- Daily - CERT.at

Tageszusammenfassung - Donnerstag 21-08-2014
by Daily end-of-shift report 21 Aug '14

21 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 20-08-2014 18:00 − Donnerstag 21-08-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Cisco WebEx MeetMeNow Server Directory Traversal Vulnerability *** --------------------------------------------- A vulnerability in a PHP file in the Cisco WebEx MeetMeNow Server could allow an authenticated, remote attacker to obtain the contents of arbitrary files on an affected device. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** The fall of rogue antivirus software brings new methods to light *** --------------------------------------------- Rogue antivirus software has been a part of the malware ecosystem for many years now - Win32/SpySheriff and Win32/FakeRean date all the way back to 2007. These rogues, and the many that have followed them throughout the years, generally mislead and scare users into paying a fee for "cleaning" false detections that the software claims to have found on the machine. They often use dozens .. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/08/19/the-fall-of-rogue-antivi… *** Researchers build security framework for Android *** --------------------------------------------- University researchers have modified the Android operating system to let developers plug in enterprise-class security enhancements that would normally require overhauling a mobile devices firmware.The code added to the OS is called the Android Security Modules (ASM) framework, which is described .. --------------------------------------------- http://www.csoonline.com/article/2474691/mobile-security/researchers-build-… *** Britischer Geheimdienst GCHQ entwickelt Hackerspiel mit *** --------------------------------------------- Im Browserspiel soll getestet werden, wie gut sich die Briten mit Online-Sicherheit auskennen. Dabei soll es Wettbewerbe geben, bei denen Nachwuchs rekrutiert wird. --------------------------------------------- http://futurezone.at/digital-life/britischer-geheimdienst-gchq-entwickelt-h… *** 5 excuses for doing nothing about computer security *** --------------------------------------------- Sadly, as were sure you have found, once a friend or family member has latched onto a security avoidance excuse, it can be hard to talk them round. So, here are five excuses that we hear a lot, both from individuals and from small businesses, together with some points you can use to argue back that security really does matter. --------------------------------------------- http://nakedsecurity.sophos.com/2014/08/20/5-excuses-for-doing-nothing-abou… *** Need a green traffic light all the way home? Easy with insecure street signals, say researchers *** --------------------------------------------- "While other deployments may use different wireless radios or even wired connections between intersections we have no reason to believe there are any fundamental differences between the network we studied and other traffic signal systems," the researchers concluded. "We believe that many traffic infrastructure .. --------------------------------------------- http://www.theregister.co.uk/2014/08/20/sick_of_slow_commuting_americas_tra… *** IoT: How I hacked my home *** --------------------------------------------- A typical modern home can have around five devices connected to the local network which aren't computers, tablets or cellphones. As users in a connected digital environment we need to ask ourselves: Are the devices connected to my network vulnerable? What could an attacker actually do if these devices were compromised? Is my home 'hackable?' --------------------------------------------- https://securelist.com/analysis/publications/66207/iot-how-i-hacked-my-home/

1 0

Tageszusammenfassung - Mittwoch 20-08-2014
by Daily end-of-shift report 20 Aug '14

20 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 19-08-2014 18:00 − Mittwoch 20-08-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Apache OFBiz cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/95356 *** The Administrator of Things (AoT) - A Side Effect of Smartification *** --------------------------------------------- In an earlier article, we talked about the ongoing smartification of the home - the natural tendency of households to accumulate more intelligent devices over time. While this has its benefits, the residents of smart homes also need to invest their time and energy to maintain these devices. These requirements will only grow as more... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5chS0C_DSr4/ *** RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass *** --------------------------------------------- Topic: RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass Risk: Medium Text:ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities EMC Identifier: ESA-2014-071 CVE Identifier: CVE-20... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014080085 *** "El Machete" *** --------------------------------------------- "Machete" is a targeted attack campaign with Spanish speaking roots. Most of the victims are located in Venezuela, Ecuador, , Colombia, Peru, Russia, Cuba, and Spain. Targets include high-level profiles, including intelligence services, military, embassies and government institutions. --------------------------------------------- https://securelist.com/blog/research/66108/el-machete/ *** Microsoft zieht weitere Windows-Updates zurück *** --------------------------------------------- Nutzer klagen über Bluescreens und weitere Probleme --------------------------------------------- http://derstandard.at/2000004536290 *** Vernetzte Geräte: Tausende Sicherheitslücken entdeckt *** --------------------------------------------- In mehr als 140.000 Geräten haben Forscher teils schwerwiegende Sicherheitslücken entdeckt, darunter Zero-Day-Exploits, hartcodierte Passwörter und private Schlüssel. --------------------------------------------- http://www.golem.de/news/vernetzte-geraete-tausende-sicherheitsluecken-entd… *** Bugtraq: [security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/533176 *** Bugtraq: Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/533180 *** Bugtraq: CVE-2014-5307 - Privilege Escalation in Panda Security Products *** --------------------------------------------- http://www.securityfocus.com/archive/1/533182 *** Bugtraq: CVE-2014-4973 - Privilege Escalation in ESET Windows Products *** --------------------------------------------- Versions 5.0 - 7.0 of ESET Smart Security and ESET Endpoint Security products for Windows XP OS allow a low privileged user to execute code as SYSTEM by exploiting a vulnerability in the ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver also mentioned as Personal Firewall module Build 1183 (20140214) and prior. --------------------------------------------- http://www.securityfocus.com/archive/1/533184 *** Aktuelle Masche: Krimineller "Blog-Klau" verärgert viele Betreiber *** --------------------------------------------- Unbekannte spiegeln derzeit dutzende deutsche Blogs und versuchen, mit den gekaperten Inhalten illegal Kasse zu machen. --------------------------------------------- http://www.heise.de/security/meldung/Aktuelle-Masche-Krimineller-Blog-Klau-… *** Zertifikate: Google will vor SHA-1 warnen *** --------------------------------------------- Google will Zertifikate, die mit SHA-1 signiert sind, bis spätestens 2017 loswerden. Der Chrome-Browser wird bald entsprechende Warnungen anzeigen. SHA-1 gilt schon seit einigen Jahren als potentiell unsicher. --------------------------------------------- http://www.golem.de/news/zertifikate-google-will-vor-sha-1-warnen-1408-1087… *** Multiple Vulnerabilities in various IBM Products *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/aix_libxml2_vulnerabi… https://www-304.ibm.com/connections/blogs/PSIRT/entry/vulnerability_in_aix_… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/multiple_vulnerabilit… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Dienstag 19-08-2014
by Daily end-of-shift report 19 Aug '14

19 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 18-08-2014 18:00 − Dienstag 19-08-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** New Attack Binds Malware in Parallel to Software Downloads *** --------------------------------------------- Open source software distribution systems that lack security processes and integrity checks are prone to a new attack that binds malware to a download without modifying the original application. --------------------------------------------- http://threatpost.com/new-attack-binds-malware-in-parallel-to-software-down… *** Microsofts Windows 8 App Store Is Full of Scamware *** --------------------------------------------- Deathspawner writes Windows 8 brought a lot to the table, with one of its most major features being its app store. However, its not a feature that Microsoft seems too intent on keeping clean. As it is today, the store is completely littered with misleading apps and outright scamware. The unfortunate thing is that .. --------------------------------------------- http://beta.slashdot.org/story/206067 *** Virenscanner: Testlabor analysiert das fehlende Prozent *** --------------------------------------------- In Labortests erkennen fast alle Virenscanner stets über 99 Prozent der Schädlinge. Doch genau das fehlende Prozent kann den Unterschied machen, wie die Verbreitung der durchgeschlüpften Dateien zeigt. --------------------------------------------- http://www.heise.de/security/meldung/Virenscanner-Testlabor-analysiert-das-… *** Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?, (Sun, Aug 17th) *** --------------------------------------------- This diary follows from Part 1, published on Sunday August 17, 2014. How is it possible that with no port forwarding enabled through the firewall that Internet originated NTP requests were getting past the firewall to the misconfigured NTP server? The reason why these packets are passing .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18549&rss *** Stuxnet: Geschlossene Sicherheitslücke gefährdet noch immer Millionen *** --------------------------------------------- Experten führen die hohen Zahlen auf eine mangelnde Wartung von Servern zurück --------------------------------------------- http://derstandard.at/2000004498863 *** APT Gang Branches Out to Medical Espionage in Community Health Breach *** --------------------------------------------- The Community Health Systems data breach has been tied to a Chinese APT gang that has branched out to medical espionage, stealing patient data in an effort to target intelligence on medical device development. --------------------------------------------- http://threatpost.com/apt-gang-branches-out-to-medical-espionage-in-communi… *** Multipe vulnerabilities in EMC Documentum products *** --------------------------------------------- http://www.securityfocus.com/archive/1/533161 http://www.securityfocus.com/archive/1/533160 http://www.securityfocus.com/archive/1/533159 http://www.securityfocus.com/archive/1/533162 *** DSA-3006 xen *** --------------------------------------------- http://www.debian.org/security/2014/dsa-3006 *** FreeNAS password security bypass *** --------------------------------------------- FreeNAS could allow a remote attacker to bypass security restrictions, caused by the use of a blank password by the Web admin. An attacker could exploit this vulnerability to reset the admin password and gain full administrative access to the device. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/95326 *** Apache HttpComponents certificate spoofing *** --------------------------------------------- Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a .. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/95327 *** Cisco NX-OS Software SNMP Information Disclosure Vulnerability *** --------------------------------------------- A vulnerability in the Simple Network Management Protocol (SNMP) module of Cisco NX-OS Software could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to a failure to respond to invalid requests in the same manner when specifying a VLAN ID. An attacker could exploit this vulnerability by making a large number of requests to .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…

1 0

Tageszusammenfassung - Montag 18-08-2014
by Daily end-of-shift report 18 Aug '14

18 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 14-08-2014 18:00 − Montag 18-08-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Microsoft zieht Updates zurück *** --------------------------------------------- Mit insgesamt vier der am letzten Patchday veröffentlichten Updates für Windows gibt es offenbar Probleme. Microsoft hat jetzt reagiert und warnt davor, sie einzuspielen. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-zieht-Updates-zurueck-229417… *** Suspicious Login Message Faked, Distributes Backdoor *** --------------------------------------------- Legitimate services are often used by cybercriminals to try and make their attacks more convincing. Recently, I spotted attacks that used services and platforms like Google Drive and Dropbox in order to look less suspicious to unwary users. I received a spammed message like the one shown right below that supposedly came from Gmail itself. It warned me that someone logged... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/hhVGnlO7Tzs/ *** ZDI-14-295: AlienVault OSSIM av-centerd Util.pm remote_task Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-295/ *** ZDI-14-294: AlienVault OSSIM av-centerd Util.pm get_license Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-294/ *** Siemens OpenSSL Vulnerabilities (Update B) *** --------------------------------------------- This updated advisory is a follow-up to the updated advisory titled ICSA-14-198-03A Siemens OpenSSL Vulnerabilities that was published July 23, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for vulnerabilities in the Siemens OpenSSL cryptographic software library affecting several Siemens industrial products. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-198-03B *** Siemens SIMATIC S7-1500 CPU Denial of Service *** --------------------------------------------- Siemens produced a new firmware version that mitigates a denial of service vulnerability in SIMATIC S7-1500 CPU. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-226-01 *** 7 Places to Check for Signs of a Targeted Attack in Your Network *** --------------------------------------------- Targeted attacks are designed to circumvent existing policies and solutions within the target network, thus making their detection a big challenge. As we've stressed in our previous entry about common misconceptions about targeted attacks, there is no one-size-fits-all solution against it; enterprises need to arm themselves with protection that can provide sensors where needed, as well as IT... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/NhRVtViIRDU/ *** Security: Lücken in Update-Servern gefährden Millionen Router *** --------------------------------------------- Über mehrere Schwachstellen in den Auto Configuration Servern von Providern könnten Angreifer manipulierte Firmware an Millionen Router verteilen. Außerdem gibt es Fehler im dazugehörigen Kommunikationsprotokoll. --------------------------------------------- http://www.golem.de/news/security-luecken-in-update-servern-gefaehrden-mill… *** Internet Explorer: Veraltete ActiveX-Steuerelemente werden später blockiert *** --------------------------------------------- Microsoft verschiebt das Blockieren veralteter Versionen von Java und Co. auf September. Der Grund sind Beschwerden einiger Admins. --------------------------------------------- http://www.heise.de/security/meldung/Internet-Explorer-Veraltete-ActiveX-St… *** Kein Mailversand: Spamhaus listet Web.de, GMX und 1&1 *** --------------------------------------------- Spamhaus hat heute versehentlich die Mailserver von United Internet gelistet. Der Mailversand ist für einige Stunden nicht möglich gewesen. (Spam, E-Mail) --------------------------------------------- http://www.golem.de/news/mailserver-spamhaus-listet-web-de-gmx-und-1-1-1408… *** VB2014 preview: Optimized mal-ops. Hack the ad network like a boss *** --------------------------------------------- Researchers Vadim Kotov and Rahul Kashyap to discuss how advertisements are the new exploit kits.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at some of the research that will be presented at the event. In the second of this series, we look at the paper Optimized mal-ops. Hack the ad network like a boss, from Vadim Kotov and Rahul Kashyap, two researchers from Bromium."We conclude that ad networks could be leveraged to aid, or even be --------------------------------------------- http://www.virusbtn.com/blog/2014/08_15.xml?rss *** Ebola fear used as bait, leads to malware infection *** --------------------------------------------- Summary: Ebola news is bait for attackers to steal login credentials and install Trojan.Zbot, W32.Spyrat, and Backdoor.Breut malware. --------------------------------------------- http://www.symantec.com/connect/blogs/ebola-fear-used-bait-leads-malware-in… *** FinFisher & Co. machen harmlose Katzenvideos zur Waffe für Cyber-Attacken *** --------------------------------------------- Ein Forscher hat im Detail beschrieben, wie Angreifer mit Zugriff auf die Netzwerkinfrastruktur eines Internet-Providers Trojaner in den Traffic der Nutzer einschleusen können, ohne dass die Opfer etwas bemerken. --------------------------------------------- http://www.heise.de/security/meldung/FinFisher-Co-machen-harmlose-Katzenvid… *** Part 1: Is your home network unwittingly contributing to NTP DDOS attacks?, (Sun, Aug 17th) *** --------------------------------------------- For the last year or so, I have been investigating UDP DDOS attacks. In this diary I would like to spotlight a somewhat surprising scenario where a manufacturer's misconfiguration on a popular consumer device combined with a design decision in a home gateway router may make you an unwitting accomplice in amplified NTP reflection DDOS attacks. This is part 1 of the story. I will publish the conclusion Tuesday August 19th. Background Today almost every house has consumer broadband services. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18547&rss *** Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability, (Sat, Aug 16th) *** --------------------------------------------- With Windows malware getting so much attention nowadays, its easy to forget that attackers also target other OS platforms. Lets take a look at a recent attempt to install an IRC bot written in Perl by exploiting a vulnerability in PHP. The Initial Probe The web server received the initial probe from 46.41.128.231, an IP address that at the time was not flagged as malicious on various blacklists: HEAD / HTTP/1.0 The connection lacked the headers typically present in an HTTP request, which is why... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18543&rss *** ZeroLocker wont come to your rescue *** --------------------------------------------- In recent times weve been seeing a lot of file-encrypting ransomware activity. One of the new ones weve seen pop up in the last couple weeks is called ZeroLocker. Theres indication the C&C configuration contains some errors which would prevent... --------------------------------------------- https://securelist.com/blog/incidents/66135/zerolocker-wont-come-to-your-re…

1 0

Tageszusammenfassung - Donnerstag 14-08-2014
by Daily end-of-shift report 14 Aug '14

14 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 13-08-2014 18:00 − Donnerstag 14-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Safari: Apple behebt diverse Sicherheitslücken *** --------------------------------------------- Der Hersteller hat in der Nacht zum Donnerstag seinen hauseigenen Browser für verschiedene Betriebssysteme aktualisiert. Für Entwickler stellte Apple außerdem eine weitere Vorschauversion von OS X 10.9.5 bereit. --------------------------------------------- http://www.heise.de/security/meldung/Safari-Apple-behebt-diverse-Sicherheit… *** Vulnerability in Spotify Android App May Lead to Phishing *** --------------------------------------------- We have discovered a vulnerability that affects versions of the Spotify app for Android older than 1.1.1. If exploited, the vulnerability can allow bad guys to control what is being displayed on the app interface. This vulnerability can be potentially abused by cybercriminals to launch phishing attacks that may result to information loss or theft. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ZJMVGX3NMwk/ *** Portal: Tor für mobile Router *** --------------------------------------------- Anonymes Surfen mit Tor ist noch sicherer, wenn die Software nicht auf dem eigenen Rechner läuft. Die Software Portal integriert Tor in der Firmware Openwrt und lässt sich so auf ausgewählten mobilen Routern nutzen. --------------------------------------------- http://www.golem.de/news/portal-tor-fuer-mobile-router-1408-108575-rss.html *** Tiny Malware PoC: Malware Without IAT, DATA OR Resource Section *** --------------------------------------------- Have you ever wondered about having an EXE without any entry in IAT (Import Address Table) at all? Well, I knew that its possible, but never saw an actual exe file without IAT entry. So I developed an application which is 1,536 bytes and still does basic annoying malware things. --------------------------------------------- http://www.codeandsec.com/PoC-Tiny-Malware-Without-IAT-DATA-Or-Resource-Sec… *** SAMHAIN v3.1.2 Released *** --------------------------------------------- The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially different operating systems, providingcentralized logging and maintenance, although it can also be used as standalone application on a single host. --------------------------------------------- http://www.toolswatch.org/2014/08/samhain-v3-1-2-released/ *** ZeroLocker *** --------------------------------------------- Recently in the news we saw FireEye and Fox-IT provide the ability to decrypt files encrypted by older crpytolocker variants. They used the command and control servers seized by the FBI during operation Tovar. Since they have access to those RSA keys they essentially have the password required for every single file encrypted by a Cryptolocker variant that used Evgeniy Bogachev's botnet. --------------------------------------------- http://www.webroot.com/blog/2014/08/14/zero-locker/ *** JSA10643 - 2014-08 Security Bulletin: Juniper Secure Analytics (JSA)/Security Threat Response Manager (STRM): Multiple vulnerabilities resolved by third party software upgrades. *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10643&actp=RSS *** JSA10642 - 2014-08 Security Bulletin: Network and Security Manager NSM: Multiple vulnerabilities *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10642&actp=RSS *** Disqus 2.7.5 Cross Site Request Forgery / Cross Site Scripting *** --------------------------------------------- Topic: Disqus 2.7.5 Cross Site Request Forgery / Cross Site Scripting Risk: Medium Text:<!-- Exploit for Disqus for Wordpress admin stored CSRF+XSS up to v2.7.5 Blog post explainer: https://www.nikcub.com/posts/... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014080064 *** Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information *** --------------------------------------------- http://www.securitytracker.com/id/1030732 *** SSA-310688 (Last Update 2014-08-14): Denial-of-Service Vulnerability in SIMATIC S7-1500 CPU *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** SSA-234763 (Last Update 2014-08-14): OpenSSL Vulnerabilities in Siemens Industrial Products *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… Next End-of-Shift report on 2014-08-18

1 0

Tageszusammenfassung - Mittwoch 13-08-2014
by Daily end-of-shift report 13 Aug '14

13 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 12-08-2014 18:00 − Mittwoch 13-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** (Updated 2014/8/13) Syria offline - initial analysis of BGP (and explanation) *** --------------------------------------------- This blog post evolved over time - initially it was a mere scratchpad for notes during our initial research between 2012/11/29 and 11/30. Later, after Syria was back online again, I added a summary and some potential explanations of what might have happened at the end of this blog post. UPDATE 2014/8/13: It seems it was the NSA that hacked a router, according to Snowden. Scroll to the end for links. --------------------------------------------- http://www.cert.at/services/blog/20121129184048-616.html *** MS14-AUG - Microsoft Security Bulletin Summary for August 2014 - Version: 1.0 *** --------------------------------------------- This bulletin summary lists security bulletins released for August 2014. With the release of the security bulletins for August 2014, this bulletin summary replaces the bulletin advance notification originally issued August 7, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-AUG *** Assessing risk for the August 2014 security updates *** --------------------------------------------- Today we released nine security bulletins addressing 40 unique CVEs. Two bulletins have a maximum severity rating of Critical while the other seven have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max exploit-ability Likely first 30 days impact Platform mitigations and key notes MS14-051 (Internet Explorer) Victim browses --------------------------------------------- http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-au… *** Microsoft-Patchday: 26 Lücken im Internet Explorer gestopft *** --------------------------------------------- Wie am zweiten Dienstag im Monat üblich, hat Microsoft eine Reihe von Sicherheitslücken im Internet Explorer, in Windows und in anderen Produkten geschlossen. Für den IE gibt es 26 einzelne Patches, eine Lücke wird bereits von Angreifern aktiv genutzt. --------------------------------------------- http://www.heise.de/newsticker/meldung/Microsoft-Patchday-26-Luecken-im-Int… *** Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability *** --------------------------------------------- CVE-2014-3339 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Study: Firmware Plagued By Poor Encryption and Backdoors *** --------------------------------------------- itwbennett writes: The first large-scale analysis of firmware has revealed poor security practices that could present opportunities for hackers probing the Internet of Things. Researchers with Eurecom, a technology-focused graduate school in France, developed a web crawler that plucked more than 30,000 firmware images from the websites of manufacturers including Siemens, Xerox, Bosch, Philips, D-Link, Samsung, LG and Belkin. In one instance, the researchers found a Linux kernel that was 10... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/-X--LranmlI/story01.htm *** Fifteen zero days found in hacker router comp romp *** --------------------------------------------- Four routers rooted in SOHOpelessly Broken challenge DEF CON Researchers have unveiled 15 zero day vulnerabilities in four home and small business routers as part of the SOHOpelessly Broken hacker competition in DEF CON this week. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/08/13/fifteen_zer… *** Black Hat USA 2014 talk about hypervisor security *** --------------------------------------------- This week I presented at Black Hat USA. The talk is titled "Poacher turned gatekeeper: lessons learned from eight years of breaking hypervisors". The main points were: Describe the attack surface of Type 1 and Type 2 hypervisors Show that despite not being 100% bulletproof, hypervisors are still the best usable way to isolate potentially... --------------------------------------------- http://labs.bromium.com/2014/08/11/black-hat-usa-2014-talk-about-hypervisor… *** Wireless Auditing, Intrusion Detection & Prevention System *** --------------------------------------------- WAIDPS is an open source wireless swissknife written in Python and work on Linux environment. This is a multipurpose tools designed for audit (penetration testing) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point). --------------------------------------------- http://www.ehacking.net/2014/08/wireless-auditing-intrusion-detection.html *** SSA-635659 (Last Update 2014-08-14): Heartbleed Vulnerability in Siemens Industrial Products *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** Gefälschtes Tor-Browser-Bundle mit Trojaner *** --------------------------------------------- Eine täuschend echte Kopie der Seite torproject.org verteilt einen Trojaner. Der Student Julien Voisin hat ihn zerlegt - und konnte Kontakt zu den Verantwortlichen herstellen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Gefaelschtes-Tor-Browser-Bundle-mit-… *** Ältere Versionen von Disqus für WordPress angreifbar *** --------------------------------------------- Ein Sicherheitsforscher hat Sicherheitslücken im beliebten Disqus-Plug-in für WordPress entdeckt. Administratoren sollten sicherstellen, dass die entsprechenden Updates installiert sind. --------------------------------------------- http://www.heise.de/security/meldung/Aeltere-Versionen-von-Disqus-fuer-Word… *** New Metasploit 4.10: Credentials Are the New Exploits *** --------------------------------------------- We’ve given credentials a new boost with Metasploit 4.10. It’s now easier to manage, reuse and report on credentials as part of a penetration test. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/08/13/credentia…

1 0

Tageszusammenfassung - Dienstag 12-08-2014
by Daily end-of-shift report 12 Aug '14

12 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 11-08-2014 18:00 − Dienstag 12-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Adobe Security Bulletins Posted *** --------------------------------------------- The following Security Bulletins have been posted today: APSB14-18: Security updates available for Adobe Flash Player http://helpx.adobe.com/security/products/flash-player/apsb14-18.html APSB14-19: Security updates available for Adobe Reader and Acrobat http://helpx.adobe.com/security/products/reader/apsb14-19.html Customers of the affected products should consult the relevant Security Bulletin(s) for details. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1118 *** Cisco Unified Communications Manager SIP Subsystem Vulnerability *** --------------------------------------------- CVE-2014-3337 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco Unified Communications Manager CTIManager Vulnerability *** --------------------------------------------- CVE-2014-3338 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Two new Gameover Zeus variants in the wild *** --------------------------------------------- About two months after botnet takedown efforts, new versions of the malware have surfaced in the U.S. and abroad. --------------------------------------------- http://www.scmagazine.com/two-new-gameover-zeus-variants-in-the-wild/articl… *** Millions of PCs Affected by Mysterious Computrace Backdoor *** --------------------------------------------- Absolute Softwares anti-theft Computrace software is mysteriously installed on brand new machines, nearly impossible to remove, and exploitable. --------------------------------------------- http://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-bac… *** NIST wants better SCADA security *** --------------------------------------------- Preparing the way for a test lab Americas National Institute of Standards and Technology (NIST) wants to take a hand in addressing the SCADA industry's chronic insecurity, by building a test bed for industrial control systems. --------------------------------------------- http://www.theregister.co.uk/2014/08/12/nist_wants_better_scada_security/ *** Command Injection allows Unauthenticated Command Bypass on multiple D-Link products *** --------------------------------------------- The DNS-315L DNS-320L, DNS-327L, DNS-340L, and DNS-345 have been identifed as having a vulnerability in their Web-GUI application that allows malicious users to gain access to the device configuraiton, device operating system, and stored file without requiring log-in credentials. --------------------------------------------- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10042 *** 2Q 2014 Security Roundup: Turning the Tables on Cyber Attacks *** --------------------------------------------- The incidents that cropped up in the months of April to June 2014 - from the data breaches, DDoS attacks, to malware improvements and threats to privacy - highlighted the need for enterprises to craft a more strategic response against and in anticipation of security threats. There were plenty of threats to be found in the quarter. There was... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Cf4i9ouVNiM/ *** How to hack a Macbook using just USB *** --------------------------------------------- Yesterday, at the 2014 DEF CON hackers conference in Las Vegas, security researchers Joe Fitzpatrick and Miles Crabil demonstrated how they could directly access the memory of Apple Macbook devices using a piece of hardware they built to plug into the computer's own USB slot. --------------------------------------------- http://www.techly.com.au/2014/08/12/hack-macbook-using-just-usb/ *** BlackBerry Z10 erlaubte freien Zugriff über das WLAN *** --------------------------------------------- Sicherheitsforscher haben eine Lücke öffentlich gemacht, die es einem Angreifer erlaubte, auf Daten auf dem BlackBerry Z10 zuzugreifen. Der eingebaute File-Server erlaubte Zugriff auf den Telefonspeicher, ohne nach einem Passwort zu fragen. --------------------------------------------- http://www.heise.de/security/meldung/BlackBerry-Z10-erlaubte-freien-Zugriff…

1 0

Tageszusammenfassung - Montag 11-08-2014
by Daily end-of-shift report 11 Aug '14

11 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 08-08-2014 18:00 − Montag 11-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Cisco Unity Connection SQL Injection Vulnerability *** --------------------------------------------- CVE-2014-3336 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Splunk Bugs Permit Remote Cross-Site Scripting and Remote Authenticated Directory Traversal Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1030690 *** Incident Response with Triage-ir, (Sun, Aug 10th) *** --------------------------------------------- In many cases having a full disk image is not an option during an incident. Imagine that you are suspecting that you have dozen of infected or compromised system. Can you spend 2-3 hours to make a forensic copy of hard disks hundred computers? In such situation fast forensics is the solution for such situation. Instead of copying everything collecting some files that may contain an evidence can solve this issue. In this diary I am going to talk about an application that will collect most of... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18509&rss *** Verifying preferred SSL/TLS ciphers with Nmap, (Mon, Aug 11th) *** --------------------------------------------- In last year or two, there has been a lot of talk regarding correct usage of SSL/TLS ciphers on web servers. Due to various incidents more or less known incidents, web sites today should use PFS (Perfect Forward Secrecy), a mechanism that is used when an SSL/TLS connection is established and symmetric keys exchanged. PFS ensures that, in case an attacker obtains the server's private key, he cannot decrypt previous SSL/TLS connections to that server. If PFS is not used (if RSA is used to --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18513&rss *** WordHound erzeugt maßgeschneiderte Wörterbücher für Passwort-Knacker *** --------------------------------------------- Wörterbuch-Attacken auf Passwort-Hashes dauern lange und sind nicht immer erfolgreich. Schneidet man die durchzuprobierenden Passwörter aber auf das Ziel zurecht, sind selbst vergleichbar komplizierte Kennwörter unter Umständen nicht mehr sicher. --------------------------------------------- http://www.heise.de/newsticker/meldung/WordHound-erzeugt-massgeschneiderte-… *** You cannot cyberhijack an airplane, but you can create mischief *** --------------------------------------------- Hacking a plane and taking control of the aircraft is a considerably scary prospect, but two speakers at DefCon 22 in Las Vegas quashed the notion and put worries to rest. --------------------------------------------- http://www.scmagazine.com/defcon-you-cannot-cyberhijack-an-airplane-but-you… *** Cybercrime Report: Soziale Netzwerke zunehmend betroffen *** --------------------------------------------- 2013 wurden in Österreich 11.199 Fälle von Cybercrime angezeigt. Als Motive sieht das Bundeskriminalamt finanzielle Interessen, Langeweile und Hacktivism. [...] Neue Technologien werden in Zukunft weiterhin neue Erscheinungsformen von Cyberkriminalität begünstigen, heißt es im Report. Genannt wurde der Einsatz von "NFC" (Near Field Communication) zur Durchführung kontaktloser Zahlungsvorgänge, aber auch Verkehrsmittel, die mit der Möglichkeit zur Netzwerk-Kommunikation ausgestattet werden, wie zum Beispiel Smart-Vehicles und Drohnen, warnt der Bericht abschließend. --------------------------------------------- http://futurezone.at/netzpolitik/cybercrime-report-soziale-netzwerke-zunehm…

1 0

Tageszusammenfassung - Freitag 8-08-2014
by Daily end-of-shift report 08 Aug '14

08 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 07-08-2014 18:00 − Freitag 08-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Massives Datenleck *** --------------------------------------------- Massives Datenleck | 6. August 2014Diverse Medien berichten, dass eine kriminelle Gruppe aus Russland eine gigantische Zahl an Zugangsdaten erbeutet hat. Siehe u.a.: New York Times, Slate, WSJ, DerStandard, Futurezone, Heise, ... | Woher die Credentials wirklich stammen (die Geschichte mit dem Botnet und SQL-Injection klingt ein bisschen nach einem Bericht aus 2013), ist auch nicht restlos geklärt: In anderen Fällen war das eine Mischung aus diversen Kampagnen, sowohl Einbrüchen in... --------------------------------------------- http://www.cert.at/services/blog/20140806143111-1213.html *** Black Hat USA Talks: Investigating PowerShell Attacks *** --------------------------------------------- Threat actors are always eager to adopt new tools, tactics, and procedures that can help them evade detection and conduct their mission. Incident responders from Mandiant have observed increasing use of PowerShell by targeted attackers to conduct command-and-control in compromised... --------------------------------------------- http://www.fireeye.com/blog/technical/2014/08/black-hat-usa-talks-investiga… *** IETF will selbst elliptische Kurven standardisieren *** --------------------------------------------- Künftig will die IETF nicht mehr nur einfach die von der NIST empfohlenen Krypto-Standards übernehmen, sondern eigene schaffen. Die NIST hingegen versucht weiterhin, ihr ramponiertes Image als unabhängige Instanz zu retten. --------------------------------------------- http://www.heise.de/security/meldung/IETF-will-selbst-elliptische-Kurven-st… *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU *** --------------------------------------------- There are multiple vulnerabilities in IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in July 2014. CVE(s): CVE-2014-4263 and CVE-2014-4244, Affected product(s) and affected version(s): IBM Java SDK shipped with IBM WebSphere Application Server Version 8.5.0.0 through 8.5.5.2, Version 8.0.0.0 through 8.0.0.9, Version 7.0.0.0 through 7.0.0.33, Version 6.1.0.0 through 6.1.0.47 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** Checking for vulnerabilities in the Smart Grid System, (Thu, Aug 7th) *** --------------------------------------------- SCADA systems are not composed the same way as regular IT systems. Therefore, the risk and vulnerability assessment cannot be performed as it is done for any other IT system. The most important differences are: SCADA Pentesting should not be done in production environment: SCADA devices are very fragile and some activities that could pose harmless to regular IT environments could be catastrophic to the process availability. Think of massive blackouts or no water supply for a city. SCADA --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18499&rss *** Wordpress: Defektes Plugin erlaubt Admin-Zugriff *** --------------------------------------------- Das Wordpress-Plugin Custom Contacts Form hat einen Fehler, der es Angreifern erlaubt, administrative Rechte über eine Webseite zu erhalten. Es gibt bereits einen Patch. --------------------------------------------- http://www.golem.de/news/wordpress-defektes-plugin-erlaubt-admin-zugriff-14… *** Analyzing the Fake ID Android vulnerability *** --------------------------------------------- In this video shot at Black Hat 2014 in Las Vegas, Jeff Forristal of Bluebox Security sits with Danielle Walker, reporter at SC Magazine, to discuss the Fake ID Android vulnerability. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/Tp9gYIOHaFg/ *** Black Hat 2014: 75 Prozent aller mobilen Kassensysteme verwundbar *** --------------------------------------------- Knapp drei viertel aller gängigen mobilen Terminals zum Auslesen von Kreditkarten basieren auf der selben Hard- und Software. Forscher haben demonstriert, wie sie die Geräte unter Kontrolle bringen und so dem Kartenmissbrauch Tür und Tor öffnen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Black-Hat-2014-75-Prozent-aller-mobi… *** Patchday: Microsoft behebt kritische Lücken in Windows und IE *** --------------------------------------------- Am kommenden Patchday veröffentlicht Microsoft insgesammt neun Sicherheitsupdates, davon sind zwei als "kritisch" und sieben weitere als "wichtig" markiert. --------------------------------------------- http://www.heise.de/newsticker/meldung/Patchday-Microsoft-behebt-kritische-… *** Microsoft: Keine Updates mehr für ältere Internet Explorer *** --------------------------------------------- Ab Anfang 2016 will Microsoft ältere Internet-Explorer-Versionen nicht mehr unterstützen. Bis dahin sollten Windows-Nutzer den Webbrowser aktualisieren, um weiterhin Updates zu erhalten. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-Keine-Updates-mehr-fuer-aelt… *** How to Use Your Cat to Hack Your Neighbor's Wi-Fi *** --------------------------------------------- Late last month, a Siamese cat named Coco went wandering in his suburban Washington, DC neighborhood. He spent three hours exploring nearby backyards. He killed a mouse, whose carcass he thoughtfully brought home to his octogenarian owner, Nancy. And while he was out, Coco mapped dozens of his neighbors' Wi-Fi networks, identifying four routers that used... --------------------------------------------- http://feeds.wired.com/c/35185/f/661467/s/3d4f7cee/sc/10/l/0L0Swired0N0C20A… *** HPSBHF03084 rev.1 HP PCs with UEFI Firmware, Execution of Arbitrary Code *** --------------------------------------------- Potential security vulnerabilies have been identified with certain HP PCs with UEFI Firmware. The vulnerabilities could be exploited to allow execution of arbitrary code. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** HPSBUX03087 SSRT101413 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access *** --------------------------------------------- Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS). --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Neues Sysinternals-Tool hilft bei der Malware-Suche *** --------------------------------------------- Mit dem Programm Sysmon ist die beliebte Werkzeugsammlung von Microsoft Sysinternals um ein neues Tool zum Aufspüren verdächtiger Aktivitäten auf Windows-Rechnern gewachsen. --------------------------------------------- http://www.heise.de/security/meldung/Neues-Sysinternals-Tool-hilft-bei-der-…

1 0

Tageszusammenfassung - Donnerstag 7-08-2014
by Daily end-of-shift report 07 Aug '14

07 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 06-08-2014 18:00 − Donnerstag 07-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability *** --------------------------------------------- cisco-sa-20140806-energywise --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security expert calls home routers a clear and present danger *** --------------------------------------------- In Black Hat Q&A, In-Q-Tel CISO says home routers are "critical infrastructure." --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/iXnyWy8k6JU/ *** Black Hat 2014: Netzbetreiber-Software zum Fernsteuern von Mobilgeräten erlaubt Missbrauch *** --------------------------------------------- Auf zwei Milliarden Mobilfunkgeräten läuft eine verwundbare Software, die Netzbetreibern zum Kontrollieren der Geräte dient. Mit geringem Aufwand können Angreifer die Geräte unbemerkt aus der Ferne manipulieren und so beispielsweise Datenverkehr mitschneiden. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-2014-Netzbetreiber-Software-… *** Internet Explorer begins blocking out-of-date ActiveX controls *** --------------------------------------------- As part of our ongoing commitment to delivering a more secure browser, starting August 12th Internet Explorer will block out-of-date ActiveX controls. ActiveX controls are small apps that let Web sites provide content, like videos and games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren't automatically updated, they can become outdated as new versions are released. --------------------------------------------- http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-bloc… *** Cisco 2014 Midyear Security Report: Exposing Weak Links to Strengthen the Security Chain *** --------------------------------------------- You may be thinking, "What could have possibly changed since January?" True to form, the attacker community continues to evolve, innovate, and think up new ways to discover and exploit weak links in the security chain. Also true to form, they sometimes simply use tried and true methods to exploit some of the same old vulnerabilities that continue to present themselves. --------------------------------------------- https://blogs.cisco.com/security/cisco-2014-midyear-security-report-exposin… *** Securing VoIP systems *** --------------------------------------------- Countermeasures for these security issues are given below in greater detail: - Encryption - Firewalls - Traffic Analysis - Improved network Security - Authentication mechanisms - Apply appropriate patches - Turn off unnecessary protocols... --------------------------------------------- http://resources.infosecinstitute.com/securing-voip-systems/ *** Jetzt updaten: Ältere Synology NAS-Geräte anfällig für Ransomware *** --------------------------------------------- Der NAS-Hersteller Synology hat Details zu der Lücke bekannt gegeben, die der Erpressungs-Trojaner SynoLocker ausnutzt, um die Daten seiner Opfer zu verschlüsseln. Nach Informationen des Herstellers betrifft das Sicherheitsproblem nur ältere Firmware-Versionen und wurde im Dezember 2013 behoben. Die DiskStation-Manager-Software (DSM) Version 4.3-3810 oder älter soll betroffen sein, ein Update auf DSM 5.0 soll Abhilfe schaffen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Jetzt-updaten-Aeltere-Synology-NAS-G… *** OpenSSL-Updates - diesmal nicht ganz so schlimm *** --------------------------------------------- Die OpenSSL-Entwickler beseitigen neun Sicherheitslücken, die meisten von Google-Forschern entdeckt. Allerdings ist diesmal nichts wirklich dramatisches dabei. --------------------------------------------- http://www.heise.de/newsticker/meldung/OpenSSL-Updates-diesmal-nicht-ganz-s… *** Hintergrund: Politische Lösungen für eine sichere Zukunft der Kommunikation *** --------------------------------------------- Nach den Snowden-Enthüllungen steht eine Diskussion an, was wir zukünftig besser machen können, um Spionage und großflächige Massenüberwachung zu verhindern. Neben der besserer Technik braucht es da auch neue politische Ansätze, meint Linus Neumann. --------------------------------------------- http://www.heise.de/security/artikel/Politische-Loesungen-fuer-eine-sichere… *** Security Notice-Statement on 9 OpenSSL Vulnerabilities *** --------------------------------------------- Aug 07, 2014 20:29 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices…

1 0

Tageszusammenfassung - Mittwoch 6-08-2014
by Daily end-of-shift report 06 Aug '14

06 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 05-08-2014 18:00 − Mittwoch 06-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Another Bypass Identified in PayPal 2FA *** --------------------------------------------- A security researcher has uncovered a simple method for bypassing the two-factor authentication mechanism that PayPal uses to protect accounts that are tied to eBay accounts. The vulnerability is related to the way that the login flow works when a user is prompted to connect her eBay account to her PayPal account. The eBay and... --------------------------------------------- http://threatpost.com/another-bypass-identified-in-paypal-2fa/107605 *** Mozilla zukünftig mit zentralen Sperrlisten *** --------------------------------------------- Sichere Internet-Verbindungen erfordern Mechanismen, kompromittierte Zertifikate als ungültig zu erklären. Die aktuellen Verfahren dazu funktionieren jedoch nicht. Zukünftig soll das bei Firefox und Co die OneCRL richten. --------------------------------------------- http://www.heise.de/security/meldung/Mozilla-zukuenftig-mit-zentralen-Sperr… *** Researchers release CryptoLocker decryption tool *** --------------------------------------------- Tool uses private keys found in database of victims.The CryptoLocker ransomware is one of the nastiest pieces of malware to have targeted Internet users in recent years. The malware uses strong file encryption (more particularly, AES encryption with a key that has been encrypted using an RSA-2048 private key) to deny the user access to their files unless they pay a ransom of around US$300. At a time when we often seem to be learning about accidental or intentional vulnerabilities in encryption,... --------------------------------------------- http://www.virusbtn.com/blog/2014/08_06.xml?rss *** CipherShed *** --------------------------------------------- CipherShed is free (as in free-of-charge and free-speech) encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project. --------------------------------------------- http://n0where.net/ciphershed/ *** Web-Fu - Chrome extension for pentesting web applications *** --------------------------------------------- Chrome extension for pentesting web applications. Web-fu Is a web hacking tool focused on discovering and exploiting web vulnerabilitites. --------------------------------------------- http://hack-tools.blackploit.com/2014/08/web-fu-chrome-extension-for-pentes…

1 0

Tageszusammenfassung - Dienstag 5-08-2014
by Daily end-of-shift report 05 Aug '14

05 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 04-08-2014 18:00 − Dienstag 05-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Synology - erste Informationen bezüglich "Synolocker" *** --------------------------------------------- Special Notes SynoLocker Message Issue - If NAS is not infected: First, close all open ports for external access for now. Backup the data on the DiskStation and update DSM to the latest version. Synology will provide further information as soon as possible if you are vulnerable. If NAS is infected, first do not trust (and ignore) any unauthorized, non-Synology messages or emails. Hard shut down the DiskStation to prevent any further issues. --------------------------------------------- https://myds.synology.com/support/support_form.php?lang=us *** Synolocker: Why OFFLINE Backups are important, (Tue, Aug 5th) *** --------------------------------------------- One current threat causing a lot of sleepless nights to victims is "Cryptolocker" like malware. Various variations of this type of malware are still haunting small businesses and home users by encrypting files and asking for ransom to obtain the decryption key. Your best defense against this type of malware is a good backup. Shadow volume copies may help, but arent always available and complete. In particular for small businesses, various simple NAS systems have become popular over --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18481&rss *** Ubuntu-Sperrbildschirm verliert Tastatureingaben *** --------------------------------------------- Eine jetzt geschlossene Sicherheitslücke im Sperrbildschirm der Linux-Distribution Ubuntu könnte zur Folge haben, dass Nutzer ihr Passwort aus Versehen öffentlich im Internet bekanntgeben. --------------------------------------------- http://www.heise.de/newsticker/meldung/Ubuntu-Sperrbildschirm-verliert-Tast… *** Barracuda Web Application Firewall Reusable URL-Based Authentication Tokens Let Remote Users Bypass Authentication *** --------------------------------------------- http://www.securitytracker.com/id/1030665 *** Evernote Patches Vulnerability in Android App *** --------------------------------------------- We have previously discussed an Android vulnerability that may lead to user data being captured or used to launch attacks. We discovered that the popular Android app for Evernote contained the said vulnerability. We disclosed the details to Evernote, and they took action by issuing an update to the Android version of their app. Evernote has added additional... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/BBLQmuk3RrQ/ *** Symantec Endpoint Protection Local Client Application Device Control Buffer Overflow *** --------------------------------------------- Revisions None Severity CVSS2Base ScoreImpactExploitabilityCVSS2 VectorSEP Local Client ADC Buffer Overflow- Medium6.... --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Bugtraq: SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director *** --------------------------------------------- http://www.securityfocus.com/archive/1/533024 *** A Peek Into the Lions Den - The Magnitude [aka PopAds] Exploit Kit *** --------------------------------------------- Recently we managed to have an unusual peek into the content that is used on the servers of the prevalent exploit kit, Magnitude. In this blog post we'll review its most up-to-date administration panel and capabilities, as well as review some infection statistics provided by Magnitude over the course of several weeks. These days, after the arrest of Paunch, Blackhole exploit kit creator, exploit kit developers and sellers have learned their lesson regarding doing business in the --------------------------------------------- http://blog.spiderlabs.com/2014/08/a-peek-into-the-lions-den-the-magnitude-… *** Vulnerability in Spotify Android App May Lead to Phishing *** --------------------------------------------- We have discovered a vulnerability that affects versions of the Spotify app for Android older than 1.1.1. If exploited, the vulnerability can allow bad guys to control what is being displayed on the app interface. This vulnerability can be potentially abused by cybercriminals to launch phishing attacks that may result to information loss or theft. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/GZKakDZwRhw/

1 0

Tageszusammenfassung - Montag 4-08-2014
by Daily end-of-shift report 04 Aug '14

04 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 01-08-2014 18:00 − Montag 04-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** ZDI-14-273: AlienVault OSSIM av-centerd Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-273/ *** Remote code execution on Android devices *** --------------------------------------------- You walk into a coffee shop and take a seat. While waiting for your coffee, you take out your smartphone and start playing a game you downloaded the other day. Later, you go to work and check your email in the elevator. Without you knowing, an attacker has just gained a foothold in your corporate... --------------------------------------------- http://labs.bromium.com/2014/07/31/remote-code-execution-on-android-devices/ *** POWELIKS: Malware Hides In Windows Registry *** --------------------------------------------- We spotted a malware that hides all its malicious codes in the Windows Registry. The said tactic provides evasion and stealth mechanisms to the malware, which Trend Micro detects as TROJ_POWELIKS.A. When executed, TROJ_POWELIKS.A downloads files, which can cause further system infection. Systems affected by this malware risk being infected by other malware, thus causing further... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OEAKGdXwSnc/ *** All Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon, (Sat, Aug 2nd) *** --------------------------------------------- A remote code execution in nmbd (the NetBIOS name services daemon) has been found in Samba versions 4.0.0 to 4.1.10. ( assgined CVE-2014-3560) and a patch has been release by the team at samba.org. Heres the details from http://www.samba.org/samba/security/CVE-2014-3560 =========== Description =========== All current versions of Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon. A malicious browser can send packets that may overwrite --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18471&rss *** TP-Link TL-WR740N v4 arbitrary shell command execution *** --------------------------------------------- Topic: TP-Link TL-WR740N v4 arbitrary shell command execution Risk: High Text:# Exploit Title: TP-Link TL-WR740N v4 router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) arbitrary shell command execution # Dat... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014080013 *** Verschlüsselungstrojaner attackiert Synology-Speichersysteme *** --------------------------------------------- Cyber-Erpresser haben einen neuen, direkten Weg gefunden, um das digitale Hab und Gut ihrer Opfer als Geisel zu nehmen: Sie nutzen eine Sicherheitslücke in der NAS-Firmware, um den gesamten Netzwerkspeicher zu verschlüsseln. --------------------------------------------- http://www.heise.de/newsticker/meldung/Verschluesselungstrojaner-attackiert… *** China boots Kaspersky and Symantec off security contractor list *** --------------------------------------------- Foreign firms dropped from roll of approved infosec vendors Kaspersky Labs and Symantec have both been booted off China's list of approved security vendors for government agencies, as the country continues to tighten up against foreign tech firms in the wake of the NSA indiscriminate surveillance revelations. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/08/04/kaspersky_s… *** Bugtraq: ownCloud Unencrypted Private Key Exposure *** --------------------------------------------- http://www.securityfocus.com/archive/1/533010 *** Backdoor Techniques in Targeted Attacks *** --------------------------------------------- Backdoors are an essential part of targeted attacks, as they allow an external threat actor to exercise control over any compromised machines. These allow the threat actor to collect information and move laterally within the targeted organization. Our investigations into various targeted attacks have showed that a wide variety of tactics are used by backdoors to carry out... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fHW4IPov8YE/ *** IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM WebSphere Real Time *** --------------------------------------------- Java SE issues disclosed in the Oracle July 2014 Critical Patch Update, plus 1 additional vulnerability CVE(s): CVE-2014-3086, CVE-2014-4227, CVE-2014-4262, CVE-2014-4219, CVE-2014-4209, CVE-2014-4220, CVE-2014-4268, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4265, CVE-2014-4221, CVE-2014-4263, CVE-2014-4244 and CVE-2014-4208 Affected product(s) and affected version(s): IBM WebSphere Real Time Version 3 Service Refresh 7 and earlier Refer to the following reference URLs for --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat in Rational DOORS Web Access *** --------------------------------------------- The Apache Tomcat application server in installations of IBM Rational DOORS Web Access version contains security vulnerabilities. CVE(s): CVE-2013-4322, CVE-2013-4590, CVE-2014-0096, CVE-2014-0099 and CVE-2014-0119 Affected product(s) and affected version(s): Rational DOORS Web Access version 9.6.0.x, 9.5.2.x, 9.5.1.x, 9.5.0.x, 1.5.0.x, 1.4.0.4 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Freitag 1-08-2014
by Daily end-of-shift report 01 Aug '14

01 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 31-07-2014 18:00 − Freitag 01-08-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Russian ransomware author takes the easy route *** --------------------------------------------- Symantec Security Response has observed a new variant of ransomcrypt malware which is easy to update and uses open source components to encrypt files. The variant, detected as Trojan.Ransomcrypt.L, uses a legitimate open source implementation of the OpenPGP standard to encrypt files on the victim’s computer. The threat then displays a ransom notice in Russian, asking the user to pay in order to unlock the files. --------------------------------------------- http://www.symantec.com/connect/blogs/russian-ransomware-author-takes-easy-… *** Announcing EMET 5.0 *** --------------------------------------------- Today, we are excited to announce the general availability of the Enhanced Mitigation Experience Toolkit (EMET) 5.0. As many of you already know, EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping detect and block exploitation techniques .. --------------------------------------------- http://blogs.technet.com/b/srd/archive/2014/07/31/announcing-emet-v5.aspx *** Backoff - Technical Analysis *** --------------------------------------------- As discussed in the an advisory published by US-CERT, Trustwave SpiderLabs has discovered a previously unidentified family of Point of Sale (PoS) malware. This blog post serves as a technical analysis of the Backoff malware family. While a number .. --------------------------------------------- http://blog.spiderlabs.com/2014/07/backoff-technical-analysis.html *** BadUSB: Wenn USB-Geräte böse werden *** --------------------------------------------- Wer die Firmware eines USB-Sticks kontrolliert, kann den zu einem perfekten Trojaner umfunktionieren. Deutsche Forscher zeigen, dass das komplett via Software möglich ist und sich damit ganz neue Infektions-Szenarien eröffnen. --------------------------------------------- http://www.heise.de/security/meldung/BadUSB-Wenn-USB-Geraete-boese-werden-2… *** Backups - The Forgotten Website Security Pillar *** --------------------------------------------- I travel a lot (a lot might actually be an understatement these days), but the travel always revolves around a couple common threads - namely website security education and awareness. In these travels, regardless of the community I am engaging with, there are always common questions .. --------------------------------------------- http://blog.sucuri.net/2014/07/backups-the-forgotten-website-security-pilla… *** The Severe Flaw Found in Certain File Locker Apps *** --------------------------------------------- Protecting data has always been one of the most important aspects of our digital life. Given the amount of activity done on smartphones, this is especially rings true for smartphones. While users may use the built-in privacy and security settings of their devices, others take it a step further and employ security .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/the-severe-flaw-… *** MediaWiki Input Validation Flaws Permit Cross-Site Scripting and Clickjacking Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1030660 *** Offensive Security reports of Symantec Endpoint Protection zero-day vulnerability (July 2014) *** --------------------------------------------- This Knowledge Base article will be updated as further information becomes available. Please subscribe to this document to receive update notifications automatically. To mitigate this issue while research is underway and solutions are being identified, uninstall or disable the sysplant driver. --------------------------------------------- http://www.symantec.com/business/support/index?page=content&id=TECH223338 *** Backdoor.Gates: Also Works for Windows *** --------------------------------------------- We have received reports about a Linux malware known as Backdoor.Gates. Analysis showed that this malware has the following features .. --------------------------------------------- http://www.f-secure.com/weblog/archives/00002728.html *** SubSTATION Server Telegyr 8979 Master Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for a Buffer Overflow Vulnerability in the SUBNET Solutions Inc (SUBNET), SubSTATION Server 2, Telegyr 8979 Master .. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-196-01 *** Yes, Hackers Could Build an iPhone Botnet - Thanks to Windows *** --------------------------------------------- A reminder to Apple and smug iPhone owners: Just because iOS has never been the victim of a widespread malware outbreak doesn't mean mass iPhone hacking isn't still possible. Now one group of security researchers plans .. --------------------------------------------- http://www.wired.com/2014/08/yes-hackers-could-build-an-iphone-botnetthanks… *** Citadel Malware Variant Allows Attackers Remote Access, Even After Removal *** --------------------------------------------- A new variant of the Citadel banking Trojan has been discovered where the attackers are using Windows remote shell commands to be enable Remote Desktop Protocol access, even if the malware is discovered and removed. --------------------------------------------- http://threatpost.com/citadel-malware-variant-allows-attackers-remote-acces…

1 0

Tageszusammenfassung - Donnerstag 31-07-2014
by Daily end-of-shift report 31 Jul '14

31 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 30-07-2014 18:00 − Donnerstag 31-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Innominate mGuard Unauthorized Leakage of System Data *** --------------------------------------------- Exploitation of this vulnerability could allow a remote unauthenticated user access to release configuration information. While this is a minor vulnerability, it represents a method for further network reconnaissance. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-189-02 *** How safe is your quantified self? Tracking, monitoring, and wearable tech *** --------------------------------------------- Self-tracking enthusiasts are generating a torrent of personal information through apps and devices. Is this data safe from prying eyes? --------------------------------------------- http://www.symantec.com/connect/blogs/how-safe-your-quantified-self-trackin… *** Why the Security of USB Is Fundamentally Broken *** --------------------------------------------- Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the .. --------------------------------------------- http://www.wired.com/2014/07/usb-security/ *** TA14-212A: Backoff Point-of-Sale Malware *** --------------------------------------------- “Backoff” is a family of PoS malware and has been discovered recently. The malware family has been witnessed on at least three separate forensic investigations. Researchers have identified three primary variants to the “Backoff” malware including .. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA14-212A *** Takedowns: Touchdown or Turnover? *** --------------------------------------------- Over the last several months malware takedowns have made headlines. But what is really involved in such an operation? The recent takedowns have been a collaborative effort mostly between the private sector and government entities, with academic researchers also playing a role. While some operations included arrests, and others included a civil lawsuit, .. --------------------------------------------- http://www.seculert.com/blog/2014/07/takedowns-touchdown-or-turnover.html *** 3 security mistakes small companies make and how to avoid them *** --------------------------------------------- Dedicated IT staff are a luxury most very small businesses do without but those organisations still need to find a way to secure their computers against cyber ciminals who arent looking to cut them a break just because they're small. --------------------------------------------- http://nakedsecurity.sophos.com/2014/07/31/3-security-mistakes-small-compan… *** How to Hunt Down Phishing Kits *** --------------------------------------------- Sites like phishtank and clean-mx act as crowdsourced phishing detection and validation. By knowing how to look, you can consistently find interesting information about how attackers work, and the tools they use to conduct phishing campaigns. This post will give an example of how phishing kits are used, how to find them, as well as show a case study into other .. --------------------------------------------- https://jordan-wright.github.io/blog/2014/07/30/how-to-hunt-down-phishing-k… *** Spy of the Tiger *** --------------------------------------------- A recent report documents a group of attackers known as 'PittyTiger' that appears to have been active since at least 2011; however, they may have been operating as far back as 2008. We have been monitoring the activities of this .. --------------------------------------------- http://www.fireeye.com/blog/technical/threat-intelligence/2014/07/spy-of-th… *** Angriff auf Videospiele-Hersteller: Hacker haben es auf Quellcode abgesehen *** --------------------------------------------- Die Hacker der "Threat Group 3279" sind seit Jahren aktiv und versuchen, Quellcode von Spielen zu stehlen und die Sicherheitsvorkehrungen der dazugehörigen DRM-Systeme zu knacken. Die Gruppe soll aus China stammen. --------------------------------------------- http://www.heise.de/security/meldung/Angriff-auf-Videospiele-Hersteller-Hac…

1 0

Tageszusammenfassung - Mittwoch 30-07-2014
by Daily end-of-shift report 30 Jul '14

30 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 29-07-2014 18:00 − Mittwoch 30-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** 22 Jump Street, Transformers Are Top Movie Lures for Summer *** --------------------------------------------- Summertime has become synonymous with blockbuster movies. Unfortunately, these movies have become a go-to social engineering lure used by cybercriminals. Just like in previous years, Trend Micro engineers searched for possible threats related to movies released during the summer. This year, 22 Jump Street was the top movie used for social .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/22-jump-street-t… *** Google Android Certificate Chain Validation Flaw Lets Applications Gain Elevated Privileges *** --------------------------------------------- The software does not properly validate an application's certificate chain. An application can supply a specially crafted application identity certificate to impersonate a privileged application and gain access to vendor-specific device administration extensions. --------------------------------------------- http://www.securitytracker.com/id/1030654 *** Erpressungs-Trojaner CTB-Locker verschlüsselt sicher und verwischt Spuren *** --------------------------------------------- Wenn man diesem Schädling zum Opfer fällt, gibt es wenig Hoffnung für die eigenen Daten. Diese sind mit State-of-the-Art-Verschlüsselung gesichert und der Trojaner kommuniziert nur verschlüsselt über das Tor-Netz mit seinen Kontrollservern. --------------------------------------------- http://www.heise.de/security/meldung/Erpressungs-Trojaner-CTB-Locker-versch… *** Symantec Endpoint Protection 0day *** --------------------------------------------- In a recent engagement, we had the opportunity to audit the Symantec Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise. --------------------------------------------- http://www.offensive-security.com/vulndev/symantec-endpoint-protection-0day/ *** Scan Shows Possible Heartbleed Fix Failures *** --------------------------------------------- Of more than 1,600 Global 2000 firms, only 3% of their public-facing servers have been fully and properly locked down from the Heartbleed vulnerability that was first revealed .. --------------------------------------------- http://www.darkreading.com/vulnerabilities---threats/vulnerability-manageme… *** Tor security advisory: "relay early" traffic confirmation attack *** --------------------------------------------- On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks. --------------------------------------------- https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-… *** Internet of Things: Kreditkartennummern und das Passwort 1234 *** --------------------------------------------- Hersteller von vernetzten Geräten gehen sorglos mit deren Sicherheit um. Kaputte Webinterfaces, überflüssige Kreditkarteninformationen und zu einfache Passwörter wie 1234 machen viele Geräte angreifbar. --------------------------------------------- http://www.golem.de/news/internet-of-things-kreditkartennummern-und-das-pas… *** Multiple vulnerabilities in Kunena Forum Extension for Joomla *** --------------------------------------------- http://www.securityfocus.com/archive/1/532933 http://www.securityfocus.com/archive/1/532932 *** Multiple vulnerabilities in SAP products *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/94932 http://xforce.iss.net/xforce/xfdb/94931 http://xforce.iss.net/xforce/xfdb/94930 http://xforce.iss.net/xforce/xfdb/94922 http://xforce.iss.net/xforce/xfdb/94923 http://xforce.iss.net/xforce/xfdb/94921

1 0

Tageszusammenfassung - Dienstag 29-07-2014
by Daily end-of-shift report 29 Jul '14

29 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 28-07-2014 18:00 − Dienstag 29-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Critroni/Onion - Newest Addition to Encrypting Ransomware *** --------------------------------------------- In my last blog post about a week ago, I talked about how Cryptolocker and the like are not dead and we will continue to see more of them in action. It's a successful 'business model' and I don't see it going away anytime soon. Not even a few days after my post a new encrypting ransomware emerged. This .. --------------------------------------------- http://www.webroot.com/blog/2014/07/25/critroni-new-encrypting-ransomware/ *** Interesting HTTP User Agent "chroot-apach0day", (Mon, Jul 28th) *** --------------------------------------------- Our reader Robin submitted the following detect: Ive got a site that was scanned this morning by a tool that left these entries in the logs: [HTTP_USER_AGENT] => chroot-apach0day .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18453 *** Cisco Prime Data Center Network Manager Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1030652 *** Hacker klauten Pläne für Israels Raketenschild "Iron Dome" *** --------------------------------------------- Bei einem Hackerangriff auf drei israelische Waffenschmieden sollen Hacker der chinesischen Regierung in den Jahren 2011 und 2012 haufenweise wichtige Daten zu dem Raketenabwehrsystem erbeutet haben. Die Angreifer sollen der Spezialeinheit 61398 angehören. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-klauten-Plaene-fuer-Israels-Rak… *** Android crypto blunder exposes users to highly privileged malware *** --------------------------------------------- The majority of devices running Google's Android operating system are susceptible to hacks that allow malicious apps to bypass a key security sandbox so they can steal user credentials, read e-mail, and access payment histories and other sensitive data, researchers have warned. --------------------------------------------- http://arstechnica.com/security/2014/07/android-crypto-blunder-exposes-user… *** Changes in the Asprox Botnet *** --------------------------------------------- In this blog post, we took a quick overview of Asprox's functions and saw the updates that it has made to its C&C code. With added RSA encryption, another C&C command, and updated messaging format, it does not look like Asprox will stop evolving. We will continue to monitor Asprox for any changes and will keep you updated. --------------------------------------------- https://blog.fortinet.com/Changes-in-the-Asprox-Botnet/ *** How Cybercrime Exploits Digital Certificates *** --------------------------------------------- Security experts recognize 2011 as the worst year for certification authorities. The number of successful attacks against major companies reported during the year has no precedent, many of them had serious consequences. --------------------------------------------- http://resources.infosecinstitute.com/cybercrime-exploits-digital-certifica… *** Security: Antivirenscanner machen Rechner unsicher *** --------------------------------------------- Ein Datenexperte hat sich aktuelle Virenscanner angesehen. Viele seien durch einfache Fehler angreifbar, meint er. Da sie tief ins System eingreifen, stellen sie eine besondere Gefahr dar - obwohl sie eigentlich schützen sollen. --------------------------------------------- http://www.golem.de/news/security-antivirenscanner-machen-rechner-unsicher-… *** Elasticsearch-Lücke verwandelt Amazon-Cloud-Server in DDoS-Zombies *** --------------------------------------------- Durch eine Sicherheitslücke in einer älteren Elasticsearch-Version können Angreifer beliebigen Schadcode ausführen. Das wird momentan dazu genutzt, Server in Amazons EC2-Cloud zu kapern und für DDoS-Angriffe zu missbrauchen. --------------------------------------------- http://www.heise.de/security/meldung/Elasticsearch-Luecke-verwandelt-Amazon… *** Multiple vulnerabilities in Oxwall 1.7.0 *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070156 http://cxsecurity.com/issue/WLB-2014070155

1 0

Tageszusammenfassung - Montag 28-07-2014
by Daily end-of-shift report 28 Jul '14

28 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 25-07-2014 18:00 − Montag 28-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco WebEx Meetings Server Authenticated Encryption Vulnerability *** --------------------------------------------- A vulnerability in the user.php script of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cacti cross-site scripting *** --------------------------------------------- Cacti is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the Full Name field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting .. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/94862 *** Cisco WebEx Meetings Server OutlookAction Class Vulnerability *** --------------------------------------------- A vulnerability in the OutlookAction Class of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco WebEx Meetings Server Web Framework Vulnerability *** --------------------------------------------- A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability occurs because sensitive information is passed in a query string. An attacker could .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Service Drains Competitors' Online Ad Budget *** --------------------------------------------- The longer one lurks in the Internet underground, the more difficult it becomes to ignore the harsh reality that for nearly every legitimate online business there is a cybercrime-oriented anti-business. Case in point: Todays post looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors. --------------------------------------------- http://krebsonsecurity.com/2014/07/service-drains-competitors-online-ad-bud… *** Daimler: Mit eigener Hacker-Gruppe gegen Sicherheitslücken *** --------------------------------------------- Der Automobilhersteller Daimler beschäftigt eine fest angestellte Gruppe von Datenspezialisten, deren Aufgabe es ist, das eigene Firmennetzwerk zu attackieren. So sollen Sicherheitslücken schneller aufgespürt werden. --------------------------------------------- http://www.golem.de/news/daimler-mit-eigener-hacker-gruppe-gegen-sicherheit… *** Ubiquiti UbiFi Controller 2.4.5 Password Hash Disclosure *** --------------------------------------------- If remote logging is enabled on the UniFi controller, syslog messages are sent to a syslog server. Contained within the syslog messages is the admin password that is used by both the UniFi controller, and all managed Access Points. This CVE was .. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070146 *** Tails: Zero-Day im Invisible Internet Project *** --------------------------------------------- In der Linux-Distribution Tails befindet sich eine Sicherheitslücke, über die Nutzeridentitäten aufgedeckt werden können. Die Schwachstelle ist nicht in Tor, sondern im Invisible-Internet-Project-Netzwerk zu finden. --------------------------------------------- http://www.golem.de/news/tails-zero-day-im-invisible-internet-project-1407-… *** DANE disruptiv: Authentifizierte OpenPGP-Schlüssel im DNS *** --------------------------------------------- Pretty Good Privacy soll das DNS zur Schlüsselpropagierung nutzen. Auf der Liste der Entwickler der Internet Engineering Task Force (IETF) steht als nächstes die Zulassung eigenen Schlüsselmaterials. --------------------------------------------- http://www.heise.de/security/meldung/DANE-disruptiv-Authentifizierte-OpenPG… *** Behind the Android.OS.Koler distribution network *** --------------------------------------------- Android.OS.Koler.a a ransomware program that blocks the screen of an infected device and requests a ransom in order to unlock the device. An entire network of malicious porn sites linked to a traffic direction system that redirects the victim to different payloads targeting not only mobile devices but any other visitor. --------------------------------------------- https://securelist.com/blog/research/65189/behind-the-android-os-koler-dist… *** Dissecting the CVE-2013-2460 Java Exploit *** --------------------------------------------- In this vulnerability, code is able to get the references of some restricted classes which are cleverly used for privilege escalation and bypassing the JVM sandbox. The vulnerable 'invoke' method of the 'sun.tracing.ProviderSkeleton' class is used to .. --------------------------------------------- http://research.zscaler.com/2014/07/dissecting-cve-2013-2460-java-exploit.h… *** Anatomy of an iTunes phish - tips to avoid getting caught out *** --------------------------------------------- Even if youd back yourself to spot a phish every time, heres a step-by-step account that might help to save your friends and family in the future... --------------------------------------------- http://nakedsecurity.sophos.com/2014/07/28/anatomy-of-an-itunes-phish-tips-… *** ICS 3C - ICS Cybersecurity Council Conference *** --------------------------------------------- ICS 3C gathers experts and decision makers placing Cybersecurity at the heart of a Pan-European Dialogue on solutions for securing critical processes. --------------------------------------------- http://www.anapur.de/u_e_ICS_Cybersecurity_Conference_2014_HD.htm *** Trojaner: Warnungen vor gefälschten Ikea-Mails *** --------------------------------------------- Schon mehrere tausend Funde, E-Mails sind "täuschend echt" .. --------------------------------------------- http://derstandard.at/2000003626539 *** Malware, Would You Install it for One Cent? *** --------------------------------------------- A research study report entitled It's All About The Benjamins: An empirical study on incentivizing users to ignore security .. --------------------------------------------- http://www.seculert.com/blog/2014/07/would-you-install-potential-malware-fo…

1 0

Tageszusammenfassung - Freitag 25-07-2014
by Daily end-of-shift report 25 Jul '14

25 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 24-07-2014 18:00 − Freitag 25-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** More Details of Onion/Critroni Crypto Ransomware Emerge *** --------------------------------------------- New ransomware has been dubbed Onion by researchers at Kaspersky Lab as its creators use command and control servers hidden in the Tor Network (a/k/a The Onion Router) to obscure their malicious activity. --------------------------------------------- http://threatpost.com/onion-ransomware-demands-bitcoins-uses-tor-advanced-e… *** Kali 1.0.8 released with UEFI boot support, more info at http://www.kali.org/news/kali-1-0-8-released-uefi-boot-support/, (Fri, Jul 25th) *** --------------------------------------------- -- Bojan INFIGO IS (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18443&rss *** Gefährlicher als die NSA: Firmen unterschätzen kriminelle Hacker *** --------------------------------------------- Allianz für Cyber-Sicherheit beim deutschen Bundesamt für Sicherheit in der Informationstechnik sieht größten Nachholbedarf in produzierenden Unternehmen --------------------------------------------- http://derstandard.at/2000003528513 *** TAILS Team Recommends Workarounds for Flaw in I2P *** --------------------------------------------- The developers of the TAILS operating system say that users can mitigate the severity of the critical vulnerability researchers discovered in the I2P software that's bundled with TAILS with a couple of workarounds, but there is no patch for the bug yet. The vulnerability that affects TAILS is in the I2P anonymity network software that comes... --------------------------------------------- http://threatpost.com/tails-team-recommends-workarounds-for-flaw-in-i2p/107… *** Fake GoogleBots are third most common DDoS attacker *** --------------------------------------------- An analysis of 400 million search engine visits to 10,000 sites done by Incapsula researchers has revealed details that might be interesting to web operators and SEO professionals. --------------------------------------------- http://www.net-security.org/secworld.php?id=17169 *** New SSL server rules go into effect Nov. 1 *** --------------------------------------------- Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks. --------------------------------------------- http://www.networkworld.com/article/2457649/security0/new-ssl-server-rules-… *** The App I Used to Break Into My Neighbor's Home *** --------------------------------------------- Leave your ring of cut-brass secrets unattended on your desk at work, at a bar table while you buy another round, or in a hotel room, and any stranger---or friend---can upload your keys to their online collection. --------------------------------------------- http://feeds.wired.com/c/35185/f/661467/s/3cdb9908/sc/36/l/0L0Swired0N0C20A… *** Attackers abusing Internet Explorer to enumerate software and detect security products *** --------------------------------------------- During the last few years we have seen an increase on the number of malicious actors using tricks and browser vulnerabilities to enumerate the software that is running on the victim's system using Internet Explorer.In this blog post we will describe some of the techniques that attackers are using to perform reconnaisance that gives them information for future attacks. We have also seen these techniques being used to decide whether or not they exploit the victim based on detected... --------------------------------------------- http://www.alienvault.com/open-threat-exchange/blog/attackers-abusing-inter… *** Building a Legal Botnet in the Cloud *** --------------------------------------------- Two researchers have built a botnet using free anonymous accounts. They only collected 1,000 accounts, but theres no reason this cant scale to much larger numbers.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/07/building_a_lega.html *** Bugtraq: Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14 *** --------------------------------------------- http://www.securityfocus.com/archive/1/532895 *** Morpho Itemiser 3 Hard-Coded Credential *** --------------------------------------------- This advisory provides vulnerability information for hard-coded credentials in the Morpho Itemiser 3. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-205-01 *** VU#394540: Sabre AirCentre Crew contains a SQL injection vulnerability *** --------------------------------------------- Vulnerability Note VU#394540 Sabre AirCentre Crew contains a SQL injection vulnerability Original Release date: 25 Jul 2014 | Last revised: 25 Jul 2014 Overview Sabre AirCentre Crew 2010.2.12.20008 and earlier contains a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Sabre AirCentre Crew 2010.2.12.20008 and earlier is vulnerable to a SQL Injection attack in the username and password fields in CWPLogin.aspx. --------------------------------------------- http://www.kb.cert.org/vuls/id/394540 *** Cisco Unified Presence Server Sync Agent Vulnerability *** --------------------------------------------- CVE-2014-3328 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability *** --------------------------------------------- CVE-2014-3305 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco WebEx Meetings Server Stack Trace Vulnerability *** --------------------------------------------- CVE-2014-3301 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…

1 0

Tageszusammenfassung - Donnerstag 24-07-2014
by Daily end-of-shift report 24 Jul '14

24 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 23-07-2014 18:00 − Donnerstag 24-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** ZDI-14-264: (0Day) Apple QuickTime mvhd Atom Heap Memory Corruption Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-264/ *** ZDI-14-263: (0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 1091 Directory Traversal Arbitrary File Write Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-263/ *** ZDI-14-262: (0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 305 Directory Traversal Arbitrary File Creation Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-262/ *** [Honeypot Alert] Wordpress XML-RPC Brute Force Scanning *** --------------------------------------------- There are news reports of new Wordpress XML-PRC brute force attacks being seen in the wild. The SANS Internet Storm Center also has a Diary entry showing similar data. We have captured similar attacks in our web honeypots so we wanted to share more data with the community. Please reference earlier blog posts we have done related to Wordpress: Wordpress XML-RPC Pingback Vulnerability Analysis Defending Wordpress Logins from Brute Force Attacks Thanks goes to my SpiderLabs Research colleague --------------------------------------------- http://blog.spiderlabs.com/2014/07/honeypot-alert-wordpress-xml-rpc-brute-f… *** Smart Grid Attack Scenarios *** --------------------------------------------- This is the third (and last) in a series of posts looking at the threats surrounding smart grids and smart meters. In the first post, we introduced smart meters, smart grids, and showed why these can pose risks. In the second post, we looked at the risks of attacks on smart meters. In this post,... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6sRN65gV904/ *** Windows Previous Versions against ransomware, (Thu, Jul 24th) *** --------------------------------------------- One of the cool features that Microsoft actually added in Windows Vista is the ability to recover previous versions of files and folders. This is part of the VSS (Volume Shadow Copy Service) which allows automatic creation of backup copies on the system. Most users "virtually meet" this service when they are installing new software, when a restore point is created that allows a user to easily revert the operating system back to the original state, if something goes wrong. However, --------------------------------------------- https://isc.sans.edu/diary/Windows+Previous+Versions+against+ransomware/184… *** BMWs ConnectedDrive falls over, bosses blame upgrade snafu *** --------------------------------------------- Traffic flows up 20% as motorway middle lanes miraculously unclog BMWs ConnectedDrive car-to-mobe interface has suffered a UK-wide outage that may also affect customers in mainland Europe. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/24/bmw_connect… *** Dirty Dozen Spampionship - which country is spewing the most spam? *** --------------------------------------------- The World Cup may be done and dusted, but the Spampionship continues! Where did you come in our spam-sending league tables? --------------------------------------------- http://nakedsecurity.sophos.com/2014/07/22/dirty-dozen-spampionship-which-c… *** A new generation of ransomware *** --------------------------------------------- Trojan-Ransom.Win32.Onion a highly dangerous threat and one of the most technologically advanced encryptors out there. Its developers used both proven techniques 'tested' on its predecessors and solutions that are completely new for this class of malware. The use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server. --------------------------------------------- https://securelist.com/analysis/publications/64608/a-new-generation-of-rans… *** Bugcrowd Releases Open Source Vulnerability Disclosure Framework *** --------------------------------------------- The problems that come from doing security research on modern Web applications and other software aren't just challenging for researchers, but also for the companies on the receiving end of their advisories. Companies unaccustomed to dealing with researchers can find themselves in a difficult position, trying to figure out the clearest path forward. To help... --------------------------------------------- http://threatpost.com/bugcrowd-releases-open-source-vulnerability-disclosur… *** SA-CONTRIB-2014-072 - Freelinking, Freelinking Case Tracker - Access bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-072Project: freelinking (third-party module)Project: freelinking case tracker (third-party module)Version: 6.x, 7.xDate: 2014-July-23Security risk: CriticalExploitable from: RemoteVulnerability: Access bypassDescriptionThe freelinking and freelinking case tracker modules implement a filter for the easier creation of HTML links to other pages in the site or external sites with a wiki style format such as [[pluginname:identifier]].The module doesnt sufficiently... --------------------------------------------- https://www.drupal.org/node/2308503 *** Siemens OpenSSL Vulnerabilities (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-14-198-03 Siemens OpenSSL Vulnerabilities that was published July 17, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for vulnerabilities in the Siemens OpenSSL cryptographic software library affecting several Siemens industrial products. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-198-03A *** Sierra Wireless AirLink Raven X EV-DO Vulnerabilities (Update B) *** --------------------------------------------- This updated advisory is a follow-up to the advisory titled ICSA-14-007-01A Sierra Wireless AirLink Raven X EV-DO Multiple Vulnerabilities that was published January 16, 2014, on the NCCIC/ICS CERT web site. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-007-01B *** HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Cisco TelePresence Management Interface Vulnerability *** --------------------------------------------- CVE-2014-3324 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Bugtraq: Beginners error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account *** --------------------------------------------- Beginners error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account --------------------------------------------- http://www.securityfocus.com/archive/1/532875

1 0

Tageszusammenfassung - Mittwoch 23-07-2014
by Daily end-of-shift report 23 Jul '14

23 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 22-07-2014 18:00 − Mittwoch 23-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** DDoS attacks remain up, stronger in Q2, report says *** --------------------------------------------- Prolexics second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth. --------------------------------------------- http://www.scmagazine.com/ddos-attacks-remain-up-stronger-in-q2-report-says… *** De-obfuscating the DOM based JavaScript obfuscation found in EK's such as Fiesta and Rig *** --------------------------------------------- There is little doubt that exploit kit (EK) developers are continuing to improve their techniques and are making exploit kits harder to detect. They have heavily leveraged obfuscation techniques for JavaScript and are utilizing browser functionality to their advantage. Recent exploit kits such as "Fiesta" and "Rig" for example, have been found to be using DOM based JavaScript obfuscation. In... --------------------------------------------- http://research.zscaler.com/2014/07/de-obfuscating-dom-based-javascript.html *** Securing the Nest Thermostat *** --------------------------------------------- A group of hackers are using a vulnerability in the Nest thermostat to secure it against Nests remote data collection.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/07/securing_the_ne.html *** WordPress brute force attack via wp.getUsersBlogs, (Tue, Jul 22nd) *** --------------------------------------------- Now that the XMLRPC "pingback" DDoS problem in WordPress is increasingly under control, the crooks now seem to try brute force password guessing attacks via the "wp.getUsersBlogs" method of xmlrpc.php. ISC reader Robert sent in some logs that show a massive distributed (> 3000 source IPs) attempt at guessing passwords on his Wordpress installation. The requests look like the one shown below and are posted into xmlrpc.php. Unfortunately, the web server responds with a --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18427&rss *** New Feature: "Live" SSH Brute Force Logs and New Kippo Client, (Wed, Jul 23rd) *** --------------------------------------------- We are announcing a new feature we have been working on for a while, that will display live statistics on passwords used by SSH brute forcing bots. In addition, we also updated our script that will allow you to contribute data to this effort. Right now, we are supporting the kippo honeypot to collect data. This script will submit usernames, passwords and the IP address of the attacker to our system. To download the script see https://isc.sans.edu/clients/kippo/kippodshield.pl . The script uses --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18433&rss *** Arbeit für Admins: Apache 2.4.10 stopft Sicherheitslücken *** --------------------------------------------- Für Administratoren von Webservern, die auf Apache 2.4.x laufen, heißt es updaten. Die Apache-Entwickler haben mit der neuesten Version der Software fünf Lücken geschlossen, eine davon erlaubt das Ausführen von Schadcode aus dem Netz. --------------------------------------------- http://www.heise.de/security/meldung/Arbeit-fuer-Admins-Apache-2-4-10-stopf… *** How Thieves Can Hack and Disable Your Home Alarm System *** --------------------------------------------- When it comes to the security of the Internet of Things, a lot of the attention has focused on the dangers of the connected toaster, fridge and thermostat. But a more insidious security threat lies with devices that aren't even on the internet: wireless home alarms. Two researchers say that top-selling home alarm setups can... --------------------------------------------- http://feeds.wired.com/c/35185/f/661467/s/3cc7d302/sc/15/l/0L0Swired0N0C20A… *** EU to Roll Out Cybercrime Taskforce *** --------------------------------------------- International Team Will Target Cross-Border Crime Campaigns The European Union is set to launch a trial run of an international cybercrime task force that will coordinate investigations across Europe, as well as with a handful of other countries, including Australia, Canada and the United States. --------------------------------------------- http://www.bankinfosecurity.com/eu-to-roll-out-cybercrime-taskforce-a-7093 *** The psychology of phishing *** --------------------------------------------- Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients. --------------------------------------------- http://www.net-security.org/article.php?id=2078 *** Just Released - The Phishing Planning Kit *** --------------------------------------------- One of the biggest challenges with an effective phishing program is not the technology you use, but how you communicate and implement your phishing program. To assist you in getting the most out of your phishing program we have put together the Phishing Planning Kit. Based on the feedback and input of numerous security awareness officers, this kit... --------------------------------------------- http://www.securingthehuman.org/blog/2014/07/22/phishing-planning-kit *** Facebook Scam Leads to Nuclear Exploit Kit *** --------------------------------------------- Attackers have become more aggressive and are now using Facebook scams to lead to exploit kits so they can control a user's system. --------------------------------------------- http://www.symantec.com/connect/blogs/facebook-scam-leads-nuclear-exploit-k… *** Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability *** --------------------------------------------- CVE-2014-3322 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting *** --------------------------------------------- Topic: SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting Risk: Low Text:I. VULNERABILITY - Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 II. BACKGROUND ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070121 *** Barracuda Networks Spam And Virus Firewall 6.0.2 XSS *** --------------------------------------------- Topic: Barracuda Networks Spam And Virus Firewall 6.0.2 XSS Risk: Low Text:Document Title: Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability Re... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070118 *** Security Notice-Statement on the XSS Security Vulnerability in Huawei E355 *** --------------------------------------------- Jul 23, 2014 17:37 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** SSA-214365 (Last Update 2014-07-23): Vulnerabilities in SIMATIC WinCC *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** Omron NS Series HMI Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for multiple vulnerabilities in Omron Corporation's NS series human-machine interface (HMI) terminals. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-203-01 *** Honeywell FALCON XLWeb Controllers Vulnerabilities *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on June 24, 2014, and is being released to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for vulnerabilities in Honeywell FALCON XLWeb controllers. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-175-01 *** HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Network Vitalization. The vulnerability could be exploited remotely to allow execution of code and disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…

1 0

Tageszusammenfassung - Dienstag 22-07-2014
by Daily end-of-shift report 22 Jul '14

22 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 21-07-2014 18:00 − Dienstag 22-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Retefe Bankentrojaner *** --------------------------------------------- Die meisten [...] Bankentrojaner basieren auf technisch betrachtet ziemlich komplexen Softwarekomponenten: Verschlüsselte Konfigurationen, Man-in-the-Browser-Funktionalität, Persistenz- und Updatemechanismen, um einige zu nennen. Im letzten halben Jahr hat sich eine gänzlich neue Variante behauptet, welche erst im Februar 2014 einen Namen erhielt: Retefe. --------------------------------------------- http://securityblog.switch.ch/2014/07/22/retefe-bankentrojaner/ *** IBM Fixes Code Execution, Cookie-Stealing Vulnerabilities in Switches *** --------------------------------------------- IBM recently patched a handful of vulnerabilities in some of its KVM switches that if exploited, could have given an attacker free reign over any system attached to it. --------------------------------------------- http://threatpost.com/ibm-fixes-code-execution-cookie-stealing-vulnerabilit… *** Mobile App Wall of Shame: CNN App for iPhone *** --------------------------------------------- The CNN App for iPhone is one of the most popular news applications available for the iPhone. At present, it is sitting at #2 in the iTunes free News app category and #165 among all free apps. Along with providing news stories, alerts and live video, it also includes iReport functionality, allowing... --------------------------------------------- http://research.zscaler.com/2014/07/cnn-app-for-iphone.html *** OWASP Zed Attack Proxy, (Mon, Jul 21st) *** --------------------------------------------- Affectionately know as ZAP the OWASP Zed Attack Proxy in an excellent web application testing tool. It finds its way into the hands of experienced penetration testers, newer security administrators, vulnerability assessors, as well as auditors and the curious. One of the reasons for its popularity is the ease of use and the extensive granular capability to examine transactions. While some may know ZAP as a fork or successor to the old Paros proxy,it is so much more. Roughly 20% of the code base... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18421&rss *** Old and Persistent Malware *** --------------------------------------------- User error is the best reason to explain why Excel spreadsheets infected with the Laroux macro virus have been published on the China Securities Regulatory Commission website (csrc.gov.cn). The commission regulates China's financial markets and provides an online law library on their website where visitors can download various files and texts. Two of the files available in the library contain the MSEXcel.Laroux virus. --------------------------------------------- https://blogs.cisco.com/security/old-and-persistent-malware/ *** FakeNet Malware Analysis *** --------------------------------------------- FakeNet is a tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware's network activity from within a safe environment. --------------------------------------------- http://www.ehacking.net/2014/07/fakenet-malware-analysis.html *** Cisco-Routerlücke: Der mysteriöse Vorab-Patch *** --------------------------------------------- Die kritische Sicherheitslücke, die neun Router und Kabelmodems von Cisco verwundbar für Angriffe aus dem Netz macht, ist bei deutschen Providern vor Jahren mit einem Update geschlossen worden. Allerdings bleibt unklar, warum Cisco den Fix erst jetzt öffentlich machte. --------------------------------------------- http://www.heise.de/security/meldung/Cisco-Routerluecke-Der-mysterioese-Vor… *** App "telemetry", (Tue, Jul 22nd) *** --------------------------------------------- ISC reader James had just installed "Foxit Reader" on his iPhone, and had answered "NO" to the "In order to help us improve Foxit Mobile PDF, we would like to collect anonymous usage data..." question, when he noticed his phone talking to China anyway. The connected-to site was alog.umeng.com, 211.151.151.7. Umeng is an "application telemetry" and online advertising company. Below is what was sent (some of the ids are masked or have been obfuscated) I --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18425&rss *** Massive Malware Infection Breaking WordPress Sites *** --------------------------------------------- The last few days has brought about a massive influx of broken WordPress websites. What makes it so unique is that the malicious payload is being blindly injected which is causing websites to break. While we're still researching, we do want to share share some observations: This infection is aimed at websites built on the... --------------------------------------------- http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.h… *** Privacy Badger Extension Blocks Tracking Through Social Icons *** --------------------------------------------- Online tracking has been a thorny problem for years, and as Web security companies, browser vendors and users have become more aware of the problem and smarter about how to defend themselves, ad companies and trackers have responded in kind. The advent of social networks has made it far easier for tracking companies to monitor user behavior across... --------------------------------------------- http://threatpost.com/privacy-badger-extension-blocks-tracking-through-soci… *** [webapps] - MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities *** --------------------------------------------- http://www.exploit-db.com/exploits/34128 *** Apache Multiple Flaws Let Remote Users Deny Service or Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1030615 *** Tenable Nessus Access Control Flaw in Web UI Lets Remote Users Obtain Potentially Sensitive Information *** --------------------------------------------- http://www.securitytracker.com/id/1030614 *** Apache Scoreboard / Status Race Condition *** --------------------------------------------- Topic: Apache Scoreboard / Status Race Condition Risk: Medium Text:Hi there, --[ 0. Sparse summary Race condition between updating ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070114 *** HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Autonomy IDOL. The vulnerability could be exploited to allow remote unauthorized access and disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Moodle rubric/advanced grading cross-site scripting *** --------------------------------------------- Moodle rubric/advanced grading cross-site scripting --------------------------------------------- http://xforce.iss.net/xforce/xfdb/94724 *** OleumTech WIO Family Vulnerabilities *** --------------------------------------------- Security researchers Lucas Apa and Carlos Mario Penagos Hollman of IOActive have identified multiple vulnerabilities in OleumTech's WIO family including the sensors and the DH2 data collector. The researchers have coordinated the vulnerability details with NCCIC/ICS-CERT and OleumTech in hopes the vendor would develop security patches to resolve these vulnerabilities. While ICS-CERT has had many discussions with both OleumTech and IOActive this past year, there has not been consensus... --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01 *** Bugtraq: Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080 *** --------------------------------------------- http://www.securityfocus.com/archive/1/532857

1 0

Tageszusammenfassung - Montag 21-07-2014
by Daily end-of-shift report 21 Jul '14

21 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 18-07-2014 18:00 − Montag 21-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** The Little Signature That Could: The Curious Case of CZ Solution *** --------------------------------------------- Malware authors are always looking for new ways to masquerade their actions. Attackers are looking for their malware to be not only fully undetectable, but also appear valid on a system, so as not to draw attention. Digital signatures are... --------------------------------------------- http://www.fireeye.com/blog/technical/2014/07/the-little-signature-that-cou… *** Keeping the RATs out: the trap is sprung - Part 3, (Sat, Jul 19th) *** --------------------------------------------- As we bring out three part series on RAT tools suffered upon our friends at Hazrat Supply we must visit the centerpiece of it all. The big dog in this fight is indeed the bybtt.cc3 file (Jake suspected this), Backdoor:Win32/Zegost.B. The file is unquestionably a PEDLL but renamed a .cc3 to hide on system like a CueCards Professional database file. Based on the TrendMicro writeup on this family, the backdoor drops four files, including %Program Files%\%SESSIONNAME%\{random characters}.cc3 This... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18415&rss *** Top 10 Common Database Security Issues *** --------------------------------------------- Introduction The database typically contains the crown jewels of any environment; it usually holds the most business sensitive information which is why it is a high priority target for any attacker. The purpose of this post is to create awareness among database administrators and security managers about some of the areas on which it is important to focus on when implementing a new database or hardening the security of an existing one. --------------------------------------------- https://www.nccgroup.com/en/blog/2014/07/top-10-common-database-security-is… *** Smart Meter Attack Scenarios *** --------------------------------------------- In our previous post, we looked at how smart meters were being introduced across multiple countries and regions, and why these devices pose security risks to their users. At their heart, a smart meter is simply... a computer. Let's look at our existing computers - whether they are PCs, smartphones, tablets, or embedded devices. Similarly, these... --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/smart-meter-atta… *** Angriffe auf Web-Server via Wordpress-Plugin MailPoet *** --------------------------------------------- Über eine kürzlich entdeckte Sicherheitslücke werden derzeit systematisch Server gekapert. Wer das Anfang Juli veröffentlichte Update noch nicht installiert hat, sollte das dringend nachholen. --------------------------------------------- http://www.heise.de/security/meldung/Angriffe-auf-Web-Server-via-Wordpress-… *** Home router security to be tested in upcoming hacking contest *** --------------------------------------------- Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference. The contest is called SOHOpelessly Broken - a nod to the small office/home office space targeted by the products - and follows a growing number of large scale attacks this year against routers and other home embedded systems. --------------------------------------------- http://www.cio.com/article/2455981/home-router-security-to-be-tested-in-upc… *** Sicherheitsforscher weist auf "Hintertüren" in iOS hin *** --------------------------------------------- Undokumentierte Systemdienste in iOS machen Angreifern das Auslesen von Nutzerdaten leicht, wenn das iPhone oder iPad mit einem Desktop-Computer lokal gepairt wurde, erklärt Jonathan Zdziarski - und hofft auf Antwort von Apple. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsforscher-weist-auf-Hintertu… *** Call for last-minute papers for VB2014 announced *** --------------------------------------------- Seven speaking slots waiting to be filled with presentations on hot security topics. --------------------------------------------- http://www.virusbtn.com/news/2014/07_21.xml?rss *** Heartbleed bedroht kritische Industrie-Kontrollsysteme *** --------------------------------------------- Über drei Monate nach Bekanntwerden der massiven Sicherheitslücke sind immer noch zahlreiche Systeme von Siemens ungeschützt. --------------------------------------------- http://futurezone.at/digital-life/heartbleed-bedroht-kritische-industrie-ko… *** VMSA-2014-0006.8 *** --------------------------------------------- VMware product updates address OpenSSL security vulnerabilities --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0006.html *** EMC RecoverPoint Internal Firewall Ruleset Error Lets Remote Users Bypass the Firewall *** --------------------------------------------- http://www.securitytracker.com/id/1030608 *** DSA-2981 polarssl *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-2981 *** DSA-2982 ruby-activerecord-3.2 *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-2982 *** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** VU#688812: Huawei E355 contains a stored cross-site scripting vulnerability *** --------------------------------------------- Vulnerability Note VU#688812 Huawei E355 contains a stored cross-site scripting vulnerability Original Release date: 21 Jul 2014 | Last revised: 21 Jul 2014 Overview The Huawei E355 built-in web interface contains a stored cross-site scripting vulnerability. Description Huawei E355 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to receive SMS messages using the connected cellular network.CWE-79: Improper... --------------------------------------------- http://www.kb.cert.org/vuls/id/688812 *** Bugtraq: CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs. *** --------------------------------------------- Vendor: Elasticsearch Product: Logstash CVE: CVE-2014-4326 Affected versions: Logstash 1.0.14 through 1.4.1 --------------------------------------------- http://www.securityfocus.com/archive/1/532841

1 0

Tageszusammenfassung - Freitag 18-07-2014
by Daily end-of-shift report 18 Jul '14

18 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 17-07-2014 18:00 − Freitag 18-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** SQL Injection Vulnerability - vBulletin 5.x *** --------------------------------------------- The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member list page. Every vBulletin user needs to upgrade to the latest version asap. vBulletin is a very popular forum sofware used on more than .. --------------------------------------------- http://blog.sucuri.net/2014/07/sql-injection-on-vbulletin-5-x.html *** Siemens OpenSSL Vulnerabilities *** --------------------------------------------- Siemens has identified four vulnerabilities in its OpenSSL cryptographic software library affecting several Siemens industrial products. Updates are available for APE 2.0.2 and WinCC OA (PVSS). The ROX 1, ROX 2, S7-1500, and CP1543-1 products do not have a patch at this time; however, Siemens has made mitigation recommendations. Siemens is continuing to work on patching these vulnerabilities. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-198-03 *** Cogent DataHub Code Injection Vulnerability *** --------------------------------------------- NCCIC/ICS-CERT has become aware of a code injection vulnerability affecting the Cogent DataHub application produced by Cogent Real-Time Systems, Inc. (hereafter referred to as Cogent). Security researcher John Leitch reported this vulnerability to the Zero Day Initiative (ZDI), who then reported it directly to Cogent. Successful exploitation of this vulnerability could allow remote execution of arbitrary code. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-198-01 *** Advantech WebAccess Vulnerabilities *** --------------------------------------------- NCCIC/ICS-CERT received a report from the Zero Day Initiative (ZDI) concerning vulnerabilities affecting the Advantech WebAccess application. These vulnerabilities were reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others. Advantech has produced an updated software version that mitigates these vulnerabilities. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-198-02 *** Mitigating UAF Exploits with Delay Free for Internet Explorer *** --------------------------------------------- After introducing the 'isolated heap' in June security patch for Internet Explorer, Microsoft has once again introduced several improvements in the July patch for Internet Explorer. The most interesting and smart improvement is one which we will call 'delay free.' This improvement is designed to mitigate Use After Free (UAF) vulnerability exploits .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/mitigating-uaf-e… *** DSA-2979 fail2ban *** --------------------------------------------- Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resulting in denial of service. --------------------------------------------- http://www.debian.org/security/2014/dsa-2979 *** Bugtraq: Microsoft MSN HBE - Blind SQL Injection Vulnerability *** --------------------------------------------- A boolean-based blind SQL Injection web vulnerability has been detected in the official MSN (habitos.be.msn.com) web application Service. The vulnerability allows remote attackers to inject own sql commands to compromise the affected .. --------------------------------------------- http://www.securityfocus.com/archive/1/532830 *** Critroni Crypto Ransomware Seen Using Tor for Command and Control *** --------------------------------------------- There's a new kid on the crypto ransomware block, known as Critroni, that's been sold in underground forums for the last month or so and is now being dropped by the Angler exploit kit. The ransomware includes a number of unusual features and researchers say .. --------------------------------------------- http://threatpost.com/critroni-crypto-ransomware-seen-using-tor-for-command… *** LibreSSL: Linuxer und OpenBSDler raufen sich zusammen *** --------------------------------------------- Anhand der Probleme bei der Portierung von LibreSSL auf andere Plattformen wie Linux kann man erkennen, wie aus OpenSSL so ein Security-Alptraum werden konnte. Und der ist noch längst nicht vorbei. --------------------------------------------- http://www.heise.de/security/meldung/LibreSSL-Linuxer-und-OpenBSDler-raufen…

1 0

Tageszusammenfassung - Donnerstag 17-07-2014
by Daily end-of-shift report 17 Jul '14

17 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-07-2014 18:00 − Donnerstag 17-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Kritische Sicherheitslücke gefährdet Router und Modems von Cisco *** --------------------------------------------- Neun Consumer-Router und Kabelmodems von Cisco sind anfällig für eine kritische Lücke, die es Angreifern aus dem Netz ermöglicht, das Gerät zu kapern. Auch deutsche Provider setzten die betroffenen Modelle ein. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Sicherheitsluecke-gefaehrdet… *** Cisco Wireless Residential Gateway Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscos… *** Cisco Cable Modem Buffer Overflow Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A remote user can send a specially crafted HTTP request to the target device to trigger a buffer overflow and execute arbitrary code on the target system. --------------------------------------------- http://www.securitytracker.com/id/1030598 *** Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- The specific flaw exists within the updating of mod_status. A race condition in mod_status allows an attacker to disclose information or corrupt memory with several requests to endpoints with handler server-status and other endpoints. By abusing this flaw, an attacker can possibly disclose credentials or leverage this situation to achieve remote code execution. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-236/ *** Zusatzinformationen zum Interview im Standard *** --------------------------------------------- Zusatzinformationen zum Interview im Standard16. Juli 2014Wir freuen uns (fast) immer, wenn wir in Medien zitiert werden, und wir damit eine deutlich breitere Masse erreichen, als nur über unsere direkten Kanäle (Webseite, RSS, Mail, Twitter).Nur: Interviews müssen meist recht schnell gehen, Journalisten arbeiten täglich mit harten Deadlines und auf Papier gibt es beschränkten Platz und keine Hyperlinks.Daher will ich hier ein bisschen Kontext zum Interview geben, das .. --------------------------------------------- http://www.cert.at/services/blog/20140716101643-1199.html *** SA-CORE-2014-003 - Drupal core - Multiple vulnerabilities *** --------------------------------------------- Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. (Denial of Service, Cross Site Scripting, Access Bypass) --------------------------------------------- https://www.drupal.org/SA-CORE-2014-003 *** SA-CONTRIB-2014-071 - FileField - Access bypass *** --------------------------------------------- A vulnerability was discovered in the FileField third-party module that could allow attackers to gain access to private files. --------------------------------------------- https://www.drupal.org/node/2304561 *** Kaum eingeführt, schon umgestellt: Apple verbessert iCloud-Mail-Verschlüsselung *** --------------------------------------------- Nur wenige Tage nach der Einführung einer Transportverschlüsselung für Apples iCloud-Mail-Dienste bessert der Konzern nach. Zumindest einige Server genügen jetzt aktuellen Anforderungen an gute Verschlüsselung. --------------------------------------------- http://www.heise.de/security/meldung/Kaum-eingefuehrt-schon-umgestellt-Appl… *** Pushdo Trojan outbreak: 11 THOUSAND systems infected in just 24 hours *** --------------------------------------------- A wave of attacks by cybercrooks pushing a new variant of the resilient Pushdo Trojan has compromised more than 11,000 systems in just 24 hours. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/17/pushdo_troj… *** Paper: Mayhem - a hidden threat for *nix web servers *** --------------------------------------------- New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system. --------------------------------------------- http://www.virusbtn.com/news/2014/07_17.xml *** Havex, It's Down With OPC *** --------------------------------------------- FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as 'Fertger' or 'PEACEPIPE'), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in .. --------------------------------------------- http://www.fireeye.com/blog/technical/targeted-attack/2014/07/havex-its-dow…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily