=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 19-12-2014 18:00 − Montag 22-12-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** TA14-353A: Targeted Destructive Malware ***
---------------------------------------------
Original release date: December 19, 2014 Systems Affected Microsoft Windows Overview US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities targeting a major entertainment ..
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA14-353A
*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** iTwitter <= 0.04 - XSS & CSRF ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7729
*** Network Time Protocol Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for multiple vulnerabilities within the Network Time Protocol (NTP).
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-353-01
*** Post to Twitter <= 0.7 CSRF & XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7730
*** Which NTP Servers do You Need to Patch? ***
---------------------------------------------
While people generally know where their real NTP servers are, all to often they dont know that theyve got a raft of accidental NTP servers - boxes that have NTP enabled without the system maintainers knowing about it. Common servers ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19095
*** Tor-Projekt wappnet sich gegen möglichen Angriff ***
---------------------------------------------
Das Tor-Projekt befürchtet eine Beschlagnahmung wichtiger Infrastruktur-Server, die das Anonymisierungsnetz unbenutzbar machen könnte. Einem anonymen Tipp zufolge stehe diese schon in wenigen Tagen bevor.
---------------------------------------------
http://www.heise.de/security/meldung/Tor-Projekt-wappnet-sich-gegen-moeglic…
*** Compromised Wordpress sites serving multiple malware payloads ***
---------------------------------------------
During our daily log monitoring process, we observe many interesting threat events. One such event led to a compromised WordPress site campaign, which was found to serve multiple malware families including Upatre/Hencitor/Extrat Xtreme ..
---------------------------------------------
http://research.zscaler.com/2014/12/compromised-wordpress-sites-serving.html
*** Neue NTP-Versionen fixen Fehler im Zeit-Server ***
---------------------------------------------
Mit nur einem Paket könnte ein Angreifer Zeit-Server mit dem NTP-Dienst übernehmen. Admins sollten ihre Konfiguration checken und bei Bedarf das Abhilfe versprechende Update so schnell wie möglich einspielen.
---------------------------------------------
http://www.heise.de/security/meldung/Neue-NTP-Versionen-fixen-Fehler-im-Zei…
*** Südkorea führt Übungen zur Hacker-Abwehr an Atomkraftwerken durch ***
---------------------------------------------
Nach der Enthüllung geschützter Informationen über zwei südkoreanische Atomreaktoren im Internet hat der Betreiber eine zweitägige Übungen zur Abwehr von Cyber-Attacken begonnen. Die Übungen würden an vier von 23 Reaktorstandorten im Land durchgeführt, teilte eine Sprecherin der staatlichen Koreanischen Wasser- und Atomenergie-Gesellschaft (KHNP) am Montag mit.
---------------------------------------------
http://derstandard.at/2000009692066
*** Pattern-Based Approach for In-Memory ShellCodes Detection ***
---------------------------------------------
Introduction During an analysis, it can be really useful to know some common instructions with which malware, and more specifically shellcodes, achieve their goals. As we can imagine, these sets of common instructions could be used ..
---------------------------------------------
http://resources.infosecinstitute.com/pattern-based-approach-memory-shellco…
*** Is this URL safe? Hiding Malware in Plain Sight From Online Scanners ***
---------------------------------------------
There are serveral sites which offer scanning a URL for malware. One should expect that these sites emulate a real browser good enough so that their rating can be trusted. Unfortunatly this is not the case.
---------------------------------------------
http://noxxi.de/research/content-encoding-online-scanner.html
*** Mikl-Leitner will Cybercrime-Gesetz bis 2018 ***
---------------------------------------------
Ein Cybercrime-Gesetz soll bis zum Ende dieser Legislaturperiode, also 2018, beschlossen werden. Dieses Ziel nannte Innenministerin Johanna Mikl-Leitner (ÖVP) bei einer Pressekonferenz am Montag in Wien. Anlass war die Präsentation der Erkenntnisse aus einem Planspiel, bei dem es um einen Hackerangriff auf den Flughafen Wien und einen Erpressungsversuch mit terroristischem Hintergrund ging.
---------------------------------------------
http://derstandard.at/2000009710328
*** PHP 5.6.3 unserialize() execute arbitrary code ***
---------------------------------------------
A while ago the function "process_nested_data" was changed to better
handle object properties. Before it was possible to create numeric
object properties which would cause ..
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014120160
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 18-12-2014 18:00 − Freitag 19-12-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Misfortune Cookie crumbles router security: 12 MILLION+ in hijack risk ***
---------------------------------------------
Homes, businesses menaced by vulnerable software exposed to the internet Infosec biz Check Point says it has discovered a critical software vulnerability that allows hackers to hijack home and small business broadband routers across the web.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/12/18/misfortune_…
*** Metasploit Weekly Wrapup: Get the 411 ***
---------------------------------------------
This week, we released Metasploit version 4.11 to the world -- feel free to download it here if you're the sort that prefers the binary install over the somewhat Byzantine procedure for setting up a development environment. Which you should be, because the binary installers (for Windows and Linux) have all the dependencies baked in and you don't have to monkey around with much to get going. The two major features with this release center around reorganizing the bruteforce workflow to make things more sensible and usable for larger-scale password audits, and much better visualization on figuring out where the weak link is/was in the organization under test when stolen credentials were used to extend control.
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/12/18/metasploi…
*** Vulnerability announced: update your Git clients ***
---------------------------------------------
A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem.
---------------------------------------------
https://github.com/blog/1938-vulnerability-announced-update-your-git-clients
*** How Cybercriminals Dodge Email Authentication ***
---------------------------------------------
Email authentication and validation is one method that is used to help bring down the levels of spam and phishing by identifying senders so that malicious emails can be identified and discarded. Two frameworks are in common usage today; these are SPF and DKIM. SPF (Sender Policy Framework): Defined in RFC 7208, SPF provides a...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/27Kj0gN8uNo/
*** Smart grid security certification in Europe: Challenges and Recommendations ***
---------------------------------------------
ENISA issues today a report on Smart grid security certification in Europe targeted at EU Member States (MS), the Commission, certification bodies and the private sector; with information on several certification approaches across the EU and other MS and EFTA countries. It describes the specific European situation, and discusses the advantages and challenges towards a more harmonised certification practice.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/smart-grid-security-certifi…
*** USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds ***
---------------------------------------------
Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it's a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in...
---------------------------------------------
http://threatpost.com/usbdriveby-device-can-install-backdoor-override-dns-s…
*** TA14-352A: Server Message Block (SMB) Worm Tool ***
---------------------------------------------
Unknown cyber-threat actors have been identified employing sophisticated malware, and Indicators of Compromise (IOC) have been provided to mitigate this threat.
---------------------------------------------
http://www.exploitthis.com/2014/12/ta14-352a-server-message-block-smb-worm-…
*** Save the date: ENISA Workshop on EU Threat Landscape ***
---------------------------------------------
24th February 2015, Hotel Metropole, Brussels
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/save-the-date-enisa-workshop-on…
*** SS7 Vulnerabilities ***
---------------------------------------------
There are security vulnerability in the phone-call routing protocol called SS7. The flaws discovered by the German researchers are actually functions built into SS7 for other purposes -- such as keeping calls connected as users speed down highways, switching from cell tower to cell tower -- that hackers can repurpose for surveillance because of the lax security on the network....
---------------------------------------------
https://www.schneier.com/blog/archives/2014/12/ss7_vulnerabili.html
*** Information-stealing Vawtrak malware evolves, becomes more evasive ***
---------------------------------------------
SophosLabs has recently observed some cunning changes made by the authors of the dangerous banking malware Vawtrak. James Wyke explains.
---------------------------------------------
https://nakedsecurity.sophos.com/2014/12/19/information-stealing-vawtrak-ma…
*** Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines ***
---------------------------------------------
Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and hardcoded credentials. All of the vulnerabilities are remotely exploitable and an...
---------------------------------------------
http://threatpost.com/emerson-patches-series-of-flaws-in-controllers-used-i…
*** Novell - Patches for GroupWise and eDirectory ***
---------------------------------------------
https://download.novell.com/Download?buildid=tveSooKDw3Q~https://download.novell.com/Download?buildid=mdWLZGP0Glk~https://download.novell.com/Download?buildid=gHTDteZoK34~https://download.novell.com/Download?buildid=3dJODsdcDKE~
*** Subversion mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031403
*** Subversion mod_dav_svn REPORT Request Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031402
*** Honeywell Experion PKS Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for vulnerabilities in Honeywell's Experion Process Knowledge System (EPKS) application.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-352-01
*** Innominate mGuard Privilege Escalation Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a privilege escalation vulnerability affecting all mGuard devices.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-352-02
*** Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update C) ***
---------------------------------------------
This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02B Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 11, 2014, on the NCCIC/ICS-CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-329-02C
*** Emerson ROC800 Multiple Vulnerabilities (Update B) ***
---------------------------------------------
This updated advisory is a follow-up to the updated advisory titled ICSA-13-259-01A Emerson ROC800 Multiple Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-13-259-01B
*** [2014-12-19] XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor ***
---------------------------------------------
Two vulnerabilities in the NetIQ eDirectory iMonitor allow an attacker to take over a user session and potentially leak sensitive data. An attacker could compromise an administrative account and e.g. tamper a centralized user database.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
*** Live Forms <= 1.2.0 - Unauthenticated Stored Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7728
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 17-12-2014 18:00 − Donnerstag 18-12-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Is the polkit Grinch Going to Steal your Christmas?, (Wed, Dec 17th) ***
---------------------------------------------
Alert Logic published a widely publizised blog outlining a common configuration problem with Polkit. To help with dissemination, Alert Logic named the vulnerability Grinch [1] . In some ways, this isnt so much a vulnerability, as more a common overlypermissive configuration of many Linux systems. It could easily be leveraged to escalate privileges beyond the intent of the polkitconfiguration. Lets first step back: In the beginning, there was sudo. Sudo served the Unix community well for many...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19077&rss
*** Application Threat and Usage Report 2014 ***
---------------------------------------------
The Application Usage And Threat Report provides an analysis of applications and their link to cyber threats within the enterprise. The report summarizes network traffic assessments performed wor...
---------------------------------------------
http://www.net-security.org/secworld.php?id=17609
*** Erfolgreicher Angriff auf Internet-Verwaltung ICANN ***
---------------------------------------------
U.a. wurde ein zentrales System, das zur Organisation bei der Einführung der neuen Top Level Domains dient, bei einem Angriff auf die ICANN kompromittiert. Die ICANN dient als Oberaufsicht über die Verwaltung von Netz-Ressourcen wie DNS und IP-Adressen.
---------------------------------------------
http://www.heise.de/security/meldung/Erfolgreicher-Angriff-auf-Internet-Ver…
*** Your Browser is (not) Locked ***
---------------------------------------------
Most ransomware has a binary file that needs to be executed before it can infect your PC. Ransomware usually relies on social engineering or exploits to infect unsuspecting users. However, some malware authors are bypassing this requirement with a new trick - browser lockers. Unlike traditional ransomware threats that lock the entire desktop, browser lockers only lock the web browser of an infected PC. Most other malware needs a user (or other malware) to manually run it. Browser lockers...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/12/17/your-browser-is-not-lock…
*** Chthonic: a New Modification of ZeuS ***
---------------------------------------------
In the fall of 2014, we discovered a new banking Trojan, which caught our attention for two reasons...
---------------------------------------------
http://securelist.com/blog/virus-watch/68176/chthonic-a-new-modification-of…
*** Ars Technica readers urged to change passwords in wake of hack ***
---------------------------------------------
In case you havent heard already, Ars Technica got hacked over the weekend, so if you are a subscribed reader now would be a good time to change your password. "At 20:00 CT on December 14, an Inte...
---------------------------------------------
http://www.net-security.org/secworld.php?id=17768
*** PhpBB-Webserver geknackt, Zugangsdaten kopiert ***
---------------------------------------------
Die PhpBB-Server wurden kompromittiert und sind momentan offline. Die Angreifer haben es geschafft, den Foren-Zugang eines Administrators zu kapern.
---------------------------------------------
http://www.heise.de/security/meldung/PhpBB-Webserver-geknackt-Zugangsdaten-…
*** Android Hacking and Security, Part 17: Cracking Android App Binaries ***
---------------------------------------------
In this article, we will see how a developer can perform basic checks to programmatically detect if the app is running on an emulator and stop executing the app if an emulator is detected. We will then see how an attacker can easily bypass these checks by using some freely...
---------------------------------------------
http://resources.infosecinstitute.com/android-hacking-security-part-17-crac…
*** Alina POS malware "sparks" off a new variant ***
---------------------------------------------
Alina is a well-documented family of malware used to scrape Credit Card (CC) data from Point of Sale (POS) software. We published a series of in-depth write-ups on the capabilities Alina possesses as well as the progression of the versions. Xylitol has a nice write-up on the Command and Control (C&C) aspects of Alina. In this blog post I'd like to discuss a variant that first cropped up in late 2013 and has been seen in the wild as recent as a month ago. Some anti-virus companies have
---------------------------------------------
http://blog.spiderlabs.com/2014/12/alina-pos-malware-sparks-off-a-new-varia…
*** Patch-Debakel: Microsoft bessert bei IE-Update nach ***
---------------------------------------------
Die Serie an verbockten Patches scheint nicht abzureissen. Jetzt muss Microsoft bei einem Update für den Internet Explorer nachbessern, nachdem IE-11-Nutzer über Probleme mit Dialogboxen auf Webseiten geklagt hatten.
---------------------------------------------
http://www.heise.de/security/meldung/Patch-Debakel-Microsoft-bessert-bei-IE…
*** Exploit Kit Evolution During 2014 - Nuclear Pack, (Thu, Dec 18th) ***
---------------------------------------------
This is a guest diary submitted by Brad Duncan. Nuclear exploit kit (also known as Nuclear Pack) has been around for years. Version 2.0 of Nuclear Pack was reported in 2012 [1] [2]. Blogs like malware.dontneedcoffee.com have mentioned version 3.0 of Nuclear Pack in posts during 2013 [3] [4]. This month, Nuclear Pack changed its traffic patterns. The changes are significant enough that I wonder if Nuclear Pack is at version 4. Or is this merely an evolution of version 3, as weve seen throughout
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19081&rss
*** VU#843044: Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values ***
---------------------------------------------
Vulnerability Note VU#843044 Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values Original Release date: 18 Dec 2014 | Last revised: 18 Dec 2014 Overview The Intelligent Platform Management Interface (IPMI) v1.5 implementations in multiple Dell iDRAC releases are vulnerable to arbitrary command injection due to use of insufficiently random session ID values. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-8272The IPMI v1.5...
---------------------------------------------
http://www.kb.cert.org/vuls/id/843044
*** Cisco IronPort ESA Subject Header Length Denial of Service Vulnerability ***
---------------------------------------------
CVE-2014-8016
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal ***
---------------------------------------------
CVE-2014-8012
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability ***
---------------------------------------------
CVE-2014-8014
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Cross-Site Scripting vulnerability in wfGallery (wf_gallery) ***
---------------------------------------------
It has been discovered that the extension "wfGallery" (wf_gallery) is susceptible to Cross-Site Scripting.
---------------------------------------------
http://www.typo3.org/news/article/cross-site-scripting-vulnerability-in-wfg…
*** SA-CONTRIB-2014-128 - Organic Groups Menu - Access bypass ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-128Project: OG Menu (third-party module)Version: 6.x, 7.xDate: 2014-December-17Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypass, Information DisclosureDescriptionThis module enables you to associate menus with Organic Groups (OG). It allows you to create one or more menus per group, configure and apply menu permissions in a group context, add/edit menu links directly from the entity...
---------------------------------------------
https://www.drupal.org/node/2395049
*** SA-CONTRIB-2014-127 - School Administration - Cross Site Scripting (XSS) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-127Project: School Administration (third-party module)Version: 7.xDate: 2014-December-17Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionSchool Administration module enables you to keep records of all students and staff. With inner modules, it aims to be a complete school administration system.The module failed to sanitize some node titles in messages, leading to a...
---------------------------------------------
https://www.drupal.org/node/2395015
*** SA-CONTRIB-2014-126 - Open Atrium - Multiple vulnerabilities ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-126Project: Open Atrium (third-party module)Version: 7.xDate: 2014-12-17Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypass, Cross Site Request Forgery, Multiple vulnerabilitiesDescriptionThis distribution enables you to create an intranet.Several of the sub modules included do not prevent CSRF on several menu callbacks.Open Atrium Discussion also does not exit correctly after...
---------------------------------------------
https://www.drupal.org/node/2394979
*** Novell NetIQ Access Manager 4.0 Support Pack 1 Hot Fix 3 4.0.1-132 ***
---------------------------------------------
Abstract: NetIQ Access Manager 4.0 Support Pack 1 Hot Fix 3 build (version4.0.1-132). This file contains updates for services contained in the NetIQ Access Manager 4.0 product and requires 4.0 SP1 to be installed as a minimum. NetIQ recommends that all customers running Access Manager 4.0 release code apply this patch. The purpose of the patch is to provide a bundle of fixes for issues that have surfaced since NetIQ Access Manager 4.0 SP1 was released. These fixes include updates to the Access...
---------------------------------------------
https://download.novell.com/Download?buildid=i7RBltaqcVw~
*** [2014-12-18] Multiple critical vulnerabilities in VDG Security SENSE (formerly DIVA) ***
---------------------------------------------
Attackers are able to fully compromise the VDG Sense video management system by gaining highest system level access rights as multiple critical vulnerabilities exist.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
*** [2014-12-18] OS command execution vulnerability in GParted ***
---------------------------------------------
GParted does not properly sanitize strings before passing them as parameters to an OS command. Under certain conditions an attacker is able to execute system commands as user "root" by tricking a victim into using GParted to e.g. format a USB drive.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
*** [2014-12-18] Multiple high risk vulnerabilities in NetIQ Access Manager ***
---------------------------------------------
A vulnerability in the NetIQ Access Manager allows an authenticated attacker to read local files. Moreover, several web based issues (CSRF, persistent and non-persistent XSS) allow an attacker to hijack the session of an administrator or user. An information disclosure vulnerability allows an attacker to gather internal information including service passwords.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 16-12-2014 18:00 − Mittwoch 17-12-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Schadcode nutzt Monate alte WordPress-Lücke aus ***
---------------------------------------------
Der Schädling namens SoakSoak hat hunderttausende Webseiten über das Plug-in Slider Revolution befallen und spioniert die Server aus. In einigen Fällen werden auch Besucher per Drive-By-Download infiziert.
---------------------------------------------
http://www.heise.de/security/meldung/Schadcode-nutzt-Monate-alte-WordPress-…
*** Firefox, IE11 zero-day bugs possibly targeted in SoakSoak WordPress malware attacks ***
---------------------------------------------
Attackers exploiting a bug in the Slider Revolution plugin to compromise WordPress websites with malware may also be targeting zero-day vulnerabilities in Firefox and Internet Explorer 11.
---------------------------------------------
http://www.scmagazine.com/firefox-ie11-zero-day-bugs-possibly-targeted-in-s…
*** Some Memory Forensic with Forensic Suite (Volatility plugins), (Tue, Dec 16th) ***
---------------------------------------------
In previous diaries we have talked about memory forensics and how important it is. In this diary I will talk about a new volatility plugins called Forensic Suite written by Dave Lasalle. The suite has 14 plugins and they cover different area of memory forensics The Forensics Suite can be obtain from: http://downloads.volatilityfoundation.org/contest/2014/DaveLasalle_Forensic… . In this diary I will talk about some of the plugins Firefox history: To test this plugin first I browsed the...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19071&rss
*** URL flaw discovered for airline mobile boarding passes ***
---------------------------------------------
A URL flaw that impacts mobile boarding passes for airlines, such as Southwest and Delta, was discovered on Tuesday.
---------------------------------------------
http://www.scmagazine.com/url-flaw-discovered-for-airline-mobile-boarding-p…
*** Impact of Linux bug grinch spans servers, workstations, Android devices and more ***
---------------------------------------------
Alert Logic discovered the bug, which is susceptible to exploitation due to the default installation process used by Linux.
---------------------------------------------
http://www.scmagazine.com/impact-of-linux-bug-grinch-spans-servers-workstat…
*** Comparing OpenBSD with FreeBSD - securitywise ***
---------------------------------------------
OpenBSD and FreeBSD are both great OS that I admire and use. OpenBSD is considered more secure since it is its main goal, but FreeBSD can be tweaked to be pretty well hardened as well. Depending on the forums or to who we ask, we will have different opinions. But what are the facts? Which OS is more secure and why?
---------------------------------------------
http://networkfilter.blogspot.co.at/2014/12/security-openbsd-vs-freebsd.html
*** SSL Labs end of year 2014 updates ***
---------------------------------------------
>From the SSL/TLS perspective, 2014 was quite an eventful year. The best way to describe what we at SSL Labs did is we kept running to stay in the same place. What I mean by this is that we spent a lot of time reacting to high profile vulnerabilities: Hearbleed, the ChangeCipherSpec protocol issue in OpenSSL, POODLE (against SSL 3 in October and against TLS in December), and others. Ultimately, this has been a very successful year for us, with millions of assessments carried out.
---------------------------------------------
http://blog.ivanristic.com/2014/12/ssl-labs-end-of-year-updates.html
*** Top 5 malware attacks: 35 reused components ***
---------------------------------------------
CyActive identified the top five malware that returned the highest ROI for hackers with the least effort per dollar - achieved by recycling code and using the same methods from previous malware attack...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2932
*** Protecting the underground electronic communications infrastructure ***
---------------------------------------------
ENISA has released a new report on the Protection of Underground Electronic Communications Infrastructure. This report - targeted at Member States (MS), public institutions, owners of underground comm...
---------------------------------------------
http://www.net-security.org/secworld.php?id=17763
*** The Abandoned Side of the Internet: Hijacking Internet Resources When Domain Names Expire ***
---------------------------------------------
In this paper, we discuss an attacker model that accounts for the hijacking of network ownership information stored in Regional Internet Registry (RIR) databases. We show that such threats emerge from abandoned Internet resources (e.g., IP address blocks, AS numbers). When DNS names expire, attackers gain the opportunity to take resource ownership by re-registering domain names that are referenced by corresponding RIR database objects.
---------------------------------------------
http://arxiv.org/abs/1412.5052
*** How the FBI Unmasked Tor Users ***
---------------------------------------------
Kevin Poulson has a good article up on Wired about how the FBI used a Metasploit variant to identify Tor users....
---------------------------------------------
https://www.schneier.com/blog/archives/2014/12/how_the_fbi_unm.html
*** Fast Flux Networks Working and Detection, Part 1 ***
---------------------------------------------
Introduction In this series of articles, we will learn about a not-so-new type of attack, but one of the most difficult attacks to control. Yes, we will lean about the demon Fast Flux!! In this article, we will learn about what exactly Fast Flux is, types of Fast Flux, and [...]The post Fast Flux Networks Working and Detection, Part 1 appeared first on InfoSec Institute.
---------------------------------------------
http://resources.infosecinstitute.com/fast-flux-networks-working-detection-…
*** What's New in Exploit Kits in 2014 ***
---------------------------------------------
Around this time in 2013, the most commonly used exploit kit - the Blackhole Exploit Kit - was shut down after its creator, Paunch, was arrested by law enforcement. Since then, a variety of exploit kits has emerged and have been used by cybercriminals. The emergence of so many replacements has also meant that there...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/N44vwrIcGrM/
*** Researchers warn of new OphionLocker ransomware ***
---------------------------------------------
OphionLocker doesnt diverge much from previous ransomware schemes, although it does generate a unique hardware ID based on the first hard drives serial number, the motherboards serial number and other information.
---------------------------------------------
www.scmagazine.com/ophionlocker-discovered-in-the-wild-update-provided-on-t…
*** Certified pre-pw0ned Android Smartphones: Coolpad Firmware Backdoor, (Wed, Dec 17th) ***
---------------------------------------------
Researchers at Palo Alto found that many ROM images used for Android smart phones manufactured by Coolpad contain a backdoor, giving an attacker full control of the device. Palo Alto named the backdoor Coolreaper. With Android, it is very common for manufacturers to install additional applications. But these applications are installed on top of the Android operating system. In this case, Coolpad integrated additional functionality into the firmware of the device. This backdoor was then used by
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19075&rss
*** BSI-Sicherheitsbericht: Erfolgreiche Cyber-Attacke auf deutsches Stahlwerk ***
---------------------------------------------
Bei einem bislang unbekannten Angriff beschädigten die Angreifer einen Hochofen schwer. Doch neben den gezielten Angriffen auf Industrieanlagen bilanziert das BSI auch eine steigende Gefahr für Endanwender.
---------------------------------------------
http://www.heise.de/security/meldung/BSI-Sicherheitsbericht-Erfolgreiche-Cy…
*** Meet FlashFlood, the lightweight script that causes websites to falter ***
---------------------------------------------
Bringing big database-driven sites to their knees just got a little easier.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/ir5Zy4m-thY/
*** iCloud-Daten: Forensik-Software verspricht umfangreichen Zugriff ***
---------------------------------------------
Die vermutlich auch für den iCloud-Promi-Hack genutzte Forensik-Software "Phone Breaker" erweitert die Möglichkeiten, bei Apples Cloud-Dienst gespeicherte Nutzerdaten auszulesen. Unterstützung zum Fremdzugriff auf iCloud Drive soll folgen.
---------------------------------------------
http://www.heise.de/security/meldung/iCloud-Daten-Forensik-Software-verspri…
*** Cisco ISB8320-E High-Definition IP-Only DVR Remote Unauthenticated Access Vulnerability ***
---------------------------------------------
CVE-2014-8006
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Symantec Web Gateway OS Authenticated Command Injection ***
---------------------------------------------
Revisions None Severity CVSS2Base ScoreImpactExploitabilityCVSS2 VectorSymantec Web Gateway Operating System Command Injection - Low...
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se…
*** IBM Business Process Manager cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98418
*** IBM WebSphere Process Server, IBM WebSphere Enterprise Service Bus, IBM Business Process Manager information disclosure ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98488
*** IBM Business Process Manager security bypass ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95724
*** HP Security Bulletins ***
---------------------------------------------
[security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information
---------------------------------------------
http://www.securityfocus.com/archive/1/534259
[security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution
---------------------------------------------
http://www.securityfocus.com/archive/1/534262
[security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/534261
[security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS)
---------------------------------------------
http://www.securityfocus.com/archive/1/534260
*** Patches for Novell Products ***
---------------------------------------------
https://download.novell.com/Download?buildid=3dJODsdcDKE~https://download.novell.com/Download?buildid=STisn28FRWs~https://download.novell.com/Download?buildid=q4S96klvwhE~https://download.novell.com/Download?buildid=Mh8CRo1Ljh8~https://download.novell.com/Download?buildid=nlOmW2y333Q~https://download.novell.com/Download?buildid=anuuh6CDWX8~
*** DSA-3105 heirloom-mailx - security update ***
---------------------------------------------
Two security vulnerabilities were discovered in Heirloom mailx, animplementation of the mail command:
---------------------------------------------
https://www.debian.org/security/2014/dsa-3105
*** DSA-3104 bsd-mailx - security update ***
---------------------------------------------
It was discovered that bsd-mailx, an implementation of the mailcommand, had an undocumented feature which treats syntactically validemail addresses as shell commands to execute.
---------------------------------------------
https://www.debian.org/security/2014/dsa-3104
*** SSA-134508 (Last Update 2014-12-16): Vulnerabilities in SIMATIC WinCC, PCS 7 and WinCC in TIA Portal ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit…
*** iWifi For Chat 1.1 Denial Of Service ***
---------------------------------------------
Topic: iWifi For Chat 1.1 Denial Of Service Risk: Medium Text:Document Title: iWifi for Chat v1.1 iOS - Denial of Service Vulnerability References (Source): == http://w...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014120110
*** iUSB 1.2 Arbitrary Code Execution ***
---------------------------------------------
Topic: iUSB 1.2 Arbitrary Code Execution Risk: High Text:Document Title: iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability References (Source): == http://www....
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014120109
*** Bugtraq: [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534264
*** Security Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Product ***
---------------------------------------------
Dec 17, 2014 16:09
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
*** Schneider Electric ProClima Command Injection Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for command injection vulnerabilities in Schneider Electrics ProClima software package.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-350-01
*** Bird Feeder <= 1.2.3 CSRF & XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7727
*** DB Backup <= 4.5 - Path Traversal File Access ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7726
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 15-12-2014 18:00 − Dienstag 16-12-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Is POODLE Back for Another Byte? ***
---------------------------------------------
[...] The problem is a number of other TLS implementations are optimized for performance by verifying only that the first byte of padding matches the number of padding bytes. Such implementations would accept any value for the second and subsequent padding bytes. What's worse is that the adversary doesn't need to artificially downgrade the connection to SSLv3 to exploit this issue, so the barriers to execution are lower.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2014/12/is_poodle_back_fora.ht…
*** RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise ***
---------------------------------------------
Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to the first domain used in the malware redirection path (soaksoak.ru). After a bit more time investigating this issue, we were able to confirm that the attack vector is the RevSlider...
---------------------------------------------
http://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wor…
*** SoakSoak: Payload Analysis - Evolution of Compromised Sites - IE 11 ***
---------------------------------------------
Thousands of WordPress sites has been hit by the SoakSoak attack lately. At this moment we know quite a lot about it. It uses the RevSlider vulnerability as a point of penetration. Then uploads a backdoor and infects all websites that share the same server account (so sites that don't use the RevSlider plugin can...
---------------------------------------------
http://blog.sucuri.net/2014/12/soaksoak-payload-analysis-evolution-of-compr…
*** Google Blacklists WordPress Sites Peddling SoakSoak Malware ***
---------------------------------------------
Up to 100,000 sites hosted on WordPress may be vulnerable to new campaign thats pushing malware and multiple exploit kits to the browser.
---------------------------------------------
http://threatpost.com/google-blacklists-wordpress-sites-peddling-soaksoak-m…
*** Safari 8.0.2 Still Supporting SSLv3 with Block Ciphers, (Mon, Dec 15th) ***
---------------------------------------------
In October, Apple released Security Update 2014-005, specifically with the intend to address the POODLE issue [1]. The description with the update stated: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19067&rss
*** ENISA CERT training programme now available online ***
---------------------------------------------
ENISA has launched a new section on its website introducing the ENISA CERT training programme.
In the new section, you can find all the publicly available training resources and the training courses currently provided by ENISA.
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/enisa-cert-training-programme-n…
*** SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability ***
---------------------------------------------
CVE-2014-8730
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Internet-Sicherheit: Auch Cisco mit Poodle-Problemen ***
---------------------------------------------
Ausgerechnet Firewalls und Load-Balancing-Erweiterungen des Netzwerkgeräte-Herstellers pfuschen bei der Umsetzung von TLS - und werden damit ebenfalls anfällig für Poodle-Angriffe auf die Verschlüsselung.
---------------------------------------------
http://www.heise.de/security/meldung/Internet-Sicherheit-Auch-Cisco-mit-Poo…
*** Android Hacking and Security, Part 16: Broken Cryptography ***
---------------------------------------------
Introduction In this article, we will discuss broken cryptography in Android applications. Broken cryptography attacks come into the picture when an app developer wants to take advantage of encryption in his application. This article covers the possible ways where vulnerabilities associated with broken cryptography may be introduced in Android apps. [...]The post Android Hacking and Security, Part 16: Broken Cryptography appeared first on InfoSec Institute.
---------------------------------------------
http://resources.infosecinstitute.com/android-hacking-security-part-16-brok…
*** F5 Security Advisory: Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687 ***
---------------------------------------------
(SOL15910) - Remote attackers may be able to cause a denial-of-service (DoS) using malformed or duplicate ASCONF chunk.
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/900/sol15910.html
*** Security Advisory 2014-06: Incomplete Access Control ***
---------------------------------------------
An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured.
---------------------------------------------
https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/
*** Apache Buffer Overflow in mod_proxy_fcgi Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031371
*** SSA-831997 (Last Update 2014-12-15): Denial-of-Service Vulnerability in Ruggedcom ROS-based Devices ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit…
*** CA Release Automation Multiple Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and SQL Injection Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1031375
*** DokuWiki conf/mime.conf cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/99291
*** Python TLS security bypass ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/99294
*** CA LISA Multiple Vulns ***
---------------------------------------------
Topic: CA LISA Multiple Vulns Risk: Medium Text:CA20141215-01: Security Notice for CA LISA Release Automation Issued: December 15, 2014 CA Technologies Support is alerti...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014120097
*** Bugtraq: [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534249
*** Better Search <= 1.3.4 - Reflective XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7725
*** WP Construction Mode <= 1.91 - Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7724
*** Sliding Social Icons <= 1.61 - CSRF & Stored XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7723
*** Bugtraq: "Ettercap 8.0 - 8.1" multiple vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534248
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 12-12-2014 18:00 − Montag 15-12-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** ICS-CERT: BlackEnergy may be infecting WinCC systems lacking recent patch ***
---------------------------------------------
BlackEnergy malware may be exploiting a vulnerability in Siemens SIMATIC WinCC software that was patched in early November.
---------------------------------------------
http://www.scmagazine.com/ics-cert-urges-wincc-users-others-to-update-softw…
*** BGP Hijacking Continues, Despite the Ability To Prevent It ***
---------------------------------------------
An anonymous reader writes: BGPMon reports on a recent route hijacking event by Syria. These events continue, despite the ability to detect and prevent improper route origination: Resource Public Key Infrastructure. RPKI is technology that allows an operator to validate the proper relationship between an IP prefix and an Autonomous System. That is, assuming you can collect the certificates. ARIN requires operators accept something called the Relying Party Agreement. But the provider community...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/hl_eP152_h0/story01.htm
*** Batten down the patches: New vuln found in Docker container tech ***
---------------------------------------------
Last months patch brought new privilege escalation flaw More security woes plagued users of the Docker application containerization tech for Linux this week, after an earlier security patch was found to have introduced a brand-new critical vulnerability in the software.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/12/12/docker_vuln…
*** Cisco to release flying pig - Snort 3.0 ***
---------------------------------------------
Sourcefires been making bacon, now wants you to fry it Ciscos going to release a flying pig.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/12/12/cisco_to_re…
*** Worm Backdoors and Secures QNAP Network Storage Devices, (Sun, Dec 14th) ***
---------------------------------------------
Shellshock is far from over, with many devices still not patched andout there ready for exploitation. One set of thedevices receiving a lot of attention recently are QNAP disk storage systems. QNAP released a patch in early October, but applying the patch is not automatic and far from trivial for many users[1]. Our reader Erichsubmitted a link to an interesting Pastebin post with code commonly used in these scans [2] The attack targets a QNAP CGI script, /cgi-bin/authLogin.cgi, a well known...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19061&rss
*** SoakSoak Malware Compromises 100,000+ WordPress Websites ***
---------------------------------------------
This Sunday has started with a bang. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru: Our analysis is showing impacts in the order of 100s of thousands of WordPress specific websites. We cannot confirm the exact vector, but preliminary analysis is showing correlation with the Revslider vulnerability we reported a...
---------------------------------------------
http://blog.sucuri.net/2014/12/soaksoak-malware-compromises-100000-wordpres…
*** Man in the Middle attack vs. Cloudflares Universal SSL ***
---------------------------------------------
MitM attacks are a class of security attacks that involve the compromise of the authentication of a secure connection. In essence, an attacker builds a transparent tunnel between the client and the server, but makes sure that the client negotiates the secure connection with the attacker, instead of the intended server. Thus the client instead of having a secure connection to the server, has a secure connection to the attacker, which in turn has set up its own secure connection to the server, so...
---------------------------------------------
http://blog.ricardomacas.com/index.php?controller=post&action=view&id_post=4
*** 10th Annual ICS Security Summit - Orlando ***
---------------------------------------------
For SCADA, Industrial Automation, and Control System Security Join us for the 10th anniversary of the Annual SANS ICS Security Summit. The Summit is the premier event to attend in 2015 for ICS cybersecurity practitioners and managers. This years summit will feature hands-on training courses focused on Attacking and Defending ICS environments, Industry specific pre-summit events, and an action packed summit agenda with the release of ICS security tools and the popular security kit for Summit
---------------------------------------------
https://www.sans.org/event/ics-security-summit-2015
*** Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712) ***
---------------------------------------------
V3.0 (December 12, 2014): Rereleased bulletin to announce the reoffering of Microsoft security update 2986475 for Microsoft Exchange Server 2010 Service Pack 3. The rereleased update addresses a known issue in the original offering. Customers who uninstalled the original update should install the updated version of 2986475 at the earliest opportunity.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-075
*** Two newcomers in the exploit kit market ***
---------------------------------------------
Exploit kits are a great means to an end for malware distributors, who either buy them or rent them in order to widely disseminate their malicious wares. Its no wonder then that unscrupulous developers are always trying to enter the market currently cornered by Angler, Nuclear, FlashEK, Fiesta, SweetOrange, and others popular exploit kits.
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2929
*** RSA Authentication Manager 8.0 / 8.1 Unvalidated Redirect ***
---------------------------------------------
Topic: RSA Authentication Manager 8.0 / 8.1 Unvalidated Redirect Risk: Low Text:ESA-2014-173: RSA Authentication Manager Unvalidated Redirect Vulnerability EMC Identifier: ESA-2014-173 CVE Identifier:...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014120080
*** RSA Archer GRC Platform 5.x Cross Site Scripting ***
---------------------------------------------
Topic: RSA Archer GRC Platform 5.x Cross Site Scripting Risk: Low Text:ESA-2014-163: RSA Archer GRC Platform Multiple Vulnerabilities EMC Identifier: ESA-2014-163 CVE Identifier: See b...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014120079
*** EMC Isilon InsightIQ Cross Site Scripting ***
---------------------------------------------
Topic: EMC Isilon InsightIQ Cross Site Scripting Risk: Low Text:ESA-2014-164: EMC Isilon InsightIQ Cross-Site Scripting Vulnerability EMC Identifier: ESA-2014-164 CVE Identifier: CVE-...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014120078
*** Cisco Prime Security Manager Cross-Site Scripting Vulnerability ***
---------------------------------------------
CVE-2014-3364
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass ***
---------------------------------------------
Topic: Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Risk: Medium Text:Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit Vendor: Soitec Product web page: http://ww...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014120086
*** Multiple vulnerabilities in InfiniteWP Admin Panel ***
---------------------------------------------
InfiniteWP (http://www.infinitewp.com/) allows an administrator to manage multiple Wordpress sites from one control panel. According to the InfiniteWP homepage, it is used on over 317,000 Wordpress sites. The InfiniteWP Admin Panel contains a number of vulnerabilities that can be exploited by an unauthenticated remote attacker. These vulnerabilities allow taking over managed Wordpress sites by leaking secret InfiniteWP client keys, allow SQL injection, allow cracking of InfiniteWP admin
---------------------------------------------
http://seclists.org/fulldisclosure/2014/Dec/43
*** Bugtraq: Vulnerabilities in Ekahau Real-Time Location Tracking System [MZ-14-01] ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534241
*** [dos] - phpMyAdmin 4.0.x, 4.1.x, 4.2.x - DoS ***
---------------------------------------------
http://www.exploit-db.com/exploits/35539
*** Multiple vulnerabilities in BibTex Publications (si_bibtex) ***
---------------------------------------------
It has been discovered that the extension "BibTex Publications" (si_bibtex) is susceptible to Cross-Site Scripting and SQL Injection.
---------------------------------------------
http://www.typo3.org/news/article/multiple-vulnerabilities-in-bibtex-public…
*** Multiple vulnerabilities in Drag Drop Mass Upload (ameos_dragndropupload) ***
---------------------------------------------
It has been discovered that the extension "Drag Drop Mass Upload" (ameos_dragndropupload) is susceptible to Cross-Site Scripting, Cross-Site Request Forgery and Improper Access Control.
---------------------------------------------
http://www.typo3.org/news/article/improper-access-control-in-drag-drop-mass…
*** Security Advisory-SSLv3 POODLE Vulnerability in Huawei Products ***
---------------------------------------------
Dec 15, 2014 18:30
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
*** SEO Redirection <= 2.2 - Unauthenticated Stored XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7722
*** Lightbox Photo Gallery 1.0 - CSRF/XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7719
*** WP-FB-AutoConnect <= 4.0.5 - XSS/CSRF ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7721
*** Timed Popup <= 1.3 - CSRF & Stored XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7720
*** Bugtraq: CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional" ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534230
*** Bugtraq: CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional" ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534229
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 11-12-2014 18:00 − Freitag 12-12-2014 18:00
Handler: Alexander Riepl
Co-Handler: Otmar Lendl
*** Archie and Astrum: New Players in the Exploit Kit Market ***
---------------------------------------------
Thu, 11 Dec 2014 17:10:55 +0200
---------------------------------------------
https://www.f-secure.com/weblog/archives/00002776.html
*** Researcher: Lax Crossdomain Policy Puts Yahoo Mail At Risk ***
---------------------------------------------
A security researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that puts email content and contacts at risk.
---------------------------------------------
http://threatpost.com/researcher-lax-crossdomain-policy-puts-yahoo-mail-at-…
*** DSA-3098 graphviz - security update ***
---------------------------------------------
Joshua Rogers discovered a format string vulnerability in the yyerrorfunction in lib/cgraph/scan.l in Graphviz, a rich set of graph drawingtools. An attacker could use this flaw to cause graphviz to crash orpossibly execute arbitrary code.
---------------------------------------------
https://www.debian.org/security/2014/dsa-3098
*** ZDI-14-424: Honeywell OPOS Suite HWOPOSScale.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/8tlo_ZfI4BE/
*** ZDI-14-423: Honeywell OPOS Suite HWOPOSSCANNER.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/ZDVuupIJS6Q/
*** ZDI-14-422: ManageEngine NetFlow Analyzer CollectorConfInfoServlet COLLECTOR_ID Directory Traversal Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/sBfZBCsAKl4/
*** ZDI-14-421: ManageEngine Password Manager Pro UploadAccountActivities filename Directory Traversal Denial of Service Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of ManageEngine Password Manager Pro. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/agLsqjzz9u4/
*** ZDI-14-420: ManageEngine Desktop Central MSP NativeAppServlet UDID JSON Object Code Injection Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/YGf1aa88_QM/
*** Targeted Phishing Against GoDaddy Customers ***
---------------------------------------------
I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it's missing a name. When you get them from a bank you don't even deal with that's a pretty good clue. However, when the phishing is well doneRead More
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/uan3MNQ2J9g/targeted-phishing…
*** Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update B) ***
---------------------------------------------
This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02A Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS-CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-329-02B
*** Wire transfer spam spreads Upatre ***
---------------------------------------------
The Microsoft Malware Protection Center (MMPC) is currently monitoring a spam email campaign that is using a wire transfer claim to spread Trojan:Win32/Upatre. It is important to note that customers running up-to-date Microsoft security software are protected from this threat. Additionally, customers with Microsoft Active Protection Service Community (MAPS) enabled also benefit from our cloud protection service. Upatre typically uses spam email campaigns to spread and then downloads other
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-spam-sprea…
*** Digitaler Anschlag: Cyber-Attacke soll Ölpipeline zerstört haben ***
---------------------------------------------
Ein Cyber-Angriff soll 2008 die Explosion einer Ölpipeline in der Türkei verursacht haben, wie anonyme Quellen berichten. Es gibt dafür aber nur Indizien. (Cyberwar, Virus)
---------------------------------------------
http://www.golem.de/news/digitaler-anschlag-cyber-attacke-soll-oelpipeline-…
*** Cross-Signed Certificates Crashes Android ***
---------------------------------------------
We have discovered a vulnerability in Android that affects how cross-signed certificates are handled. No current Android release correctly handles these certificates, which are created when two certificates are signed with a looped certificate chain (certificate A signs certificate B; certificate B signs certificate A). We've already notified Google about this vulnerability, and there is no fix
Post from: Trendlabs Security Intelligence Blog - by Trend MicroCross-Signed
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/K85aQffE_W0/
*** Microsoft: Neues Zertifikats-Update, noch ein zurückgezogener Patch ***
---------------------------------------------
Microsoft hat ein neues Zertifikats-Update für Windows 7 und Server 2008 ausgeliefert, das die Update-Probleme beheben soll. In der Zwischenzeit musste allerdings der dritte Patch in wenigen Tagen zurückgezogen werden, da er Silverlight zerschossen hatte.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-Neues-Zertifikats-Update-noc…
*** Office für Mac 2011: Microsoft beseitigt kritische Schwachstelle ***
---------------------------------------------
Das Update für die OS-X-Version der Büro-Suite soll eine Sicherheitslücke in Word beseitigen, die das Einschleusen und Ausführen von Schadcode erlaubt. Auch ein kleineres Problem wird behoben.
---------------------------------------------
http://www.heise.de/security/meldung/Office-fuer-Mac-2011-Microsoft-beseiti…
*** Microsoft pulls Patch Tuesday fix - "Outlook can't connect to Exchange" ***
---------------------------------------------
Part of Patch Tuesday is now only partly available as Microsoft recalls its already-delayed Exchange 2010 update. Paul Ducklin takes a look...
---------------------------------------------
http://feedproxy.google.com/~r/nakedsecurity/~3/pyrMdTGYdYo/
*** DFN-CERT-2014-1647/">MantisBT: Mehrere Schwachstellen ermöglichen das Ausführen beliebigen Programmcodes ***
---------------------------------------------
12.12.2014
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2014-1647/
*** OphionLocker: Joining in the Ransomware Race ***
---------------------------------------------
Fri, 12 Dec 2014 16:32:35 +0200
---------------------------------------------
https://www.f-secure.com/weblog/archives/00002777.html
*** SSL-Lücke: Der POODLE beißt Windows Phone 7 ***
---------------------------------------------
Windows Phone 7 kann Mails nur mit dem uralten SSL-Protokoll Version 3 abholen. Das wird aber von vielen Mailservern wegen der POODLE-Lücke nicht mehr angeboten. Auf Abhilfe können Nutzer wohl nicht hoffen. (Windows Phone, E-Mail)
---------------------------------------------
http://www.golem.de/news/ssl-luecke-der-poodle-beisst-windows-phone-7-1412-…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 10-12-2014 18:00 − Donnerstag 11-12-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Critical vulnerability affecting HD FLV Player ***
---------------------------------------------
We've been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla!, WordPress and custom websites. It was silently patched on Joomla! and WordPress, leaving the custom website version vulnerable. Furthermore, websites ..
---------------------------------------------
http://blog.sucuri.net/2014/12/critical-vulnerability-in-joomla-hd-flv-play…
*** Underground black market: Thriving trade in stolen data, malware, and attack services ***
---------------------------------------------
The underground market is still booming after recent major data breaches. The price of stolen email accounts has dropped substantially, but the value of ..
---------------------------------------------
http://www.symantec.com/connect/blogs/underground-black-market-thriving-tra…
*** Odd new ssh scanning, possibly for D-Link devices, (Wed, Dec 10th) ***
---------------------------------------------
I noticed it in my own logs overnight and also had a couple of readers (both named Paul) report some odd new ssh scanning overnight. The scanning involves many sites, likely a botnet, attempting to ssh in as 3 users, D-Link, admin, ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19055
*** Microsoft Enables Removal of SSL 3.0 Fallback In IE ***
---------------------------------------------
Microsoft has given Windows admins the option to remove the SSL 3.0 fallback from Internet Explorer. By disabling SSL 3.0, IE is no longer vulnerable to POODLE attacks.
---------------------------------------------
http://threatpost.com/microsoft-enables-removal-of-ssl-3-0-fallback-in-ie/1…
*** FreeBSD Buffer Overflow in libc stdio Lets Local Users Deny Service or Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1031343
*** FreeBSD file(1) and libmagic(3) File Processing Flaws Let Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031344
*** WordPress Uninstall <= 1.1 - WordPress Deletion via CSRF ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7715
*** Mysterious Turla Linux backdoor also for Solaris? ***
---------------------------------------------
There has been numerous reports about the mysterious Linux backdoor connected to Turla, an APT family. The malware has some pretty interesting features, the most interesting being its ability to sniff the network interface. More specifically, it ..
---------------------------------------------
https://www.f-secure.com/weblog/archives/00002775.html
*** Regin ***
---------------------------------------------
Wir haben in der Woche ab dem 24. November 2014 zum Thema Regin regelmässige Status-Updates an die GovCERT Constituency (in unserer Rolle als GovCERT Austria), die potentiell betroffenen Sektoren (im Rahmen des ATC) und den CERT-Verbund verschickt.Dieser Blogpost stellt unsere Timeline ..
---------------------------------------------
http://www.cert.at/services/blog/20141211105745-1339.html
*** Patch-Debakel: Microsoft zieht erneut Update zurück ***
---------------------------------------------
Nach einem fehlerhaften Rollup-Update für Exchange musste Microsoft nun auch einen Patch für die Root-Zertifikate in Windows zurückziehen. Probleme mit Updates und Patches hatte Microsoft in letzter Zeit des öfteren.
---------------------------------------------
http://www.heise.de/security/meldung/Patch-Debakel-Microsoft-zieht-erneut-U…
*** Cyber-Spionage: Auf Roter Oktober folgt Cloud Atlas ***
---------------------------------------------
Eine neue Angriffswelle mit gezielten Attacken droht: Cloud Atlas soll die nächste digitale Spionagekampagne sein. Die Malware sei eine aktualisierte Variante von Roter Oktober, sagen IT-Sicherheitsexperten.
---------------------------------------------
http://www.golem.de/news/cyber-spionage-auf-roter-oktober-folgt-cloud-atlas…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 09-12-2014 18:00 − Mittwoch 10-12-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Adobe Security Bulletins Posted ***
---------------------------------------------
http://blogs.adobe.com/psirt/?p=1149
*** VMSA-2014-0013 ***
---------------------------------------------
VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability. VMware vCloud Automation Center has a remote privilege escalation vulnerability. This issue may allow an authenticated vCAC user to obtain administrative access to vCenter Server.
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0013.html
*** MS14-DEC - Microsoft Security Bulletin Summary for December 2014 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-DEC
*** Multiple vulnerabilities in SAP SQL Anywhere ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-415/http://www.zerodayinitiative.com/advisories/ZDI-14-414/http://www.zerodayinitiative.com/advisories/ZDI-14-413/http://www.zerodayinitiative.com/advisories/ZDI-14-412/
*** ZDI-14-411: Lexmark MarkVision Enterprise ReportDownloadServlet Information Disclosure Vulnerability ***
---------------------------------------------
The specific flaw exists within the ReportDownloadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. An attacker can leverage this vulnerability to read files under the context of SYSTEM.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-411/
*** ZDI-14-410: Lexmark MarkVision Enterprise GfdFileUploadServlet Remote Code Execution Vulnerability ***
---------------------------------------------
The specific flaw exists within the GfdFileUploadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. An attacker can leverage this vulnerability to write files under the context of SYSTEM and achieve remote code execution.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-410/
*** X Multiple Memory Corruption Flaws Let Remote Users Deny Service and Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1031326
*** Yokogawa FAST/TOOLS XML External Entity ***
---------------------------------------------
This advisory provides mitigation details for an XML external entity processing vulnerability in the Yokogawa FAST/TOOLS application.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-343-01
*** Trihedral VTScada Integer Overflow Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for an integer overflow vulnerability in Trihedral Engineering Ltd's VTScada application.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02
*** .Bank hires Symantec to check credentials ***
---------------------------------------------
Soon you might be able to trust that financial email The launch of new .bank domain names is one step closer with the announcement that Symantec has been chosen to act as the credentials verifier for the top-level domain ..
---------------------------------------------
http://www.theregister.co.uk/2014/12/10/bank_hires_symantec_to_check_creden…
*** Nach Hack: Sony-Sicherheitszertifikat zur Malware-Tarnung genutzt ***
---------------------------------------------
Es ist wohl der verheerendste Angriff auf die IT-Sicherheit eines Unternehmens, den es je gegeben hat. Seit Tagen tauchen immer neue interne Informationen aus dem Netzwerk von Sony Pictures auf. Neben bislang ..
---------------------------------------------
http://derstandard.at/2000009194439
*** Cloud Atlas: RedOctober APT is back in style ***
---------------------------------------------
Two years ago, we published our research into RedOctober, a complex cyber-espionage operation targeting diplomatic embassies worldwide. We named it RedOctober because we started this investigation in October 2012, an unusually hot month.
---------------------------------------------
http://securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-bac…
*** DFN-CERT-2014-1622: Red Hat Package Manager (RPM): Zwei Schwachstellen ermöglichen die Ausführung beliebiger Befehle ***
---------------------------------------------
Zwei Schwachstellen im Red Hat Package Manager (RPM) ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebiger Befehle während der Paketinstallation und damit die Übernahme des Systems. Die Schwachstelle ..
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2014-1622/
*** F5 BIG-IP SSLv3 Decoding Function Lets Remote Users Decrypt TLS Traffic ***
---------------------------------------------
A vulnerability was reported in F5 BIG-IP. A remote user can decrypt TLS sessions in certain cases. The system may accept incorrect TLS padding when terminating TLSv1 CBC connections. A remote user can with the ability to conduct a man-in-the-middle attack can force a client to use a vulnerable SSLv3 decoding function with TLS and then conduct a BEAST-style of attack to decrypt portions of the session.
---------------------------------------------
http://www.securitytracker.com/id/1031338
*** Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS ***
---------------------------------------------
An attacker could forge a request, which modifies anchor only links on the homepage of a TYPO3 installation in a way that they point to arbitrary domains, if the ..
---------------------------------------------
http://www.typo3.org/news/article/link-spoofing-and-cache-poisoning-vulnera…
*** Störungen bei 1&1-Webhosting wegen DDos-Attacke ***
---------------------------------------------
Weil das DNS-System von 1&1 angegriffen wird, sind sowohl Webhosting als auch Mail von 1&1 zeitweise nicht über Domains erreichbar.
---------------------------------------------
http://www.heise.de/security/meldung/Stoerungen-bei-1-1-Webhosting-wegen-DD…
*** Sony Pictures wurde vor Angriff auf IT-Infrastruktur angeblich erpresst ***
---------------------------------------------
Die Umstände des Hacker-Angriffs auf Sony Pictures werden immer verwirrender. Eine Geldforderung legt einen kriminellen Hintergrund nahe. Zugleich fordern die Hacker aber angeblich auch, die Nordkorea-Komödie "The Interview" zu stoppen.
---------------------------------------------
http://www.heise.de/security/meldung/Sony-Pictures-wurde-vor-Angriff-auf-IT…
*** X.ORG: Wieder Jahrzente alte Lücken im X-Server ***
---------------------------------------------
Der X-Server ist von 13 Sicherheitslücken betroffen, die sich auf verschiedene Implementierungen auswirken können. Die älteste reicht fast 30 Jahre in die erste Version von X11 zurück. Andeutungen auf die Fehler gab es bereits auf dem 30C3 vor einem Jahr.
---------------------------------------------
http://www.golem.de/news/x-org-wieder-jahrzente-alte-luecken-im-x-server-14…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 05-12-2014 18:00 − Dienstag 09-12-2014 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Advance Notification Service for the December 2014 Security Bulletin Release ***
---------------------------------------------
Today, we provide advance notification for the release of seven Security Bulletins. Three of these updates are rated Critical and four are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer (IE), Office and Exchange. As per our monthly process, we've scheduled the Security Bulletin release for the second Tuesday of the month, December 9, 2014, at approximately 10 a.m. PDT. Until then, please review the ANS summary page for more information to help...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/12/04/advance-notification-ser…
*** Leveraging the WordPress Platform for SPAM ***
---------------------------------------------
We've all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comments, comment spam isn't a major problem for most websites these days. I have seen however, a new trend starting to emerge when it comes to spam involving WordPress. In recent years...
---------------------------------------------
http://blog.sucuri.net/2014/12/leveraging-the-wordpress-platform-for-spam.h…
*** SSLv3: Kaspersky-Software hebelt Schutz vor Poodle-Lücke aus ***
---------------------------------------------
Das Paket Kaspersky Internet Security kann auch bei Browsern, die unsichere Verbindungen per SSLv3 nicht unterstützen, das veraltete Protokoll dennoch aktivieren. Patchen will das der Hersteller erst 2015, es gibt aber schon jetzt eine einfache Lösung.
---------------------------------------------
http://www.golem.de/news/sslv3-kaspersky-software-hebelt-schutz-vor-poodle-…
*** Sicherheitslücken: Java-Sandbox-Ausbrüche in Googles App Engine ***
---------------------------------------------
Ein Forscherteam hat diverse Möglichkeiten und Lücken gefunden, aus der Java-Sandbox von Googles App Engine auszubrechen. Dadurch seien sogar beliebige Systemaufrufe im darunter liegenden Betriebssystem möglich.
---------------------------------------------
http://www.golem.de/news/sicherheitsluecken-java-sandbox-ausbrueche-in-goog…
*** DNS-Server BIND, PowerDNS und Unbound droht Endlosschleife ***
---------------------------------------------
Eine Sicherheitslücke in den drei DNS-Servern kann dazu ausgenutzt werden, die Software lahmzulegen. Dazu muss ein Angreifer allerdings die Zonen manipulieren oder einen bösartigen DNS-Resolver einschleusen.
---------------------------------------------
http://www.heise.de/security/meldung/DNS-Server-BIND-PowerDNS-und-Unbound-d…
*** The Penquin Turla - A Turla/Snake/Uroburos Malware for Linux ***
---------------------------------------------
So far, every single Turla sample weve encountered was designed for the Microsoft Windows family, 32 and 64 bit operating systems. The newly discovered Turla sample is unusual in the fact that its the first Turla sample targeting the Linux operating system that we have discovered.
---------------------------------------------
https://securelist.com/blog/research/67962/the-penquin-turla-2/
*** Setting Up Your Gadgets Securely ***
---------------------------------------------
I'm sure that many of us will take home brand new iPhones and Android devices and set it up just the way we want our personal devices to be. We should take a minute to remember, however, that because these devices are so personal to us, the damage a hacked smartphone can do to is significant. Imagine what would happen if a hacker stole your personal data. We don't have to imagine, however, as this has happened to many users in 2014. At the very least, this is embarrassing to the user...
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/setting-up-your-…
*** Social Engineering improvements keep Rogues/FakeAV a viable scam ***
---------------------------------------------
The threat landscape has been accustomed to rogues for a while now. They've been rampant for the past few years and there likely isn't any end in sight to this scam. These aren't complex pieces of malware by any means and typically don't fool the average experienced user, but that's because they're aimed at the inexperienced user. We're going to take a look at some of the improvements seen recently in the latest round of FakeAVs that lead to their success.
---------------------------------------------
http://www.webroot.com/blog/2014/12/05/social-engineering-improvements-keep…
*** MediaWiki unspecified cross-site request forgery ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/99151
*** MediaWiki unspecified code execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/99152
*** [Xen-announce] Xen Security Advisory 114 (CVE-2014-9065, CVE-2014-9066) - p2m lock starvation ***
---------------------------------------------
http://lists.xen.org/archives/html/xen-announce/2014-12/msg00001.html
*** [TYPO3-announce] Announcing TYPO3 CMS 6.2.8 LTS ***
---------------------------------------------
The TYPO3 Community has just released TYPO3 CMS version 6.2.8 LTS,
which is now ready for you to download. This version is maintenance releases and contains bug fixes. The packages can be downloaded here: http://typo3.org/download/
---------------------------------------------
http://typo3.org/news/article/typo3-cms-628-released/
*** Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin) ***
---------------------------------------------
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting, Denial of Service and Local File Inclusion.
---------------------------------------------
http://www.typo3.org/news/article/multiple-vulnerabilities-in-extension-php…