=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 28-08-2014 18:00 − Freitag 29-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Heartbleed is the gift that keeps on giving as servers remain unpatched ***
---------------------------------------------
An average of 7,000 attacks continue to seek out servers vulnerable to the bug.
---------------------------------------------
http://arstechnica.com/security/2014/08/heartbleed-is-the-gift-that-keeps-o…
*** PCI Council urges retailers to defend against Backoff POS attacks ***
---------------------------------------------
The warning comes soon after the Secret Service and DHS issues a warning on the threat.
---------------------------------------------
http://www.scmagazine.com/pci-council-urges-retailers-to-defend-against-bac…
*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Django REMOTE_USER header security bypass ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95569
*** IBM Security Bulletin: Current Release of IBM SDK for Node.js is affected by CVE-2014-5256 ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks ***
---------------------------------------------
A few days ago we detected a watering hole campaign in a website owned by one big industrial company.The website is related to software used for simulation and system engineering in a wide range of industries, including automotive, aerospace, and manufacturing.The attackers were able to compromise the website and include code that loaded a malicious Javascript ..
---------------------------------------------
http://www.alienvault.com/open-threat-exchange/blog/scanbox-a-reconnaissanc…
*** Squid Range Header Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1030779
*** F5 BIG-IP ConfigSync Access Control Flaw Lets Remote Users Read and Write Arbitrary Files ***
---------------------------------------------
http://www.securitytracker.com/id/1030778
*** F5 Enterprise Manager ConfigSync Access Control Flaw Lets Remote Users Read and Write Arbitrary Files ***
---------------------------------------------
http://www.securitytracker.com/id/1030777
*** Sinkholing the Backoff POS Trojan ***
---------------------------------------------
There is currently a lot of buzz about the Backoff point-of-sale Trojan that is designed to steal credit card information from computers that have POS terminals attached.
---------------------------------------------
https://securelist.com/blog/research/66305/sinkholing-the-backoff-pos-troja…
*** Nearly 100k Bugzilla Users Affected by Data Disclosure ***
---------------------------------------------
The email addresses and encrypted passwords of nearly 100,000 users of Mozilla's Bugzilla system were left on a publicly accessible server for several months earlier this year, the company said. The disclosure comes just a few weeks after Mozilla advised members of its Mozilla Developer ..
---------------------------------------------
http://threatpost.com/nearly-100k-bugzilla-users-affected-by-data-disclosur…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 27-08-2014 18:00 − Donnerstag 28-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** CG Automation Improper Input Validation ***
---------------------------------------------
This advisory provides mitigation details for an improper input validation vulnerability in the CG Automation ePAQ-9410 Substation Gateway DNP3 protocol components.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-238-01
*** Schneider Electric Wonderware Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for vulnerabilities in the Schneider Electric Wonderware Information Server.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-238-02
*** Mobile Security Roundup 1H 2014 ***
---------------------------------------------
The first half of this year has been quite eventful for the mobile threat landscape. Sure, we had an idea the state of affairs from 2013 would continue on to this year, but we didn't know just to what extent. From ballooning mobile malware/high risk app numbers to vulnerabilities upon vulnerabilities, ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-security-…
*** MS14-045 - Important: Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615) - Version: 3.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-045
*** Cisco 1800 Series ISDN Basic Rate Interface Denial of Service ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Cybercriminals Leverage Rumored Windows 9 Developer Preview Release With Social Engineering ***
---------------------------------------------
We're seeing schemes that are taking advantage of the buzz around the upcoming developer preview release of Windows 9 this September. One of the threats we saw was found using some combinations of keywords like Windows 9, free, leak and download in popular search engines. It involves a potentially malicious ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-l…
*** My WordPress Website Was Hacked ***
---------------------------------------------
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hosting companies. From Virtual Private Servers (VPS) to shared environments, to managed environments. In most instances we pay and ..
---------------------------------------------
http://blog.sucuri.net/2014/08/my-wordpress-website-was-hacked.html
*** One More Day of Trolling in POS Memory, (Wed, Aug 27th) ***
---------------------------------------------
Further to the recent story on Memory Trolling for PCI data, I was able to spend one more day fishing in memory, I dug a bit deeper and come up with more fun Credit Card / Memory goodness with our friend the Point of Sale application. First of all, just searching for credit card numbers returns a lot of duplicates, as indicated in yesterdays ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18589
*** Smarthome: Die Ifa wird zur Messe der Sicherheitslücken ***
---------------------------------------------
Auf der Internationalen Funkausstellung in Berlin (Ifa) wird das Smarthome zu einem grossen Thema. Kaspersky Lab warnt jetzt erneut vor potenziellen Sicherheitslücken im Heimnetz, und ein Blick in vergangene Meldungen zeigt, dass die ..
---------------------------------------------
http://www.golem.de/news/smarthome-die-ifa-wird-zur-messe-der-sicherheitslu…
*** [2014-08-28] Cross-Site Scripting vulnerabilities in F5 BIG-IP ***
---------------------------------------------
Attacker can steal other users sessions, impersonate other users and to gain unauthorized access to the admin interface.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
*** LibreOffice 4.3.1/ .2.6-secfix ***
---------------------------------------------
The Document Foundation announces LibreOffice 4.3.1, the first minor release of LibreOffice 4.3 "fresh" family, with over 100 fixes (including patches for two CVEs, backported to LibreOffice 4.2.6-secfix, which is also available for download now).
---------------------------------------------
http://listarchives.documentfoundation.org/www/announce/msg00199.html
*** Microsoft gibt Problem-Patch eine zweite Chance ***
---------------------------------------------
Zumindest eine der vier zurückgezogenen Patches steht mit neuer KB-Nummer wieder zur Installation bereit. Er schliesst Lücken in Windows, durch die sich ein Angreifer höhere Rechte verschaffen kann.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-gibt-Problem-Patch-eine-zwei…
*** Srizbi kernel-mode spambot reappears as Pitou ***
---------------------------------------------
Malware possibly still in the brewing stage.In November 2007, we published an article by Kimmo Kasslin (F-Secure) and Elia Florio (Symantec), in which they analysed the Srizbi trojan, notable for being the first malware found in the wild that operated fully in kernel mode. It appears ..
---------------------------------------------
http://www.virusbtn.com/blog/2014/08_28.xml?rss
*** eCrime Research Symposium 2014 ***
---------------------------------------------
The APWG is pleased to present eCrime 2014, a combined event that includes the 2014 Fall General Meeting, and eCrime Researchers Symposium. ... This eCrime Congress will include a one-day, members-only meeting on September 23rd and two full days of open sessions thereafter of programming that will be open to both members and non-members.
---------------------------------------------
http://ecrimeresearch.org/events/ecrime2014/
*** Firefox soll falsche SSL-Zertifikate enttarnen ***
---------------------------------------------
Auch Mozillas Browser wird künftig etwa beim Besuch von Google.com überprüfen, ob das ausgelieferte SSL-Zertifikat von einem Herausgeber stammt, den der Dienst üblicherweise benutzt.
---------------------------------------------
http://www.heise.de/security/meldung/Firefox-soll-falsche-SSL-Zertifikate-e…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 26-08-2014 18:00 − Mittwoch 27-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Not all Java from java.com is legitimate ***
---------------------------------------------
Isn't it ironic getting a Java exploit via java.com, the primary source for one of the most common used browser plugins? Current malvertising campaigns are able to do this. This blog post details a relatively new trend: real-time advertisement bidding platforms being infiltrated by cyber criminals spreading malware.
---------------------------------------------
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-i…
*** Multiple Cross-Site Scripting Vulnerabilities in Transport Gateway for Smart Call Home ***
---------------------------------------------
A vulnerability in the web framework of Cisco Transport Gateway for Smart Call Home (TG-SCH) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Netflix Open Source Security Tools Solve Range of Challenges ***
---------------------------------------------
Netflix engineers released two new application security tools to open source this week, a continuing effort from the streaming services company.
---------------------------------------------
http://threatpost.com/netflix-open-source-security-tools-solve-range-of-cha…
*** ZDI-14-296: Novell Groupwise Administration Server FileUploadServlet poLibMaintenanceFileSave Information Disclosure Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-296/
*** VMware Support Tool temporary files denial of service ***
---------------------------------------------
VMware Support Tool is vulnerable to a denial of service, caused by a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system and cause a denial of service.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95493
*** VMware Support Tool /tmp directory information disclosure ***
---------------------------------------------
VMware Support Tool could allow a local attacker to obtain sensitive information, caused by insecure permissions being set for the /tmp directory. An attacker could exploit this vulnerability to obtain sensitive information.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95494
*** Vulnerability in Citrix CloudPlatform Virtual Router could result in unauthorised access to network resources ***
---------------------------------------------
A vulnerability has been identified in the virtual router component of Citrix CloudPlatform, formerly known as Citrix CloudStack, that could allow ..
---------------------------------------------
http://support.citrix.com/article/CTX140989
*** Citrix CloudPlatform Virtual Router Firewall Bug Lets Remote Users Access Network Resources ***
---------------------------------------------
A vulnerability was reported in Citrix CloudPlatform Virtual Router. A remote user can bypass access controls to access network resources.
---------------------------------------------
http://www.securitytracker.com/id/1030762
*** Google says - patch your Chrome ***
---------------------------------------------
64-bit browser loads cat vids FIFTEEN PERCENT faster! Google has dropped 50 patches for its flagship Chrome browser plugging holes and handed $30,000 to a lone bug hunter who reported a dangerous sandbox-busting attack.
---------------------------------------------
www.theregister.co.uk/2014/08/27/goog_says_patch_your_chrome/
*** PCI Council wants YOU to give it things to DO ***
---------------------------------------------
How about enforcing PCI DSS? Crusaders at the Payment Card Industry Security Standards Council have called for submissions into projects for 2015.
---------------------------------------------
www.theregister.co.uk/2014/08/27/pci_council_wants_you_to_give_it_things_to…
*** RSA Identity Management and Governance Authentication Flaw Lets Remote Users Bypass Authentication to Gain Access to the Target System ***
---------------------------------------------
A vulnerability was reported in RSA Identity Management and Governance. A remote user can bypass authentication to gain access to the target system.
---------------------------------------------
http://www.securitytracker.com/id/1030759
*** Sicherheitsupdate für Synology-Netzwerkspeicher ***
---------------------------------------------
Auch ein NAS ist meist ein Linux-Server, der gehegt und gepflegt werden muss - insbesondere dann, wenn es über das Internet erreichbar ist. Synology hat deshalb unter anderem OpenSSL auf den aktuellen Stand gebracht und damit diverse Lücken geschlossen.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-Synology-Netzwe…
*** VB2014 preview: Methods of malware persistence on Mac OS X ***
---------------------------------------------
Patrick Wardle shows that OS X users really have something to worry about.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at some of the research that will be presented at the event. Today, ..
---------------------------------------------
http://www.virusbtn.com/blog/2014/08_27.xml
*** IBM: Heartbleed Attacks Thousands of Servers Daily ***
---------------------------------------------
The 2014 IBM X-Force Threat Intelligence Quarterly takes a look back at Heartbleed and how organizations were affected by it.
---------------------------------------------
http://threatpost.com/ibm-heartbleed-attacks-thousands-of-servers-daily/107…
*** ZDI-14-297: Juniper Network and Security Manager XDB Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper Network and Security Manager. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-297/
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 25-08-2014 18:00 − Dienstag 26-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Barracuda Networks Web Security Flex multiple modules cross-site scripting ***
---------------------------------------------
Barracuda Networks Web Security Flex is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by multiple modules. A remote attacker could exploit this vulnerability using the Domain Alias, LDAP Host or Bind DN/Username field to inject malicious script into a Web page which would be ..
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95445
*** Trolling Memory for Credit Cards in POS / PCI Environments, (Tue, Aug 26th) ***
---------------------------------------------
In a recent penetration test, I was able to parlay a network oversight into access to a point of sale terminal. Given the discussions these days, the next step for me was an obvious one - memory analysis. My first step was to drive to the store I had compromised and purchase an ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18579
*** Point of Sale Terminal Protection - "Fortress PCI at the Mall", (Tue, Aug 26th) ***
---------------------------------------------
This is a very broad topic, but over the last few months Ive seen some really nicly protected PCI termainls. Especially since many POS environments are still running Windows XP, this is an important topic to discuss. Things that Ive seen done very well: First of all, only allow access to the POS app - retail staff generally dont require access to email or the internet, at ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18581
*** Netis Routers Leave Wide Open Backdoor ***
---------------------------------------------
Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cybercriminals to easily run arbitrary ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-le…
*** Attack flogged through shiny-clicky social media buttons ***
---------------------------------------------
66,000 users popped by malicious Flash fudging add-on Web admins beware: social media buttons that load scripts from unknown external sites could see your sites foisting the FlashPack exploit ..
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/08/26/ek_flogged_…
*** Glibc: Fehlerhaftes Null-Byte führt zu Root-Zugriff ***
---------------------------------------------
Mitgliedern von Googles Project Zero ist es gelungen, einen kleinen Fehler in der Glibc auszunutzen, um unter einem Linux-System Root-Zugriff zu erhalten. Dafür mussten zahlreiche Hürden überwunden werden.
---------------------------------------------
http://www.golem.de/news/glibc-fehlerhaftes-null-byte-fuehrt-zu-root-zugrif…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 22-08-2014 18:00 − Montag 25-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Stiffed by Synolocker ransomware crims? Try F-Secures python tool ***
---------------------------------------------
Unlock key doesnt always fit, says security biz Security firm F-Secure has released a tool to decrypt data scrambled by the Synolocker malware - assuming youve obtained the decryption key from the crooks.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/08/23/f_secure_sy…
*** QEMU ACPI PCI code execution ***
---------------------------------------------
QEMU could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds access error in ACPI PCI hotplug interface. An attacker could exploit this vulnerability to corrupt QEMU process memory and obtain sensitive information.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95419
*** HP Service Manager Bugs Let Remote Users Gain Elevated Privileges, Modify Data, and Deny Service and Conduct Cross-Site Scripting and Cross-Site Requset Forgery Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1030756
*** OpenOffice Targeted Data Exposure Using Crafted OLE Objects ***
---------------------------------------------
The exposure exploits the way OLE previews are generated to embed arbitrary file data into a specially crafted
document when it is opened. Data exposure is possible if the updated document is distributed to other parties.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014080102
*** OpenOffice 4.1.0 Calc Command Injection ***
---------------------------------------------
The vulnerability allows command injection when loading Calc spreadsheets. Specially crafted documents can be used for
command-injection attacks. Further exploits are possible but have not been verified.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014080101
*** Fortinet FortiGate Flaw in FortiManager Protocol Service Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1030753
*** NIST to sysadmins: clean up your SSH mess ***
---------------------------------------------
Too many keys, too badly managed - NIST has taken a look at how companies use Secure Shell (SSH), and doesnt much like what it sees.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/08/25/nist_to_sys…
*** Ransomware mit leistungsfähigen Password Stealer ***
---------------------------------------------
Ransomware auch als 'WinLocker' bekannt, sind nach wie vor in unserem digitalen Alltag gegenwärtig und wird zudem von Cyberkriminellen mit weiteren und komplexeren Funktionen ausgestattet. Um an Informationen zu Funktionen und evtl. Hintermänner dieser Ransomware zu gelangen, haben Experten von Avast bei der neusten Generation dieser Malware, Indizien zu leistungsfähigen Modulen u.a. zum Diebstahl von Passwort und Zugangsdaten gefunden.
---------------------------------------------
http://blog.botfrei.de/2014/08/ransomware-mit-leistungsfaehigen-password-st…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 21-08-2014 18:00 − Freitag 22-08-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Lua vararg functions buffer overflow ***
---------------------------------------------
Lua is vulnerable to a buffer overflow, caused by improper bounds checking by vararg functions. By sending an overly long string argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95390
*** Researchers create privacy wrapper for Android Web apps ***
---------------------------------------------
Users can wrap Facebook and other apps to better control their privacy and security, according to researchers from North Carolina State University.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/mQ5PZ77i084/
*** Malicious app can get past Android WITHOUT PERMISSIONS ***
---------------------------------------------
Be careful what you install, say boffins. Again. Researchers presenting at Usenix have lifted the lid on yet another Android vulnerability: the way apps use memory can be exploited to leak private information with a success rate between 82 and 92 per cent of the time.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/08/22/malicious_a…
*** Security Advisory - Remote Security Bypass Vulnerability on Huawei Android Devices ***
---------------------------------------------
SA No: Huawei-SA-20140821-Android
Android version 4.1.1 - 4.4.2 is prone to a remote security bypass vulnerability (CVE-2013-6272):
A vulnerability in the Android system allows an attacker to initiate or terminate arbitrary calls without the call_phone permission.
After investigation we confirm that some Huawei smartphone and tablet products are affected.
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
*** RTFM 0day in iOS apps: G+, Gmail, FB Messenger, etc. ***
---------------------------------------------
Normal people spend their nights watching movies, reading articles, socializing or (yes, I know its odd) sleeping. I spend my nights reading RFCs and pentesting various applications/services.
---------------------------------------------
http://algorithm.dk/posts/rtfm-0day-in-ios-apps-g-gmail-fb-messenger-etc
*** PHP 5.5.16 is released ***
---------------------------------------------
The PHP Development Team announces the immediate availability of PHP 5.5.16. This release fixes several bugs against PHP 5.5.15 and resolves CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120 and CVE-2014-3597. All PHP users are encouraged to upgrade to this new version.
---------------------------------------------
http://php.net/archive/2014.php
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 20-08-2014 18:00 − Donnerstag 21-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Cisco WebEx MeetMeNow Server Directory Traversal Vulnerability ***
---------------------------------------------
A vulnerability in a PHP file in the Cisco WebEx MeetMeNow Server could allow an authenticated, remote attacker to obtain the contents of arbitrary files on an affected device.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** The fall of rogue antivirus software brings new methods to light ***
---------------------------------------------
Rogue antivirus software has been a part of the malware ecosystem for many years now - Win32/SpySheriff and Win32/FakeRean date all the way back to 2007. These rogues, and the many that have followed them throughout the years, generally mislead and scare users into paying a fee for "cleaning" false detections that the software claims to have found on the machine. They often use dozens ..
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/08/19/the-fall-of-rogue-antivi…
*** Researchers build security framework for Android ***
---------------------------------------------
University researchers have modified the Android operating system to let developers plug in enterprise-class security enhancements that would normally require overhauling a mobile devices firmware.The code added to the OS is called the Android Security Modules (ASM) framework, which is described ..
---------------------------------------------
http://www.csoonline.com/article/2474691/mobile-security/researchers-build-…
*** Britischer Geheimdienst GCHQ entwickelt Hackerspiel mit ***
---------------------------------------------
Im Browserspiel soll getestet werden, wie gut sich die Briten mit Online-Sicherheit auskennen. Dabei soll es Wettbewerbe geben, bei denen Nachwuchs rekrutiert wird.
---------------------------------------------
http://futurezone.at/digital-life/britischer-geheimdienst-gchq-entwickelt-h…
*** 5 excuses for doing nothing about computer security ***
---------------------------------------------
Sadly, as were sure you have found, once a friend or family member has latched onto a security avoidance excuse, it can be hard to talk them round. So, here are five excuses that we hear a lot, both from individuals and from small businesses, together with some points you can use to argue back that security really does matter.
---------------------------------------------
http://nakedsecurity.sophos.com/2014/08/20/5-excuses-for-doing-nothing-abou…
*** Need a green traffic light all the way home? Easy with insecure street signals, say researchers ***
---------------------------------------------
"While other deployments may use different wireless radios or even wired connections between intersections we have no reason to believe there are any fundamental differences between the network we studied and other traffic signal systems," the researchers concluded. "We believe that many traffic infrastructure ..
---------------------------------------------
http://www.theregister.co.uk/2014/08/20/sick_of_slow_commuting_americas_tra…
*** IoT: How I hacked my home ***
---------------------------------------------
A typical modern home can have around five devices connected to the local network which aren't computers, tablets or cellphones. As users in a connected digital environment we need to ask ourselves: Are the devices connected to my network vulnerable? What could an attacker actually do if these devices were compromised? Is my home 'hackable?'
---------------------------------------------
https://securelist.com/analysis/publications/66207/iot-how-i-hacked-my-home/
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 19-08-2014 18:00 − Mittwoch 20-08-2014 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** Apache OFBiz cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95356
*** The Administrator of Things (AoT) - A Side Effect of Smartification ***
---------------------------------------------
In an earlier article, we talked about the ongoing smartification of the home - the natural tendency of households to accumulate more intelligent devices over time. While this has its benefits, the residents of smart homes also need to invest their time and energy to maintain these devices. These requirements will only grow as more...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5chS0C_DSr4/
*** RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass ***
---------------------------------------------
Topic: RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass Risk: Medium Text:ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities EMC Identifier: ESA-2014-071 CVE Identifier: CVE-20...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014080085
*** "El Machete" ***
---------------------------------------------
"Machete" is a targeted attack campaign with Spanish speaking roots. Most of the victims are located in Venezuela, Ecuador, , Colombia, Peru, Russia, Cuba, and Spain. Targets include high-level profiles, including intelligence services, military, embassies and government institutions.
---------------------------------------------
https://securelist.com/blog/research/66108/el-machete/
*** Microsoft zieht weitere Windows-Updates zurück ***
---------------------------------------------
Nutzer klagen über Bluescreens und weitere Probleme
---------------------------------------------
http://derstandard.at/2000004536290
*** Vernetzte Geräte: Tausende Sicherheitslücken entdeckt ***
---------------------------------------------
In mehr als 140.000 Geräten haben Forscher teils schwerwiegende Sicherheitslücken entdeckt, darunter Zero-Day-Exploits, hartcodierte Passwörter und private Schlüssel.
---------------------------------------------
http://www.golem.de/news/vernetzte-geraete-tausende-sicherheitsluecken-entd…
*** Bugtraq: [security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533176
*** Bugtraq: Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533180
*** Bugtraq: CVE-2014-5307 - Privilege Escalation in Panda Security Products ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533182
*** Bugtraq: CVE-2014-4973 - Privilege Escalation in ESET Windows Products ***
---------------------------------------------
Versions 5.0 - 7.0 of ESET Smart Security and ESET Endpoint Security products for Windows XP OS allow a low privileged user to execute code as SYSTEM by exploiting a vulnerability in the ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver also mentioned as Personal Firewall module Build 1183 (20140214) and prior.
---------------------------------------------
http://www.securityfocus.com/archive/1/533184
*** Aktuelle Masche: Krimineller "Blog-Klau" verärgert viele Betreiber ***
---------------------------------------------
Unbekannte spiegeln derzeit dutzende deutsche Blogs und versuchen, mit den gekaperten Inhalten illegal Kasse zu machen.
---------------------------------------------
http://www.heise.de/security/meldung/Aktuelle-Masche-Krimineller-Blog-Klau-…
*** Zertifikate: Google will vor SHA-1 warnen ***
---------------------------------------------
Google will Zertifikate, die mit SHA-1 signiert sind, bis spätestens 2017 loswerden. Der Chrome-Browser wird bald entsprechende Warnungen anzeigen. SHA-1 gilt schon seit einigen Jahren als potentiell unsicher.
---------------------------------------------
http://www.golem.de/news/zertifikate-google-will-vor-sha-1-warnen-1408-1087…
*** Multiple Vulnerabilities in various IBM Products ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/aix_libxml2_vulnerabi…https://www-304.ibm.com/connections/blogs/PSIRT/entry/vulnerability_in_aix_…https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…https://www-304.ibm.com/connections/blogs/PSIRT/entry/multiple_vulnerabilit…https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 18-08-2014 18:00 − Dienstag 19-08-2014 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** New Attack Binds Malware in Parallel to Software Downloads ***
---------------------------------------------
Open source software distribution systems that lack security processes and integrity checks are prone to a new attack that binds malware to a download without modifying the original application.
---------------------------------------------
http://threatpost.com/new-attack-binds-malware-in-parallel-to-software-down…
*** Microsofts Windows 8 App Store Is Full of Scamware ***
---------------------------------------------
Deathspawner writes Windows 8 brought a lot to the table, with one of its most major features being its app store. However, its not a feature that Microsoft seems too intent on keeping clean. As it is today, the store is completely littered with misleading apps and outright scamware. The unfortunate thing is that ..
---------------------------------------------
http://beta.slashdot.org/story/206067
*** Virenscanner: Testlabor analysiert das fehlende Prozent ***
---------------------------------------------
In Labortests erkennen fast alle Virenscanner stets über 99 Prozent der Schädlinge. Doch genau das fehlende Prozent kann den Unterschied machen, wie die Verbreitung der durchgeschlüpften Dateien zeigt.
---------------------------------------------
http://www.heise.de/security/meldung/Virenscanner-Testlabor-analysiert-das-…
*** Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?, (Sun, Aug 17th) ***
---------------------------------------------
This diary follows from Part 1, published on Sunday August 17, 2014. How is it possible that with no port forwarding enabled through the firewall that Internet originated NTP requests were getting past the firewall to the misconfigured NTP server? The reason why these packets are passing ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18549&rss
*** Stuxnet: Geschlossene Sicherheitslücke gefährdet noch immer Millionen ***
---------------------------------------------
Experten führen die hohen Zahlen auf eine mangelnde Wartung von Servern zurück
---------------------------------------------
http://derstandard.at/2000004498863
*** APT Gang Branches Out to Medical Espionage in Community Health Breach ***
---------------------------------------------
The Community Health Systems data breach has been tied to a Chinese APT gang that has branched out to medical espionage, stealing patient data in an effort to target intelligence on medical device development.
---------------------------------------------
http://threatpost.com/apt-gang-branches-out-to-medical-espionage-in-communi…
*** Multipe vulnerabilities in EMC Documentum products ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533161http://www.securityfocus.com/archive/1/533160http://www.securityfocus.com/archive/1/533159http://www.securityfocus.com/archive/1/533162
*** DSA-3006 xen ***
---------------------------------------------
http://www.debian.org/security/2014/dsa-3006
*** FreeNAS password security bypass ***
---------------------------------------------
FreeNAS could allow a remote attacker to bypass security restrictions, caused by the use of a blank password by the Web admin. An attacker could exploit this vulnerability to reset the admin password and gain full administrative access to the device.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95326
*** Apache HttpComponents certificate spoofing ***
---------------------------------------------
Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a ..
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95327
*** Cisco NX-OS Software SNMP Information Disclosure Vulnerability ***
---------------------------------------------
A vulnerability in the Simple Network Management Protocol (SNMP) module of Cisco NX-OS Software could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to a failure to respond to invalid requests in the same manner when specifying a VLAN ID. An attacker could exploit this vulnerability by making a large number of requests to ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 14-08-2014 18:00 − Montag 18-08-2014 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** Microsoft zieht Updates zurück ***
---------------------------------------------
Mit insgesamt vier der am letzten Patchday veröffentlichten Updates für Windows gibt es offenbar Probleme. Microsoft hat jetzt reagiert und warnt davor, sie einzuspielen.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-zieht-Updates-zurueck-229417…
*** Suspicious Login Message Faked, Distributes Backdoor ***
---------------------------------------------
Legitimate services are often used by cybercriminals to try and make their attacks more convincing. Recently, I spotted attacks that used services and platforms like Google Drive and Dropbox in order to look less suspicious to unwary users. I received a spammed message like the one shown right below that supposedly came from Gmail itself. It warned me that someone logged...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/hhVGnlO7Tzs/
*** ZDI-14-295: AlienVault OSSIM av-centerd Util.pm remote_task Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-295/
*** ZDI-14-294: AlienVault OSSIM av-centerd Util.pm get_license Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-294/
*** Siemens OpenSSL Vulnerabilities (Update B) ***
---------------------------------------------
This updated advisory is a follow-up to the updated advisory titled ICSA-14-198-03A Siemens OpenSSL Vulnerabilities that was published July 23, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for vulnerabilities in the Siemens OpenSSL cryptographic software library affecting several Siemens industrial products.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-198-03B
*** Siemens SIMATIC S7-1500 CPU Denial of Service ***
---------------------------------------------
Siemens produced a new firmware version that mitigates a denial of service vulnerability in SIMATIC S7-1500 CPU.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-226-01
*** 7 Places to Check for Signs of a Targeted Attack in Your Network ***
---------------------------------------------
Targeted attacks are designed to circumvent existing policies and solutions within the target network, thus making their detection a big challenge. As we've stressed in our previous entry about common misconceptions about targeted attacks, there is no one-size-fits-all solution against it; enterprises need to arm themselves with protection that can provide sensors where needed, as well as IT...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/NhRVtViIRDU/
*** Security: Lücken in Update-Servern gefährden Millionen Router ***
---------------------------------------------
Über mehrere Schwachstellen in den Auto Configuration Servern von Providern könnten Angreifer manipulierte Firmware an Millionen Router verteilen. Außerdem gibt es Fehler im dazugehörigen Kommunikationsprotokoll.
---------------------------------------------
http://www.golem.de/news/security-luecken-in-update-servern-gefaehrden-mill…
*** Internet Explorer: Veraltete ActiveX-Steuerelemente werden später blockiert ***
---------------------------------------------
Microsoft verschiebt das Blockieren veralteter Versionen von Java und Co. auf September. Der Grund sind Beschwerden einiger Admins.
---------------------------------------------
http://www.heise.de/security/meldung/Internet-Explorer-Veraltete-ActiveX-St…
*** Kein Mailversand: Spamhaus listet Web.de, GMX und 1&1 ***
---------------------------------------------
Spamhaus hat heute versehentlich die Mailserver von United Internet gelistet. Der Mailversand ist für einige Stunden nicht möglich gewesen. (Spam, E-Mail)
---------------------------------------------
http://www.golem.de/news/mailserver-spamhaus-listet-web-de-gmx-und-1-1-1408…
*** VB2014 preview: Optimized mal-ops. Hack the ad network like a boss ***
---------------------------------------------
Researchers Vadim Kotov and Rahul Kashyap to discuss how advertisements are the new exploit kits.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at some of the research that will be presented at the event. In the second of this series, we look at the paper Optimized mal-ops. Hack the ad network like a boss, from Vadim Kotov and Rahul Kashyap, two researchers from Bromium."We conclude that ad networks could be leveraged to aid, or even be
---------------------------------------------
http://www.virusbtn.com/blog/2014/08_15.xml?rss
*** Ebola fear used as bait, leads to malware infection ***
---------------------------------------------
Summary: Ebola news is bait for attackers to steal login credentials and install Trojan.Zbot, W32.Spyrat, and Backdoor.Breut malware.
---------------------------------------------
http://www.symantec.com/connect/blogs/ebola-fear-used-bait-leads-malware-in…
*** FinFisher & Co. machen harmlose Katzenvideos zur Waffe für Cyber-Attacken ***
---------------------------------------------
Ein Forscher hat im Detail beschrieben, wie Angreifer mit Zugriff auf die Netzwerkinfrastruktur eines Internet-Providers Trojaner in den Traffic der Nutzer einschleusen können, ohne dass die Opfer etwas bemerken.
---------------------------------------------
http://www.heise.de/security/meldung/FinFisher-Co-machen-harmlose-Katzenvid…
*** Part 1: Is your home network unwittingly contributing to NTP DDOS attacks?, (Sun, Aug 17th) ***
---------------------------------------------
For the last year or so, I have been investigating UDP DDOS attacks. In this diary I would like to spotlight a somewhat surprising scenario where a manufacturer's misconfiguration on a popular consumer device combined with a design decision in a home gateway router may make you an unwitting accomplice in amplified NTP reflection DDOS attacks. This is part 1 of the story. I will publish the conclusion Tuesday August 19th. Background Today almost every house has consumer broadband services.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18547&rss
*** Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability, (Sat, Aug 16th) ***
---------------------------------------------
With Windows malware getting so much attention nowadays, its easy to forget that attackers also target other OS platforms. Lets take a look at a recent attempt to install an IRC bot written in Perl by exploiting a vulnerability in PHP. The Initial Probe The web server received the initial probe from 46.41.128.231, an IP address that at the time was not flagged as malicious on various blacklists: HEAD / HTTP/1.0 The connection lacked the headers typically present in an HTTP request, which is why...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18543&rss
*** ZeroLocker wont come to your rescue ***
---------------------------------------------
In recent times weve been seeing a lot of file-encrypting ransomware activity. One of the new ones weve seen pop up in the last couple weeks is called ZeroLocker. Theres indication the C&C configuration contains some errors which would prevent...
---------------------------------------------
https://securelist.com/blog/incidents/66135/zerolocker-wont-come-to-your-re…