------------------------
http://www.anapur.de/u_e_ICS_Cybersecurity_Conference_2014_HD.htm
*** Trojaner: Warnungen vor gefälschten Ikea-Mails ***
---------------------------------------------
Schon mehrere tausend Funde, E-Mails sind "täuschend echt" ..
---------------------------------------------
http://derstandard.at/2000003626539
*** Malware, Would You Install it for One Cent? ***
---------------------------------------------
A research study report entitled It's All About The Benjamins: An empirical study on incentivizing users to ignore security ..
---------------------------------------------
http://www.seculert.com/blog/2014/07/would-you-install-potential-malware-fo…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 24-07-2014 18:00 − Freitag 25-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** More Details of Onion/Critroni Crypto Ransomware Emerge ***
---------------------------------------------
New ransomware has been dubbed Onion by researchers at Kaspersky Lab as its creators use command and control servers hidden in the Tor Network (a/k/a The Onion Router) to obscure their malicious activity.
---------------------------------------------
http://threatpost.com/onion-ransomware-demands-bitcoins-uses-tor-advanced-e…
*** Kali 1.0.8 released with UEFI boot support, more info at http://www.kali.org/news/kali-1-0-8-released-uefi-boot-support/, (Fri, Jul 25th) ***
---------------------------------------------
-- Bojan INFIGO IS (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18443&rss
*** Gefährlicher als die NSA: Firmen unterschätzen kriminelle Hacker ***
---------------------------------------------
Allianz für Cyber-Sicherheit beim deutschen Bundesamt für Sicherheit in der Informationstechnik sieht größten Nachholbedarf in produzierenden Unternehmen
---------------------------------------------
http://derstandard.at/2000003528513
*** TAILS Team Recommends Workarounds for Flaw in I2P ***
---------------------------------------------
The developers of the TAILS operating system say that users can mitigate the severity of the critical vulnerability researchers discovered in the I2P software that's bundled with TAILS with a couple of workarounds, but there is no patch for the bug yet. The vulnerability that affects TAILS is in the I2P anonymity network software that comes...
---------------------------------------------
http://threatpost.com/tails-team-recommends-workarounds-for-flaw-in-i2p/107…
*** Fake GoogleBots are third most common DDoS attacker ***
---------------------------------------------
An analysis of 400 million search engine visits to 10,000 sites done by Incapsula researchers has revealed details that might be interesting to web operators and SEO professionals.
---------------------------------------------
http://www.net-security.org/secworld.php?id=17169
*** New SSL server rules go into effect Nov. 1 ***
---------------------------------------------
Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks.
---------------------------------------------
http://www.networkworld.com/article/2457649/security0/new-ssl-server-rules-…
*** The App I Used to Break Into My Neighbor's Home ***
---------------------------------------------
Leave your ring of cut-brass secrets unattended on your desk at work, at a bar table while you buy another round, or in a hotel room, and any stranger---or friend---can upload your keys to their online collection.
---------------------------------------------
http://feeds.wired.com/c/35185/f/661467/s/3cdb9908/sc/36/l/0L0Swired0N0C20A…
*** Attackers abusing Internet Explorer to enumerate software and detect security products ***
---------------------------------------------
During the last few years we have seen an increase on the number of malicious actors using tricks and browser vulnerabilities to enumerate the software that is running on the victim's system using Internet Explorer.In this blog post we will describe some of the techniques that attackers are using to perform reconnaisance that gives them information for future attacks. We have also seen these techniques being used to decide whether or not they exploit the victim based on detected...
---------------------------------------------
http://www.alienvault.com/open-threat-exchange/blog/attackers-abusing-inter…
*** Building a Legal Botnet in the Cloud ***
---------------------------------------------
Two researchers have built a botnet using free anonymous accounts. They only collected 1,000 accounts, but theres no reason this cant scale to much larger numbers....
---------------------------------------------
https://www.schneier.com/blog/archives/2014/07/building_a_lega.html
*** Bugtraq: Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532895
*** Morpho Itemiser 3 Hard-Coded Credential ***
---------------------------------------------
This advisory provides vulnerability information for hard-coded credentials in the Morpho Itemiser 3.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-205-01
*** VU#394540: Sabre AirCentre Crew contains a SQL injection vulnerability ***
---------------------------------------------
Vulnerability Note VU#394540 Sabre AirCentre Crew contains a SQL injection vulnerability Original Release date: 25 Jul 2014 | Last revised: 25 Jul 2014 Overview Sabre AirCentre Crew 2010.2.12.20008 and earlier contains a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Sabre AirCentre Crew 2010.2.12.20008 and earlier is vulnerable to a SQL Injection attack in the username and password fields in CWPLogin.aspx.
---------------------------------------------
http://www.kb.cert.org/vuls/id/394540
*** Cisco Unified Presence Server Sync Agent Vulnerability ***
---------------------------------------------
CVE-2014-3328
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
CVE-2014-3305
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Cisco WebEx Meetings Server Stack Trace Vulnerability ***
---------------------------------------------
CVE-2014-3301
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 23-07-2014 18:00 − Donnerstag 24-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** ZDI-14-264: (0Day) Apple QuickTime mvhd Atom Heap Memory Corruption Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-264/
*** ZDI-14-263: (0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 1091 Directory Traversal Arbitrary File Write Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-263/
*** ZDI-14-262: (0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 305 Directory Traversal Arbitrary File Creation Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-262/
*** [Honeypot Alert] Wordpress XML-RPC Brute Force Scanning ***
---------------------------------------------
There are news reports of new Wordpress XML-PRC brute force attacks being seen in the wild. The SANS Internet Storm Center also has a Diary entry showing similar data. We have captured similar attacks in our web honeypots so we wanted to share more data with the community. Please reference earlier blog posts we have done related to Wordpress: Wordpress XML-RPC Pingback Vulnerability Analysis Defending Wordpress Logins from Brute Force Attacks Thanks goes to my SpiderLabs Research colleague
---------------------------------------------
http://blog.spiderlabs.com/2014/07/honeypot-alert-wordpress-xml-rpc-brute-f…
*** Smart Grid Attack Scenarios ***
---------------------------------------------
This is the third (and last) in a series of posts looking at the threats surrounding smart grids and smart meters. In the first post, we introduced smart meters, smart grids, and showed why these can pose risks. In the second post, we looked at the risks of attacks on smart meters. In this post,...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6sRN65gV904/
*** Windows Previous Versions against ransomware, (Thu, Jul 24th) ***
---------------------------------------------
One of the cool features that Microsoft actually added in Windows Vista is the ability to recover previous versions of files and folders. This is part of the VSS (Volume Shadow Copy Service) which allows automatic creation of backup copies on the system. Most users "virtually meet" this service when they are installing new software, when a restore point is created that allows a user to easily revert the operating system back to the original state, if something goes wrong. However,
---------------------------------------------
https://isc.sans.edu/diary/Windows+Previous+Versions+against+ransomware/184…
*** BMWs ConnectedDrive falls over, bosses blame upgrade snafu ***
---------------------------------------------
Traffic flows up 20% as motorway middle lanes miraculously unclog BMWs ConnectedDrive car-to-mobe interface has suffered a UK-wide outage that may also affect customers in mainland Europe.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/24/bmw_connect…
*** Dirty Dozen Spampionship - which country is spewing the most spam? ***
---------------------------------------------
The World Cup may be done and dusted, but the Spampionship continues! Where did you come in our spam-sending league tables?
---------------------------------------------
http://nakedsecurity.sophos.com/2014/07/22/dirty-dozen-spampionship-which-c…
*** A new generation of ransomware ***
---------------------------------------------
Trojan-Ransom.Win32.Onion a highly dangerous threat and one of the most technologically advanced encryptors out there. Its developers used both proven techniques 'tested' on its predecessors and solutions that are completely new for this class of malware. The use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server.
---------------------------------------------
https://securelist.com/analysis/publications/64608/a-new-generation-of-rans…
*** Bugcrowd Releases Open Source Vulnerability Disclosure Framework ***
---------------------------------------------
The problems that come from doing security research on modern Web applications and other software aren't just challenging for researchers, but also for the companies on the receiving end of their advisories. Companies unaccustomed to dealing with researchers can find themselves in a difficult position, trying to figure out the clearest path forward. To help...
---------------------------------------------
http://threatpost.com/bugcrowd-releases-open-source-vulnerability-disclosur…
*** SA-CONTRIB-2014-072 - Freelinking, Freelinking Case Tracker - Access bypass ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-072Project: freelinking (third-party module)Project: freelinking case tracker (third-party module)Version: 6.x, 7.xDate: 2014-July-23Security risk: CriticalExploitable from: RemoteVulnerability: Access bypassDescriptionThe freelinking and freelinking case tracker modules implement a filter for the easier creation of HTML links to other pages in the site or external sites with a wiki style format such as [[pluginname:identifier]].The module doesnt sufficiently...
---------------------------------------------
https://www.drupal.org/node/2308503
*** Siemens OpenSSL Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-14-198-03 Siemens OpenSSL Vulnerabilities that was published July 17, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for vulnerabilities in the Siemens OpenSSL cryptographic software library affecting several Siemens industrial products.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-198-03A
*** Sierra Wireless AirLink Raven X EV-DO Vulnerabilities (Update B) ***
---------------------------------------------
This updated advisory is a follow-up to the advisory titled ICSA-14-007-01A Sierra Wireless AirLink Raven X EV-DO Multiple Vulnerabilities that was published January 16, 2014, on the NCCIC/ICS CERT web site.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-007-01B
*** HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Cisco TelePresence Management Interface Vulnerability ***
---------------------------------------------
CVE-2014-3324
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Bugtraq: Beginners error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account ***
---------------------------------------------
Beginners error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
---------------------------------------------
http://www.securityfocus.com/archive/1/532875
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 22-07-2014 18:00 − Mittwoch 23-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** DDoS attacks remain up, stronger in Q2, report says ***
---------------------------------------------
Prolexics second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.
---------------------------------------------
http://www.scmagazine.com/ddos-attacks-remain-up-stronger-in-q2-report-says…
*** De-obfuscating the DOM based JavaScript obfuscation found in EK's such as Fiesta and Rig ***
---------------------------------------------
There is little doubt that exploit kit (EK) developers are continuing to improve their techniques and are making exploit kits harder to detect. They have heavily leveraged obfuscation techniques for JavaScript and are utilizing browser functionality to their advantage. Recent exploit kits such as "Fiesta" and "Rig" for example, have been found to be using DOM based JavaScript obfuscation. In...
---------------------------------------------
http://research.zscaler.com/2014/07/de-obfuscating-dom-based-javascript.html
*** Securing the Nest Thermostat ***
---------------------------------------------
A group of hackers are using a vulnerability in the Nest thermostat to secure it against Nests remote data collection....
---------------------------------------------
https://www.schneier.com/blog/archives/2014/07/securing_the_ne.html
*** WordPress brute force attack via wp.getUsersBlogs, (Tue, Jul 22nd) ***
---------------------------------------------
Now that the XMLRPC "pingback" DDoS problem in WordPress is increasingly under control, the crooks now seem to try brute force password guessing attacks via the "wp.getUsersBlogs" method of xmlrpc.php. ISC reader Robert sent in some logs that show a massive distributed (> 3000 source IPs) attempt at guessing passwords on his Wordpress installation. The requests look like the one shown below and are posted into xmlrpc.php. Unfortunately, the web server responds with a
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18427&rss
*** New Feature: "Live" SSH Brute Force Logs and New Kippo Client, (Wed, Jul 23rd) ***
---------------------------------------------
We are announcing a new feature we have been working on for a while, that will display live statistics on passwords used by SSH brute forcing bots. In addition, we also updated our script that will allow you to contribute data to this effort. Right now, we are supporting the kippo honeypot to collect data. This script will submit usernames, passwords and the IP address of the attacker to our system. To download the script see https://isc.sans.edu/clients/kippo/kippodshield.pl . The script uses
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18433&rss
*** Arbeit für Admins: Apache 2.4.10 stopft Sicherheitslücken ***
---------------------------------------------
Für Administratoren von Webservern, die auf Apache 2.4.x laufen, heißt es updaten. Die Apache-Entwickler haben mit der neuesten Version der Software fünf Lücken geschlossen, eine davon erlaubt das Ausführen von Schadcode aus dem Netz.
---------------------------------------------
http://www.heise.de/security/meldung/Arbeit-fuer-Admins-Apache-2-4-10-stopf…
*** How Thieves Can Hack and Disable Your Home Alarm System ***
---------------------------------------------
When it comes to the security of the Internet of Things, a lot of the attention has focused on the dangers of the connected toaster, fridge and thermostat. But a more insidious security threat lies with devices that aren't even on the internet: wireless home alarms. Two researchers say that top-selling home alarm setups can...
---------------------------------------------
http://feeds.wired.com/c/35185/f/661467/s/3cc7d302/sc/15/l/0L0Swired0N0C20A…
*** EU to Roll Out Cybercrime Taskforce ***
---------------------------------------------
International Team Will Target Cross-Border Crime Campaigns The European Union is set to launch a trial run of an international cybercrime task force that will coordinate investigations across Europe, as well as with a handful of other countries, including Australia, Canada and the United States.
---------------------------------------------
http://www.bankinfosecurity.com/eu-to-roll-out-cybercrime-taskforce-a-7093
*** The psychology of phishing ***
---------------------------------------------
Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients.
---------------------------------------------
http://www.net-security.org/article.php?id=2078
*** Just Released - The Phishing Planning Kit ***
---------------------------------------------
One of the biggest challenges with an effective phishing program is not the technology you use, but how you communicate and implement your phishing program. To assist you in getting the most out of your phishing program we have put together the Phishing Planning Kit. Based on the feedback and input of numerous security awareness officers, this kit...
---------------------------------------------
http://www.securingthehuman.org/blog/2014/07/22/phishing-planning-kit
*** Facebook Scam Leads to Nuclear Exploit Kit ***
---------------------------------------------
Attackers have become more aggressive and are now using Facebook scams to lead to exploit kits so they can control a user's system.
---------------------------------------------
http://www.symantec.com/connect/blogs/facebook-scam-leads-nuclear-exploit-k…
*** Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability ***
---------------------------------------------
CVE-2014-3322
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting ***
---------------------------------------------
Topic: SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting Risk: Low Text:I. VULNERABILITY - Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 II. BACKGROUND ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070121
*** Barracuda Networks Spam And Virus Firewall 6.0.2 XSS ***
---------------------------------------------
Topic: Barracuda Networks Spam And Virus Firewall 6.0.2 XSS Risk: Low Text:Document Title: Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability Re...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070118
*** Security Notice-Statement on the XSS Security Vulnerability in Huawei E355 ***
---------------------------------------------
Jul 23, 2014 17:37
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices…
*** SSA-214365 (Last Update 2014-07-23): Vulnerabilities in SIMATIC WinCC ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit…
*** Omron NS Series HMI Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for multiple vulnerabilities in Omron Corporation's NS series human-machine interface (HMI) terminals.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-203-01
*** Honeywell FALCON XLWeb Controllers Vulnerabilities ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on June 24, 2014, and is being released to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for vulnerabilities in Honeywell FALCON XLWeb controllers.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-175-01
*** HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP Network Vitalization. The vulnerability could be exploited remotely to allow execution of code and disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 21-07-2014 18:00 − Dienstag 22-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Retefe Bankentrojaner ***
---------------------------------------------
Die meisten [...] Bankentrojaner basieren auf technisch betrachtet ziemlich komplexen Softwarekomponenten: Verschlüsselte Konfigurationen, Man-in-the-Browser-Funktionalität, Persistenz- und Updatemechanismen, um einige zu nennen. Im letzten halben Jahr hat sich eine gänzlich neue Variante behauptet, welche erst im Februar 2014 einen Namen erhielt: Retefe.
---------------------------------------------
http://securityblog.switch.ch/2014/07/22/retefe-bankentrojaner/
*** IBM Fixes Code Execution, Cookie-Stealing Vulnerabilities in Switches ***
---------------------------------------------
IBM recently patched a handful of vulnerabilities in some of its KVM switches that if exploited, could have given an attacker free reign over any system attached to it.
---------------------------------------------
http://threatpost.com/ibm-fixes-code-execution-cookie-stealing-vulnerabilit…
*** Mobile App Wall of Shame: CNN App for iPhone ***
---------------------------------------------
The CNN App for iPhone is one of the most popular news applications available for the iPhone. At present, it is sitting at #2 in the iTunes free News app category and #165 among all free apps. Along with providing news stories, alerts and live video, it also includes iReport functionality, allowing...
---------------------------------------------
http://research.zscaler.com/2014/07/cnn-app-for-iphone.html
*** OWASP Zed Attack Proxy, (Mon, Jul 21st) ***
---------------------------------------------
Affectionately know as ZAP the OWASP Zed Attack Proxy in an excellent web application testing tool. It finds its way into the hands of experienced penetration testers, newer security administrators, vulnerability assessors, as well as auditors and the curious. One of the reasons for its popularity is the ease of use and the extensive granular capability to examine transactions. While some may know ZAP as a fork or successor to the old Paros proxy,it is so much more. Roughly 20% of the code base...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18421&rss
*** Old and Persistent Malware ***
---------------------------------------------
User error is the best reason to explain why Excel spreadsheets infected with the Laroux macro virus have been published on the China Securities Regulatory Commission website (csrc.gov.cn). The commission regulates China's financial markets and provides an online law library on their website where visitors can download various files and texts. Two of the files available in the library contain the MSEXcel.Laroux virus.
---------------------------------------------
https://blogs.cisco.com/security/old-and-persistent-malware/
*** FakeNet Malware Analysis ***
---------------------------------------------
FakeNet is a tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware's network activity from within a safe environment.
---------------------------------------------
http://www.ehacking.net/2014/07/fakenet-malware-analysis.html
*** Cisco-Routerlücke: Der mysteriöse Vorab-Patch ***
---------------------------------------------
Die kritische Sicherheitslücke, die neun Router und Kabelmodems von Cisco verwundbar für Angriffe aus dem Netz macht, ist bei deutschen Providern vor Jahren mit einem Update geschlossen worden. Allerdings bleibt unklar, warum Cisco den Fix erst jetzt öffentlich machte.
---------------------------------------------
http://www.heise.de/security/meldung/Cisco-Routerluecke-Der-mysterioese-Vor…
*** App "telemetry", (Tue, Jul 22nd) ***
---------------------------------------------
ISC reader James had just installed "Foxit Reader" on his iPhone, and had answered "NO" to the "In order to help us improve Foxit Mobile PDF, we would like to collect anonymous usage data..." question, when he noticed his phone talking to China anyway. The connected-to site was alog.umeng.com, 211.151.151.7. Umeng is an "application telemetry" and online advertising company. Below is what was sent (some of the ids are masked or have been obfuscated) I
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18425&rss
*** Massive Malware Infection Breaking WordPress Sites ***
---------------------------------------------
The last few days has brought about a massive influx of broken WordPress websites. What makes it so unique is that the malicious payload is being blindly injected which is causing websites to break. While we're still researching, we do want to share share some observations: This infection is aimed at websites built on the...
---------------------------------------------
http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.h…
*** Privacy Badger Extension Blocks Tracking Through Social Icons ***
---------------------------------------------
Online tracking has been a thorny problem for years, and as Web security companies, browser vendors and users have become more aware of the problem and smarter about how to defend themselves, ad companies and trackers have responded in kind. The advent of social networks has made it far easier for tracking companies to monitor user behavior across...
---------------------------------------------
http://threatpost.com/privacy-badger-extension-blocks-tracking-through-soci…
*** [webapps] - MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities ***
---------------------------------------------
http://www.exploit-db.com/exploits/34128
*** Apache Multiple Flaws Let Remote Users Deny Service or Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030615
*** Tenable Nessus Access Control Flaw in Web UI Lets Remote Users Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1030614
*** Apache Scoreboard / Status Race Condition ***
---------------------------------------------
Topic: Apache Scoreboard / Status Race Condition Risk: Medium Text:Hi there, --[ 0. Sparse summary Race condition between updating ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070114
*** HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP Autonomy IDOL. The vulnerability could be exploited to allow remote unauthorized access and disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Moodle rubric/advanced grading cross-site scripting ***
---------------------------------------------
Moodle rubric/advanced grading cross-site scripting
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/94724
*** OleumTech WIO Family Vulnerabilities ***
---------------------------------------------
Security researchers Lucas Apa and Carlos Mario Penagos Hollman of IOActive have identified multiple vulnerabilities in OleumTech's WIO family including the sensors and the DH2 data collector. The researchers have coordinated the vulnerability details with NCCIC/ICS-CERT and OleumTech in hopes the vendor would develop security patches to resolve these vulnerabilities. While ICS-CERT has had many discussions with both OleumTech and IOActive this past year, there has not been consensus...
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01
*** Bugtraq: Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532857
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 18-07-2014 18:00 − Montag 21-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** The Little Signature That Could: The Curious Case of CZ Solution ***
---------------------------------------------
Malware authors are always looking for new ways to masquerade their actions. Attackers are looking for their malware to be not only fully undetectable, but also appear valid on a system, so as not to draw attention. Digital signatures are...
---------------------------------------------
http://www.fireeye.com/blog/technical/2014/07/the-little-signature-that-cou…
*** Keeping the RATs out: the trap is sprung - Part 3, (Sat, Jul 19th) ***
---------------------------------------------
As we bring out three part series on RAT tools suffered upon our friends at Hazrat Supply we must visit the centerpiece of it all. The big dog in this fight is indeed the bybtt.cc3 file (Jake suspected this), Backdoor:Win32/Zegost.B. The file is unquestionably a PEDLL but renamed a .cc3 to hide on system like a CueCards Professional database file. Based on the TrendMicro writeup on this family, the backdoor drops four files, including %Program Files%\%SESSIONNAME%\{random characters}.cc3 This...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18415&rss
*** Top 10 Common Database Security Issues ***
---------------------------------------------
Introduction The database typically contains the crown jewels of any environment; it usually holds the most business sensitive information which is why it is a high priority target for any attacker. The purpose of this post is to create awareness among database administrators and security managers about some of the areas on which it is important to focus on when implementing a new database or hardening the security of an existing one.
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/07/top-10-common-database-security-is…
*** Smart Meter Attack Scenarios ***
---------------------------------------------
In our previous post, we looked at how smart meters were being introduced across multiple countries and regions, and why these devices pose security risks to their users. At their heart, a smart meter is simply... a computer. Let's look at our existing computers - whether they are PCs, smartphones, tablets, or embedded devices. Similarly, these...
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/smart-meter-atta…
*** Angriffe auf Web-Server via Wordpress-Plugin MailPoet ***
---------------------------------------------
Über eine kürzlich entdeckte Sicherheitslücke werden derzeit systematisch Server gekapert. Wer das Anfang Juli veröffentlichte Update noch nicht installiert hat, sollte das dringend nachholen.
---------------------------------------------
http://www.heise.de/security/meldung/Angriffe-auf-Web-Server-via-Wordpress-…
*** Home router security to be tested in upcoming hacking contest ***
---------------------------------------------
Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference. The contest is called SOHOpelessly Broken - a nod to the small office/home office space targeted by the products - and follows a growing number of large scale attacks this year against routers and other home embedded systems.
---------------------------------------------
http://www.cio.com/article/2455981/home-router-security-to-be-tested-in-upc…
*** Sicherheitsforscher weist auf "Hintertüren" in iOS hin ***
---------------------------------------------
Undokumentierte Systemdienste in iOS machen Angreifern das Auslesen von Nutzerdaten leicht, wenn das iPhone oder iPad mit einem Desktop-Computer lokal gepairt wurde, erklärt Jonathan Zdziarski - und hofft auf Antwort von Apple.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsforscher-weist-auf-Hintertu…
*** Call for last-minute papers for VB2014 announced ***
---------------------------------------------
Seven speaking slots waiting to be filled with presentations on hot security topics.
---------------------------------------------
http://www.virusbtn.com/news/2014/07_21.xml?rss
*** Heartbleed bedroht kritische Industrie-Kontrollsysteme ***
---------------------------------------------
Über drei Monate nach Bekanntwerden der massiven Sicherheitslücke sind immer noch zahlreiche Systeme von Siemens ungeschützt.
---------------------------------------------
http://futurezone.at/digital-life/heartbleed-bedroht-kritische-industrie-ko…
*** VMSA-2014-0006.8 ***
---------------------------------------------
VMware product updates address OpenSSL security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
*** EMC RecoverPoint Internal Firewall Ruleset Error Lets Remote Users Bypass the Firewall ***
---------------------------------------------
http://www.securitytracker.com/id/1030608
*** DSA-2981 polarssl ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2981
*** DSA-2982 ruby-activerecord-3.2 ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2982
*** IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** VU#688812: Huawei E355 contains a stored cross-site scripting vulnerability ***
---------------------------------------------
Vulnerability Note VU#688812 Huawei E355 contains a stored cross-site scripting vulnerability Original Release date: 21 Jul 2014 | Last revised: 21 Jul 2014 Overview The Huawei E355 built-in web interface contains a stored cross-site scripting vulnerability. Description Huawei E355 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to receive SMS messages using the connected cellular network.CWE-79: Improper...
---------------------------------------------
http://www.kb.cert.org/vuls/id/688812
*** Bugtraq: CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs. ***
---------------------------------------------
Vendor: Elasticsearch
Product: Logstash
CVE: CVE-2014-4326
Affected versions: Logstash 1.0.14 through 1.4.1
---------------------------------------------
http://www.securityfocus.com/archive/1/532841
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 17-07-2014 18:00 − Freitag 18-07-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** SQL Injection Vulnerability - vBulletin 5.x ***
---------------------------------------------
The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member list page. Every vBulletin user needs to upgrade to the latest version asap. vBulletin is a very popular forum sofware used on more than ..
---------------------------------------------
http://blog.sucuri.net/2014/07/sql-injection-on-vbulletin-5-x.html
*** Siemens OpenSSL Vulnerabilities ***
---------------------------------------------
Siemens has identified four vulnerabilities in its OpenSSL cryptographic software library affecting several Siemens industrial products. Updates are available for APE 2.0.2 and WinCC OA (PVSS). The ROX 1, ROX 2, S7-1500, and CP1543-1 products do not have a patch at this time; however, Siemens has made mitigation recommendations. Siemens is continuing to work on patching these vulnerabilities.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-198-03
*** Cogent DataHub Code Injection Vulnerability ***
---------------------------------------------
NCCIC/ICS-CERT has become aware of a code injection vulnerability affecting the Cogent DataHub application produced by Cogent Real-Time Systems, Inc. (hereafter referred to as Cogent). Security researcher John Leitch reported this vulnerability to the Zero Day Initiative (ZDI), who then reported it directly to Cogent. Successful exploitation of this vulnerability could allow remote execution of arbitrary code.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-198-01
*** Advantech WebAccess Vulnerabilities ***
---------------------------------------------
NCCIC/ICS-CERT received a report from the Zero Day Initiative (ZDI) concerning vulnerabilities affecting the Advantech WebAccess application. These vulnerabilities were reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others. Advantech has produced an updated software version that mitigates these vulnerabilities.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-198-02
*** Mitigating UAF Exploits with Delay Free for Internet Explorer ***
---------------------------------------------
After introducing the 'isolated heap' in June security patch for Internet Explorer, Microsoft has once again introduced several improvements in the July patch for Internet Explorer. The most interesting and smart improvement is one which we will call 'delay free.' This improvement is designed to mitigate Use After Free (UAF) vulnerability exploits ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/mitigating-uaf-e…
*** DSA-2979 fail2ban ***
---------------------------------------------
Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resulting in denial of service.
---------------------------------------------
http://www.debian.org/security/2014/dsa-2979
*** Bugtraq: Microsoft MSN HBE - Blind SQL Injection Vulnerability ***
---------------------------------------------
A boolean-based blind SQL Injection web vulnerability has been detected in the official MSN (habitos.be.msn.com) web application Service. The vulnerability allows remote attackers to inject own sql commands to compromise the affected ..
---------------------------------------------
http://www.securityfocus.com/archive/1/532830
*** Critroni Crypto Ransomware Seen Using Tor for Command and Control ***
---------------------------------------------
There's a new kid on the crypto ransomware block, known as Critroni, that's been sold in underground forums for the last month or so and is now being dropped by the Angler exploit kit. The ransomware includes a number of unusual features and researchers say ..
---------------------------------------------
http://threatpost.com/critroni-crypto-ransomware-seen-using-tor-for-command…
*** LibreSSL: Linuxer und OpenBSDler raufen sich zusammen ***
---------------------------------------------
Anhand der Probleme bei der Portierung von LibreSSL auf andere Plattformen wie Linux kann man erkennen, wie aus OpenSSL so ein Security-Alptraum werden konnte. Und der ist noch längst nicht vorbei.
---------------------------------------------
http://www.heise.de/security/meldung/LibreSSL-Linuxer-und-OpenBSDler-raufen…