Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - Freitag 7-11-2014
by Daily end-of-shift report 07 Nov '14

07 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 06-11-2014 18:00 − Freitag 07-11-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Crypto 101 - free book resource, (Thu, Nov 6th) *** --------------------------------------------- Regular reader and contributor Gebhard sent us a pointer to Crypto 101, an introductory course on cryptography, freely available for programmers of all ages and skill levels byLaurens Van Houtven (lvh) available for everyone, for free, forever. Its a pre-release PDF read of a project that will be released in more formats later. The Crypto 101 course allows you to learn by doing and includes everything you need to understand complete systems such as SSL/TLS: block ciphers, stream ciphers, hash... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18925&rss *** Metasploit Weekly Wrapup: Another Android Universal XSS *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/11/06/metasploi… *** Navy gunners unphased by "integer overflow bug" concerns *** --------------------------------------------- Today, Naked Security received an out-of-the-ordinary email... ..from a vacationing coder with a penchant for fitting geekiness into regular life! We loved his story. We think you will too. --------------------------------------------- http://nakedsecurity.sophos.com/2014/11/06/navy-gunners-unphased-by-integer… *** Slides zum Thema DDoS *** --------------------------------------------- Slides zum Thema DDoS | 5. November 2014 | Das Abwehramt des österreichischen Bundesheeres veranstaltet jedes Jahr eine Konferenz zum Thema IKT-Sicherheit. Dieses Jahr wurde ich eingeladen, einen Vortrag zum Thema DDoS zu halten.In meiner Präsentaion verweise ich auf diverse externe Dokumente, daher wurde ich gebeten, die Slides zum zum Download anzubieten. Autor: Otmar Lendl --------------------------------------------- http://www.cert.at/services/blog/20141105124802-1293.html *** Advance Notification Service for the November 2014 Security Bulletin Release *** --------------------------------------------- Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD). As per our monthly process, weve --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2014/11/06/advance-notification-ser… *** Chinese Routing Errors Redirect Russian Traffic *** --------------------------------------------- In recent weeks, Russian President Vladimir Putin announced a plan to enact measures to protect the Internet of Russia. In a speech to the Russian National Security Council he said, "we need to greatly improve the security of domestic communications networks and information resources." Perhaps he should add Internet routing security to his list because,... --------------------------------------------- http://research.dyn.com/2014/11/chinese-routing-errors-redirect-russian-tra… *** Frankfurt | 04.12.2014 - SAVE us from IP Spoofing and Prefix Hijacking *** --------------------------------------------- DDoS reflection attacks are promoted by IP spoofing and there have been several incidents in the last couple of years where huge networks or whole countries were disconnected from the internet after BGP hijacking. Nevertheless there are countermeasure like RPKI, BCP38 and S.A.V.E that not only protect your network but also help to create a more robust internet. Matthias Wählisch (FU Berlin) and Gert Döring (Space.Net) are going to present these approaches and open the discussion with... --------------------------------------------- http://de-cix.eco.de/2014/events/4-12-frankfurt-spoofing-and-hijacking.html *** Security Holes in Corporate Networks: Network Vulnerabilities *** --------------------------------------------- In this blogpost, we will review in detail the possible vectors for an attack launched on a corporate network from an infected computer within it. --------------------------------------------- http://securelist.com/blog/research/67452/security-holes-in-corporate-netwo… *** Combat Blackhat SEO Infections with SEO Insights *** --------------------------------------------- Blackhat SEO spam is the plague of the internet, and the big search engines take it seriously. One of the worst spam tactics on the internet is becoming more common every day: innocent websites are hacked, and their best pages begin linking to spam. These Blackhat SEO spam tactics are fighting for expensive, high-competition keywords... --------------------------------------------- http://blog.sucuri.net/2014/11/combat-blackhat-seo-infections-with-seo-insi… *** Macro malware on the rise again *** --------------------------------------------- Users taught that having to enable enhanced security features is no big deal.When I joined Virus Bulletin almost eight years ago, macro viruses were already a thing of the past, like porn diallers or viruses that did funny things to the characters on your screen: threats that were once a real problem, but that we didnt have to worry about any longer.A few years ago, I even heard a malware researcher bemoan the fact that "kids these days" didnt even know how to analyse macro viruses. --------------------------------------------- http://www.virusbtn.com/blog/2014/11_07.xml?rss *** Yosemite Beta *** --------------------------------------------- When we first announced that future versions of GPGMail would be available for a small fee, we were pretty scared about the reactions. Despite our expectations, weve received mostly positive responses and we would really like to thank you for that. Today were happy to announce that the first beta of GPGMail for Yosemite is finally ready. --------------------------------------------- https://gpgtools.org/?yosemite *** GnuPG unterstützt Krypto auf Elliptischen Kurven *** --------------------------------------------- Das soeben veröffentlichte Release GnuPG 2.1.0 bringt einige neue Funktionen, bessere Abläufe und es schneidet auch ein paar alte Zöpfe ab. Der 2.0er-Zweig wird als stabile Version weiter gepflegt. --------------------------------------------- http://www.heise.de/security/meldung/GnuPG-unterstuetzt-Krypto-auf-Elliptis… *** Belkin flings out patch after Metasploit module turns guests to admins *** --------------------------------------------- Open guest networks turned on by default Belkin has patched a vulnerability in a dual band router that allowed attackers on guest networks to gain root access using an automated tool. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/11/07/belkin_flin… *** VB2014 video: Attack points in health apps & wearable devices - how safe is your quantified self? *** --------------------------------------------- Health apps and wearable devices found to make many basic security mistakes."I know a lot of you have a Fitbit device."The geeks attending VB conferences tend to like their gadgets, and many of them have the latest ones, so the claim made by Candid Wüest at the beginning of his VB2014 last-minute presentation Attack points in health apps & wearable devices - how safe is your quantified self? was bound to be accurate. But the Symantec researcher really did know how many... --------------------------------------------- http://www.virusbtn.com/blog/2014/11_07a.xml?rss *** Security: Tausende unsichere Webcams im Internet zu sehen *** --------------------------------------------- Über tausende Webcams sind derzeit Menschen zu Hause in ihrem Fernsehsessel oder bei der Arbeit am Rechner zu sehen - ohne dass sie davon wissen. Die unbekannten Betreiber einer Webseite haben dafür weltweit Überwachungskameras angezapft. --------------------------------------------- http://www.golem.de/news/security-tausende-unsichere-webcams-im-internet-zu… *** Vuln: requests-kerberos requests_kerberos/kerberos_.py Remote Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/70909 *** SOL15792: Path MTU discovery vulnerability CVE-2004-1060 *** --------------------------------------------- Description: Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Dont Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." (CVE-2004-1060) Impact: The BIG-IP system may be vulnerable to denial-of-service (DoS) attacks. --------------------------------------------- https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15792.html *** Bugtraq: Open-Xchange Security Advisory 2014-11-07 *** --------------------------------------------- http://www.securityfocus.com/archive/1/533936 *** [R1] OpenSSL Vulnerabilities (20141015) Affect Tenable Products *** --------------------------------------------- November 7, 2014 --------------------------------------------- http://www.tenable.com/security/tns-2014-11 *** RSA Web Threat Detection SQL Injection *** --------------------------------------------- Topic: RSA Web Threat Detection SQL Injection Risk: Medium Text:ESA-2014-135: RSA Web Threat Detection SQL Injection Vulnerability EMC Identifier: ESA-2014-135 CVE Identifier: C... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014110032 *** PHP date_from_ISO8601() buffer overflow *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98522 *** DSA-3067 qemu-kvm *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3067 *** DSA-3066 qemu *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3066 *** DSA-3065 libxml-security-java *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3065 *** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Donnerstag 6-11-2014
by Daily end-of-shift report 06 Nov '14

06 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 05-11-2014 18:00 − Donnerstag 06-11-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Retefe with a new twist *** --------------------------------------------- A few months ago, we blogged about the banking trojan Retefe (Blog post in German) that was and still is targeting Switzerland. First off, Retefe is different because it only targets Switzerland, Austria and Sweden (and sometimes Japan). Contrast this... --------------------------------------------- http://securityblog.switch.ch/2014/11/05/retefe-with-a-new-twist/ *** ENISA calls for Expression of Interest for Membership of the Permanent Stakeholders' Group *** --------------------------------------------- The Executive Director of European Union Agency for Network and Information Security (ENISA) calls for Expression of Interest for Membership of the Permanent Stakeholders' Group (PSG) to be assigned from February 2015 to August 2017. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/enisa-calls-for-expression-… *** New ENISA report on Cyber Crisis Cooperation and Management *** --------------------------------------------- http://www.enisa.europa.eu/media/news-items/enisa-publishes-new-report-on-c… *** WireLurker malware infects iOS devices through OS X *** --------------------------------------------- Non-jailbroken devices infected via enterprise provisioning program.Researchers at Palo Alto Networks have published a research paper (PDF) analysing the WireLurker malware that runs on Mac OS X, and which is then used to further infect iOS devices connected to an infected machine.WireLurker is found to have infected 467 apps on the Maiyadi App Store, a third-party store based in China. Infected apps have been downloaded more than 350,000 times. Malware targeting OS X has become increasingly... --------------------------------------------- http://www.virusbtn.com/blog/2014/11_06.xml?rss *** VB2014 paper: DMARC - how to use it to improve your email reputation *** --------------------------------------------- Terry Zink presents case study in which he describes setting a DMARC policy for Microsoft.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added DMARC - how to use it to improve your email reputation, by Microsofts Terry Zink.Email is a 30-year-old protocol, designed at a time when the Internet was much smaller and you could basically trust anyone. As a consequence, spammers and phishers can easily send email --------------------------------------------- http://www.virusbtn.com/blog/2014/11_06a.xml?rss *** ZMap 1.2.1 - The Internet Scanner *** --------------------------------------------- ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical limit of gigabit Ethernet. --------------------------------------------- http://hack-tools.blackploit.com/2014/11/zmap-121-internet-scanner.html *** ICMP Reverse Shell *** --------------------------------------------- A reverse shell is a type of shell in which the target machine communicates back to the attacking machine. The attacking machine has a listener port on which it receives the connection, which by using, code or command execution is achieved. --------------------------------------------- http://resources.infosecinstitute.com/icmp-reverse-shell/ *** ZDI-14-373: Trend Micro InterScan Web Security Virtual Appliance Information Disclosure Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to read files from the underlying operating system on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance web application authentication is required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-373/ *** Vuln: Dell EqualLogic CVE-2013-3304 Directory Traversal Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/70760 *** Bugtraq: ESA-2014-135: RSA Web Threat Detection SQL Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/533912 *** Bugtraq: [The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser *** --------------------------------------------- http://www.securityfocus.com/archive/1/533916 *** Cisco Unity Connection Information Disclosure Vulnerability *** --------------------------------------------- CVE-2014-7988 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** [R1] PHP Integer Overflow Affects Tenables SecurityCenter *** --------------------------------------------- November 5, 2014 --------------------------------------------- http://www.tenable.com/security/tns-2014-10 *** [2014-11-06] XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection *** --------------------------------------------- Attackers are able to perform denial-of-service attacks against the Endpoint Protection Manager which directly impacts the effectiveness of the client-side endpoint protection. Furthermore, session identifiers of users can be stolen to impersonate them and gain unauthorized access to the server. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** IBM Security Bulletin: Security vulnerabilities in Node.js modules affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2014-6394, CVE-2014-7191) *** --------------------------------------------- Security vulnerabilities have been reported for some dependent Node.js modules. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based on open source Node.js technology. CVE(s): CVE-2014-6394 and CVE-2014-7191 Affected product(s) and affected version(s): IBM Business Process Manager Express V8.5.5 IBM Business Process Manager Standard V8.5.5 IBM Business Process Manager Advanced V8.5.5 Refer to the following reference --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: Multiple Reflected XSS Vulnerabilities in Tivoli Netcool/Impact *** --------------------------------------------- IBM Tivoli Netcool Impact is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. CVE(s): CVE-2014-6161 Affected product(s) and affected version(s): IBM Tivoli Netcool Impact 6.1.1 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21689130 X-Force Database: http://xforce.iss.net/xforce/xfdb/97710 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Mittwoch 5-11-2014
by Daily end-of-shift report 05 Nov '14

05 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 04-11-2014 18:00 − Mittwoch 05-11-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Tool Tip: vFeed, (Wed, Nov 5th) *** --------------------------------------------- I have had a number of occasions lately to use or talk about vFeed from Toolswatch.org (@toolwatch). NJ a useful Python CLI tool that pulls CVEs and other Mitre datasets. From the vFeed Github repo: vFeed framework is an open source naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML schema. It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18917&rss *** Perfider Schädling haust in der Registry *** --------------------------------------------- Viren sind typischerweise in Dateien Zuhause, die mal besser und mal schlechter auf dem System versteckt sind. Ein neuer Trojaner kommt ohne Dateien aus, wodurch man ihn schwer aufspüren kann. Er wird seit kurzem auch über ein Exploit-Kit verteilt. --------------------------------------------- http://www.heise.de/security/meldung/Perfider-Schaedling-haust-in-der-Regis… *** Which Messaging Technologies Are Truly Safe and Secure? *** --------------------------------------------- In the face of widespread Internet data collection and surveillance, we need a secure and practical means of talking to each other from our phones and computers. Many companies offer "secure messaging" products - but how can users know if these systems actually secure? The Electronic Frontier Foundation (EFF) released its Secure Messaging Scorecard today, evaluating dozens of messaging technologies on a range of security best practices. --------------------------------------------- https://www.eff.org/press/releases/which-messaging-technologies-are-truly-s… *** Crypto collision used to hijack Windows Update goes mainstream *** --------------------------------------------- Final nail in the coffin for the MD5 hash The cryptographic hash collision attack used by cyberspies to subvert Microsofts Windows Update has gone mainstream, revealing that MD5 is hopelessly broken. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/11/05/md5_hash_co… *** New Phishing Technique Outfoxes Site Owners: Operation Huyao *** --------------------------------------------- We've found a new phishing technique targeting online shopping sites that may significantly change the threat landscape for phishing sites. Conventional phishing sites require an attacker to replicate the targeted site; a more accurate copy is more likely to fool intended victims. This technique we found allows for the creation of nearly perfect copies... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/SfVy0fROxfs/ *** Novembers Issue of the OUCH Newsletter is available, covering Social Engineering! http://www.securingthehuman.org/ouch, (Wed, Nov 5th) *** --------------------------------------------- -- Alex Stanford - GIAC GWEB GSEC, Research Operations Manager, SANS Internet Storm Center (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18921&rss *** Mehr Updates gegen die UEFI-Sicherheitslücke *** --------------------------------------------- Für die vor Monaten entdeckte Sicherheitslücke in UEFI-Firmware stellen nun mehr PC- und Mainboard-Hersteller Patches bereit, andere geben Entwarnung - und manche forschen noch. --------------------------------------------- http://www.heise.de/newsticker/meldung/Mehr-Updates-gegen-die-UEFI-Sicherhe… *** .onion-Domains: Falsches Zertifikat für Tor-Facebook *** --------------------------------------------- Einem Sicherheitsforscher ist es gelungen, ein gefälschtes Zertifikat für die .onion-URL von Facebook ausstellen zu lassen. Facebook ist seit kurzem über das Tor-Netzwerk erreichbar. (Soziales Netz, Facebook) --------------------------------------------- http://www.golem.de/news/onion-domains-falsches-zertifikat-fuer-tor-faceboo… *** Bugtraq: CVE-2014-6617 Softing FG-100 Backdoor Account *** --------------------------------------------- http://www.securityfocus.com/archive/1/533902 *** Bugtraq: KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read *** --------------------------------------------- KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read --------------------------------------------- http://www.securityfocus.com/archive/1/533901 *** Cross-Site Scripting vulnerability in extension phpMyAdmin (phpmyadmin) *** --------------------------------------------- It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting. --------------------------------------------- http://www.typo3.org/news/article/cross-site-scripting-vulnerability-in-ext… *** Advisory (ICSA-14-308-01) ABB RobotStudio and Test Signal Viewer DLL Hijack Vulnerability *** --------------------------------------------- Ivan Sanchez of WiseSecurity Team has identified a dll hijack vulnerability in the ABB RobotStudio and Test Signal Viewer applications. ABB has produced new versions that mitigate this vulnerability. Mr. Sanchez has tested the new version to validate that it resolves the vulnerability. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01 *** Axway Secure Transport 5.1 SP2 Arbitary File Upload via CSRF *** --------------------------------------------- Topic: Axway Secure Transport 5.1 SP2 Arbitary File Upload via CSRF Risk: Medium Text:<!-- # Exploit Title: Axway Secure Transport 5.1 SP2 Arbitary File Upload via CSRF # Exploit author: Emmanuel Law # Public ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014110021 *** Multiple Vulnerabilities in Cisco Small Business RV Series Routers *** --------------------------------------------- cisco-sa-20141105-rv --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** DSA-3064 php5 *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3064 *** FreeBSD setlogin() Lets Local Users Obtain Portions of Kernel Memory *** --------------------------------------------- http://www.securitytracker.com/id/1031169 *** FreeBSD OpenSSH Child Process Deadlock Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031168 *** IBM Security Bulletins related to POODLE (CVE-2014-3566) *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** Other IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Dienstag 4-11-2014
by Daily end-of-shift report 04 Nov '14

04 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 03-11-2014 18:00 − Dienstag 04-11-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Smuggler - An interactive 802.11 wireless shell without the need for authentication or association *** --------------------------------------------- I've always been fascinated by wireless communications. The ability to launch seemingly invisible packets of information up into the air without even the need to consider aerodynamics itself seems like some kind of magic. In my quest to become a wireless wizard I started looking at the 802.11 wireless protocol to find out a little more about it. I had always noticed when looking at wireless management frames in various packet dumps that a wealth of additional (and somewhat optional)... --------------------------------------------- http://blog.spiderlabs.com/2014/11/smuggler-an-interactive-80211-wireless-s… *** Some samples in Rotten Tomato campaign not effectively executed *** --------------------------------------------- Researchers at Sophos provided additional details on the malware used in the attacks. --------------------------------------------- http://www.scmagazine.com/some-samples-in-rotten-tomato-campaign-not-effect… *** Whois someone else?, (Tue, Nov 4th) *** --------------------------------------------- A couple of weeks ago, I already covered the situation where a cloud IP address gets re-assigned, and the new owner still sees some of your traffic. Recently, one of our clients had the opposite problem: They had changed their Internet provider, and had held on to the old address range for a decent decay time. They even confirmed with a week-long packet capture that there was no afterglow on the link, and then dismantled the setup. Until last week, when they got an annoyed rant into their... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18911&rss *** New version of Backoff detected, malware variant dubbed ROM *** --------------------------------------------- Researchers at Fortinet detailed the new variant on Monday, and urged businesses to keep their AV up to date. --------------------------------------------- http://www.scmagazine.com/new-version-of-backoff-detected-malware-variant-d… *** Practical Reflected File Download and JSONP *** --------------------------------------------- This week introduced us to a new web attack vector, which the researcher dubbed "Reflected File Download" [RFD] . It's a very interesting attack which has potential to do some severe damage, especially in social engineering contexts. Full details of the reflected file download attack can be found here:... --------------------------------------------- http://blog.davidvassallo.me/2014/11/02/practical-reflected-file-download-a… *** Content Security Policy Builder *** --------------------------------------------- Content Security Policy is a new HTML5 web security feature. Your website can now explicitly tell browsers what sources of content - images, scripts, frames etc - are to be trusted. A new Content-Security-Policy HTTP header is used to announce that policy. --------------------------------------------- https://cspbuilder.info/static/ *** Exploiting CVE-2014-4113 on Windows 8.1 *** --------------------------------------------- On the 14th of October 2014 both CrowdStrike1 and FireEye2 published a blog post describing a new zero-day privilege escalation vulnerability on Windows. The CrowdStrike article explains that this new vulnerability was identified in the process of tracking a supposedly highly advanced adversary group named HURRICANE PANDA and has been actively exploited in the wild for at least five month. ... So I was curious if and how the vulnerability might be exploitable on the most current version of... --------------------------------------------- http://dl.packetstormsecurity.net/papers/attack/CVE-2014-4113.pdf *** Google Releases Nogotofail Tool to Test Network Security *** --------------------------------------------- The last year has produced a rogues' gallery of vulnerabilities in transport layer security implementations and new attacks on the key protocols, from Heartbleed to the Apple gotofail flaw to the recent POODLE attack. To help developers and security researchers identify applications that are vulnerable to known SSL/TLS attacks and configuration problems, Google is releasing a... --------------------------------------------- http://threatpost.com/google-releases-nogotofail-tool-to-test-network-secur… *** Customer confusion over new(ish) gTLDs targeting financial services *** --------------------------------------------- Introduction For the last decade and a bit, banking customers have been relentlessly targeted by professional phishers with a never-ending barrage of deceitful emails, malicious websites and unstoppable crimeware - each campaign seeking to relieve the victim of their online banking credentials and funds. In the battle for the high-ground, many client-side and server-side security technologies have been invented and consequently circumvented over the years. Now we're about to enter a... --------------------------------------------- https://www.nccgroup.com/en/blog/2014/11/customer-confusion-over-newish-gtl… *** Linksys Patches (Most) Routers Running SMART Wi-Fi Firmware *** --------------------------------------------- Linksys released updates for routers running its SMART Wi-Fi firmware, patching vulnerabilities leading to credential theft and information disclosure. Two popular models, however, remain unpatched. --------------------------------------------- http://threatpost.com/linksys-patches-most-routers-running-smart-wi-fi-firm… *** GNU Binutils peXXigen.c denial of service *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/98420 *** ZDI-14-371: (0Day) Denon AVR-3313CI Friendlyname Persistent Cross-Site Scripting Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to insert persistent JavaScript on vulnerable installations of the Denon AVR-3313CI audio/video receivers web portal. Authentication is not required to persist the attack. However, user interaction is required to exploit this vulnerability in that the target must visit a malicious page. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-371/ *** ZDI-14-372: (0Day) Visual Mining NetCharts Server File Upload Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Visual Mining NetCharts Server. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-372/ *** Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability *** --------------------------------------------- cisco-sa-20130109-uipphone --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** DSA-3063 quassel *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3063 *** DSA-3062 wget *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3062

1 0

Tageszusammenfassung - Montag 3-11-2014
by Daily end-of-shift report 03 Nov '14

03 Nov '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 31-10-2014 18:00 − Montag 03-11-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** CVE-2014-4115 Analysis: Malicious USB Disks Allow For Possible Whole System Control *** --------------------------------------------- One of the bulletins that was part of the October 2014 Patch Tuesday cycle was MS14-063 which fixed a vulnerability in the FAT32 disk partition driver that could allow for an attacker to gain administrator rights on affected systems, with only a USB disk with a specially modified file system. This vulnerability as also designated... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/E2Ur54TO5Qo/ *** CSAM Month of False Positives: Appropriately Weighting False and True Positives, (Fri, Oct 31st) *** --------------------------------------------- This is a guest diary submitted by Chris Sanders. We will gladly forward any responses or please use our comment/forum section to comment publicly.">">If you work with any type of IDS, IPS, or other">detection technology then you have to deal with false positives. One">common">mistake I see people make when managing their indicators and rules is">relying">solely on the rate of false positives that are observed. While... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18905&rss *** CVE-2012-0158 continues to be used in targeted attacks *** --------------------------------------------- 30-month old vulnerability still a popular way to infect systems.If all you have to worry about are zero-day vulnerabilities, you have got things pretty well sorted. Although it is true that sometimes zero-days are being used to deliver malware (such as the recent use of CVE-2014-4114 by the SandWorm group), in many cases even the more targeted attacks get away with using older, long patched vulnerabilities, exploiting the fact that many users and organisations dont patch as quickly as they --------------------------------------------- http://www.virusbtn.com/blog/2014/10_31a.xml?rss *** Reversing D-Link's WPS Pin Algorithm *** --------------------------------------------- While perusing the latest firmware for D-Link's DIR-810L 80211ac router, I found an interesting bit of code in sbin/ncc, a binary which provides back-end services used by many other processes on the device, including the HTTP and UPnP servers: I first began examining this particular piece of code with the... --------------------------------------------- http://www.devttys0.com/2014/10/reversing-d-links-wps-pin-algorithm/ *** Adobe: Aktuelle Flash-Sicherheitslücken bereits in Exploit-Kits *** --------------------------------------------- Es wird wieder Zeit, sich bei Sicherheitslücken verstärkt um Adobes Flashplayer zu kümmern. Zwei gerade erst abgesicherte und gefährliche Sicherheitslöcher sind bereits in aktuelle Exploit-Kits integriert worden. Eset glaubt sogar, dass Flash nun wieder Java in der Beliebtheitsskala ablöst. --------------------------------------------- http://www.golem.de/news/adobe-aktuelle-flash-sicherheitsluecken-bereits-in… *** justniffer a Packet Analysis Tool, (Mon, Nov 3rd) *** --------------------------------------------- Are you looking for another packet sniffer? justniffer is a packet sniffer with some interesting features. According to the author, this packet sniffer can rebuild and save HTTP file content sent over the network. It uses portions of Linux kernel source code for handling all TCP/IP stuff. Precisely, it uses a slightly modified version of the libnids libraries that already include a modified version of Linux code in a more reusable way.[1] The tarball can be downloaded here and a package is --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18907&rss *** BE2 Custom Plugins, Router Abuse, and Target Profiles *** --------------------------------------------- The BlackEnergy malware is crimeware turned APT tool and is used in significant geopolitical operations lightly documented over the past year. An even more interesting part of the BlackEnergy story is the relatively unknown custom plugin capabilities to attack ARM... --------------------------------------------- http://securelist.com/blog/research/67353/be2-custom-plugins-router-abuse-a… *** Security: Sicherheitslücke in Mac OS X 10.10 entdeckt *** --------------------------------------------- In Mac OS X 10.10 und 10.8.5 befindet sich eine Sicherheitslücke, die die Übernahme des gesamten Systems ermöglicht. Details hat ihr Entdecker noch nicht veröffentlicht - in Absprache mit Apple. --------------------------------------------- http://www.golem.de/news/security-sicherheitsluecke-in-mac-os-x-10-10-entde… *** OpenBSD 5.6 kickt OpenSSL *** --------------------------------------------- Mit der neuen Version des freien Unix steigen die OpenBSD-Macher von OpenSSL auf LibreSSL um. Dazu kommen zahlreiche kleinere Verbesserungen. --------------------------------------------- http://www.heise.de/newsticker/meldung/OpenBSD-5-6-kickt-OpenSSL-2441288.ht… *** Hacking Team: Handbücher zeigen Infektion Über Code Injection und WLAN *** --------------------------------------------- "Internetüberwachung leicht gemacht": Die italienische Firma Hacking Team gilt neben Finfisher als bekanntester Hersteller von Spionagesoftware. Nun veröffentlichte Handbücher zeigen die Möglichkeiten der Überwachung. --------------------------------------------- http://www.golem.de/news/hacking-team-handbuecher-zeigen-infektion-ueber-co… *** RDP Replay *** --------------------------------------------- Here at Context we work hard to keep our clients safe. During routine client monitoring our analysts noticed some suspicious RDP traffic. It was suspicious for two reasons. Firstly the client was not in the habit of using RDP, and secondly it had a Chinese keyboard layout. This information is available in the ClientData handshake message of non-SSL traffic, and can easily be seen in wireshark. --------------------------------------------- http://contextis.com/resources/blog/rdp-replay/ *** l+f: Analyse des Drupal-Desasters *** --------------------------------------------- Wie konnte das nur passieren? Müssen wir alle sterben? --------------------------------------------- http://www.heise.de/security/meldung/l-f-Analyse-des-Drupal-Desasters-24414… *** Visa: Kreditkarten-Lücke ermöglicht Abbuchen von einer Million Dollar per NFC *** --------------------------------------------- Mittels präpariertem Terminal - Forscher stellen Leck auf Sicherheitskonferenz vor - Visa beschwichtigt --------------------------------------------- http://derstandard.at/2000007655779 *** Ongoing Sophisticated Malware Campaign Compromising ICS (Update A) *** --------------------------------------------- This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS-ALERT-14-281-01 Ongoing Sophisticated Malware Campaign Compromising ICS that was published October 28, 2014, on the ICS-CERT web site. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-281-01A *** Bugtraq: [SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU *** --------------------------------------------- http://www.securityfocus.com/archive/1/533862 *** HP CM3530 Color LaserJet Printer Lets Remote Users Access Data and Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1031153 *** CBI Referral Manager <= 1.2.1 Cross-Site Scripting (XSS) *** --------------------------------------------- 2014-11-01T18:57:24 --------------------------------------------- https://wpvulndb.com/vulnerabilities/7654 *** GB Gallery Slideshow 1.5 - SQL Injection *** --------------------------------------------- 2014-11-02T13:12:44 --------------------------------------------- https://wpvulndb.com/vulnerabilities/7655 *** Vuln: MantisBT Incomplete Fix Multiple SQL Injection Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/70856 *** VU#210620: uIP and lwIP DNS resolver vulnerable to cache poisoning *** --------------------------------------------- Vulnerability Note VU#210620 uIP and lwIP DNS resolver vulnerable to cache poisoning Original Release date: 03 Nov 2014 | Last revised: 03 Nov 2014 Overview The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs (TXIDs) and source port reuse. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-4883The DNS resolver implemented in all versions of uIP, as well as lwIP versions 1.4.1 and earlier, is vulnerable to cache... --------------------------------------------- http://www.kb.cert.org/vuls/id/210620 *** IBM Security Bulletin: Weaker than expected security with Liberty Repository affecting Rational Application Developer for WebSphere Software (CVE-2014-4767) *** --------------------------------------------- The WebSphere Application Server Liberty profile could provide weaker than expected security when installing features via the Liberty Repository. A remote attacker could exploit this vulnerability using a man-in-the-middle technique to cause the installation of malicious code. CVE(s): CVE-2014-4767 Affected product(s) and affected version(s): IBM Rational Application Developer for WebSphere Software 9.1.0.1 Refer to the following reference URLs for remediation and additional --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: Multiple Security vulnerabilities found in WebSphere Commerce XML External Entity (XXE) Processing (CVE-2014-4834, CVE-2014-4769 ) *** --------------------------------------------- IBM WebSphere Commerce Enterprise, Professional, Express and Developer is vulnerable to a denial of service, caused by issues with detecting recursion during entity expansion. CVE(s): CVE-2014-4834 and CVE-2014-4769 Affected product(s) and affected version(s): WebSphere Commerce V6.0 and V7.0 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors *** --------------------------------------------- There are multiple vulnerabilities in OpenSSL that is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139). These issues were disclosed on August 6, 2014 by the OpenSSL Project. CVE(s): CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 and CVE-2014-5139 Affected... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: IBM Notes Traveler for Android client explicit warning against use of HTTP (CVE-2014-6130) *** --------------------------------------------- The IBM Notes Traveler client for Android devices allows the end user to connect to their Traveler server over HTTPS (using SSL) or the open HTTP standard. At present, the client application does not explicitly warn the end user if the Traveler administrator has chosen the insecure HTTP variant as the transport medium. CVE(s): CVE-2014-6130 Affected product(s) and affected version(s): All releases of IBM Notes Traveler for Android prior to version 9.0.1.3. Refer to the following... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: IBM Tivoli NetView for z/OS (distributed components) affected by multiple vulnerabilities that have been identified in IBM Runtime Environment, Java Technology Edition, Versions 6 & 7 (CVE-2014-4263 and *** --------------------------------------------- Vulnerabilities have been identified in IBM Runtime Environment, Java Technology Edition, Versions 6 and 7, utilized by IBM Tivoli NetView for z/OS distributed components. CVE(s): CVE-2014-4263 and CVE-2014-4244 Affected product(s) and affected version(s): This vulnerability is known to affect IBM Tivoli NetView for z/OS v5.3, 5.4, 6.1, 6.2 & 6.2.1 in certain distributed components. Releases/systems/configurations not known to be affected: IBM Tivoli NetView for... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Freitag 31-10-2014
by Daily end-of-shift report 31 Oct '14

31 Oct '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 30-10-2014 18:00 − Freitag 31-10-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/: CVE-2014-3371 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Security Advisory - Medium Severity - WP eCommerce WordPress Plugin *** --------------------------------------------- If you're using the popular WP eCommerce WordPress plugin (2,900,000 downloads), you should update it right away. During a routine audit for our Website Firewall (WAF), we .. --------------------------------------------- http://blog.sucuri.net/2014/10/security-advisory-medium-severity-wp-ecommer… *** Nordex NC2 XSS Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a cross-site scripting vulnerability in the Nordex Control 2 (NC2) application. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-303-01 *** Meinberg Radio Clocks LANTIME M-Series XSS *** --------------------------------------------- This advisory provides mitigation details for vulnerabilities in the Meinberg Radio Clocks LANTIME M-Series XSS. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-275-01 *** Accuenergy Acuvim II Authentication Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for two authentication vulnerabilities within the Accuenergy AXM-NET Ethernet module's web server. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-275-02 *** [2014-10-31] XXE and XSS vulnerabilities in Scalix Web Access *** --------------------------------------------- Scalix Web Access is vulnerable to XML external entity injection (XXE) and reflected cross site scripting (XSS) attacks. An unauthenticated attacker can get read access to the filesystem of the Scalix Web Access host and thus obtain sensitive information. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Spotting Malicious Injections in Otherwise Benign Code *** --------------------------------------------- Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every day we scan through megabytes of HTML, JS and PHP. It's quite easy to miss something bad, especially .. --------------------------------------------- http://blog.sucuri.net/2014/10/spotting-malicious-injections-in-otherwise-b… *** Setting HoneyTraps with ModSecurity: Adding Fake Cookies *** --------------------------------------------- This blog post continues with the topic of setting "HoneyTraps" within your web applications to catch attackers. Please review the previous posts for more .. --------------------------------------------- http://blog.spiderlabs.com/2014/10/setting-honeytraps-with-modsecurity-addi… *** Facebook geht ins Tor-Netz *** --------------------------------------------- Das soziale Netz will zukünftig eine Nutzung der Dienste auch über das Anonymisierungsnetz Tor möglich machen. Dafür setzt der Konzern einen eigenen Onion-Dienst im Tor-Netz auf. --------------------------------------------- http://www.heise.de/security/meldung/Facebook-geht-ins-Tor-Netz-2440221.html *** Schwachstellen in Samsung Knox *** --------------------------------------------- Bei einer Analyse von der auf vielen Geräten vorinstallierten Security-App Samsung Knox Personal kamen Mängel ans Licht. Der Hersteller erklärte die App für überholt, Ersatz gibt es allerdings nur für zwei aktuelle Spitzengeräte. --------------------------------------------- http://www.heise.de/security/meldung/Schwachstellen-in-Samsung-Knox-2440119… *** Google to kill off SSL 3.0 in Chrome 40 *** --------------------------------------------- Google plans to remove support for the aging Secure Sockets Layer (SSL) version 3.0 protocol in Google Chrome 40, which is expected to ship in about two months.The decision comes after Google security researchers recently discovered a dangerous design flaw in SSL 3.0. Dubbed "POODLE," the vulnerability .. --------------------------------------------- http://www.csoonline.com/article/2841837/application-security/google-to-kil…

1 0

Tageszusammenfassung - Donnerstag 30-10-2014
by Daily end-of-shift report 30 Oct '14

30 Oct '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 29-10-2014 18:00 − Donnerstag 30-10-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** An In-Depth Look Into Malicious Browser Extensions *** --------------------------------------------- Malicious browser extensions bring about security risks as these often lead to system infection and unwanted spamming on Facebook. Based on our data, these attacks have notably affected users in Brazil. We have previously reported that cybercriminals are putting malicious browsers in the official Chrome .. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/mNBK1Z4Uhdo/ *** Cyberangriffe: Neue Spyware kommuniziert über Gmail-Entwürfe *** --------------------------------------------- Eine neue Malware nutzt die Entwurfsfunktion von Googles E-Mail-Dienst, um Befehle zu empfangen und Daten auszulesen. Wer betroffen ist, lässt sich nur schwer feststellen. --------------------------------------------- http://www.golem.de/news/cyberangriffe-neue-spyware-kommuniziert-ueber-gmai… *** SQL-Injection: Sicherheitslücke erlaubt Zugriff auf Sony-Kundendaten *** --------------------------------------------- Eine SQL-Injection-Lücke erlaubt den Zugriff auf Kundendaten des Playstation Networks. Sony wurde bereits vor zwei Wochen über die Sicherheitslücke informiert, sie wurde jedoch bisher nicht geschlossen. Es ist nicht der erste Vorfall im Playstation-Network. --------------------------------------------- http://www.golem.de/news/sql-injection-sicherheitsluecke-erlaubt-zugriff-au… *** Popular Science Website Infected, Serving Malware *** --------------------------------------------- The website of Popular Science magazine was found infecting users with malware via the RIG exploit kit. --------------------------------------------- http://threatpost.com/popular-science-website-infected-serving-malware/1090… *** Poodle: Microsoft "fixt" SSLv3-Verschlüsselung *** --------------------------------------------- Mit einem von Microsoft bereit gestellten "Fix it" kann man den kaputten Verschlüsselungsstandard SSLv3 im Internet Explorer einfach abschalten. Doch die Schnellhilfe hat ihre Tücken. --------------------------------------------- http://www.heise.de/security/meldung/Poodle-Microsoft-fixt-SSLv3-Verschlues… *** Assume 'Every Drupal 7 Site Was Compromised' Unless Patched By Oct. 15 *** --------------------------------------------- The maintainers of the Drupal content management system are warning users that any site owners who haven't patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be .. --------------------------------------------- http://threatpost.com/assume-every-drupal-7-site-was-compromised-unless-pat… *** Cyber Europe 2014: 29 europäische Länder testen Handlungsfähigkeit gegen Cyberattacken *** --------------------------------------------- Gegen grenzüberschreitende Cyber-Bedrohungen arbeiten die Europäische Sicherheitsbehörde ENISA, die EU-Mitgliedsstaaten und die Industrie Hand in Hand. Heute läuten sie Phase 2 des bislang grössten europäischen Cyber-Security-Tests ein. --------------------------------------------- http://www.heise.de/security/meldung/Cyber-Europe-2014-29-europaeische-Laen… *** Grafikkarte funkt Passwörter durch die Gegend *** --------------------------------------------- Forscher haben eine Grafikkarte zum UKW-Sender umfunktioniert, das Monitorkabel dient als Antenne. So können sie Air Gap überwinden und Daten an Geräte senden, die eigentlich gar nicht untereinander vernetzt sind. --------------------------------------------- http://www.heise.de/security/meldung/Grafikkarte-funkt-Passwoerter-durch-di… *** Reflected File Download - A New Web Attack Vector *** --------------------------------------------- On October 2014 as part of my talk at the Black Hat Europe 2014 event, I presented a new web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from trusted .. --------------------------------------------- http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.… *** APT28 - State Sponsored Russian Hacker Group *** --------------------------------------------- Nearly a decade-long cyber espionage group that targeted a variety of Eastern European governments and security-related organizations including the North Atlantic Treaty Organization (NATO) has been exposed by a security research firm. The US intelligence firm FireEye released its latest Advanced Persistent .. --------------------------------------------- http://thehackernews.com/2014/10/APT28-Russian-hacker-cyber-espionage.html *** Ausnutzung der Windows-Sandworm-Lücke eskaliert *** --------------------------------------------- Kriminelle nutzen die zunächst im Rahmen gezielter Attacken auf NATO-Einrichtungen und Regierungen eingesetzte Sicherheitslücke in Windows nun, um grossflächig Online-Banking-Trojaner zu verteilen. --------------------------------------------- http://www.heise.de/security/meldung/Ausnutzung-der-Windows-Sandworm-Luecke…

1 0

Tageszusammenfassung - Mittwoch 29-10-2014
by Daily end-of-shift report 29 Oct '14

29 Oct '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 28-10-2014 18:00 − Mittwoch 29-10-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** The dangers of opening suspicious emails: Crowti ransomware *** --------------------------------------------- The Microsoft Malware Protection Center (MMPC) has seen a spike in number of detections for threats in the Win32/Crowti ransomware this month as the result of new malware campaigns. Crowti is a family of ransomware that when encountered will attempt to encrypt the files on your PC, and then ask for payment .. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/10/28/the-dangers-of-opening-s… *** Ongoing Sophisticated Malware Campaign Compromising ICS *** --------------------------------------------- NCCIC/ICS-CERT has identified a sophisticated malware campaign that has compromised numerous industrial control systems (ICSs) environments using a variant of the BlackEnergy malware. Analysis indicates that this campaign has .. --------------------------------------------- https://ics-cert.us-cert.gov//alerts/ICS-ALERT-14-281-01 *** Multiple vulnerabilities in Tuleap *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014100177 http://cxsecurity.com/issue/WLB-2014100176 http://cxsecurity.com/issue/WLB-2014100175 *** Weisses Haus: Russische Hacker angeblich in US-Regierungsnetz eingedrungen *** --------------------------------------------- Angriffe auf die Computernetze von Regierungen kommen weltweit tagtäglich vor. Hackern ist es nun offenbar gelungen, in das nicht abgeschirmte Netz des Weissen Hauses einzudringen. --------------------------------------------- http://www.golem.de/news/weisses-haus-russische-hacker-angeblich-in-us-regi… *** Microsoft integriert Data Loss Prevention in Cloud- und Office-Produkte *** --------------------------------------------- Mit der Ausweitung seiner Sicherheits-Features auf weitere Produkte und Dienste will der Redmonder Konzern für Unternehmen den Verlust vertraulicher Daten weitestmöglich einschränken. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-integriert-Data-Loss-Prevent… *** [2014-10-29] Multiple critical vulnerabilities in Vizensoft Admin Panel *** --------------------------------------------- Attackers are able to completely compromise the web application built upon Vizensoft CMS as they can gain access to the system and database level and manage the website as an admin without prior authentication. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-10-29] Persistent cross site scripting in Confluence RefinedWiki Original Theme *** --------------------------------------------- By exploiting this vulnerability, users that are able to create or edit content, can attack other users of confluence. An attacker might be able to gain access to otherwise protected information in confluence. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Codeausführung: FTP-Client-Lücke in BSDs, Mac OS X und Linux-Distributionen *** --------------------------------------------- Eine Sicherheitslücke in dem FTP-Client von NetBSD erlaubt mit einem angepassten Server das Ausführen von Code auf dem Rechner. Betroffen davon sind wohl verschiedene BSD-Derivate, Mac OS X sowie Linux-Distributionen. Ein Patch steht bereit. --------------------------------------------- http://www.golem.de/news/codeausfuehrung-ftp-client-luecke-in-bsds-mac-os-x… *** Threat Introduced via Browser Extensions *** --------------------------------------------- We love investigating unusual hacks. There are so many ways to compromise a website, but often it's the same thing. When we see malicious code on web pages, our usual suspects are: Vulnerabilities in website software Trojanized software .. --------------------------------------------- http://blog.sucuri.net/2014/10/threat-introduced-via-browser-extensions.html *** AirHopper: Offline-PC schickt Passwort per UKW an Offline-Handy *** --------------------------------------------- Israelische Security-Forscher haben einen neuen Weg für eine Seitenkanalattacke auf PCs gefunden. Mit einem Smartphone und einem Desktoprechner, die beide keine Onlineverbindung haben, können sie ein eingetipptes Passwort mitlesen. --------------------------------------------- http://www.golem.de/news/airhopper-offline-pc-schickt-passwort-per-ukw-an-o…

1 0

Tageszusammenfassung - Dienstag 28-10-2014
by Daily end-of-shift report 28 Oct '14

28 Oct '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 27-10-2014 18:00 − Dienstag 28-10-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** ddosfrei.de: neue Providerinitiative für sichere Server *** --------------------------------------------- Mit über 3.500 Angriffen pro Jahr zählen DDoS-Attacken (Distributed Denial of Service-Attacken) laut dem Bundesamt für Sicherheit in der Informationstechnik (BSI) zu den grössten Gefahren für die IT-Sicherheit in Deutschland, Tendenz steigend. Dabei handelt es sich um von vielen Rechnern gleichzeitig erfolgende .. --------------------------------------------- http://www.eco.de/2014/news/ddosfrei-de-neue-initiative-fuer-sichere-server… *** TA14-300A: Phishing Campaign Linked with "Dyre" Banking Malware *** --------------------------------------------- Since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware. Elements of this phishing campaign vary from target to target including senders, attachments, exploits, themes, and payload(s) .. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA14-300A *** wget Default FTP Retrieval Method Lets Remote Users Create Arbitrary Files and Directories *** --------------------------------------------- http://www.securitytracker.com/id/1031121 *** TSX improves timing attacks against KASLR *** --------------------------------------------- Mega biblion mega kakon .. and similarly a long blog is a nuisance, so I managed to squeeze the essence of it into a single sentence, the title. If it is not entirely clear, read on. SMEP A typical privilege escalation exploit based on a kernel vulnerability works by corrupting the kernel .. --------------------------------------------- http://labs.bromium.com/2014/10/27/tsx-improves-timing-attacks-against-kasl… *** Immer Ärger mit Samsung-Dienst "Find My Mobile" *** --------------------------------------------- Erneut wurde ein Sicherheitsproblem in dem Dienst bekannt. Durch die Schwachstelle können Angreifer die Android-Geräte von Samsung unter Umständen aus der Ferne mit einem beliebigen Code sperren. --------------------------------------------- http://www.heise.de/security/meldung/Immer-Aerger-mit-Samsung-Dienst-Find-M… *** Verizon: Permaä-Cookie in manipulierten Datenpaketen *** --------------------------------------------- Die Datenpakete der Kunden des US-Mobilfunkanbieters Verizon enthalten eine eindeutige Identifikationsnummer. Damit sollen einzelne Personen von Verizons Werbekunden identifiziert werden können. Die Aktion läuft bereits seit zwei Jahren, wurde jedoch erst jetzt aufgedeckt. --------------------------------------------- http://www.golem.de/news/verizon-perma-cookie-in-manipulierten-datenpaketen… *** Untersuchung: Deutlich mehr Phishing-Attacken auf Apple-Nutzer *** --------------------------------------------- Laut einem Sicherheitsunternehmen nahmen die Angriffe auf iCloud- und iTunes-Konten im letzten Quartal um fast 250 Prozent zu. --------------------------------------------- http://www.heise.de/security/meldung/Untersuchung-Deutlich-mehr-Phishing-At… *** VB2014 paper: Hiding the network behind the network. Botnet proxy business model *** --------------------------------------------- Cristina Vatamanu and her colleagues describe how botherders keep their C&C servers hidden.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added Hiding the network behind the network. Botnet proxy business model .. --------------------------------------------- http://www.virusbtn.com/blog/2014/10_28.xml

1 0

Tageszusammenfassung - Montag 27-10-2014
by Daily end-of-shift report 27 Oct '14

27 Oct '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 24-10-2014 18:00 − Montag 27-10-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** OpenBSD ELF denial of service *** --------------------------------------------- OpenBSD is vulnerable to a denial of service. A local attacker could exploit this vulnerability using a malicious ELF executable to cause a kernel panic. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/97747 *** A Tale of Two Powerpoint Vulnerabilities *** --------------------------------------------- It's been already a week after the announcement of the CVE-2014-4114 vulnerability, and the tally of the exploiters have only increased. There are even .. --------------------------------------------- http://www.f-secure.com/weblog/archives/00002756.html *** Amplification DDoS attacks most popular, according to Symantec *** --------------------------------------------- The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August. --------------------------------------------- http://www.scmagazine.com/distributed-denial-of-service-attacks-are-increas… *** OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes *** --------------------------------------------- ownCloud developer Lukas Reschke has sent an email to the Ubuntu Devel mailing list, requesting that ownCloud (server) is removed from the Ubuntu repositories because the package is old and there are multiple critical security bugs for .. --------------------------------------------- http://linux.slashdot.org/story/14/10/25/0046256/owncloud-dev-requests-remo… *** iTunes 12.0.1 for Windows DLL Hijacking *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014100154 *** Shellshock-Angriffe auf Mailserver *** --------------------------------------------- Nach Informationen von heise Security versuchen Cyber-Kriminelle derzeit vermehrt, durch die Shellshock-Lücken in Mailserver einzudringen. Server-Betreiber sollten umgehend handeln. --------------------------------------------- http://www.heise.de/security/meldung/Shellshock-Angriffe-auf-Mailserver-243… *** WordPress Count-per-Day Plugin (notes.php) Remote Code Upload *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014100161 *** WordPress Download Manager Plugin Arbitrary File Download *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014100160 *** Sipgate und Fidor Bank: DDoS-Angriffe waren Erpressungsversuch *** --------------------------------------------- Mit dem gross angelegten DDoS-Angriff gegen Sipgate sollte Geld erpresst werden. Auch die Fidor Bank aus München war betroffen. --------------------------------------------- http://www.golem.de/news/sipgate-und-fidor-bank-ddos-angriffe-waren-erpress… *** ASP Backdoors? Sure! It's not just about PHP *** --------------------------------------------- I recently came to the realization that it might appear that we're partial to PHP and WordPress. This realization has brought about an overwhelming need to correct that perception. While they do make up an interesting percentage, there are various .. --------------------------------------------- http://blog.sucuri.net/2014/10/asp-backdoors-its-not-all-about-php.html

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily