Daily September 2014

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - Dienstag 2-09-2014
by Daily end-of-shift report 02 Sep '14

02 Sep '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 01-09-2014 18:00 − Dienstag 02-09-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Bugtraq: Avira License Application - Cross Site Request Forgery Vulnerability *** --------------------------------------------- An independent Vulnerability Laboratory Researcher discovered a cross site request forgery vulnerability in the official Avira license account system web-application. --------------------------------------------- http://www.securityfocus.com/archive/1/533288 *** Dodging Browser Zero Days - Changing your Orgs Default Browser Centrally *** --------------------------------------------- In a recent story about "whats a sysadmin to do?", we suggested that since our browsers seem to take turns with zero days lately, that system administrator should have processes in place to prepare for when their corporate standard browser has a major vulnerability that doesnt yet have .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18601 *** [webapps] - WordPress Slideshow Gallery Plugin 1.4.6 - Shell Upload Vulnerability *** --------------------------------------------- http://www.exploit-db.com/exploits/34514 *** [webapps] - Mulitple WordPress Themes (admin-ajax.php, img param) - Arbitrary File Download *** --------------------------------------------- http://www.exploit-db.com/exploits/34511 *** Net-snmp SNMP Trap Processing Flaw Lets Remote Users Crash snmptrapd *** --------------------------------------------- http://www.securitytracker.com/id/1030789 *** Industrial software website used in watering hole attack *** --------------------------------------------- AlienVault Labs has discovered a watering hole attack thats using a framework developed for reconnaissance as the primary infection vector.The criminals responsible for the incident compromised an unnamed industrial software firms website, suggesting the potential for future attacks against .. --------------------------------------------- http://www.csoonline.com/article/2600772/data-protection/industrial-softwar… *** The Secret Life of SIM Cards *** --------------------------------------------- SIM cards can do more than just authenticate your phone with your carrier. Small apps can be installed and run directly on the SIM separate from and without knowledge of the phone OS. ... This talk, based on our experience building SIM apps for the Toorcamp GSM network, explains what (U)SIM Toolkit Applications are, how they work, and how to develop them. --------------------------------------------- http://www.ehacking.net/2014/08/the-secret-life-of-sim-cards.html *** IPv6 insecurities on 'IPv4-only' networks *** --------------------------------------------- When people hear about IPv6-specific security issues, they frequently tend to rate this as an argument in favour of delaying or avoiding IPv6 deployment on their enterprise or campus network. Even without IPv6 being consciously deployed, however, some of the IPv6-related security issues were already introduced to most networks many years ago. --------------------------------------------- http://securityblog.switch.ch/2014/08/26/ipv6-insecurities-on-ipv4-only-net… *** Using WPS on your Wi-Fi router may be even more dangerous than you think *** --------------------------------------------- In 2011, a researcher found that WPS was 10,000 times easier to crack than it was supposed to be. Now, another researcher has found that cracking it may be 10,000 times easier again... --------------------------------------------- http://nakedsecurity.sophos.com/2014/09/02/using-wps-may-be-even-more-dange… *** TYPO3-EXT-SA-2014-010: Several vulnerabilities in third party extensions *** --------------------------------------------- Several vulnerabilities have been found in the following third-party TYPO3 extensions: cwt_feedit, eu_ldap, flatmgr, jh_opengraphprotocol, ke_dompdf, lumophpinclude, news_pack, sb_akronymmanager, st_address_ma, weeaar_googlesitemap,. wt_directory --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… *** A Google Site Meant to Protect You Is Helping Hackers Attack You *** --------------------------------------------- It's long been suspected that hackers and nation-state spies are using Google's antivirus site to test their tools before unleashing them on victims. Now Brandon Dixon, an independent security researcher, has caught them in the act, tracking several high-profile hacking groups - including, surprisingly, two well-known nation-state teams - as they used VirusTotal to hone their code and develop their tradecraft. --------------------------------------------- http://www.wired.com/2014/09/how-hackers-use-virustotal

1 0

Tageszusammenfassung - Montag 1-09-2014
by Daily end-of-shift report 01 Sep '14

01 Sep '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 29-08-2014 18:00 − Montag 01-09-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** CryptoWall's Haul: $1M in Six Months *** --------------------------------------------- The CryptoWall ransomware has proven to be a profitable criminal enterprise, netting more than $1.1 million in six months. More than 1,600 victims have surfaced and more than 5 billion files have been encrypted. --------------------------------------------- http://threatpost.com/cryptowalls-haul-1m-in-six-months/107978 *** Kindle App for Android SSL certificate spoofing *** --------------------------------------------- Kindle App for Android could allow a remote attacker to conduct spoofing attacks, caused by the improper verification of SSL certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, a remote attacker could exploit this vulnerability using man-in-the-middle techniques to cause the victim to accept spoofed certificates. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/95617 *** Glibc Heap Overflow in __gconv_translit_find() Lets Local Users Gain Elevated Privileges *** --------------------------------------------- A local user can set a specially crafted CHARSET environment variable value to trigger an off-by-one memory error and resulting heap overflow in __gconv_translit_find() and execute arbitrary code on the target system. The local user may be able to cause a set user id (setuid) root application that uses this environment variable to execute code with root privileges. --------------------------------------------- http://www.securitytracker.com/id/1030786 *** F5 Unauthenticated rsync access to Remote Root Code Execution *** --------------------------------------------- When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014080148 *** 1900/UDP (SSDP) Scanning and DDOS, (Sun, Aug 31st) *** --------------------------------------------- Over the last few weeks we have detected a significant increase in both scanning for 1900/UDP and a huge increase of 1900/UDP being used for amplified reflective DDOS attacks. 1900/UDP is the Simple Service Discovery Protocol (SSDP) which is a part of Universal Plug and Play (UPnP). The limited information available to me indicates that the majority of the devices that are .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18599 *** Rubbish WPS config sees WiFi router keys popped in seconds *** --------------------------------------------- Another day, another way in to your home router Passwords within routers sold by chipset manufacturer Broadcom and an unnamed vendor can be accessed within seconds thanks to weak or absent key randomisation, security bod Dominique Bongard has claimed. --------------------------------------------- http://www.theregister.co.uk/2014/09/01/wps_flaw_leaves_home_routers_vulner… *** Lynis 1.6.0 - Security auditing tool for Unix/Linux systems *** --------------------------------------------- Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is .. --------------------------------------------- http://hack-tools.blackploit.com/2014/08/lynis-160-security-auditing-tool-f… *** Mozilla: An die 100.000 Nutzerdaten unabsichtlich offengelegt *** --------------------------------------------- Zweite grosse Datenpanne innerhalb eines Monats beim Firefox-Hersteller --------------------------------------------- http://derstandard.at/2000005015299 *** Dircrypt: Ransomware liefert Schlüssel mit *** --------------------------------------------- Eine Analyse der Ransomware Dircrypt hat ergeben, dass die verschlüsselten Dateien des Erpressungstrojaners offenbar den Schlüssel mitliefern. Allerdings nur für einen Teil der Daten. --------------------------------------------- http://www.golem.de/news/dircrypt-ransomware-liefert-schluessel-mit-1409-10… *** APWG Q2 2014 report, phishing is even more dangerous *** --------------------------------------------- The APWG has published its new report related to phishing activities in the period April - June 2014, the document titled 'Phishing Activity Trends Report, 2nd Quarter 2014' states that online payment services and crypto-currency sites are .. --------------------------------------------- http://securityaffairs.co/wordpress/27935/cyber-crime/apwg-q2-2014-report.h…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily September 2014