Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - Freitag 5-12-2014
by Daily end-of-shift report 05 Dec '14

05 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-12-2014 18:00 − Freitag 05-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** MS14-DEC - Microsoft Security Bulletin Advance Notification for December 2014 - Version: 1.0 *** --------------------------------------------- This is an advance notification of security bulletins that Microsoft is intending to release on December 9, 2014. This bulletin advance notification will be replaced with the December bulletin summary on December 9, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-DEC *** Missing Exchange Patch Expected Among December Patch Tuesday Bulletins *** --------------------------------------------- Microsofts December 2014 advanced Patch Tuesday notification includes three critical bulletins and a missing Exchange patch originally scheduled for November. --------------------------------------------- http://threatpost.com/missing-exchange-patch-expected-among-december-patch-… *** Details Emerge on Sony Wiper Malware Destover *** --------------------------------------------- Kaspersky Lab has published an analysis of Destover, the wiper malware used in the attacks against Sony Pictures Entertainment, and its similarities to Shamoon and DarkSeoul. --------------------------------------------- http://threatpost.com/details-emerge-on-sony-wiper-malware-destover/109727 *** Upcoming Security Updates for Adobe Reader and Acrobat (APSB14-28) *** --------------------------------------------- December 4, 2014 --------------------------------------------- http://blogs.adobe.com/psirt/?p=1147 *** Upcoming Adobe Reader, Acrobat Update to Patch Sandbox Escape *** --------------------------------------------- Adobe announced security updates for Reader and Acrobat that likely include patches for a sandbox escape vulnerability. Googles Project Zero released details and exploit code earlier this week. --------------------------------------------- http://threatpost.com/upcoming-adobe-reader-acrobat-update-to-patch-sandbox… *** Weekly Metasploit Wrapup: On Unicorns and Wizards *** --------------------------------------------- This week, we shipped a brand new exploit for the "unicorn" bug in Microsoft Internet Explorer, CVE-2014-6332, not-so-prosaically entitled, Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution. This is a big deal client-side vulnerability for the usual reason that Internet Explorer 11 accounts for about a quarter of browser traffic today; nearly always, remote code execution bugs in latest IE are usually particularly dangerous to leave unpatched in your environment. The buzz around this bug, though, is that it's been exploitable... --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/12/04/weekly-me… *** Schwachstelle: Yosemite schreibt Firefox-Eingaben mit *** --------------------------------------------- Unter Mac OS X 10.10 werden sämtliche Eingaben im Browser Firefox protokolliert. Mozilla spricht von einer schweren Schwachstelle, die in der aktuellen Version des Browsers geschlossen ist. Die Protokolldateien sind allgemein zugänglich und sollten gelöscht werden. --------------------------------------------- http://www.golem.de/news/schwachstelle-yosemite-schreibt-firefox-eingaben-m… *** Demo-Exploit für kritische Kerberos-Lücke in Windows Server *** --------------------------------------------- Höchste Zeit zu patchen: Mit dem Python Kerberos Exploitation Kit können sich Angreifer sonst zum Enterprise-Admin machen. --------------------------------------------- http://www.heise.de/security/meldung/Demo-Exploit-fuer-kritische-Kerberos-L… *** ZDI-14-403: (0Day) Microsoft Internet Explorer display:run-in Use-After-Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-403/ *** ZDI: (0Day) 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 multiple Vulnerabilities *** --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-393 http://www.zerodayinitiative.com/advisories/ZDI-14-394 http://www.zerodayinitiative.com/advisories/ZDI-14-395 http://www.zerodayinitiative.com/advisories/ZDI-14-396 http://www.zerodayinitiative.com/advisories/ZDI-14-397 *** DSA-3090 iceweasel - security update *** --------------------------------------------- Multiple security issues have been found in Iceweasel, Debians versionof the Mozilla Firefox web browser: Multiple memory safety errors, bufferoverflows, use-after-frees and other implementation errors may lead tothe execution of arbitrary code, the bypass of security restrictions ordenial of service. --------------------------------------------- https://www.debian.org/security/2014/dsa-3090 *** Security Advisory: libxml2 vulnerability CVE-2014-3660 *** --------------------------------------------- (SOL15872) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15872.htm… *** Novell Patches and Security Updates *** --------------------------------------------- https://download.novell.com/Download?buildid=gV_oiDtqRV0~ https://download.novell.com/Download?buildid=vPrLP1Ai9zY~ https://download.novell.com/Download?buildid=GuVaYIx6DDo~ https://download.novell.com/Download?buildid=lHQCbRDbSMI~ https://download.novell.com/Download?buildid=Tlic28DXD3o~ https://download.novell.com/Download?buildid=zhVqTr2nsdg~ *** MediaWiki Bugs Permit Cross-Site Request Forgery and API Code Injection Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1031301 *** Security Advisories for VMware vSphere *** --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0012.html http://www.vmware.com/security/advisories/VMSA-2014-0008.html http://www.vmware.com/security/advisories/VMSA-2014-0002.html *** HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Insight Remote Support Clients running SSLv3 which may impact WBEM, WS-MAN and WMI connections from monitored devices to a HP Insight Remote Support Central Management Server (CMS). --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… Next End-of-Shift report on 2014-12-09

1 0

Tageszusammenfassung - Donnerstag 4-12-2014
by Daily end-of-shift report 04 Dec '14

04 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-12-2014 18:00 − Donnerstag 04-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** An Analysis of the "Destructive" Malware Behind FBI Warnings *** --------------------------------------------- TrendLabs engineers were recently able to obtain a malware sample of the "destructive malware" described in reports about the Federal Bureau of Investigation (FBI) warning to U.S. businesses last December 2. According to Reuters, the FBI issued a warning to businesses to remain vigilant against this new "destructive" malware in the wake of the recent Sony Pictures... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ZsHCPcPYoQk/ *** Sony Got Hacked Hard: What We Know and Don't Know So Far *** --------------------------------------------- A week into the Sony hack, however, there is a lot of rampant speculation but few solid facts. Here's a look at what we do and don't know about what's turning out to be the biggest hack of the year. --------------------------------------------- http://feeds.wired.com/c/35185/f/661467/s/41179d61/sc/28/l/0L0Swired0N0C20A… *** Automating Incident data collection with Python, (Thu, Dec 4th) *** --------------------------------------------- One of my favorite Python modules isImpacketby the guys at Core Labs. Among other things it allows me to create Python scripts that can speak to Windows computers over SMB. I can use it to map network drives, kill processes on a remote machine and much more. During an incident having the ability to reach out to allthe machines in your environment to list or kill processes is very useful. Python andImpacketmake this very easy. Check it out. After installing Impacketall of the awesome modules are... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19025&rss *** Escaping the Internet Explorer Sandbox: Analyzing CVE-2014-6349 *** --------------------------------------------- Applications that have been frequently targeted by exploits frequently add sandboxes to their features in order to harden their defenses against these attacks. To carry out a successful exploit, an attacker will have to breach these sandboxes to run malicious code. As a result, researchers will pay particular attention to exploits that are able to... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OnnBY6zHrlw/ *** Android Hacking and Security, Part 15: Hacking Android Apps Using Backup Techniques *** --------------------------------------------- In the previous article, we had an introduction on how to analyze Android application specific data using Android backup techniques. This article builds on the previous article. We are going to see how local data storage or basic checks that are performed on a local device can be exploited on... --------------------------------------------- http://resources.infosecinstitute.com/android-hacking-security-part-15-hack… *** WebSocket Security Issues *** --------------------------------------------- Overview In this article, we will dive into the concept of WebSocket introduced in HTML 5, security issues around the WebSocket model, and the best practices that should be adopted to address security issues around WebSocket. Before going straight to security, let's refresh our concepts on WebSocket. Why Websocket and... --------------------------------------------- http://resources.infosecinstitute.com/websocket-security-issues/ *** Avoiding Mod Security False Positives with White-listing *** --------------------------------------------- We have already discussed in my previous articles how to configure Mod Security Firewall with OWASP rules and also analysed the different types of logs which Mod Security generates. While analysing the logs, we have seen that the OWASP rules generate a lot of false positive results, as these rules [...]The post Avoiding Mod Security False Positives with White-listing appeared first on InfoSec Institute. --------------------------------------------- http://resources.infosecinstitute.com/avoiding-mod-security-false-positives… *** Apple veröffentlicht Updates für Safari-Browser - und zieht sie wieder zurück *** --------------------------------------------- Laut Apple soll Safari 8.0.1 unter anderem Fehler im Zusammenhang mit iCloud-Diensten beheben. Gleichzeitig wurden Safari 6.2.1 und 7.1.1 für ältere OS-X-Versionen veröffentlicht. Apple hat die Updates allerdings kommentarlos offline genommen. --------------------------------------------- http://www.heise.de/security/meldung/Apple-veroeffentlicht-Updates-fuer-Saf… *** Quantum Attack on Public-Key Algorithm *** --------------------------------------------- This talk (and paper) describe a lattice-based public-key algorithm called Soliloquy developed by GCHQ, and a quantum-computer attack on it. News article.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/12/quantum_attack_.html *** The TYPO3 community publishes TYPO3 CMS 7.0 *** --------------------------------------------- Following our new release cycle, TYPO3 CMS 7.0 is the first sprint release on our way towards the final 7 LTS which will be released in fall 2015. 7.0 will not receive regular bugfix releases, an upgrade to 7.1 should be installed after its release in around 8 weeks instead - see our roadmap for more details. --------------------------------------------- https://typo3.org/news/article/the-typo3-community-publishes-typo3-cms-70-a… *** Cisco Unified Computing System (UCS) Manager Information Disclosure Vulnerability *** --------------------------------------------- CVE-2014-8009 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** SA-CONTRIB-2014-117 - Hierarchical Select - Cross Site Scripting (XSS) *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-117Project: Hierarchical Select (third-party module)Version: 6.xDate: 2014-December-03Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:All/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingDescriptionThe Hierarchical Select module provides a "hierarchical_select" form element, which is a greatly enhanced way for letting the user select items in a taxonomy. The module does not sanitize some of the user-supplied data... --------------------------------------------- https://www.drupal.org/node/2386615 *** SA-CONTRIB-2014-116 -Webform Invitation - Cross Site Scripting *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-116Project: Webform Invitation (third-party module)Version: 7.xDate: 2014-December-03Security risk: 8/25 ( Less Critical) AC:Basic/A:User/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionThis module enables you to create custom invitation codes for Webforms.The module failed to sanitize node titles.This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Webform: Create new... --------------------------------------------- https://www.drupal.org/node/2386387 *** Security Advisory - High Severity - WordPress Download Manager *** --------------------------------------------- Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote File Inclusion Risk Version: Read More --------------------------------------------- http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-do… *** Security Advisory-DLL Hijacking Vulnerability on Huawei USB Modem products *** --------------------------------------------- Dec 04, 2014 18:26 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** DSA-3086 tcpdump - security update *** --------------------------------------------- Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service, leaking sensitive information from memory or, potentially, execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2014/dsa-3086 *** DSA-3089 jasper - security update *** --------------------------------------------- Josh Duart of the Google Security Team discovered heap-based bufferoverflow flaws in JasPer, a library for manipulating JPEG-2000 files,which could lead to denial of service (application crash) or theexecution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2014/dsa-3089 *** DSA-3088 qemu-kvm - security update *** --------------------------------------------- Paolo Bonzini of Red Hat discovered that the blit region checks wereinsufficient in the Cirrus VGA emulator in qemu-kvm, a fullvirtualization solution on x86 hardware. A privileged guest user coulduse this flaw to write into qemu address space on the host, potentiallyescalating their privileges to those of the qemu host process. --------------------------------------------- https://www.debian.org/security/2014/dsa-3088 *** DSA-3087 qemu - security update *** --------------------------------------------- Paolo Bonzini of Red Hat discovered that the blit region checks wereinsufficient in the Cirrus VGA emulator in qemu, a fast processoremulator. A privileged guest user could use this flaw to write into qemuaddress space on the host, potentially escalating their privileges tothose of the qemu host process. --------------------------------------------- https://www.debian.org/security/2014/dsa-3087 *** GNU cpio Heap Overflow in process_copy_in() Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031285

1 0

Tageszusammenfassung - Mittwoch 3-12-2014
by Daily end-of-shift report 03 Dec '14

03 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-12-2014 18:00 − Mittwoch 03-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Shodan Add-on for Firefox *** --------------------------------------------- It's now possible to see what information Shodan has available on a server from within Firefox thanks to the new Shodan add-on created by @PaulWebSec and @romainletendart! It's a minimalistic yet powerful add-on to see what the website you're visiting is exposing to the Internet. And the add-on will also tell you other information about the IP,... --------------------------------------------- http://shodanio.wordpress.com/2014/12/02/shodan-add-on-for-firefox/ *** Böse Schlüssel werden zum Problem für GnuPG *** --------------------------------------------- Ein Forscherteam hat demonstriert, wie einfach sich die IDs zu GnuPG-Schlüsseln fälschen lassen und kurzerhand böse Duplikate des kompletten Strong-Sets erzeugt. Das umfasst rund 50.000 besonders eng vernetzte und vertrauenswürdige Schlüssel. --------------------------------------------- http://www.heise.de/security/meldung/Boese-Schluessel-werden-zum-Problem-fu… *** IBM Fixes Serious Code Execution Bug in Endpoint Manager Product *** --------------------------------------------- IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered it said the bug could be used to compromise not... --------------------------------------------- http://threatpost.com/ibm-fixes-serious-code-execution-bug-in-endpoint-mana… *** An interesting case of the CVE-2014-8439 exploit *** --------------------------------------------- We have recently seen an exploit targeting the Adobe Flash Player vulnerability CVE-2014-8439 (we detect it as Exploit:SWF/Axpergle). This exploit is being integrated into multiple exploit kits, including the Nuclear exploit kit (Exploit:JS/Neclu) and the Angler exploit kit (Exploit:JS/Axpergle). Adobe released a patch in November to address this exploit (APSB14-26). Coincidentally, our investigation shows that Adobe released a patch to address a different exploit and that patch appears to... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/12/02/an-interesting-case-of-t… *** Keeping Your Website Safe From WordPress's XSS Vulnerability *** --------------------------------------------- Last month, a Finnish IT company by the name of Klikki Oy identified a critical vulnerability in WordPress - one which has been present in the platform for approximately four years. It allows attackers to enter comments which include malicious JavaScript. Once the script in these comments is executed, the attacker could then do anything from infecting the PCs of visitors to completely hijacking the website; locking the original administrator out of their account. --------------------------------------------- http://www.ahosting.net/blog/keeping-your-website-safe-from-wordpresss-xss-… *** A Physical Security Policy Can Save Your Company Thousands of Dollars *** --------------------------------------------- Investments in cybersecurity and physical security are proportionally connected to your organization's improved financial picture for a long-term perspective. Our digital lives are getting smaller as technology simplifies our communications, but cyber attacks are also prevalent. While the Internet radically changes the way organizations operate globally, from handling sensitive data to offshore outsourcing of IT architecture, the payoffs of security are significant and can't be... --------------------------------------------- http://resources.infosecinstitute.com/physical-security-policy-can-save-com… *** Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment *** --------------------------------------------- The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test. --------------------------------------------- http://hack-tools.blackploit.com/2014/12/samurai-web-testing-framework-30-l… *** New LusyPOS malware is a cross between Dexter and Chewbacca *** --------------------------------------------- A new piece of Point-of-Sale RAM scraping malware has been submitted to VirusTotal and analyzed by researchers, who found that its a cross between two older and different POS malware families and is offered for sale on underground markets for $2,000. --------------------------------------------- http://www.net-security.org/malware_news.php?id=2926 *** The Future of Auditory Surveillance *** --------------------------------------------- Interesting essay on the future of speech recognition, microphone miniaturization, and the future ubiquity of auditory surveillance.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/12/the_future_of_a.html *** DSA-3084 openvpn *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3084 *** Bugtraq: ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/534135 *** Bugtraq: ESA-2014-160: RSA Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/534136 *** F5 Security Advisories *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/100/sol15147.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/100/sol15158.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/300/sol15329.htm… *** Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-14-329-02 Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published November 25, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for two vulnerabilities within products utilizing the Siemens WinCC application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-14-329-02A *** Elipse SCADA DNP3 Denial of Service *** --------------------------------------------- Independent researchers Adam Crain and Chris Sistrunk have identified a DNP3 denial of service vulnerability in the Elipse SCADA application. Elipse has produced a new version of the DNP3 driver that mitigates this vulnerability. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-14-303-02 *** Emerson ROC800 Multiple Vulnerabilities (Update A) *** --------------------------------------------- This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson Process Management's ROC800 remote terminal units (RTUs) products (ROC800, ROC800L, and DL8000). --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A *** Yokogawa CENTUM and Exaopc Vulnerability (Update A) *** --------------------------------------------- Tod Beardsley of Rapid7 Inc. and Jim Denaro of CipherLaw have identified an authentication vulnerability and released proof-of-concept (exploit) code for the Yokogawa CENTUM CS 3000 series and Exaopc products. JPCERT and Yokogawa have mitigated this vulnerability. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A *** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_powerkvm_2_issues… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Dienstag 2-12-2014
by Daily end-of-shift report 02 Dec '14

02 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 01-12-2014 18:00 − Dienstag 02-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Researcher Releases Database of Known-Good ICS and SCADA Files *** --------------------------------------------- A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones. The database, known as WhiteScope, comprises nearly 350,000 files, including executables and DLLs,... --------------------------------------------- http://threatpost.com/researcher-releases-database-of-known-good-ics-and-sc… *** CVE-2014-1824 - A New Windows Fuzzing Target *** --------------------------------------------- As time progresses, due to constant fuzzing and auditing many common Microsoft products are becoming reasonably hard targets to fuzz and find interesting crashes. There are two solutions to this: write a better fuzzer (http://lcamtuf.coredump.cx/afl/) or pick a less audited target. In a search for less audited attack surface, we are brought to MS14-038, Vulnerability... --------------------------------------------- http://blog.beyondtrust.com/cve-2014-1824-searching-for-windows-attack-surf… *** Kritische Lücke legt OpenVPN-Server lahm *** --------------------------------------------- Wer einen OpenVPN-Server betreibt, sollte diesen umgehend auf den aktuellen Stand bringen. Durch eine Schwachstelle können Angreifer dessen Erreichbarkeit erheblich beeinträchtigen. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Luecke-legt-OpenVPN-Server-l… *** Operation DeathClick *** --------------------------------------------- The era of spear phishing and the waterhole attack, which uses social engineering, has come to an end. Hackers are now moving their tricky brains towards targeted Malvertising - a type of attack that uses online advertising to spread malware. A recent campaign termed "Operation death click" displays a new form of cyber-attack focused on specific targets. The attack is also defined as micro targeted malvertising. In this newly targeted variation of malvertising, the hackers are --------------------------------------------- http://resources.infosecinstitute.com/operation-deathclick/ *** 3Q 2014 Security Roundup: Vulnerabilities Under Attack *** --------------------------------------------- Our report on the threats seen in 3Q 2014 shows us that once again, software vulnerabilities are the most favored cybercriminal targets. Following the second quarter's infamous Heartbleed vulnerability came another serious vulnerability in open-source software: Shellshock. Having gone unnoticed for years, the Shellshock incident suggests that there might be more vulnerabilities in Bash or in... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4qiLKTUdqhM/ *** Betrügerische E-Mails im Namen des Finanzministeriums in Umlauf *** --------------------------------------------- Täuschend echte Phishing-Masken in Design von FinanzOnline --------------------------------------------- http://derstandard.at/2000008913504 *** JSA10607 - 2014-01 Security Bulletin: Junos: Memory-consumption DoS attack possible when xnm-ssl or xnm-clear-text service enabled (CVE-2014-0613) *** --------------------------------------------- Product Affected: This issue can affect any product or platform running Junos OS. Problem: When xnm-ssl or xnm-clear-text is enabled within the [edit system services] hierarchy level of the Junos configuration, an unauthenticated, remote user could exploit the XNM command processor to consume excessive amounts of memory. This, in turn, could lead to system instability or other performance issues. --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10607 *** Security advisory - High severity - InfiniteWP Client WordPress plugin *** --------------------------------------------- Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation and potential Object Injection vulnerability. Patched Version: 1.3.8 If you're using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of our Website FirewallRead More --------------------------------------------- http://blog.sucuri.net/2014/12/security-advisory-high-severity-infinitewp-c… *** Security Bulletin: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management (CVE-2014-6140) *** --------------------------------------------- A vulnerability exists in IBM Endpoint Manager Mobile Device Management component, where an attacker could misuse cookies to execute arbitrary code. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21691701 *** Security Advisory: PHP vulnerability CVE-2013-2110 *** --------------------------------------------- (SOL15876) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15876.htm… *** Security Advisory: SOAP parser vulnerability CVE-2013-1824 *** --------------------------------------------- (SOL15879) --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15879.htm… *** Yokogawa FAST/TOOLS XML information disclosure *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/99018 *** EntryPass N5200 Credential Disclosure *** --------------------------------------------- Topic: EntryPass N5200 Credential Disclosure Risk: Low Text:Advisory: EntryPass N5200 Credentials Disclosure EntryPass N5200 Active Network Control Panels allow the unauthenticated do... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120010 *** 1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting *** --------------------------------------------- Topic: 1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting Risk: Low Text: # # # SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security # # # # CVE ID: ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014120009 *** Security Advisory-Multiple Vulnerabilities on Huawei P2 product *** --------------------------------------------- Dec 02, 2014 15:22 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…

1 0

Tageszusammenfassung - Montag 1-12-2014
by Daily end-of-shift report 01 Dec '14

01 Dec '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 28-11-2014 18:00 − Montag 01-12-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** [Update] (Keine) Sicherheitsheitslücke in Ciscos H.264-Modul für Firefox *** --------------------------------------------- Cisco hat eine Sicherheitswarnung wegen seines jüngst für Firefox bereitgestellten Video-Codecs herausgegeben. [update]Allerdings soll dies nicht die im aktuellen Webbrowser verwendete Version betreffen.[/update] --------------------------------------------- http://www.heise.de/security/meldung/Update-Keine-Sicherheitsheitsluecke-in… *** EVIL researchers dupe EVERY 32 bit GPG print *** --------------------------------------------- Keys fall in four seconds Researchers have found collision attacks for 32 bit GPG keys leaving the superseded technology well and truly dead. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/12/01/evil_resear… *** Critical denial of service vulnerability in OpenVPN servers *** --------------------------------------------- A critical denial of service security vulnerability affecting OpenVPN servers was recently brought to our attention. A fixed version of OpenVPN (2.3.6) will be released today/tomorrow (1st Dec 2014) at around 18:00 UTC. --------------------------------------------- https://forums.openvpn.net/topic17625.html *** FIN4: Stealing Insider Information for an Advantage in Stock Trading? *** --------------------------------------------- FireEye tracks a threat group that we call “FIN4,” whose intrusions seem to have a different objective: to obtain an edge in stock trading. FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies. The group specifically targets the emails of C-level executives, legal counsel, regulatory, risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information. --------------------------------------------- https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.ht… *** ENISA survey: New Directions in securing personal Data *** --------------------------------------------- Under the growing interest in the areas of personal data protection and cryptography, ENISA has launched a project with the objective to detect the existing technological gaps in the fields. --------------------------------------------- http://www.enisa.europa.eu/media/news-items/enisa-survey-new-directions-in-… *** Flushing out the Crypto Rats - Finding "Bad Encryption" on your Network, (Mon, Dec 1st) *** --------------------------------------------- Just when folks get around to implementing SSL, we need to retire SSL! Not a week goes buy that a client isnt asking me about SSL (or more usually TLS) vulnerabilities or finding issue son their network. In a recent case, my client had just finished a datacenter / PCI audit, and had one of his servers come up as using SSL 2.0, which of course has been deprecated since 1996 - the auditors recommendation was to update to SSL 3.0 (bad recommendation, keep reading on). When he then updated to SSL... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19009&rss *** AGbot DDoS Attacks Internet VNC Servers *** --------------------------------------------- Last week, our FortiGuard Labs Threat Intelligence system was able to capture a DDoS attack targeting internet VNC servers. The attack was raised by a brand new IrcBot, which we are detecting as W32/AGbot.AB!tr. Let's now dig into the details of this attack. --------------------------------------------- http://blog.fortinet.com/post/agbot-ddos-attacks-internet-vnc-servers *** Researchers identify POS malware targeting ticket machines, electronic kiosks *** --------------------------------------------- Electronic kiosks and ticketing systems are being targeted by a new type of point-of-sale (POS) threat known as "d4re|dev1|," which acts as an advanced backdoor with remote administration and has RAM scraping and keylogging features, according to IntelCrawler. --------------------------------------------- http://www.scmagazine.com/researchers-identify-pos-malware-targeting-ticket… *** Early version of new POS malware family spotted *** --------------------------------------------- A security researcher came across what appears to be a new family of point-of-sale malware that few antivirus programs were detecting. Nick Hoffman, a reverse engineer, wrote the Getmypass malware shares traits that are similar to other so-called RAM scrapers, which collect unencrypted payment card data held in a payment system's memory. --------------------------------------------- http://www.cio.com/article/2853274/early-version-of-new-pos-malware-family-… *** Sandbox Escape Bug in Adobe Reader Disclosed *** --------------------------------------------- Details and exploit code for a vulnerability in Adobe Reader have surfaced and the bug can be used to break out of the Reader sandbox and execute arbitrary code. The bug was discovered earlier this year by a member of Google's Project Zero and reported to Adobe, which made a change to Reader that made it... --------------------------------------------- http://threatpost.com/sandbox-escape-bug-in-adobe-reader-disclosed/109637 *** Using Shodan from the Command-Line *** --------------------------------------------- Have you ever needed to write a quick script to download data from Shodan? Or setup a cronjob to check what Shodan found on your network recently? How about getting a list of IPs out of the Shodan API? For the times where you'd like to have easy script-friendly access to Shodan there's now a new command-line tool appropriately called shodan. --------------------------------------------- http://shodanio.wordpress.com/2014/12/01/using-shodan-from-the-command-line/ *** l+f: Türsteuerung mit Hintertür *** --------------------------------------------- Beim Türsteuerungsmodul Entrypass N5200 ist der Name Programm: Rein kommt jeder - zumindest wenn er nicht durch die Tür sondern übers Netz kommt. --------------------------------------------- http://www.heise.de/security/meldung/l-f-Tuersteuerung-mit-Hintertuer-24700… *** Dridex Phishing Campaign uses Malicious Word Documents, (Mon, Dec 1st) *** --------------------------------------------- This is a guest diary submitted by Brad Duncan. During the past few months, Botnet-based campaigns have sent waves of phishing emails associated with Dridex. Today, well examine a wave that occurred approximately 3 weeks ago. The emails contained malicious Word documents, and with macros enabled, these documents infected Windows computers with Dridex malware. Various people have posted about Dridex [1] [2], and some sites like Dynamoos blog [3] and TechHelpList [4] often report on these and --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19011&rss *** Malware: Gefälschte Telekom-Rechnungen mit vollständigen Kundennamen *** --------------------------------------------- Die seit November 2014 kursierenden Mails mit Malware in Form von Dateianhängen an vermeintlichen Rechnungen der Telekom haben eine neue Qualität erreicht. Die Empfänger werden darin nun mit ihrem Vor- und Nachnamen angesprochen. --------------------------------------------- http://www.golem.de/news/malware-gefaelschte-telekom-rechnungen-mit-vollsta… *** Clubbing Seals - Exploring the Ecosystem of Third-party Security Seals *** --------------------------------------------- Is this website secure? Well, it just contains statically generated content and holds no personal information, so most likely it is. But how would you be able to tell whether it actually is secure? This problem is exactly what security seal providers are trying to tackle. These seal providers offer a service which allows website owners to show their customers that their website is secure, and therefore safe to use. This works as follows:... --------------------------------------------- https://vagosec.org/2014/11/clubbing-seals/ *** Raiffeisen warnt vor Trojaner beim Online-Banking *** --------------------------------------------- Keine "Test-Überweisungen" durchführen --------------------------------------------- http://derstandard.at/2000008856256 *** DSA-3081 libvncserver *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3081 *** DSA-3080 openjdk-7 *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3080 *** DSA-3083 mutt *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3083 *** DSA-3082 flac *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3082 *** Security Notice-Statement on Multiple Vulnerabilities in Huawei P2 Smartphone *** --------------------------------------------- Nov 29, 2014 17:47 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** Vuln: LibYAML and Perl YAML-LibYAML Module scanner.c Remote Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/71349 *** Bugtraq: CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 *** --------------------------------------------- http://www.securityfocus.com/archive/1/534124

1 0

Tageszusammenfassung - Freitag 28-11-2014
by Daily end-of-shift report 28 Nov '14

28 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-11-2014 18:00 − Freitag 28-11-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Syrian Electronic Army attack leads to malvertising, (Thu, Nov 27th) *** --------------------------------------------- A number of online services were impacted by what has been referred to by multiple sources as a redirection attack by Syrian Electronic Army (SEA) emanating from the Gigya CDN. Gigya explained the issue as follows: Gigya explained that earlier today at 06:45 EST, it noticed sporadic failures with access to our service. The organization than found a breach at its domain registrar, with the hackers modifying DNS entries and pointing them away from Gigyas CDN domain, instead redirecting to their... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19001&rss *** Worlds best threat detection pwned by HOBBIT *** --------------------------------------------- Forget nation-states, BAB0 is the stuff of savvy crims Some of the worlds best threat detection platforms have been bypassed by custom malware in a demonstration of the fallibility of single defence security. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/11/28/malware_cru… *** ENISA publishes the first framework on how to evaluate National Cyber Security Strategies *** --------------------------------------------- ENISA issues today an Evaluation Framework on National Cyber Security Strategies (NCSS) addressed to policy experts and government officials who design, implement and evaluate an NCSS policy. This work is strongly aligned with the EU Cyber Security Strategy (EU CSS) and aims to assist Member States in developing capabilities in the area of NCSS. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/enisa-publishes-the-first-f… *** CryptoPHP: Hinterlistiger Schadcode hat zehntausende Server infiziert *** --------------------------------------------- Der Schädling versteckt sich in raubkopierten Themes und Plug-ins für die Content-Management-Systeme Drupal, WordPress und Joomla. Einmal infiziert, wird der Server Teil eines Botnetzes, das Such-Rankings manipuliert. Zum Schaden der eigenen Seite. --------------------------------------------- http://www.heise.de/newsticker/meldung/CryptoPHP-Hinterlistiger-Schadcode-h… *** Kritische Updates für Siemens-Industriesteuerungen *** --------------------------------------------- Ein Update soll kritisches Sicherheitslücken in der Software Simatic WinCC schließen, die als Kontrollzentrum für die Überwachung und Steuerung industrieller Anlagen zum Einsatz kommt. Allerdings gibt es das Update noch nicht für alle Versionen. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Updates-fuer-Siemens-Industr… *** Economic Failures of HTTPS Encryption *** --------------------------------------------- Interesting paper: "Security Collapse of the HTTPS Market." From the conclusion: Recent breaches at CAs have exposed several systemic vulnerabilities and market failures inherent in the current HTTPS authentication model: the security of the entire ecosystem suffers if any of the hundreds of CAs is compromised (weakest link); browsers are unable to revoke trust in major CAs ("too big to... --------------------------------------------- https://www.schneier.com/blog/archives/2014/11/economic_failur.html *** Fehler in H.264-Plugin könnte Firefox-Nutzer betreffen *** --------------------------------------------- [...] In dem dazugehörigen Bugreport bei Mozilla schreibt der Cisco-Angestellte Ethan Hugg, dass der Fehler in keiner Version des bisher für Firefox bereitgestellten OpenH.264-Moduls vorhanden ist. Noch führen die Mozilla-Hacker den Fehler allerdings nicht als offiziell behoben. Nachtrag vom 28. November 2014, 13:10 Uhr Laut Cisco sind Firefox-Nutzer nicht betroffen, wir haben den Artikel entsprechend angepasst. --------------------------------------------- http://www.golem.de/news/cisco-fehler-in-h-264-plugin-betrifft-alle-firefox… *** Bugtraq: Defense in depth -- the Microsoft way (part 22): no DEP in Windows filesystem (and ASLR barely used) *** --------------------------------------------- http://www.securityfocus.com/archive/1/534109

1 0

Tageszusammenfassung - Donnerstag 27-11-2014
by Daily end-of-shift report 27 Nov '14

27 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 26-11-2014 18:00 − Donnerstag 27-11-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** New anti-APT tools are no silver bullets: An independent test of APT attack detection appliances *** --------------------------------------------- New anti-APT tools are no silver bullets: An independent test of APT attack detection appliances CrySyS Lab, BME http://www.crysys.hu/ MRG-Effitas https://www.mrg-effitas.com/ November 26, 2014. The term Advanced Persistent Threat (APT) refers to a potential attacker that has the capability and the intent to carry out advanced attacks against specific high profile targets in order to [...] --------------------------------------------- http://blog.crysys.hu/2014/11/new-anti-apt-tools-are-no-silver-bullets-an-i… *** Adobe Reader sandbox popped says Google researcher *** --------------------------------------------- Yet another reason to make sure youve patched promptly and properly The Acrobat Reader Windows sandbox contains a vulnerability that could allow attackers to break out and gain higher privileges, Google security bod James Forshaw claims. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/11/27/adobe_reade… *** Crunch - Password Cracking Wordlist Generator *** --------------------------------------------- Features: crunch generates wordlists in both combination and permutation ways it can breakup output by number of lines or file size * now has resume support * pattern now supports number and symbols * pattern now supports upper and lower case characters separately * adds a status report when generating multiple files * new -l option for literal support of @,%^ * new -d option to limit duplicate characters see man file for details * now has unicode support... --------------------------------------------- http://hack-tools.blackploit.com/2014/11/crunch-password-cracking-wordlist.… *** SEC Risk Factors: How To Determine The Business Value Of Your Data To A Foreign Government *** --------------------------------------------- This white paper will explore where the SEC is headed on this issue and propose a novel solution that's both specific to the company and avoids the potential danger of revealing too much information about company vulnerabilities - the ability to verifiably assess the value of your intellectual property (IP) to a rival Nation State by establishing its Target Asset Value™. --------------------------------------------- http://jeffreycarr.blogspot.co.uk/2014/11/sec-risk-factors-how-to-determine… *** Factsheet HTTPS could be a lot more secure *** --------------------------------------------- HTTPS is a frequently used protocol for protecting web traffic against parties setting out to eavesdrop on or manipulate the traffic. Configuring HTTPS requires precision: there are many options, and by no means all of them are secure. --------------------------------------------- https://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/fac… *** Cisco: Fehler in H.264-Plugin betrifft alle Firefox-Nutzer *** --------------------------------------------- Ein Fehler in der Speicherverwaltung des H.264-Plugins betrifft potentiell alle Firefox-Nutzer, da Mozilla dieses zwangsweise installiert. Besonders schwerwiegend ist der Fehler zwar nicht, er offenbart aber ein Problem in der Zusammenarbeit mit Cisco. --------------------------------------------- http://www.golem.de/news/cisco-fehler-in-h-264-plugin-betrifft-alle-firefox… *** l+f: Nur zwei Tage vom Patch zum Exploit-Kit *** --------------------------------------------- Der Zeitraum zwischen der Bekanntgabe einer Lücke durch einen Patch und deren aktiver Ausnutzung wird immer kürzer. --------------------------------------------- http://www.heise.de/security/meldung/l-f-Nur-zwei-Tage-vom-Patch-zum-Exploi… *** Meta-Hack stört hunderte Medien-Webseiten *** --------------------------------------------- Auf hunderten großer Webseiten erschien am Donnerstag die Meldung "You have been hacked". Ursache war eine eingebettete Kommentarfunktion von Gigya. --------------------------------------------- http://www.heise.de/security/meldung/Meta-Hack-stoert-hunderte-Medien-Webse… *** TYPO3 CMS 4.5.38 and 6.2.7 released *** --------------------------------------------- The TYPO3 Community announces the versions 4.5.38 LTS and 6.2.7 LTS of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes. --------------------------------------------- https://typo3.org/news/article/typo3-cms-4538-and-627-released/ *** TYPO3-EXT-SA-2014-017: Improper Access Control in WebDav for filemounts (webdav) *** --------------------------------------------- It has been discovered that the extension "WebDav for filemounts" (webdav) is susceptible to Improper Access Control. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 2.0.0 Vulnerability Type: Improper Access Control Severity: Medium Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:H/RL:OF/RC:C --------------------------------------------- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… *** DSA-3077 openjdk-6 *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3077 *** Cisco ASA SSL VPN Memory Consumption Error Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031269 *** Mutt Buffer Overflow in mutt_substrdup() Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031266 *** Xen Security Advisory 112 (CVE-2014-8867) - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor *** --------------------------------------------- Acceleration support for the "REP MOVS" instruction, when the first iteration accesses memory mapped I/O emulated internally in the hypervisor, incorrectly assumes that the whole range accessed is handled by the same hypervisor sub-component. Impact: A buggy or malicious HVM guest can crash the host. Mitigation: Running only PV guests will avoid this issue. There is no mitigation available for HVM guests. Resolution: Applying the appropriate attached patch resolves this issue. --------------------------------------------- http://lists.xen.org/archives/html/xen-announce/2014-11/msg00006.html *** Xen Security Advisory 111 (CVE-2014-8866) - Excessive checking in compatibility mode hypercall argument translation *** --------------------------------------------- Impact: A buggy or malicious HVM guest can crash the host. Mitigation: Running only PV guests will avoid this issue. There is no mitigation available for HVM guests on any version of Xen so far released by xenproject.org. Resolution: Applying the appropriate attached patch resolves this issue. --------------------------------------------- http://lists.xen.org/archives/html/xen-announce/2014-11/msg00005.html *** F5 Security Advisories *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15877.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15875.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15881.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15868.htm… https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15885.htm…

1 0

Tageszusammenfassung - Mittwoch 26-11-2014
by Daily end-of-shift report 26 Nov '14

26 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 25-11-2014 18:00 − Mittwoch 26-11-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Security updates available for Adobe Flash Player (APSB14-26) *** --------------------------------------------- A Security Bulletin (APSB14-26) has been published regarding security updates for Adobe Flash Player. These updates address a critical vulnerability, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin. --------------------------------------------- http://blogs.adobe.com/psirt/?p=1144 *** Brain Science and Browser Warnings *** --------------------------------------------- Computer users will click through browser warnings and security alerts in order to complete a task, but once theyre hacked, their behaviors change, a recent BYU study learned. --------------------------------------------- http://threatpost.com/brain-science-and-browser-warnings/109615 *** Multiple vulnerabilities in ARRIS VAP2500 *** --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-389/ http://www.zerodayinitiative.com/advisories/ZDI-14-388/ http://www.zerodayinitiative.com/advisories/ZDI-14-387/ *** DSA-3076 wireshark *** --------------------------------------------- Multiple vulnerabilities were discovered in the dissectors/parsers for SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of service. --------------------------------------------- http://www.debian.org/security/2014/dsa-3076 *** ModSecurity Advanced Topic of the Week: Detecting Malware with Fuzzy Hashing *** --------------------------------------------- In the most recent release of ModSecurity v2.9.0-RC1, we introduced a new operator called @fuzzyHash which uses functionality from the ssdeep tool. This blog post will demonstrate a powerful use-case with ModSecurity which is identifying .. --------------------------------------------- http://blog.spiderlabs.com/2014/11/modsecurity-advanced-topic-of-the-week-d… *** Google Doc Embedder plugin for WordPress google-document-embedder\view.php SQL injection *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98944 *** VB2014 paper: Labelling spam through the analysis of protocol patterns *** --------------------------------------------- What do your IP packet sizes say about whether youre a spammer?Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added Labelling spam through the analysis .. --------------------------------------------- http://www.virusbtn.com/blog/2014/11_26.xml *** Typos Can have a Bigger Impact Than Expected *** --------------------------------------------- Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website. Do you think there's a risk in that? You may have seen the Grammar Police all over your comments .. --------------------------------------------- http://blog.sucuri.net/2014/11/typos-can-have-a-bigger-impact-than-expected… *** Black Friday and Cyber Monday - 4 Scams To Watch Out For While Shopping *** --------------------------------------------- Holiday Shopping season is really an excited time for both shoppers and retailers, but unfortunately its a good time for cyber criminals and scammers as well. With Black Friday .. --------------------------------------------- http://thehackernews.com/2014/11/black-friday-and-cyber-monday-4-scams_26.h… *** Mängel beim Selbstschutz von Antiviren-Software *** --------------------------------------------- Nur 2 von 32 getesteten Antivirus-Produkten setzen eigentlich selbstverständliche Schutztechniken wie DLP und ASLR auch wirklich konsequent ein, stellte das deutsche Testlabor AV-Test fest. --------------------------------------------- http://www.heise.de/security/meldung/Maengel-beim-Selbstschutz-von-Antivire… *** CryptoPHP a week later: more than 23.000 sites affected *** --------------------------------------------- On November 20th we published our report on CryptoPHP. Since publishing we have, together with other parties, been busy dealing with the affected servers and taking down the CryptoPHP infrastructure. Sinkhole .. --------------------------------------------- http://blog.fox-it.com/2014/11/26/cryptophp-a-week-later-more-than-23-000-s… *** MatrikonOPC for DNP Unhandled C++ Exception *** --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-329-01 *** Siemens SIMANTIC WinCC, PCS7, and TIA Portal Vulnerabilities *** --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-329-02 *** Hintergrund: Schwachstellen-Scanner für Web-Applikationen *** --------------------------------------------- Ein guter Überblick präsentiert 16 Open-Source-Scanner für Web-Applikationen, die Lücken von XSS bis hin zu SQL-Injection aufspüren. --------------------------------------------- http://www.heise.de/security/artikel/Schwachstellen-Scanner-fuer-Web-Applik…

1 0

Tageszusammenfassung - Dienstag 25-11-2014
by Daily end-of-shift report 25 Nov '14

25 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 24-11-2014 18:00 − Dienstag 25-11-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Remote Code Execution in Popular Hikvision Surveillance DVR *** --------------------------------------------- A number Hikvision digital video recorders contain vulnerabilities that an attacker could remotely exploit in order to gain full control of those devices. --------------------------------------------- http://threatpost.com/remote-code-execution-in-popular-hikvision-surveillan… *** Multiple Dell SonicWALL products code execution *** --------------------------------------------- Multiple Dell SonicWALL products could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the failure to validate user data prior to executing a command in the GMS ViewPoint .. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98911 *** Obfuscated Flash Files Make Their Mark in Exploit Kits *** --------------------------------------------- In recent years, we noticed that more and more malicious Adobe Flash (.SWF) files are being incorporated into exploit kits like the Magnitude Exploit Kit, the Angler Exploit Kit, and the Sweet Orange Exploit Kit. However, we did some more .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-flash-… *** The Other Side of Masque Attacks: Data Encryption Not Found in iOS Apps *** --------------------------------------------- Based on our research into the iOS threat Masque Attacks announced last week, Trend Micro researchers have found a new way that malicious apps installed through successful Masque Attacks can pose a threat to iOS devices: by accessing unencrypted data used by legitimate apps. According to reports, .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/the-other-side-o… *** Docker docker pull privilege escalation *** --------------------------------------------- Docker could allow a remote attacker to gain elevated privileges on the system, caused by an error in the docker pull and the docker load operations. An attacker could exploit this vulnerability to gain elevated privileges on the system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98924 *** Docker image privilege escalation *** --------------------------------------------- Docker could allow a remote attacker to gain elevated privileges on the system, caused by the ability to modify the default run profile of containers by images. attacker could exploit this vulnerability to gain elevated privileges on the system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98925 *** WordPress wpDataTables 1.5.3 SQL Injection *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014110163 *** WordPress wpDataTables 1.5.3 Shell Upload *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014110162 *** [oCERT 2014-008] heap overflow, remote code execution in libFLAC *** --------------------------------------------- FLAC is an open source lossless audio codec supported by several software and music players. The libFLAC project, an open source library implementing reference encoders and decoders for native FLAC and Ogg FLAC audio content, suffers from multiple implementation issues. In particular, a stack overflow and a heap overflow condition, which may .. --------------------------------------------- http://www.ocert.org/advisories/ocert-2014-008.html *** Chrome läutet Ende für Browser-Plugins ein *** --------------------------------------------- Ab Jänner werden sämtliche NPAPI-Plugins blockiert - Silverlight und Java betroffen --------------------------------------------- http://derstandard.at/2000008592582 *** Hacker legen Sony Pictures komplett lahm *** --------------------------------------------- Unbekannte haben am Montag den Firmenbetrieb bei Sony Pictures zum Erliegen gebracht. Sie sollen sämtliche Computer im Firmennetz der Sony-Tochter gekapert haben. Auch das Play-Store-Konto von Sony soll betroffen sein. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-legen-Sony-Pictures-komplett-la… *** Secret Malware in European Union Attack Linked to U.S. and British Intelligence *** --------------------------------------------- Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept. --------------------------------------------- https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom… *** EU-Experten: Exporte von Spähsoftware sollen stärker kontrolliert werden *** --------------------------------------------- Wirtschaftsminister Gabriel will den Export von Spähsoftware auf EU-Ebene einschränken. Erste Firmen suchen aber schon Wege, um der Exportkontrolle zu entgehen. --------------------------------------------- http://www.golem.de/news/eu-experten-exporte-von-spaehsoftware-sollen-staer…

1 0

Tageszusammenfassung - Montag 24-11-2014
by Daily end-of-shift report 24 Nov '14

24 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-11-2014 18:00 − Montag 24-11-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Website Malware Removal: Phishing *** --------------------------------------------- As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and reels with his fishing rod, a .. --------------------------------------------- http://blog.sucuri.net/2014/11/website-malware-removal-phishing.html *** Asterisk IP address security bypass *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98863 *** "NotCompatible": Die bisher hartnäckigste Android-Malware *** --------------------------------------------- Schadsoftware infiziert täglich 20.000 Geräte - Für Spam-Versand, Ticket-Kauf und Word-Press-Hacking --------------------------------------------- http://derstandard.at/2000008502545 *** DoubleDirect MitM Attack Targets Android, iOS and OS X Users *** --------------------------------------------- Security researchers have discovered a new type of "Man-in-the-Middle" (MitM) attack in the wild targeting smartphone and tablets users on devices running either iOS or Android around the world. The MitM attack, dubbed DoubleDirect, enables an attacker to redirect a victim's traffic of major websites .. --------------------------------------------- http://thehackernews.com/2014/11/doubledirect-mitm-attack-targets_22.html *** Spearphishing: Jeder Fünfte geht in die Falle *** --------------------------------------------- IT-Benutzer sind gutgläubig. Ein Rabattversprechen reicht, um jede Menge Passwörter einzusammeln. Auf der Wiener Security-Konferenz Deepsec wurden erschreckende Zahlen aus der Praxis verraten. --------------------------------------------- http://www.heise.de/newsticker/meldung/Spearphishing-Jeder-Fuenfte-geht-in-… *** A Nightmare on Malware Street *** --------------------------------------------- Another ransomware has been spotted in the wild lately, branded as CoinVault. This one involves some interesting details worth mentioning, including the peculiar characteristic of offering the free decryption of one of the hostage files a.. --------------------------------------------- http://securelist.com/blog/virus-watch/67699/a-nightmare-on-malware-street/ *** ClamA libclamav/pe.c buffer overflow *** --------------------------------------------- ClamAV is vulnerable to a Heap Based buffer overflow, caused by improper bounds checking by the libclamav/pe.c file. A local attacker could overflow a buffer and execute arbitrary code on the system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98882 *** Crypto protocols held back by legacy, says ENISA *** --------------------------------------------- EU takes the microscope to security The EU Agency for Network Information and Security (ENISA) has updated its 2013 crypto guidelines, designed to help developers protect personal information in line with EU law, and has sternly told crypto .. --------------------------------------------- http://www.theregister.co.uk/2014/11/24/crypto_protocols_held_back_by_legac… *** Symantec reseachers find Regin malware, label it the new Stuxnet *** --------------------------------------------- Government probably penned peerless p0wn cannon aimed at Russian and Saudi targets An advanced malware instance said to be as sophisticated as Stuxnet and Duqu has has been detected attacking the top end of town and has .. --------------------------------------------- http://www.theregister.co.uk/2014/11/24/regin/ *** Triggering MS14-066 *** --------------------------------------------- Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed. This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security .. --------------------------------------------- http://blog.beyondtrust.com/triggering-ms14-066 *** Hacking RFID Payment Cards Made Possible with Android App *** --------------------------------------------- We recently encountered a high-risk Android app detected as ANDROIDOS_STIP.A in Chile. This app, found distributed through forums and blogs, can be used to hack into the user's RFID bus transit card to recharge the credits. What is the mechanism .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-rfid-pay… *** Protecting Against Unknown Software Vulnerabilities *** --------------------------------------------- Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can have a security implications, these are known as vulnerabilities. These vulnerabilities can be used to exploit and compromise your server, your siteRead More --------------------------------------------- http://blog.sucuri.net/2014/11/protecting-against-unknown-software-vulnerab… *** Linux-Distribution: Less ist ein mögliches Einfallstor *** --------------------------------------------- Das Tool Less wird unter Linux oft benutzt, um in Verbindung mit anderen Tools etwa Dateien zu öffnen. Damit würden viele Fehler und Sicherheitslücken provoziert, meint ein profilierter Hacker. --------------------------------------------- http://www.golem.de/news/linux-distribution-less-als-moegliches-einfallstor… *** Drupal-Update schiebt Session-Klau den Riegel vor *** --------------------------------------------- Die Entwickler des Open-Source CMS haben zwei Sicherheitslücken in Drupal 6 und 7 geschlossen. Die Schwachstellen können missbraucht werden, um Sessions angemeldeter Benutzer zu stehlen und um den Server lahmzulegen. --------------------------------------------- http://www.heise.de/security/meldung/Drupal-Update-schiebt-Session-Klau-den…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily