Daily

daily@lists.cert.at

1 participants
3156 discussions

Tageszusammenfassung - Mittwoch 4-06-2014
by Daily end-of-shift report 04 Jun '14

04 Jun '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 03-06-2014 18:00 − Mittwoch 04-06-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** GameOver Zeus Takedown Shows Good Early Returns *** --------------------------------------------- The effect of the takedown of the GameOver Zeus botnet this week has been immediate and significant. Researchers who track the activity of the peer-to-peer botnet's activity say that the volume of packets being sent out by infected machines has dropped to almost zero. On Friday, the FBI and Europol, .. --------------------------------------------- http://threatpost.com/gameover-zeus-takedown-shows-good-early-returns/106429 *** Phishing Tale: An Analysis of an Email Phishing Scam *** --------------------------------------------- Phishing scams are always bad news, and in light of the Google Drive scam that made the rounds again last week, we thought we'd tell the story of some spam that was delivered into my own inbox because even security researchers, .. --------------------------------------------- http://blog.sucuri.net/2014/06/phishing-tale-an-analysis-of-an-email-phishi… *** Making end-to-end encryption easier to use *** --------------------------------------------- While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use. To help make this kind of encryption a bit easier, we're releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools. However, .. --------------------------------------------- http://googleonlinesecurity.blogspot.co.at/2014/06/making-end-to-end-encryp… *** The Best Of Both Worlds - Soraya *** --------------------------------------------- Arbor Networks' ASERT has recently discovered a new malware family that combines several techniques to steal payment card information. Dubbed Soraya, meaning 'rich', this malware uses memory scraping techniques similar to those found in Dexter to target point-of-sale terminals. Soraya also intercepts form data sent from web browsers, similar to the Zeus family of malware. Neither of these two techniques are new, but we have not seen them used together in the same piece of malware. --------------------------------------------- http://www.arbornetworks.com/asert/2014/06/the-best-of-both-worlds-soraya/ *** COPA-DATA Improper Input Validation *** --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-154-01 *** DSA-2945 chkrootkit *** --------------------------------------------- http://www.debian.org/security/2014/dsa-2945 *** Adobe Acrobat / Reader XI-X AcroBroker Sandbox Bypass *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014060030 *** FreeBSD PAM Policy Parser Remote Authentication Bypass *** --------------------------------------------- http://www.securitytracker.com/id/1030330

1 0

Tageszusammenfassung - Dienstag 3-06-2014
by Daily end-of-shift report 03 Jun '14

03 Jun '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 02-06-2014 18:00 − Dienstag 03-06-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Energy Bill Spam Campaign Serves Up New Crypto Malware *** --------------------------------------------- Everyone hates getting bills, and with each new one it seems like the amount due just keeps getting higher and higher. However, Symantec recently discovered an energy bill currently being .. --------------------------------------------- http://www.symantec.com/connect/blogs/energy-bill-spam-campaign-serves-new-… *** Writing robust Yara detection rules for Heartbleed *** --------------------------------------------- This blog walks through the methodology and process of writing robust Yara rules to detect either Heartbleed vulnerable OpenSSL statically linked or shared libraries which omit version information. Although Yara is designed for pattern matching and typically used by malware researchers we'll show how we can also use it to detect vulnerable binaries. --------------------------------------------- https://www.nccgroup.com/en/blog/2014/06/writing-robust-yara-detection-rule… *** Huawei-Router lassen sich aus dem Internet kapern *** --------------------------------------------- Eine Reihe von Schwachstellen in zwei Mobilnetz-Routern von Huawei ermglichen es, die Geräte aus dem Internet zu kapern. Eine der Schwachstellen hatte Huawei schon einmal geschlossen - offensichtlich nicht gründlich genug. --------------------------------------------- http://www.heise.de/security/meldung/Huawei-Router-lassen-sich-aus-dem-Inte… *** TYPO3-EXT-SA-2014-009: Cross-Site Scripting in news *** --------------------------------------------- It has been discovered that the extension "News system" (news) is susceptible to Cross-Site Scripting --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… *** Vulnerabilities in All in One SEO Pack Wordpress Plugin Put Millions of Sites At Risk *** --------------------------------------------- Multiple Serious vulnerabilities have been discovered in the most famous "All In One SEO Pack" plugin for WordPress, that put millions of Wordpress websites at risk. --------------------------------------------- https://thehackernews.com/2014/05/vulnerabilities-in-all-in-one-seo-pack.ht… *** (0Day) Rocket Servergraph Admin Center for TSM userRequest save_server_groups Command Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rocket Servergraph Admin Center for Tivoli Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the userRequest servlet. It is possible to inject arbitrary operating system commands when the servlet .. --------------------------------------------- http://zerodayinitiative.com/advisories/ZDI-14-166/ *** Using nmap to scan for DDOS reflectors *** --------------------------------------------- As we have seen in past diaries about reflective DDOS attacks they are certainly the flavor of the day. US-CERT claims there are several UDP based protocols that are potential attack vectors. In my experience the most prevalent ones are DNS, NTP, SNMP, and CharGEN. Assuming you have permission; Is there an easy way to do good data gathering for these ports on your network? Yes, as a matter of a fact it can be done in one simple nmap command. --------------------------------------------- https://isc.sans.edu/diary/Using+nmap+to+scan+for+DDOS+reflectors/18193 *** dbus-glib pam_fprintd Local Root Exploit *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014060009 *** DCMTK Privilege Escalation *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014060011

1 0

Tageszusammenfassung - Montag 2-06-2014
by Daily end-of-shift report 02 Jun '14

02 Jun '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 30-05-2014 18:00 − Montag 02-06-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Play Store ermöglicht Apps mehr Rechte ohne Nachfragen *** --------------------------------------------- Der Play Store wird mal wieder renoviert, doch dabei sägt Google auch an tragenden Wänden. In der aktuellen Version werden App-Berechtigungen in Gruppen zusammengefasst, weshalb neue Rechte nicht immer genehmigt werden müssen. --------------------------------------------- http://www.heise.de/security/meldung/Play-Store-ermoeglicht-Apps-mehr-Recht… *** CVE-2014-2120 - A Tale of Cisco ASA 'Zero-Day' *** --------------------------------------------- A few months ago I was trying to PoC a known cross-site scripting vulnerability in the Cisco ASA WebVPN portal (CVE-2013-3414) for inclusion in the TrustKeeper Scan Engine. I tried a number of different techniques on multiple different ASA versions/branches and I simply could not tease out a viable PoC. At my wits end, I .. --------------------------------------------- http://blog.spiderlabs.com/2014/05/cve-2014-2120-a-tale-of-cisco-asa-0-day.… *** FTP Zugangsdaten kompromittiert *** --------------------------------------------- Wie Heise berichtet, hat das BSI/CERT-Bund viele Provider informiert, dass Zugangsdaten zu FTP-Accounts gefunden wurden.Das betraf nicht nur Deutschland; die gleiche Quelle hat auch andere CERTs und Sicherheitsteams informiert. Wir bekamen die gleichen Daten wie unsere deutschen Kollegen, .. --------------------------------------------- http://www.cert.at/services/blog/20140530100952-1151.html *** WordPress iMember360is 3.9.001 XSS Disclosure Code Execution *** --------------------------------------------- WordPress iMember360is 3.9.001 XSS Disclosure Code Execution --------------------------------------------- http://cxsecurity.com/issue/WLB-2014060001 *** Security: Heartbleed in WLAN-Routern gefunden *** --------------------------------------------- Der Heartbleed-Fehler ist offenbar noch in zahlreichen WLAN-Routern vorhanden, genauer im Authentifizierungsprotokoll EAP. Das berichtet der Sicherheitsexperte Luis Grangeia. --------------------------------------------- http://www.golem.de/news/security-heartbleed-in-wlan-routern-gefunden-1406-… *** CVE-2014-3466 gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3) *** --------------------------------------------- A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code. --------------------------------------------- https://bugzilla.redhat.com/show_bug.cgi?id=1101932 *** DSA-2943-1 php5 -- security update *** --------------------------------------------- Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development .. --------------------------------------------- https://www.debian.org/security/2014/dsa-2943 *** Huawei: SMS verschicken auf fremde Kosten *** --------------------------------------------- Eine Sicherheitslücke in einem weit verbreiteten USB-UMTS-Stick ermöglicht es Angreifern, mit einer manipulierten Webseite SMS zu verschicken. Ein Update gibt es bisher nicht. (UMTS, Technologie) --------------------------------------------- http://www.golem.de/news/huawei-sms-verschicken-auf-fremde-kosten-1406-1068… *** 'Operation Tovar' Targets 'Gameover' ZeuS Botnet, CryptoLocker Scourge *** --------------------------------------------- The U.S. Justice Department is expected to announce today an international law enforcement operation to seize control over the Gameover ZeuS botnet, a sprawling network of hacked Microsoft Windows computers that currently infects an estimated 500,000 to 1 million compromised systems globally. Experts say PCs infected with Gameover are being harvested for sensitive financial and personal data, .. --------------------------------------------- http://krebsonsecurity.com/2014/06/operation-tovar-targets-gameover-zeus-bo…

1 0

Tageszusammenfassung - Freitag 30-05-2014
by Daily end-of-shift report 30 May '14

30 May '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 29-05-2014 18:00 − Freitag 30-05-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Third-Party Auth Token Theft: The Big Picture *** --------------------------------------------- Nothing sets the technical journalists abuzz like the prospect of a catastrophic, Internet-wide vulnerability. Fresh off the very legitimate excitement over Heartbleed, some media outlets were hoping for a new scoop with "Covert Redirections". Spoiler alert: there's no catastrophe. For those that haven't heard, this started with a paper and series of blog posts by Wang Jing. Wang describes an attack against websites that use third-party authentication services and are... --------------------------------------------- http://blog.spiderlabs.com/2014/05/third-party_auth_token_theft_the_big_pic… *** Ende von Truecrypt: Entwickler hat angeblich Interesse verloren *** --------------------------------------------- Einer der Entwickler von Truecrypt hat sich angeblich zu Wort gemeldet und die Beweggründe für das plötzliche Aus erklärt: Man habe das Interesse verloren. Einer Weiterentwicklung durch die Community steht er demnach kritisch gegenüber. --------------------------------------------- http://www.heise.de/security/meldung/Ende-von-Truecrypt-Entwickler-hat-ange… *** Hintergrund: Truecrypt ist unsicher - und jetzt? *** --------------------------------------------- Sollten wir jetzt wirklich alle auf Bitlocker umsteigen, wie es die Truecrypt-Entwickler vorschlagen? Einen echten Nachfolger wird es jedenfalls so bald nicht geben - und daran sind nicht zu letzt auch die Truecrypt-Entwickler schuld. --------------------------------------------- http://www.heise.de/security/artikel/Truecrypt-ist-unsicher-und-jetzt-22114… *** ThreadFix v2.1M1 Released *** --------------------------------------------- ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. ThreadFix is licensed under the Mozilla Public License (MPL) version 2.0. --------------------------------------------- http://www.toolswatch.org/2014/05/threadfix-v2-1m1-released/ *** New Attack Methods Can brick Systems, Defeat Secure Boot, Researchers Say *** --------------------------------------------- IDG News Service - The Secure Boot security mechanism of the Unified Extensible Firmware Interface (UEFI) can be bypassed on around half of computers that have the feature enabled in order to install bootkits, according to a security researcher. --------------------------------------------- http://www.cio.com/article/753439/New_Attack_Methods_Can_39_brick_39_System… *** Thieves Planted Malware to Hack ATMs *** --------------------------------------------- A recent ATM skimming attack in which thieves used a specialized device to physically insert malicious software into a cash machine may be a harbinger of more sophisticated scams to come. --------------------------------------------- http://krebsonsecurity.com/2014/05/thieves-planted-malware-to-hack-atms/ *** Heartbleed-Bug: OpenSSL bekommt Security-Audit und zwei Festangestellte *** --------------------------------------------- Die Linux-Foundation sammelt Geld für Kern-Infrastruktur wie OpenSSL und gibt nun erste Pläne bekannt. Beraten sollen das Projekt Linux-Kernel-Hacker und Bruce Schneier sowie Eben Moglen. --------------------------------------------- http://www.golem.de/news/heartbleed-bug-openssl-bekommt-security-audit-und-… *** When Networks Turn Hostile *** --------------------------------------------- We've previously discussed how difficult it is to safely connect to networks when on the go. This is particularly true on vacations and holidays, where the availability of Internet access is one of the most important factors when looking for a place to stay. In fact, many holiday lodges and hotels today have made Wi-Fi access an... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/CL6K-SnbQJQ/ *** Triangle MicroWorks Uncontrolled Resource Consumption *** --------------------------------------------- Adam Crain of Automatak and Chris Sistrunk of Mandiant have identified an uncontrolled resource consumption vulnerability in Triangle MicroWorks products and third-party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-149-01 *** Cogent Datahub Vulnerabilities *** --------------------------------------------- Independent researcher Alain Homewood has identified four vulnerabilities in the Cogent Real-Time Systems DataHub application. Cogent Real-Time Systems has produced a new version that mitigates three of the four identified vulnerabilities; they have recommended a mitigation for the unresolved vulnerability. The researcher has tested the new version to validate that it resolves three of the four vulnerabilities. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 *** VMSA-2014-0005 *** --------------------------------------------- VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0005.html *** VMSA-2014-0002.3 *** --------------------------------------------- VMware vSphere updates to third party libraries --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0002.html *** ElasticSearch Dynamic Script Arbitrary Java Execution *** --------------------------------------------- Topic: ElasticSearch Dynamic Script Arbitrary Java Execution Risk: High Text:## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-fr... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014050154 *** VU#325636: Huawei E303 contains a cross-site request forgery vulnerability *** --------------------------------------------- Vulnerability Note VU#325636 Huawei E303 contains a cross-site request forgery vulnerability Original Release date: 30 May 2014 | Last revised: 30 May 2014 Overview The built-in web interface of Huawei E303 devices contains a cross-site request forgery vulnerability. Description Huawei E303 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to send and receive SMS messages using the connected cellular network. CWE-352: --------------------------------------------- http://www.kb.cert.org/vuls/id/325636 *** VU#124908: Dell ML6000 and Quantum Scalar i500 tape backup system command injection vulnerability *** --------------------------------------------- Vulnerability Note VU#124908 Dell ML6000 and Quantum Scalar i500 tape backup system command injection vulnerability Original Release date: 30 May 2014 | Last revised: 30 May 2014 Overview Dell ML6000 and Quantum Scalar i500 tape backup system contain a command injection vulnerability. Description CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)Dells and Quantums advisories state the following:The tape librarys remote user interface... --------------------------------------------- http://www.kb.cert.org/vuls/id/124908

1 0

Tageszusammenfassung - Mittwoch 28-05-2014
by Daily end-of-shift report 28 May '14

28 May '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 27-05-2014 18:00 − Mittwoch 28-05-2014 18:00 Handler: Christian Wojner Co-Handler: Stephan Richter *** Spam Campaign Spreading Malware Disguised as HeartBleed Bug Virus Removal Tool *** --------------------------------------------- At the beginning of April, a vulnerability in the OpenSSL cryptography library, also known as the Heartbleed bug, made headlines around the world.read more --------------------------------------------- http://www.symantec.com/connect/blogs/spam-campaign-spreading-malware-disgu… *** [2014-05-28] Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress *** --------------------------------------------- Attackers are able to completely compromise the voice recording / surveillance solution "NICE Recording eXpress" as they can gain access to the system and database level and listen to recorded calls without prior authentication or exploit a root backdoor account. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Apple Ransomware Targeting iCloud Users Hits Australia *** --------------------------------------------- A handful of iPhone, iPad and Mac users, largely confined to Australia, awoke Tuesday to discover their devices had been taken hostage by ransomware. --------------------------------------------- http://threatpost.com/apple-ransomware-targeting-icloud-users-hits-australi… *** iPhone-"Entführung" per Fernzugriff: Apple betont, dass iCloud sicher ist *** --------------------------------------------- In einem Statement heißt es, die derzeit in Australien die Runde machenden Erpressungsversuche, bei denen Angreifer Apple-Hardware aus der Ferne sperren, hätten nichts mit Sicherheitsproblemen in der iCloud zu tun. Schlechte Passwörter seien schuld. --------------------------------------------- http://www.heise.de/security/meldung/iPhone-Entfuehrung-per-Fernzugriff-App… *** Bugtraq: LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/532224 *** Kali-Linux: Pentesting-Stick mit Verschlüsselung und Notfallknopf *** --------------------------------------------- Wer Kali Linux auf einen USB-Stick installiert, kann die Datenpartition mit Version 1.0.7 endlich verschlüsseln. Das schützt brisante Daten vor neugierigen Blicken. Darüber hinaus gibt es einen Selbstzerstörungs-Mechanismus. --------------------------------------------- http://www.heise.de/security/meldung/Kali-Linux-Pentesting-Stick-mit-Versch… Next End-of-Shift report on 2015-05-30

1 0

Tageszusammenfassung - Dienstag 27-05-2014
by Daily end-of-shift report 27 May '14

27 May '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 26-05-2014 18:00 − Dienstag 27-05-2014 18:00 Handler: Christian Wojner Co-Handler: Stephan Richter *** Mac OS X: VirusTotal veröffentlicht Uploader *** --------------------------------------------- Der von Google aufgekaufte Viren-Scan-Dienst hat ein Tool veröffentlicht, mit dem Mac-Nutzer suspekte Dateien und Programme zur Prüfung hochladen können. VirusTotal erhofft sich tieferen Einblick in OS-X-Schadsoftware. --------------------------------------------- http://www.heise.de/security/meldung/Mac-OS-X-VirusTotal-veroeffentlicht-Up… *** Malicious Redirections to Porn Websites *** --------------------------------------------- The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infections had a similar pattern where they only targeted mobile devices. They are highly conditional as well making it challenging for webmasters to detect. Lets take a minute to explain... --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/aMQhA3--dfg/website-infection… *** Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass *** --------------------------------------------- Accounts accessed from Wi-Fi hotspots and other unsecured networks are wide open. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/yKbonlXYDrk/ *** Youve got Mail! But someone else is reading it in Outlook for Android *** --------------------------------------------- Researchers say Redmond forgot to encrypt messages stored on Android SD cards Researchers have plucked privacy holes in Microsofts Outlook Android app that expose user data when user security setting screws were not tightened. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/05/27/prying_priv… *** Mt. Gox: Bitcoin-Preise angeblich durch Bots manipuliert *** --------------------------------------------- Neue Spekulation um die insolvente Bitcoin-Börse Mt. Gox: Laut einer Analyse sollen Bots die Preise an der Börse getrieben und mindestens rund 570.000 Bitcoins aufgekauft haben. --------------------------------------------- http://www.heise.de/newsticker/meldung/Mt-Gox-Bitcoin-Preise-angeblich-durc… *** Fernwartungsfunktion: Onlineganoven entführen Macs und iPhones *** --------------------------------------------- Mit "Find My iPhone" und "Find My Mac" können Nutzer geklaute Hardware über ihre Apple ID sperren. Gerät diese in falsche Hände, können das aber auch Erpresser. In Australien sollen solche "Entführungen" gerade öfter vorkommen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Fernwartungsfunktion-Onlineganoven-e… *** cPanel cgiemail Character Injection Flaw Lets Remote Users Send SPAM via the System *** --------------------------------------------- A remote user can inject newline characters via certain parameters to modify email fields and send SPAM to arbitrary destination addresses via cgiemail. --------------------------------------------- http://www.securitytracker.com/id/1030287 *** Avast-Forum fällt Hackerangriff zum Opfer *** --------------------------------------------- Unbekannten gelang es, Nutzernamen, E-Mail-Adressen und verschlüsselte Passwörter von 350.000 Nutzern zu kopieren. Der Firmenchef des Antivirenherstellers hält es für möglich, dass die Hacker an Klartext-Passwörter kommen. --------------------------------------------- http://www.heise.de/security/meldung/Avast-Forum-faellt-Hackerangriff-zum-O… *** Multiple Vulnerabilities in TYPO3 CMS *** --------------------------------------------- It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. --------------------------------------------- http://typo3.org/news/article/multiple-vulnerabilities-in-typo3-cms-1/ *** Amazons AWS bietet Verschlüsselung auf Blockebene *** --------------------------------------------- Nutzer von Amazons Cloud-Angeboten können ihre auf virtuellen Laufwerken gespeicherten Daten verschlüsseln. --------------------------------------------- http://www.heise.de/security/meldung/Amazons-AWS-bietet-Verschluesselung-au… *** Top 10 Windows Server Security Misconfigurations *** --------------------------------------------- Introduction According to Wikipedia, 32.6% of servers on the Internet are running Microsoft Windows. The purpose of this article is to create awareness among system administrators and managers about some of the areas on which it is important to focus when implementing a new Windows build or when hardening the security of an existing server. The Survey One of the activities of the @NCCGroupInfosec team is to perform build reviews on clients' systems, looking for any misconfigurations that... --------------------------------------------- https://www.nccgroup.com/en/blog/2014/05/top-10-windows-server-security-mis… *** Zeus-Carberp Hybrid Trojan Pops Up *** --------------------------------------------- Researchers have discovered a new hybrid Trojan that combines elements of two of the more notorious crimeware strains of the last few years: Zeus and Carberp. It's not uncommon for malware writers to steal bits and pieces of code from one another, but both Zeus and Carberp were once exclusively private tools, but the source... --------------------------------------------- http://threatpost.com/zeus-carberp-hybrid-trojan-pops-up/106283

1 0

Tageszusammenfassung - Montag 26-05-2014
by Daily end-of-shift report 26 May '14

26 May '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 23-05-2014 18:00 − Montag 26-05-2014 18:00 Handler: Christian Wojner Co-Handler: Stephan Richter *** Long run compromised accounting data based type of managed iframe-ing service spotted in the wild *** --------------------------------------------- In a cybercrime ecosystem dominated by DIY (do-it-yourself) malware/botnet generating releases, populating multiple market segments on a systematic basis, cybercriminals continue seeking new ways to acquire and efficiently monetize fraudulently obtained accounting data, for the purpose of achieving a positive ROI (Return on Investment) on their fraudulent operations. In a series of blog posts, we've been detailing the existence of commercially available server-based malicious... --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/HvVQ_hnfyXQ/ *** RAT in a jar: A phishing campaign using Unrecom + IOC's *** --------------------------------------------- In the past two weeks, we have observed an increase in attack activity against the U.S. state and local government, technology, advisory services, health, and financial sectors through phishing emails with what appears to be a remote access trojan (RAT) known as Unrecom. The attack has also been observed against the financial sector in Saudi Arabia and Russia. --------------------------------------------- http://www.fidelissecurity.com/webfm_send/382 (PDF) http://www.fidelissecurity.com/files/files/FTA1013_RAT_in_a_jar_IOCs.xlsx *** Hackers claim MitM attack enables iCloud security feature bypass *** --------------------------------------------- Hackers claim that the iOS Activation Lock, a feature that makes it harder for crooks to use and sell lost or stolen Apple mobile devices, can be bypassed in a MitM attack. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/kJtdTS-KQeU/ *** US may block visas for Chinese hackers attending DefCon, Black Hat *** --------------------------------------------- Organizers of those conferences skeptical of the move to exclude Chinese nationals. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/Cny7FF2H8rU/ *** Warnung vor Update-Hack für Windows XP *** --------------------------------------------- Mit einem Trick kann man dem Update-Server von Microsoft vormachen, man betreibe eine Spezialversion von Windows XP, die noch bis April 2019 mit Updates versorgt wird. Das ist allerdings nicht ganz ungefährlich. --------------------------------------------- http://www.heise.de/newsticker/meldung/Warnung-vor-Update-Hack-fuer-Windows…

1 0

Tageszusammenfassung - Freitag 23-05-2014
by Daily end-of-shift report 23 May '14

23 May '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 22-05-2014 18:00 − Freitag 23-05-2014 18:00 Handler: Robert Waldner Co-Handler: n/a *** (0Day) SAP Sybase ESP Remote Code Execution Vulnerabilities *** --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-142/ http://www.zerodayinitiative.com/advisories/ZDI-14-143/ http://www.zerodayinitiative.com/advisories/ZDI-14-144/ http://www.zerodayinitiative.com/advisories/ZDI-14-145/ http://www.zerodayinitiative.com/advisories/ZDI-14-146/ http://www.zerodayinitiative.com/advisories/ZDI-14-147/ http://www.zerodayinitiative.com/advisories/ZDI-14-148/ ... http://www.zerodayinitiative.com/advisories/ZDI-14-158/ --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-141/ *** SBA Research: Heartbleed-Betroffene in Österreich beheben Problem unzureichend *** --------------------------------------------- Das österreichische COMET-Kompetenzzentrum SBA Research hat aufgrund der aktuellen Bedrohungslage durch die Heartbleed-Schwachstelle eine Analyse über die Behebung der Schwachstelle durchgeführt. Dabei ist es für die Administratoren der betroffenen Server nicht nur wichtig, die OpenSSL-Bibliothek zu aktualisieren, sondern auch, Benutzer der Seite zur Passwort-Anderung aufzufordern und die SSL-Zertifikate inklusive kryptografischer Schlüssel zu erneuern. --------------------------------------------- http://www.sba-research.org/2014/05/23/heartbleedpresse/ *** Multiple D-Link Routers Cross Site Scripting / Information Disclosure *** --------------------------------------------- Topic: Multiple D-Link Routers Cross Site Scripting / Information Disclosure Risk: High Text:The following five D-Link model routers suffer from several vulnerabilities including Clear Text Storage of Passwords, Cross S... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014050127 *** Redmond reversal pops IE8 patch in pipeline *** --------------------------------------------- Bug not so bad, Microsoft says, but if you wont upgrade well get around to it eventually Microsoft has announced it will now patch a zero day Internet Explorer 8 vulnerability seven months after it was reported. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/05/23/redmond_rev… *** Cookie-Klau durch zwei Monate alte eBay-Lücke *** --------------------------------------------- In Auktionen eingeschleuste Skripte können Sitzungs-Cookies angreifen oder auch Malware verbreiten. eBay ist offenbar seit zwei Monaten informiert, hat das Problem aber bislang nicht behoben. --------------------------------------------- http://www.heise.de/newsticker/meldung/Cookie-Klau-durch-zwei-Monate-alte-e…

1 0

Tageszusammenfassung - Donnerstag 22-05-2014
by Daily end-of-shift report 22 May '14

22 May '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 21-05-2014 18:00 − Donnerstag 22-05-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** 145 Millionen Kunden von eBay-Hack betroffen *** --------------------------------------------- Unbekannte haben einen grossen Teil der Kundendatenbank der Online-Handelsplattform kopiert. Während der Druck auf eBay steigt, gibt es erste Hinweise, dass die gestohlenen Daten schon missbraucht werden. --------------------------------------------- http://www.heise.de/security/meldung/145-Millionen-Kunden-von-eBay-Hack-bet… *** Multiple Vulnerabilities in Cisco NX-OS-Based Products *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** SA-CONTRIB-2014-057 - Password policy - General logic error *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-057, Project: Password policy (third-party module), Version: 7, Security risk: Moderately critical; This module enables you to define password policies with various constraints on allowable user passwords. The history constraint, when enabled, disallows a users password from being changed to match a specified number of their .. --------------------------------------------- https://drupal.org/node/2271839 *** SA-CONTRIB-2014-055 - Require Login - Access bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-055, Project: Require Login (third-party module), Version: 7, Security risk: Moderately critical; This module enables you to restrict access to a site for all non-authenticated users.The module does not protect the front page, thereby exposing any sensitive information on the front page to anonymous users.This vulnerability is mitigated by the fact that private/sensitive information .. --------------------------------------------- https://drupal.org/node/2271837 *** SA-CONTRIB-2014-056 - Commerce Moneris - Information Disclosure *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-056, Project: Commerce Moneris (third-party module), Version: 7, Security risk: Critical; Commerce Moneris is a payment module that integrates the Moneris payment system with Drupal Commerce.The module stores credit card data in a commerce order object unnecessarily for the purpose of passing the credit card information to the payment gateway. The credit card information is .. --------------------------------------------- https://drupal.org/node/2271823 *** SA-CONTRIB-2014-054 - Views - Access Bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-054, Project: Views (third-party module), Version: 7, Security risk: Moderately critical; The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented.The module doesnt sufficiently check handler access when returning the list of handlers .. --------------------------------------------- https://drupal.org/node/2271809 *** IBM Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Portal *** --------------------------------------------- IBM WebSphere Application Server is shipped as a component of IBM WebSphere Portal. Information about a security vulnerabilities affecting IBM WebSphere Application Server has been published in security bulletins. CVE(s): CVE-2014-0963 Affected product(s) .. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** A peek inside a newly launched all-in-one E-shop for cybercrime-friendly services *** --------------------------------------------- Cybercriminals continue diversifying their portfolios of standardized fraudulent services, in an attempt to efficiently monetize their malicious 'know-how', further contributing to the growth of the cybercrime ecosystem. In a series of blog posts highlighting the emergence of the boutique cybercrime-friendly E-shops, we've been emphasizing on the over-supply of compromised/stolen accounting data, efficiently aggregated .. --------------------------------------------- http://www.webroot.com/blog/2014/05/21/peek-inside-newly-launched-one-e-sho… *** Redmond wont fix IE 8 zero day, says harden up instead *** --------------------------------------------- Phishers get fresh code execution bait Microsoft has decided not to fix an IE 8 zero-day first identified seven months ago, instead telling users to harden up their browsers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/05/22/ie_8_zero_d… *** Hacker wollen Apples iOS-Aktivierungssperre geknackt haben *** --------------------------------------------- Eine Team aus den Niederlanden und Marokko behauptet, die in iCloud integrierte Funktion ausgehebelt zu haben, mit der Apple die Nutzung geklauter iPhones und iPads verhindern will - angeblich per Man-in-the-Middle-Angriff. Bislang fehlen viele Details. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-wollen-Apples-iOS-Aktivierungss… *** Multiple Vulnerabilities in TYPO3 CMS *** --------------------------------------------- It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Overall Severity: Medium --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-s… *** XML Schema, DTD, and Entity Attacks - A Compendium of Known Techniques *** --------------------------------------------- The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. ... When used incorrectly, certain aspects of these document definition and validation features can lead to security vulnerabilities in applications that use XML. This document attempts to provide an up to date reference on these attacks, enumerating all publicly known techniques applicable to the most popular XML parsers in use while exploring a few novel attacks as well. --------------------------------------------- http://packetstorm.interhost.co.il/papers/general/XMLDTDEntityAttacks.pdf

1 0

Tageszusammenfassung - Mittwoch 21-05-2014
by Daily end-of-shift report 21 May '14

21 May '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 20-05-2014 18:00 − Mittwoch 21-05-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Ebay: Kundendaten bei Hackerangriff gestohlen *** --------------------------------------------- Hacker hatten im Februar und März Zugriff auf Kundendaten --------------------------------------------- http://derstandard.at/2000001422781 *** Enterprises Still Lax on Privileged User Access Controls *** --------------------------------------------- The results of a survey commissioned by Raytheon demonstrate that enterprises still dont have a firm grasp on privileged users and their activities on corporate networks. --------------------------------------------- http://threatpost.com/enterprises-still-lax-on-privileged-user-access-contr… *** iBanking: Exploiting the Full Potential of Android Malware *** --------------------------------------------- http://www.symantec.com/connect/blogs/ibanking-exploiting-full-potential-an… *** World's most pricey trojan is veritable Swiss Army knife targeting Android *** --------------------------------------------- Malicious Android app contains remote bugging, SMS interception, and much more. --------------------------------------------- http://arstechnica.com/security/2014/05/worlds-most-pricey-trojan-is-verita… *** Siemens Industrial Products OpenSSL Heartbleed Vulnerability (Update B) *** --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-105-03B *** [2014-05-21] Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4 *** --------------------------------------------- The software CoSoSys Endpoint Protector is affected by critical, unauthenticated SQL injection vulnerabilities and backdoor accounts. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Security App of the Week: WP Security Audit Log *** --------------------------------------------- WP Security Audit Log is a WordPress plugin that logs all the actions and events that take place under your website's hood. The plugin is useful not only in case of a data breach, but also for preventing one. The plugin is designed to generate a security alert when certain actions are detected. For instance, .. --------------------------------------------- http://news.softpedia.com/news/Security-App-of-the-Week-WP-Security-Audit-L… *** Hook Analyser 3.1 - Malware Analysis Tool *** --------------------------------------------- Hook Analyser is a freeware application which allows an investigator/analyst to perform 'static & run-time / dynamic' analysis of suspicious applications, also gather (analyse & co-related) threat intelligence related information (or data) from various open sources on the Internet. --------------------------------------------- http://www.darknet.org.uk/2014/05/hook-analyser-3-1-malware-analysis-tool/ *** Why You Should Ditch Adobe Shockwave *** --------------------------------------------- This author has long advised computer users who have Adobes Shockwave Player installed to junk the product, mainly on the basis that few sites actually require the browser plugin, and because its yet another plugin that requires constant updating. But I was positively shocked this week to learn that this software introduces a far more pernicious problem: Turns out, .. --------------------------------------------- http://krebsonsecurity.com/2014/05/why-you-should-ditch-adobe-shockwave/ *** LSE stellt Authentifizierungs-Tool LinOTP unter Open-Source-Lizenz *** --------------------------------------------- Das Authentifizierungswerkzeug LinOTP steht ab sofort als Open-Source-Produkt zum kostenlosen Download bereit. --------------------------------------------- http://www.heise.de/newsticker/meldung/LSE-stellt-Authentifizierungs-Tool-L… *** Bugs in your TV *** --------------------------------------------- Introduction As part of our research into the Internet of Things (IoT), we were asked to look at the current generation of Smart TVs and see whether they posed any new issues when used in the home or office. In particular, the latest sets come with built-in cameras (for use with video chat applications, .. --------------------------------------------- https://www.nccgroup.com/en/blog/2014/05/bugs-in-your-tv/

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily