Daily July 2014

daily@lists.cert.at

1 participants
23 discussions

Tageszusammenfassung - Donnerstag 17-07-2014
by Daily end-of-shift report 17 Jul '14

17 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-07-2014 18:00 − Donnerstag 17-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Kritische Sicherheitslücke gefährdet Router und Modems von Cisco *** --------------------------------------------- Neun Consumer-Router und Kabelmodems von Cisco sind anfällig für eine kritische Lücke, die es Angreifern aus dem Netz ermöglicht, das Gerät zu kapern. Auch deutsche Provider setzten die betroffenen Modelle ein. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Sicherheitsluecke-gefaehrdet… *** Cisco Wireless Residential Gateway Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscos… *** Cisco Cable Modem Buffer Overflow Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A remote user can send a specially crafted HTTP request to the target device to trigger a buffer overflow and execute arbitrary code on the target system. --------------------------------------------- http://www.securitytracker.com/id/1030598 *** Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- The specific flaw exists within the updating of mod_status. A race condition in mod_status allows an attacker to disclose information or corrupt memory with several requests to endpoints with handler server-status and other endpoints. By abusing this flaw, an attacker can possibly disclose credentials or leverage this situation to achieve remote code execution. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-236/ *** Zusatzinformationen zum Interview im Standard *** --------------------------------------------- Zusatzinformationen zum Interview im Standard16. Juli 2014Wir freuen uns (fast) immer, wenn wir in Medien zitiert werden, und wir damit eine deutlich breitere Masse erreichen, als nur über unsere direkten Kanäle (Webseite, RSS, Mail, Twitter).Nur: Interviews müssen meist recht schnell gehen, Journalisten arbeiten täglich mit harten Deadlines und auf Papier gibt es beschränkten Platz und keine Hyperlinks.Daher will ich hier ein bisschen Kontext zum Interview geben, das .. --------------------------------------------- http://www.cert.at/services/blog/20140716101643-1199.html *** SA-CORE-2014-003 - Drupal core - Multiple vulnerabilities *** --------------------------------------------- Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. (Denial of Service, Cross Site Scripting, Access Bypass) --------------------------------------------- https://www.drupal.org/SA-CORE-2014-003 *** SA-CONTRIB-2014-071 - FileField - Access bypass *** --------------------------------------------- A vulnerability was discovered in the FileField third-party module that could allow attackers to gain access to private files. --------------------------------------------- https://www.drupal.org/node/2304561 *** Kaum eingeführt, schon umgestellt: Apple verbessert iCloud-Mail-Verschlüsselung *** --------------------------------------------- Nur wenige Tage nach der Einführung einer Transportverschlüsselung für Apples iCloud-Mail-Dienste bessert der Konzern nach. Zumindest einige Server genügen jetzt aktuellen Anforderungen an gute Verschlüsselung. --------------------------------------------- http://www.heise.de/security/meldung/Kaum-eingefuehrt-schon-umgestellt-Appl… *** Pushdo Trojan outbreak: 11 THOUSAND systems infected in just 24 hours *** --------------------------------------------- A wave of attacks by cybercrooks pushing a new variant of the resilient Pushdo Trojan has compromised more than 11,000 systems in just 24 hours. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/17/pushdo_troj… *** Paper: Mayhem - a hidden threat for *nix web servers *** --------------------------------------------- New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system. --------------------------------------------- http://www.virusbtn.com/news/2014/07_17.xml *** Havex, It's Down With OPC *** --------------------------------------------- FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as 'Fertger' or 'PEACEPIPE'), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in .. --------------------------------------------- http://www.fireeye.com/blog/technical/targeted-attack/2014/07/havex-its-dow…

1 0

Tageszusammenfassung - Mittwoch 16-07-2014
by Daily end-of-shift report 16 Jul '14

16 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 15-07-2014 18:00 − Mittwoch 16-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** SSL Black List Aims to Publicize Certificates Associated With Malware *** --------------------------------------------- Malware and botnet operators are always adapting their tactics, trying to stay a step or two ahead of defensive technologies and techniques. One of the methods many attackers have adopted is using SSL to communicate with the infected machines they control, and a researcher has started a new .. --------------------------------------------- http://threatpost.com/ssl-black-list-aims-to-publicize-certificates-associa… *** Early Review of LibreSSL Finds Problematic PRNG *** --------------------------------------------- A critical vulnerability was reported in the random number generator in LibreSSL, a fork of OpenSSL. LibreSSL preview versions were released this weekend. --------------------------------------------- http://threatpost.com/early-review-of-libressl-finds-problematic-prng/107239 *** Critical Patch Update - July 2014 *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html *** About Two Recently Patched IBM DB2 LUW Vulnerabilities *** --------------------------------------------- IBM recently released patches for three security vulnerabilities affecting various versions of DB2 for Linux, Unix and Windows. This post will explore some more technical details of two of these vulnerabilities (CVE-2014-0907 and CVE-2013-6744) to help database administrators assess the risk of .. --------------------------------------------- http://blog.spiderlabs.com/2014/07/about-two-ibm-db2-luw-vulnerabilities-pa… *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix .. --------------------------------------------- http://support.citrix.com/article/CTX140984 *** Elipse E3 Scada PLC Denial Of Service *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070083 *** [2014-07-16] Multiple SSRF vulnerabilities in Alfresco Community Edition *** --------------------------------------------- The Alfresco Community Edition Server is prone to multiple Server Side Request Forgery vulnerabilities allowing access to internal resources for an unauthenticated attacker. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** HP Data Protector, Remote Execution of Arbitrary Code *** --------------------------------------------- A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. --------------------------------------------- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDispl… *** [2014-07-16] Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client" *** --------------------------------------------- Remote attackers can execute arbitrary code and execute other attacks on computers with the OpenVPN Access Server "Desktop Client" installed. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-07-16] Multiple critical vulnerabilities in Bitdefender GravityZone *** --------------------------------------------- Attackers are able to completely compromise the Bitdefender GravityZone solution as they can gain system and database level access. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Schwachstelle in Symfony: W0rm hackt Cnet *** --------------------------------------------- Die russische Hackergruppe W0rm hat sich Zugang zu den Servern der Nachrichtenwebseite Cnet verschafft. Die Datenbank mit Benutzerdaten wollen die Hacker für einen symbolische Betrag von einem Bitcoin verkaufen. --------------------------------------------- http://www.golem.de/news/schwachstelle-in-symfony-w0rm-hackt-cnet-1407-1079… *** Common Misconceptions IT Admins Have on Targeted Attacks *** --------------------------------------------- In our efforts around addressing targeted attacks, we often work with IT administrators from different companies in dealing with threats against their network. During these collaborations, we've recognized certain misconceptions that IT administrators - or perhaps enterprises in general - have in terms of targeted attacks. I will cover some of them in this .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/common-misconcep…

1 0

Tageszusammenfassung - Dienstag 15-07-2014
by Daily end-of-shift report 15 Jul '14

15 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 14-07-2014 18:00 − Dienstag 15-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Introduction to Smart Meters *** --------------------------------------------- While wearable personal technology may be the most 'public' face of the Internet of Everything, the most widespread use of it may be in smart meters. What is a smart meter, exactly? It's a meter for utilities (electricity, gas, or water) that records the consumption of the utility in question, and transmits it .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/introduction-to-… *** Disclosure: Insecure Nonce Generation in WPtouch *** --------------------------------------------- If you use the popular WPtouch plugin (5m+ downloads) on your WordPress website, you should update it immediately. During a routine audit for our WAF, we discovered a very dangerous vulnerability that could potentially allow a user with no administrative privileges, who was logged in .. --------------------------------------------- http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wpto… *** Five Year Old Phishing Campaign Unveiled *** --------------------------------------------- Details have been disclosed on a five-year-old phishing campaign where in attackers have pilfered victims's login credentials from Google, Yahoo, Facebook, Dropbox and Skype. --------------------------------------------- http://threatpost.com/five-year-old-phishing-campaign-unveiled/107197 *** OpenVPN PrivateTunnel ptservice privilege escalation *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/94482 *** HP StoreVirtual Bugs Let Remote Users Obtain Information and Remote Authenticated Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1030567 *** Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway, formerly known .. --------------------------------------------- http://support.citrix.com/article/CTX140863 *** iCloud-Mail-Versand jetzt auch verschlüsselt *** --------------------------------------------- Als einer der letzten grossen Mail-Provider hat Apple nun die Sicherung des Transports gegen einfaches Mitlesen eingeschaltet. Die eingesetzten Verfahren lassen allerdings viel zu wünschen übrig. --------------------------------------------- http://www.heise.de/security/meldung/iCloud-Mail-Versand-jetzt-auch-verschl… *** OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070078 *** Oracle zur Zukunft von Java 7 unter Windows XP *** --------------------------------------------- Java 7 wird bis frühestens April 2015 mit Security-Updates versorgt. Alle weiteren Releases der vorletzten Java-Version bis dahin werden auch weiterhin mit dem nicht mehr von Microsoft offiziell unterstützten Windows XP funktionieren. --------------------------------------------- http://www.heise.de/security/meldung/Oracle-zur-Zukunft-von-Java-7-unter-Wi… *** The 'Forbidden' Apple: App Stores and the Illusion of Control Part I *** --------------------------------------------- There is no doubt we truly live in an 'App Economy.' From personal to professional, we direct and live our lives through our smart phones. But while we enjoy the latest games, stream the latest content or catch up on our friends activities, few think .. --------------------------------------------- http://research.zscaler.com/2014/07/the-forbidden-apple-app-stores-and.html *** And the mice will 'Play': App Stores and the Illusion of Control Part II *** --------------------------------------------- In the last blog, we began analyzing what we've termed the vApp Dichotomy' of the App Economy - The fact that we are at least as much the consumed, as we are the consumer. Our goal was to analyze popular apps from Apple's App Store and Google Play to .. --------------------------------------------- http://research.zscaler.com/2014/07/and-mice-will-play-app-stores-and.html *** Project Zero: Google baut Internet-Sicherheitsteam auf *** --------------------------------------------- Mit Vollzeit-Entwicklern im Project Zero will Google, das Sicherheitsforschung bisher nur nebenbei betrieben hat, das Internet sicherer machen und politisch Verfolgten helfen. --------------------------------------------- http://www.golem.de/news/project-zero-google-baut-internet-sicherheitsteam-… *** New Kronos Banking Malware Advertised On Russian Forums *** --------------------------------------------- Researchers have spotted a new banking Trojan advertised for sale on Russian forums. Kronos promises features that help it evade detection and analysis, such as a Ring3 rootkit. --------------------------------------------- http://threatpost.com/new-kronos-banking-malware-advertised-on-russian-foru…

1 0

Tageszusammenfassung - Montag 14-07-2014
by Daily end-of-shift report 14 Jul '14

14 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 11-07-2014 18:00 − Montag 14-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Oracle to release 115 security patches *** --------------------------------------------- Oracle is planning to release 115 security patches for vulnerabilities affecting a wide array of its products, including its flagship database, Java SE, Fusion Middleware and business applications. The update includes fixes for 20 weaknesses in Java SE, all of which can be exploited by an attacker remotely, without the need for login credentials, .. --------------------------------------------- http://www.cio.com/article/2453362/oracle-to-release-115-security-patches.h… *** VU#917348: Datum Systems satellite modem devices contain multiple vulnerabilities *** --------------------------------------------- The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no credentials required, which allows open access to sensitive areas of the file system. A remote unauthenticated attacker may be able to gain full control of the device. --------------------------------------------- http://www.kb.cert.org/vuls/id/917348 *** Cisco ASA CIFS Share Enumeration Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the WebVPN Common Internet File System (CIFS) access function of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, remote attacker to trigger a reload of the affected device. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Juniper Junos Unspecified Command Line Interface Flaw Lets Local Users Gain Root Privileges *** --------------------------------------------- A local user on the command line interface can invoke certain combinations of commands to gain root privileges on the target system. --------------------------------------------- http://www.securitytracker.com/id/1030559 *** Dell Sonicwall Scrutinizer 11.01 Code Execution / SQL Injection *** --------------------------------------------- Dell Sonicwall Scrutinizer suffers from several SQL injections, many of which can end up with remote code execution. An attacker needs to be authenticated, but not as an administrator. However, that wouldn not stop anyone since there is also a privilege escalation vulnerability in that .. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070065 *** Schrack MICROCONTROL XSS / Disclosure / Weak Default Password *** --------------------------------------------- The Microcontrol emergency light system, distributed by Schrack Technik GmbH, is an autarchic emergency light system, which is configurable over a web interface. Through the vulnerabilities described in this advisory an attacker can reconfigure the whole emergency light system without authentication. Furthermore he can perform attacks.. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070067 *** 'Gameover' malware returns from the dead *** --------------------------------------------- In early June 2014, a internationally co-ordinated law enforcement effort against the criminals behind the infamous Gameover malware pretty much wiped out their botnet altogether. Bad news - it looks as though Gameover is back... --------------------------------------------- http://nakedsecurity.sophos.com/2014/07/13/gameover-malware-returns-from-th… *** Popular password protection programs p0wnable *** --------------------------------------------- LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword all flawed Researchers have detailed a series of quickly patched vulnerabilities in five popular password managers that could allow attackers to steal user credentials. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/14/popular_web… *** Beware Keyloggers at Hotel Business Centers *** --------------------------------------------- The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests. --------------------------------------------- http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-cent… *** The Internet of Things: How do you "on-board" devices?, (Mon, Jul 14th) *** --------------------------------------------- Certified pre-pw0ned devices are nothing new. We talked years ago about USB picture frames that came with malware pre-installed. But for the most part, the malware was added to the device accidentally, or for example by customers who later returned the device just to have it resold without adequately resetting/wiping the device. But more recently, more evidence emerged that .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18387&rss *** Verschlüsselung: LibreSSL wird flügge *** --------------------------------------------- Die Entwickler des OpenSSL-Forks LibreSSL haben die erste Version ihrer Software veröffentlicht, die andere Plattformen als OpenBSD unterstützt. Damit schickt sich die SSL-Bibliothek an, eine echte Alternative zum Heartbleed-geplagten OpenSSL zu werden. --------------------------------------------- http://www.heise.de/security/meldung/Verschluesselung-LibreSSL-wird-fluegge… *** Understanding Ransomware *** --------------------------------------------- Our Cyber Defence Operations team, led by David Cannings, has published a new whitepaper on understanding ransomware. It looks at the impact, evolution and defensive strategies that can be employed by organisations. While the paper is primarily focused on Microsoft Windows due to the historic .. --------------------------------------------- https://www.nccgroup.com/en/blog/2014/07/understanding-ransomware/ *** VU#204988: Kaseyas agent driver contains NULL pointer dereference *** --------------------------------------------- Kaseyas agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference. A local authenticated attacker may be able to crash the application, thereby causing a denial of service. Kaseya has .. --------------------------------------------- http://www.kb.cert.org/vuls/id/204988 *** WordPress Download Manager 2.6.8 Shell Upload *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070062 *** Shopizer 1.1.5 Code Execution / XSS / CSRF / Data Manipulation *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070066

1 0

Tageszusammenfassung - Freitag 11-07-2014
by Daily end-of-shift report 11 Jul '14

11 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 10-07-2014 18:00 − Freitag 11-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Finding the Clowns on the Syslog Carousel, (Thu, Jul 10th) *** --------------------------------------------- So often I see clients faithfully logging everything from the firewalls, routers and switches - taking terabytes of disk space to store it all. Sadly, the interaction after the logs are created is often simply to make sure that the partition doesnt fill up - either old logs are just deleted, or each month logs are burned to DVD and filed away. The comment I often get is that logs entries are complex, and that the sheer volume of information makes it impossible to make sense of it. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18373&rss *** Security Advisory 2982792 released, Certificate Trust List updated *** --------------------------------------------- Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With this update, most customers will be automatically protected against this issue and will not need to take any action. If you do not have automatic updates enabled, or if you are on Windows Server... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2014/07/10/security-advisory-298279… *** Weekly Metasploit Update: Another Meterpreter Evasion Option *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/07/10/weekly-me… *** Website Malware - Mobile Redirect to BaDoink Porn App *** --------------------------------------------- A few weeks ago we reported that we were seeing a huge increase in the number of web sites compromised with a hidden redirection to pornographic content. It was a very tricky injection, with the redirection happening only once per day per IP address and only if the visitor was using a mobile device... --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/pAisQqonxQM/website-malware-m… *** VU#712660: Raritian PX power distribution software is vulnerable to the cipher zero attack. *** --------------------------------------------- Vulnerability Note VU#712660 Raritian PX power distribution software is vulnerable to the cipher zero attack. Original Release date: 10 Jul 2014 | Last revised: 10 Jul 2014 Overview Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. Description CWE-287: Improper Authentication - --------------------------------------------- http://www.kb.cert.org/vuls/id/712660 *** Oracle Critical Patch Update - July 2014 - Pre-Release Announcement *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html *** Cisco ASA Filter and Inspect Overlap Denial of Service Vulnerability *** --------------------------------------------- CVE-2013-5567 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Adobe Flash: The most INSECURE program on a UK users PC *** --------------------------------------------- XML a weak spot, but nothings as dire as Adobe player Adobe Flash Player was the most insecure program installed on UK computer users PCs throughout the second quarter of 2014, according to stats from vulnerability management firm Secunia. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/10/secunia_pc_… *** Crooks Seek Revival of "Gameover Zeus" Botnet *** --------------------------------------------- Cybercrooks today began taking steps to resurrect the Gameover ZeuS botnet, a complex crime machine that has been blamed for the theft more than $100 million from banks, businesses and consumers worldwide. The revival attempt comes roughly five weeks after the FBI joined several nations, researchers and security firms in a global and thus far successful effort to eradicate it. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/yLU9-y_8J-k/ *** VMSA-2014-0006.7 *** --------------------------------------------- VMware product updates address OpenSSL security vulnerabilities --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0006.html *** DSA-2976 eglibc *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-2976 *** osCommerce 2.3.4 - Multiple vulnerabilities *** --------------------------------------------- Topic: osCommerce 2.3.4 - Multiple vulnerabilities Risk: Medium Text:#Title: osCommerce 2.3.4 - Multiple vulnerabilities #Date: 10.07.14 #Affected versions: => 2.3.4 (latest atm) #Vendor: oscom... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070059 *** C99 Shell Authentication Bypass via Backdoor *** --------------------------------------------- Topic: C99 Shell Authentication Bypass via Backdoor Risk: Medium Text:# Exploit Title: C99 Shell Authentication Bypass via Backdoor # Google Dork: inurl:c99.php # Date: June 23, 2014 # Exploit A... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070057 *** Exploit emerges for LZO algo hole *** --------------------------------------------- Take one Nyan Cat, add Firefox and hope your Linux distro has been patched Security Mouse security researcher Don A Bailey has showcased an exploit of the Lempel-Ziv-Oberhumer (LZ0) compression algorithm running in the Mplayer2 media player and says it could leave some Linuxes vulnerable to attack. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/11/firefox_lzo… *** Microsoft entzieht Indischer CA das Vertrauen *** --------------------------------------------- Als Konsequenz auf die missbräuchlich ausgestellten Google-Zertifikate hat Microsoft die betroffenen SubCAs auf die Sperrliste gesetzt. Darüber hinaus wurde das ganze Ausmaß des Zwischenfalls bekannt: Betroffen sind 45 Domains - auch von Yahoo. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-entzieht-Indischer-CA-das-Ve… *** Lack of Certificate Pinning Exposes Encrypted iOS Gmail App Communication *** --------------------------------------------- Google has failed to implement certificate pinning in its official iOS Gmail application, which could enable Man-in-the-Middle attacks exposing encrypted user communications. --------------------------------------------- http://threatpost.com/lack-of-certificate-pinning-exposes-encrypted-ios-gma…

1 0

Tageszusammenfassung - Donnerstag 10-07-2014
by Daily end-of-shift report 10 Jul '14

10 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 09-07-2014 18:00 − Donnerstag 10-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** MSRT July 2014 - Caphaw *** --------------------------------------------- This month we added Win32/Caphaw and Win32/Bepush to the Malicious Software Removal Tool (MSRT). Caphaw is a malware family that can be used by criminals to gain access to your PC - the ultimate goal is to steal your financial or banking-related information. The graph below shows the number of machine encounters we have seen since September 2013. Figure 1: Caphaw encounters Caphaw can be installed on a PC via malicious links posted on Facebook, YouTube, and Skype. It can also spread through --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/07/08/msrt-july-2014-caphaw.as… *** International Authorities Take Down Shylock Banking Malware *** --------------------------------------------- Europol announced today that it, along with international law enforcement and industry partners, conducted a successful takedown of the infrastructure supporting the Shylock banking malware. --------------------------------------------- http://threatpost.com/international-authorities-take-down-shylock-banking-m… *** Certificate Errors in Office 365 Today, (Thu, Jul 10th) *** --------------------------------------------- It looks like theres a mis-assignment of certificates today at Office 365. After login, the redirect to portal.office.com reports the following error: portal.office.com uses an invalid security certificate. The certificate is only valid for the following names: *.bing.com, *.platform.bing.com, bing.com, ieonline.microsoft.com, *.windowssearch.com, cn.ieonline.microsoft.com, *.origin.bing.com, *.mm.bing.net, *.api.bing.com, ecn.dev.virtualearth.net, *.cn.bing.net, *.cn.bing.com, *.ssl.bing.com, --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18371&rss *** ZDI-14-224: (0Day) Embarcadero ER/Studio Data Architect TSVisualization ActiveX loadExtensionFactory Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Embarcadero ER/Studio Data Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-224/ *** SA-CONTRIB-2014-069 - Logintoboggan - Access Bypass and Cross Site Scripting (XSS) *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-069Project: LoginToboggan (third-party module)Version: 7.xDate: 2014-July-09Security risk: Moderately criticalExploitable from: RemoteVulnerability: Cross Site Scripting, Access bypassDescriptionThis module enables you to customise the standard Drupal registration and login processes.Cross Site ScriptingThe module doesnt filter user-supplied information from the URL resulting in a reflected Cross Site Scripting (XSS) vulnerability.Access BypassThe module --------------------------------------------- https://www.drupal.org/node/2300369 *** Cisco WebEx Meetings Client Vulnerabilities *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco Unified Communications Manager DNA Vulnerabilities *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products *** --------------------------------------------- cisco-sa-20140709-struts2 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Infoblox NetMRI Input Validation Flaw Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1030541 *** [2014-07-10] Multiple critical vulnerabilities in Shopizer webshop *** --------------------------------------------- The webshop software Shopizer is affected by multiple critical vulnerabilities. Attackers are able to completely compromise the system through arbitrary code execution or manipulate product prices or customer data. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-07-10] Multiple high risk vulnerabilities in Shopizer webshop *** --------------------------------------------- The webshop software Shopizer is affected by multiple high risk vulnerabilities. Attackers are able to bypass authentication / authorization and access invoice data of other customers. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-07-10] Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system *** --------------------------------------------- Unauthenticated attackers are able to reconfigure the Schrack MICROCONTROL emergency light system by accessing the file system via telnet or FTP. Furthermore a weak default password can be exploited. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-07-10] Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu *** --------------------------------------------- The vulnerability in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu enables an attacker to extract all the configured passwords without authentication. The attacker can use the extracted passwords to access the WebVisu and control the system. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Vulnerability in Citrix XenDesktop could result in unauthorized access to another users desktop *** --------------------------------------------- Severity: High Description of Problem A vulnerability has been identified in Citrix XenDesktop that could result in a user gaining unauthorized interactive access to another user's desktop. --------------------------------------------- http://support.citrix.com/article/CTX139591 *** HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Cloud Service Automation. The vulnerability could be exploited to allow unauthorized access and disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Software Operation Orchestration. The vulnerabilities could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Vuln: PHP unserialize() Function Type Confusion Security Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/68237

1 0

Tageszusammenfassung - Mittwoch 9-07-2014
by Daily end-of-shift report 09 Jul '14

09 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 08-07-2014 18:00 − Mittwoch 09-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** "Weaponized" exploit can steal sensitive user data on eBay, Tumblr, et al. *** --------------------------------------------- Google and Twitter already patched against potent "Rosetta Flash" attack. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/B_J-82SKyS4/ *** Who owns your typo?, (Wed, Jul 9th) *** --------------------------------------------- Heres one way how to get at sensitive data that seems to be making a comeback. Already in the olden days, it was popular with the crooks to register domain names that only differed by a typo from the name of a legitimate high traffic site. Googl.com, for example. The crooks would then run web pages with lots of advertisements on these domains, and live happily ever after from the ad revenue that the misdirected typo traffic alone brought their way. Google put a stop to this by registering, for --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18363&rss *** Exploiting IoT technologies *** --------------------------------------------- How many Internet of Things (IoT) devices do you have? From smart TVs to coffee machines, these devices are becoming more and more popular in both homes and offices. A team of researchers at NCC Group, led by technical director, Paul Vlissidis, conducted research into a number of IoT devices and looked at some of the ways that an attacker could exploit them. The team, which also consisted of Pete Beck and Felix Ingram, principal consultants, conducted a live demonstration which explored the --------------------------------------------- https://www.nccgroup.com/en/blog/2014/07/exploiting-iot-technologies/ *** Who inherits your IP address?, (Wed, Jul 9th) *** --------------------------------------------- Somewhat similar to the typo squatting story earlier, the recent proliferation of cloud service usage by enterprises has led to a new problem. For a project at a community college, we needed a couple servers, and didnt want (or have the funds) to build them on-site. In view of the limited duration of the experiment, we decided to "rent" the boxes as IaaS (infrastructure as a service) devices from two "cloud" providers. So far, all went well. But when we brought the instances --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18365&rss *** Yahoo Patches Bugs in Mail, Messenger, Flickr *** --------------------------------------------- Yahoo recently fixed a trio of remotely exploitable vulnerabilities in its services that could have let attackers execute a handful of nefarious tricks. --------------------------------------------- http://threatpost.com/yahoo-fixes-trio-of-bugs-in-mail-messenger-flickr/107… *** Trojan:W32/Lecpetex: Bitcoin miner spreading via FB messages *** --------------------------------------------- In early March this year, while investigating various threats as part of our Facebook malware cleanup effort, we ran across an interesting one that was spreading in zipped files attached to messages.The messages themselves were classic social engineering bait that lead the users to install the executable file in the attachment, which turned out to be a Bitcoin miner, which we identify as Trojan:W32/Lecpetex. Some of the more interesting details of our analysis are presented in our Lecpetex --------------------------------------------- http://www.f-secure.com/weblog/archives/00002725.html *** Indien stellte falsche Google-Zertifikate aus *** --------------------------------------------- Erneut kam es zu einem schwerwiegenden Zwischenfall bei einem Herausgeber von SSL-Zertifikaten: Die staatlich betriebene CA von Indien hat unter anderem Zertifikate für Google-Dienste herausgegeben. Diese eignen sich zum Ausspähen von SSL-Traffic. --------------------------------------------- http://www.heise.de/security/meldung/Indien-stellte-falsche-Google-Zertifik… *** DPAPI vulnerability allows intruders to decrypt personal data *** --------------------------------------------- Passcape Software has discovered a DPAPI vulnerability that could potentially lead to unauthorized decryption of personal data and passwords of interactive domain users. The vulnerability is present in all Windows Server operating systems. --------------------------------------------- http://www.net-security.org/secworld.php?id=17094 *** ATTACK of the Windows ZOMBIES on point-of-sale terminals *** --------------------------------------------- Infosec bods infiltrate botnet, uncover crap password security Security watchers have spotted a fresh Windows-based botnet that attempts to hack into point-of-sale systems. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/09/botnet_brut… *** Security updates available for Adobe Flash Player (APSB14-17) *** --------------------------------------------- July 8, 2014 --------------------------------------------- http://blogs.adobe.com/psirt/?p=1108 *** MS14-JUL - Microsoft Security Bulletin Summary for July 2014 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-JUL *** Assessing risk for the July 2014 security updates *** --------------------------------------------- Today we released six security bulletins addressing 29 unique CVE's. Two bulletins have a maximum severity rating of Critical, three have maximum severity Important, and one is Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. --------------------------------------------- http://blogs.technet.com/b/srd/archive/2014/07/08/assessing-risk-for-the-ju… *** VMSA-2014-0006.6 *** --------------------------------------------- VMware product updates address OpenSSL security vulnerabilities --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0006.html *** Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability *** --------------------------------------------- CVE-2014-3313 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Yokogawa Centum Buffer Overflow Vulnerability *** --------------------------------------------- Advisory Document --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01 *** DSA-2974 php5 *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-2974 *** DSA-2973 vlc *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-2973 *** HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Operations Analytics. The vulnerability could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** ABB Relion 650 Series OpenSSL Vulnerability (Update A) *** --------------------------------------------- Advisory Document --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-126-01A *** Cisco IOS Software and Cisco IOS XE Software NTP Access Group Vulnerability *** --------------------------------------------- CVE-2014-3309 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-14:17.kmem *** --------------------------------------------- http://www.securityfocus.com/archive/1/532698 *** Juniper Security Bulletins *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10634&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10633&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10638&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10637&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10641&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10635&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10613&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10640&actp=RSS *** IBM Security Bulletin: IBM InfoSphere Guardium System x/Flex Systems appliances are affected by vulnerabilities in OpenSSL *** --------------------------------------------- IBM InfoSphere Guardium System x/Flex Systems appliances are affected by vulnerabilities in OpenSSL (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470) Security vulnerabilities have been discovered in OpenSSL. CVE(s): CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-5298 Affected product(s) and affected version(s): Hardware versions affected: InfoSphere Guardium Collector X1000 InfoSphere --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: Rational Systems Tester is affected by Libxml2 vulnerability (CVE-2014-0191) *** --------------------------------------------- Denial-Of-service vulnerability has been discovered in Libxml2 that was reported on May 09, 2014 CVE(s): CVE-2014-0191 Affected product(s) and affected version(s): Rational Systems Tester 3.3, 3.3.0.1, 3.3.0.2, 3.3.0.3, 3.3.0.4, 3.3.0.5, 3.3.0.6, 3.3.0.7 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21678183 X-Force Database: http://xforce.iss.net/xforce/xfdb/93092 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Dienstag 8-07-2014
by Daily end-of-shift report 08 Jul '14

08 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 07-07-2014 18:00 − Dienstag 08-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Multi Platform *Coin Miner Attacking Routers on Port 32764, (Mon, Jul 7th) *** --------------------------------------------- Thanks to reader Gary for sending us in a sample of a *Coin miner that he found attacking Port 32764. Port 32764 was recently found to offer yet another backdoor on Sercomm equipped devices. We covered this backdoor before [1] The bot itself appears to be a variant of the "zollard" worm sean before by Symantec [2]. Symantecs writeup describes the worm as attacking a php-cgi vulnerability, not the Sercomm backdoor. But this worm has been seen using various exploits. Here some quick,... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18353&rss *** When Adware Goes Bad: The Installbrain and Sefnit Connection *** --------------------------------------------- "Monetize On Non-buyers" is the bold motto of InstallBrain-adware that turns out to have been developed by an Israeli company called iBario Ltd. This motto clearly summarizes the potential risks adware companies can introduce to users, especially when they install stuff on... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nRXcb4Udr5o/ *** IEEE expands malware initiatives *** --------------------------------------------- Clearing-house for software metadata Standards body the IEEE has launched two new anti-malware initiatives designed to help software and security vendors spot malware thats been inserted into other software, and improve the performance of malware detection by cutting down on false positives. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/08/ieee_expand… *** NTT Group 2014 Global Threat Intelligence Report *** --------------------------------------------- The NTT Group 2014 Global Threat Intelligence Report (GTIR) emphasizes that the security basics, when done right, can be enough to mitigate and even avoid high-profile, costly data breaches altogether. Using statistics and real-world case studies, the report shows that combining threat avoidance and threat response capabilities into a strategic approach provides the best chance to reduce the impact of threats. --------------------------------------------- http://www.solutionary.com/research/threat-reports/annual-threat-report/ntt… *** Paper: VBA is not dead! *** --------------------------------------------- Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate. --------------------------------------------- http://www.virusbtn.com/news/2014/07_07.xml?rss *** Android Vulnerability Allows Applications to Make Unauthorized Calls without Permissions *** --------------------------------------------- A major vulnerability believed to be present in most versions of Android can allow a malicious Android applications on the Android app store to make phone calls on a user's device, even when they lack the necessary permissions. The critical vulnerability was identified and reported to Google Inc. late last year by researchers from German security firm Curesec. The researchers believe the... --------------------------------------------- http://thehackernews.com/2014/07/android-vulnerability-allows.html *** Google Android / eduroam-Zugangsdaten *** --------------------------------------------- Bei mobilen Geräten mit Android-Betriebssystem ist die Default-Konfiguration für die Option CA-Zertifikat für WLAN-Verbindungen "keine Angabe". Konkret bedeutet dieses als normal dokumentierte Verhalten, dass die Prüfung der Zertifikatskette komplett deaktiviert ist, d.h. jedes beliebige Zertifikat wird ohne weitere Warnung akzeptiert. Erschwerend kommt hinzu,... --------------------------------------------- https://www.dfn-cert.de/aktuell/Google-Android-Eduroam-Zugangsdaten.html *** How not to tell your customers how much you care about their security *** --------------------------------------------- Weve written before about "what not to do" when sending emails to your customers. Heres another example, with an explanation of why doing the right thing will be better for everyone - including your marketing team! - in the long run. --------------------------------------------- http://nakedsecurity.sophos.com/2014/07/08/how-not-to-tell-your-customers-h… *** Metadaten gegen Viren-Fehlerkennugen *** --------------------------------------------- Die IEEE hat eine Datenbank für Metadaten von Binaries gestartet. Sie liefert Informationen, über die ein Virenscanner eindeutig feststellen kann, ob eine Datei gutartig ist. --------------------------------------------- http://www.heise.de/security/meldung/Metadaten-gegen-Viren-Fehlerkennugen-2… *** GKsu and VirtualBox Root Command Execution by Filename (CVE-2014-2943) *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbo… *** Bugtraq: Backdoor access to Techboard/Syac devices *** --------------------------------------------- http://www.securityfocus.com/archive/1/532665 *** [remote] - Oracle Event Processing FileUploadServlet Arbitrary File Upload *** --------------------------------------------- http://www.exploit-db.com/exploits/33989 *** Vuln: GitList CVE-2014-4511 Unspecified Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/68253 *** Security Advisory-Apache Struts2 vulnerability on Huawei multiple products *** --------------------------------------------- Jul 07, 2014 21:09 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Apple iTunes 11.2.2 Insecure Libraries *** --------------------------------------------- Topic: Apple iTunes 11.2.2 Insecure Libraries Risk: High Text:Hi @ll, Apples current iTunes 11.2.2 for Windows comes with the following COMPLETELY outdated and vulnerable 3rd party libr... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070042 *** Apache Syncope Insecure Password Generation *** --------------------------------------------- Topic: Apache Syncope Insecure Password Generation Risk: Medium Text:CVE-2014-3503: Insecure Random implementations used to generate passwords in Apache Syncope Severity: Major Vendor: The ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070039 *** Vuln: WordPress Easy Banners Plugin easy-banners.php Cross Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/68281 *** Vuln: WordPress Custom Banners Plugin options.php Cross Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/68279 *** TYPO3 CMS 4.5.35, 6.1.10 and 6.2.4 released *** --------------------------------------------- The TYPO3 Community announces the versions 4.5.35, 6.1.10 and 6.2.4 of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes. --------------------------------------------- https://typo3.org/news/article/typo3-cms-4535-6110-and-624-released/ *** HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access *** --------------------------------------------- Potential security vulnerabilities have been identified with HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…

1 0

Tageszusammenfassung - Montag 7-07-2014
by Daily end-of-shift report 07 Jul '14

07 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 04-07-2014 18:00 − Montag 07-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Self-signing custom Android ROMs *** --------------------------------------------- The security model on the Google Nexus devices is pretty straightforward. The OS is (nominally) secure and prevents anything from accessing the raw MTD devices. The bootloader will only allow the user to write to partitions if its unlocked. The recovery image will only permit you to install images that are signed with a trusted key. In combination, these facts mean that its impossible for an attacker to modify the OS image without unlocking the bootloader[1], and unlocking the bootloader wipes --------------------------------------------- http://mjg59.dreamwidth.org/31765.html *** Java Support ends for Windows XP, (Sat, Jul 5th) *** --------------------------------------------- Oracle is no longer supporting Java for Windows XP and will only support Windows Vista or later. Java 8 is not supported for Windows XP and users will be unable to install on their systems. Oracle warns "Users may still continue to use Java 7 updates on Windows XP at their own risk" [1] [1] https://www.java.com/en/download/faq/winxp.xml [2] http://www.oracle.com/us/support/library/057419.pdfhttps://www.java.com/en/… ----------- Guy Bruneau IPSS Inc. gbruneau at --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18345&rss *** Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager *** --------------------------------------------- Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily to make the whole process very easy, there is a growing market out there for password managers and lockers with extra layers of security. But, if you are using the mobile version of most popular password manager from Password management company --------------------------------------------- http://feedproxy.google.com/~r/TheHackersNews/~3/Ajpf8i6yTao/critical-vulne… *** Zwei Patches schließen SQL-Injection-Lücken in Ruby on Rails *** --------------------------------------------- Zwei recht ähnliche Lücken erlaubten SQL-Injections auf Websites, die auf Ruby on Rails 2.0.0 bis 3.1.18 sowie auf 4.x aufsetzen. In mehreren Anläufen haben die Rails-Entwickler die Lücken nun geschlossen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Zwei-Patches-schliessen-SQL-Injectio… *** Malware Analysis with pedump, (Sat, Jul 5th) *** --------------------------------------------- Are you looking for a tool to analyze Windows Portable Executable (PE) files? Consider using pedump a ruby win32 PE binary file analyzer. It currently support DOS MZ EXE, win16 NE and win32/64 PE. There are several ways to install the ruby package; however, the simplest way is to execute "gem install pedump" from a Linux workstation. You can also download the file here or use the pedump website to upload your file for analysis. This example shows the output from the pedump website. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18347&rss *** Industrial Control System Firms In Dragonfly Attack Identified *** --------------------------------------------- chicksdaddy (814965) writes Two of the three industrial control system (ICS) software companies that were victims of the so-called "Dragonfly" malware have been identified. ... Dale Peterson of the firm Digitalbond identified the vendors as MB Connect Line, a German maker of industrial routers and remote access appliances and eWon, a Belgian firm that makes virtual private network (VPN) software that is used to access industrial control devices like programmable logic controllers. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Jr0QiFtg7lc/story01.htm *** Coinbase wallet app in SSL/TLS SNAFU *** --------------------------------------------- The popular Bitcoin wallet Coinbase has a security flaw in its Android apps which could allow an attacker to steal authentication codes and access users accounts, according to a security researcher. Coinbase is far from alone in leaving its wallet app users vulnerable, so what should you do to stay safe when using mobile banking apps? --------------------------------------------- http://feedproxy.google.com/~r/nakedsecurity/~3/GsgGIYu7TA0/ *** The Rise of Thin, Mini and Insert Skimmers *** --------------------------------------------- Like most electronic gadgets these days, ATM skimmers are getting smaller and thinner, with extended battery life. Heres a look at several miniaturized fraud devices that were pulled from compromised cash machines at various ATMs in Europe so far this year. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/8s5hQ323oMY/ *** Fridge hacked. Car hacked. Next up, your LIGHT BULBS *** --------------------------------------------- So shall you languish in darkness - or under disco-style strobes - FOREVER Those convinced that the emerging Internet of Things (IoT) will become a hackers playground were given more grist for their mill with news on Friday that security researchers have discovered a weakness in Wi-Fi/mesh networked lightbulbs. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/07/wifi_enable… *** Anwälte: Falsche Filesharing-Abmahnung verbreitet massenhaft Malware *** --------------------------------------------- Zwei bekannte Anwälte warnen vor gefälschten Abmahnungen wegen illegalen Musikdownloads. An den massenhaft verschickten E-Mails hängt eine Zip-Datei mit Schadcode. --------------------------------------------- http://www.golem.de/news/anwaelte-falsche-filesharing-abmahnung-verbreitet-… *** IBM Security Bulletin: Multiple vulnerabilities exist in IMS Enterprise Suite SOAP Gateway (CVE-2014-0453, CVE-2013-4286, CVE-2013-4322) *** --------------------------------------------- The IMS Enterprise Suite SOAP Gateway is affected by multiple vulnerabilities in IBM SDK, Java Technology Edition (April Update) and Apache Tomcat. CVE(s): CVE-2014-0453, CVE-2013-4286 and CVE-2013-4322 Affected product(s) and affected version(s): CVE ID: CVE-2014-0453 The SOAP Gateway component of the IMS Enterprise Suite versions 2.1, 2.2, 3.1. CVE ID: CVE-2013-4286 CVE ID: CVE-2013-4322 The SOAP Gateway component of the IMS Enterprise Suite versions 2.2, 3.1. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** OpenSSL vulnerabilities in IBM Products *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** RealPlayer MP4 Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1030524 *** [webapps] - Netgear WNR1000v3 - Password Recovery Credential Disclosure Vulnerability *** --------------------------------------------- http://www.exploit-db.com/exploits/33984 *** VU#960193: AVG Secure Search ActiveX control provides insecure methods *** --------------------------------------------- Vulnerability Note VU#960193 AVG Secure Search ActiveX control provides insecure methods Original Release date: 07 Jul 2014 | Last revised: 07 Jul 2014 Overview The AVG Secure Search toolbar includes an ActiveX control that provides a number of unsafe methods, which may allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user. Description AVG Secure Search is a toolbar add-on for web browsers that "... provides an additional security layer while --------------------------------------------- http://www.kb.cert.org/vuls/id/960193 *** Bugtraq: CVE-2014-3863 - Stored XSS in JChatSocial *** --------------------------------------------- http://www.securityfocus.com/archive/1/532662 *** WordPress Theme My Login for WordPress file include *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/94160

1 0

Tageszusammenfassung - Freitag 4-07-2014
by Daily end-of-shift report 04 Jul '14

04 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 03-07-2014 18:00 − Freitag 04-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco Intelligent Automation for Cloud Form Data Viewer information disclosure *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/94177 *** VU#143740: Netgear GS108PE Prosafe Plus Switch contains hard-coded login credentials *** --------------------------------------------- Netgear GS108PE Prosafe Plus Switch contains hard-coded login credentials that can be used for authenticating to the web server running on the device. The username is .. --------------------------------------------- http://www.kb.cert.org/vuls/id/143740 *** MS14-JUL - Microsoft Security Bulletin Advance Notification for July 2014 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-JUL *** Phishing: iPhone 6 und iWatch als Lockmittel *** --------------------------------------------- Angreifer nutzen derzeit die Aufmerksamkeit rund um zukünftige Apple-Produkte, um Nutzer auf eine gefälschte Apple-Webseite zu locken. Die Aufmachung der Mail erinnert an offizielle Apple-Mitteilungen. --------------------------------------------- http://www.heise.de/security/meldung/Phishing-iPhone-6-und-iWatch-als-Lockm… *** Security Bulletin: IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) Potential IPMI credentials Exposure (CVE-2014-0860) *** --------------------------------------------- The administrative IPMI credentials for authenticating communications between the IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) are stored in plaintext within the AMM firmware binaries. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Dailymotion Compromised to Send Users to Exploit Kit *** --------------------------------------------- Attackers made the popular video site redirect users to the Sweet Orange Exploit Kit. On June 28, the popular video sharing website Dailymotion was compromised to redirect users to the Sweet Orange Exploit Kit. This exploit kit takes advantage of vulnerabilities in Java, Internet Explorer, and Flash Player. If the .. --------------------------------------------- http://www.symantec.com/connect/blogs/dailymotion-compromised-send-users-ex… *** HP Universal Configuration Management Database Flaws Let Remote Users Obtain Information and Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1030518 *** "Phishing wird vom seltenen Anlass zum Tagesgeschäft" *** --------------------------------------------- Während immer mehr Phishing-Webseiten auftauchen, werden die angewandten Taktiken immer raffinierter. Opfer werden vermehrt persönlich angesprochen. --------------------------------------------- http://futurezone.at/digital-life/phishing-wird-vom-seltenen-anlass-zum-tag… *** Miniduke is back: Nemesis Gemina and the Botgen Studio *** --------------------------------------------- In the wake of our publications from 2013, the Miniduke campaigns have stopped or at least decreased in intensity. However, in the beginning of 2014 they resumed attacks in full force, once again grabbing our attention. We believe its time to uncover more information on their operations. --------------------------------------------- https://www.securelist.com/en/blog/208214341/Miniduke_is_back_Nemesis_Gemin… *** phpinfo() Type Confusion Infoleak Vulnerability and SSL Private Keys *** --------------------------------------------- In this post we will detail the phpinfo() type confusion vulnerability that we disclosed to PHP.net and show how it allows a PHP script to steal the private SSL key. We demonstrate this on a Ubuntu 12.04 LTS 32 bit default installation of PHP and mod_ssl. Unfortunately this kind of problem is not considered a security problem by PHP.net and therefore this security vulnerability does not have a CVE name assignet to it, yet. --------------------------------------------- https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily July 2014