=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 25-06-2014 18:00 − Donnerstag 26-06-2014 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Symantec Data Insight Management Console HTML Injection and Cross-Site Scripting ***
---------------------------------------------
The management console for Symantec Data Insight does not sufficiently validate/sanitize arbitrary input in two separate fields within the management GUI. This could potentially allow unauthorized command execution or potential malicious redirection.
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se…
*** VMware Patches Apache Struts Flaws in vCOPS ***
---------------------------------------------
VMware has patched several serious security vulnerabilities in its vCenter Operations Center Management suite, one of which could lead to remote code execution on vulnerable machines.
---------------------------------------------
http://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858
*** phpMyAdmin 4.2.3 XSS ***
---------------------------------------------
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a hide or unhide action.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060139
*** Sophos Anti-Virus Input Validation Flaw in Configuration Console Permits Cross-Site Scripting Attacks ***
---------------------------------------------
A vulnerability was reported in the Sophos Anti-Virus Configuration Console. A remote user can conduct cross-site scripting attacks.
Several scripts do not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Sophos Anti-Virus configuration console software and will run in the security context of that site.
---------------------------------------------
http://www.securitytracker.com/id/1030467
*** IBM Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.33 ***
---------------------------------------------
Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 7.0.0.33 and IBM WebSphere Application Server Hypervisor Edition 7.0.0.33
CVE(s): CVE-2013-6323, CVE-2013-6329, CVE-2013-6349, CVE-2013-6738, CVE-2014-0859, CVE-2013-6438, CVE-2013-6747, CVE-2014-3022, CVE-2014-0891, CVE-2014-0965, CVE-2014-0050, CVE-2014-0098, CVE-2014-0963 and CVE-2014-0114
Affected product(s) and affected version(s): WebSphere Application Server and bundling
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** IBM Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.9 ***
---------------------------------------------
Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.9 and IBM WebSphere Application Server Hypervisor 8.0.0.9
CVE(s): CVE-2013-6323, CVE-2013-6329, CVE-2013-6349, CVE-2014-0823, CVE-2013-6738, CVE-2014-0857, CVE-2014-0859, CVE-2013-6438, CVE-2013-6747, CVE-2014-3022, CVE-2014-0891, CVE-2014-0965, CVE-2014-0050, CVE-2014-0098, CVE-2014-0963 and CVE-2014-0076
Affected product(s) and affected version(s): WebSphere Application Server and bundling
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** IBM Security Bulletin: Rational ClearQuest is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-3470 ***
---------------------------------------------
Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. The OpenSSL commponent is shipped as embedded in cqperl. Customers might be affected when there is perl hooks or scripts that are using SSL connections. ClearQuest itself does not provide any service using OpenSSL.
CVE(s): CVE-2014-0224 and CVE-2014-3470
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** PayPal 2FA mobe flaw chills warm and fuzzy security feeling ***
---------------------------------------------
PayPal's second factor authentication (2FA) protection can be mitigated through mobile device interfaces that allow fraudsters to steal funds with a victim's username and password, Duo Security researchers say.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/06/26/paypal_2fa_…
*** Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux) ***
---------------------------------------------
The Configuration Console of Sophos Antivirus 9.5.1 (Linux) does not sanitize several input parameters before sending them back to the browser, so an attacker could inject code inside these parameters, including JavaScript code. ... CVE: CVE-2014-2385
Affected version: 9.5.1
Fixed version: 9.6.1
---------------------------------------------
https://www.portcullis-security.com/security-research-and-downloads/securit…
*** Weniger NTP-Server für dDoS ausnutzbar, aber... ***
---------------------------------------------
Die noch verwundbaren Zeitserver sind aber zum Teil so schlecht konfiguriert, dass verheerende NTP-Verstärkungsangriffe nach wie vor möglich sind.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Weniger-NTP-Server-fuer-dDoS-ausnutz…
*** Fighting cybercrime: Strategic cooperation agreement signed between ENISA and Europol ***
---------------------------------------------
The heads of ENISA and Europol today signed a strategic cooperation agreement in Europol's headquarters in The Hague, to facilitate closer cooperation and exchange of expertise in the fight against cybercrime.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/fighting-cybercrime-strateg…
*** 2014 Cyber Attacks Timeline Master Index (at least so far) ***
---------------------------------------------
Finally I was able to organize the timelines collected in 2014. I have created a new page with the 2014 Cyber Attacks Timeline Master Index accessible either directly or from the link in the top menu bar. Hopefully it will be regularly updated. With this opportunity I also re-ordered the timelines and stats for 2013. Now everything should be more structured.
---------------------------------------------
http://hackmageddon.com/2014/06/24/2014-cyber-attacks-timeline-master-index…
*** Update to Microsoft Update client ***
---------------------------------------------
This article describes the update that further improves the security of Windows Update (WU) / Microsoft Update (MU) client for Windows 8, Windows RT, Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1. Note: Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 with update 2919355 already include these improvements.
---------------------------------------------
http://support.microsoft.com/kb/2887535
*** Hacking Blind (PDF) ***
---------------------------------------------
Abstract We show that it is possible to write remote stack buffer overflow exploits without possessing a copy of the target binary or source code, against services that restart after a crash. This makes it possible to hack proprietary closed-binary services, or open-source servers manually compiled and installed from source where the binary remains unknown to the attacker.
---------------------------------------------
http://www.exploit-db.com/download_pdf/33872
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 24-06-2014 18:00 − Mittwoch 25-06-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** TimThumb WebShot Code Execution Exploit (0-day) ***
---------------------------------------------
If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned. A new 0-day was just disclosed on TimThumb's "Webshot" feature that allows for certain commands to be executed on the vulnerable website remotely (no authentication required). With a simple command,...
---------------------------------------------
http://blog.sucuri.net/2014/06/timthumb-webshot-code-execution-exploit-0-da…
*** SPAM Hack Targets WordPress Core Install Directories ***
---------------------------------------------
Do you run your website on WordPress? Have you checked the integrity of your core install lately for SPAM like "Google Pharmacy" stores or other fake stores? We have been tracking and analyzing a growing trend in SEO Spam (a.k.a., Search Engine Poisoning (SEP)) attacks in which thousands of compromised WordPress websites are being used...
---------------------------------------------
http://blog.sucuri.net/2014/06/spam-hack-targets-wordpress-core-install-dir…
*** Asprox botnet campaign shifts tactics, evades detection ***
---------------------------------------------
FireEye researchers are tracking spikes in malicious emails attributed to an ongoing Asprox campaign.
---------------------------------------------
http://www.scmagazine.com/asprox-botnet-campaign-shifts-tactics-evades-dete…
*** R2DR2: ANALYSIS AND EXPLOITATION OF UDP AMPLIFICATION VULNERABILITIES ***
---------------------------------------------
Since we began our studies in the Masters degree on ICT security at the European University, drew our attention the possibility of doing a project under the guidance of Alejandro Ramos (@aramosf), a professional of the scene that we admire. After several ideas and proposals by both parties, we decided to make a project about finding new attack vectors on distributed reflection denial of service attacks (DRDOS). Recently this blog talked about it in a article focused on SNMP vulnerability,...
---------------------------------------------
http://www.securitybydefault.com/2014/06/r2dr2-analysis-and-exploitation-of…
*** PlugX RAT With "Time Bomb" Abuses Dropbox for Command-and-Control Settings ***
---------------------------------------------
Monitoring network traffic is one of the means for IT administrators to determine if there is an ongoing targeted attack in the network. Remote access tools or RATs, commonly seen in targeted attack campaigns, are employed to establish command-and-control (C&C) communications. Although the network traffic of these RATs, such as Gh0st, PoisonIvy, Hupigon, and PlugX, among...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4SyyRxr49gU/
*** HackPorts - Mac OS X Penetration Testing Framework and Tools ***
---------------------------------------------
HackPorts was developed as a penetration testing framework with accompanying tools and exploits that run natively on Mac platforms. HackPorts is a "super-project" that leverages existing code porting efforts, security professionals can now use hundreds of penetration tools on Mac systems without the need for Virtual Machines.
---------------------------------------------
http://hack-tools.blackploit.com/2014/06/hackports-mac-os-x-penetration-tes…
*** Flaw Lets Attackers Bypass PayPal Two-Factor Authentication ***
---------------------------------------------
There's a vulnerability in the way that PayPal handles certain requests from mobile clients that can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer money from a victim's account to any recipient he chooses. The flaw lies in the way that the PayPal authentication flow works with the service's...
---------------------------------------------
http://threatpost.com/flaw-lets-attackers-bypass-paypal-two-factor-authenti…
*** ZyXEL P660RT2 EE rpAuth_1 cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/93924
*** [papers] - Searching SHODAN For Fun And Profit ***
---------------------------------------------
http://www.exploit-db.com/download_pdf/33859
*** Cisco IOS Software IPsec Denial of Service Vulnerability ***
---------------------------------------------
CVE-2014-3299
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** GnuPG data packets denial of service ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/93935
*** VMSA-2014-0006.3 ***
---------------------------------------------
VMware product updates address OpenSSL security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
*** VMSA-2014-0007 ***
---------------------------------------------
VMware product updates address security vulnerabilities in Apache Struts library
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0007.html
*** TimThumb 2.8.13 Remote Code Execution ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060134
*** Bugtraq: [security bulletin] HPSBMU03053 rev.1 - HP Software Database and Middleware Automation, OpenSSL Vulnerability, Remote Unauthorized Access or Disclosure of Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532541
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 23-06-2014 18:00 − Dienstag 24-06-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Stop running this script? notification redirects to Angler Exploit Kit ***
---------------------------------------------
ESET researchers identified a website serving up a Stop running this script? notification that, when clicked, redirects Internet Explorer users to the Angler Exploit Kit.
---------------------------------------------
http://www.scmagazine.com/stop-running-this-script-notification-redirects-t…
*** Android KeyStore::getKeyForName buffer overflow ***
---------------------------------------------
Google Android is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the KeyStore::getKeyForName method. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system under the keystore process.
...
Remedy:
Upgrade to the latest version of Android (4.4 or later), available from the Google Web site. See References.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/93916
*** Havex Hunts for ICS/SCADA Systems ***
---------------------------------------------
During the past year, weve been keeping a close eye on the Havex malware family and the group behind it. Havex is known to be used in targeted attacks against different industry sectors, and it was earlier reported to have specific interest in the energy sector. The main components of Havex are a general purpose Remote Access Trojan (RAT) and a server written in PHP.
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002718.html
*** Beware of Skype Adware ***
---------------------------------------------
During our daily log analysis, we recently encountered a sample purporting to power up Skype with different emoticons. The binary, when installed, integrated itself with Skype and sent the following message contacts without further intervention.
---------------------------------------------
http://research.zscaler.com/2014/06/beware-of-skype-adware.html
*** Dramatic Drop in Vulnerable NTP Servers Used in DDoS Attacks ***
---------------------------------------------
95 percent of vulnerable NTP servers leveraged in massive DDoS attacks earlier this year have been patched, but the remaining servers still have experts concerned.
---------------------------------------------
http://threatpost.com/dramatic-drop-in-vulnerable-ntp-servers-used-in-ddos-…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 20-06-2014 18:00 − Montag 23-06-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** IBM Security Bulletin: IBM Security Proventia Network Enterprise Scanner is affected by the following OpenSSL vulnerabilities ***
---------------------------------------------
Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project.
CVE(s): CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470
Affected product(s) and affected version(s):
Products: IBM Security Enterprise Scanner
Versions: 2.3
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** Wordpress 3.9.1-CSRF vulnerability ***
---------------------------------------------
This is the new version released by Wordpress.
version is 3.9.1(Latest)
Cross site request Forgery(CSRF) is present in this version at the url
shown:
http://localhost/wordpress/wp-comments-post.php
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060119
*** cups-filters 1.0.52 execute arbitrary commands ***
---------------------------------------------
Topic: cups-filters 1.0.52 execute arbitrary commands
Risk: High
Text:The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP print...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060124
*** [SECURITY] [DSA 2966-1] samba security update ***
---------------------------------------------
Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS file, print, and login server:
CVE-2014-0178 Information leak vulnerability in the VFS code..
CVE-2014-0244 Denial of service (infinite CPU loop) in the nmbd..
CVE-2014-3493 Denial of service (daemon crash) in the smbd..
---------------------------------------------
https://lists.debian.org/debian-security-announce/2014/msg00147.html
*** Security Bulletin: IBM Security Access Manager for Mobile and IBM Security Access Manager for Web appliances - LMI Authentication Bypass ***
---------------------------------------------
IBM Security Access Manager for Mobile / IBM Security Access Manager for Web fails to properly handle certain input data such that it could be possible for an attacker to authenticate to the appliance Local Management Interface using invalid authentication data.
CVE: CVE-2014-3053
CVSS Base Score: 8.0
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21676700
*** A peek inside a commercially available Android-based botnet for hire ***
---------------------------------------------
Relying on the systematic release of DIY (do-it-yourself) mobile malware generating tools, commercial availability of mobile malware releases intersecting with the efficient exploitation of legitimate Web sites through fraudulent underground traffic exchanges, as well as the utilization of cybercrime-friendly affiliate based revenue sharing schemes, cybercriminals continue capitalizing on the ever-growing Android mobile market segment for the purpose of achieving a positive ROI ...
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/m9Fm5dNY9bg/
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 18-06-2014 18:00 − Freitag 20-06-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** SA-CONTRIB-2014-062 -Passsword Policy - Multiple vulnerabilities ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-062
Project: Password policy (third-party module)
Version: 6.x, 7.x
Date: 2014-June-18
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities
Description: The Password Policy module enables you to define and enforce password policies with various constraints on allowable user passwords.Access bypass and information disclosure (7.x only)
---------------------------------------------
https://drupal.org/node/2288341
*** KDE: Fehler in Kmail ermöglicht Man-in-the-Middle-Angriffe ***
---------------------------------------------
Im Code des POP3-Kioslaves in KDEs E-Mail-Anwendung Kmail beziehungsweise in Kdelibs ist ein Fehler, durch den ungültige Zertifikate ohne Abfrage akzeptiert werden. Angreifer könnten sich so in den verschlüsselten E-Mail-Verkehr einklinken.
---------------------------------------------
http://www.golem.de/news/kde-fehler-in-kmail-erlaubt-man-in-the-middle-angr…
*** Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability ***
---------------------------------------------
A vulnerability in the XML programmatic interface (XML PI) of Cisco WebEx Meeting Server could allow an authenticated, remote attacker to access sensitive information.
The vulnerability is due to disclosure of the meeting information. An attacker could exploit this vulnerability by sending a crafted URL request to a vulnerable device.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Tausende Android-Apps geben geheime Schlüssel preis ***
---------------------------------------------
Viele Android-Programme betten geheime Zugangsschlüssel direkt in ihren Quellcode ein. Ein Angreifer kann diese nutzen, um private Daten der App-Nutzer zu erbeuten und im schlimmsten Fall die Server-Infrastruktur der Entwickler übernehmen.
---------------------------------------------
http://www.heise.de/security/meldung/Tausende-Android-Apps-geben-geheime-Sc…
*** Android 4.4.4 is rolling out to devices; contains OpenSSL fix ***
---------------------------------------------
Official change log lists "security fixes;" Googler says it is OpenSSL related.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/rMSXTBPBcjU/
*** 'Your fault - core dumped' - Diving into the BSOD caused by Rovnix ***
---------------------------------------------
Recently we have noticed some Win32/Rovnix samples (detected as TrojanDropper:Win32/Rovnix.K) causing the BSOD on Windows 7 machines. We spent some time investigating this situation and discovered an interesting story behind the BSOD. Analyzing the crash dump We first saw TrojanDropper:Win32/Rovnix.K in October 2013. During a normal Windows Boot the malware will cause the BSOD.
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/06/18/your-fault-core-dumped-d…
*** Linux Kernel PI Futex Requeuing Bug Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
A vulnerability was reported in the Linux Kernel. A local user can obtain elevated privileges on the target system.
A local user can can exploit a flaw in the requeuing of Priority Inheritance (PI) to PI futexes to gain elevated privileges on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1030451
*** Yet Another BMC Vulnerability (And some added extras) ***
---------------------------------------------
After considering the matter for the past 6 months while continuing to work with Supermicro on the issues, I have decided to release the following to everyone. On 11/7/2013, after reading a couple articles on the problems in IPMI by Rapid7's HD Moore (linked at the end), I discovered that Supermicro had created the password file PSBlock in plain text and left it open to the world on port 49152.
---------------------------------------------
http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-…
*** Simplocker ransomware: New variants spread by Android downloader apps ***
---------------------------------------------
Since our initial discovery of Android/Simplocker we have observed several different variants. The differences between them are mostly in: Tor usage - some use a Tor .onion domain, whereas others use a more conventional C&C domain. Different ways of receiving the 'decrypt' command, indicating that the ransom has been paid. ...
---------------------------------------------
http://www.welivesecurity.com/2014/06/19/simplocker-new-variants/
*** Pen Testing Payment Terminals - A Step by Step How-to Guide ***
---------------------------------------------
There is plentitude of payment terminals out there and the design principles vary quite a bit. The ones I have run into in Finland appear to be tightly secured with no attack surface. At first glance, that is. These generally open only outbound connections and use SSL encryption to protect the traffic. Here, I explain why testing a simple, tightly secured payment terminal is not as simple as one might think.
---------------------------------------------
http://pen-testing.sans.org/blog/pen-testing/2014/06/12/pen-testing-payment…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 17-06-2014 18:00 − Mittwoch 18-06-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Evernote forum breached, profile information compromised ***
---------------------------------------------
The official discussion forum of Evernote has been hacked, leaving users profile information accessible to attackers.
---------------------------------------------
http://www.scmagazine.com/evernote-forum-breached-profile-information-compr…
*** Xen Lets Local Guests Obtain Hypervisor Heap Memory Contents ***
---------------------------------------------
A vulnerability was reported in Xen. A local user can obtain potentially sensitive information from other domains.
The system does not properly control access to memory pages during memory cleanup for dying guest systems. A local user on a guest system can access information from guest or hypervisor memory, potentially including guest CPU register state and hypercall arguments.
---------------------------------------------
http://www.securitytracker.com/id/1030442
*** HP Software Executive Scorecard, Remote Execution of Code, Directory Traversal ***
---------------------------------------------
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Executive Scorecard. The vulnerability could be exploited remotely to allow remote code execution and directory traversal.
References:
CVE-2014-2609 (ZDI-CAN-2116, SSRT101436)
CVE-2014-2610 (ZDI-CAN-2117, SSRT101435) CVE-2014-2611 (ZDI-CAN-2120, SSRT101431)
---------------------------------------------
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDispl…
*** OpenStack Neutron L3-agent Remote Denial of Service Vulnerability ***
---------------------------------------------
OpenStack Neutron is prone to a remote denial-of-service vulnerability. An attacker can leverage this issue to cause a denial-of-service condition; denying service to legitimate users. The following versions are vulnerable: Versions Neutron 2013.2.3 and prior. Versions Neutron 2014.1 and prior.
---------------------------------------------
http://www.securityfocus.com/bid/68064/discuss
*** Microsoft bessert absturzgefährdeten Virenschutz nach ***
---------------------------------------------
Mit einem Update außer der Patchday-Reihe beseitigt Microsoft einen Fehler in der Malware Protection Engine durch den Schädlinge den Virenschutz lahmlegen konnten.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Microsoft-bessert-absturzgefaehrdete…
*** VU#774788: Belkin N150 path traversal vulnerability ***
---------------------------------------------
Belkin N150 wireless router firmware versions 1.00.07 and earlier contain a path traversal vulnerability through the built-in web interface. The webproc cgi module accepts a getpage parameter which takes an unrestricted file path as input. The web server runs with root privileges by default, allowing a malicious attacker to read any file on the system.
---------------------------------------------
http://www.kb.cert.org/vuls/id/774788
*** [remote] - Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow Vulnerability ***
---------------------------------------------
Summary: Rayman Legends is a 2013 platform game developed by Ubisoft Montpellier and published by Ubisoft.
...
Desc: The vulnerability is caused due to a memset() boundary error in the processing of incoming data thru raw socket connections on TCP port 1001, which can be exploited to cause a stack based buffer overflow by sending a long string of bytes on the second connection. Successful exploitation could allow execution of arbitrary code on the affected node.
---------------------------------------------
http://www.exploit-db.com/exploits/33804
*** Forensik-Tool soll iCloud-Backups ohne Passwort herunterladen können ***
---------------------------------------------
Elcomsoft hat angekündigt, dass sein "Phone Password Breaker" Authentifizierungstokens von Rechnern auslesen kann, mit denen sich Ermittler dann Zugang zu iCloud-Daten eines Verdächtigen verschaffen können. Dessen Passwort sei nicht mehr nötig.
---------------------------------------------
http://www.heise.de/security/meldung/Forensik-Tool-soll-iCloud-Backups-ohne…
*** When Vulnerabilities are Exploited: the Timing of First Known Exploits for Remote Code Execution Vulnerabilities ***
---------------------------------------------
One of the questions I get asked from time to time is about the days of risk between the time that a vulnerability is disclosed and when we first see active exploitation of it; i.e. how long do organizations have to deploy the update before active attacks are going to happen? Trustworthy Computing's Security Science team published new data that helps put the timing of exploitation into perspective, in the recently released Microsoft Security Intelligence Report volume 16.
---------------------------------------------
http://blogs.technet.com/b/security/archive/2014/06/17/when-vulnerabilities…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 16-06-2014 18:00 − Dienstag 17-06-2014 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
*** Malicious Web-based Java applet generating tool spotted in the wild ***
---------------------------------------------
Despite the prevalence of Web based client-side exploitation tools as the cybercrime ecosystem's primary infection vector, in a series of blog posts, we've been emphasizing on the emergence of managed/hosted/DIY malicious Java applet generating tools/platforms, highlighting the existence of a growing market segment relying on 'visual social engineering' vectors for the purpose of tricking end users into executing malicious/rogue/fake Java applets, ultimately joining a
---------------------------------------------
http://www.webroot.com/blog/2014/06/16/malicious-web-based-java-applet-gene…
*** Cisco ASA WebVPN Information Disclosure Vulnerability ***
---------------------------------------------
CVE ID: CVE-2014-2151
...
A vulnerability in the WebVPN portal of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, remote attacker to view sensitive information from the affected system.
The vulnerability is due to improper input validation in the WebVPN portal. An attacker could exploit this vulnerability by providing a crafted JavaScript file to an authenticated WebVPN user.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Security Advisory-Heap Overflow Vulnerability in Huawei eSap Platform ***
---------------------------------------------
Huawei eSap software platform has four heap overflow vulnerabilities. Huawei products that have used this platform are affected. When receiving some special malformed packets, such devices access heap memory that is beyond the valid range and cause unexpected restart of the devices. If an attacker keeps sending such malformed packets, the devices will repeatedly restart, causing a denial of service (DoS) attack (Vulnerability ID: HWPSIRT-2014-0111).
Huawei has provided fixed versions.
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
*** IBM AIX ntpd Query Function Lets Remote Users Conduct Amplified Denial of Service Attacks ***
---------------------------------------------
A vulnerability was reported in IBM AIX. A remote user can conduct amplified denial of service attacks.
A remote user can exploit an administrative query function in ntpd to amplify distributed denial of service (DDoS) attacks against other sites.
---------------------------------------------
http://www.securitytracker.com/id/1030433
*** Hacking the Java Debug Wire Protocol - or - 'How I met your Java debugger' ***
---------------------------------------------
In this post, I will explain the Java Debug Wire Protocol (JDWP) and why it is interesting from a pentester's point of view. I will cover some JDWP internals and how to use them to perform code execution, resulting in a reliable and universal exploitation script. ... As a matter of fact, JDWP is used quite a lot in the Java application world. Pentesters might, however, not see it that often when performing remote assessments as firewalls would (and should) mostly block the port it is
---------------------------------------------
http://blog.ioactive.com/2014/04/hacking-java-debug-wire-protocol-or-how.ht…
*** CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing ***
---------------------------------------------
A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.
---------------------------------------------
https://bugzilla.redhat.com/show_bug.cgi?id=1108447
*** SLocker Android Ransomware Communicates Via Tor And SMS ***
---------------------------------------------
A little over two weeks ago, we found a new family of Android ransomware: SLocker.We have no evidence that SLocker is related to Koler, the most recently discovered Android ransomware. It does however carry through on the threat Koler made. Unlike Koler - which pretended to, but didnt actually encrypt files - SLocker will actually scan the devices SD card for specific file types: When the SLocker app is launched, it encrypts these files and then displays a ransom message:The message
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002716.html
*** Microsoft dichtet OneDrive-Links ab ***
---------------------------------------------
In der Dokument-Freigabe von Microsofts Cloud-Speicher klaffte ein Loch, das es Angreifern erlaubt hätte, unbefugten Zugriff auf Dokumente zu erhalten. Microsoft hat die Lücke nun geschlossen, altere Freigabe-URLs könnten aber noch verwundbar sein.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-dichtet-OneDrive-Links-ab-22…
*** Technology sites "riskier" than illegal sites in 2013, according to Symantec data ***
---------------------------------------------
The 'riskiest' pages to visit in 2013 were technology websites, according to data from users of Norton Web Safe, which monitors billions of traffic requests and millions of software downloads per day.
---------------------------------------------
http://www.scmagazine.com/technology-sites-riskier-than-illegal-sites-in-20…
*** Popular HTTPS Sites Still Vulnerable to OpenSSL Connection Hijacking Attack ***
---------------------------------------------
Some of the Internets most visited websites that encrypt data with the SSL protocol are still susceptible to a recently announced vulnerability that could allow attackers to intercept and decrypt connections.
---------------------------------------------
http://www.cio.com/article/754250/Popular_HTTPS_Sites_Still_Vulnerable_to_O…
*** Researchers Outline Spammers Business Ecosystem ***
---------------------------------------------
An anonymous reader writes A team of researchers at the UC Santa Barbara and RWTH Aachen presented new findings on the relationship of spam actors [abstract; full paper here] at the ACM Symposium on Information, Computer and Communications Security. This presents the first end-to-end analysis of the spam delivery ecosystem including: harvesters crawl the web and compile email lists, botmasters infect and operate botnets, and spammers rent botnets and buy email lists to run spam campaigns.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/-AKpHVGH5us/story01.htm
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 13-06-2014 18:00 − Montag 16-06-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** BlackEnergy Rootkit, Sort of ***
---------------------------------------------
A sample of the BlackEnergy family was recently uploaded to VirusTotal from Ukraine. The family is allegedly the same malware used in the cyber attack against Georgia in 2008. The malware provides attackers full access to their infected hosts. Check out SecureWorks detailed analysis from 2010 for more information about the family.The new sample is not much of a rootkit anymore, in the sense that it no longer hides files, ..
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002715.html
*** Vorinstallierter Trojaner auf chinesischem S4-Klon gefunden ***
---------------------------------------------
Spionagesoftware liest sensible Daten aus und lässt Gerät zu Wanze umfunktionieren.
---------------------------------------------
http://derstandard.at/2000002023277
*** Hinweis für Debian-Benutzer bei OpenSSL Upgrade ***
---------------------------------------------
Hinweis für Debian-Benutzer bei OpenSSL Upgrade6. Juni 2014Again, Openssl was the centre of patching in the last two days. While Debian was quick to release a patched version, it seems like Debian forgot to restart some services which link against openssl (libssl) get restarted.Here is how you can check with services use ..
---------------------------------------------
http://www.cert.at/services/blog/20140606123624-1163.html
*** Ruling Raises Stakes for Cyberheist Victims ***
---------------------------------------------
A Missouri firm that unsuccessfully sued its bank to recover $440,000 stolen in a 2010 cyberheist may now be on the hook to cover the financial institutions legal fees, an appeals court has ruled. Legal experts say the decision is likely to discourage future victims from pursuing such cases.
---------------------------------------------
http://krebsonsecurity.com/2014/06/ruling-raises-stakes-for-cyberheist-vict…
*** BruteForce-Angriffe auf wp-login.php abwehren ***
---------------------------------------------
Gegenwärtig werden verstärkt "BruteForce"-Attacken auf WordPress-Blogs gefahren. Auch wir registrieren eine Zunahme solcher Angriffe. [...] Im nachfolgenden zeigen wir Ihnen wie Sie den Erfolg solcher Angriffe eindämmen können.
---------------------------------------------
http://blog.initiative-s.de/2013/04/bruteforce-angriffe-auf-wp-login-php-ab…
*** One-third of cyber attacks take hours to detect ***
---------------------------------------------
More than one-third of cyber attacks take hours to detect. Even more alarming, resolving breaches takes days, weeks, and in some cases, even ..
---------------------------------------------
http://www.net-security.org/secworld.php?id=17005
*** Ende-zu-Ende-Verschlüsselung für BlackBerry Messenger ***
---------------------------------------------
Der BlackBerry Messenger erhält mit BBM Protected eine Ende-zu-Ende-Verschlüsselung, zunächst nur im verschärften Regulated-Modus ohne BlackBerry Balance oder Android- und iOS-Clients.
---------------------------------------------
http://www.heise.de/security/meldung/Ende-zu-Ende-Verschluesselung-fuer-Bla…
*** Deutscher Nachfolger für TrueCrypt angekündigt ***
---------------------------------------------
Das aus nicht ganz geklärten Gründen eingestellte Open-Source-Verschlüsselungs-Projekt TrueCrypt hat einen neuen Anwärter auf seine Nachfolge. Die angekündigte Software hat ihren direkten Ursprung in TrueCrypt.
---------------------------------------------
http://www.heise.de/ix/meldung/Deutscher-Nachfolger-fuer-TrueCrypt-angekuen…
*** Towelroot knackt Android in Sekunden ***
---------------------------------------------
Geohot hat überraschend ein Tool herausgebracht, das fast alle Android-Geräte rooten können soll. In einem ersten Test funktionierte das erstaunlich gut. Er demonstriert damit aber auch eine fatale Sicherheitslücke.
---------------------------------------------
http://www.heise.de/security/meldung/Towelroot-knackt-Android-in-Sekunden-2…
*** Multiple vulnerabilities in Openfiler ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/93764http://xforce.iss.net/xforce/xfdb/93763http://xforce.iss.net/xforce/xfdb/93762http://xforce.iss.net/xforce/xfdb/93761
*** Bugtraq: [SE-2014-01] Security vulnerabilities in Oracle Database Java VM ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532433
*** Asterisk MixMonitor Lets Remote Authenticated Users Execute Arbitrary Shell Commands ***
---------------------------------------------
http://www.securitytracker.com/id/1030426
*** PostgreSQL 8.4.1 Denial Of Service Integer Overflow ***
---------------------------------------------
PostgreSQL is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied data before...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060082
*** PowerDNS in default configuration is vulnerable to DoS attack ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060083
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 12-06-2014 18:00 − Freitag 13-06-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Microsoft zieht die "Secure Boot"-Bremse ***
---------------------------------------------
Mit einem Update für Windows 8, Server 2012, 8.1 und Server 2012 R2 installiert Microsoft neue Schlüssel-Datenbanken, die den Start einiger UEFI-Module blockieren.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-zieht-die-Secure-Boot-Bremse…
*** Setting HoneyTraps with ModSecurity: Adding Fake Hidden Form Fields ***
---------------------------------------------
This blog post continues with the topic of setting "HoneyTraps" within your web applications to catch attackers. Please review the previous posts for more examples: Project Honeypot Integration Unused Web Ports Adding Fake robots.txt Entries Adding Fake HTML Comments This blog post will discuss Recipe 3-4: Adding Fake Hidden Form Fields from my book "Web Application Defenders Cookbook: Battling Hackers and Protecting Users". Recipe 3-4: Adding Fake Hidden Form Fields
---------------------------------------------
http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/btSzvx21q3s/setting-ho…
*** Hacker claims PayPal loophole generates FREE MONEY ***
---------------------------------------------
Convicted hacker comes good with fraudster flowchart A PayPal loophole can be exploited to earn free cash according to a convicted former NASA hacker turned white hat.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/06/13/hacker_clai…
*** You have no SQL inj--... sorry, NoSQL injections in your application ***
---------------------------------------------
Everyone knows about SQL injections. They are classic, first widely publicized by Rain Forest Puppy, and still widely prevalent today (hint: don't interpolate query string params with SQL).
But who cares? SQL injections are so ten years ago. I want to talk about a vulnerability I hadn't run into before that I recently had a lot of fun exploiting. It was a NoSQL injection.
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/06/12/you-have-…
*** Banking malware using Windows to block anti-malware apps ***
---------------------------------------------
BKDR_VAWTRAK is using Software Restriction Policies to restrict security software.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/s0xxmloC9XA/
*** Mergers and Acquisitions: When Two Companies and APT Groups Come Together ***
---------------------------------------------
With Apple's purchase of Beats, Pfizer's failed bids for AstraZeneca, and financial experts pointing to a rally in the M&A market, the last month was a busy one for mergers and acquisitions. Of course, when we first see headlines of...
---------------------------------------------
http://www.fireeye.com/blog/technical/targeted-attack/2014/06/mergers-and-a…
*** Microsofts Juni-Patches können Office-2013-Installation zerstören ***
---------------------------------------------
Die Office-2013-Patches vom 11. Juni bereiten mitunter größere Probleme und können dazu führen, sich die Office-Programme nicht mehr starten lassen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Microsofts-Juni-Patches-koennen-Offi…
*** How iOS 8 Will Affect the Security of iPhones and iPads ***
---------------------------------------------
Apple's mobile OS has been enhanced, but is it more secure?
---------------------------------------------
http://www.symantec.com/connect/blogs/how-ios-8-will-affect-security-iphone…
*** Stratfor-Hack: Geheimer Bericht stellt gravierende Sicherheitslücken fest ***
---------------------------------------------
Eine Untersuchung nach dem Einbruch auf die Stratfor-Server durch die Gruppe Antisec hat ergeben: Das Unternehmen hat wichtigste Sicherheitsmaßnahmen nicht beachtet.
---------------------------------------------
http://www.golem.de/news/stratfor-hack-geheimer-bericht-stellt-gravierende-…
*** CloudFlare offers free DDoS protection to public interest websites ***
---------------------------------------------
A project launched by CloudFlare, a provider of website performance and security services, allows organizations engaged in news gathering, civil society and political or artistic speech to use the companys distributed denial-of-service (DDoS) protection technology for free.The goal of the project, dubbed Galileo, is to protect freedom of expression on the Web by helping sites with public interest information from being censored through online attacks, according to the San Francisco-based
---------------------------------------------
http://www.csoonline.com/article/2363382/cloudflare-offers-free-ddos-protec…
*** ISC Patches Critical DoS Vulnerability in BIND ***
---------------------------------------------
A critical, remotely exploitable bug in some BIND domain name system (DNS) servers could cause a denial of service situation and trigger them to crash.
---------------------------------------------
http://threatpost.com/isc-patches-critical-dos-vulnerability-in-bind/106653
*** CVE-2014-3859: BIND named can crash due to a defect in EDNS printing processing ***
---------------------------------------------
A specially crafted query sent to a BIND nameserver can cause it to crash with a REQUIRE assertion error.
---------------------------------------------
https://kb.isc.org/article/AA-01166/74/CVE-2014-3859:-BIND-named-can-crash-…
*** IBM Security Bulletin: IBM Algo One - cryptographic key information discovery (CVE-2014-0076) ***
---------------------------------------------
Under certain circumstances, a local attacker could discover cryptographic key information from IBM Algo One. CVE(s): CVE-2014-0076 Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21675765
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL ***
---------------------------------------------
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL CVE(s): CVE-2010-5298 Affected product(s) and affected version(s): AIX 5.3, 6.1 and 7.1 VIOS 2.X Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory8.asc X-Force Database: http://xforce.iss.net/xforce/xfdb/92632
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/race_condition_in_the…
*** IBM Security Advisory for AIX ***
---------------------------------------------
AIX OpenSSL SSL/TLS Man In The Middle (MITM) vulnerability AIX OpenSSL DTLS recursion flaw AIX OpenSSL DTLS invalid fragment vulnerability AIX OpenSSL SSL_MODE_RELEASE_BUFFERS NULL pointer dereference AIX OpenSSL Anonymous ECDH denial of service
---------------------------------------------
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
*** Cisco Autonomic Networking Infrastructure Overwrite Vulnerability ***
---------------------------------------------
CVE-2014-3290
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** DSA-2958 apt ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2958
*** DSA-2957 mediawiki ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2957
*** VMSA-2014-0006.1 ***
---------------------------------------------
VMware product updates address OpenSSL security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
*** Yealink VoIP Phones XSS / CRLF Injection ***
---------------------------------------------
Topic: Yealink VoIP Phones XSS / CRLF Injection Risk: Low Text:I. ADVISORY CVE-2014-3427 CRLF Injection in Yealink VoIP Phones CVE-2014-3428 XSS vulnerabilities in Yealink VoIP Phones ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060079
*** SSA-963338 (Last Update 2014-06-13): Multiple Buffer Overflows in UPnP Interface of OZW and OZS Products ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit…
*** Bugtraq: AST-2014-005: Remote Crash in PJSIP Channel Drivers Publish/Subscribe Framework ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532414
*** Bugtraq: AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532415
*** HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 11-06-2014 18:00 − Donnerstag 12-06-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Weekly Metasploit Update: Meterpreter Madness ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/06/11/weekly-me…
*** MSRT June 2014 - Necurs ***
---------------------------------------------
This month we added Win32/Necurs to the Microsoft Malicious Software Removal Tool (MSRT). In a previous blog about Necurs I outlined the familys prevalence and the techniques it uses to execute its payload. In this blog, I will discuss the Necurs rootkit components Trojan:WinNT/Necurs.A and Trojan:Win64/Necurs.A in greater depth. These Necurs rootkit components are sophisticated drivers that try to block security products during every stage of Windows startup. It's important to note that...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/06/10/msrt-june-2014-necurs.as…
*** Gmail Bug Could Have Exposed Every User's Address ***
---------------------------------------------
Security tester Oren Hafif says that he found and helped fix a bug in Googles Gmail service that could have been used to extract millions of Gmail addresses, if not all of them, in a matter of days or weeks.
---------------------------------------------
http://feeds.wired.com/c/35185/f/661467/s/3b66e7a5/sc/4/l/0L0Swired0N0C20A1…
*** Small businesses running cloud-based POS software hit with unique POSCLOUD malware ***
---------------------------------------------
Researchers with IntelCrawler have identified a unique type of malware, known as POSCLOUD, which targets cloud-based point-of-sale software.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/PLQgnJ1-_Mc/
*** Yahoo Toolbar triggers XSS in Google, other popular services, researcher finds ***
---------------------------------------------
A researcher discovered that Yahoo Toolbar triggers XSS in highly popular services, which could enable an attacker to hijack accounts.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/rM026xMWg8U/
*** Feedly and Evernote Hit by DDoS Attacks, Extortion Demands ***
---------------------------------------------
Yesterday, the most popular RSS reader Feedly was down as a result of a large scale distributed-denial-of service (DDoS) attack carried by the cybercriminals to extort money. On Wednesday, the Feedly was temporarily unavailable for its users. Feedly posted details of the attack at 5:00 AM ET on its blog saying that they were under a Distributed Denial of Service (DDoS) attack and
---------------------------------------------
http://feedproxy.google.com/~r/TheHackersNews/~3/9ZGb8CUzJwg/feedly-and-eve…
*** RSS-Dienst: Feedly ist wieder erreichbar ***
---------------------------------------------
Nach einem Ausfall von knapp 24 Stunden ist der RSS-Dienst Feedly wieder nutzbar. Kriminelle führten eine DDos-Attacke gegen die Feedly-Server durch und forderten eine Geldzahlung, um den Angriff zu beenden.
---------------------------------------------
http://www.golem.de/news/rss-dienst-feedly-ist-wieder-erreichbar-1406-10713…
*** Feedly wieder unter DDoS-Beschuss ***
---------------------------------------------
Die Cyber-Erpresser, die den Newsreader-Dienst Feedly am MIttwoch lahm gelegt haben, geben offenbar nicht auf. Erneut ist der Dienst nicht erreichbar.
---------------------------------------------
http://www.heise.de/security/meldung/Feedly-wieder-unter-DDoS-Beschuss-2220…
*** TweetDeck mit Herzfehler ***
---------------------------------------------
Durch einen Bug hat der Twitter-Client in Tweets eingebettete JavaScript-Code ausgeführt, wenn daran ein Unicode-Herz angehängt wurde.
---------------------------------------------
http://www.heise.de/security/meldung/TweetDeck-mit-Herzfehler-2220478.html
*** The Computer Security Threat From Ultrasonic Networks ***
---------------------------------------------
KentuckyFC (1144503) writes Security researchers in Germany have demonstrated an entirely new way to attack computer networks and steal information without anybody knowing. The new medium of attack is ultrasonic sound. It relies on software that uses the built-in speakers on a laptop to broadcast at ultrasonic frequencies while nearby laptops listen out for the transmissions and pass them on, a set up known as a mesh network. The team has tested this kind of attack on a set of Lenovo T400...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/1R8EpiBl880/story01.htm
*** VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable ***
---------------------------------------------
While the group of vulnerabilities that the OpenSSL Project patched last week hasn't grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products. Vendors are still making their way through the patching process, and VMware has released an advisory confirming that a long list of...
---------------------------------------------
http://threatpost.com/vmware-patches-esxi-against-openssl-flaw-but-many-oth…
*** Project Un1c0rn Wants to Be the Google for Lazy Security Flaws ***
---------------------------------------------
Following broad security scares like that caused by the Heartbleed bug, it can be frustratingly difficult to find out if a site you use often still has gaping flaws. But a little known community of software developers is trying to change that, by creating a searchable, public index of websites with known security issues.
---------------------------------------------
http://motherboard.vice.com/en_ca/read/is-this-website-vulnerable-to-hacker…
*** Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability ***
---------------------------------------------
cisco-sa-20140611-ipv6
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** JSA10628 - 2014-06 Security Bulletin: Junos Pulse Secure Access Service (SSL VPN) and Junos Pulse Access Control Service (UAC): Weak SSL cipher allowed unexpectedly when higher level cipher group is configured (CVE-2014-3812) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10628&actp=RSS
*** JSA10631 - 2014-06 Security Bulletin: NetScreen Firewall: DNS lookup issue may cause denial of service (CVE-2014-3813) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10631&actp=RSS
*** JSA10632 - 2014-06 Security Bulletin: NetScreen Firewall: Malformed IPv6 packet DoS issue (CVE-2014-3814) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10632&actp=RSS
*** JSA10630 - 2014-06 Security Bulletin: Junos WebApp Secure: Local user privilege escalation issue (CVE-2013-2094) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10630&actp=RSS
*** SA-CONTRIB-2014-060- Petitions - Cross Site Request Forgery (CSRF) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-060Project: - Petitions - (third-party distribution)Version: 7.xDate: 2014-June-11Security risk: Less criticalExploitable from: RemoteVulnerability: Cross Site Request ForgeryDescriptionThis distribution enables you to build an application that lets users create and sign petitions.The contained wh_petitions module doesnt sufficiently verify the intent of the user when signing a petition. A malicious user could trick another user into signing a petition they...
---------------------------------------------
https://drupal.org/node/2284571
*** SA-CONTRIB-2014-059 - Touch Theme - Cross Site Scripting (XSS) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-059Project: Touch (third-party module)Version: 7.xDate: 2014-June-11Security risk: Moderately criticalExploitable from: RemoteVulnerability: Cross Site ScriptingDescriptionTouch Theme is a light weight theme with modern look and feel.The theme does not sufficiently sanitize theme settings input for Twitter and Facebook username. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer themes".CVE...
---------------------------------------------
https://drupal.org/node/2284415
*** Cisco IOS XR ASR 9000 IPv6 Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1030400
*** DSA-2956 icinga ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2956
*** DSA-2955 iceweasel ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2955
*** Netscape Portable Runtime API Buffer Overflow May Let Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030404