- Daily - CERT.at

Tageszusammenfassung - Montag 19-05-2014
by Daily end-of-shift report 19 May '14

19 May '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 16-05-2014 18:00 − Montag 19-05-2014 18:00 Handler: Robert Waldner Co-Handler: n/a *** January-April 2014 *** --------------------------------------------- The 'NCCIC/ICS-CERT Monitor' newsletter offers a means of promoting preparedness, information sharing, and collaboration with the 16 critical infrastructure sectors. ICS-CERT accomplishes this on a day-to-day basis through sector briefings, meetings, conferences, and information product releases. This publication highlights recent activities and information products affecting industrial control systems (ICSs), and provides a look ahead at upcoming ICS-related events. --------------------------------------------- http://ics-cert.us-cert.gov//monitors/ICS-MM201404 *** IBM Security Bulletin: Fixes available for vulnerability in Apache Commons FileUpload contained in IBM WebSphere Portal (CVE-2014-0050) *** --------------------------------------------- Fixes available for a denial of service vulnerability in the open source library Apache Commons FileUpload which affects IBM WebSphere Portal. CVE(s): CVE-2014-0050 Affected product(s) and affected version(s): WebSphere Portal 8 WebSphere Portal 7 WebSphere Portal 6.1.x --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Rational ClearCase *** --------------------------------------------- IBM WebSphere Application Server is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. CVE(s): CVE-2014-0964 Affected product(s) and affected version(s): IBM Rational ClearCase, CM Server component, release 7.1.x (7.1.0.x, 7.1.1.x, and 7.1.2.x). --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** Mozilla gründet "Winter of Security" *** --------------------------------------------- Studenten können bei Mozillas Programm für ihr Studium ein Projekt durchführen, das eine Bedeutung auch außerhalb der Universität hat. Begleitet wird die Arbeit von einem Entwickler. --------------------------------------------- http://www.heise.de/security/meldung/Mozilla-gruendet-Winter-of-Security-21… *** Malvertising Up By Over 200% *** --------------------------------------------- An anonymous reader writes "Online Trust Alliance (OTA) Executive Director and President Craig Spiezle testified before the U.S. Senates Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations, outlining the risks of malicious advertising, and possible solutions to stem the rising tide. According to OTA research, malvertising increased by over 200% in 2013 to over 209,000 incidents, generating over 12.4 billion malicious ad impressions. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ZUq6VAva50Y/story01.htm *** DDoS Trojans attack Linux *** --------------------------------------------- May 15, 2014 The fallacy that Linux is fully protected against malware thanks to the specific features of its architecture makes life much easier for intruders distributing such software. In May 2014, Doctor Webs security analysts identified and examined a record-high number of Trojans for Linux, a large portion of which is designed to (distributed denial of service) attacks. These programs share common features: first, they carry out DDoS attacks via various protocols, and second, they appear .. --------------------------------------------- http://news.drweb.com/show/?i=5760&lng=en&c=9 *** Security: Datenbank informiert über Identitätsklau *** --------------------------------------------- Eine Datenbank gibt Informationen darüber, ob Passwörter oder Kontodaten eines Nutzers auf einschlägigen Foren zu finden sind. Die vom Hasso-Plattner-Institut bereitgestellten Informationen unterscheiden sich von denen des BSI. --------------------------------------------- http://www.golem.de/news/security-datenbank-informiert-ueber-identitaetskla… *** Cisco ASA Crafter RADIUS Packets Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the implementation of the Remote Authentication Dial-in User Services (RADIUS) code of Cisco ASA Software could allow an authenticated, remote attacker to cause an affected system to reload. The vulnerability is due to insufficient validation of RADIUS packets including crafted attributes. An attacker could exploit this vulnerability by sending crafted RADIUS packets to the affected system. The attacker must know the RADIUS shared secret and inject the crafted packet while a RADIUS exchange is in progress. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Mid-2014 Tech Security Rundown: 5 Current Exploits Worth Knowing About *** --------------------------------------------- Here are just a few of the security threats that have risen to prominence in recent months. ... Rotbrow Mobile Side Channel Leakage IoT Hardware & Software Ad Network Intrusion Out of Harm's Way Besides these exploits, web users must contend with on-going threats like SQL injection and cross-site scripting. --------------------------------------------- http://hackersnewsbulletin.com/2014/05/mid-2014-tech-security-rundown-5-cur… *** Online-Banking: Verstärkte Angriffe auf das mTAN-Verfahren *** --------------------------------------------- Experten warnen vor verstärkten Infektionen mit dem Android-Trojaner FakeToken. Die Software kopiert empfangene SMS, die TANs enthalten. Ganoven können dann das Konto des Opfers leer räumen. --------------------------------------------- http://www.heise.de/security/meldung/Online-Banking-Verstaerkte-Angriffe-au… *** Kryptographie: Schnellerer Algorithmus für das diskrete Logarithmusproblem *** --------------------------------------------- Auf der Eurocrypt-Konferenz ist ein schnellerer Algorithmus für eine spezielle Variante des diskreten Logarithmusproblems vorgestellt worden. Dieses Problem ist die Grundlage zahlreicher kryptographischer Verfahren, doch eine direkte Bedrohung für real eingesetzte Algorithmen gibt es zur Zeit nicht. --------------------------------------------- http://www.golem.de/news/kryptographie-schnellerer-algorithmus-fuer-das-dis…

1 0

Tageszusammenfassung - Freitag 16-05-2014
by Daily end-of-shift report 16 May '14

16 May '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 15-05-2014 18:00 − Freitag 16-05-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** CSWorks Software SQL Injection Vulnerability *** --------------------------------------------- Researcher John Leitch, working with HP's Zero Day Initiative (ZDI), has identified an SQL injection vulnerability in CSWorks' CSWorks software framework. CSWorks has produced an updated version that mitigates this vulnerability. This vulnerability could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-135-01 *** Statistik: Verschlüsselter Datenverkehr nimmt zu *** --------------------------------------------- Laut einer Studie steigt seit Beginn der Enthüllungen des Whistleblowsers Edward Snowden der Anteil an SSL-verschlüsselten Verbindungen im Internet. Die Zunahmen in den USA und Europa unterscheiden sich aber. --------------------------------------------- http://www.heise.de/security/meldung/Statistik-Verschluesselter-Datenverkeh… *** Torque 2.5.13 Buffer Overflow *** --------------------------------------------- Topic: Torque 2.5.13 Buffer Overflow Risk: High Text:A buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014050086 *** Apple Releases OS X 10.9.3, Fixes Serious Flaw in iTunes *** --------------------------------------------- Apple has released a new version of OS X Mavericks, which includes all of the security fixes it pushed out last month. OS X 10.9.3 includes the patches for the so-called triple handshake SSL vulnerability, as well as fixes for several remote code-execution vulnerabilities. --------------------------------------------- http://threatpost.com/apple-releases-os-x-10-9-3-fixes-serious-flaw-in-itun… *** Understanding how Fuzzing Relates to a Vulnerability like Heartbleed *** --------------------------------------------- Fuzzing is a security-focused testing technique in which a compiled program is executed so that the attack surface can be tested as it actually runs. The attack surfaces are the components of code that accept user input. Since this is the most vulnerable part of code, it should be rigorously tested with anomalous data. --------------------------------------------- http://labs.bromium.com/2014/05/14/understanding-how-fuzzing-relates-to-a-v… *** iTunes: Apple schließt problematische Lücke in PC-Version *** --------------------------------------------- Das Update 11.2 stopft ein Leck, über das es unter Windows XP SP3 bis 8 möglich war, iTunes-Zugangsdaten zu stehlen. --------------------------------------------- http://www.heise.de/security/meldung/iTunes-Apple-schliesst-problematische-… *** PayPal Fixes Serious Account Hijacking Bug in Manager *** --------------------------------------------- PayPal patched a hole in its Manager functionality this week that could have made it easy for an attacker to hijack an admin's account, change their password and steal their personal information -- not to mention their savings. --------------------------------------------- http://threatpost.com/paypal-fixes-serious-account-hijacking-bug-in-manager…

1 0

Tageszusammenfassung - Donnerstag 15-05-2014
by Daily end-of-shift report 15 May '14

15 May '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 14-05-2014 18:00 − Donnerstag 15-05-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** VOBFUS Evolves, Adds Multiple Languages *** --------------------------------------------- VOBFUS malware is known for its polymorphic abilities, which allow for easy generation of new variants. We recently came across one variant that replaces these abilities for one never seen in VOBFUS malware before - the ability to 'speak' .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/vobfus-evolves-a… *** Zeus - Reach Expands With New Webinjects *** --------------------------------------------- The peer-to-peer version of Zeus was especially busy in the first quarter with infections reported by banks in 10 countries that previously had .. --------------------------------------------- http://threatpost.com/zeus-reach-expands-with-new-webinjects/106092 *** Blog: Fake antivirus - attack of the clones *** --------------------------------------------- http://www.securelist.com/en/blog/8221/Fake_antivirus_attack_of_the_clones *** Placebo-Virenschutz jetzt auch für Windows Phone *** --------------------------------------------- Augen auf beim Virenscanner-Kauf: Auch im Windows-Phone-Store wimmelt es nur so von Apps, die rein gar nichts tun - ausser Geld zu kosten. --------------------------------------------- http://www.heise.de/security/meldung/Placebo-Virenschutz-jetzt-auch-fuer-Wi… *** Facebook-Virus schürft verdeckt Kryptomünzen *** --------------------------------------------- Der zuerst in Norwegen aufgetauchte Schadcode verbreitet sich über Facebook-Nachrichten und infiziert seine Opfer, wenn diese eine angehängte Datei öffnen. Ist der Schadcode auf dem System, wird dieses deutlich .. --------------------------------------------- http://www.heise.de/security/meldung/Facebook-Virus-schuerft-verdeckt-Krypt… *** Firms must protect against malicious ads *** --------------------------------------------- The Senate warned Google, Yahoo and other leading technology companies Thursday they need to better protect consumers from hackers exploiting their lucrative online advertising networks or risk new legislation that would force them to do so. --------------------------------------------- http://m.apnews.com/ap/db_15897/contentdetail.htm?contentguid=8dJLuw6G *** Bugtraq: CSRF and Remote Code Execution in EGroupware *** --------------------------------------------- http://www.securityfocus.com/archive/1/532103 *** SSA-839231: Incorrect Certificate Verification in Ruggedcom ROX-based Devices *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… Multiple vulnerabilities in Juniper products --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10627 http://kb.juniper.net/index?page=content&id=JSA10626 http://kb.juniper.net/index?page=content&id=JSA10625 Multiple vulnerabilities in Drupal third-party-modules --------------------------------------------- https://drupal.org/node/2267539 https://drupal.org/node/2267485 https://drupal.org/node/2267381 https://drupal.org/node/2267481

1 0

Tageszusammenfassung - Mittwoch 14-05-2014
by Daily end-of-shift report 14 May '14

14 May '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 13-05-2014 18:00 − Mittwoch 14-05-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Microsoft Security Bulletin Summary for May 2014 - Version: 2.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-MAY *** Assessing risk for the May 2014 security updates *** --------------------------------------------- Today we released eight security bulletins addressing 13 unique CVEs. Two bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important. The table is designed to help you prioritize the deployment of updates appropriately for your .. --------------------------------------------- http://blogs.technet.com/b/srd/archive/2014/05/13/assessing-risk-for-the-ma… *** Operation Saffron Rose *** --------------------------------------------- There is evolution and development underway within Iranian-based hacker groups that coincides with Iran's efforts at controlling political dissent and expanding offensive cyber capabilities. The capabilities of .. --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2014/05/operation-sa… *** Yokogawa Multiple Products Vulnerabilities *** --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-133-01 *** DSA-2927 libxfont *** --------------------------------------------- http://www.debian.org/security/2014/dsa-2927 *** WordPress Formidable Forms Remote Code Execution *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014050069 *** Patchday: Adobe flickt Flash und Illustrator *** --------------------------------------------- Adobe hat am Mai-Patchday Sicherheitsupdates für Lücken im Flash-Player und in Adobe Illustrator CS6 herausgegeben. Die Updates für beide Programme werden von der Firma als kritisch eingeschätzt. --------------------------------------------- http://www.heise.de/security/meldung/Patchday-Adobe-flickt-Flash-und-Illust… *** Security updates available for Adobe Flash Player *** --------------------------------------------- Adobe has released security updates for Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.356 and earlier versions for Linux. These updates address vulnerabilities that could .. --------------------------------------------- https://helpx.adobe.com/security/products/flash-player/apsb14-14.html *** Security hotfix available for Adobe Illustrator (CS6) *** --------------------------------------------- Adobe has released a security hotfix for Adobe Illustrator (CS6) for Windows and Macintosh. This hotfix addresses a vulnerability that could be exploited to gain remote code execution on the affected system. Adobe recommends users .. --------------------------------------------- https://helpx.adobe.com/security/products/illustrator/apsb14-11.html *** Heartbleed-Betroffene stecken Kopf in den Sand *** --------------------------------------------- Wer einen Server mit einer für Heartbleed anfälligen OpenSSL-Version betrieben hat, muss damit rechnen, dass seine Private Keys kompromittiert wurden. Trotzdem sind diese in den meisten Fällen immer noch im Einsatz. --------------------------------------------- http://www.heise.de/security/meldung/Heartbleed-Betroffene-stecken-Kopf-in-…

1 0

Tageszusammenfassung - Dienstag 13-05-2014
by Daily end-of-shift report 13 May '14

13 May '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 12-05-2014 18:00 − Dienstag 13-05-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** NSA manipuliert per Post versandte US-Netzwerktechnik *** --------------------------------------------- Bereits Anfang des Jahres hatte Jacob Appelbaum behauptet, die NSA fange per Post versandte Geräte ab, um darauf Spyware zu installieren. Nun untermauert Glenn Greenwald diese Anschuldigung: Betroffen seien unter anderem Router und Server von Cisco. --------------------------------------------- http://www.heise.de/security/meldung/NSA-manipuliert-per-Post-versandte-US-… *** AV-Firma warnt wieder vor Adware-Trojaner für OS X *** --------------------------------------------- Nach Angabe von Doctor Web ist aktuell neue Adware im Umlauf, die auf Mac-Nutzer abzielt. Die unerwünschten Browser-Plugins werden bei der Installation von OS-X-Software mit eingespielt. --------------------------------------------- http://www.heise.de/security/meldung/AV-Firma-warnt-wieder-vor-Adware-Troja… *** Zertifikate: DANE und DNSSEC könnten mehr Sicherheit bringen *** --------------------------------------------- DANE könnte die Echtheitsprüfung von Zertifikaten bei TLS-Verbindungen verbessern. Allerdings benötigt das System DNSSEC - und das ist bislang kaum verbreitet. Der Mailanbieter Posteo prescht jetzt voran und will das System etablieren. --------------------------------------------- http://www.golem.de/news/zertifikate-dane-und-dnssec-koennten-mehr-sicherhe… *** Lücken in AVG Remote Administration bleiben offen *** --------------------------------------------- Auf Anfrage teilte die Firma mit, dass sie Angriffe aus dem LAN heraus nicht verhindern könne und deswegen drei Lücken in der Software nicht schliessen wolle. Durch die Lücken können Angreifer den Virenschutz einer Organisation von innen abschalten. --------------------------------------------- http://www.heise.de/security/meldung/Luecken-in-AVG-Remote-Administration-b… *** Proactively Hardening Systems Against Intrusion: Configuration Hardening *** --------------------------------------------- The concept of 'hardening' has nice imagery to it. When we use it to describe battle-hardened soldiers who have been tested in combat a grim, determined image invariably leaps to mind. The same thing happens when we speak of hardened steel that's been repeatedly quenched and tempered, or .. --------------------------------------------- http://www.tripwire.com/state-of-security/security-data-protection/automati… *** Adobe Security Bulletins Posted *** --------------------------------------------- http://blogs.adobe.com/psirt/?p=1100 *** Linux Kernel raw_cmd_copyin() privilege escalation *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/93050 *** RSA Security Analytics Lets Remote Users Bypass Authentication *** --------------------------------------------- http://www.securitytracker.com/id/1030220 *** RSA NetWitness Lets Remote Users Bypass Authentication *** --------------------------------------------- http://www.securitytracker.com/id/1030219 *** Flag Module for importer code execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/93086 *** grub-mkconfig local access to password *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014050063

1 0

Tageszusammenfassung - Montag 12-05-2014
by Daily end-of-shift report 12 May '14

12 May '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 09-05-2014 18:00 − Montag 12-05-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** Collabtive folder SQL injection *** --------------------------------------------- Collabtive is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the managefile.php script using the folder parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/93029 *** Cobbler kickstart value file include *** --------------------------------------------- Cobbler could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request using the Kickstart value when creating new profiles, to specify a malicious file from the local system, which could allow the attacker to obtain sensitive information or execute arbitrary code on the vulnerable Web server. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/93033 *** Bitcoin Miner Utilizing IRC Worm *** --------------------------------------------- Bitcoin miners have given a new reason for attackers to communicate en mass with infected users. IRC worms are not exactly the most hip way to communicate, but they remain effective at sending and receiving commands. I recently came across several samples which bit coin mining examples leveraging IRC. The malicious binary, once installed, queries for the network shares connected to the --------------------------------------------- http://feedproxy.google.com/~r/zscaler/research/~3/2xQ7VPxF-ms/bitcoin-mine… *** strongSwan Null Pointer Dereference in Processing ID_DER_ASN1_DN ID Payloads Lets Remote Users Deny Service *** --------------------------------------------- A vulnerability was reported in strongSwan. A remote user can cause denial of service conditions. A remote user can send a specially crafted ID_DER_ASN1_DN ID payload to trigger a null pointer dereference and cause the target IKE service to crash. --------------------------------------------- http://www.securitytracker.com/id/1030209 *** G Data: Symantecs "Ende der Antivirensoftware" verunsichert Nutzer *** --------------------------------------------- Nicht verunsichern lassen und weiter Antivirensoftware kaufen - so lautet ein Aufruf von G Data. Symantec hatte zuvor erklärt, dass nur noch durchschnittlich 45 Prozent aller Angriffe von Antivirensoftware erkannt werden. --------------------------------------------- http://www.golem.de/news/g-data-symantecs-ende-der-antivirensoftware-veruns… *** Drupal Flag 7.x-3.5 Command Execution *** --------------------------------------------- Topic: Drupal Flag 7.x-3.5 Command Execution Risk: High Text:Drupal Flag 7.x-3.5 Module Vulnerability Report Author: Ubani Anthony Balogun Reported: May 07, 2014 ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014050054 *** Nach Heartbleed: Neues Zertifikat, alter Key *** --------------------------------------------- Nach dem Heartbleed-Bug haben viele Administratoren Zertifikate für TLS-Verbindungen ausgetauscht. Viele haben dabei jedoch einen fatalen Fehler begangen: Sie erstellten zwar ein neues Zertifikat, aber keinen neuen Schlüssel. (Technologie, Applikationen) --------------------------------------------- http://www.golem.de/news/nach-heartbleed-neues-zertifikat-alter-key-1405-10… *** Backdoor Xtrat Continues to Evade Detection *** --------------------------------------------- While reviewing recent reports scanned by ZULU, we came across a malicious report that drew our attention. It was notable as the final redirection downloaded ZIP content by accessing a PHP file on the domain www.stisanic.com. URL: hxxp://www[.]stisanic[.]com/wp-content/coblackberrycomnotasdevozdate07052014[.]php ZULUs virustotal check scored the file as higher risk. At the time 10 --------------------------------------------- http://feedproxy.google.com/~r/zscaler/research/~3/OqS4L1x6ebQ/backdoor-xtr… *** Link-shortening service Bit.ly suffers data breach *** --------------------------------------------- We have reason to believe that Bitly account credentials have been compromised; specifically, users' email addresses, encrypted passwords, API keys and OAuth tokens. We have no indication at this time that any accounts have been accessed without permission. We have taken steps to ensure the security of all accounts, including disconnecting all users' Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login. --------------------------------------------- http://blog.bitly.com/post/85169217199/urgent-security-update-regarding-you… *** Falsche Zertifikate unterwandern HTTPS-Verbindungen *** --------------------------------------------- Forscher sprechen von signifikantem Teil der verschlüsselten Kommunikation - Vor allem Firewalls und Antivirensoftware verantwortlich --------------------------------------------- http://derstandard.at/1399507237936 *** Linux-Kernel: Root-Rechte für Nutzer *** --------------------------------------------- Durch einen Fehler im Linux-Kernel kann ein einfacher Nutzer Root-Rechte erlangen. Bekannt ist der Fehler schon seit gut einer Woche, aber jetzt gibt es einen öffentlichen Exploit. --------------------------------------------- http://www.golem.de/news/linux-kernel-root-rechte-fuer-nutzer-1405-106407-r… *** Race Condition in the Linux kernel *** --------------------------------------------- The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. --------------------------------------------- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196 *** Unbekannte bieten 33 Millionen E-Mail-Adressen feil *** --------------------------------------------- Das könnte die nächste Spam-Welle auslösen: Unbekannte bieten per E-Mail mehrere Millionen Mailadressen von deutschen Providern zum Kauf an. Angeblich handelt es sich um 100 Prozent gültige Adressen. --------------------------------------------- http://www.heise.de/security/meldung/Unbekannte-bieten-33-Millionen-E-Mail-… *** HPSBST03038 rev.1 - HP H-series Fibre Channel Switches, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with certain HP H-series Fibre Channel Switches. This vulnerability could be exploited remotely to disclose information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Bugtraq: ESA-2014-027: RSA NetWitness and RSA Security Analytics Authentication Bypass Vulnerability *** --------------------------------------------- RSA NetWitness and RSA Security Analytics each contain a security fix for an authentication bypass vulnerability that could potentially be exploited to compromise the affected system. When PAM for Kerberos is enabled, an attacker can authenticate to the vulnerable system with a valid user name and without specifying a password. This issue does not affect other authentication methods. --------------------------------------------- http://www.securityfocus.com/archive/1/532077

1 0

Tageszusammenfassung - Freitag 9-05-2014
by Daily end-of-shift report 09 May '14

09 May '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 08-05-2014 18:00 − Freitag 09-05-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Advance Notification Service for the May 2014 Security Bulletin Release *** --------------------------------------------- Today we provide Advance Notification Service (ANS) for the release of eight bulletins, two rated Critical and six rated Important in severity. These updates will address vulnerabilities for .NET Framework, Office, Internet Explorer, and Windows. As we do every month, we've scheduled the security bulletin release for the second Tuesday of the month, May 13, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for deployment guidance and further analysis together with a brief --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2014/05/08/advance-notification-ser… *** Prenotification Security Advisory for Adobe Reader and Acrobat *** --------------------------------------------- Adobe is planning to release security updates on Tuesday, May 13, 2014 for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh. --------------------------------------------- https://helpx.adobe.com/security/products/reader/apsb14-15.html *** SQL Injection In Insert, Update, And Delete *** --------------------------------------------- This is a brief whitepaper that goes over different payloads that can be leveraged in SQL injection attacks. --------------------------------------------- http://packetstormsecurity.com/files/126527/SQL-Injection-In-Insert-Update-… *** SNMP: The next big thing in DDoS Attacks? *** --------------------------------------------- It started with DNS: Simple short DNS queries are easily spoofed and the replies can be much larger then the request, leading to an amplification of the attack by orders of magnitude. Next came NTP. Same game, different actors: NTPs "monlist" feature allows for small requests (again: UDP, so trivially spoofed) and large responses. Today, we received a packet capture from a reader showing yet another reflective DDoS mode: SNMP. The "reflector" in this case... --------------------------------------------- https://isc.sans.edu/diary/SNMP%3A+The+next+big+thing+in+DDoS+Attacks%3F/18… *** Heartbleed, IE Zero Days, Firefox vulnerabilities - Whats a System Administrator to do? *** --------------------------------------------- With the recent headlines, weve seen heartbleed (which was not exclusive to Linux, but was predominately there), an IE zero day that had folks over-reacting with headlines of "stop using IE", but Firefox and Safari vulnerabilities where not that far back in the news either. So what is "safe"? And as an System Administrator or CSO what should you be doing to protect your organization? --------------------------------------------- https://isc.sans.edu/diary/Heartbleed%2C+IE+Zero+Days%2C+Firefox+vulnerabil… *** Exploit Kit Roundup: Best of Obfuscation Techniques *** --------------------------------------------- The world of exploit kits is an ever-changing one, if you happen to look away even just for one month, you'll come back to find that most everything has changed around you. Because of this, people like us, who work on a secure web gateway product, are continuously immersed in the world of exploit kits. Every once in a while it's a good idea to stop, take a look around us, and review what's changed. We would like to share some of the more interesting obfuscation techniques --------------------------------------------- http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/R9KtNDgyouY/exploit-ki… *** Surge in Viknok infections bolsters click fraud campaign *** --------------------------------------------- Researchers detected over 16,500 Viknok infections in the first week of May alone. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/6mC7Lf47bgY/ *** Malicious DIY Java applet distribution platforms going mainstream - part two *** --------------------------------------------- In a cybercrime ecosystem, dominated by client-side exploits serving Web malware exploitation kits, cybercriminals continue relying on good old fashioned social engineering tricks in an attempt to trick gullible end users into knowingly/unknowingly installing malware. In a series of blog posts, we've been highlighting the existence of DIY (do-it-yourself), social engineering driven, Java drive-by type of Web based platforms, further enhancing the current efficient state of social... --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/6wG1i4Gl5HQ/ *** Bitly shortens life of users passwords after credential compromise *** --------------------------------------------- OAuth tentacles mean its time to change ANOTHER password URL-shortening and online marketing outfit Bit.ly has warned its systems have been accessed by parties unknown and suggested users change their passwords. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/05/09/bitly_short… *** Weekly Metasploit Update: Disclosing Usernames, More Flash Bugs, and Wireshark Targets *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/05/08/weekly-me… *** Heartbleed: Noch immer 300.000 Server verwundbar *** --------------------------------------------- Vier Wochen nach Auftauchen der Lücke zeigt Untersuchung nur wenig Fortschritte --------------------------------------------- http://derstandard.at/1399507030882 *** Cyber Security Challenge sucht österreichische IT-Talente *** --------------------------------------------- Bereits zum dritten Mal wird im Rahmen der Cyber Security Challenge Austria nach jungen Hacker-Talenten gesucht. Dieses Jahr gibt es auch einen europaweiten Wettbewerb. --------------------------------------------- http://futurezone.at/netzpolitik/cyber-security-challenge-sucht-oesterreich… *** CVE-2014-3214: A Defect in Prefetch Can Cause Recursive Servers to Crash *** --------------------------------------------- A defect in the pre-fetch feature (which is enabled by default) can cause BIND 9.10.0 to terminate with a "REQUIRE" assertion failure if it processes queries whose answers have particular attributes. This can be triggered as the result of normal query processing. --------------------------------------------- https://kb.isc.org/article/AA-01161 *** QNAP-Photostation V.3.2 XSS *** --------------------------------------------- XSS-Lücke in QNAP-Photostation V.3.2 (auf QNAP NAS TS259+ Pro - Firmware 4.0.7 vom 12.04.2014) --------------------------------------------- http://sdcybercom.wordpress.com/2014/04/25/qnap-cross-site-scripting-nicht-… *** Digi International OpenSSL Vulnerability *** --------------------------------------------- Digi International has identified five products that are vulnerable to the OpenSSL Heartbleed bug. Digi International has produced downloadable firmware upgrade versions that mitigate this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-128-01 *** IBM Security Bulletins for TADDM *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** Kaspersky Internet Security Null Pointer Dereference in prremote.dll Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1030203 *** Multiple BIG-IP products iControl command execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/93015 *** Security Bulletin: IBM iNotes Cross-Site Scripting Vulnerability (CVE-2014-0913) *** --------------------------------------------- IBM iNotes versions 9.0.1 and 8.5.3 Fix Pack 6 contain a cross-site scripting vulnerability. The fixes for these issues were introduced in IBM Domino and IBM iNotes versions 9.0.1 Fix Pack 1 and 8.5.3 Fix Pack 6 Interim Fix 2. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21671981 *** HPSBMU03035 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross-Site Scripting (XSS) *** --------------------------------------------- A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. This vulnerability could be exploited remotely to allow cross-site scripting (XSS). --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** HPSBGN03008 rev.2 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information *** --------------------------------------------- The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** R7-2013-19.2 Disclosure: Yokogawa CENTUM CS 3000 BKESimmgr.exe Buffer Overflow (CVE-2014-0782) *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/05/09/r7-2013-1…

1 0

Tageszusammenfassung - Donnerstag 8-05-2014
by Daily end-of-shift report 08 May '14

08 May '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 07-05-2014 18:00 − Donnerstag 08-05-2014 18:00 Handler: L. Aaron Kaplan Co-Handler: Stephan Richter *** The State of Cryptography in 2014, Part 2: Hardware, Black Swans, and What To Do Now *** --------------------------------------------- We continue our look into the state of cryptography in 2014; Part 1 was posted earlier this week. Is Hardware Security Any Better? We closed the first post by asking: is hardware any more trustworthy? One would think that it is - but it's not. Recently, chip vendors have been incorporating cryptography into their CPUs or chipsets. Usually,... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5erAjAwWMmU/ *** SIRv16: Cybercriminal tactics trend toward deceptive measures *** --------------------------------------------- Microsoft's Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110 countries/regions worldwide. The report is designed to help IT and security professionals better protect themselves and their organizations from cyberattacks. Malware data is gathered from the Malicious Software Removal Tool (MSRT), which is used to calculate the infection rate... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/05/07/sirv16-cybercriminal-tac… *** Case Study: Analyzing the Origins of a DDoS Attack *** --------------------------------------------- Recently a client was experiencing a massive layer 7 DDOS attack, generating tens of thousands of random HTTP requests per second to the server. The architecture of the website included a cluster of three web servers responsible for handling all incoming traffic, which did little to alleviate the pressures brought about the attack. An interestingRead More --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/7nrfa2OwFuo/map-of-a-ddos-att… *** Systemkamera Samsung NX300 öffnet Hackern Tür und Tor *** --------------------------------------------- Die Kamera enthält eine ganze Reihe von Sicherheitslücken, inklusive einem weit offen stehenden X-Server und einem reprogrammierbaren NFC-Chip. Angreifer könnten diese nutzen, um Schadcode auf dem Gerät auszuführen. --------------------------------------------- http://www.heise.de/security/meldung/Systemkamera-Samsung-NX300-oeffnet-Hac… *** April 2014 virus activity review from Doctor Web *** --------------------------------------------- April 30, 2014 April 2014 proved to be quite fruitful in terms of the emergence of new threats. In particular, Doctor Webs security researchers discovered a new multi-purpose backdoor targeting Windows. Also registered were numerous incidents involving adware browser extensions for Mac OS X. In addition, a variety of signatures for Android malware were added to the virus databases. --------------------------------------------- http://news.drweb.com/show/?i=4376&lng=en&c=9 *** Volafox Mac OS X Memory Analysis Toolkit *** --------------------------------------------- Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:... --------------------------------------------- http://www.sectechno.com/2014/05/04/volafox-mac-os-x-memory-analysis-toolki… *** Security: Gravierende Lücke in AVG Remote Administration *** --------------------------------------------- Nutzer, die das Fernwartungspaket AVG Remote Administration nutzen, sollten dringend einen aktuellen Patch installieren. Bisher war es möglich, dass Angreifer über das Programm Code einschleusen konnten - aber das ist nicht die einzige Lücke, weitere stehen noch offen. --------------------------------------------- http://www.golem.de/news/security-gravierende-luecke-in-avg-remote-administ… *** [2014-05-08] Multiple critical vulnerabilities in AVG Remote Administration *** --------------------------------------------- Attackers are able to completely compromise the AVG Admin server (part of AVG Remote Administration) system as they can gain full access at the application and system level by exploiting remote code execution, authentication bypass, missing entity authentication and insecure encryption vulnerabilities. Attackers can also manage endpoints and possibly deploy attacker-controlled code on endpoints. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players *** --------------------------------------------- Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute arbitrary code on the system of a targeted user. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** SA-CONTRIB-2014-049 - Organic Groups (OG) - Access Bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-049Project: Organic groups (third-party module)Version: 7.xDate: 2014-May-07Security risk: Moderately criticalExploitable from: RemoteVulnerability: Access bypassDescriptionOrganic groups (OG) enables users to create and manage their own groups. Each group can have subscribers, and maintains a group home page where subscribers communicate amongst themselves.OG doesnt sufficiently check the permissions when a group member is pending or blocked status within... --------------------------------------------- https://drupal.org/node/2261245 *** Ruby on Rails Implicit Render Bug Lets Remote Users Obtain Files From the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1030210 *** HP Security Bulletins *** --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Vuln: vBulletin Multiple Cross Site Scripting Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/66972 *** Vuln: SAP Solution Manager Background Processing Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/67107 *** Vuln: SAP NetWeaver Portal WD Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/67104 *** Security Advisory-Radius Vulnerability on Some Huawei Devices *** --------------------------------------------- On huawei Campus Switch, AR, SRG,WLAN devices, the RADIUS component cannot handle malformed RADIUS packets. This vulnerability allows attackers to repeatedly restart the device, causing a DoS attack (Vulnerability ID: HWPSIRT-2014-0307). --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…

1 0

Tageszusammenfassung - Mittwoch 7-05-2014
by Daily end-of-shift report 07 May '14

07 May '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 06-05-2014 18:00 − Mittwoch 07-05-2014 18:00 Handler: L. Aaron Kaplan Co-Handler: Stephan Richter *** TLS 1.3 Working Group Has Consensus to Deprectate RSA Key Transport *** --------------------------------------------- RSA key transport cipher suites could be deprecated in TLS 1.3 in favor of Diffie-Hellman Exchange or Elliptic curve Diffie-Hellman. --------------------------------------------- http://threatpost.com/tls-1-3-working-group-has-consensus-to-deprectate-rsa… *** Antivirus is Dead: Long Live Antivirus! *** --------------------------------------------- An article in The Wall Street Journal this week quoted executives from antivirus pioneer Symantec uttering words that would have been industry heresy a few years ago, declaring antivirus software "dead" and stating that the company is focusing on developing technologies that attack online threats from a different angle. This hardly comes as news for anyone in the security industry whos been paying attention over the past few years, but Im writing about it because this is a great --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/INOFThmd17Q/ *** Sicherheit im Fokus der Linuxwochen in Wien *** --------------------------------------------- Von 8. bis 10. Mai finden auf der FH Technikum Wien zahlreiche Vorträge und Workshops zu Linux, Open Data und Open Source statt. --------------------------------------------- http://futurezone.at/digital-life/sicherheit-im-fokus-der-linuxwochen-in-wi… *** Video: NEXT Berlin *** --------------------------------------------- Mikko spoke at NEXT Berlin yesterday:And the video is now online: Arms Race. [24m15s] On 06/05/14 At 12:31 PM --------------------------------------------- http://www.f-secure.com/weblog/archives/00002701.html *** Erpressungstrojaner drohen Android-Nutzern *** --------------------------------------------- Sicherheitsforscher haben den ersten Trojaner entdeckt, der Android-Geräte befällt und von seinen Opfern Lösegeld erpresst. Der Schadcode mit dem Namen Koler.A befällt bereits Smartphones weltweit. --------------------------------------------- http://www.heise.de/security/meldung/Erpressungstrojaner-drohen-Android-Nut… *** Security: Gegen die Angst vor Angriffen aufs Smartphone *** --------------------------------------------- Für das Re:publica-Publikum haben die Sicherheitsexperten Linus Neumann und Ben Schlabs ein paar Tipps parat, wie Smartphones gesichert werden können. Und sie zeigen, wie Siri als Einbruchhelfer missbraucht werden kann. --------------------------------------------- http://www.golem.de/news/security-gegen-die-angst-vor-angriffen-aufs-smartp… *** Hintergrund: SSL-Fuzzing mit "Frankencerts" *** --------------------------------------------- Durch das Zusammenstückeln von Tausenden von echten SSL-Zertifikaten zu über acht Millionen "Frankencerts" haben Forscher Lücken in gängigen SSL-Bibliotheken gefunden. --------------------------------------------- http://www.heise.de/security/artikel/SSL-Fuzzing-mit-Frankencerts-2166135.h… *** New DNS Spoofing Technique: Why we havent covered it., (Wed, May 7th) *** --------------------------------------------- The last couple of days, a lot of readers sent us links to articles proclaiming yet another new flaw in DNS. "Critical Vulnerability in BIND Software Puts DNS Protocol Security At Risk" [1] claimed one article, going forward to state: "The students have found a way to compel DNS servers to connect with a specific server controlled by the attacker that could respond with a false IP address. “ So how bad is this really? First of all, here is a the --------------------------------------------- http://isc.sans.edu/diary.html?storyid=18079&rss *** OpenBSD-Entwickler bezweifeln angebliche OpenSSH-Schwachstelle *** --------------------------------------------- Der Exploit soll so schlimm wie der SSL-GAU Heartbleed sein und die wichtige Unix-Bibliothek OpenSSH betreffen. Allerdings sagen viele Entwickler, dass die Lücke wahrscheinlich nicht existiert. --------------------------------------------- http://www.heise.de/security/meldung/OpenBSD-Entwickler-bezweifeln-angeblic… *** Advanced Evasion Techniques (AET) a Major Concern for CIOs *** --------------------------------------------- According to a new Vanson Bourne study sponsored by McAfee, CIOs are adding yet another threat to their ever-growing list of network security concerns: Advanced Evasion Techniques, or AETs. Unlike Advanced Persistent Threats (APTs) and other advanced malware, Advanced Evasion Techniques are not types of malicious software. Rather, they are a technique used by threat [...]The post Advanced Evasion Techniques (AET) a Major Concern for CIOs appeared first on Seculert Blog on Advanced Threats and --------------------------------------------- http://www.seculert.com/blog/2014/05/advanced-evasion-techniques-aet-a-majo… *** ABB Relion 650 Series OpenSSL Vulnerability *** --------------------------------------------- ABB has identified an OpenSSL vulnerability in its Relion 650 series application. ABB is in the process of creating a patch that mitigates this vulnerability. This vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-126-01 *** Security Advisory- BootRom Menu and Boot Menu Vulnerabilities on Huawei Campus Switches *** --------------------------------------------- Some versions of Huawei Campus S7700/S9300/S9700 switches are affected by the BootRom and Boot Menu vulnerability. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** VU#902790: Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability *** --------------------------------------------- Vulnerability Note VU#902790 Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability Original Release date: 07 May 2014 | Last revised: 07 May 2014 Overview Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery (CSRF) vulnerability. (CWE-352) Description CWE-352: Cross-Site Request Forgery (CSRF)Fortinet Fortiweb prior to version 5.2.0 do not... --------------------------------------------- http://www.kb.cert.org/vuls/id/902790 *** HPSBMU02994 rev.4 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified in HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…

1 0

Tageszusammenfassung - Dienstag 6-05-2014
by Daily end-of-shift report 06 May '14

06 May '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 05-05-2014 18:00 − Dienstag 06-05-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** NIST updates Transport Layer Security (TLS) guidelines *** --------------------------------------------- The National Institute of Standards and Technology (NIST) has released an update to a document that helps computer administrators maintain the security of information traveling across their networks. --------------------------------------------- http://www.net-security.org/secworld.php?id=16794 *** Finding Weak Remote Access Passwords on POS Devices *** --------------------------------------------- One of my key take-aways in the Verizon Data Breach Incident Report was that credentials are a major attack vector in 2013. Especially within the POS Intrusions, brute forcing and use of stolen creds was a major problem. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/05/05/finding-w… *** Analyzing CVE-2014-0515 - The Recent Flash Zero-Day *** --------------------------------------------- Last week, Adobe released an advisory disclosing a new zero-day vulnerability in Flash Player. Looking into the exploit code used in attacks targeting this vulnerability, we found several interesting ties to other vulnerabilities - not all of them for Flash Player, either. To explain this, we will discuss the highlights of how this exploit was performed. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/H6laAIdlckU/ *** Live from InfoSecurity Europe 2014: The Nitty Gritty of Sandbox Evasion *** --------------------------------------------- Infosecurity Europe 2014 was a great gathering of the top minds in cybersecurity, and in case you missed the event, we were excited to capture live content from the show floor to share with our readers. Over the next few... --------------------------------------------- http://www.fireeye.com/blog/corporate/2014/05/live-from-infosecurity-europe… *** And the Web it keeps Changing: Recent security relevant changes to Browsers and HTML/HTTP Standards, (Tue, May 6th) *** --------------------------------------------- As we all know, web standards are only leaving "draft" status once they start becoming irrelevant. It is a constant challenge to keep up with how web browsers interpret standards and how the standards themselves keep changing. We are just going through one of the perpetual updates for our "Defending Web Applications" class, and I got reminded again about some of the changes we had to make over the last year or so. Autocomplete=Off This weekend we just had yet another post... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=18075&rss *** Watch a bank-raiding ZeuS bot command post get owned in 60 seconds *** --------------------------------------------- RC4? Shoddy PHP coding? You VXers should try a little harder Vid Web thieves may get more than they bargained for if tech pros follow the lead of one researcher - who demonstrated how to hack the systems remote-controlling the infamous ZeuS crime bot in 60 seconds. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/05/06/zeus_pwned_… *** The State of Cryptography in 2014, Part 1: On Fragility and Heartbleed *** --------------------------------------------- It seems like cryptography has been taking a knock recently. This is both good and bad, but is not actually true: cryptography is always under attack, and for that reason constantly evolves. That's bad, but it's good to realize that cryptography needs constant attention. The threat to cryptography can be very disruptive, as we most recently... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/kwDfInwBFvo/ *** Dropbox schließt Referer-Lücke *** --------------------------------------------- In begrenzten Rahmen geteilte Dropbox-Dokumente können beim Klick auf darin enthaltene Links enttarnt werden. Durch den Fix macht der Cloud-Dienstleister allerdings alle existierenden Dokumente unerreichbar. Diese müssen neu geteilt werden. --------------------------------------------- http://www.heise.de/security/meldung/Dropbox-schliesst-Referer-Luecke-21835… *** Security Bulletin: Multiple Vulnerabilities in IBM iNotes (CVE-2013-0589, CVE-2013-0592, CVE-2013-0594, CVE-2013-0595) *** --------------------------------------------- IBM iNotes versions prior to 8.5.3 Fix Pack 6 and 9.0.1 contain multiple security vulnerabilities: CVE-2013-0589, CVE-2013-0592, CVE-2013-0594 and CVE-2013-0595. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21671622 *** Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client - Version: 1.0 *** --------------------------------------------- Microsoft is announcing the availability of an update for the Juniper Networks Windows In-Box Junos Pulse Client for Windows 8.1 and Windows RT 8.1. The update addresses a vulnerability in the Juniper VPN client by updating the affected Juniper VPN client libraries contained in affected versions of Microsoft Windows. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/2962393 *** Bugtraq: ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/532031 *** Bugtraq: [security bulletin] HPSBGN03010 rev.4 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information *** --------------------------------------------- http://www.securityfocus.com/archive/1/532037 *** Cisco Nexus 1000V Access Control List Bypass Vulnerability *** --------------------------------------------- A vulnerability in Cisco Nexus 1000V switches could allow an unauthenticated, remote attacker to bypass deny statements in access control lists (ACLs) with certain types of Internet Group Management Protocol version 2 (IGMPv2) or IGMP version 3 (IGMPv3) traffic. IGMP version 1 (IGMPv1) is not affected. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco Broadcast Access Center for Telco and Wireless Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability in the web framework of the Cisco Broadcast Access Center for Telco and Wireless (BAC-TW) could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack against the Cisco BAC-TW web interface. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco Broadcast Access Center for Telco and Wireless Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the web framework of the Cisco Broadcast Access Center for Telco and Wireless (BAC-TW) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco BAC-TW web interface. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Struts 2.3.16.3 Manipulation Fix *** --------------------------------------------- Topic: Struts 2.3.16.3 Manipulation Fix Risk: Medium Text:The Apache Struts group is pleased to announce that Struts 2.3.16.3 is available as a "General Availability" release.The GA de... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014050026

1 0

Tageszusammenfassung - Montag 5-05-2014
by Daily end-of-shift report 05 May '14

05 May '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 02-05-2014 18:00 − Montag 05-05-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Lnk files in Email Malware Distribution *** --------------------------------------------- Recently I have noticed more use of .lnk files used in malware distribution via email. These files are Windows Shortcut files, typically used for shortcuts on your system, such as on your desktop. The use of .lnk files in emails is not new, but a recent sample caught my eye and I took a closer look. The original email, as it would appear to the recipient, looked like this, purporting to be from an individual at Automatic Data Processing, and containing what looks to be a PDF document and a ZIP --------------------------------------------- http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/VEYzrNB7xos/lnk-files-… *** PHP Updated to Fix OpenSSL Flaws, Other Bugs *** --------------------------------------------- The maintainers of PHP have released two new versions of the scripting language that fix a number of bugs, including a pair of vulnerabilities related to OpenSSL. Versions 5.4.28 and 5.5.12 both contain that important patch, as well as fixes for more than a dozen other vulnerabilities. The fix for the OpenSSL flaws is in both... --------------------------------------------- http://threatpost.com/php-updated-to-fix-heartbleed-other-bugs/105867 *** iOS 7 Update Silently Removes Encryption For Email Attachments *** --------------------------------------------- An anonymous reader writes "Apple has removed encrypted email attachments from iOS 7. Apple said back in June 2010 in regards to iOS 4.0: Data protection is available for devices that offer hardware encryption, including iPhone 3GS and later, all iPad models, and iPod touch (3rd generation and later). Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/FyN_d8fBQgo/story01.htm *** Attack Prediction: Malicious gTLD Squatting May Be The Next Big Threat *** --------------------------------------------- Late last year, ICANN began expanding the generic Top-Level Domains (gTLDs). In addition to the standard .COM, .ORG, and .NET TLDs, over 1,300 new names could become available in the next few years. These new gTLDs and internationalized domain names (IDNs) are awesome ideas if you think about the creativity sparked around the names one can possibly register. --------------------------------------------- http://labs.opendns.com/2014/04/23/malicious-gtld-squatting/ *** Spear Phishing Emails: A Psychological Tactic of Threat Actors *** --------------------------------------------- By exploiting network security vulnerabilities, today's generation of threat actors are able to install advanced polymorphic malware to steal data and damage reputations. But their manipulation efforts aren't limited to codes and machines - they extend to people, too. --------------------------------------------- http://www.seculert.com/blog/2014/05/spear-phishing-emails-a-psychological-… *** Evolution of Encrypting Ransomware *** --------------------------------------------- Recently we've seen a big change in the encrypting ransomware family and we're going to shed light on some of the newest variants and the stages of evolution that have led the high profile malware to where it is today. For those that aren't aware of what encrypting ransomware is, its a cryptovirus that encrypts all your data from local hard drives, network shared drives, removable hard drives and USB. The encryption is done using an RSA -2048 asymmetric public key which makes... --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/hp9iym0nxN0/ *** Symantec Critical System Protection for Windows Default Policy Bypass *** --------------------------------------------- Revisions None Severity Symantec does not believe that this bypass represents Symantec Critical System Protection (SCSP) vulnerability. The policy bypass ... --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Bugtraq: [ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact *** --------------------------------------------- http://www.securityfocus.com/archive/1/532008 *** Vuln: F5 Networks BIG-IQ Remote Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/67191 *** F5 BIG-IQ 4.1.0.2013.0 Password Change Exploit *** --------------------------------------------- Topic: F5 BIG-IQ 4.1.0.2013.0 Password Change Exploit Risk: High Text:## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-fr... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014050012 *** OpenSSL Null Pointer Dereference in do_ssl3_write() Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1030188 *** [webapps] - Seagate BlackArmor NAS - Multiple Vulnerabilities *** --------------------------------------------- http://www.exploit-db.com/exploits/33159 *** Vuln: WordPress NextCellent Gallery Plugin CVE-2014-3123 Multiple Cross Site Scripting Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/67085 *** IBM Tivoli Netcool/Portal vulnerable to CVE-2014-0160 & CVE-2014-0076 *** --------------------------------------------- Security vulnerabilities have been discovered in OpenSSL. CVE(s): CVE-2014-0160 and CVE-2014-0076 Affected product(s) and affected version(s): IBM Tivoli Netcool/Portal 2.1.2 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21671783 X-Force Database: http://xforce.iss.net/xforce/xfdb/92322 X-Force Database: http://xforce.iss.net/xforce/xfdb/91990 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_tivoli_netcool_po… *** IBM Security Bulletin: Multiple OpenSSL vulnerabilities in Tivoli Endpoint Manager for Remote Control. (CVE-2013-4353,CVE-2013-6449) *** --------------------------------------------- Security vulnerabilities exist in the version of OpenSSL shipped with Tivoli Endpoint Manager for Remote Control. CVE(s): CVE-2013-4353 and CVE-2013-6449 Affected product(s) and affected version(s): Tivoli Endpoint Manager for Remote Control version 8.2.1. Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21669040 X-Force Database: http://xforce.iss.net/xforce/xfdb/90201 X-Force --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** Bugtraq: [HP security bulletins] *** --------------------------------------------- http://www.securityfocus.com/archive/1/532002 http://www.securityfocus.com/archive/1/532001 http://www.securityfocus.com/archive/1/532003 http://www.securityfocus.com/archive/1/532004 http://www.securityfocus.com/archive/1/532007 http://www.securityfocus.com/archive/1/532010 http://www.securityfocus.com/archive/1/532011 http://www.securityfocus.com/archive/1/532012 http://www.securityfocus.com/archive/1/532013 http://www.securityfocus.com/archive/1/532014 http://www.securityfocus.com/archive/1/532022 http://www.securityfocus.com/archive/1/532023

1 0

Tageszusammenfassung - Freitag 2-05-2014
by Daily end-of-shift report 02 May '14

02 May '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 30-04-2014 18:00 − Freitag 02-05-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Serious security flaw in OAuth, OpenID discovered *** --------------------------------------------- Attackers can use the "Covert Redirect" vulnerability in both open-source login systems to steal your data and redirect you to unsafe sites. --------------------------------------------- http://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discover… *** Ubuntu schließt weitere Lücken im Unity-Sperrbildschirm *** --------------------------------------------- Mit zwei Updates für ihren Unity-Desktop haben die Entwickler der Linux-Distribution weitere Sicherheitsprobleme behoben. Diese hätten es ermöglicht, den Sperrbildschirm unter bestimmten Umständen zu umgehen. --------------------------------------------- http://www.heise.de/security/meldung/Ubuntu-schliesst-weitere-Luecken-im-Un… *** Security Update Released to Address Recent Internet Explorer Vulnerability *** --------------------------------------------- Today, we released a security update to address the Internet Explorer (IE) vulnerability first described in Security Advisory 2963983. This security update addresses every version of Internet Explorer. While we've seen only a limited number of targeted attacks, customers are advised to install this update promptly. The majority of our customers have automatic updates enabled and so will not need to take any action as protections will be downloaded and installed automatically. If... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2014/05/01/security-update-released… *** Sefnit Botnet Swaps Tor for SSH *** --------------------------------------------- Facebook security researchers spot a Sefnit/Mevade click-fraud and Bitcoin-mining botnet returning to its previous SSH command-and-control communications infrastructure. --------------------------------------------- http://www.darkreading.com/attacks-breaches/sefnit-botnet-swaps-tor-for-ssh… *** Factsheet DNS Amplification *** --------------------------------------------- DDoS-attacks have been hitting headlines the last year. In some of these attacks, attackers use a technique called DNS amplification. This factsheet will help network administrators in preventing DNS amplification attacks via their systems. --------------------------------------------- http://www.ncsc.nl/english/current-topics/news/factsheet-dns-amplification.… *** Apple Fixes Critical Hole in Developer Center *** --------------------------------------------- Apple patched a potentially serious hole in its Developer Center that could have given anyone unfettered access to personal contact information for Apple employees and partners. --------------------------------------------- http://threatpost.com/apple-fixes-critical-hole-in-developer-center/105848 *** All About Windows Tech Support Scams *** --------------------------------------------- *Editors Notes: The purpose of this research was to see exactly how this scam is carried out, and the extent to which it is done. DO NOT TRY THIS AT HOME. We used a clean machine, off network, to monitor the activity of the scammer. Have you ever received a phone call from a tech support person claiming to be from Microsoft, and that your Windows based machine has been found to have a virus on it? These cold calls typically come from loud call centers, and are targeting the uninformed and... --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/qw_08fRmr5o/ *** SA-CONTRIB-2014-047 - Zen - Cross Site Scripting *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-047Project: Zen (third-party theme)Version: 7.xDate: 2014-April-30Security risk: Moderately criticalExploitable from: RemoteVulnerability: Cross Site ScriptingDescriptionThe Zen theme is a powerful, yet simple, HTML5 starting theme with a responsive, mobile-first grid design.The theme does not properly sanitize theme settings before they are used in the output of a page. Custom themes that have copied Zens template files (e.g. subthemes) may suffer from this --------------------------------------------- https://drupal.org/node/2254925 *** Cross-Site Scripting Vulnerability in Citrix NetScaler Gateway, formerly Citrix Access Gateway Enterprise Edition *** --------------------------------------------- Severity: Medium Description of Problem A Cross-Site Scripting (XSS) vulnerability has been identified in Citrix NetScaler Gateway, formerly known as Citrix Access Gateway Enterprise Edition... --------------------------------------------- http://support.citrix.com/article/CTX140291 *** Cisco TelePresence TC and TE Bugs Let Remote Users Execute Arbitrary Code and Deny Service and Let Local Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1030181 *** AMTELCO miSecure Vulnerabilities *** --------------------------------------------- Researcher Jared Bird of Allina Health reported multiple vulnerabilities in the AMTELCO miSecureMessage (MSM) medical messaging system. AMTELCO has an update available to all customers that mitigates the vulnerabilities. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01 *** WordPress plugin EZPZ One Click Backup Command Injection *** --------------------------------------------- Topic: WordPress plugin EZPZ One Click Backup Command Injection Risk: High Text:Product: WordPress plugin EZPZ One Click Backup Vulnerability type: CWE-78 OS Command Injection Vulnerable versions: 12.03.10... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014050008 *** WordPress leaflet maps marker plugin SQL Injection Vulnerability *** --------------------------------------------- Topic: WordPress leaflet maps marker plugin SQL Injection Vulnerability Risk: Medium Text: # # Exploit Title: WordPress leaflet maps marker plugin SQL Injection Vulnerability # # Author: neo.hapsis #memb... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014050010

1 0

Tageszusammenfassung - Mittwoch 30-04-2014
by Daily end-of-shift report 30 Apr '14

30 Apr '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 29-04-2014 18:00 − Mittwoch 30-04-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** PHP Callback Functions: Another Way to Hide Backdoors *** --------------------------------------------- We often find new techniques employed by malware authors. Some are very interesting, others are pretty funny, and then there are those that really stump us in their creativity and effectiveness. This post is about the latter. Everyone who writes code in PHP knows what the eval() function is .. --------------------------------------------- http://blog.sucuri.net/2014/04/php-callback-functions-another-way-to-hide-b… *** [papers] - Introduction to Android Malware Analysis *** --------------------------------------------- http://www.exploit-db.com/download_pdf/33093 *** Xen HVMOP_set_mem_type Page Transition Flaw Lets Local Users on the Guest System Cause Denial of Service Conditions on the Host System *** --------------------------------------------- http://www.securitytracker.com/id/1030160 *** "Bypassing endpoint protections" @ BSides London *** --------------------------------------------- This week I presented at BSides London. The talk is titled "Layers on layers: bypassing endpoint protection". The purpose of this talk is to reiterate on the (well-known) common weakness of most endpoint protection products - their reliance on kernel integrity. Once the attacker achieves arbitrary code execution in the kernel, there .. --------------------------------------------- http://labs.bromium.com/2014/04/29/bypassing-endpoint-protections-bsides-lo… *** Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Be on the Lookout: Odd DNS Traffic, Possible C&C Traffic, (Wed, Apr 30th) *** --------------------------------------------- We got an email from one of our readers, including an interesting port 53 packet. While Wireshark and TCPDump try to decode it as DNS, it is almost certainly not DNS. The payload of the packet is .. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=18047&rss *** Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Cross-Site Scripting Attacks and Local Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1030165 *** Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Cross-Site Scripting Attacks and Local Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1030163 *** [2014-04-30] SQL injection and XSS vulnerabilities in Typo3 si_bibtex extension *** --------------------------------------------- By exploiting the SQL injection vulnerability in the Typo3 extension "si_bibtex", an attacker is able to gain full access to the Typo3 database. Depending on the location where the extension is used in the web application, this may be possible by an unauthenticated attacker. Furthermore, it is affected by persistent XSS. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Symantec Encryption Desktop (PGP) Memory Access Flaws Let Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1030170 *** Friends dont let friends use Internet Explorer - advice from US, UK, EU *** --------------------------------------------- IE 6 to 11 at risk of hijacking, patch coming - but not for XP Microsoft has warned of a new security flaw in all versions of its Internet Explorer web browser for Windows PCs. A patch has yet to be released for the crocked code. --------------------------------------------- www.theregister.co.uk/2014/04/27/oops_we_did_it_again_microsoft_warns_of_ie… *** Botnetz für Altcoin-Mining nutzt Lücke in Nagiosüberwachung aus *** --------------------------------------------- Eine kürzlich veröffentlichte Sicherheitslücke im Netzwerkmonitor Nagios wird offenbar bereits ausgenutzt. Betroffen sind weit über 1000 weltweit verteilte Server, die für Mining-Zwecke missbraucht werden. --------------------------------------------- http://www.heise.de/newsticker/meldung/Botnetz-fuer-Altcoin-Mining-nutzt-Lu… *** Neuer Erpressungs-Trojaner verschlüsselt mit RSA-2048 *** --------------------------------------------- Es häufen sich Berichte über infizierte Windows-Systeme, auf denen ein Schadprogramm Dateien verschlüsselt und nur gegen Zahlung eines Lösegelds von 500 Euro wieder freigibt. Die sind via Tor in Bitcoins zu entrichten. --------------------------------------------- http://www.heise.de/security/meldung/Neuer-Erpressungs-Trojaner-verschluess… *** Protection strategies for the Security Advisory 2963983 IE 0day *** --------------------------------------------- We've received a number of customer inquiries about the workaround steps documented in Security Advisory 2963983 published on Saturday evening. We hope this blog post answers those questions. Steps you can take to stay safe The security advisory lists several options customers can take to stay safe. Those options are .. --------------------------------------------- http://blogs.technet.com/b/srd/archive/2014/04/30/protection-strategies-for… *** Six infosec tips I learned from Game of Thrones *** --------------------------------------------- In Westeros - the land of dark knights, backstabbing royals, dragons, wildings, wargs, red witches, and White Walkers - even the youngest ones have to learn basic self-defense if they're to have any hope of surviving the cruel fictional world imagined by A Game of Thrones (GOT) author, George R. R. Martin. And so too, must every CISO and security pro learn the latest information security best practices if they're to survive today's Internet threat landscape. --------------------------------------------- http://www.net-security.org/article.php?id=2001&p=1

1 0

Tageszusammenfassung - Dienstag 29-04-2014
by Daily end-of-shift report 29 Apr '14

29 Apr '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 28-04-2014 18:00 − Dienstag 29-04-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 23.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/2755801 *** Ubuntu 14.04 lockscreen bypass, (Mon, Apr 28th) *** --------------------------------------------- Upgraded to Ubuntu 14.04? Hold down enter to bypass the lockscreen (what is old is new again): https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572 …" The reporter indicates that he was running Ubuntu 14.04 with all the packages updated. When the screen is locked with password, if holding ENTER, after some seconds the screen freezes and the lock screen .. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=18039 *** Cisco ASA DHCPv6 Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Researchers warn of resurgent Sefnit malware *** --------------------------------------------- Botnet returns using new tactics A malware infection which drew headlines January has returned and is using new techniques to infect and spread amongst users. --------------------------------------------- www.theregister.co.uk/2014/04/29/researchers_warn_of_resurgent_sefnit_malwa… *** Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in the management component of the Citrix NetScaler Application Delivery Controller .. --------------------------------------------- http://support.citrix.com/article/CTX140651 *** Massenhack bei AOL: Millionen Nutzer betroffen *** --------------------------------------------- Unbekannte verschaffen sich Zugang zu privaten Informationen - Unternehmen fordert zum ändern des Passworts auf --------------------------------------------- http://derstandard.at/1397521927406 *** The FireEye Advanced Threat Report 2013: European Edition *** --------------------------------------------- We recently published the 2013 FireEye Advanced Threat Report during RSA Conference, providing a global overview of the advanced attacks that FireEye discovered last year. We are now drilling that global analysis down into the European threat .. --------------------------------------------- http://www.fireeye.com/blog/corporate/2014/04/the-fireeye-advanced-threat-r… *** Cybercriminals Take Advantage Of Heartbleed With Spam *** --------------------------------------------- Since news about Heartbleed broke out earlier this month, the Internet has been full of updates, opinions and details about the vulnerability, with personalities ranging from security experts to celebrities talking about it. Being as opportunistic as they are, cybercriminals have taken notice of this and .. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/RKpGQ6-RSA8/ *** Q1 2014 Mobile Threat Report *** --------------------------------------------- Our Mobile Threat Report for Q1 2014 is out! Heres a couple of the things we cover in it:The vast majority of the new threats found was on Android (no surprise there), which accounted for 275 out of 277 new families we saw in this period, leaving 1 new malware apiece on iOS and Symbian.In Q1, .. --------------------------------------------- http://www.f-secure.com/weblog/archives/00002699.html *** 6 free network vulnerability scanners *** --------------------------------------------- Vulnerability scanners can help you automate security auditing and can play a crucial role in your IT security. They can scan your network and websites for up to thousands of different security risks, produce a prioritized list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process. While these tools can .. --------------------------------------------- http://www.csoonline.com/article/2148841/data-protection/6-free-network-vul… *** Hashcat-Utils v1.0 Released *** --------------------------------------------- Hashcat-utils are a set of small utilities that are useful in advanced password cracking. They all are packed into multiple stand-alone binaries. All of these utils are designed to execute only one specific function. Since they all work with STDIN and STDOUT you can group them into chains. The programs are available for Linux and Windows on both 32 bit and 64 bit architectures. The programs are also available as open source. --------------------------------------------- http://www.toolswatch.org/2014/04/hashcat-utils-v1-0-released/

1 0

Tageszusammenfassung - Montag 28-04-2014
by Daily end-of-shift report 28 Apr '14

28 Apr '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 25-04-2014 18:00 − Montag 28-04-2014 18:00 Handler: Robert Waldner Co-Handler: n/a *** Using Facebook Notes to DDoS any website *** --------------------------------------------- Facebook Notes allows users to include tags. Whenever a tag is used, Facebook crawls the image from the external server and caches it. Facebook will only cache the image once however using random get parameters the cache can be by-passed and the feature can be abused to cause a huge HTTP GET flood. --------------------------------------------- http://chr13.com/2014/04/20/using-facebook-notes-to-ddos-any-website/ *** Mozilla entschlackt Zertifkats-Überprüfung *** --------------------------------------------- Statt 81.865 sind jetzt nur noch 4167 Zeilen Code zum überprüfen von SSL-Zertifikaten nötig. Wer Sicherheitslücken in darin findet, erhält einen üppigen Finderlohn. --------------------------------------------- http://www.heise.de/security/meldung/Mozilla-entschlackt-Zertifkats-Ueberpr… *** Examining the Heartbleed-based FUD thats pitched to the public *** --------------------------------------------- The Heartbleed vulnerability has created a massive news cycle, and generated technical risk-based discussions that might actually do some good. But some of these discussions boggle the mind, spreading misinformation in order to generate clicks or sales.When security issues hit the mass media, such as Heartbleed, there is a good deal of Fear, Uncertainty, and Doubt - better known as FUD - that gets promoted on the airwaves and in print. --------------------------------------------- http://www.csoonline.com/article/2148461/application-security/examining-the… *** Sicherheitslücke bei Messaging-App Viber aufgedeckt *** --------------------------------------------- Bilder, Videos und Standortdaten, die man mit der Messaging-App Viber übermittelt, werden unverschlüsselt auf Servern gespeichert. Der Zugang dazu ist äußerst einfach. --------------------------------------------- http://futurezone.at/digital-life/sicherheitsluecke-bei-messaging-app-viber… *** Microsoft Warns of Attacks on IE Zero-Day *** --------------------------------------------- Microsoft is warning Internet Explorer users about active attacks that attempt to exploit a previously unknown security flaw in every supported version of IE. The vulnerability could be used to silently install malicious software without any help from users, save for perhaps merely browsing to a hacked or malicious site. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/PUm3t0AZZzc/ *** Neue Internet-Explorer-Lücke wird zum Ernstfall für Windows XP *** --------------------------------------------- Wird bereits aktiv ausgenutzt - Kein Update mehr für XP, andere Betriebssystemversion derzeit ebenfalls noch ungeschützt --------------------------------------------- http://derstandard.at/1397521804143 *** Biggest EU cyber security exercise to date: Cyber Europe 2014 taking place today *** --------------------------------------------- Today, 28 April 2014, European countries kick off the Cyber Europe 2014 (CE2014). CE2014 is a highly sophisticated cyber exercise, involving more than 600 security actors across Europe. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/biggest-eu-cyber-security-e… *** Cisco IOS XE Software Malformed L2TP Packet Vulnerability *** --------------------------------------------- A vulnerability in the Layer 2 Tunneling Protocol (L2TP) module of Cisco IOS XE on Cisco ASR 1000 Series Routers could allow an authenticated, remote attacker to cause a reload of the processing ESP card. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Security updates available for Adobe Flash Player (APSB14-13) *** --------------------------------------------- A Security Bulletin (APSB14-13) has been published regarding security updates for Adobe Flash Player. These updates address a critical vulnerability, and Adobe recommends users update their product installations to the latest versions --------------------------------------------- http://blogs.adobe.com/psirt/?p=1093

1 0

Tageszusammenfassung - Freitag 25-04-2014
by Daily end-of-shift report 25 Apr '14

25 Apr '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 24-04-2014 18:00 − Freitag 25-04-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Number of Sites Vulnerable to Heartbleed Plunges by Two-Thirds *** --------------------------------------------- Two weeks ago, we talked about how many sites in the top 1 million domains (as judged by Alexa) were vulnerable to the Heartbleed SSL vulnerability. How do things stand today? Figure 1. Sites vulnerable to Heartbleed as of April 22 Globally, the percentage of sites that is vulnerable to Heartbleed has fallen by two-thirds,... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/qyKz0tQVjAY/ *** Fareit trojan observed spreading Necurs, Zbot and CryptoLocker *** --------------------------------------------- The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/XrcbQ8kwwQo/ *** It's Insanely Easy to Hack Hospital Equipment *** --------------------------------------------- When Scott Erven was given free reign to roam through all of the medical equipment used at a chain of large midwest health care facilities, he knew he would find security problems with the systems -- but he wasnt prepared for just how bad it would be. --------------------------------------------- http://feeds.wired.com/c/35185/f/661467/s/39be98e1/sc/36/l/0L0Swired0N0C20A… *** Update für Windows 7 außer der Reihe *** --------------------------------------------- Windows-7-Nutzer bekommen von der Update-Funktion derzeit ein Update mit der Nummer 2952664 angeboten. Irritierend daran: Es erscheint außer der Reihe und Microsoft verrät auch nicht, welche Probleme das Update genau behebt. --------------------------------------------- http://www.heise.de/newsticker/meldung/Update-fuer-Windows-7-ausser-der-Rei… *** Acunetix 8 Scanner Buffer overflow *** --------------------------------------------- Topic: Acunetix 8 Scanner Buffer overflow Risk: High Text:#!/usr/bin/python # Title: Acunetix Web Vulnerability Scanner Buffer Overflow Exploit # Version: 8 # Build: 20120704 # Test... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014040162 *** Security Notice-Statement on Patch Bypassing of Apache Struts2 *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** Hitachi Multiple Products OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/58022 *** Global Technology Associates GB-OS OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/58007 *** Certec atvise scada OpenSSL Heartbleed Vulnerability *** --------------------------------------------- Researcher Bob Radvanovsky of Infracritical has notified NCCIC/ICS-CERT that Certec has released new libraries that mitigate the OpenSSL Heartbleed vulnerability in atvise scada.This vulnerability could be exploited remotely. Exploits that target the OpenSSL Heartbleed vulnerability are known to be publicly available. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-114-01 *** Siemens SIMATIC S7-1200 CPU Web Vulnerabilities *** --------------------------------------------- Siemens ProductCERT and Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training have reported two vulnerabilities in the Siemens SIMATIC S7-1200 CPU family. Siemens has produced a new product release that mitigates these vulnerabilities. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02 *** InduSoft Web Studio Directory Traversal Vulnerability *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on April 17, 2014, and is now being released to the NCCIC/ICS-CERT web site. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02 *** Festo CECX-X-(C1/M1) Controller Vulnerabilities *** --------------------------------------------- K. Reid Wightman of IOActive, Inc. has identified vulnerabilities in Festo’s CECX-X-C1 and CECX-X-M1 controllers. Festo has decided not to resolve these vulnerabilities because of compatibility reasons with existing engineering tools. This places critical infrastructure asset owners using this product at risk. This advisory is being published to alert critical infrastructure asset owners of the risk of using this equipment and for them to increase compensating measures if possible. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01 *** Oracle Solaris ntpd Query Function Lets Remote Users Conduct Amplified Denial of Service Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1030142 *** Synology DiskStation Manager cUrl Connection Re-use and Certificate Verification Security Issues *** --------------------------------------------- https://secunia.com/advisories/58145 *** SSA-635659 (Last Update 2014-04-25): Heartbleed Vulnerability in Siemens Industrial Products *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** Halon Security Router Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/57507 *** HP Security Bulletins *** --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…

1 0

Tageszusammenfassung - Donnerstag 24-04-2014
by Daily end-of-shift report 24 Apr '14

24 Apr '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 23-04-2014 18:00 − Donnerstag 24-04-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** NetSupport Information Leakage Using Nmap Script *** --------------------------------------------- NetSupport allows corporations to remotely manage and connect to PCs and servers from a central location for the purposes of desktop support. In my last post I discussed how I wrote a script using the NetSupport scripting language to find versions of NetSupport running on clients with default installations that didnt require authentication to remotely connect to them. Essentially you could use NetSupport to bypassany Domain or local credentials to remotely connect to the PC and... --------------------------------------------- http://blog.spiderlabs.com/2014/04/netsupport-information-leakage-using-nma… *** DHCPv6 and DUID Confusion, (Wed, Apr 23rd) *** --------------------------------------------- In IPv6, DHCP is taking somewhat a back seat to router advertisements. Many smaller networks are unlikely to use DHCP. However, in particular for Enterprise/larger networks, DHCPv6 still offers a lot of advantages when it comes to managing hosts and accounting for IP addresses in use. One of the big differences when it comes to DHCPv6 is that a host identifies itself with a DUID (DHCP Unique Identifier) which can be different from a MAC address. There are essentially three ways to come up with... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=18015&rss *** Cisco: Hey, IT depts. Youre all malware hosts *** --------------------------------------------- Security report also notes skills shortage Everybody - at least every multinational that Cisco checked out for its 2014 Annual Security Report - is hosting malware of some kind, and there arent enough security professionals to go around. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/04/24/cisco_youre… *** DrDoS attacks to reach 800 Gbps in 2015 *** --------------------------------------------- While the network time protocol (NTP) DrDoS threats that became prevalent in early 2014 have been contained, new distributed reflected denial of service threats will lead to attacks in excess of 800 Gbps during the next 12 to 18 months. --------------------------------------------- http://www.net-security.org/secworld.php?id=16733 *** Zero-Day-Lücke in Apache Struts 2 *** --------------------------------------------- Durch eine kleine Abwandlung einer bereits gepatchten Lücke können Angreifer wieder Code in den Server einschleusen. --------------------------------------------- http://www.heise.de/security/meldung/Zero-Day-Luecke-in-Apache-Struts-2-217… *** Situational Awareness Alert for OpenSSL Vulnerability (Update D) *** --------------------------------------------- This alert update is a follow-up to the updated NCCIC/ICS-CERT Alert titled ICS-ALERT-14-009-01C Situational Awareness Alert for OpenSSL Vulnerability that was published April 17, 2014, on the ICS-CERT web site. --------------------------------------------- http://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-099-01D *** Drupal - Vulnerabilities in Third-Party Modules *** --------------------------------------------- https://drupal.org/node/2248073 https://drupal.org/node/2248077 https://drupal.org/node/2248145 https://drupal.org/node/2248171 *** Attachmate Reflection OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information *** --------------------------------------------- http://www.securitytracker.com/id/1030144 *** Bugtraq: Weak firmware encryption and predictable WPA key on Sitecom routers *** --------------------------------------------- http://www.securityfocus.com/archive/1/531920 *** SSA-892012 (Last Update 2014-04-24): Web Vulnerabilities in SIMATIC S7-1200 CPU *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** Vuln: Check_MK Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/66389 http://www.securityfocus.com/bid/66391 http://www.securityfocus.com/bid/66394 http://www.securityfocus.com/bid/66396 *** Notice: (Revision) CUSTOMER ATTENTION REQUIRED: HP Integrated Lights-Out and Integrated Lights-Out 2 - Scanning First-Generation iLO or iLO 2 Devices for the Heartbleed Vulnerability Results in iLO Lockup Requiring Power to be PHYSICALLY Removed *** --------------------------------------------- The first-generation iLO and iLO 2 products use the RSA SSL libraries and there is a bug in these libraries that will cause first-generation iLO and iLO 2 devices to enter a live lockup situation when a vulnerability scanner runs to check for the Heartbleed vulnerability. Although the servers operating system will continue to function normally, first-generation iLO and iLO 2 will no longer be responsive over the management network. --------------------------------------------- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDispl… *** HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service *** --------------------------------------------- A potential security vulnerability has been identified in HP Integrated Lights-Out 2 (iLO 2) servers that allows for a Denial of Service. The denial of service condition occurs only when the iLO 2 is scanned by vulnerability assessment tools that test for CVE-2014-0160 (Heartbleed vulnerability). --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** HP Security Bulletins for CVE 2014-0160 *** --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Vuln: EMC Connectrix Manager Converged Network Edition Remote Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/66308

1 0

Tageszusammenfassung - Mittwoch 23-04-2014
by Daily end-of-shift report 23 Apr '14

23 Apr '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 22-04-2014 18:00 − Mittwoch 23-04-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Wartungsarbeiten Mailing-Listen-Server 24. April 2014 *** --------------------------------------------- Am Nachmittag des 24. April werden wir Wartungsarbeiten an unserem Mailing-Listen-Server (lists.cert.at) durchführen. Auswirkungen: verzögerte Zustellung von Listen-Mails Administrations-Interface (Subscribe/Unsubscribe etc.) der Mailing-Listen nicht verfügbar Mailing-Listen-Archive nicht verfügbar. Wir werden uns bemühen, die Ausfälle so kurz wie möglich zu halten, können jedoch keine genaue... --------------------------------------------- http://www.cert.at/services/blog/20140423085410-1134.html *** DBIR: Poor Patching, Weak Credentials Open Door to Data Breaches *** --------------------------------------------- Weak or default credentials, poor configurations and a lack of patching are common denominators in most data breaches, according to the 2014 Verizon Data Breach Investigations Report. --------------------------------------------- http://threatpost.com/dbir-poor-patching-weak-credentials-open-door-to-data… *** Millions Feedly users vulnerable to Javascript Injection attack *** --------------------------------------------- A security researcher discovered a serious Javascript Injection vulnerability in the popular Feedly Android App impacting Millions Users. --------------------------------------------- http://securityaffairs.co/wordpress/24209/hacking/feedly-javascript-vulnera… *** Apple stopft Sicherheitslücken in iOS, OS X und WLAN-Basisstationen *** --------------------------------------------- Die Updates sollen kritische Schwachstellen in Apples Betriebssystemen beseitigen - darunter eine weitere Lücke, die das Ausspähen von SSL-Verbindungen erlaubt. Für die AirPort-Stationen steht ein Heartbleed-Fix bereit. --------------------------------------------- http://www.heise.de/security/meldung/Apple-stopft-Sicherheitsluecken-in-iOS… *** Operation Francophoned: The Persistence and Evolution of a Dual-Pronged Social Engineering Attack *** --------------------------------------------- Operation Francophoned, first uncovered by Symantec in May 2013, involved organizations receiving direct phone calls and spear phishing emails impersonating a known telecommunication provider in France, all in an effort to install malware and steal information and ultimately money from targets. --------------------------------------------- http://www.symantec.com/connect/blogs/operation-francophoned-persistence-an… *** Blog: An SMS Trojan with global ambitions *** --------------------------------------------- Recently, we’ve seen SMS Trojans starting to appear in more and more countries. One prominent example is Trojan-SMS.AndroidOS.Stealer.a: this Trojan came top in Kaspersky Lab's recent mobile malware ТОР 20. It can currently send short messages to premium-rate numbers in 14 countries around the world. --------------------------------------------- http://www.securelist.com/en/blog/8209/An_SMS_Trojan_with_global_ambitions *** ISC stellt Entwicklung an seinem BIND10-DNS-Server ein *** --------------------------------------------- Das Unternehmen hat die letzte von ihm entwickelte Version veröffentlicht und zieht sich aus der weiteren Entwicklung zurück. Dabei sollte BIND10 ursprünglich BIND9 ablösen, das seinerzeit Hochleistungs-Server nur unzureichend ausschöpfen konnte. --------------------------------------------- http://www.heise.de/newsticker/meldung/ISC-stellt-Entwicklung-an-seinem-BIN… *** Nine patterns make up 92 percent of security incidents *** --------------------------------------------- Verizon security researchers have found that 92 percent of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry. --------------------------------------------- http://www.net-security.org/secworld.php?id=16725 *** Dissecting the unpredictable DDoS landscape *** --------------------------------------------- DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage, according to Neustar. --------------------------------------------- http://www.net-security.org/secworld.php?id=16726 *** Special Edition of OUCH: Heartbleed - Why Do I Care? http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-2014-special_e…, (Wed, Apr 23rd) *** --------------------------------------------- -- Alex Stanford - GIAC GWEB, Research Operations Manager, SANS Internet Storm Center (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=18013&rss *** Apple splats new SSL snooping bug in iOS, OS X - but its no Heartbleed *** --------------------------------------------- Triple-handshake flaw stalks Macs and iThings Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/04/23/apple_ssl_u… *** Joomla Plugin Constructor Backdoor *** --------------------------------------------- We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joomla plugin. It was so well organized that at first we didn't realize there was a backdoor even though we knew something was wrong. That's how the code of... --------------------------------------------- http://blog.sucuri.net/2014/04/joomla-plugin-constructor-backdoor.html *** Citrix Security Advisory for CVE-2014-0160, aka the Heartbleed vulnerability *** --------------------------------------------- A vulnerability has been recently disclosed in OpenSSL that could result in remote attackers being able to obtain sensitive data from the process address space of a vulnerable OpenSS... --------------------------------------------- http://support.citrix.com/article/CTX140605 *** IBM PSIRT - OpenSSL Heartbleed (CVE-2014-0160) *** --------------------------------------------- We will continue to update this blog to include information about products. The following is a list of products affected by the Heartbleed vulnerability. Please follow the links below to view the security bulletins for the affected products. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/openssl_heartbleed_cv… *** Information on Norton products and the Heartbleed vulnerability *** --------------------------------------------- This article answers many of the questions that are currently being asked about the Heartbleed bug and the role that Norton products play in defending against this attack. --------------------------------------------- https://support.norton.com/sp/en/us/home/current/solutions/v98431836_EndUse… *** OpenSSL Security Vulnerability - aka. "Heartbleed Bug" - CVE-2014-0160 - Security Incident Response for D-Link Devices and Services *** --------------------------------------------- D-Link is investigating all devices and systems that utilize the OpenSSL software library to determine if our devices and customers are affected by this security vulnerability. You will find current status below and can contact us at security(a)dlink.com about specific questions. --------------------------------------------- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10022 *** Heartbleed Vulnerability in Various Products *** --------------------------------------------- http://tomcat.apache.org/native-doc/news/2014.html http://tomcat.apache.org/native-doc/miscellaneous/changelog.html http://www.fortiguard.com/advisory/FG-IR-14-011/ http://www.sybase.com/detail?id=1099387 https://secunia.com/advisories/58188 (Symantec Multiple Products) https://secunia.com/advisories/58148 (Xerox WorkCentre 3315/3325) *** VU#350089: IBM Notes and Domino on x86 Linux specify an executable stack *** --------------------------------------------- Vulnerability Note VU#350089 IBM Notes and Domino on x86 Linux specify an executable stack Original Release date: 22 Apr 2014 | Last revised: 22 Apr 2014 Overview IBM Notes and Domino on x86 Linux are incorrectly built requesting an executable stack. This can make it easier for attackers to exploit vulnerabilities in Notes, Domino, and any of the child processes that they may spawn. Description The build environment for the x86 Linux versions of IBM Notes and Domino incorrectly specified the... --------------------------------------------- http://www.kb.cert.org/vuls/id/350089 *** Cisco ASA SIP Inspection Memory Leak Vulnerability *** --------------------------------------------- A vulnerability in the Session Initiation Protocol (SIP) inspection engine code could allow an unauthenticated, remote attacker to cause a slow memory leak, which may cause instability on the affected system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** AirPort Extreme and AirPort Time Capsule OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information *** --------------------------------------------- http://www.securitytracker.com/id/1030132 *** Apple OS X Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service and Local Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1030133 *** Sixnet Sixview 2.4.1 Directory Traversal *** --------------------------------------------- Topic: Sixnet Sixview 2.4.1 Directory Traversal Risk: Medium Text:#Exploit Title: Sixnet sixview web console directory traversal #Date: 2014-04-21 #Exploit Author: daniel svartman #Vendor Ho... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014040150 *** Parallels Plesk Panel 12.x Key Disclosure *** --------------------------------------------- Topic: Parallels Plesk Panel 12.x Key Disclosure Risk: High Text:While auditing the source code for Parallels Plesk Panel 12.x on Linux I noticed the following feature that leads to leakage o... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014040151 *** [2014-04-23] Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances *** --------------------------------------------- An unauthenticated remote attacker can exploit the identified Path Traversal vulnerability in order to retrieve arbitrary files from the affected WD Arkeia Network Backup appliances and execute system commands. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Security Advisory-Improper Input Validation Vulnerability on Multiple Quidway Switch Products *** --------------------------------------------- Once exploited, the vulnerability might cause a excessive resource (e.g. memory) consumption of the vulnerable system and even cause the system to restart in serious cases. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** HP Security Bulletins *** --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Security Advisories Relating to Symantec Products - Symantec Messaging Gateway Management Console Reflected XSS *** --------------------------------------------- Symantec's Messaging Gateway management console is susceptible to a reflected cross-site scripting (XSS) issue found in one of the administrative interface pages. Successful exploitation could result in potential session hijacking or unauthorized actions directed against the console with the privileges of the targeted user's browser. --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Security Bulletin: IBM Sterling Order Management is affected by Cross Site Scripting (XSS) Vulnerability (CVE-2014-0932) *** --------------------------------------------- IBM Sterling Order Management is vulnerable to a cross-site scripting attack which could lead to unauthorized access through the injected scripts. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21670912 *** Django Security Issue and Multiple Vulnerabilities *** --------------------------------------------- A security issue and multiple vulnerabilities have been reported in Django, which can be exploited by malicious people to potentially disclose certain sensitive information, manipulate certain data, and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/58201 *** Hitachi Multiple Cosminexus / uCosminexus Products Java Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/58197 *** Hitachi Multiple Cosminexus / uCosminexus Products SSL/TLS Initialization Vector Selection Weakness *** --------------------------------------------- https://secunia.com/advisories/58240

1 0

Tageszusammenfassung - Dienstag 22-04-2014
by Daily end-of-shift report 22 Apr '14

22 Apr '14

======================= = Heartbleed Report = = a.k.a = = End-of-Shift report = ======================= Timeframe: Freitag 18-04-2014 18:00 − Dienstag 22-04-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Amplification, reflection DDoS attacks increase 35 percent in Q1 2014 *** --------------------------------------------- The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/GljZsrx9WMs/ *** Das Router-Desaster: Fritzbox-Update gerät ins Stocken *** --------------------------------------------- Aktuelle Scan-Ergebnisse belegen, dass die Verbreitung des kritischen Sicherheits-Updates kaum voranschreitet. In vielen Fällen werden verwundbare Fritzboxen sogar noch mit aktivem Fernzugriff betrieben - eine gefährliche Mischung. --------------------------------------------- http://www.heise.de/security/meldung/Das-Router-Desaster-Fritzbox-Update-ge… *** Home entertainment implementations are pretty appaling *** --------------------------------------------- I picked up a Panasonic BDT-230 a couple of months ago. Then I discovered that even though it appeared fairly straightforward to make it DVD region free (I have a large pile of PAL region 2 DVDs), the US models refuse to play back PAL content. We live in an era of software-defined functionality. While Panasonic could have designed a separate hardware SKU with a hard block on PAL output, that would seem like unnecessary expense. So, playing with the firmware seemed like a reasonable... --------------------------------------------- http://mjg59.dreamwidth.org/31178.html *** OpenSSL Rampage, (Mon, Apr 21st) *** --------------------------------------------- OpenSSL, in spite of its name, isnt really a part of the OpenBSD project. But as one of the more positive results of the recent Heartbleed fiasco, the OpenBSD developers, who are known for their focus on readable and secure code, have now started a full-scale review and cleanup of the OpenSSL codebase. If you are interested in writing secure code in C (not necessarily a contradiction in terms), I recommend you take a look at http://opensslrampage.org/archive/2014/4, where the OpenBSD-OpenSSL... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17997&rss *** Mysterious iOS malware campaign has Chinese origins *** --------------------------------------------- The threat, dubbed "Unflod Baby Panda," was discovered by Reddit users and analyzed by researchers at the German-based security firm, SektionEins. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/_EB9Qixb5Vk/ *** Easter egg: DSL router patch merely hides backdoor instead of closing it *** --------------------------------------------- Researcher finds secret "knock" opens admin for some Linksys, Netgear routers. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/MBqOOgJa9Ng/ *** Feedly fixes Android JavaScript code injection flaw, deems it "harmless" *** --------------------------------------------- A researcher wrote about a bug in the Android app for news aggregator Feedly that could enable JavaScript code injection, but even though it was fixed, the company did not really consider it a vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/lZyhHF8qR8o/ *** Report: Google looks to integrate PGP with Gmail *** --------------------------------------------- Pretty Good Privacy, or PGP, is an encryption method that was created in the early 90s. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/pxVEyRndi7A/ *** Weekly Metasploit Update: Heartbleed and Firefox Passwords *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/04/17/weekly-me… *** Critical update makes P2P Zeus trojan even tougher to remove *** --------------------------------------------- An update to the P2P Zeus banking trojan results in the installation of a rootkit driver that makes deleting the malware even tougher. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/EIQ5YrV1__8/ *** Sicherheitslücke beim Netzwerkmonitor Nagios *** --------------------------------------------- Der "Nagios Remote Plugin Executor" führt unter Umständen eingeschleuste Befehle aus. Diese Umstände deuten allerdings schon auf eine generell unsichere Konfiguration hin. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsluecke-beim-Netzwerkmonitor… *** Ein Viertel der Internetnutzer wechselt nie die Passwörter *** --------------------------------------------- Trotz Heartbleed wechselt weiterhin rund ein Viertel aller deutschen Internetnutzer nie ihr Passwort. Ein Drittel der Befragten verwendet ein Passwort auf mehreren Plattformen. --------------------------------------------- http://futurezone.at/digital-life/ein-viertel-der-internetnutzer-wechselt-n… *** Heartbleed und das Sperrproblem von SSL *** --------------------------------------------- Nach dem Beseitigen des Heartbleed-Problems sperrten viele Admins vorsorglich ihre SSL-Zertifikate und besorgten sich neue. Trotzdem bedeuten geklaute Server-Schlüssel auch weiterhin ein Problem - denn das Sperren funktioniert eigentlich nicht. --------------------------------------------- http://www.heise.de/security/meldung/Heartbleed-und-das-Sperrproblem-von-SS… *** OpenSSL ssl3_read_bytes denial of service *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/92632 *** Alert for CVE-2014-0160 *** --------------------------------------------- This Security Alert addresses CVE-2014-0160 ('Heartbleed'), a publicly disclosed vulnerability which affects multiple OpenSSL versions implemented by various vendors in their products. This vulnerability affects multiple Oracle products. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to impact the confidentiality of systems that are running affected versions of OpenSSL. According to http://heartbleed.com, the compromised data may contain passwords, private keys, and other sensitive information. In some instances, this information could be used by a malicious attacker to log into systems using a stolen identity or decrypt private information that was sent months or years ago. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-21907… *** Winamp Buffer Overflow and Pointer Dereference Bugs Let Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1030107 *** VMSA-2014-0004.6 *** --------------------------------------------- VMware product updates address OpenSSL security vulnerabilities --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0004.html *** F5 - Various Vulnerabilities in Multiple Products *** --------------------------------------------- https://secunia.com/advisories/58157 https://secunia.com/advisories/58159 https://secunia.com/advisories/58154 https://secunia.com/advisories/58160 *** Check Point Mobile VPN for iOS and for Android OpenSSL Heartbeat Two Information Disclosure Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/57947 *** VU#622950: Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed *** --------------------------------------------- Vulnerability Note VU#622950 Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed Original Release date: 21 Apr 2014 | Last revised: 21 Apr 2014 Overview Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed. (CWE-328) Description Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that --------------------------------------------- http://www.kb.cert.org/vuls/id/622950 *** Bugzilla Input Validation Flaw Permits Cross-Site Request Forgery Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1030128 *** SonicWALL Multiple Products OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/58146 *** CA Multiple Products OpenSSL TLS/DTLS Heartbeat Information Disclosure Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/58019 *** Tenable SecurityCenter OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/58182 *** IBM OS/400 Weakness and Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/57826 *** ADTRAN Multiple Products OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/58172 *** Vulnerabilities in multiple HP Products *** --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** BlackBerry Enterprise Service OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/58244 *** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ds8… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ope… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/title_ibm_endpoint_ma… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pow… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entryhttps://www-304.ibm.co… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fle… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ts3… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pow… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_san…

1 0

Tageszusammenfassung - Freitag 18-04-2014
by Daily end-of-shift report 18 Apr '14

18 Apr '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 17-04-2014 18:00 − Freitag 18-04-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Looking for malicious traffic in electrical SCADA networks - part 2 - solving problems with DNP3 Secure Authentication Version 5, (Thu, Apr 17th) *** --------------------------------------------- I received this week a very valuable e-mail from the DNP Technical Committee Chair, Mr. Adrew West, who pointed an excellent observation and its the very slow adoption of DNP3 Secure Authentication Version 5, which is the latest security enhancement for the DNP3 protocol. I want to talk today about this standard and the advantages of adopting it into your DNP3 SCADA system. This standard has two specific objectives: Help DNP3 outstation to determine beyond any reasonable doubt that its... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17981&rss *** Heartbleed Bug Sends Bandwidth Costs Skyrocketing *** --------------------------------------------- The exposure of the Heartbleed vulnerability last week had a number of repercussions, one of which was to set off a mad scramble by companies to revoke the SSL certificates for their domains and services and obtain new ones. The total costs of Heartbleed are yet to be calculated, but CloudFlare has come up with... --------------------------------------------- http://feeds.wired.com/c/35185/f/661467/s/397cb2f7/sc/5/l/0L0Swired0N0C20A1… *** Heartbleed bereitet Anonymisierungsnetzwerk Tor Schwierigkeiten *** --------------------------------------------- Rund ein Fünftel der Exit Nodes von OpenSSL-Lücke betroffen - Vorschlag diese aus dem Netz zu werfen... --------------------------------------------- http://derstandard.at/1397520979826 *** Mac OS X Trojans display ads *** --------------------------------------------- April 16, 2014 Malicious programs designed to generate a profit for intruders by displaying annoying ads are very common, but until recently they have mostly been a nuisance for Windows users. Thats why a few Trojans that were recently examined by Doctor Webs security researchers stand out among such applications... --------------------------------------------- http://news.drweb.com/show/?i=4352&lng=en&c=9 *** Heartbleed Update *** --------------------------------------------- Adobe has evaluated the Creative Cloud and its related services (including Behance and Digital Publishing Suite), the Marketing Cloud solutions and products (including Analytics, Analytics Premium and Experience Manager), EchoSign, Acrobat.com, the Adobe.com store, and other Adobe services. All Adobe internet-facing services known to have been using a version of OpenSSL containing the Heartbleed vulnerability have been mitigated. We are continuing our analysis of Adobe internet-facing servers to identify and remediate any remaining Heartbleed-related risks. --------------------------------------------- http://blogs.adobe.com/psirt/?p=1085 *** Security Advisory-OpenSSL Heartbeat Extension vulnerability (Heartbleed bug) on Huawei multiple products *** --------------------------------------------- Some OpenSSL software versions used in multiple Huawei products have the following OpenSSL vulnerability. Unauthorized remote attackers can dump 64 Kbytes of memory of the connected server or client in each attack. The leaked memory may contain sensitive information, such as passwords and private keys (Vulnerability ID: HWPSIRT-2014-0414). --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** McAfee Security Bulletin - OpenSSL Heartbleed vulnerability patched in McAfee products *** --------------------------------------------- Several McAfee products are vulnerable to OpenSSL Heartbleed. See the McAfee Product Vulnerability Status lists below for the status of each product. --------------------------------------------- https://kc.mcafee.com/corporate/index?page=content&id=SB10071 *** Nagios Remote Plugin Executor 2.15 Remote Command Execution *** --------------------------------------------- Topic: Nagios Remote Plugin Executor 2.15 Remote Command Execution Risk: High Text: - Release date: 17.04.2014 - Discovered by: Dawid Golunski - Severity: High I. VULNER... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014040126 *** MariaDB Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/58106 *** Debian update for qemu and qemu-kvm *** --------------------------------------------- https://secunia.com/advisories/58088 *** OpenVZ update for kernel *** --------------------------------------------- https://secunia.com/advisories/58060

1 0

Tageszusammenfassung - Donnerstag 17-04-2014
by Daily end-of-shift report 17 Apr '14

17 Apr '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-04-2014 18:00 − Donnerstag 17-04-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** Entwickler-Modus gefährdet Blackberries *** --------------------------------------------- Bei aktiviertem Entwickler-Modus können Angreifer über das WLAN oder die USB-Verbindung Schadcode mit vollen Root-Rechten ausführen. Wird der Modus wieder abgeschaltet, ist das Gerät immer noch bis zum nächsten Neustart angreifbar. --------------------------------------------- http://www.heise.de/security/meldung/Entwickler-Modus-gefaehrdet-Blackberri… *** Heartbleed: BSI sieht keinen Grund für Entwarnung *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik sieht beim "Heartbleed Bug" weiteren Handlungsbedarf. Kleinere Websites sind nach wie vor verwundbar, auch nehmen Angreifer jetzt andere Dienste ins Visier. --------------------------------------------- http://www.heise.de/security/meldung/Heartbleed-BSI-sieht-keinen-Grund-fuer… *** Bugtraq: [SECURITY] [DSA 2907-1] Announcement of long term support for Debian oldstable *** --------------------------------------------- http://www.securityfocus.com/archive/1/531856 *** mAdserve id SQL injection *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/92545 *** SA-CONTRIB-2014-041 - Block Search - SQL Injection *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-041 Project: Block Search (third-party module) Version: 6.x Date: 2014-April-16 Security risk: Highly critical Exploitable from: Remote Vulnerability: SQL Injection Description: Block Search module provides an alternative way of managing blocks.The module doesnt properly use Drupals database API resulting in user-provided strings being passed directly to the database allowing SQL Injection.This vulnerability is mitigated by the fact that an attacker must either use a --------------------------------------------- https://drupal.org/node/2242463 *** SA-CORE-2014-002 - Drupal core - Information Disclosure *** --------------------------------------------- Advisory ID: DRUPAL-SA-CORE-2014-002 Project: Drupal core Version: 6.x, 7.x Date: 2014-April-16 Security risk: Moderately critical Exploitable from: Remote Vulnerability: Information Disclosure Description: Drupals form API has built-in support for temporary storage of form state, for example user input. This is often used on multi-step forms, and is required on Ajax-enabled forms in order to allow the Ajax calls to access and update interim user input on the server.When pages are cached for anonymous --------------------------------------------- https://drupal.org/SA-CORE-2014-002 *** Heartbleed CRL Activity Spike Found, (Wed, Apr 16th) *** --------------------------------------------- It looks like, as I had suspected, the CRL activity numbers we have been seeing did not reflect the real volume caused by the OpenSSL Heartbleed bug. This evening I noticed a massive spike in the amount of revocations being reported by this CRL: http://crl.globalsign.com/gs/gsorganizationvalg2.crl The spike is so large that we initially thought it was a mistake, but we have since confirmed that its real! Were talking about over 50,000 unique recovations from a single CRL: This is by an order --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17977&rss *** Confirmed: Nasty Heartbleed bug exposes OpenVPN private keys, too *** --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/cz_Y-Ayd5tw/ *** OpenSSL-Bug Heartbleed: Die meisten Router sind laut Herstellerangaben nicht verwundbar *** --------------------------------------------- Die meisten Router-Hersteller geben an, ältere OpenSSL-Versionen zu nutzen. Etliche liefern aber keine Belege dafür, dass ihre Geräte nicht verwundbar sind. Sicherheitsbewusste Nutzer müssen also die Ärmel hochkrempeln und die Geräte selbst testen. --------------------------------------------- http://www.heise.de/security/meldung/OpenSSL-Bug-Heartbleed-Die-meisten-Rou… *** SAP Router Password Timing Attack *** --------------------------------------------- Topic: SAP Router Password Timing Attack Risk: High Text:Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. *Advisory Inf... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014040118 *** Whats worse than Heartbleed? Bugs in Heartbleed detection scripts. *** --------------------------------------------- As of the writing of this blog post, Nessus, Metasploit, Nmap, and others have released methods for detecting whether your systems are affected. The problem is, most of them have bugs themselves which lead to false negatives results, that is, a result which says a system is not vulnerable when in reality it is. With many people likely running detection scripts or other scans against hosts to check if they need to be patched, it is important that these bugs be addressed before too many people --------------------------------------------- http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbl… *** Definitionsupdate für Microsoft-Virenscanner bremst Windows XP aus *** --------------------------------------------- http://derstandard.at/1397520906230 *** Zugriff auf SMS-Nachrichten und Tor-Traffic dank Heartbleed *** --------------------------------------------- Hackern ist es gelungen, die von SMS-Gateways verschickten Nachrichten auszulesen - Tokens zur Zwei-Faktor-Authentisierung inklusive. Und auch Tor-Exitnodes geben beliebige Speicherinhalte preis. --------------------------------------------- http://www.heise.de/security/meldung/Zugriff-auf-SMS-Nachrichten-und-Tor-Tr… *** Bleichenbacher-Angriff: TLS-Probleme in Java *** --------------------------------------------- In der TLS-Bibliothek von Java wurde ein Problem gefunden, welches unter Umständen das Entschlüsseln von Verbindungen erlaubt. Es handelt sich dabei um die Wiederbelebung eines Angriffs, der bereits seit 1998 bekannt ist. (Java, Technologie) --------------------------------------------- http://www.golem.de/news/bleichenbacher-angriff-tls-probleme-in-java-1404-1…

1 0

Tageszusammenfassung - Mittwoch 16-04-2014
by Daily end-of-shift report 16 Apr '14

16 Apr '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 15-04-2014 18:00 − Mittwoch 16-04-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** Phishing-Mail: BSI warnt vor BSI-Warnung *** --------------------------------------------- Die regelmäßigen Warnungen des BSI vor gehackten Online-Konten haben offenbar Kriminelle zu einer Phishing-Attacke animiert. Von "verdachtigen Aktivitäten" und "anwaltlichen Schritten" ist darin die Rede. (Phishing, Internet) --------------------------------------------- http://www.golem.de/news/phishing-mail-bsi-warnt-vor-bsi-warnung-1404-10589… *** RSA BSAFE Micro Edition Suite security bypass *** --------------------------------------------- RSA BSAFE Micro Edition Suite (MES) could allow a remote attacker to bypass security restrictions, caused by an error within the certificate chain processing logic. An attacker could exploit this vulnerability to create an improperly authenticated SSL connection. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/92408 *** Chef Multiple Vulnerabilities *** --------------------------------------------- Chef Software has acknowledged multiple security issues and vulnerabilities in Chef, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, bypass certain security restrictions, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/57836 *** WordPress Twitget Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- dxwsecurity has reported a vulnerability in the Twitget plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change plugin configuration settings when a logged-in administrative user visits a specially crafted web page. --------------------------------------------- https://secunia.com/advisories/57892 *** Critical Patch Update - April 2014 *** --------------------------------------------- Security vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below. The product area of the patches for the listed versions is shown in the Patch Availability column corresponding to the specified Products and Versions column. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html *** Innominate mGuard OpenSSL HeartBleed Vulnerability *** --------------------------------------------- OVERVIEW Researcher Bob Radvanovsky of Infracritical has notified NCCIC/ICS-CERT that Innominate has released a new firmware version that mitigates the OpenSSL HeartBleed vulnerability in the mGuard products.This vulnerability could be exploited remotely. Exploits that target the OpenSSL Heartbleed vulnerability are known to be publicly available.AFFECTED PRODUCTSThe following Innominate mGuard versions are affected: --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-105-02 *** Siemens Industrial Products OpenSSL HeartBleed Vulnerability *** --------------------------------------------- OVERVIEWSiemens reported to NCCIC/ICS-CERT a list of products affected by the OpenSSL vulnerability (known as 'Heartbleed'). Joel Langill of Infrastructure Defense Security Services reported to ICS-CERT and Siemens the OpenSSL vulnerability affecting the S7-1500.Siemens has produced an update and Security Advisory (SSA-635659) that mitigates this vulnerability in eLAN and is currently working on updates for the other affected products. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-105-03 *** Looking for malicious traffic in electrical SCADA networks - part 1, (Tue, Apr 15th) *** --------------------------------------------- When infosec guys are performing intrusion detection, they usually look for attacks like portscans, buffer overflows and specific exploit signature. For example, remember OpenSSL heartbleed vulnerability? --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17967&rss *** New Feature: Monitoring Certification Revocation Lists https://isc.sans.edu/crls.html, (Wed, Apr 16th) *** --------------------------------------------- Certificate Revocation Lists (“CRLs”) are used to track revoked certificates. Your browser will download these lists to verify if a certificate presented by a web site has been revoked. The graph above shows how many certificates were revoked each day by the different CRLs we are tracking. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17969&rss *** Adobe Flash ExternalInterface Use-After-Free *** --------------------------------------------- VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash. The vulnerability is caused by a use-after-free error when interacting with the "ExternalInterface" class from the browser, which could be exploited to achieve code execution via a malicious web page. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014040102 *** Netgear N600 Password Disclosure / Account Reset *** --------------------------------------------- While i was lurking around the Netgear firmware today i came across various tweaking and others i was able to find a password disclosure,File uploading vulnerably which could compromise the entire router.as of now no patch from the vendor. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014040101 *** Apache Syncope 1.0.8 / 1.1.6 Code Execution *** --------------------------------------------- In the various places in which Apache Commons JEXL expressions are allowed (derived schema definition, user / role templates, account links of resource mappings) a malicious administrator can inject Java code that can be executed remotely by the JEE container running the Apache Syncope core. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014040106 *** Bugtraq: CVE-2014-2735 - WinSCP: missing X.509 validation *** --------------------------------------------- A user can not recognize an easy to perform man-in-the-middle attack, because the client does not validate the "Common Name" of the servers X.509 certificate. In networking environment that is not trustworthy, like a wifi network, using FTP AUTH TLS with WinSCP the servers identity can not be trusted. --------------------------------------------- http://www.securityfocus.com/archive/1/531847 *** Qemu: out of bounds buffer access, guest triggerable via IDE SMART *** --------------------------------------------- An out of bounds memory access flaw was found in Qemu's IDE device model. It leads to Qemu's memory corruption via buffer overwrite(4 bytes). It occurs while executing IDE SMART commands. A guest's user could use this flaw to corrupt Qemu process's memory on the host. --------------------------------------------- http://seclists.org/oss-sec/2014/q2/116 *** Hintergrund: Warum wir Forward Secrecy brauchen *** --------------------------------------------- Der SSL-GAU zeigt nachdrücklich, dass Forward Secrecy kein exotisches Feature für Paranoiker ist. Es ist vielmehr das einzige, was uns noch vor einer vollständigen Komplettüberwachung aller Kommunikation durch die Geheimdienste schützt. --------------------------------------------- http://www.heise.de/security/artikel/Warum-wir-Forward-Secrecy-brauchen-217…

1 0

Tageszusammenfassung - Dienstag 15-04-2014
by Daily end-of-shift report 15 Apr '14

15 Apr '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 14-04-2014 18:00 − Dienstag 15-04-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Barracuda Multiple Products OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/57869 *** DSA-2903 strongswan *** --------------------------------------------- http://www.debian.org/security/2014/dsa-2903 *** Occupy Your Icons Silently on Android *** --------------------------------------------- FireEye mobile security researchers have discovered a new Android security issue: a malicious app with normal protection level permissions can probe icons on Android home screen and modify them to point to phishing .. --------------------------------------------- http://www.fireeye.com/blog/uncategorized/2014/04/occupy_your_icons_silentl… *** From the Trenches: AV Evasion With Dynamic Payload Generation *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/04/14/from-the-… *** Critical Patch Update - April 2014 - Pre-Release Announcement *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html *** First Phase of TrueCrypt Audit Turns Up No Backdoors *** --------------------------------------------- A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase. A report on the first phase of the audit was released .. --------------------------------------------- http://beta.slashdot.org/story/200749 *** Microsoft Confirms It Is Dropping Windows 8.1 Support *** --------------------------------------------- Microsoft TechNet blog makes clear that Windows 8.1 will not be patched, and that users must get Windows 8.1 Update if they want security patches, InfoWorlds Woody Leonhard reports. In what is surely the most customer-antagonistic move of the new Windows regime, Steve Thomas at Microsoft posted a TechNet article on Saturday stating categorically that Microsoft will .. --------------------------------------------- http://tech.slashdot.org/story/14/04/15/0053213/microsoft-confirms-it-is-dr… *** VMware reveals 27-patch Heartbleed fix plan *** --------------------------------------------- Go buy your vSysadmins a big choccy egg: their Easter in peril VMware has confirmed that 27 of its products need patches for the Heartbleed bug. --------------------------------------------- http://www.theregister.co.uk/2014/04/15/vmware_reveals_27patch_heartbleed_f… *** Cyberwar-Doku "netwars / out of CTRL": Webdoc bei heise *** --------------------------------------------- heise online präsentiert parallel zur Arte-Doku den ersten Teil der innovativen Multimedia-Dokumentation zum Thema Cyberwar. Sie entscheiden selbst, ob Sie beispielsweise lieber Details zu Stuxnet oder einen Kommentar des Star-Hackers FX sehen möchten. --------------------------------------------- http://www.heise.de/newsticker/meldung/Cyberwar-Doku-netwars-out-of-CTRL-We… *** Samsung Galaxy S5: Fingerabdrucksensor auch schon gehackt *** --------------------------------------------- Mit einer für das iPhone 5S entwickelten Fingerkuppenattrappe trickste Ben Schlabs die Sperre des neuen Samsung-Flagschiffs aus. Er konnte damit dann sogar Geld überweisen. --------------------------------------------- http://www.heise.de/security/meldung/Samsung-Galaxy-S5-Fingerabdrucksensor-… *** SSA-364879 (Last Update 2014-04-15): Vulnerabilities in SINEMA Server *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** SSA-654382 (Last Update 2014-04-15): Vulnerabilities in SIMATIC S7-1200 CPU *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** Akamai Withdraws Proposed Heartbleed Patch *** --------------------------------------------- As researchers demonstrate OpenSSL bug exploits that retrieve private keys, Akamai rescinds a patch suggestion for the SSL/TLS library after a security researcher punches holes in it. --------------------------------------------- http://www.darkreading.com/application-security/akamai-withdraws-proposed-h… *** (ISC) launches cyber forensics credential in Europe *** --------------------------------------------- Information and software security professional body (ISC)2 has announced the availability of its Certified Cyber Forensics Professional certification in Europe. Registration for CCFP-EU is now open, with the first exam available on 30 April 2014 at Pearson VUE test centres across the region. The German translation of the exam is to be available from 15 June 2014. --------------------------------------------- http://www.computerweekly.com/news/2240218864/ISC2-launches-cyber-forensics… *** BSI warnt vor BSI-Mails *** --------------------------------------------- Betrüger missbrauchen den Namen des BSI für eine Phishing-Kampagne, die vorgibt, dass der Empfänger bei "illegalen Aktivitäten" erwischt wurde. Das BSI rät, den Anhang keinesfalls zu öffnen. --------------------------------------------- http://www.heise.de/security/meldung/BSI-warnt-vor-BSI-Mails-2170549.html *** Hardware Giant LaCie Acknowledges Year-Long Credit Card Breach *** --------------------------------------------- Computer hard drive maker LaCie has acknowledged that a hacker break-in at its online store exposed credit card numbers and contact information on customers for the better part of the past .. --------------------------------------------- http://krebsonsecurity.com/2014/04/hardware-giant-lacie-acknowledges-year-l… *** Synology räumt nach Heartbleed auf: Passwort-Wechsel und Updates *** --------------------------------------------- Nachdem es durch die Heartbleed-Lücke gelang, auf Mail-Adressen und Passwörter von Synology-Nutzern zuzugreifen, fordert der Hersteller seine Kunden nun nachdrücklich zum Passwortwechsel auf. Ausserdem gibt es Security-Updates für die Synology-NAS. --------------------------------------------- http://www.heise.de/security/meldung/Synology-raeumt-nach-Heartbleed-auf-Pa… *** Exploiting CSRF under NoScript Conditions *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/04/15/exploitin…

1 0

Tageszusammenfassung - Montag 14-04-2014
by Daily end-of-shift report 14 Apr '14

14 Apr '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 11-04-2014 18:00 − Montag 14-04-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Heartbleed FAQ *** --------------------------------------------- Heartbleed FAQ11. April 2014Wir haben jetzt auch unsere Version einer FAQ zur "Heartbleed" veröffentlicht.Dieses Dokument ist kein finaler Bericht, sondern eine Bestandsaufnahme, die mit neuen Daten aktualisiert werden wird. So sind wir etwa dabei, den Status in Österreich noch genauer zu vermessen. Autor: Otmar Lendl --------------------------------------------- http://www.cert.at/services/blog/20140411232912-1127.html *** Heartbleed: Keys auslesen ist einfacher als gedacht *** --------------------------------------------- Zwei Personen ist es gelungen, private Schlüssel mit Hilfe des Heartbleed-Bugs aus einem nginx-Testserver auszulesen. Der Server gehört der Firma Cloudflare, die mit einem Wettbewerb sicherstellen wollte, dass das Auslesen privater Schlüssel unmöglich ist. (Server, OpenSSL) --------------------------------------------- http://www.golem.de/news/heartbleed-keys-auslesen-ist-einfacher-als-gedacht… *** NSA will nichts von "Heartbleed"-Lücke gewusst haben *** --------------------------------------------- In einem Bericht hatte die Nachrichtenagentur Bloomberg behauptet, die OpenSSL-Lücke sei der NSA seit zwei Jahren bekannt gewesen. Die US-Behörden wiesen das jedoch rasch zurück. --------------------------------------------- http://www.heise.de/security/meldung/NSA-will-nichts-von-Heartbleed-Luecke-… *** Heartbleed zeigt: Google muss Android-Updates in den Griff bekommen *** --------------------------------------------- Nur eine fast zwei Jahre alte Version betroffen, aber viele Millionen Geräte gefährdet - Updates unwahrscheinlich --------------------------------------------- http://derstandard.at/1397301984464 *** "Heartbleed": Noch immer tausende österreichische Webseiten betroffen *** --------------------------------------------- Sicherheitslücke findet sich auf Webservern öffentlicher Einrichtungen - Schulen und Gemeinden betroffen --------------------------------------------- http://derstandard.at/1397302008116 *** Identitätsdiebstahl: 7.500 Domain-Betreiber in Österreich betroffen *** --------------------------------------------- Das Bundeskriminalamt informiert nun alle Betreiber betroffener Domains --------------------------------------------- http://derstandard.at/1397302034346 *** OpenSSL use-after-free race condition read buffer *** --------------------------------------------- Topic: OpenSSL use-after-free race condition read buffer Risk: High Text:About two days ago, I was poking around with OpenSSL to find a way to mitigate Heartbleed. I soon discovered that in its defaul... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014040079 *** Citrix VDI-in-a-Box Discloses Administrator Password to Local Users *** --------------------------------------------- http://www.securitytracker.com/id/1030068 *** Arbitrary Code Execution Bug in Android Reader *** --------------------------------------------- A security vulnerability in Adobe Reader for Android could give an attacker the ability to execute arbitrary code. --------------------------------------------- http://threatpost.com/arbitrary-code-execution-bug-in-android-reader/105421

1 0

Tageszusammenfassung - Freitag 11-04-2014
by Daily end-of-shift report 11 Apr '14

11 Apr '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 10-04-2014 18:00 − Freitag 11-04-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Heartbleed vendor informations / statistics *** --------------------------------------------- https://isc.sans.edu/diary/Heartbleed+vendor+notifications/17929 https://www.cert.fi/en/reports/2014/vulnerability788210.html http://securityaffairs.co/wordpress/23878/intelligence/statistics-impact-he… *** Gehackte Online-Konten: Mehr als zehn Millionen Abrufe von Sicherheitstest *** --------------------------------------------- Auch der zweite Sicherheitscheck des BSI zu gehackten Online-Konten stößt auf großes Interesse. Für Verwirrung sorgt aber weiter eine Sicherheitssperre von GMX und web.de. --------------------------------------------- http://www.golem.de/news/gehackte-online-konten-mehr-als-zehn-millionen-abr… *** The Heartbleed Hit List: The Passwords You Need to Change Right Now *** --------------------------------------------- ... it hasnt always been clear which sites have been affected. Mashable reached out to various companies included on a long list of websites that could potentially have the flaw. Below, weve rounded up the responses from some of the most popular social, email, banking and commerce sites on the web. --------------------------------------------- http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ *** Heartbleed Vulnerability Affects 5% of Select Top Level Domains from Top 1M *** --------------------------------------------- In trying to gauge the impact of the Heartbleed vulnerability, we proceeded to scanning the Top Level Domain (TLD) names of certain countries extracted from the top 1,000,000 domains by Alexa. We then proceeded to separate the sites which use SSL and further categorized those under "vulnerable" or "safe". The data we were able to... --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/heartbleed-vulne… *** Spionage-Botnet nutzte Heartbleed-Lücke schon vor Monaten aus *** --------------------------------------------- Bereits im November hat ein auf Spionage ausgelegtes Botnet offenbar versucht, durch die OpenSSL-Lücke Daten abzugreifen - möglicherweise im Auftrag eines Geheimdienstes. Die gute Nachricht ist: Die Anzahl der noch verwundbaren Server ist rückläufig. --------------------------------------------- http://www.heise.de/security/meldung/Spionage-Botnet-nutzte-Heartbleed-Luec… *** Heartbleed: Apple-Nutzer sind nicht betroffen *** --------------------------------------------- Weder Mac OS X, iOS noch Apples Dienste wie iCloud sind von der Heartbleed-Schwachstelle betroffen. Denn Apple verzichtet auf OpenSSL. Einige Apps verwenden die Kryptobibliothek jedoch. (Apple, Server-Applikationen) --------------------------------------------- http://www.golem.de/news/heartbleed-apple-nutzer-sind-nicht-betroffen-1404-… *** Heartbleed Explanation *** --------------------------------------------- http://xkcd.com/1354/ *** Critical Update for JetPack WordPress Plugin *** --------------------------------------------- The Jetpack team just released a critical security update to fix a security vulnerability in the Jetpack WordPress plugin. The vulnerability allows an attacker to bypass the site's access control and publish posts on the site. All versions of JetPack since October, 2012 (Jetpack 1.9) are vulnerable, and all users should update to version 2.9.3 --------------------------------------------- http://blog.sucuri.net/2014/04/critical-update-for-jetpack-wordpress-plugin… *** Security Updates for VMware vSphere *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0002.html http://www.vmware.com/security/advisories/VMSA-2014-0003.html *** IBM SPSS Analytic Server Discloses Passwords to Remote Authenticated Users *** --------------------------------------------- http://www.securitytracker.com/id/1030051 *** [2014-04-11] Multiple vulnerabilities in Plex Media Server *** --------------------------------------------- Plex Media Server contains several vulnerability that allow an attacker to intercept traffic between Plex Media Server and clients in plaintext. Furthermore Cross Site Request Forgery (CSRF) vulnerabilities allow an attacker to execute privileged commands in the context of Plex Media Server. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily