- Daily - CERT.at

Tageszusammenfassung - Montag 22-12-2014
by Daily end-of-shift report 22 Dec '14

22 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 19-12-2014 18:00 − Montag 22-12-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** TA14-353A: Targeted Destructive Malware *** --------------------------------------------- Original release date: December 19, 2014 Systems Affected Microsoft Windows Overview US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities targeting a major entertainment .. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA14-353A *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** iTwitter <= 0.04 - XSS & CSRF *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7729 *** Network Time Protocol Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for multiple vulnerabilities within the Network Time Protocol (NTP). --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-353-01 *** Post to Twitter <= 0.7 CSRF & XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7730 *** Which NTP Servers do You Need to Patch? *** --------------------------------------------- While people generally know where their real NTP servers are, all to often they dont know that theyve got a raft of accidental NTP servers - boxes that have NTP enabled without the system maintainers knowing about it. Common servers .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19095 *** Tor-Projekt wappnet sich gegen möglichen Angriff *** --------------------------------------------- Das Tor-Projekt befürchtet eine Beschlagnahmung wichtiger Infrastruktur-Server, die das Anonymisierungsnetz unbenutzbar machen könnte. Einem anonymen Tipp zufolge stehe diese schon in wenigen Tagen bevor. --------------------------------------------- http://www.heise.de/security/meldung/Tor-Projekt-wappnet-sich-gegen-moeglic… *** Compromised Wordpress sites serving multiple malware payloads *** --------------------------------------------- During our daily log monitoring process, we observe many interesting threat events. One such event led to a compromised WordPress site campaign, which was found to serve multiple malware families including Upatre/Hencitor/Extrat Xtreme .. --------------------------------------------- http://research.zscaler.com/2014/12/compromised-wordpress-sites-serving.html *** Neue NTP-Versionen fixen Fehler im Zeit-Server *** --------------------------------------------- Mit nur einem Paket könnte ein Angreifer Zeit-Server mit dem NTP-Dienst übernehmen. Admins sollten ihre Konfiguration checken und bei Bedarf das Abhilfe versprechende Update so schnell wie möglich einspielen. --------------------------------------------- http://www.heise.de/security/meldung/Neue-NTP-Versionen-fixen-Fehler-im-Zei… *** Südkorea führt Übungen zur Hacker-Abwehr an Atomkraftwerken durch *** --------------------------------------------- Nach der Enthüllung geschützter Informationen über zwei südkoreanische Atomreaktoren im Internet hat der Betreiber eine zweitägige Übungen zur Abwehr von Cyber-Attacken begonnen. Die Übungen würden an vier von 23 Reaktorstandorten im Land durchgeführt, teilte eine Sprecherin der staatlichen Koreanischen Wasser- und Atomenergie-Gesellschaft (KHNP) am Montag mit. --------------------------------------------- http://derstandard.at/2000009692066 *** Pattern-Based Approach for In-Memory ShellCodes Detection *** --------------------------------------------- Introduction During an analysis, it can be really useful to know some common instructions with which malware, and more specifically shellcodes, achieve their goals. As we can imagine, these sets of common instructions could be used .. --------------------------------------------- http://resources.infosecinstitute.com/pattern-based-approach-memory-shellco… *** Is this URL safe? Hiding Malware in Plain Sight From Online Scanners *** --------------------------------------------- There are serveral sites which offer scanning a URL for malware. One should expect that these sites emulate a real browser good enough so that their rating can be trusted. Unfortunatly this is not the case. --------------------------------------------- http://noxxi.de/research/content-encoding-online-scanner.html *** Mikl-Leitner will Cybercrime-Gesetz bis 2018 *** --------------------------------------------- Ein Cybercrime-Gesetz soll bis zum Ende dieser Legislaturperiode, also 2018, beschlossen werden. Dieses Ziel nannte Innenministerin Johanna Mikl-Leitner (ÖVP) bei einer Pressekonferenz am Montag in Wien. Anlass war die Präsentation der Erkenntnisse aus einem Planspiel, bei dem es um einen Hackerangriff auf den Flughafen Wien und einen Erpressungsversuch mit terroristischem Hintergrund ging. --------------------------------------------- http://derstandard.at/2000009710328 *** PHP 5.6.3 unserialize() execute arbitrary code *** --------------------------------------------- A while ago the function "process_nested_data" was changed to better handle object properties. Before it was possible to create numeric object properties which would cause .. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120160

1 0

Tageszusammenfassung - Freitag 19-12-2014
by Daily end-of-shift report 19 Dec '14

19 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 18-12-2014 18:00 − Freitag 19-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Misfortune Cookie crumbles router security: 12 MILLION+ in hijack risk *** --------------------------------------------- Homes, businesses menaced by vulnerable software exposed to the internet Infosec biz Check Point says it has discovered a critical software vulnerability that allows hackers to hijack home and small business broadband routers across the web. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/12/18/misfortune_… *** Metasploit Weekly Wrapup: Get the 411 *** --------------------------------------------- This week, we released Metasploit version 4.11 to the world -- feel free to download it here if you're the sort that prefers the binary install over the somewhat Byzantine procedure for setting up a development environment. Which you should be, because the binary installers (for Windows and Linux) have all the dependencies baked in and you don't have to monkey around with much to get going. The two major features with this release center around reorganizing the bruteforce workflow to make things more sensible and usable for larger-scale password audits, and much better visualization on figuring out where the weak link is/was in the organization under test when stolen credentials were used to extend control. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/12/18/metasploi… *** Vulnerability announced: update your Git clients *** --------------------------------------------- A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. --------------------------------------------- https://github.com/blog/1938-vulnerability-announced-update-your-git-clients *** How Cybercriminals Dodge Email Authentication *** --------------------------------------------- Email authentication and validation is one method that is used to help bring down the levels of spam and phishing by identifying senders so that malicious emails can be identified and discarded. Two frameworks are in common usage today; these are SPF and DKIM. SPF (Sender Policy Framework): Defined in RFC 7208, SPF provides a... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/27Kj0gN8uNo/ *** Smart grid security certification in Europe: Challenges and Recommendations *** --------------------------------------------- ENISA issues today a report on Smart grid security certification in Europe targeted at EU Member States (MS), the Commission, certification bodies and the private sector; with information on several certification approaches across the EU and other MS and EFTA countries. It describes the specific European situation, and discusses the advantages and challenges towards a more harmonised certification practice. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/smart-grid-security-certifi… *** USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds *** --------------------------------------------- Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it's a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in... --------------------------------------------- http://threatpost.com/usbdriveby-device-can-install-backdoor-override-dns-s… *** TA14-352A: Server Message Block (SMB) Worm Tool *** --------------------------------------------- Unknown cyber-threat actors have been identified employing sophisticated malware, and Indicators of Compromise (IOC) have been provided to mitigate this threat. --------------------------------------------- http://www.exploitthis.com/2014/12/ta14-352a-server-message-block-smb-worm-… *** Save the date: ENISA Workshop on EU Threat Landscape *** --------------------------------------------- 24th February 2015, Hotel Metropole, Brussels --------------------------------------------- http://www.enisa.europa.eu/media/news-items/save-the-date-enisa-workshop-on… *** SS7 Vulnerabilities *** --------------------------------------------- There are security vulnerability in the phone-call routing protocol called SS7. The flaws discovered by the German researchers are actually functions built into SS7 for other purposes -- such as keeping calls connected as users speed down highways, switching from cell tower to cell tower -- that hackers can repurpose for surveillance because of the lax security on the network.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/12/ss7_vulnerabili.html *** Information-stealing Vawtrak malware evolves, becomes more evasive *** --------------------------------------------- SophosLabs has recently observed some cunning changes made by the authors of the dangerous banking malware Vawtrak. James Wyke explains. --------------------------------------------- https://nakedsecurity.sophos.com/2014/12/19/information-stealing-vawtrak-ma… *** Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines *** --------------------------------------------- Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and hardcoded credentials. All of the vulnerabilities are remotely exploitable and an... --------------------------------------------- http://threatpost.com/emerson-patches-series-of-flaws-in-controllers-used-i… *** Novell - Patches for GroupWise and eDirectory *** --------------------------------------------- https://download.novell.com/Download?buildid=tveSooKDw3Q~ https://download.novell.com/Download?buildid=mdWLZGP0Glk~ https://download.novell.com/Download?buildid=gHTDteZoK34~ https://download.novell.com/Download?buildid=3dJODsdcDKE~ *** Subversion mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031403 *** Subversion mod_dav_svn REPORT Request Processing Flaw Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031402 *** Honeywell Experion PKS Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for vulnerabilities in Honeywell's Experion Process Knowledge System (EPKS) application. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-352-01 *** Innominate mGuard Privilege Escalation Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a privilege escalation vulnerability affecting all mGuard devices. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-352-02 *** Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update C) *** --------------------------------------------- This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02B Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 11, 2014, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-329-02C *** Emerson ROC800 Multiple Vulnerabilities (Update B) *** --------------------------------------------- This updated advisory is a follow-up to the updated advisory titled ICSA-13-259-01A Emerson ROC800 Multiple Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-13-259-01B *** [2014-12-19] XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor *** --------------------------------------------- Two vulnerabilities in the NetIQ eDirectory iMonitor allow an attacker to take over a user session and potentially leak sensitive data. An attacker could compromise an administrative account and e.g. tamper a centralized user database. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Live Forms <= 1.2.0 - Unauthenticated Stored Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7728

1 0

Tageszusammenfassung - Donnerstag 18-12-2014
by Daily end-of-shift report 18 Dec '14

18 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 17-12-2014 18:00 − Donnerstag 18-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Is the polkit Grinch Going to Steal your Christmas?, (Wed, Dec 17th) *** --------------------------------------------- Alert Logic published a widely publizised blog outlining a common configuration problem with Polkit. To help with dissemination, Alert Logic named the vulnerability Grinch [1] . In some ways, this isnt so much a vulnerability, as more a common overlypermissive configuration of many Linux systems. It could easily be leveraged to escalate privileges beyond the intent of the polkitconfiguration. Lets first step back: In the beginning, there was sudo. Sudo served the Unix community well for many... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19077&rss *** Application Threat and Usage Report 2014 *** --------------------------------------------- The Application Usage And Threat Report provides an analysis of applications and their link to cyber threats within the enterprise. The report summarizes network traffic assessments performed wor... --------------------------------------------- http://www.net-security.org/secworld.php?id=17609 *** Erfolgreicher Angriff auf Internet-Verwaltung ICANN *** --------------------------------------------- U.a. wurde ein zentrales System, das zur Organisation bei der Einführung der neuen Top Level Domains dient, bei einem Angriff auf die ICANN kompromittiert. Die ICANN dient als Oberaufsicht über die Verwaltung von Netz-Ressourcen wie DNS und IP-Adressen. --------------------------------------------- http://www.heise.de/security/meldung/Erfolgreicher-Angriff-auf-Internet-Ver… *** Your Browser is (not) Locked *** --------------------------------------------- Most ransomware has a binary file that needs to be executed before it can infect your PC. Ransomware usually relies on social engineering or exploits to infect unsuspecting users. However, some malware authors are bypassing this requirement with a new trick - browser lockers. Unlike traditional ransomware threats that lock the entire desktop, browser lockers only lock the web browser of an infected PC. Most other malware needs a user (or other malware) to manually run it. Browser lockers... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/12/17/your-browser-is-not-lock… *** Chthonic: a New Modification of ZeuS *** --------------------------------------------- In the fall of 2014, we discovered a new banking Trojan, which caught our attention for two reasons... --------------------------------------------- http://securelist.com/blog/virus-watch/68176/chthonic-a-new-modification-of… *** Ars Technica readers urged to change passwords in wake of hack *** --------------------------------------------- In case you havent heard already, Ars Technica got hacked over the weekend, so if you are a subscribed reader now would be a good time to change your password. "At 20:00 CT on December 14, an Inte... --------------------------------------------- http://www.net-security.org/secworld.php?id=17768 *** PhpBB-Webserver geknackt, Zugangsdaten kopiert *** --------------------------------------------- Die PhpBB-Server wurden kompromittiert und sind momentan offline. Die Angreifer haben es geschafft, den Foren-Zugang eines Administrators zu kapern. --------------------------------------------- http://www.heise.de/security/meldung/PhpBB-Webserver-geknackt-Zugangsdaten-… *** Android Hacking and Security, Part 17: Cracking Android App Binaries *** --------------------------------------------- In this article, we will see how a developer can perform basic checks to programmatically detect if the app is running on an emulator and stop executing the app if an emulator is detected. We will then see how an attacker can easily bypass these checks by using some freely... --------------------------------------------- http://resources.infosecinstitute.com/android-hacking-security-part-17-crac… *** Alina POS malware "sparks" off a new variant *** --------------------------------------------- Alina is a well-documented family of malware used to scrape Credit Card (CC) data from Point of Sale (POS) software. We published a series of in-depth write-ups on the capabilities Alina possesses as well as the progression of the versions. Xylitol has a nice write-up on the Command and Control (C&C) aspects of Alina. In this blog post I'd like to discuss a variant that first cropped up in late 2013 and has been seen in the wild as recent as a month ago. Some anti-virus companies have --------------------------------------------- http://blog.spiderlabs.com/2014/12/alina-pos-malware-sparks-off-a-new-varia… *** Patch-Debakel: Microsoft bessert bei IE-Update nach *** --------------------------------------------- Die Serie an verbockten Patches scheint nicht abzureissen. Jetzt muss Microsoft bei einem Update für den Internet Explorer nachbessern, nachdem IE-11-Nutzer über Probleme mit Dialogboxen auf Webseiten geklagt hatten. --------------------------------------------- http://www.heise.de/security/meldung/Patch-Debakel-Microsoft-bessert-bei-IE… *** Exploit Kit Evolution During 2014 - Nuclear Pack, (Thu, Dec 18th) *** --------------------------------------------- This is a guest diary submitted by Brad Duncan. Nuclear exploit kit (also known as Nuclear Pack) has been around for years. Version 2.0 of Nuclear Pack was reported in 2012 [1] [2]. Blogs like malware.dontneedcoffee.com have mentioned version 3.0 of Nuclear Pack in posts during 2013 [3] [4]. This month, Nuclear Pack changed its traffic patterns. The changes are significant enough that I wonder if Nuclear Pack is at version 4. Or is this merely an evolution of version 3, as weve seen throughout --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19081&rss *** VU#843044: Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values *** --------------------------------------------- Vulnerability Note VU#843044 Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values Original Release date: 18 Dec 2014 | Last revised: 18 Dec 2014 Overview The Intelligent Platform Management Interface (IPMI) v1.5 implementations in multiple Dell iDRAC releases are vulnerable to arbitrary command injection due to use of insufficiently random session ID values. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-8272The IPMI v1.5... --------------------------------------------- http://www.kb.cert.org/vuls/id/843044 *** Cisco IronPort ESA Subject Header Length Denial of Service Vulnerability *** --------------------------------------------- CVE-2014-8016 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal *** --------------------------------------------- CVE-2014-8012 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability *** --------------------------------------------- CVE-2014-8014 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cross-Site Scripting vulnerability in wfGallery (wf_gallery) *** --------------------------------------------- It has been discovered that the extension "wfGallery" (wf_gallery) is susceptible to Cross-Site Scripting. --------------------------------------------- http://www.typo3.org/news/article/cross-site-scripting-vulnerability-in-wfg… *** SA-CONTRIB-2014-128 - Organic Groups Menu - Access bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-128Project: OG Menu (third-party module)Version: 6.x, 7.xDate: 2014-December-17Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypass, Information DisclosureDescriptionThis module enables you to associate menus with Organic Groups (OG). It allows you to create one or more menus per group, configure and apply menu permissions in a group context, add/edit menu links directly from the entity... --------------------------------------------- https://www.drupal.org/node/2395049 *** SA-CONTRIB-2014-127 - School Administration - Cross Site Scripting (XSS) *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-127Project: School Administration (third-party module)Version: 7.xDate: 2014-December-17Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionSchool Administration module enables you to keep records of all students and staff. With inner modules, it aims to be a complete school administration system.The module failed to sanitize some node titles in messages, leading to a... --------------------------------------------- https://www.drupal.org/node/2395015 *** SA-CONTRIB-2014-126 - Open Atrium - Multiple vulnerabilities *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-126Project: Open Atrium (third-party module)Version: 7.xDate: 2014-12-17Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypass, Cross Site Request Forgery, Multiple vulnerabilitiesDescriptionThis distribution enables you to create an intranet.Several of the sub modules included do not prevent CSRF on several menu callbacks.Open Atrium Discussion also does not exit correctly after... --------------------------------------------- https://www.drupal.org/node/2394979 *** Novell NetIQ Access Manager 4.0 Support Pack 1 Hot Fix 3 4.0.1-132 *** --------------------------------------------- Abstract: NetIQ Access Manager 4.0 Support Pack 1 Hot Fix 3 build (version4.0.1-132). This file contains updates for services contained in the NetIQ Access Manager 4.0 product and requires 4.0 SP1 to be installed as a minimum. NetIQ recommends that all customers running Access Manager 4.0 release code apply this patch. The purpose of the patch is to provide a bundle of fixes for issues that have surfaced since NetIQ Access Manager 4.0 SP1 was released. These fixes include updates to the Access... --------------------------------------------- https://download.novell.com/Download?buildid=i7RBltaqcVw~ *** [2014-12-18] Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA) *** --------------------------------------------- Attackers are able to fully compromise the VDG Sense video management system by gaining highest system level access rights as multiple critical vulnerabilities exist. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-12-18] OS command execution vulnerability in GParted *** --------------------------------------------- GParted does not properly sanitize strings before passing them as parameters to an OS command. Under certain conditions an attacker is able to execute system commands as user "root" by tricking a victim into using GParted to e.g. format a USB drive. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-12-18] Multiple high risk vulnerabilities in NetIQ Access Manager *** --------------------------------------------- A vulnerability in the NetIQ Access Manager allows an authenticated attacker to read local files. Moreover, several web based issues (CSRF, persistent and non-persistent XSS) allow an attacker to hijack the session of an administrator or user. An information disclosure vulnerability allows an attacker to gather internal information including service passwords. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…

1 0

Tageszusammenfassung - Mittwoch 17-12-2014
by Daily end-of-shift report 17 Dec '14

17 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 16-12-2014 18:00 − Mittwoch 17-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Schadcode nutzt Monate alte WordPress-Lücke aus *** --------------------------------------------- Der Schädling namens SoakSoak hat hunderttausende Webseiten über das Plug-in Slider Revolution befallen und spioniert die Server aus. In einigen Fällen werden auch Besucher per Drive-By-Download infiziert. --------------------------------------------- http://www.heise.de/security/meldung/Schadcode-nutzt-Monate-alte-WordPress-… *** Firefox, IE11 zero-day bugs possibly targeted in SoakSoak WordPress malware attacks *** --------------------------------------------- Attackers exploiting a bug in the Slider Revolution plugin to compromise WordPress websites with malware may also be targeting zero-day vulnerabilities in Firefox and Internet Explorer 11. --------------------------------------------- http://www.scmagazine.com/firefox-ie11-zero-day-bugs-possibly-targeted-in-s… *** Some Memory Forensic with Forensic Suite (Volatility plugins), (Tue, Dec 16th) *** --------------------------------------------- In previous diaries we have talked about memory forensics and how important it is. In this diary I will talk about a new volatility plugins called Forensic Suite written by Dave Lasalle. The suite has 14 plugins and they cover different area of memory forensics The Forensics Suite can be obtain from: http://downloads.volatilityfoundation.org/contest/2014/DaveLasalle_Forensic… . In this diary I will talk about some of the plugins Firefox history: To test this plugin first I browsed the... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19071&rss *** URL flaw discovered for airline mobile boarding passes *** --------------------------------------------- A URL flaw that impacts mobile boarding passes for airlines, such as Southwest and Delta, was discovered on Tuesday. --------------------------------------------- http://www.scmagazine.com/url-flaw-discovered-for-airline-mobile-boarding-p… *** Impact of Linux bug grinch spans servers, workstations, Android devices and more *** --------------------------------------------- Alert Logic discovered the bug, which is susceptible to exploitation due to the default installation process used by Linux. --------------------------------------------- http://www.scmagazine.com/impact-of-linux-bug-grinch-spans-servers-workstat… *** Comparing OpenBSD with FreeBSD - securitywise *** --------------------------------------------- OpenBSD and FreeBSD are both great OS that I admire and use. OpenBSD is considered more secure since it is its main goal, but FreeBSD can be tweaked to be pretty well hardened as well. Depending on the forums or to who we ask, we will have different opinions. But what are the facts? Which OS is more secure and why? --------------------------------------------- http://networkfilter.blogspot.co.at/2014/12/security-openbsd-vs-freebsd.html *** SSL Labs end of year 2014 updates *** --------------------------------------------- >From the SSL/TLS perspective, 2014 was quite an eventful year. The best way to describe what we at SSL Labs did is we kept running to stay in the same place. What I mean by this is that we spent a lot of time reacting to high profile vulnerabilities: Hearbleed, the ChangeCipherSpec protocol issue in OpenSSL, POODLE (against SSL 3 in October and against TLS in December), and others. Ultimately, this has been a very successful year for us, with millions of assessments carried out. --------------------------------------------- http://blog.ivanristic.com/2014/12/ssl-labs-end-of-year-updates.html *** Top 5 malware attacks: 35 reused components *** --------------------------------------------- CyActive identified the top five malware that returned the highest ROI for hackers with the least effort per dollar - achieved by recycling code and using the same methods from previous malware attack... --------------------------------------------- http://www.net-security.org/malware_news.php?id=2932 *** Protecting the underground electronic communications infrastructure *** --------------------------------------------- ENISA has released a new report on the Protection of Underground Electronic Communications Infrastructure. This report - targeted at Member States (MS), public institutions, owners of underground comm... --------------------------------------------- http://www.net-security.org/secworld.php?id=17763 *** The Abandoned Side of the Internet: Hijacking Internet Resources When Domain Names Expire *** --------------------------------------------- In this paper, we discuss an attacker model that accounts for the hijacking of network ownership information stored in Regional Internet Registry (RIR) databases. We show that such threats emerge from abandoned Internet resources (e.g., IP address blocks, AS numbers). When DNS names expire, attackers gain the opportunity to take resource ownership by re-registering domain names that are referenced by corresponding RIR database objects. --------------------------------------------- http://arxiv.org/abs/1412.5052 *** How the FBI Unmasked Tor Users *** --------------------------------------------- Kevin Poulson has a good article up on Wired about how the FBI used a Metasploit variant to identify Tor users.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/12/how_the_fbi_unm.html *** Fast Flux Networks Working and Detection, Part 1 *** --------------------------------------------- Introduction In this series of articles, we will learn about a not-so-new type of attack, but one of the most difficult attacks to control. Yes, we will lean about the demon Fast Flux!! In this article, we will learn about what exactly Fast Flux is, types of Fast Flux, and [...]The post Fast Flux Networks Working and Detection, Part 1 appeared first on InfoSec Institute. --------------------------------------------- http://resources.infosecinstitute.com/fast-flux-networks-working-detection-… *** What's New in Exploit Kits in 2014 *** --------------------------------------------- Around this time in 2013, the most commonly used exploit kit - the Blackhole Exploit Kit - was shut down after its creator, Paunch, was arrested by law enforcement. Since then, a variety of exploit kits has emerged and have been used by cybercriminals. The emergence of so many replacements has also meant that there... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/N44vwrIcGrM/ *** Researchers warn of new OphionLocker ransomware *** --------------------------------------------- OphionLocker doesnt diverge much from previous ransomware schemes, although it does generate a unique hardware ID based on the first hard drives serial number, the motherboards serial number and other information. --------------------------------------------- www.scmagazine.com/ophionlocker-discovered-in-the-wild-update-provided-on-t… *** Certified pre-pw0ned Android Smartphones: Coolpad Firmware Backdoor, (Wed, Dec 17th) *** --------------------------------------------- Researchers at Palo Alto found that many ROM images used for Android smart phones manufactured by Coolpad contain a backdoor, giving an attacker full control of the device. Palo Alto named the backdoor Coolreaper. With Android, it is very common for manufacturers to install additional applications. But these applications are installed on top of the Android operating system. In this case, Coolpad integrated additional functionality into the firmware of the device. This backdoor was then used by --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19075&rss *** BSI-Sicherheitsbericht: Erfolgreiche Cyber-Attacke auf deutsches Stahlwerk *** --------------------------------------------- Bei einem bislang unbekannten Angriff beschädigten die Angreifer einen Hochofen schwer. Doch neben den gezielten Angriffen auf Industrieanlagen bilanziert das BSI auch eine steigende Gefahr für Endanwender. --------------------------------------------- http://www.heise.de/security/meldung/BSI-Sicherheitsbericht-Erfolgreiche-Cy… *** Meet FlashFlood, the lightweight script that causes websites to falter *** --------------------------------------------- Bringing big database-driven sites to their knees just got a little easier. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/ir5Zy4m-thY/ *** iCloud-Daten: Forensik-Software verspricht umfangreichen Zugriff *** --------------------------------------------- Die vermutlich auch für den iCloud-Promi-Hack genutzte Forensik-Software "Phone Breaker" erweitert die Möglichkeiten, bei Apples Cloud-Dienst gespeicherte Nutzerdaten auszulesen. Unterstützung zum Fremdzugriff auf iCloud Drive soll folgen. --------------------------------------------- http://www.heise.de/security/meldung/iCloud-Daten-Forensik-Software-verspri… *** Cisco ISB8320-E High-Definition IP-Only DVR Remote Unauthenticated Access Vulnerability *** --------------------------------------------- CVE-2014-8006 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Symantec Web Gateway OS Authenticated Command Injection *** --------------------------------------------- Revisions None Severity CVSS2Base ScoreImpactExploitabilityCVSS2 VectorSymantec Web Gateway Operating System Command Injection - Low... --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** IBM Business Process Manager cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98418 *** IBM WebSphere Process Server, IBM WebSphere Enterprise Service Bus, IBM Business Process Manager information disclosure *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98488 *** IBM Business Process Manager security bypass *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/95724 *** HP Security Bulletins *** --------------------------------------------- [security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information --------------------------------------------- http://www.securityfocus.com/archive/1/534259 [security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution --------------------------------------------- http://www.securityfocus.com/archive/1/534262 [security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/534261 [security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS) --------------------------------------------- http://www.securityfocus.com/archive/1/534260 *** Patches for Novell Products *** --------------------------------------------- https://download.novell.com/Download?buildid=3dJODsdcDKE~ https://download.novell.com/Download?buildid=STisn28FRWs~ https://download.novell.com/Download?buildid=q4S96klvwhE~ https://download.novell.com/Download?buildid=Mh8CRo1Ljh8~ https://download.novell.com/Download?buildid=nlOmW2y333Q~ https://download.novell.com/Download?buildid=anuuh6CDWX8~ *** DSA-3105 heirloom-mailx - security update *** --------------------------------------------- Two security vulnerabilities were discovered in Heirloom mailx, animplementation of the mail command: --------------------------------------------- https://www.debian.org/security/2014/dsa-3105 *** DSA-3104 bsd-mailx - security update *** --------------------------------------------- It was discovered that bsd-mailx, an implementation of the mailcommand, had an undocumented feature which treats syntactically validemail addresses as shell commands to execute. --------------------------------------------- https://www.debian.org/security/2014/dsa-3104 *** SSA-134508 (Last Update 2014-12-16): Vulnerabilities in SIMATIC WinCC, PCS 7 and WinCC in TIA Portal *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** iWifi For Chat 1.1 Denial Of Service *** --------------------------------------------- Topic: iWifi For Chat 1.1 Denial Of Service Risk: Medium Text:Document Title: iWifi for Chat v1.1 iOS - Denial of Service Vulnerability References (Source): == http://w... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120110 *** iUSB 1.2 Arbitrary Code Execution *** --------------------------------------------- Topic: iUSB 1.2 Arbitrary Code Execution Risk: High Text:Document Title: iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability References (Source): == http://www.... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120109 *** Bugtraq: [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/534264 *** Security Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Product *** --------------------------------------------- Dec 17, 2014 16:09 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Schneider Electric ProClima Command Injection Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for command injection vulnerabilities in Schneider Electrics ProClima software package. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-350-01 *** Bird Feeder <= 1.2.3 CSRF & XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7727 *** DB Backup <= 4.5 - Path Traversal File Access *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7726

1 0

Tageszusammenfassung - Dienstag 16-12-2014
by Daily end-of-shift report 16 Dec '14

16 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 15-12-2014 18:00 − Dienstag 16-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Is POODLE Back for Another Byte? *** --------------------------------------------- [...] The problem is a number of other TLS implementations are optimized for performance by verifying only that the first byte of padding matches the number of padding bytes. Such implementations would accept any value for the second and subsequent padding bytes. What's worse is that the adversary doesn't need to artificially downgrade the connection to SSLv3 to exploit this issue, so the barriers to execution are lower. --------------------------------------------- https://www.fireeye.com/blog/threat-research/2014/12/is_poodle_back_fora.ht… *** RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise *** --------------------------------------------- Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to the first domain used in the malware redirection path (soaksoak.ru). After a bit more time investigating this issue, we were able to confirm that the attack vector is the RevSlider... --------------------------------------------- http://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wor… *** SoakSoak: Payload Analysis - Evolution of Compromised Sites - IE 11 *** --------------------------------------------- Thousands of WordPress sites has been hit by the SoakSoak attack lately. At this moment we know quite a lot about it. It uses the RevSlider vulnerability as a point of penetration. Then uploads a backdoor and infects all websites that share the same server account (so sites that don't use the RevSlider plugin can... --------------------------------------------- http://blog.sucuri.net/2014/12/soaksoak-payload-analysis-evolution-of-compr… *** Google Blacklists WordPress Sites Peddling SoakSoak Malware *** --------------------------------------------- Up to 100,000 sites hosted on WordPress may be vulnerable to new campaign thats pushing malware and multiple exploit kits to the browser. --------------------------------------------- http://threatpost.com/google-blacklists-wordpress-sites-peddling-soaksoak-m… *** Safari 8.0.2 Still Supporting SSLv3 with Block Ciphers, (Mon, Dec 15th) *** --------------------------------------------- In October, Apple released Security Update 2014-005, specifically with the intend to address the POODLE issue [1]. The description with the update stated: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19067&rss *** ENISA CERT training programme now available online *** --------------------------------------------- ENISA has launched a new section on its website introducing the ENISA CERT training programme. In the new section, you can find all the publicly available training resources and the training courses currently provided by ENISA. --------------------------------------------- http://www.enisa.europa.eu/media/news-items/enisa-cert-training-programme-n… *** SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability *** --------------------------------------------- CVE-2014-8730 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Internet-Sicherheit: Auch Cisco mit Poodle-Problemen *** --------------------------------------------- Ausgerechnet Firewalls und Load-Balancing-Erweiterungen des Netzwerkgeräte-Herstellers pfuschen bei der Umsetzung von TLS - und werden damit ebenfalls anfällig für Poodle-Angriffe auf die Verschlüsselung. --------------------------------------------- http://www.heise.de/security/meldung/Internet-Sicherheit-Auch-Cisco-mit-Poo… *** Android Hacking and Security, Part 16: Broken Cryptography *** --------------------------------------------- Introduction In this article, we will discuss broken cryptography in Android applications. Broken cryptography attacks come into the picture when an app developer wants to take advantage of encryption in his application. This article covers the possible ways where vulnerabilities associated with broken cryptography may be introduced in Android apps. [...]The post Android Hacking and Security, Part 16: Broken Cryptography appeared first on InfoSec Institute. --------------------------------------------- http://resources.infosecinstitute.com/android-hacking-security-part-16-brok… *** F5 Security Advisory: Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687 *** --------------------------------------------- (SOL15910) - Remote attackers may be able to cause a denial-of-service (DoS) using malformed or duplicate ASCONF chunk. --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/900/sol15910.html *** Security Advisory 2014-06: Incomplete Access Control *** --------------------------------------------- An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured. --------------------------------------------- https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/ *** Apache Buffer Overflow in mod_proxy_fcgi Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031371 *** SSA-831997 (Last Update 2014-12-15): Denial-of-Service Vulnerability in Ruggedcom ROS-based Devices *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** CA Release Automation Multiple Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and SQL Injection Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1031375 *** DokuWiki conf/mime.conf cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99291 *** Python TLS security bypass *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99294 *** CA LISA Multiple Vulns *** --------------------------------------------- Topic: CA LISA Multiple Vulns Risk: Medium Text:CA20141215-01: Security Notice for CA LISA Release Automation Issued: December 15, 2014 CA Technologies Support is alerti... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120097 *** Bugtraq: [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA *** --------------------------------------------- http://www.securityfocus.com/archive/1/534249 *** Better Search <= 1.3.4 - Reflective XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7725 *** WP Construction Mode <= 1.91 - Cross-Site Scripting (XSS) *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7724 *** Sliding Social Icons <= 1.61 - CSRF & Stored XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7723 *** Bugtraq: "Ettercap 8.0 - 8.1" multiple vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/534248

1 0

Tageszusammenfassung - Montag 15-12-2014
by Daily end-of-shift report 15 Dec '14

15 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 12-12-2014 18:00 − Montag 15-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** ICS-CERT: BlackEnergy may be infecting WinCC systems lacking recent patch *** --------------------------------------------- BlackEnergy malware may be exploiting a vulnerability in Siemens SIMATIC WinCC software that was patched in early November. --------------------------------------------- http://www.scmagazine.com/ics-cert-urges-wincc-users-others-to-update-softw… *** BGP Hijacking Continues, Despite the Ability To Prevent It *** --------------------------------------------- An anonymous reader writes: BGPMon reports on a recent route hijacking event by Syria. These events continue, despite the ability to detect and prevent improper route origination: Resource Public Key Infrastructure. RPKI is technology that allows an operator to validate the proper relationship between an IP prefix and an Autonomous System. That is, assuming you can collect the certificates. ARIN requires operators accept something called the Relying Party Agreement. But the provider community... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/hl_eP152_h0/story01.htm *** Batten down the patches: New vuln found in Docker container tech *** --------------------------------------------- Last months patch brought new privilege escalation flaw More security woes plagued users of the Docker application containerization tech for Linux this week, after an earlier security patch was found to have introduced a brand-new critical vulnerability in the software. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/12/12/docker_vuln… *** Cisco to release flying pig - Snort 3.0 *** --------------------------------------------- Sourcefires been making bacon, now wants you to fry it Ciscos going to release a flying pig. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/12/12/cisco_to_re… *** Worm Backdoors and Secures QNAP Network Storage Devices, (Sun, Dec 14th) *** --------------------------------------------- Shellshock is far from over, with many devices still not patched andout there ready for exploitation. One set of thedevices receiving a lot of attention recently are QNAP disk storage systems. QNAP released a patch in early October, but applying the patch is not automatic and far from trivial for many users[1]. Our reader Erichsubmitted a link to an interesting Pastebin post with code commonly used in these scans [2] The attack targets a QNAP CGI script, /cgi-bin/authLogin.cgi, a well known... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19061&rss *** SoakSoak Malware Compromises 100,000+ WordPress Websites *** --------------------------------------------- This Sunday has started with a bang. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru: Our analysis is showing impacts in the order of 100s of thousands of WordPress specific websites. We cannot confirm the exact vector, but preliminary analysis is showing correlation with the Revslider vulnerability we reported a... --------------------------------------------- http://blog.sucuri.net/2014/12/soaksoak-malware-compromises-100000-wordpres… *** Man in the Middle attack vs. Cloudflares Universal SSL *** --------------------------------------------- MitM attacks are a class of security attacks that involve the compromise of the authentication of a secure connection. In essence, an attacker builds a transparent tunnel between the client and the server, but makes sure that the client negotiates the secure connection with the attacker, instead of the intended server. Thus the client instead of having a secure connection to the server, has a secure connection to the attacker, which in turn has set up its own secure connection to the server, so... --------------------------------------------- http://blog.ricardomacas.com/index.php?controller=post&action=view&id_post=4 *** 10th Annual ICS Security Summit - Orlando *** --------------------------------------------- For SCADA, Industrial Automation, and Control System Security Join us for the 10th anniversary of the Annual SANS ICS Security Summit. The Summit is the premier event to attend in 2015 for ICS cybersecurity practitioners and managers. This years summit will feature hands-on training courses focused on Attacking and Defending ICS environments, Industry specific pre-summit events, and an action packed summit agenda with the release of ICS security tools and the popular security kit for Summit --------------------------------------------- https://www.sans.org/event/ics-security-summit-2015 *** Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712) *** --------------------------------------------- V3.0 (December 12, 2014): Rereleased bulletin to announce the reoffering of Microsoft security update 2986475 for Microsoft Exchange Server 2010 Service Pack 3. The rereleased update addresses a known issue in the original offering. Customers who uninstalled the original update should install the updated version of 2986475 at the earliest opportunity. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-075 *** Two newcomers in the exploit kit market *** --------------------------------------------- Exploit kits are a great means to an end for malware distributors, who either buy them or rent them in order to widely disseminate their malicious wares. Its no wonder then that unscrupulous developers are always trying to enter the market currently cornered by Angler, Nuclear, FlashEK, Fiesta, SweetOrange, and others popular exploit kits. --------------------------------------------- http://www.net-security.org/malware_news.php?id=2929 *** RSA Authentication Manager 8.0 / 8.1 Unvalidated Redirect *** --------------------------------------------- Topic: RSA Authentication Manager 8.0 / 8.1 Unvalidated Redirect Risk: Low Text:ESA-2014-173: RSA Authentication Manager Unvalidated Redirect Vulnerability EMC Identifier: ESA-2014-173 CVE Identifier:... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120080 *** RSA Archer GRC Platform 5.x Cross Site Scripting *** --------------------------------------------- Topic: RSA Archer GRC Platform 5.x Cross Site Scripting Risk: Low Text:ESA-2014-163: RSA Archer GRC Platform Multiple Vulnerabilities EMC Identifier: ESA-2014-163 CVE Identifier: See b... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120079 *** EMC Isilon InsightIQ Cross Site Scripting *** --------------------------------------------- Topic: EMC Isilon InsightIQ Cross Site Scripting Risk: Low Text:ESA-2014-164: EMC Isilon InsightIQ Cross-Site Scripting Vulnerability EMC Identifier: ESA-2014-164 CVE Identifier: CVE-... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120078 *** Cisco Prime Security Manager Cross-Site Scripting Vulnerability *** --------------------------------------------- CVE-2014-3364 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass *** --------------------------------------------- Topic: Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Risk: Medium Text:Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit Vendor: Soitec Product web page: http://ww... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120086 *** Multiple vulnerabilities in InfiniteWP Admin Panel *** --------------------------------------------- InfiniteWP (http://www.infinitewp.com/) allows an administrator to manage multiple Wordpress sites from one control panel. According to the InfiniteWP homepage, it is used on over 317,000 Wordpress sites. The InfiniteWP Admin Panel contains a number of vulnerabilities that can be exploited by an unauthenticated remote attacker. These vulnerabilities allow taking over managed Wordpress sites by leaking secret InfiniteWP client keys, allow SQL injection, allow cracking of InfiniteWP admin --------------------------------------------- http://seclists.org/fulldisclosure/2014/Dec/43 *** Bugtraq: Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01] *** --------------------------------------------- http://www.securityfocus.com/archive/1/534241 *** [dos] - phpMyAdmin 4.0.x, 4.1.x, 4.2.x - DoS *** --------------------------------------------- http://www.exploit-db.com/exploits/35539 *** Multiple vulnerabilities in BibTex Publications (si_bibtex) *** --------------------------------------------- It has been discovered that the extension "BibTex Publications" (si_bibtex) is susceptible to Cross-Site Scripting and SQL Injection. --------------------------------------------- http://www.typo3.org/news/article/multiple-vulnerabilities-in-bibtex-public… *** Multiple vulnerabilities in Drag Drop Mass Upload (ameos_dragndropupload) *** --------------------------------------------- It has been discovered that the extension "Drag Drop Mass Upload" (ameos_dragndropupload) is susceptible to Cross-Site Scripting, Cross-Site Request Forgery and Improper Access Control. --------------------------------------------- http://www.typo3.org/news/article/improper-access-control-in-drag-drop-mass… *** Security Advisory-SSLv3 POODLE Vulnerability in Huawei Products *** --------------------------------------------- Dec 15, 2014 18:30 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** SEO Redirection <= 2.2 - Unauthenticated Stored XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7722 *** Lightbox Photo Gallery 1.0 - CSRF/XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7719 *** WP-FB-AutoConnect <= 4.0.5 - XSS/CSRF *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7721 *** Timed Popup <= 1.3 - CSRF & Stored XSS *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7720 *** Bugtraq: CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional" *** --------------------------------------------- http://www.securityfocus.com/archive/1/534230 *** Bugtraq: CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional" *** --------------------------------------------- http://www.securityfocus.com/archive/1/534229

1 0

Tageszusammenfassung - Freitag 12-12-2014
by Daily end-of-shift report 12 Dec '14

12 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 11-12-2014 18:00 − Freitag 12-12-2014 18:00 Handler: Alexander Riepl Co-Handler: Otmar Lendl *** Archie and Astrum: New Players in the Exploit Kit Market *** --------------------------------------------- Thu, 11 Dec 2014 17:10:55 +0200 --------------------------------------------- https://www.f-secure.com/weblog/archives/00002776.html *** Researcher: Lax Crossdomain Policy Puts Yahoo Mail At Risk *** --------------------------------------------- A security researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that puts email content and contacts at risk. --------------------------------------------- http://threatpost.com/researcher-lax-crossdomain-policy-puts-yahoo-mail-at-… *** DSA-3098 graphviz - security update *** --------------------------------------------- Joshua Rogers discovered a format string vulnerability in the yyerrorfunction in lib/cgraph/scan.l in Graphviz, a rich set of graph drawingtools. An attacker could use this flaw to cause graphviz to crash orpossibly execute arbitrary code. --------------------------------------------- https://www.debian.org/security/2014/dsa-3098 *** ZDI-14-424: Honeywell OPOS Suite HWOPOSScale.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/8tlo_ZfI4BE/ *** ZDI-14-423: Honeywell OPOS Suite HWOPOSSCANNER.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/ZDVuupIJS6Q/ *** ZDI-14-422: ManageEngine NetFlow Analyzer CollectorConfInfoServlet COLLECTOR_ID Directory Traversal Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/sBfZBCsAKl4/ *** ZDI-14-421: ManageEngine Password Manager Pro UploadAccountActivities filename Directory Traversal Denial of Service Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of ManageEngine Password Manager Pro. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/agLsqjzz9u4/ *** ZDI-14-420: ManageEngine Desktop Central MSP NativeAppServlet UDID JSON Object Code Injection Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/YGf1aa88_QM/ *** Targeted Phishing Against GoDaddy Customers *** --------------------------------------------- I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it's missing a name. When you get them from a bank you don't even deal with that's a pretty good clue. However, when the phishing is well doneRead More --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/uan3MNQ2J9g/targeted-phishing… *** Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update B) *** --------------------------------------------- This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02A Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-329-02B *** Wire transfer spam spreads Upatre *** --------------------------------------------- The Microsoft Malware Protection Center (MMPC) is currently monitoring a spam email campaign that is using a wire transfer claim to spread Trojan:Win32/Upatre. It is important to note that customers running up-to-date Microsoft security software are protected from this threat. Additionally, customers with Microsoft Active Protection Service Community (MAPS) enabled also benefit from our cloud protection service. Upatre typically uses spam email campaigns to spread and then downloads other --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-spam-sprea… *** Digitaler Anschlag: Cyber-Attacke soll Ölpipeline zerstört haben *** --------------------------------------------- Ein Cyber-Angriff soll 2008 die Explosion einer Ölpipeline in der Türkei verursacht haben, wie anonyme Quellen berichten. Es gibt dafür aber nur Indizien. (Cyberwar, Virus) --------------------------------------------- http://www.golem.de/news/digitaler-anschlag-cyber-attacke-soll-oelpipeline-… *** Cross-Signed Certificates Crashes Android *** --------------------------------------------- We have discovered a vulnerability in Android that affects how cross-signed certificates are handled. No current Android release correctly handles these certificates, which are created when two certificates are signed with a looped certificate chain (certificate A signs certificate B; certificate B signs certificate A). We've already notified Google about this vulnerability, and there is no fix Post from: Trendlabs Security Intelligence Blog - by Trend MicroCross-Signed --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/K85aQffE_W0/ *** Microsoft: Neues Zertifikats-Update, noch ein zurückgezogener Patch *** --------------------------------------------- Microsoft hat ein neues Zertifikats-Update für Windows 7 und Server 2008 ausgeliefert, das die Update-Probleme beheben soll. In der Zwischenzeit musste allerdings der dritte Patch in wenigen Tagen zurückgezogen werden, da er Silverlight zerschossen hatte. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-Neues-Zertifikats-Update-noc… *** Office für Mac 2011: Microsoft beseitigt kritische Schwachstelle *** --------------------------------------------- Das Update für die OS-X-Version der Büro-Suite soll eine Sicherheitslücke in Word beseitigen, die das Einschleusen und Ausführen von Schadcode erlaubt. Auch ein kleineres Problem wird behoben. --------------------------------------------- http://www.heise.de/security/meldung/Office-fuer-Mac-2011-Microsoft-beseiti… *** Microsoft pulls Patch Tuesday fix - "Outlook can't connect to Exchange" *** --------------------------------------------- Part of Patch Tuesday is now only partly available as Microsoft recalls its already-delayed Exchange 2010 update. Paul Ducklin takes a look... --------------------------------------------- http://feedproxy.google.com/~r/nakedsecurity/~3/pyrMdTGYdYo/ *** DFN-CERT-2014-1647/">MantisBT: Mehrere Schwachstellen ermöglichen das Ausführen beliebigen Programmcodes *** --------------------------------------------- 12.12.2014 --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2014-1647/ *** OphionLocker: Joining in the Ransomware Race *** --------------------------------------------- Fri, 12 Dec 2014 16:32:35 +0200 --------------------------------------------- https://www.f-secure.com/weblog/archives/00002777.html *** SSL-Lücke: Der POODLE beißt Windows Phone 7 *** --------------------------------------------- Windows Phone 7 kann Mails nur mit dem uralten SSL-Protokoll Version 3 abholen. Das wird aber von vielen Mailservern wegen der POODLE-Lücke nicht mehr angeboten. Auf Abhilfe können Nutzer wohl nicht hoffen. (Windows Phone, E-Mail) --------------------------------------------- http://www.golem.de/news/ssl-luecke-der-poodle-beisst-windows-phone-7-1412-…

1 0

Tageszusammenfassung - Donnerstag 11-12-2014
by Daily end-of-shift report 11 Dec '14

11 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 10-12-2014 18:00 − Donnerstag 11-12-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Critical vulnerability affecting HD FLV Player *** --------------------------------------------- We've been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla!, WordPress and custom websites. It was silently patched on Joomla! and WordPress, leaving the custom website version vulnerable. Furthermore, websites .. --------------------------------------------- http://blog.sucuri.net/2014/12/critical-vulnerability-in-joomla-hd-flv-play… *** Underground black market: Thriving trade in stolen data, malware, and attack services *** --------------------------------------------- The underground market is still booming after recent major data breaches. The price of stolen email accounts has dropped substantially, but the value of .. --------------------------------------------- http://www.symantec.com/connect/blogs/underground-black-market-thriving-tra… *** Odd new ssh scanning, possibly for D-Link devices, (Wed, Dec 10th) *** --------------------------------------------- I noticed it in my own logs overnight and also had a couple of readers (both named Paul) report some odd new ssh scanning overnight. The scanning involves many sites, likely a botnet, attempting to ssh in as 3 users, D-Link, admin, .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19055 *** Microsoft Enables Removal of SSL 3.0 Fallback In IE *** --------------------------------------------- Microsoft has given Windows admins the option to remove the SSL 3.0 fallback from Internet Explorer. By disabling SSL 3.0, IE is no longer vulnerable to POODLE attacks. --------------------------------------------- http://threatpost.com/microsoft-enables-removal-of-ssl-3-0-fallback-in-ie/1… *** FreeBSD Buffer Overflow in libc stdio Lets Local Users Deny Service or Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1031343 *** FreeBSD file(1) and libmagic(3) File Processing Flaws Let Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031344 *** WordPress Uninstall <= 1.1 - WordPress Deletion via CSRF *** --------------------------------------------- https://wpvulndb.com/vulnerabilities/7715 *** Mysterious Turla Linux backdoor also for Solaris? *** --------------------------------------------- There has been numerous reports about the mysterious Linux backdoor connected to Turla, an APT family. The malware has some pretty interesting features, the most interesting being its ability to sniff the network interface. More specifically, it .. --------------------------------------------- https://www.f-secure.com/weblog/archives/00002775.html *** Regin *** --------------------------------------------- Wir haben in der Woche ab dem 24. November 2014 zum Thema Regin regelmässige Status-Updates an die GovCERT Constituency (in unserer Rolle als GovCERT Austria), die potentiell betroffenen Sektoren (im Rahmen des ATC) und den CERT-Verbund verschickt.Dieser Blogpost stellt unsere Timeline .. --------------------------------------------- http://www.cert.at/services/blog/20141211105745-1339.html *** Patch-Debakel: Microsoft zieht erneut Update zurück *** --------------------------------------------- Nach einem fehlerhaften Rollup-Update für Exchange musste Microsoft nun auch einen Patch für die Root-Zertifikate in Windows zurückziehen. Probleme mit Updates und Patches hatte Microsoft in letzter Zeit des öfteren. --------------------------------------------- http://www.heise.de/security/meldung/Patch-Debakel-Microsoft-zieht-erneut-U… *** Cyber-Spionage: Auf Roter Oktober folgt Cloud Atlas *** --------------------------------------------- Eine neue Angriffswelle mit gezielten Attacken droht: Cloud Atlas soll die nächste digitale Spionagekampagne sein. Die Malware sei eine aktualisierte Variante von Roter Oktober, sagen IT-Sicherheitsexperten. --------------------------------------------- http://www.golem.de/news/cyber-spionage-auf-roter-oktober-folgt-cloud-atlas…

1 0

Tageszusammenfassung - Mittwoch 10-12-2014
by Daily end-of-shift report 10 Dec '14

10 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 09-12-2014 18:00 − Mittwoch 10-12-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Adobe Security Bulletins Posted *** --------------------------------------------- http://blogs.adobe.com/psirt/?p=1149 *** VMSA-2014-0013 *** --------------------------------------------- VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability. VMware vCloud Automation Center has a remote privilege escalation vulnerability. This issue may allow an authenticated vCAC user to obtain administrative access to vCenter Server. --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0013.html *** MS14-DEC - Microsoft Security Bulletin Summary for December 2014 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-DEC *** Multiple vulnerabilities in SAP SQL Anywhere *** --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-415/ http://www.zerodayinitiative.com/advisories/ZDI-14-414/ http://www.zerodayinitiative.com/advisories/ZDI-14-413/ http://www.zerodayinitiative.com/advisories/ZDI-14-412/ *** ZDI-14-411: Lexmark MarkVision Enterprise ReportDownloadServlet Information Disclosure Vulnerability *** --------------------------------------------- The specific flaw exists within the ReportDownloadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. An attacker can leverage this vulnerability to read files under the context of SYSTEM. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-411/ *** ZDI-14-410: Lexmark MarkVision Enterprise GfdFileUploadServlet Remote Code Execution Vulnerability *** --------------------------------------------- The specific flaw exists within the GfdFileUploadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. An attacker can leverage this vulnerability to write files under the context of SYSTEM and achieve remote code execution. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-410/ *** X Multiple Memory Corruption Flaws Let Remote Users Deny Service and Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1031326 *** Yokogawa FAST/TOOLS XML External Entity *** --------------------------------------------- This advisory provides mitigation details for an XML external entity processing vulnerability in the Yokogawa FAST/TOOLS application. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-343-01 *** Trihedral VTScada Integer Overflow Vulnerability *** --------------------------------------------- This advisory provides mitigation details for an integer overflow vulnerability in Trihedral Engineering Ltd's VTScada application. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02 *** .Bank hires Symantec to check credentials *** --------------------------------------------- Soon you might be able to trust that financial email The launch of new .bank domain names is one step closer with the announcement that Symantec has been chosen to act as the credentials verifier for the top-level domain .. --------------------------------------------- http://www.theregister.co.uk/2014/12/10/bank_hires_symantec_to_check_creden… *** Nach Hack: Sony-Sicherheitszertifikat zur Malware-Tarnung genutzt *** --------------------------------------------- Es ist wohl der verheerendste Angriff auf die IT-Sicherheit eines Unternehmens, den es je gegeben hat. Seit Tagen tauchen immer neue interne Informationen aus dem Netzwerk von Sony Pictures auf. Neben bislang .. --------------------------------------------- http://derstandard.at/2000009194439 *** Cloud Atlas: RedOctober APT is back in style *** --------------------------------------------- Two years ago, we published our research into RedOctober, a complex cyber-espionage operation targeting diplomatic embassies worldwide. We named it RedOctober because we started this investigation in October 2012, an unusually hot month. --------------------------------------------- http://securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-bac… *** DFN-CERT-2014-1622: Red Hat Package Manager (RPM): Zwei Schwachstellen ermöglichen die Ausführung beliebiger Befehle *** --------------------------------------------- Zwei Schwachstellen im Red Hat Package Manager (RPM) ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebiger Befehle während der Paketinstallation und damit die Übernahme des Systems. Die Schwachstelle .. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2014-1622/ *** F5 BIG-IP SSLv3 Decoding Function Lets Remote Users Decrypt TLS Traffic *** --------------------------------------------- A vulnerability was reported in F5 BIG-IP. A remote user can decrypt TLS sessions in certain cases. The system may accept incorrect TLS padding when terminating TLSv1 CBC connections. A remote user can with the ability to conduct a man-in-the-middle attack can force a client to use a vulnerable SSLv3 decoding function with TLS and then conduct a BEAST-style of attack to decrypt portions of the session. --------------------------------------------- http://www.securitytracker.com/id/1031338 *** Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS *** --------------------------------------------- An attacker could forge a request, which modifies anchor only links on the homepage of a TYPO3 installation in a way that they point to arbitrary domains, if the .. --------------------------------------------- http://www.typo3.org/news/article/link-spoofing-and-cache-poisoning-vulnera… *** Störungen bei 1&1-Webhosting wegen DDos-Attacke *** --------------------------------------------- Weil das DNS-System von 1&1 angegriffen wird, sind sowohl Webhosting als auch Mail von 1&1 zeitweise nicht über Domains erreichbar. --------------------------------------------- http://www.heise.de/security/meldung/Stoerungen-bei-1-1-Webhosting-wegen-DD… *** Sony Pictures wurde vor Angriff auf IT-Infrastruktur angeblich erpresst *** --------------------------------------------- Die Umstände des Hacker-Angriffs auf Sony Pictures werden immer verwirrender. Eine Geldforderung legt einen kriminellen Hintergrund nahe. Zugleich fordern die Hacker aber angeblich auch, die Nordkorea-Komödie "The Interview" zu stoppen. --------------------------------------------- http://www.heise.de/security/meldung/Sony-Pictures-wurde-vor-Angriff-auf-IT… *** X.ORG: Wieder Jahrzente alte Lücken im X-Server *** --------------------------------------------- Der X-Server ist von 13 Sicherheitslücken betroffen, die sich auf verschiedene Implementierungen auswirken können. Die älteste reicht fast 30 Jahre in die erste Version von X11 zurück. Andeutungen auf die Fehler gab es bereits auf dem 30C3 vor einem Jahr. --------------------------------------------- http://www.golem.de/news/x-org-wieder-jahrzente-alte-luecken-im-x-server-14…

1 0

Tageszusammenfassung - Dienstag 9-12-2014
by Daily end-of-shift report 09 Dec '14

09 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-12-2014 18:00 − Dienstag 09-12-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Advance Notification Service for the December 2014 Security Bulletin Release *** --------------------------------------------- Today, we provide advance notification for the release of seven Security Bulletins. Three of these updates are rated Critical and four are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer (IE), Office and Exchange. As per our monthly process, we've scheduled the Security Bulletin release for the second Tuesday of the month, December 9, 2014, at approximately 10 a.m. PDT. Until then, please review the ANS summary page for more information to help... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2014/12/04/advance-notification-ser… *** Leveraging the WordPress Platform for SPAM *** --------------------------------------------- We've all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comments, comment spam isn't a major problem for most websites these days. I have seen however, a new trend starting to emerge when it comes to spam involving WordPress. In recent years... --------------------------------------------- http://blog.sucuri.net/2014/12/leveraging-the-wordpress-platform-for-spam.h… *** SSLv3: Kaspersky-Software hebelt Schutz vor Poodle-Lücke aus *** --------------------------------------------- Das Paket Kaspersky Internet Security kann auch bei Browsern, die unsichere Verbindungen per SSLv3 nicht unterstützen, das veraltete Protokoll dennoch aktivieren. Patchen will das der Hersteller erst 2015, es gibt aber schon jetzt eine einfache Lösung. --------------------------------------------- http://www.golem.de/news/sslv3-kaspersky-software-hebelt-schutz-vor-poodle-… *** Sicherheitslücken: Java-Sandbox-Ausbrüche in Googles App Engine *** --------------------------------------------- Ein Forscherteam hat diverse Möglichkeiten und Lücken gefunden, aus der Java-Sandbox von Googles App Engine auszubrechen. Dadurch seien sogar beliebige Systemaufrufe im darunter liegenden Betriebssystem möglich. --------------------------------------------- http://www.golem.de/news/sicherheitsluecken-java-sandbox-ausbrueche-in-goog… *** DNS-Server BIND, PowerDNS und Unbound droht Endlosschleife *** --------------------------------------------- Eine Sicherheitslücke in den drei DNS-Servern kann dazu ausgenutzt werden, die Software lahmzulegen. Dazu muss ein Angreifer allerdings die Zonen manipulieren oder einen bösartigen DNS-Resolver einschleusen. --------------------------------------------- http://www.heise.de/security/meldung/DNS-Server-BIND-PowerDNS-und-Unbound-d… *** The Penquin Turla - A Turla/Snake/Uroburos Malware for Linux *** --------------------------------------------- So far, every single Turla sample weve encountered was designed for the Microsoft Windows family, 32 and 64 bit operating systems. The newly discovered Turla sample is unusual in the fact that its the first Turla sample targeting the Linux operating system that we have discovered. --------------------------------------------- https://securelist.com/blog/research/67962/the-penquin-turla-2/ *** Setting Up Your Gadgets Securely *** --------------------------------------------- I'm sure that many of us will take home brand new iPhones and Android devices and set it up just the way we want our personal devices to be. We should take a minute to remember, however, that because these devices are so personal to us, the damage a hacked smartphone can do to is significant. Imagine what would happen if a hacker stole your personal data. We don't have to imagine, however, as this has happened to many users in 2014. At the very least, this is embarrassing to the user... --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/setting-up-your-… *** Social Engineering improvements keep Rogues/FakeAV a viable scam *** --------------------------------------------- The threat landscape has been accustomed to rogues for a while now. They've been rampant for the past few years and there likely isn't any end in sight to this scam. These aren't complex pieces of malware by any means and typically don't fool the average experienced user, but that's because they're aimed at the inexperienced user. We're going to take a look at some of the improvements seen recently in the latest round of FakeAVs that lead to their success. --------------------------------------------- http://www.webroot.com/blog/2014/12/05/social-engineering-improvements-keep… *** MediaWiki unspecified cross-site request forgery *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99151 *** MediaWiki unspecified code execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99152 *** [Xen-announce] Xen Security Advisory 114 (CVE-2014-9065, CVE-2014-9066) - p2m lock starvation *** --------------------------------------------- http://lists.xen.org/archives/html/xen-announce/2014-12/msg00001.html *** [TYPO3-announce] Announcing TYPO3 CMS 6.2.8 LTS *** --------------------------------------------- The TYPO3 Community has just released TYPO3 CMS version 6.2.8 LTS, which is now ready for you to download. This version is maintenance releases and contains bug fixes. The packages can be downloaded here: http://typo3.org/download/ --------------------------------------------- http://typo3.org/news/article/typo3-cms-628-released/ *** Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin) *** --------------------------------------------- It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting, Denial of Service and Local File Inclusion. --------------------------------------------- http://www.typo3.org/news/article/multiple-vulnerabilities-in-extension-php…

1 0

Tageszusammenfassung - Freitag 5-12-2014
by Daily end-of-shift report 05 Dec '14

05 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-12-2014 18:00 − Freitag 05-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** MS14-DEC - Microsoft Security Bulletin Advance Notification for December 2014 - Version: 1.0 *** --------------------------------------------- This is an advance notification of security bulletins that Microsoft is intending to release on December 9, 2014. This bulletin advance notification will be replaced with the December bulletin summary on December 9, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-DEC *** Missing Exchange Patch Expected Among December Patch Tuesday Bulletins *** --------------------------------------------- Microsofts December 2014 advanced Patch Tuesday notification includes three critical bulletins and a missing Exchange patch originally scheduled for November. --------------------------------------------- http://threatpost.com/missing-exchange-patch-expected-among-december-patch-… *** Details Emerge on Sony Wiper Malware Destover *** --------------------------------------------- Kaspersky Lab has published an analysis of Destover, the wiper malware used in the attacks against Sony Pictures Entertainment, and its similarities to Shamoon and DarkSeoul. --------------------------------------------- http://threatpost.com/details-emerge-on-sony-wiper-malware-destover/109727 *** Upcoming Security Updates for Adobe Reader and Acrobat (APSB14-28) *** --------------------------------------------- December 4, 2014 --------------------------------------------- http://blogs.adobe.com/psirt/?p=1147 *** Upcoming Adobe Reader, Acrobat Update to Patch Sandbox Escape *** --------------------------------------------- Adobe announced security updates for Reader and Acrobat that likely include patches for a sandbox escape vulnerability. Googles Project Zero released details and exploit code earlier this week. --------------------------------------------- http://threatpost.com/upcoming-adobe-reader-acrobat-update-to-patch-sandbox… *** Weekly Metasploit Wrapup: On Unicorns and Wizards *** --------------------------------------------- This week, we shipped a brand new exploit for the "unicorn" bug in Microsoft Internet Explorer, CVE-2014-6332, not-so-prosaically entitled, Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution. This is a big deal client-side vulnerability for the usual reason that Internet Explorer 11 accounts for about a quarter of browser traffic today; nearly always, remote code execution bugs in latest IE are usually particularly dangerous to leave unpatched in your environment. The buzz around this bug, though, is that it's been exploitable... --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/12/04/weekly-me… *** Schwachstelle: Yosemite schreibt Firefox-Eingaben mit *** --------------------------------------------- Unter Mac OS X 10.10 werden sämtliche Eingaben im Browser Firefox protokolliert. Mozilla spricht von einer schweren Schwachstelle, die in der aktuellen Version des Browsers geschlossen ist. Die Protokolldateien sind allgemein zugänglich und sollten gelöscht werden. --------------------------------------------- http://www.golem.de/news/schwachstelle-yosemite-schreibt-firefox-eingaben-m… *** Demo-Exploit für kritische Kerberos-Lücke in Windows Server *** --------------------------------------------- Höchste Zeit zu patchen: Mit dem Python Kerberos Exploitation Kit können sich Angreifer sonst zum Enterprise-Admin machen. --------------------------------------------- http://www.heise.de/security/meldung/Demo-Exploit-fuer-kritische-Kerberos-L… *** ZDI-14-403: (0Day) Microsoft Internet Explorer display:run-in Use-After-Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-403/ *** ZDI: (0Day) 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 multiple Vulnerabilities *** --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-393 http://www.zerodayinitiative.com/advisories/ZDI-14-394 http://www.zerodayinitiative.com/advisories/ZDI-14-395 http://www.zerodayinitiative.com/advisories/ZDI-14-396 http://www.zerodayinitiative.com/advisories/ZDI-14-397 *** DSA-3090 iceweasel - security update *** --------------------------------------------- Multiple security issues have been found in Iceweasel, Debians versionof the Mozilla Firefox web browser: Multiple memory safety errors, bufferoverflows, use-after-frees and other implementation errors may lead tothe execution of arbitrary code, the bypass of security restrictions ordenial of service. --------------------------------------------- https://www.debian.org/security/2014/dsa-3090 *** Security Advisory: libxml2 vulnerability CVE-2014-3660 *** --------------------------------------------- (SOL15872) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15872.htm… *** Novell Patches and Security Updates *** --------------------------------------------- https://download.novell.com/Download?buildid=gV_oiDtqRV0~ https://download.novell.com/Download?buildid=vPrLP1Ai9zY~ https://download.novell.com/Download?buildid=GuVaYIx6DDo~ https://download.novell.com/Download?buildid=lHQCbRDbSMI~ https://download.novell.com/Download?buildid=Tlic28DXD3o~ https://download.novell.com/Download?buildid=zhVqTr2nsdg~ *** MediaWiki Bugs Permit Cross-Site Request Forgery and API Code Injection Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1031301 *** Security Advisories for VMware vSphere *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0012.html http://www.vmware.com/security/advisories/VMSA-2014-0008.html http://www.vmware.com/security/advisories/VMSA-2014-0002.html *** HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Insight Remote Support Clients running SSLv3 which may impact WBEM, WS-MAN and WMI connections from monitored devices to a HP Insight Remote Support Central Management Server (CMS). --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… Next End-of-Shift report on 2014-12-09

1 0

Tageszusammenfassung - Donnerstag 4-12-2014
by Daily end-of-shift report 04 Dec '14

04 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-12-2014 18:00 − Donnerstag 04-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** An Analysis of the "Destructive" Malware Behind FBI Warnings *** --------------------------------------------- TrendLabs engineers were recently able to obtain a malware sample of the "destructive malware" described in reports about the Federal Bureau of Investigation (FBI) warning to U.S. businesses last December 2. According to Reuters, the FBI issued a warning to businesses to remain vigilant against this new "destructive" malware in the wake of the recent Sony Pictures... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ZsHCPcPYoQk/ *** Sony Got Hacked Hard: What We Know and Don't Know So Far *** --------------------------------------------- A week into the Sony hack, however, there is a lot of rampant speculation but few solid facts. Here's a look at what we do and don't know about what's turning out to be the biggest hack of the year. --------------------------------------------- http://feeds.wired.com/c/35185/f/661467/s/41179d61/sc/28/l/0L0Swired0N0C20A… *** Automating Incident data collection with Python, (Thu, Dec 4th) *** --------------------------------------------- One of my favorite Python modules isImpacketby the guys at Core Labs. Among other things it allows me to create Python scripts that can speak to Windows computers over SMB. I can use it to map network drives, kill processes on a remote machine and much more. During an incident having the ability to reach out to allthe machines in your environment to list or kill processes is very useful. Python andImpacketmake this very easy. Check it out. After installing Impacketall of the awesome modules are... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19025&rss *** Escaping the Internet Explorer Sandbox: Analyzing CVE-2014-6349 *** --------------------------------------------- Applications that have been frequently targeted by exploits frequently add sandboxes to their features in order to harden their defenses against these attacks. To carry out a successful exploit, an attacker will have to breach these sandboxes to run malicious code. As a result, researchers will pay particular attention to exploits that are able to... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OnnBY6zHrlw/ *** Android Hacking and Security, Part 15: Hacking Android Apps Using Backup Techniques *** --------------------------------------------- In the previous article, we had an introduction on how to analyze Android application specific data using Android backup techniques. This article builds on the previous article. We are going to see how local data storage or basic checks that are performed on a local device can be exploited on... --------------------------------------------- http://resources.infosecinstitute.com/android-hacking-security-part-15-hack… *** WebSocket Security Issues *** --------------------------------------------- Overview In this article, we will dive into the concept of WebSocket introduced in HTML 5, security issues around the WebSocket model, and the best practices that should be adopted to address security issues around WebSocket. Before going straight to security, let's refresh our concepts on WebSocket. Why Websocket and... --------------------------------------------- http://resources.infosecinstitute.com/websocket-security-issues/ *** Avoiding Mod Security False Positives with White-listing *** --------------------------------------------- We have already discussed in my previous articles how to configure Mod Security Firewall with OWASP rules and also analysed the different types of logs which Mod Security generates. While analysing the logs, we have seen that the OWASP rules generate a lot of false positive results, as these rules [...]The post Avoiding Mod Security False Positives with White-listing appeared first on InfoSec Institute. --------------------------------------------- http://resources.infosecinstitute.com/avoiding-mod-security-false-positives… *** Apple veröffentlicht Updates für Safari-Browser - und zieht sie wieder zurück *** --------------------------------------------- Laut Apple soll Safari 8.0.1 unter anderem Fehler im Zusammenhang mit iCloud-Diensten beheben. Gleichzeitig wurden Safari 6.2.1 und 7.1.1 für ältere OS-X-Versionen veröffentlicht. Apple hat die Updates allerdings kommentarlos offline genommen. --------------------------------------------- http://www.heise.de/security/meldung/Apple-veroeffentlicht-Updates-fuer-Saf… *** Quantum Attack on Public-Key Algorithm *** --------------------------------------------- This talk (and paper) describe a lattice-based public-key algorithm called Soliloquy developed by GCHQ, and a quantum-computer attack on it. News article.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/12/quantum_attack_.html *** The TYPO3 community publishes TYPO3 CMS 7.0 *** --------------------------------------------- Following our new release cycle, TYPO3 CMS 7.0 is the first sprint release on our way towards the final 7 LTS which will be released in fall 2015. 7.0 will not receive regular bugfix releases, an upgrade to 7.1 should be installed after its release in around 8 weeks instead - see our roadmap for more details. --------------------------------------------- https://typo3.org/news/article/the-typo3-community-publishes-typo3-cms-70-a… *** Cisco Unified Computing System (UCS) Manager Information Disclosure Vulnerability *** --------------------------------------------- CVE-2014-8009 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** SA-CONTRIB-2014-117 - Hierarchical Select - Cross Site Scripting (XSS) *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-117Project: Hierarchical Select (third-party module)Version: 6.xDate: 2014-December-03Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:All/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingDescriptionThe Hierarchical Select module provides a "hierarchical_select" form element, which is a greatly enhanced way for letting the user select items in a taxonomy. The module does not sanitize some of the user-supplied data... --------------------------------------------- https://www.drupal.org/node/2386615 *** SA-CONTRIB-2014-116 -Webform Invitation - Cross Site Scripting *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-116Project: Webform Invitation (third-party module)Version: 7.xDate: 2014-December-03Security risk: 8/25 ( Less Critical) AC:Basic/A:User/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionThis module enables you to create custom invitation codes for Webforms.The module failed to sanitize node titles.This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Webform: Create new... --------------------------------------------- https://www.drupal.org/node/2386387 *** Security Advisory - High Severity - WordPress Download Manager *** --------------------------------------------- Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote File Inclusion Risk Version: Read More --------------------------------------------- http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-do… *** Security Advisory-DLL Hijacking Vulnerability on Huawei USB Modem products *** --------------------------------------------- Dec 04, 2014 18:26 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** DSA-3086 tcpdump - security update *** --------------------------------------------- Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service, leaking sensitive information from memory or, potentially, execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2014/dsa-3086 *** DSA-3089 jasper - security update *** --------------------------------------------- Josh Duart of the Google Security Team discovered heap-based bufferoverflow flaws in JasPer, a library for manipulating JPEG-2000 files,which could lead to denial of service (application crash) or theexecution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2014/dsa-3089 *** DSA-3088 qemu-kvm - security update *** --------------------------------------------- Paolo Bonzini of Red Hat discovered that the blit region checks wereinsufficient in the Cirrus VGA emulator in qemu-kvm, a fullvirtualization solution on x86 hardware. A privileged guest user coulduse this flaw to write into qemu address space on the host, potentiallyescalating their privileges to those of the qemu host process. --------------------------------------------- https://www.debian.org/security/2014/dsa-3088 *** DSA-3087 qemu - security update *** --------------------------------------------- Paolo Bonzini of Red Hat discovered that the blit region checks wereinsufficient in the Cirrus VGA emulator in qemu, a fast processoremulator. A privileged guest user could use this flaw to write into qemuaddress space on the host, potentially escalating their privileges tothose of the qemu host process. --------------------------------------------- https://www.debian.org/security/2014/dsa-3087 *** GNU cpio Heap Overflow in process_copy_in() Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031285

1 0

Tageszusammenfassung - Mittwoch 3-12-2014
by Daily end-of-shift report 03 Dec '14

03 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-12-2014 18:00 − Mittwoch 03-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Shodan Add-on for Firefox *** --------------------------------------------- It's now possible to see what information Shodan has available on a server from within Firefox thanks to the new Shodan add-on created by @PaulWebSec and @romainletendart! It's a minimalistic yet powerful add-on to see what the website you're visiting is exposing to the Internet. And the add-on will also tell you other information about the IP,... --------------------------------------------- http://shodanio.wordpress.com/2014/12/02/shodan-add-on-for-firefox/ *** Böse Schlüssel werden zum Problem für GnuPG *** --------------------------------------------- Ein Forscherteam hat demonstriert, wie einfach sich die IDs zu GnuPG-Schlüsseln fälschen lassen und kurzerhand böse Duplikate des kompletten Strong-Sets erzeugt. Das umfasst rund 50.000 besonders eng vernetzte und vertrauenswürdige Schlüssel. --------------------------------------------- http://www.heise.de/security/meldung/Boese-Schluessel-werden-zum-Problem-fu… *** IBM Fixes Serious Code Execution Bug in Endpoint Manager Product *** --------------------------------------------- IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered it said the bug could be used to compromise not... --------------------------------------------- http://threatpost.com/ibm-fixes-serious-code-execution-bug-in-endpoint-mana… *** An interesting case of the CVE-2014-8439 exploit *** --------------------------------------------- We have recently seen an exploit targeting the Adobe Flash Player vulnerability CVE-2014-8439 (we detect it as Exploit:SWF/Axpergle). This exploit is being integrated into multiple exploit kits, including the Nuclear exploit kit (Exploit:JS/Neclu) and the Angler exploit kit (Exploit:JS/Axpergle). Adobe released a patch in November to address this exploit (APSB14-26). Coincidentally, our investigation shows that Adobe released a patch to address a different exploit and that patch appears to... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/12/02/an-interesting-case-of-t… *** Keeping Your Website Safe From WordPress's XSS Vulnerability *** --------------------------------------------- Last month, a Finnish IT company by the name of Klikki Oy identified a critical vulnerability in WordPress - one which has been present in the platform for approximately four years. It allows attackers to enter comments which include malicious JavaScript. Once the script in these comments is executed, the attacker could then do anything from infecting the PCs of visitors to completely hijacking the website; locking the original administrator out of their account. --------------------------------------------- http://www.ahosting.net/blog/keeping-your-website-safe-from-wordpresss-xss-… *** A Physical Security Policy Can Save Your Company Thousands of Dollars *** --------------------------------------------- Investments in cybersecurity and physical security are proportionally connected to your organization's improved financial picture for a long-term perspective. Our digital lives are getting smaller as technology simplifies our communications, but cyber attacks are also prevalent. While the Internet radically changes the way organizations operate globally, from handling sensitive data to offshore outsourcing of IT architecture, the payoffs of security are significant and can't be... --------------------------------------------- http://resources.infosecinstitute.com/physical-security-policy-can-save-com… *** Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment *** --------------------------------------------- The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test. --------------------------------------------- http://hack-tools.blackploit.com/2014/12/samurai-web-testing-framework-30-l… *** New LusyPOS malware is a cross between Dexter and Chewbacca *** --------------------------------------------- A new piece of Point-of-Sale RAM scraping malware has been submitted to VirusTotal and analyzed by researchers, who found that its a cross between two older and different POS malware families and is offered for sale on underground markets for $2,000. --------------------------------------------- http://www.net-security.org/malware_news.php?id=2926 *** The Future of Auditory Surveillance *** --------------------------------------------- Interesting essay on the future of speech recognition, microphone miniaturization, and the future ubiquity of auditory surveillance.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/12/the_future_of_a.html *** DSA-3084 openvpn *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3084 *** Bugtraq: ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/534135 *** Bugtraq: ESA-2014-160: RSA Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/534136 *** F5 Security Advisories *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/100/sol15147.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/100/sol15158.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/300/sol15329.htm… *** Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-14-329-02 Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published November 25, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for two vulnerabilities within products utilizing the Siemens WinCC application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-14-329-02A *** Elipse SCADA DNP3 Denial of Service *** --------------------------------------------- Independent researchers Adam Crain and Chris Sistrunk have identified a DNP3 denial of service vulnerability in the Elipse SCADA application. Elipse has produced a new version of the DNP3 driver that mitigates this vulnerability. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-14-303-02 *** Emerson ROC800 Multiple Vulnerabilities (Update A) *** --------------------------------------------- This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson Process Management's ROC800 remote terminal units (RTUs) products (ROC800, ROC800L, and DL8000). --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A *** Yokogawa CENTUM and Exaopc Vulnerability (Update A) *** --------------------------------------------- Tod Beardsley of Rapid7 Inc. and Jim Denaro of CipherLaw have identified an authentication vulnerability and released proof-of-concept (exploit) code for the Yokogawa CENTUM CS 3000 series and Exaopc products. JPCERT and Yokogawa have mitigated this vulnerability. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A *** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_powerkvm_2_issues… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Dienstag 2-12-2014
by Daily end-of-shift report 02 Dec '14

02 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 01-12-2014 18:00 − Dienstag 02-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Researcher Releases Database of Known-Good ICS and SCADA Files *** --------------------------------------------- A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones. The database, known as WhiteScope, comprises nearly 350,000 files, including executables and DLLs,... --------------------------------------------- http://threatpost.com/researcher-releases-database-of-known-good-ics-and-sc… *** CVE-2014-1824 - A New Windows Fuzzing Target *** --------------------------------------------- As time progresses, due to constant fuzzing and auditing many common Microsoft products are becoming reasonably hard targets to fuzz and find interesting crashes. There are two solutions to this: write a better fuzzer (http://lcamtuf.coredump.cx/afl/) or pick a less audited target. In a search for less audited attack surface, we are brought to MS14-038, Vulnerability... --------------------------------------------- http://blog.beyondtrust.com/cve-2014-1824-searching-for-windows-attack-surf… *** Kritische Lücke legt OpenVPN-Server lahm *** --------------------------------------------- Wer einen OpenVPN-Server betreibt, sollte diesen umgehend auf den aktuellen Stand bringen. Durch eine Schwachstelle können Angreifer dessen Erreichbarkeit erheblich beeinträchtigen. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Luecke-legt-OpenVPN-Server-l… *** Operation DeathClick *** --------------------------------------------- The era of spear phishing and the waterhole attack, which uses social engineering, has come to an end. Hackers are now moving their tricky brains towards targeted Malvertising - a type of attack that uses online advertising to spread malware. A recent campaign termed "Operation death click" displays a new form of cyber-attack focused on specific targets. The attack is also defined as micro targeted malvertising. In this newly targeted variation of malvertising, the hackers are --------------------------------------------- http://resources.infosecinstitute.com/operation-deathclick/ *** 3Q 2014 Security Roundup: Vulnerabilities Under Attack *** --------------------------------------------- Our report on the threats seen in 3Q 2014 shows us that once again, software vulnerabilities are the most favored cybercriminal targets. Following the second quarter's infamous Heartbleed vulnerability came another serious vulnerability in open-source software: Shellshock. Having gone unnoticed for years, the Shellshock incident suggests that there might be more vulnerabilities in Bash or in... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4qiLKTUdqhM/ *** Betrügerische E-Mails im Namen des Finanzministeriums in Umlauf *** --------------------------------------------- Täuschend echte Phishing-Masken in Design von FinanzOnline --------------------------------------------- http://derstandard.at/2000008913504 *** JSA10607 - 2014-01 Security Bulletin: Junos: Memory-consumption DoS attack possible when xnm-ssl or xnm-clear-text service enabled (CVE-2014-0613) *** --------------------------------------------- Product Affected: This issue can affect any product or platform running Junos OS. Problem: When xnm-ssl or xnm-clear-text is enabled within the [edit system services] hierarchy level of the Junos configuration, an unauthenticated, remote user could exploit the XNM command processor to consume excessive amounts of memory. This, in turn, could lead to system instability or other performance issues. --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10607 *** Security advisory - High severity - InfiniteWP Client WordPress plugin *** --------------------------------------------- Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation and potential Object Injection vulnerability. Patched Version: 1.3.8 If you're using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of our Website FirewallRead More --------------------------------------------- http://blog.sucuri.net/2014/12/security-advisory-high-severity-infinitewp-c… *** Security Bulletin: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management (CVE-2014-6140) *** --------------------------------------------- A vulnerability exists in IBM Endpoint Manager Mobile Device Management component, where an attacker could misuse cookies to execute arbitrary code. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21691701 *** Security Advisory: PHP vulnerability CVE-2013-2110 *** --------------------------------------------- (SOL15876) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15876.htm… *** Security Advisory: SOAP parser vulnerability CVE-2013-1824 *** --------------------------------------------- (SOL15879) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15879.htm… *** Yokogawa FAST/TOOLS XML information disclosure *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99018 *** EntryPass N5200 Credential Disclosure *** --------------------------------------------- Topic: EntryPass N5200 Credential Disclosure Risk: Low Text:Advisory: EntryPass N5200 Credentials Disclosure EntryPass N5200 Active Network Control Panels allow the unauthenticated do... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120010 *** 1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting *** --------------------------------------------- Topic: 1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting Risk: Low Text: # # # SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security # # # # CVE ID: ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120009 *** Security Advisory-Multiple Vulnerabilities on Huawei P2 product *** --------------------------------------------- Dec 02, 2014 15:22 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…

1 0

Tageszusammenfassung - Montag 1-12-2014
by Daily end-of-shift report 01 Dec '14

01 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 28-11-2014 18:00 − Montag 01-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** [Update] (Keine) Sicherheitsheitslücke in Ciscos H.264-Modul für Firefox *** --------------------------------------------- Cisco hat eine Sicherheitswarnung wegen seines jüngst für Firefox bereitgestellten Video-Codecs herausgegeben. [update]Allerdings soll dies nicht die im aktuellen Webbrowser verwendete Version betreffen.[/update] --------------------------------------------- http://www.heise.de/security/meldung/Update-Keine-Sicherheitsheitsluecke-in… *** EVIL researchers dupe EVERY 32 bit GPG print *** --------------------------------------------- Keys fall in four seconds Researchers have found collision attacks for 32 bit GPG keys leaving the superseded technology well and truly dead. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/12/01/evil_resear… *** Critical denial of service vulnerability in OpenVPN servers *** --------------------------------------------- A critical denial of service security vulnerability affecting OpenVPN servers was recently brought to our attention. A fixed version of OpenVPN (2.3.6) will be released today/tomorrow (1st Dec 2014) at around 18:00 UTC. --------------------------------------------- https://forums.openvpn.net/topic17625.html *** FIN4: Stealing Insider Information for an Advantage in Stock Trading? *** --------------------------------------------- FireEye tracks a threat group that we call “FIN4,” whose intrusions seem to have a different objective: to obtain an edge in stock trading. FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies. The group specifically targets the emails of C-level executives, legal counsel, regulatory, risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information. --------------------------------------------- https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.ht… *** ENISA survey: New Directions in securing personal Data *** --------------------------------------------- Under the growing interest in the areas of personal data protection and cryptography, ENISA has launched a project with the objective to detect the existing technological gaps in the fields. --------------------------------------------- http://www.enisa.europa.eu/media/news-items/enisa-survey-new-directions-in-… *** Flushing out the Crypto Rats - Finding "Bad Encryption" on your Network, (Mon, Dec 1st) *** --------------------------------------------- Just when folks get around to implementing SSL, we need to retire SSL! Not a week goes buy that a client isnt asking me about SSL (or more usually TLS) vulnerabilities or finding issue son their network. In a recent case, my client had just finished a datacenter / PCI audit, and had one of his servers come up as using SSL 2.0, which of course has been deprecated since 1996 - the auditors recommendation was to update to SSL 3.0 (bad recommendation, keep reading on). When he then updated to SSL... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19009&rss *** AGbot DDoS Attacks Internet VNC Servers *** --------------------------------------------- Last week, our FortiGuard Labs Threat Intelligence system was able to capture a DDoS attack targeting internet VNC servers. The attack was raised by a brand new IrcBot, which we are detecting as W32/AGbot.AB!tr. Let's now dig into the details of this attack. --------------------------------------------- http://blog.fortinet.com/post/agbot-ddos-attacks-internet-vnc-servers *** Researchers identify POS malware targeting ticket machines, electronic kiosks *** --------------------------------------------- Electronic kiosks and ticketing systems are being targeted by a new type of point-of-sale (POS) threat known as "d4re|dev1|," which acts as an advanced backdoor with remote administration and has RAM scraping and keylogging features, according to IntelCrawler. --------------------------------------------- http://www.scmagazine.com/researchers-identify-pos-malware-targeting-ticket… *** Early version of new POS malware family spotted *** --------------------------------------------- A security researcher came across what appears to be a new family of point-of-sale malware that few antivirus programs were detecting. Nick Hoffman, a reverse engineer, wrote the Getmypass malware shares traits that are similar to other so-called RAM scrapers, which collect unencrypted payment card data held in a payment system's memory. --------------------------------------------- http://www.cio.com/article/2853274/early-version-of-new-pos-malware-family-… *** Sandbox Escape Bug in Adobe Reader Disclosed *** --------------------------------------------- Details and exploit code for a vulnerability in Adobe Reader have surfaced and the bug can be used to break out of the Reader sandbox and execute arbitrary code. The bug was discovered earlier this year by a member of Google's Project Zero and reported to Adobe, which made a change to Reader that made it... --------------------------------------------- http://threatpost.com/sandbox-escape-bug-in-adobe-reader-disclosed/109637 *** Using Shodan from the Command-Line *** --------------------------------------------- Have you ever needed to write a quick script to download data from Shodan? Or setup a cronjob to check what Shodan found on your network recently? How about getting a list of IPs out of the Shodan API? For the times where you'd like to have easy script-friendly access to Shodan there's now a new command-line tool appropriately called shodan. --------------------------------------------- http://shodanio.wordpress.com/2014/12/01/using-shodan-from-the-command-line/ *** l+f: Türsteuerung mit Hintertür *** --------------------------------------------- Beim Türsteuerungsmodul Entrypass N5200 ist der Name Programm: Rein kommt jeder - zumindest wenn er nicht durch die Tür sondern übers Netz kommt. --------------------------------------------- http://www.heise.de/security/meldung/l-f-Tuersteuerung-mit-Hintertuer-24700… *** Dridex Phishing Campaign uses Malicious Word Documents, (Mon, Dec 1st) *** --------------------------------------------- This is a guest diary submitted by Brad Duncan. During the past few months, Botnet-based campaigns have sent waves of phishing emails associated with Dridex. Today, well examine a wave that occurred approximately 3 weeks ago. The emails contained malicious Word documents, and with macros enabled, these documents infected Windows computers with Dridex malware. Various people have posted about Dridex [1] [2], and some sites like Dynamoos blog [3] and TechHelpList [4] often report on these and --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19011&rss *** Malware: Gefälschte Telekom-Rechnungen mit vollständigen Kundennamen *** --------------------------------------------- Die seit November 2014 kursierenden Mails mit Malware in Form von Dateianhängen an vermeintlichen Rechnungen der Telekom haben eine neue Qualität erreicht. Die Empfänger werden darin nun mit ihrem Vor- und Nachnamen angesprochen. --------------------------------------------- http://www.golem.de/news/malware-gefaelschte-telekom-rechnungen-mit-vollsta… *** Clubbing Seals - Exploring the Ecosystem of Third-party Security Seals *** --------------------------------------------- Is this website secure? Well, it just contains statically generated content and holds no personal information, so most likely it is. But how would you be able to tell whether it actually is secure? This problem is exactly what security seal providers are trying to tackle. These seal providers offer a service which allows website owners to show their customers that their website is secure, and therefore safe to use. This works as follows:... --------------------------------------------- https://vagosec.org/2014/11/clubbing-seals/ *** Raiffeisen warnt vor Trojaner beim Online-Banking *** --------------------------------------------- Keine "Test-Überweisungen" durchführen --------------------------------------------- http://derstandard.at/2000008856256 *** DSA-3081 libvncserver *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3081 *** DSA-3080 openjdk-7 *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3080 *** DSA-3083 mutt *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3083 *** DSA-3082 flac *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3082 *** Security Notice-Statement on Multiple Vulnerabilities in Huawei P2 Smartphone *** --------------------------------------------- Nov 29, 2014 17:47 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** Vuln: LibYAML and Perl YAML-LibYAML Module scanner.c Remote Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/71349 *** Bugtraq: CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 *** --------------------------------------------- http://www.securityfocus.com/archive/1/534124

1 0

Tageszusammenfassung - Freitag 28-11-2014
by Daily end-of-shift report 28 Nov '14

28 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-11-2014 18:00 − Freitag 28-11-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Syrian Electronic Army attack leads to malvertising, (Thu, Nov 27th) *** --------------------------------------------- A number of online services were impacted by what has been referred to by multiple sources as a redirection attack by Syrian Electronic Army (SEA) emanating from the Gigya CDN. Gigya explained the issue as follows: Gigya explained that earlier today at 06:45 EST, it noticed sporadic failures with access to our service. The organization than found a breach at its domain registrar, with the hackers modifying DNS entries and pointing them away from Gigyas CDN domain, instead redirecting to their... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19001&rss *** Worlds best threat detection pwned by HOBBIT *** --------------------------------------------- Forget nation-states, BAB0 is the stuff of savvy crims Some of the worlds best threat detection platforms have been bypassed by custom malware in a demonstration of the fallibility of single defence security. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/11/28/malware_cru… *** ENISA publishes the first framework on how to evaluate National Cyber Security Strategies *** --------------------------------------------- ENISA issues today an Evaluation Framework on National Cyber Security Strategies (NCSS) addressed to policy experts and government officials who design, implement and evaluate an NCSS policy. This work is strongly aligned with the EU Cyber Security Strategy (EU CSS) and aims to assist Member States in developing capabilities in the area of NCSS. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/enisa-publishes-the-first-f… *** CryptoPHP: Hinterlistiger Schadcode hat zehntausende Server infiziert *** --------------------------------------------- Der Schädling versteckt sich in raubkopierten Themes und Plug-ins für die Content-Management-Systeme Drupal, WordPress und Joomla. Einmal infiziert, wird der Server Teil eines Botnetzes, das Such-Rankings manipuliert. Zum Schaden der eigenen Seite. --------------------------------------------- http://www.heise.de/newsticker/meldung/CryptoPHP-Hinterlistiger-Schadcode-h… *** Kritische Updates für Siemens-Industriesteuerungen *** --------------------------------------------- Ein Update soll kritisches Sicherheitslücken in der Software Simatic WinCC schließen, die als Kontrollzentrum für die Überwachung und Steuerung industrieller Anlagen zum Einsatz kommt. Allerdings gibt es das Update noch nicht für alle Versionen. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Updates-fuer-Siemens-Industr… *** Economic Failures of HTTPS Encryption *** --------------------------------------------- Interesting paper: "Security Collapse of the HTTPS Market." From the conclusion: Recent breaches at CAs have exposed several systemic vulnerabilities and market failures inherent in the current HTTPS authentication model: the security of the entire ecosystem suffers if any of the hundreds of CAs is compromised (weakest link); browsers are unable to revoke trust in major CAs ("too big to... --------------------------------------------- https://www.schneier.com/blog/archives/2014/11/economic_failur.html *** Fehler in H.264-Plugin könnte Firefox-Nutzer betreffen *** --------------------------------------------- [...] In dem dazugehörigen Bugreport bei Mozilla schreibt der Cisco-Angestellte Ethan Hugg, dass der Fehler in keiner Version des bisher für Firefox bereitgestellten OpenH.264-Moduls vorhanden ist. Noch führen die Mozilla-Hacker den Fehler allerdings nicht als offiziell behoben. Nachtrag vom 28. November 2014, 13:10 Uhr Laut Cisco sind Firefox-Nutzer nicht betroffen, wir haben den Artikel entsprechend angepasst. --------------------------------------------- http://www.golem.de/news/cisco-fehler-in-h-264-plugin-betrifft-alle-firefox… *** Bugtraq: Defense in depth -- the Microsoft way (part 22): no DEP in Windows filesystem (and ASLR barely used) *** --------------------------------------------- http://www.securityfocus.com/archive/1/534109

1 0

Tageszusammenfassung - Donnerstag 27-11-2014
by Daily end-of-shift report 27 Nov '14

27 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 26-11-2014 18:00 − Donnerstag 27-11-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** New anti-APT tools are no silver bullets: An independent test of APT attack detection appliances *** --------------------------------------------- New anti-APT tools are no silver bullets: An independent test of APT attack detection appliances CrySyS Lab, BME http://www.crysys.hu/ MRG-Effitas https://www.mrg-effitas.com/ November 26, 2014. The term Advanced Persistent Threat (APT) refers to a potential attacker that has the capability and the intent to carry out advanced attacks against specific high profile targets in order to [...] --------------------------------------------- http://blog.crysys.hu/2014/11/new-anti-apt-tools-are-no-silver-bullets-an-i… *** Adobe Reader sandbox popped says Google researcher *** --------------------------------------------- Yet another reason to make sure youve patched promptly and properly The Acrobat Reader Windows sandbox contains a vulnerability that could allow attackers to break out and gain higher privileges, Google security bod James Forshaw claims. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/11/27/adobe_reade… *** Crunch - Password Cracking Wordlist Generator *** --------------------------------------------- Features: crunch generates wordlists in both combination and permutation ways it can breakup output by number of lines or file size * now has resume support * pattern now supports number and symbols * pattern now supports upper and lower case characters separately * adds a status report when generating multiple files * new -l option for literal support of @,%^ * new -d option to limit duplicate characters see man file for details * now has unicode support... --------------------------------------------- http://hack-tools.blackploit.com/2014/11/crunch-password-cracking-wordlist.… *** SEC Risk Factors: How To Determine The Business Value Of Your Data To A Foreign Government *** --------------------------------------------- This white paper will explore where the SEC is headed on this issue and propose a novel solution that's both specific to the company and avoids the potential danger of revealing too much information about company vulnerabilities - the ability to verifiably assess the value of your intellectual property (IP) to a rival Nation State by establishing its Target Asset Value™. --------------------------------------------- http://jeffreycarr.blogspot.co.uk/2014/11/sec-risk-factors-how-to-determine… *** Factsheet HTTPS could be a lot more secure *** --------------------------------------------- HTTPS is a frequently used protocol for protecting web traffic against parties setting out to eavesdrop on or manipulate the traffic. Configuring HTTPS requires precision: there are many options, and by no means all of them are secure. --------------------------------------------- https://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/fac… *** Cisco: Fehler in H.264-Plugin betrifft alle Firefox-Nutzer *** --------------------------------------------- Ein Fehler in der Speicherverwaltung des H.264-Plugins betrifft potentiell alle Firefox-Nutzer, da Mozilla dieses zwangsweise installiert. Besonders schwerwiegend ist der Fehler zwar nicht, er offenbart aber ein Problem in der Zusammenarbeit mit Cisco. --------------------------------------------- http://www.golem.de/news/cisco-fehler-in-h-264-plugin-betrifft-alle-firefox… *** l+f: Nur zwei Tage vom Patch zum Exploit-Kit *** --------------------------------------------- Der Zeitraum zwischen der Bekanntgabe einer Lücke durch einen Patch und deren aktiver Ausnutzung wird immer kürzer. --------------------------------------------- http://www.heise.de/security/meldung/l-f-Nur-zwei-Tage-vom-Patch-zum-Exploi… *** Meta-Hack stört hunderte Medien-Webseiten *** --------------------------------------------- Auf hunderten großer Webseiten erschien am Donnerstag die Meldung "You have been hacked". Ursache war eine eingebettete Kommentarfunktion von Gigya. --------------------------------------------- http://www.heise.de/security/meldung/Meta-Hack-stoert-hunderte-Medien-Webse… *** TYPO3 CMS 4.5.38 and 6.2.7 released *** --------------------------------------------- The TYPO3 Community announces the versions 4.5.38 LTS and 6.2.7 LTS of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes. --------------------------------------------- https://typo3.org/news/article/typo3-cms-4538-and-627-released/ *** TYPO3-EXT-SA-2014-017: Improper Access Control in WebDav for filemounts (webdav) *** --------------------------------------------- It has been discovered that the extension "WebDav for filemounts" (webdav) is susceptible to Improper Access Control. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 2.0.0 Vulnerability Type: Improper Access Control Severity: Medium Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:H/RL:OF/RC:C --------------------------------------------- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… *** DSA-3077 openjdk-6 *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3077 *** Cisco ASA SSL VPN Memory Consumption Error Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031269 *** Mutt Buffer Overflow in mutt_substrdup() Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031266 *** Xen Security Advisory 112 (CVE-2014-8867) - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor *** --------------------------------------------- Acceleration support for the "REP MOVS" instruction, when the first iteration accesses memory mapped I/O emulated internally in the hypervisor, incorrectly assumes that the whole range accessed is handled by the same hypervisor sub-component. Impact: A buggy or malicious HVM guest can crash the host. Mitigation: Running only PV guests will avoid this issue. There is no mitigation available for HVM guests. Resolution: Applying the appropriate attached patch resolves this issue. --------------------------------------------- http://lists.xen.org/archives/html/xen-announce/2014-11/msg00006.html *** Xen Security Advisory 111 (CVE-2014-8866) - Excessive checking in compatibility mode hypercall argument translation *** --------------------------------------------- Impact: A buggy or malicious HVM guest can crash the host. Mitigation: Running only PV guests will avoid this issue. There is no mitigation available for HVM guests on any version of Xen so far released by xenproject.org. Resolution: Applying the appropriate attached patch resolves this issue. --------------------------------------------- http://lists.xen.org/archives/html/xen-announce/2014-11/msg00005.html *** F5 Security Advisories *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15877.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15875.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15881.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15868.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15885.htm…

1 0

Tageszusammenfassung - Mittwoch 26-11-2014
by Daily end-of-shift report 26 Nov '14

26 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 25-11-2014 18:00 − Mittwoch 26-11-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Security updates available for Adobe Flash Player (APSB14-26) *** --------------------------------------------- A Security Bulletin (APSB14-26) has been published regarding security updates for Adobe Flash Player. These updates address a critical vulnerability, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin. --------------------------------------------- http://blogs.adobe.com/psirt/?p=1144 *** Brain Science and Browser Warnings *** --------------------------------------------- Computer users will click through browser warnings and security alerts in order to complete a task, but once theyre hacked, their behaviors change, a recent BYU study learned. --------------------------------------------- http://threatpost.com/brain-science-and-browser-warnings/109615 *** Multiple vulnerabilities in ARRIS VAP2500 *** --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-389/ http://www.zerodayinitiative.com/advisories/ZDI-14-388/ http://www.zerodayinitiative.com/advisories/ZDI-14-387/ *** DSA-3076 wireshark *** --------------------------------------------- Multiple vulnerabilities were discovered in the dissectors/parsers for SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of service. --------------------------------------------- http://www.debian.org/security/2014/dsa-3076 *** ModSecurity Advanced Topic of the Week: Detecting Malware with Fuzzy Hashing *** --------------------------------------------- In the most recent release of ModSecurity v2.9.0-RC1, we introduced a new operator called @fuzzyHash which uses functionality from the ssdeep tool. This blog post will demonstrate a powerful use-case with ModSecurity which is identifying .. --------------------------------------------- http://blog.spiderlabs.com/2014/11/modsecurity-advanced-topic-of-the-week-d… *** Google Doc Embedder plugin for WordPress google-document-embedder\view.php SQL injection *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98944 *** VB2014 paper: Labelling spam through the analysis of protocol patterns *** --------------------------------------------- What do your IP packet sizes say about whether youre a spammer?Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added Labelling spam through the analysis .. --------------------------------------------- http://www.virusbtn.com/blog/2014/11_26.xml *** Typos Can have a Bigger Impact Than Expected *** --------------------------------------------- Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website. Do you think there's a risk in that? You may have seen the Grammar Police all over your comments .. --------------------------------------------- http://blog.sucuri.net/2014/11/typos-can-have-a-bigger-impact-than-expected… *** Black Friday and Cyber Monday - 4 Scams To Watch Out For While Shopping *** --------------------------------------------- Holiday Shopping season is really an excited time for both shoppers and retailers, but unfortunately its a good time for cyber criminals and scammers as well. With Black Friday .. --------------------------------------------- http://thehackernews.com/2014/11/black-friday-and-cyber-monday-4-scams_26.h… *** Mängel beim Selbstschutz von Antiviren-Software *** --------------------------------------------- Nur 2 von 32 getesteten Antivirus-Produkten setzen eigentlich selbstverständliche Schutztechniken wie DLP und ASLR auch wirklich konsequent ein, stellte das deutsche Testlabor AV-Test fest. --------------------------------------------- http://www.heise.de/security/meldung/Maengel-beim-Selbstschutz-von-Antivire… *** CryptoPHP a week later: more than 23.000 sites affected *** --------------------------------------------- On November 20th we published our report on CryptoPHP. Since publishing we have, together with other parties, been busy dealing with the affected servers and taking down the CryptoPHP infrastructure. Sinkhole .. --------------------------------------------- http://blog.fox-it.com/2014/11/26/cryptophp-a-week-later-more-than-23-000-s… *** MatrikonOPC for DNP Unhandled C++ Exception *** --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-329-01 *** Siemens SIMANTIC WinCC, PCS7, and TIA Portal Vulnerabilities *** --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-329-02 *** Hintergrund: Schwachstellen-Scanner für Web-Applikationen *** --------------------------------------------- Ein guter Überblick präsentiert 16 Open-Source-Scanner für Web-Applikationen, die Lücken von XSS bis hin zu SQL-Injection aufspüren. --------------------------------------------- http://www.heise.de/security/artikel/Schwachstellen-Scanner-fuer-Web-Applik…

1 0

Tageszusammenfassung - Dienstag 25-11-2014
by Daily end-of-shift report 25 Nov '14

25 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 24-11-2014 18:00 − Dienstag 25-11-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Remote Code Execution in Popular Hikvision Surveillance DVR *** --------------------------------------------- A number Hikvision digital video recorders contain vulnerabilities that an attacker could remotely exploit in order to gain full control of those devices. --------------------------------------------- http://threatpost.com/remote-code-execution-in-popular-hikvision-surveillan… *** Multiple Dell SonicWALL products code execution *** --------------------------------------------- Multiple Dell SonicWALL products could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the failure to validate user data prior to executing a command in the GMS ViewPoint .. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98911 *** Obfuscated Flash Files Make Their Mark in Exploit Kits *** --------------------------------------------- In recent years, we noticed that more and more malicious Adobe Flash (.SWF) files are being incorporated into exploit kits like the Magnitude Exploit Kit, the Angler Exploit Kit, and the Sweet Orange Exploit Kit. However, we did some more .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-flash-… *** The Other Side of Masque Attacks: Data Encryption Not Found in iOS Apps *** --------------------------------------------- Based on our research into the iOS threat Masque Attacks announced last week, Trend Micro researchers have found a new way that malicious apps installed through successful Masque Attacks can pose a threat to iOS devices: by accessing unencrypted data used by legitimate apps. According to reports, .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/the-other-side-o… *** Docker docker pull privilege escalation *** --------------------------------------------- Docker could allow a remote attacker to gain elevated privileges on the system, caused by an error in the docker pull and the docker load operations. An attacker could exploit this vulnerability to gain elevated privileges on the system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98924 *** Docker image privilege escalation *** --------------------------------------------- Docker could allow a remote attacker to gain elevated privileges on the system, caused by the ability to modify the default run profile of containers by images. attacker could exploit this vulnerability to gain elevated privileges on the system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98925 *** WordPress wpDataTables 1.5.3 SQL Injection *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014110163 *** WordPress wpDataTables 1.5.3 Shell Upload *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014110162 *** [oCERT 2014-008] heap overflow, remote code execution in libFLAC *** --------------------------------------------- FLAC is an open source lossless audio codec supported by several software and music players. The libFLAC project, an open source library implementing reference encoders and decoders for native FLAC and Ogg FLAC audio content, suffers from multiple implementation issues. In particular, a stack overflow and a heap overflow condition, which may .. --------------------------------------------- http://www.ocert.org/advisories/ocert-2014-008.html *** Chrome läutet Ende für Browser-Plugins ein *** --------------------------------------------- Ab Jänner werden sämtliche NPAPI-Plugins blockiert - Silverlight und Java betroffen --------------------------------------------- http://derstandard.at/2000008592582 *** Hacker legen Sony Pictures komplett lahm *** --------------------------------------------- Unbekannte haben am Montag den Firmenbetrieb bei Sony Pictures zum Erliegen gebracht. Sie sollen sämtliche Computer im Firmennetz der Sony-Tochter gekapert haben. Auch das Play-Store-Konto von Sony soll betroffen sein. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-legen-Sony-Pictures-komplett-la… *** Secret Malware in European Union Attack Linked to U.S. and British Intelligence *** --------------------------------------------- Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept. --------------------------------------------- https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom… *** EU-Experten: Exporte von Spähsoftware sollen stärker kontrolliert werden *** --------------------------------------------- Wirtschaftsminister Gabriel will den Export von Spähsoftware auf EU-Ebene einschränken. Erste Firmen suchen aber schon Wege, um der Exportkontrolle zu entgehen. --------------------------------------------- http://www.golem.de/news/eu-experten-exporte-von-spaehsoftware-sollen-staer…

1 0

Tageszusammenfassung - Montag 24-11-2014
by Daily end-of-shift report 24 Nov '14

24 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-11-2014 18:00 − Montag 24-11-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Website Malware Removal: Phishing *** --------------------------------------------- As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and reels with his fishing rod, a .. --------------------------------------------- http://blog.sucuri.net/2014/11/website-malware-removal-phishing.html *** Asterisk IP address security bypass *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98863 *** "NotCompatible": Die bisher hartnäckigste Android-Malware *** --------------------------------------------- Schadsoftware infiziert täglich 20.000 Geräte - Für Spam-Versand, Ticket-Kauf und Word-Press-Hacking --------------------------------------------- http://derstandard.at/2000008502545 *** DoubleDirect MitM Attack Targets Android, iOS and OS X Users *** --------------------------------------------- Security researchers have discovered a new type of "Man-in-the-Middle" (MitM) attack in the wild targeting smartphone and tablets users on devices running either iOS or Android around the world. The MitM attack, dubbed DoubleDirect, enables an attacker to redirect a victim's traffic of major websites .. --------------------------------------------- http://thehackernews.com/2014/11/doubledirect-mitm-attack-targets_22.html *** Spearphishing: Jeder Fünfte geht in die Falle *** --------------------------------------------- IT-Benutzer sind gutgläubig. Ein Rabattversprechen reicht, um jede Menge Passwörter einzusammeln. Auf der Wiener Security-Konferenz Deepsec wurden erschreckende Zahlen aus der Praxis verraten. --------------------------------------------- http://www.heise.de/newsticker/meldung/Spearphishing-Jeder-Fuenfte-geht-in-… *** A Nightmare on Malware Street *** --------------------------------------------- Another ransomware has been spotted in the wild lately, branded as CoinVault. This one involves some interesting details worth mentioning, including the peculiar characteristic of offering the free decryption of one of the hostage files a.. --------------------------------------------- http://securelist.com/blog/virus-watch/67699/a-nightmare-on-malware-street/ *** ClamA libclamav/pe.c buffer overflow *** --------------------------------------------- ClamAV is vulnerable to a Heap Based buffer overflow, caused by improper bounds checking by the libclamav/pe.c file. A local attacker could overflow a buffer and execute arbitrary code on the system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98882 *** Crypto protocols held back by legacy, says ENISA *** --------------------------------------------- EU takes the microscope to security The EU Agency for Network Information and Security (ENISA) has updated its 2013 crypto guidelines, designed to help developers protect personal information in line with EU law, and has sternly told crypto .. --------------------------------------------- http://www.theregister.co.uk/2014/11/24/crypto_protocols_held_back_by_legac… *** Symantec reseachers find Regin malware, label it the new Stuxnet *** --------------------------------------------- Government probably penned peerless p0wn cannon aimed at Russian and Saudi targets An advanced malware instance said to be as sophisticated as Stuxnet and Duqu has has been detected attacking the top end of town and has .. --------------------------------------------- http://www.theregister.co.uk/2014/11/24/regin/ *** Triggering MS14-066 *** --------------------------------------------- Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed. This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security .. --------------------------------------------- http://blog.beyondtrust.com/triggering-ms14-066 *** Hacking RFID Payment Cards Made Possible with Android App *** --------------------------------------------- We recently encountered a high-risk Android app detected as ANDROIDOS_STIP.A in Chile. This app, found distributed through forums and blogs, can be used to hack into the user's RFID bus transit card to recharge the credits. What is the mechanism .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-rfid-pay… *** Protecting Against Unknown Software Vulnerabilities *** --------------------------------------------- Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can have a security implications, these are known as vulnerabilities. These vulnerabilities can be used to exploit and compromise your server, your siteRead More --------------------------------------------- http://blog.sucuri.net/2014/11/protecting-against-unknown-software-vulnerab… *** Linux-Distribution: Less ist ein mögliches Einfallstor *** --------------------------------------------- Das Tool Less wird unter Linux oft benutzt, um in Verbindung mit anderen Tools etwa Dateien zu öffnen. Damit würden viele Fehler und Sicherheitslücken provoziert, meint ein profilierter Hacker. --------------------------------------------- http://www.golem.de/news/linux-distribution-less-als-moegliches-einfallstor… *** Drupal-Update schiebt Session-Klau den Riegel vor *** --------------------------------------------- Die Entwickler des Open-Source CMS haben zwei Sicherheitslücken in Drupal 6 und 7 geschlossen. Die Schwachstellen können missbraucht werden, um Sessions angemeldeter Benutzer zu stehlen und um den Server lahmzulegen. --------------------------------------------- http://www.heise.de/security/meldung/Drupal-Update-schiebt-Session-Klau-den…

1 0

Tageszusammenfassung - Freitag 21-11-2014
by Daily end-of-shift report 21 Nov '14

21 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-11-2014 18:00 − Freitag 21-11-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Rich Telemetry for Cyber Incident Response and Malicious Code Analysis on Microsoft Windows *** --------------------------------------------- 5..4..3..2..1..launch Earlier this week we launched the first product from the research and development efforts of the NCC Group Security Labs team. NCC Group Security Labs is a combined centre within NCC Group which brings together experts from Security Technical Assurance, Security Research, Cyber Defence Operations and Security Software Development to work on innovative software solutions for real-world cyber security problems. The Problem The world of Cyber Defence Operations involves, in... --------------------------------------------- https://www.nccgroup.com/en/blog/2014/11/rich-telemetry-for-cyber-incident-… *** Securing Personal Data: ENISA guidelines on Cryptographic solutions *** --------------------------------------------- ENISA is launching two reports today. The “Algorithms, key size and parameters” report of 2014 is a reference document providing a set of guidelines to decision makers, in particular specialists designing and implementing cryptographic solutions for personal data protection within commercial organisations or governmental services for citizens. The “Study on cryptographic protocols” provides an implementation perspective, covering guidelines regarding protocols required to protect commercial online communications containing personal data. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/securing-personal-data-enis… *** Weekly Metasploit Wrapup: Exploiting Mobile Security Software *** --------------------------------------------- Exploiting Security Software: Android Edition --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/11/21/weekly-me… *** VB2014 paper: Sweeping the IP space: the hunt for evil on the Internet *** --------------------------------------------- Dhia Mahjoub explains how the topology of the AS graph can be used to uncover hotspots of maliciousness.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added Sweeping the IP space: the hunt for evil on the Internet by OpenDNS researcher Dhia Mahjoub.The Internet is often described as a network of networks. These individual networks are called Autonomous Systems (AS): collections of IPv4 and IPv6 network... --------------------------------------------- http://www.virusbtn.com/blog/2014/11_21.xml?rss *** WordPress 4.0.1 Update Patches Critical XSS Vulnerability *** --------------------------------------------- The latest version of WordPress, 4.0.1, patches a critical cross-site scripting vulnerability in comment fields that enables admin-level control over a website. --------------------------------------------- http://threatpost.com/wordpress-4-0-1-update-patches-critical-xss-vulnerabi… *** The Internet of Things (IoT) will fail if security has no context *** --------------------------------------------- The Internet of Things requires a new way of thinking and acting, one that will protect a business and help it grow. --------------------------------------------- http://www.scmagazine.com/the-internet-of-things-iot-will-fail-if-security-… *** Detekt - Free Anti-Malware Tool To Detect Govt. Surveillance Malware *** --------------------------------------------- Human rights experts and Privacy International have launched a free tool allowing users to scan their computers for surveillance spyware, typically used by governments and other organizations to spy on human rights activists and journalists around the world. This free-of-charge anti-surveillance tool, called Detekt, is an open source software app released in partnership with Human rights... --------------------------------------------- http://thehackernews.com/2014/11/detekt-free-anti-malware-tool-to-detect_20… *** Most Targeted Attacks Exploit Privileged Accounts *** --------------------------------------------- Most targeted attacks exploit privileged account access according to a new report commissioned by the security firm CyberArk. --------------------------------------------- http://threatpost.com/most-targeted-attacks-exploit-privileged-accounts/109… *** Security Advisory - High severity - WP-Statistics WordPress Plugin *** --------------------------------------------- Advisory for: WordPress WP-Statistics Plugin Security Risk: High (DREAD score : 7/10) Exploitation level: Easy/Remote Vulnerability: Stored XSS which executes on the administration panel. Patched Version: 8.3.1 If you're using the WP-Statistics WordPress plugin on your website, now is the time to update. While doing a routine audit for our Website Firewall product, we discovered... --------------------------------------------- http://blog.sucuri.net/2014/11/security-advisory-high-severity-wp-statistic… *** Splunk Enterprise versions 6.0.7 and 5.0.11 address three vulnerabilities *** --------------------------------------------- Description Splunk Enterprise versions 6.0.7 and 5.0.11 address three vulnerabilities OpenSSL session ticket memory leak (SPL-91947, CVE-2014-3567) TLS protocol enhancements related to POODLE (SPL-92062,CVE-2014-3566) Persistent cross-site scripting (XSS) via Dashboard (SPL-89216, CVE-2014-5466) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product... --------------------------------------------- http://www.splunk.com/view/SP-CAAANST *** GNU C Library wordexp() command execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98852 *** PCRE pcre_exec.c buffer overflow *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98854 *** Multiple Huawei HiLink products cross-site request forgery *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98858 *** Asterisk DB Dialplan Function Lets Remote Authenticated Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1031251 *** Asterisk CONFBRIDGE Lets Remote Authenticated Users Execute Arbitrary System Commands *** --------------------------------------------- http://www.securitytracker.com/id/1031250 *** Asterisk ConfBridge State Transition Error Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031247 *** Asterisk PJSIP Channel Driver Flaw in res_pjsip_refer Module Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031249 *** Asterisk PJSIP Channel Driver Race Condition Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031248 *** Asterisk PJSIP ACL Bug Lets Remote Users Bypass Access Controls *** --------------------------------------------- http://www.securitytracker.com/id/1031246 *** HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities *** --------------------------------------------- Version:1 (rev.1) - 20 June 2014 Initial release Version:2 (rev.2) - 20 November 2014 Removed iMC Platform Products, 5900 virtual switch, and Router 8800 products. Further analysis revealed that those products as not vulnerable. Added additional products. --------------------------------------------- https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04347622 *** ZDI-14-385: Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Dell SonicWALL Global Management System (GMS) virtual appliance. Authentication is required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-385/

1 0

Tageszusammenfassung - Donnerstag 20-11-2014
by Daily end-of-shift report 20 Nov '14

20 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 19-11-2014 18:00 − Donnerstag 20-11-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** ROVNIX Infects Systems with Password-Protected Macros *** --------------------------------------------- We recently found that the malware family ROVNIX is capable of being distributed via macro downloader. This malware technique was previously seen in the DRIDEX malware, which was notable for using the same routines. DRIDEX is also known as the successor of the banking malware CRIDEX. Though a fairly old method for infection, cybercriminals realized that using malicious macros work... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/0rtiBt3T3E4/ *** Citadel Variant Targets Password Managers *** --------------------------------------------- Some Citadel-infected computers have received a new configuration file, a keylogger triggered to go after the master passwords from three leading password management tools. --------------------------------------------- http://threatpost.com/citadel-variant-targets-password-managers/109493 *** CryptoPHP: Analysis of a hidden threat inside popular content management systems *** --------------------------------------------- CryptoPHP is a threat that uses backdoored Joomla, WordPress and Drupal themes and plug-ins to compromise webservers on a large scale. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server. --------------------------------------------- http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-ins… *** An inside look: gathering and analyzing the SIR data *** --------------------------------------------- At the Microsoft Malware Protection Center, threat data is a critical source of information to help protect our customers. We use it to understand what's going on in the overall malware ecosystem, determine the best way to protect our customers, and find the most effective way to deliver that protection. We also use the data to produce a number of reports to help our customers. This includes our bi-annual Security Intelligence Report (SIR). This blog post gives you a behind-the-scenes... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/11/19/an-inside-look-gathering… *** Annual Privacy Forum 2014 materials and APF2015 - Call for partnership *** --------------------------------------------- ENISA's Information Security and Data Protection Unit announces the commencement of preparations for the Annual Privacy Forum of 2015. --------------------------------------------- http://www.enisa.europa.eu/media/news-items/annual-privacy-forum-2014-mater… *** Electronic Arts: Datenpanne bei Origin *** --------------------------------------------- Einblicke in persönliche Daten von anderen Nutzern zeigt derzeit Origin, das Onlineportal von Electronic Arts, beim Zugriff auf die Foren an. --------------------------------------------- http://www.golem.de/news/electronic-arts-datenpanne-bei-origin-1411-110689-… *** How Splitting A Computer Into Multiple Realities Can Protect You From Hackers *** --------------------------------------------- Eight years ago, polish hacker Joanna Rutkowska was experimenting with rootkits - tough-to-detect spyware that infects the deepest level of a computer's operating system - when she came up with a devious notion: What if, instead of putting spyware inside a victim's computer, you put the victim's computer inside the spyware? At the time, a technology known... --------------------------------------------- http://feeds.wired.com/c/35185/f/661467/s/40ab9794/sc/4/l/0L0Swired0N0C20A1… *** Vulnerabilities identified in three Advantech products *** --------------------------------------------- Researchers with Core Security have identified vulnerabilities in three products manufactured by Advantech, some of which can be exploited remotely. --------------------------------------------- http://www.scmagazine.com/vulnerabilities-identified-in-three-advantech-pro… *** Bugtraq: [CORE-2014-0009] - Advantech EKI-6340 Command Injection *** --------------------------------------------- http://www.securityfocus.com/archive/1/534021 *** Bugtraq: [CORE-2014-0008] - Advantech AdamView Buffer Overflow *** --------------------------------------------- http://www.securityfocus.com/archive/1/534022 *** Bugtraq: [CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow *** --------------------------------------------- http://www.securityfocus.com/archive/1/534023 *** Drupal Patches Denial of Service Vulnerability; Details Disclosed *** --------------------------------------------- Drupal has released a patched a denial of service and account hijacking vulnerability, details of which were disclosed by the researchers who discovered the issue. --------------------------------------------- http://threatpost.com/drupal-patches-denial-of-service-vulnerability-detail… *** Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CORE-2014-006Project: Drupal core Version: 6.x, 7.xDate: 2014-November-19Security risk: 14/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Multiple vulnerabilitiesDescriptionSession hijacking (Drupal 6 and 7)A specially crafted request can give a user access to another users session, allowing an attacker to hijack a random session.This attack is known to be possible on certain Drupal 7 sites which serve both HTTP and HTTPS... --------------------------------------------- https://www.drupal.org/SA-CORE-2014-006 *** DRUPAL Security Advisories for Third-Party Modules *** --------------------------------------------- https://www.drupal.org/node/2378287 https://www.drupal.org/node/2378279 https://www.drupal.org/node/2378441 https://www.drupal.org/node/2378401 https://www.drupal.org/node/2378367 *** R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/11/19/r7-2014-1… *** Paid Memberships Pro plugin for WordPress getfile.php directory traversal *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98805 *** Lsyncd default-rsyncssh.lua command execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98806 *** Security Advisory-App Validity Check Bypass Vulnerability in Huawei P7 Smartphone *** --------------------------------------------- Nov 20, 2014 14:53 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Vuln: MantisBT core/file_api.php Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/71104 *** Xen Security Advisory 113 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling *** --------------------------------------------- An error handling path in the processing of MMU_MACHPHYS_UPDATE failed to drop a page reference which was acquired in an earlier processing step. --------------------------------------------- http://lists.xen.org/archives/html/xen-announce/2014-11/msg00003.html *** IBM Security Network Protection Shell Command Injection *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98519 *** IBM Security Bulletins related to POODLE *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** Other IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Mittwoch 19-11-2014
by Daily end-of-shift report 19 Nov '14

19 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-11-2014 18:00 − Mittwoch 19-11-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** MS14-068 - Critical: Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780) - Version: 1.0 *** --------------------------------------------- This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to... --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-068 *** Additional information about CVE-2014-6324 *** --------------------------------------------- Today Microsoft released update MS14-068 to address CVE-2014-6324, a Windows Kerberos implementation elevation of privilege vulnerability that is being exploited in-the-wild in limited, targeted attacks. The goal of this blog post is to provide additional information about the vulnerability, update priority, and detection guidance for defenders. Microsoft recommends customers apply this update to their domain controllers as quickly as possible. Vulnerability Details CVE-2014-6324 allows... --------------------------------------------- http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-ab… *** Google Removes SSLv3 Fallback Support From Chrome *** --------------------------------------------- Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3, the component that was the target of the POODLE attack revealed last month. When the POODLE attack was disclosed by several Google researchers in October, the company said that it had added a change to Chrome that would... --------------------------------------------- http://threatpost.com/google-removes-sslv3-fallback-support-from-chrome/109… *** A New Free CA *** --------------------------------------------- Announcing Lets Encrypt, a new free certificate authority. This is a joint project of EFF, Mozilla, Cisco, Akamai, and the University of Michigan. This is an absolutely fantastic idea. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server youre actually talking to is the server you intended to talk to. For many server operators,... --------------------------------------------- https://www.schneier.com/blog/archives/2014/11/a_new_free_ca.html *** Survey: real-time SIEM solutions help orgs detect attacks within minutes *** --------------------------------------------- Real-time security information and event management solutions help organizations detect targeted attacks and advanced persistent threats within minutes, according to a McAfee survey. --------------------------------------------- http://www.scmagazine.com/survey-real-time-siem-solutions-help-orgs-detect-… *** POWELIKS Levels Up With New Autostart Mechanism *** --------------------------------------------- Last August, we wrote about POWELIKS's malware routines that are known for hiding its malicious codes in the registry entry as part of its evasion tactics. In the newer samples we spotted, malware detected as TROJ_POWELIKS.B employed a new autostart mechanism and removes users' privileges in viewing the registry's content. As a result, users won't be able to suspect that... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/zurdvNxST00/ *** Pan-European Cyber Security Competition organised by ENISA *** --------------------------------------------- Today (19 November 2014) the European Union Agency for Network and Information Security (ENISA) is happy to announce the planning of the 1st pan-European Cyber Security Competition in 2015. The competition is organised jointly in collaboration with experienced organisations from EU Member States for students. --------------------------------------------- http://www.enisa.europa.eu/media/news-items/pan-european-cyber-security-com… *** RSS Reveals Malware Injections *** --------------------------------------------- There are multiple different ways to detect invisible malware on a website: You can scrutinize the HTML code of web pages. Use external scanners like SiteCheck or UnmaskParasites. Get alerts from anti-viruses or search engines (both in search results and via their Webmaster Tools). Try to open web pages with different User-Agents and check for... --------------------------------------------- http://blog.sucuri.net/2014/11/rss-reveals-malware-injections.html *** Test Tool for Web App Security Scanners Released by Google *** --------------------------------------------- A new tool was open-sourced by Google on Tuesday, aiming at improving the efficiency of automated web security scanners by evaluating them with patterns of vulnerabilities already seen in the wild. --------------------------------------------- http://news.softpedia.com/news/Test-Tool-for-Web-App-Security-Scanners-Rele… *** Microsoft bessert beim SChannel-Patch nach *** --------------------------------------------- Still und heimlich haben die Windows-Macher am Dienstag mit dem Update außer der Reihe auch eine neue Revision des SChannel-Patches ausgeliefert. Diese soll die Probleme mit der TLS-Verschlüsselung und massive Performance-Einbußen bei SQL Server beheben. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-bessert-beim-SChannel-Patch-… *** Most advanced mobile botnet EVER is coming for your OFFICE Androids *** --------------------------------------------- NotCompatible A newly discovered variant of NotCompatible is establishing what has been called the most advanced mobile botnet yet created. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/11/19/android_bot… *** jQuery: Cross-Site-Scripting in Captcha-Beispielcode weit verbreitet *** --------------------------------------------- Ein populäres jQuery-Plugin liefert Code mit einer Cross-Site-Scripting-Lücke aus. Der verwundbare Code stammt ursprünglich von einem Beispielskript für Captchas, das auf sehr vielen Webseiten zu finden ist. --------------------------------------------- http://www.golem.de/news/jquery-cross-site-scripting-in-captcha-beispielcod… *** A Peek Inside a PoS Scammer's Toolbox *** --------------------------------------------- PoS malware has been receiving a tremendous amount of attention in the past two years with high profile incidents like Target, Home Depot, and Kmart. With the massive "Black Friday" shopping season coming up, PoS malware will surely get additional publicity. This high profile nature means, we constantly look for evolving PoS malware and look into their behavior... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/xF7gxViXP4A/ *** Nasty Security Bug Fixed in Android Lollipop 5.0 *** --------------------------------------------- There is a vulnerability in Android versions below 5.0 that could allow an attacker to bypass ASLR and run arbitrary code on a target device under certain circumstances. The bug was fixed in Lollipop, the newest version of the mobile OS, released earlier this week. The vulnerability lies in java.io.ObjectInputStream, which fails to check whether... --------------------------------------------- http://threatpost.com/nasty-security-bug-fixed-in-android-lollipop-5-0/1094… *** Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability *** --------------------------------------------- CVE-2014-8000 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Multiple Samsung Galaxy Devices knox code execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98780 *** Google Chrome pdfium code execution *** --------------------------------------------- Google Chrome pdfium code execution --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98790 *** Bugtraq: [SECURITY] [DSA 3074-2] php5 regression update *** --------------------------------------------- http://www.securityfocus.com/archive/1/534018 *** Bugtraq: Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension *** --------------------------------------------- http://www.securityfocus.com/archive/1/534017

1 0

Tageszusammenfassung - Dienstag 18-11-2014
by Daily end-of-shift report 18 Nov '14

18 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 17-11-2014 18:00 − Dienstag 18-11-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Out-of-band release for Security Bulletin MS14-068 *** --------------------------------------------- On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows. We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin. --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2014/11/18/out-of-band-release-for-… *** VB2014 paper: Optimized mal-ops. Hack the ad network like a boss *** --------------------------------------------- Why buying ad space makes perfect sense for those wanting to spread malware.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added Optimized mal-ops. Hack the ad network like a boss by Bromium researchers Vadim Kotov and Rahul Kashyap.Malicious advertisements (malvertising) go back more than a decade, yet in recent months we have seen a surge in these attacks, including the Kyle and Stan campaign, which... --------------------------------------------- http://www.virusbtn.com/blog/2014/11_18.xml?rss *** l+f: Lücken bei BitTorrent Sync *** --------------------------------------------- Ein Security-Audit hat eine Reihe kleinerer und größerer Lücken im Filesharing-Dienst gefunden. --------------------------------------------- http://www.heise.de/security/meldung/l-f-Luecken-bei-BitTorrent-Sync-245985… *** Matsnu Botnet DGA Discovers Power of Words *** --------------------------------------------- The Matsnu botnet has deployed a new domain generation algorithm that builds domain names from a list of nouns and verbs. The plain English phrases help the DGA elude detection. --------------------------------------------- http://threatpost.com/matsnu-botnet-dga-discovers-power-of-words/109426 *** Cisco Releases Security Analytics Framework to Open Source *** --------------------------------------------- Ciscos OpenSOC, a security analytics framework, has been released to open source. --------------------------------------------- http://threatpost.com/cisco-releases-security-analytics-framework-to-open-s… *** The NSAs Efforts to Ban Cryptographic Research in the 1970s *** --------------------------------------------- New article on the NSAs efforts to control academic cryptographic research in the 1970s. It includes new interviews with public-key cryptography inventor Martin Hellman and then NSA-director Bobby Inman.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/11/the_nsas_effort.html *** Flashpack Exploit Kit Used in Free Ads, Leads to Malware Delivery Mechanism *** --------------------------------------------- In the entry FlashPack Exploit Leads to New Family of Malware, we tackled the Flashpack exploit kit and how it uses three URLs namely (http://{malicious domain}/[a-z]{3}[0-9]{10,12}/loxotrap.php, http://{malicious domain}/[0-9,a-z]{6,10}/load0515p6jse9.php, http://{malicious domain}/[a-z]{3}[0-9]{10,12}/ldcigar.php) as its landing site. We monitored the abovementioned URLs and found out that the FlashPack exploit kit is now using free ads to distribute malware such as... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/-FQFl818dVo/ *** IT threat evolution Q3 2014 *** --------------------------------------------- Kaspersky Lab products detected and neutralized a total of 1,325,106,041 threats in the third quarter of 2014. Our solutions blocked 696,977 attacks that attempted to launch malware capable of stealing money from online banking accounts. Were detected 74,489 new malicious mobile programs, including 7010 mobile banking Trojans. --------------------------------------------- http://securelist.com/analysis/quarterly-malware-reports/67637/it-threat-ev… *** Microsofts SChannel-Fix wird zum Problem-Patch *** --------------------------------------------- Microsoft hat bestätigt, dass der Patch für die Krypto-Funktion von Windows auf Servern zu Problemen führt. Es soll sowohl SQL Server als auch IIS beeinträchtigen. Das Update wird aber nach wie vor verteilt. --------------------------------------------- http://www.heise.de/security/meldung/Microsofts-SChannel-Fix-wird-zum-Probl… *** Cisco IOS DLSw Information Disclosure Vulnerability *** --------------------------------------------- CVE-2014-7992 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability *** --------------------------------------------- CVE-2014-7996 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Vuln: Check Point Security Gateway Multiple Denial of Service Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/67993 *** Rails Action Pack Bug Lets Remote Users Determine if Specified Files Exist on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1031217 *** Moodle Bugs Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1031215 *** Tcpdump Multiple Flaws Let Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031235 *** Xen Security Advisory 110 (CVE-2014-8595) - Missing privilege level checks in x86 emulation of far branches *** --------------------------------------------- The emulation of far branch instructions (CALL, JMP, and RETF in Intel assembly syntax, LCALL, LJMP, and LRET in AT&T assembly syntax) incompletely performs privilege checks. --------------------------------------------- http://lists.xen.org/archives/html/xen-announce/2014-11/msg00001.html *** Xen Security Advisory 109 (CVE-2014-8594) - Insufficient restrictions on certain MMU update hypercalls *** --------------------------------------------- MMU update operations targeting page tables are intended to be used on PV guests only. The lack of a respective check made it possible for such operations to access certain function pointers which remain NULL when the target guest is using Hardware Assisted Paging (HAP). --------------------------------------------- http://lists.xen.org/archives/html/xen-announce/2014-11/msg00002.html *** Apple Security Advisories *** --------------------------------------------- APPLE-SA-2014-11-17-1 iOS 8.1.1 APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1 APPLE-SA-2014-11-17-3 Apple TV 7.0.2 --------------------------------------------- http://support.apple.com/kb/HT1222 *** IBM Security Bulletins related to a Vulnerability in SSLv3 (POODLE) *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** Other IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Montag 17-11-2014
by Daily end-of-shift report 17 Nov '14

17 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-11-2014 18:00 − Montag 17-11-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Microsoft Updates MS14-066, (Sun, Nov 16th) *** --------------------------------------------- Microsoft updated MS14-066 to warn users about some problems caused by the additional ciphers added with the update [1]. It appears that clients who may not support these ciphers may fail to connect at all. The quick fix is to remove the ciphers by editing the respective registry entry (see the KB article link below for more details). One user reported to us performance issues when connecting from MSFT Access to SQL Server, which are related to these ciphers. Sadly, MS14-066hasnt been --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18957&rss *** EVERYTHING needs crypto says Internet Architecture Board *** --------------------------------------------- Calls for all new protocols to protect privacy, all the time, everywhere The Internet Architecture Board (IAB) has called for encryption to become the norm for all internet traffic. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/11/16/net_gurus_f… *** "Maskierte Apps": Apple veröffentlicht Sicherheitsrichtlinien für App-Installation *** --------------------------------------------- Mit Enterprise-Zertifikaten signierte Apps lassen sich am App Store vorbei auf iOS-Geräten installieren. Angreifer können das nutzen, um Apps durch manipulierte Versionen zu ersetzen. Mit Tipps will Apple Nutzer für Malware sensibilisieren. --------------------------------------------- http://www.heise.de/security/meldung/Maskierte-Apps-Apple-veroeffentlicht-S… *** 91. Treffen der IETF: Das Kapern von BGP-Routen verhindern *** --------------------------------------------- Immer wieder wird Internet-Verkehr unbemerkt über seltsame Wege zum eigentlichen Ziel umgeleitet. Ob es sich um Abhör-Aktionen handelt oder nur um Pannen, ist oft unklar. Nun könnten Netzbetreiber ein Mittel dagegen in die Hand bekommen. --------------------------------------------- http://www.heise.de/newsticker/meldung/91-Treffen-der-IETF-Das-Kapern-von-B… *** Attack reveals 81 percent of Tor users but admins call for calm *** --------------------------------------------- Cisco Netflow a handy tool for cheapskate attackers The Tor project has urged calm after new research found 81 percent of users could be identified using Ciscos NetFlow tool. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/11/17/deanonymiza… *** WinShock PoC clocked: But DONT PANIC... Its no Heartbleed *** --------------------------------------------- SChannel exploit opens an easily closed door Security researchers have released a proof-of-concept exploit against the SChannel crypto library flaw patched by Microsoft last week. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/11/17/ms_schannel… *** Jetzt patchen: Details zur SChannel-Lücke in Windows im Umlauf *** --------------------------------------------- Administratoren sollten Patches für die kritische Sicherheitslücke in Windows, die Microsoft letzte Woche geschlossen hat, umgehend einspielen. Ansonsten riskieren sie, dass Angreifer über das Netz Schadcode einschleusen. --------------------------------------------- http://www.heise.de/security/meldung/Jetzt-patchen-Details-zur-SChannel-Lue… *** Book review: Bulletproof SSL and TLS *** --------------------------------------------- Must-read for anyone working with one of the Internets most important protocols.I was reading Ivan Ristićs book Bulletproof SSL and TLS when rumours started to appear about an attack against SSL 3.0, which would soon become commonly known as the POODLE attack. Thanks to the book, I was quickly able to read up on the differences between SSL 3.0 and its successor, TLS 1.0, which wasnt vulnerable to the attack. Elsewhere in the book, a few pages are dedicated to protocol downgrade attacks,... --------------------------------------------- http://www.virusbtn.com/blog/2014/11_17.xml?rss *** Holy cow! Fasthosts outage blamed on DDoS hack attack AND Windows 2003 vuln *** --------------------------------------------- Monday, bloody Monday Fasthosts five-hour collapse today has been blamed on a Distributed Denial of Service attack and a security flaw spotted on its Windows 2003 shared web server kit. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/11/17/fasthosts_o… *** Comedy spam blunder raises a smile to start the week *** --------------------------------------------- We all get lots of spam. Enough, even with junk folders and spam filters, to be more than merely annoying. So heres a spamming mistake to make you smile... --------------------------------------------- https://nakedsecurity.sophos.com/2014/11/17/comedy-spam-blunder-raises-a-sm… *** Cisco Aironet DHCP Denial of Service Vulnerabilty *** --------------------------------------------- CVE-2014-7997 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco Aironet EAP Debugging Denial of Service Vulnerability *** --------------------------------------------- CVE-2014-7998 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** SSA-860967 (Last Update 2014-11-14): GNU Bash Vulnerabilities in Siemens Industrial Products *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** Hot fix to address POODLE SSLv3 vunerability on Designer 4.0.2 AU5 SVN HTTPS access *** --------------------------------------------- Abstract: Designer 4.0.2 uses SSLv3 to access SVN repositories over HTTPS, making it vulnerable to the poodle weakness in the SSL protocol (CVE-2014-3566). This hot fix addresses the issue by disabling SSLv3 and allowing usage of TLSv1 instead.Document ID: 5195492Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:Designer402AU5HF1.zip (2.09 MB)Products:Identity Manager 4.0.2Identity Manager Roles Based Provisioning Module 4.0.2Designer for Identity... --------------------------------------------- https://download.novell.com/Download?buildid=NjOScYlrw_E~ *** Hot Patch 2 for Novell Messenger 2.2 (security fixes to Messengers server and client components) *** --------------------------------------------- https://download.novell.com/Download?buildid=I2DgXp6pwVY~ https://download.novell.com/Download?buildid=sJ4Wcd1G7Bo~ https://download.novell.com/Download?buildid=66t5njTLVmk~ *** DSA-3073 libgcrypt11 *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3073 *** Vuln: GnuTLS CVE-2014-8564 Multiple Heap Corruption Denial of Service Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/71003 *** HPSBGN03192 rev.1 - HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the current HP iCAS client software. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Security Bulletin: IBM Systems Director (ISD) is affected by vulnerability in the Console Login Window (CVE-2013-5423) *** --------------------------------------------- IBM Systems Director is affected by a vulnerability in the Console Login Window (CVE-2013-5423). CVE(s): CVE-2013-5423 Affected product(s) and affected version(s): Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096563 X-Force Database: http://xforce.iss.net/xforce/xfdb/87485 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect GPFS V3.5 for Windows (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568) *** --------------------------------------------- OpenSSL vulnerabilities along with SSL 3 Fallback protection (TLS_FALLBACK_SCSV) were disclosed on October 15, 2014 by the OpenSSL Project. OpenSSL is used by GPFS V3.5 for Windows. GPFS V3.5 for Windows has addressed the applicable CVEs and included the SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV) provided by OpenSSL. CVE(s): CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568 Affected product(s) and affected version(s): OpenSSH for GPFS V3.5 for Windows Refer to the following reference --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletins: Vulnerability in SSLv3 affects multiple products *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** [webapps] - MyBB Forums 1.8.2 - Stored XSS Vulnerability *** --------------------------------------------- http://www.exploit-db.com/exploits/35266

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily