Daily

daily@lists.cert.at

1 participants
3190 discussions

Tageszusammenfassung - Freitag 3-10-2014
by Daily end-of-shift report 03 Oct '14

03 Oct '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 02-10-2014 18:00 − Freitag 03-10-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Why is your Mac all for sudden using Bing as a search engine?, (Thu, Oct 2nd) *** --------------------------------------------- Even as a Mac user, you may have heard about Bing, at least you may have seen it demonstrated in commercials [1]. But if your default search engine on your Mac is all for sudden switched to Bing, this may be due to another piece of legacy software that some Mac users may have a hard time living .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18753 *** ZDI-14-349: (0Day) Microsoft Internet Explorer ScriptEngine Use-After-Free Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-349/ *** ZDI-14-346: (0Day) Apple OS X IOHIDSecurePromptClient Denial Of Service Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-346/ *** Security incidents are up - and pricier! - but infosec budgets are dwindling *** --------------------------------------------- The number of security incidents is popping, as are associated costs to mop them up, according to a report from PcW. Global corporate security budgets, meanwhile, seem to be hiding in the closet, just hoping it all goes away. --------------------------------------------- http://nakedsecurity.sophos.com/2014/10/03/security-incidents-are-up-and-pr… *** OPSec for security researchers *** --------------------------------------------- Perfect OPSec is almost impossible. However implementing basic OPSec practices should become second nature for every researcher. You will be more careful and hopefully, avoid rookie mistakes like talking too much and bragging about your research. --------------------------------------------- https://securelist.com/blog/research/66911/opsec-for-security-researchers/ *** BadUSB: Der USB-Stick als digitale Waffe *** --------------------------------------------- Speicher gibt sich als anderes Gerät aus - Forscher veröffentlichen Anleitung und Werkzeuge im Internet --------------------------------------------- http://derstandard.at/2000006383347 *** US-Bericht: Über 80 Millionen Konten bei JPMorgan von Hacker-Angriff betroffen *** --------------------------------------------- Bei dem im August aufgedeckten Großangriff auf US-Amerikanische Banken, konten Hacker offenbar detaillierte Informationen von Kunden erbeuten. --------------------------------------------- http://www.heise.de/security/meldung/US-Bericht-Ueber-80-Millionen-Konten-b… *** Bugtraq: Elasticsearch vulnerability CVE-2014-6439 *** --------------------------------------------- http://www.securityfocus.com/archive/1/533602 *** HPSBMU02895 SSRT101253 rev.3 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Command-injection vulnerability for COMMAND-Shell Scripts *** --------------------------------------------- What if we told you that a normal user in your network could take over the control of your Windows file-servers by just creating a special (but no so complex) directory-name in one of the directories he has access to? --------------------------------------------- http://www.thesecurityfactory.be/command-injection-windows.html

1 0

Tageszusammenfassung - Donnerstag 2-10-2014
by Daily end-of-shift report 02 Oct '14

02 Oct '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 01-10-2014 18:00 − Donnerstag 02-10-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** The Shellshock Aftershock for NAS Administrators *** --------------------------------------------- Summary FireEye has been monitoring Shellshock-related attacks closely since the vulnerability was first made public last week. Specifically, FireEye has observed attackers attempting to exploit the BASH remote code injection vulnerability against Network Attached Storage systems (NAS). These attacks .. --------------------------------------------- http://www.fireeye.com/blog/technical/2014/10/the-shellshock-aftershock-for… *** ZDI-14-335: Hewlett-Packard Network Node Manager ovopi.dll Stack Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Network Node Manager. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-335/ *** Vulnerabilities in Citrix Access Gateway Plug-in for Windows could result in arbitrary code execution *** --------------------------------------------- Vulnerabilities have been identified in an ActiveX based component of the Citrix Access Gateway Plug-in for Windows. The vulnerabilities, .. --------------------------------------------- http://support.citrix.com/article/CTX129902 *** The Mac.BackDoor.iWorm threat in detail *** --------------------------------------------- Doctor Webs security researchers have dissected the complex malicious program Mac.BackDoor.iWorm, a threat affecting computers running Mac OS X. As of September 29, 2014, 18,519 unique IP addresses were used by infected computers to connect the botnet created by hackers using this backdoor. The backdoor is unpacked into the directory /Library/Application Support/JavaW. Furthermore, using .. --------------------------------------------- http://news.drweb.com/show/?i=5977&lng=en&c=9 *** New Mac OS X botnet discovered *** --------------------------------------------- Doctor Webs security experts researched several new threats to Mac OS X. One of them turned out to be a complex multi-purpose backdoor that entered the virus database as Mac.BackDoor.iWorm. Criminals can issue commands that get this program to carry out a wide range of instructions on the infected machines. A statistical .. --------------------------------------------- http://news.drweb.com/show/?i=5976&lng=en&c=9 *** Norton Security: Symantec bestätigt Ende von Norton Antivirus *** --------------------------------------------- Norton Antivirus wird es als Einzelprodukt von Symantec nicht mehr geben. Nur bestehende Einzellizenzen lassen sich verlängern. --------------------------------------------- http://www.golem.de/news/norton-security-symantec-bestaetigt-ende-von-norto… *** Google zahlt 15.000 US-Dollar für Chrome-Exploits *** --------------------------------------------- Das Unternehmen hat die Maximalsumme verdreifacht, die es an Entdecker von Chrome-Lücke auszahlt. Ausserdem winkt nun ein Eintrag in die Google Hall of Fame. --------------------------------------------- http://www.heise.de/security/meldung/Google-zahlt-15-000-US-Dollar-fuer-Chr…

1 0

Tageszusammenfassung - Mittwoch 1-10-2014
by Daily end-of-shift report 01 Oct '14

01 Oct '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 30-09-2014 18:00 − Mittwoch 01-10-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** How RAM Scrapers Work: The Sneaky Tools Behind the Latest Credit Card Hacks *** --------------------------------------------- In the world of hacking, every malicious tool has its heyday---that period when it rules the underground forums and media headlines and is the challenger keeping computer security pros on their toes. Viruses and worms have each had their day in the spotlight. Remote-access Trojans, which allow a hacker to .. --------------------------------------------- http://www.wired.com/2014/09/ram-scrapers-how-they-work/ *** Node.js eval() code execution *** --------------------------------------------- Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of input prior to being used in an eval() call. An attacker could exploit this vulnerability to inject and execute arbitrary PHP code on the system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/96728 *** Advertising firms struggle to kill malvertisements *** --------------------------------------------- One provider finds a vulnerable advertising tool that allowed attackers access .. --------------------------------------------- http://arstechnica.com/security/2014/09/advertising-firms-struggle-to-kill-… *** Gedanken nach meinem shellshock *** --------------------------------------------- Zum Thema Shellshock ist mir heute nach diesem Artikel wiederholt richtig klar geworden, dass das ganze dieses mal nicht so einfach ist wie Heartbleed - die Diversität mit der sich bash bugs (bzw. shell mis-interpretationen) verstecken ist interessant!Nach lesen des Artikels kann man sich .. --------------------------------------------- http://www.cert.at/services/blog/20140930221128-1263.html *** Several vulnerabilities in extension phpMyAdmin (phpmyadmin) *** --------------------------------------------- It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting and Cross-Site Request Forgery. --------------------------------------------- http://www.typo3.org/news/article/several-vulnerabilities-in-extension-phpm… *** Splunk Enterprise 6.1.4 and 5.0.10 address four vulnerabilities *** --------------------------------------------- Splunk Enterprise versions 6.1.4 and 5.0.10 address the following vulnerabilities: OpenSSL TLS protocol downgrade attack (SPL-88585, SPL-88587, SPL-88588, CVE-2014-3511) Persistent cross-site scripting (XSS) via .. --------------------------------------------- http://www.splunk.com/view/SP-CAAANHS *** Attackers exploiting Shellshock (CVE-2014-6721) in the wild *** --------------------------------------------- Yesterday, a new vulnerability affecting Bash (CVE-2014-6271) was published. The new vulnerability allows attackers to execute arbitrary commands formatting an environmental variable using a specific format. It affects Bash (the Bourne Again SHell), the default command shell for Linux and .. --------------------------------------------- https://www.alienvault.com/open-threat-exchange/blog/attackers-exploiting-s… *** TimThumb is No Longer Supported or Maintained *** --------------------------------------------- http://www.binarymoon.co.uk/2014/09/timthumb-end-life/ *** Multiple vulnerabilities in HP products *** --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Multiple product vulnerabilities: all TP-Link "2-series" switches, all TP-Link VxWorks-based product *** --------------------------------------------- Telnet is available and cannot be disabled (confirmed by vendor) SSHv1 enabled by default if SSH is enabled (confirmed by vendor) --------------------------------------------- http://seclists.org/fulldisclosure/2014/Oct/6 *** SchneiderWEB Server Directory Traversal Vulnerability *** --------------------------------------------- This advisory provides firmware updates for a directory traversal vulnerability in Schneider Electric's SchneiderWEB, a web HMI. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-273-01 *** Rockwell Micrologix 1400 DNP3 DOS Vulnerability *** --------------------------------------------- This advisory provides a Rockwell Automation firmware revision that mitigates .. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-254-02 *** Firefox/Chrome: BERserk hätte verhindert werden können *** --------------------------------------------- Die Sicherheitslücke BERserk ist nur deshalb ein Problem, weil einige Zertifizierungsstellen sich nicht an gängige Empfehlungen für RSA-Schlüssel halten. Mit BERserk akzeptieren Firefox und Chrome gefälschte Zertifikate. --------------------------------------------- http://www.golem.de/news/firefox-chrome-berserk-haette-verhindert-werden-ko… *** Studie: Malware ist Hauptgefährdung für Unternehmens-IT *** --------------------------------------------- Laut der aktuellen /Microsoft-Sicherheitsstudie hat die Bedrohung der Unternehmens-IT durch Malware die bisherige Nummer .. --------------------------------------------- http://www.heise.de/security/meldung/Studie-Malware-ist-Hauptgefaehrdung-fu… *** Sicherheitslücke in Xen-Hypervisor betraf Cloud-Anbieter *** --------------------------------------------- Ein Programmierfehler in der Virtualisierungssoftware zwang Amazon und Rackspace, zahlreiche virtuelle Maschinen neu zu starten. Inzwischen ist die Lücke in der freien Software geschlossen. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsluecke-in-Xen-Hypervisor-be… *** Critical FreePBX RCE Vulnerability (ALL Versions) *** --------------------------------------------- We have been made aware of a critical Zero-Day Remote Code Execution and Privilege Escalation exploit within the legacy 'FreePBX ARI Framework module/Asterisk Recording Interface (ARI)'. This affects any user who has installed FreePBX prior to version .. --------------------------------------------- http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versi…

1 0

Tageszusammenfassung - Dienstag 30-09-2014
by Daily end-of-shift report 30 Sep '14

30 Sep '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-09-2014 18:00 − Dienstag 30-09-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** JSA10648 - 2014-09 Out of Cycle Security Bulletin: Multiple Products: Shell Command Injection Vulnerability in Bash *** --------------------------------------------- Last Updated: 29 Sep 2014 --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10648 *** We Take Your Privacy and Security. Seriously. *** --------------------------------------------- "Please note that [COMPANY NAME] takes the security of your personal data very seriously." If youve been on the Internet for any length of time, chances are very good that youve received at least one breach notification email or letter that includes some version of this obligatory line. But as far as lines go, this one is about as convincing as the classic break-up line, "Its not you, its me." --------------------------------------------- http://krebsonsecurity.com/2014/09/we-take-your-privacy-and-security-seriou… *** Splunk response to "shellshock" vulnerabilities *** --------------------------------------------- Description Splunk response to "shellshock" vulnerabilities: Splunk Enterprise response to Bash "shellshock" parsing attack (CVE-2014-6271, CVE-2014-7169) Splunk Enterprise response to Bash "shellshock" parsing attack (CVE-2014-6271, CVE-2014-7169) Splunk Cloud response to Bash "shellshock" parsing attack (CVE-2014-6271, CVE-2014-7169) Splunk MINT response to Bash "shellshock" parsing attack (CVE-2014-6271, CVE-2014-7169) Splunk Storm response... --------------------------------------------- http://www.splunk.com/view/SP-CAAANJN *** WPScan Vulnerability Database a New WordPress Security Resource *** --------------------------------------------- Researcher Ryan Dewhurst released the WPScan Vulnerability Database, a database housing security vulnerabilities in WordPress core code, plug-ins and themes. Its available for pen-testers, WordPress administrators and developers. --------------------------------------------- http://threatpost.com/wpscan-vulnerability-database-a-new-wordpress-securit… *** Cisco WebEx Meetings Server Arbitrary Download Vulnerability *** --------------------------------------------- CVE-2014-3395 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** MMD-0027-2014 - Linux ELF bash 0day (shellshock): The fun has only just begun... *** --------------------------------------------- Background: CVE-2014-6271 + CVE-2014-7169 During the mayhem of bash 0day remote execution vulnerability CVE-2014-6271 and CVE-2014-7169, not for bragging but as a FYI, I happened to be the first who reversed for the first ELF malware spotted used in the wild. The rough disassembly analysis and summary I wrote and posted in Virus Total & Kernel Mode here --> [-1-] [-2-] credit) (the credit is all for her for links to find this malware, for the swift sensoring & alert, and thanks for... --------------------------------------------- http://blog.malwaremustdie.org/2014/09/linux-elf-bash-0day-fun-has-only-jus… *** gnome-shell printscreen key security bypass *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/96713 *** Apple schließt Shellshock-Lücken in OS X - teilweise *** --------------------------------------------- Update für die Unix-Shell Bash veröffentlicht - Scheint aber nur die ersten zwei aufgetauchten Lücken zu bereinigen --------------------------------------------- http://derstandard.at/2000006210412 *** remote syslog PRI vulnerability *** --------------------------------------------- Sysklogd is mildly affected. Having a quick look at the current git master branch, the wrong action may be applied to messages with invalid facility. ... Rsyslogd experiences the same problem as sysklogd. However, more severe effects can occur, BUT NOT WITH THE DEFAULT CONFIGURATION. The most likely and thus important attack is a remote DoS. Some of the additional tables are writable and can cause considerable misadressing. ... --------------------------------------------- http://www.rsyslog.com/security-advisories/ *** [20140904] - Core - Denial of Service *** --------------------------------------------- Project: Joomla! SubProject: CMS Severity: Low Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4 Exploit type: Denial of Service Reported Date: 2014-September-24 Fixed Date: 2014-September-30 CVE Number: CVE-2014-7229 Description Inadequate checking allowed the potential for a denial of service attack. Affected Installs Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4 Solution Upgrade to version 2.5.26, 3.2.6, or... --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/MWxjsJYnk9U/596-20140904-c… *** [20140903] - Core - Remote File Inclusion *** --------------------------------------------- Project: Joomla! SubProject: CMS Severity: Moderate Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4 Exploit type: Remote File Inclusion Reported Date: 2014-September-24 Fixed Date: 2014-September-30 CVE Number: CVE-2014-7228 Description Inadequate checking allowed the potential for remote files to be executed. Affected Installs Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4 Solution Upgrade to version 2.5.26,... --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/NTyZcpJMN00/595-20140903-c… *** IBM Sterling Connect:Direct for UNIX is affected by multiple OpenSSL vulnerabilities(CVE-2014-3508, CVE-2014-3511) *** --------------------------------------------- Security vulnerabilities have been discovered in OpenSSL that were reported on 6 August 2014 by the OpenSSL Project. CVE(s): CVE-2014-3508 and CVE-2014-3511 Affected product(s) and affected version(s): IBM Sterling Connect:Direct for UNIX 4.0.00 - All versions prior to 4.0.00 Fix 131 IBM Sterling Connect:Direct for UNIX 4.1.0 - All versions prior to 4.1.0.4 iFix 33 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_sterling_connect_… *** IBM Security Bulletin: Open Redirection in IBM Tivoli Federated Identity Manager (CVE-2014-3097) *** --------------------------------------------- In certain cases, IBM Tivoli Federated Identity Manager does not handle end user provided data before using that data to construct an HTTP redirect request. CVE(s): CVE-2014-3097 Affected product(s) and affected version(s): IBM Tivoli Federated Identity Manager 6.2.0, 6.2.1, 6.2.2 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21684852 X-Force Database:... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: Vulnerabilities in Bash affect IBM InfoSphere Guardium Database Activity Monitoring (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) *** --------------------------------------------- Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as "Bash Bug" or "Shellshock" and two memory corruption vulnerabilities. Bash is used by IBM InfoSphere Guardium Database Activity Monitoring. CVE(s): CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE-2014-6278 Affected product(s) and affected version(s):... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: Shell command injection and cross-site scripting vulnerabilities in Access Manager for Mobile and Access Manager for Web (CVE-2014-4823, CVE-2014-6079) *** --------------------------------------------- IBM Security Access Manager for Mobile and IBM Security Access Manager for Web could be affected by a command injection vulnerability and allow a cross site scripting attack. CVE(s): CVE-2014-4823 and CVE-2014-6079 Affected product(s) and affected version(s): IBM Security Access Manager for Mobile 8. - Firmware versions 8.0.0.0, 8.0.0.1, 8.0.0.3, and 8.0.0.4. IBM Security Access Manager for Web 7.0 and 8.0 - Firmware versions 7.0, 7.0.0.1, 7.0.0.2, 7.0.0.3, 7.0.0.4, 7.0.0.5, 7.0.0.6,... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: Denial of Service when using e-community single sign on in IBM Security Access Manager for Web (CVE-2014-4809) *** --------------------------------------------- When using e-community single sign on (ECSSO), the WebSEAL component of IBM Security Access Manager for Web could become unresponsive under certain circumstances, possibly resulting in denial of service. CVE(s): CVE-2014-4809 Affected product(s) and affected version(s): IBM Security Access Manager for Web version 7.0 appliance: All firmware versions. IBM Security Access Manager for Web version 8.0: Firmware versions 8.0.0.2, 8.0.0.3, and 8.0.0.4 Refer to the following reference URLs for... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** Abgeschlossen: Wartungsarbeiten Dienstag 30. September 2014 *** --------------------------------------------- Update: Die Wartungsarbeiten wurden gegen 10h abgeschlossen; insgesamt kam es zu Ausfallszeiten von etwa 15 Minuten. --------------------------------------------- http://www.cert.at/services/blog/20140929105226-1254.html

1 0

Tageszusammenfassung - Montag 29-09-2014
by Daily end-of-shift report 29 Sep '14

29 Sep '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 26-09-2014 18:00 − Montag 29-09-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Wartungsarbeiten Dienstag 30. September 2014 *** --------------------------------------------- Wir werden am Dienstag, 30. Sep. 2014, ab etwa 9h, Wartungsarbeiten an unserer Firewall vornehmen. Dadurch wird es zu Ausfällen aller öffentlich erreichbaren Internet-Services von CERT.at (zum Beispiel Webserver, Mail, Mailing-Listen, RSS-/Atom-Feeds etc.) kommen. Mails gehen selbstverständlich in dieser Zeit nicht verloren, es kann nur zu Verzögerungen bei Zustellung/Beantwortung kommen. Für die Webseite wird... --------------------------------------------- http://www.cert.at/services/blog/20140929105226-1254.html *** Vuln: Go TLS Server Implementation Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/70156 *** Oracle - Alert for CVE-2014-7169 "Bash" *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-23032… *** Bash Command Injection Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a vulnerability in Bash, which is part of Unix-based operating systems. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-14-269-01 *** Shellshock: Immer mehr Lücken in Bash *** --------------------------------------------- Die ersten Fehlerkorrekturen für die Shellshock-Lücke in Bash waren unvollständig. Inzwischen ist von fünf verschiedenen Sicherheitslücken die Rede. --------------------------------------------- http://www.golem.de/news/shellshock-immer-mehr-luecken-in-bash-1409-109483-… *** DSA-3038 libvirt *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3038 *** Shellshock in the Wild *** --------------------------------------------- Michael Lin, James Bennett and David Bianco The exploitation of the BASH bug, now widely referred to as "Shellshock", is in full swing. Attackers have mobilized - multiple proof-of-concept scripts are available, including a Metasploit module, making this vulnerability very accessible. The... --------------------------------------------- http://www.fireeye.com/blog/uncategorized/2014/09/shellshock-in-the-wild.ht… *** iOS 8: Nutzung zufallsgenerierter MAC-Adressen ist eingeschränkt *** --------------------------------------------- Apples iOS 8 bringt eine Sicherheitsfunktion mit, die dem Nutzer mehr Anonymität verschaffen soll. Die Geräte mit iOS 8 wechseln ständig die MAC-Adresse, so dass ein Tracken individueller Nutzer unmöglich wird. Doch nicht jedes iOS-8-fähige Gerät kann das. --------------------------------------------- http://www.golem.de/news/ios-8-nutzung-zufallsgenerierter-mac-adressen-ist-… *** Fraud shop OVERSTOCKED with stolen credit cards *** --------------------------------------------- Supply, meet demand: prices crash Infamous carding store Rescator.cc is so chock-full of stolen credit cards from recent high-profile breaches that its gutting its prices due to overstocking. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/09/29/fraud_shop_… *** AVM: Sicherheitslücke in Fritzbox wird wieder ausgenutzt *** --------------------------------------------- Fritzbox-Nutzer, die die gepatchte Sicherheitslücke für unerlaubten Fernzugriff nicht geschlossen haben, werden wieder angegriffen. AVM rät, die Patches jetzt schnell aufzuspielen, doch eine Auto-Updatefunktion gibt es noch nicht lange. --------------------------------------------- http://www.golem.de/news/avm-alte-sicherheitsluecke-in-fritzbox-wird-wieder… *** HPSBNS03111 rev.1 - HP NonStop Servers running Bash Shell, Remote Code Execution *** --------------------------------------------- A potential security vulnerability has been identified with HP NonStop Servers running Bash Shell . This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** DHCP Client Bash Environment Variable Code Injection *** --------------------------------------------- Topic: DHCP Client Bash Environment Variable Code Injection Risk: High Text:## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-fr... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014090152 *** LSE entdeckt kritische Schwachstelle in Perl *** --------------------------------------------- Mit der vom Identity-Management-Experten festgestellten Lücke in der Spracherweiterung Data::Dumper soll sich durch Anlegen großer Datenstrukturen ein Stack Overflow erzeugen lassen. --------------------------------------------- http://www.heise.de/security/meldung/LSE-entdeckt-kritische-Schwachstelle-i… *** HTTPS: Kostenlose TLS-Verschlüsselung bei Cloudflare *** --------------------------------------------- Cloudflare aktiviert künftig bei allen Kunden kostenlos verschlüsselte HTTPS-Verbindungen. Damit verdoppelt sich die Zahl der Webseiten im Netz, die verschlüsselt erreichbar sind. --------------------------------------------- http://www.golem.de/news/https-kostenlose-tls-verschluesselung-bei-cloudfla… *** iOS 8 verrät Drittanbieter-Apps, mit wem man telefoniert *** --------------------------------------------- Die beiden Forscher Andreas Kurtz und Markus Troßbach haben jede Menge Lücken in iOS entdeckt, durch die Drittanbieter-Apps etwa heimlich Fotos schießen oder das Telefonieverhalten ausspionieren können. Einige davon hat Apple geschlossen - andere nicht. --------------------------------------------- http://www.heise.de/security/meldung/iOS-8-verraet-Drittanbieter-Apps-mit-w… *** FBI to Open Up Malware Investigator Portal to External Researchers *** --------------------------------------------- SEATTLE - The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. --------------------------------------------- http://threatpost.com/fbi-to-open-up-malware-investigator-portal-to-externa… *** Shellshock: A Collection of Exploits seen in the wild, (Mon, Sep 29th) *** --------------------------------------------- Ever since the shellshock vulnerablity has been announced, we have seen a large number of scans probing it. Here is a quick review of exploits that our honeypots and live servers have seen so far: 1 - Simple "vulnerability checks" that used custom User-Agents: () { 0v3r1d3;};echo \x22Content-type: text/plain\x22; echo; uname -a; () { :;}; echo Shellshock: Vulnerable () { :;};echo content-type:text/plain;echo;echo [random string];echo;exit () { :;}; /bin/bash -c "echo --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18725&rss

1 0

Tageszusammenfassung - Freitag 26-09-2014
by Daily end-of-shift report 26 Sep '14

26 Sep '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 25-09-2014 18:00 − Freitag 26-09-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Patching Bash Vulnerability a Challenge for ICS, SCADA *** --------------------------------------------- Experts are concerned that many Linux-based industrial control systems and embedded systems could be too steep a patching challenge and remain in the crosshairs of the Bash vulnerability. --------------------------------------------- http://threatpost.com/patching-bash-vulnerability-a-challenge-for-ics-scada… *** Bash Vulnerability (Shellshock) Exploit Emerges in the Wild, Leads to BASHLITE Malware *** --------------------------------------------- Just several hours after the news on the bash vulnerability (covered under CVE-2014-7169) broke out; it was reportedly being exploited in the wild already. This vulnerability can allow execution of arbitrary code thus compromising the security of systems. Some of the possible scenarios that attackers can do range from changing the contents of web server and... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/-OM1T28JyB8/ *** Linux ELF bash 0day: The fun has only just begun... *** --------------------------------------------- Background: CVE-2014-6271 + CVE-2014-7169 During the mayhem of bash 0day remote execution vulnerability CVE-2014-6271 and CVE-2014-7169, not for bragging but as a FYI, I happened to be the first who reversed for the first ELF malware spotted used in the wild. The assembly analysis and summary I wrote and posted in here --> [-1-] [-2-] The fun has only just begun...Yes. Today I was informed there is another payload distributed, thanks to my good friend, Father Robin Jackson (credit): Which... --------------------------------------------- http://blog.malwaremustdie.org/2014/09/linux-elf-bash-0day-fun-has-only-jus… *** Bad boy builds beastly Bash bug botnet - boxen battered *** --------------------------------------------- DDoS zombie army found in the wild hours after flaw surfaces Mere hours after its discovery, the Shell Shock Bash vulnerability was exploited by an attacker to build a botnet. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/09/26/bad_guy_bui… *** Vulnerabilities in LibVNCServer *** --------------------------------------------- --------------------------------------------- LibVNCServer CVE-2014-6054 Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/70094 --------------------------------------------- libVNCserver CVE-2014-6051 Integer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/70093 --------------------------------------------- LibVNCServer CVE-2014-6053 Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/70092 --------------------------------------------- LibVNCServer CVE-2014-6052 Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/70091 *** JSA10648 - 2014-09 Out of Cycle Security Bulletin: Multiple Products: Shell command injection vulnerability in Bash (CVE-2014-6271, CVE-2014-7169) *** --------------------------------------------- Products vulnerable to remote exploitation risks: Junos Space is vulnerable in all versions. JSA Series (STRM) devices are vulnerable in all versions. --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10648&actp=RSS *** GNU Bash Environmental Variable Command Injection Vulnerability *** --------------------------------------------- cisco-sa-20140926-bash --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** DSA-3035 bash *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3035 *** TYPO3-EXT-SA-2014-011: Several vulnerabilities in extension phpMyAdmin (phpmyadmin) *** --------------------------------------------- It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting and Cross-Site Request Forgery. --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… *** Bugtraq: [SECURITY] [DSA 3036-1] mediawiki security update *** --------------------------------------------- [SECURITY] [DSA 3036-1] mediawiki security update --------------------------------------------- http://www.securityfocus.com/archive/1/533552

1 0

Tageszusammenfassung - Donnerstag 25-09-2014
by Daily end-of-shift report 25 Sep '14

25 Sep '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 24-09-2014 18:00 − Donnerstag 25-09-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Shellshock Bash Vulnerability *** --------------------------------------------- Current event - 1.0 of post This is a current event and as such this blog post is subject to change over the course of the next few days as we perform further supplementary research and analysis by NCC Group's Cyber Defence Operations and Security Consulting divisions. v1.0 - initial version Background Yesterday (24 September) CVE-2014-6271 was released with a corresponding patch for Bash (a common Linux shell). The risk arises from this vulnerability because of certain use cases. The use... --------------------------------------------- https://www.nccgroup.com/en/blog/2014/09/shellshock-bash-vulnerability/ *** Update on CVE-2014-6271: Vulnerability in bash (shellshock), (Thu, Sep 25th) *** --------------------------------------------- (this diary will be updated with links to relevant resources shortly) Yesterday, a vulnerability in bash was announced, that was originally found by,Stephane Schazelas. The vulnerability allows for arbitrary code execution in,bash by setting specific environment variables. Later, Travis Ormandy released,a second exploit that will work on patched systems, demonstration that the,patch released yesterday is incomplete. What is the impact of the vulnerability? At first, the vulnerability doesnt... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18707&rss *** Bash-Lücke: ShellShock ist noch nicht ausgestanden *** --------------------------------------------- Die Sicherheitslücke in der Linux-Shell Bash, die nun unter dem Namen "ShellShock" firmiert, wird bereits als der schlimmere Bruder von Heartbleed bezeichnet. Sicher ist, dass der am Mittwoch ausgelieferte Patch weitere Lücken enthält. --------------------------------------------- http://www.heise.de/security/meldung/Bash-Luecke-ShellShock-ist-noch-nicht-… *** "Bash" (CVE-2014-6271) vulnerability - Q&A *** --------------------------------------------- The "bash" vulnerability is an extremely powerful vulnerability due to its high impact and the ease with which it can be exploited. --------------------------------------------- https://securelist.com/blog/research/66673/bash-cve-2014-6271-vulnerability… *** Bug in Bash shell creates big security hole on anything with *nix in it [Updated] *** --------------------------------------------- Could allow attackers to execute code on Linux, Unix, and Mac OS X. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/94xcSgjPriY/ *** Bash Exploit Reported, First Round of Patches Incomplete *** --------------------------------------------- Reports of the first in-the-wild exploits targeting the Bash vulnerability have surfaced, as have complaints the first patches for the bug are incomplete. --------------------------------------------- http://threatpost.com/bash-exploit-reported-first-round-of-patches-incomple… *** RSA-Signaturen: Acht Jahre alte Sicherheitslücke kehrt zurück *** --------------------------------------------- In der NSS-Bibliothek ist eine Sicherheitslücke entdeckt worden, mit der sich RSA-Signaturen fälschen lassen. Betroffen sind die Browser Chrome und Firefox, für die bereits Updates erschienen sind. Es handelt sich um eine Variante der Bleichenbacher-Attacke von 2006. --------------------------------------------- http://www.golem.de/news/rsa-signaturen-acht-jahre-alte-sicherheitsluecke-k… *** iOS-Sicherheitslücke ermöglicht Keylogging in Apps mit integriertem Browser *** --------------------------------------------- Einem Entwickler ist aufgefallen, dass Apple offenbar beim Trennen von Prozessen geschlampt hat. Bietet eine App eine Browser-Ansicht, kann diese von der App selbst beobachtet werden. --------------------------------------------- http://www.heise.de/security/meldung/iOS-Sicherheitsluecke-ermoeglicht-Keyl… *** An Analysis of the CAs trusted by iOS 8.0 *** --------------------------------------------- iOS 8.0 ships with a number of trusted certificates (also known as "root certificates" or "certificate authorities"), which iOS implicitly trusts. The root certificates are used to trust intermediate certificates, and the intermediate certificates are used to trust web site certificates. When you go to a web site using HTTPS, or an app makes a secure connection to something on the Internet (like your mail server), the web site (or mail server, or whatever) gives iOS its... --------------------------------------------- http://karl.kornel.us/2014/09/an-analysis-of-the-cas-trusted-by-ios-8-0/ *** GNU bash Environment Variable Processing Flaw Lets Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1030890 *** DSA-3032 bash *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-3032 *** Security Advisories for Cisco IOS Software *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Unified Communications Domain Manager glibc Arbitrary Code Execution Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** IBM Security Bulletin: Vulnerability in IBM Java SDKs and IBM Java Runtime Technology Edition affecting Rational Functional Tester (CVE-2014-3086) *** --------------------------------------------- Multiple vulnerabilities exist in IBM SDKs Java Technology Edition and IBM Runtime Environment Java Technology Edition that are used by Rational Functional Tester (RFT). These issues were disclosed as part of the IBM Java SDK updates in July 2014. CVE(s): CVE-2014-3086 Affected product(s) and affected version(s): Rational Functional Tester version 8.2.2 and later Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool OMNIbus (CVE-2014-4263, CVE-2014-4244) *** --------------------------------------------- There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Versions 5, 6, and 7 that are used by Tivoli Netcool OMNIbus. These issues were disclosed as part of the IBM Java SDK updates in July 2014. CVE(s): CVE-2014-4263 and CVE-2014-4244 Affected product(s) and affected version(s): Tivoli Netcool/OMNIbus 7.3.0 Tivoli Netcool/OMNIbus 7.3.1 Tivoli Netcool/OMNIbus 7.4.0 Tivoli Netcool/OMNIbus 8.1.0 Refer to the following reference URLs for... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** Security Advisories for Drupal Third-Party Modules *** --------------------------------------------- https://www.drupal.org/node/2344383 https://www.drupal.org/node/2344369 https://www.drupal.org/node/2344363 https://www.drupal.org/node/2344389 *** Mozilla Network Security Services certificates security bypass *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/96194 *** HPSBST03103 rev.1 - HP Storage EVA Command View Suite running OpenSSL, Remote Unauthorized Access, Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Storage Enterprise Virtual Array (EVA) Command View Suite. The vulnerability could be exploited to allow remote unauthorized access and disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Bugtraq: Two SQL Injections in All In One WP Security WordPress plugin *** --------------------------------------------- http://www.securityfocus.com/archive/1/533519 *** TYPO3-EXT-SA-2014-012: Several vulnerabilities in extension JobControl (dmmjobcontrol) *** --------------------------------------------- It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to Cross-Site Scripting and SQL Injection. --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… *** Bugtraq: LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow *** --------------------------------------------- http://www.securityfocus.com/archive/1/533543

1 0

Tageszusammenfassung - Mittwoch 24-09-2014
by Daily end-of-shift report 24 Sep '14

24 Sep '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-09-2014 18:00 − Mittwoch 24-09-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** MS14-055 - Important: Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928) - Version: 3.0 *** --------------------------------------------- Revisions: V1.0 (September 9, 2014): Bulletin published. V2.0 (September 15, 2014): Bulletin revised to remove Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010. See the Update FAQ for details. V3.0 (September 23, 2014): Bulletin rereleased to announce the reoffering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010. See the Update FAQ for details. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-055 *** Website Malware - Curious .htaccess Conditional Redirect Case *** --------------------------------------------- I really enjoy when I see a different kind of conditional redirect, check this one out: The special thing about this one is the usage of a not so common .htaccess feature in malware: variables. In the first part it set the conditions for user-agents, nothing new, but the afterward rules are interesting: RewriteRule .*Read More --------------------------------------------- http://blog.sucuri.net/2014/09/website-malware-curious-htaccess-conditional… *** Apt: Buffer Overflow in Debians Paketmanagement *** --------------------------------------------- Im von Debian und Ubuntu verwendeten Paketmanagement Apt wurde ein sicherheitskritischer Fehler entdeckt. Es ist bereits das zweite Mal in kurzer Zeit dass Apt Sicherheitsprobleme hat. --------------------------------------------- http://www.golem.de/news/apt-buffer-overflow-in-debians-paketmanagement-140… *** Microsoft Starts Online Services Bug Bounty *** --------------------------------------------- Microsoft today launched the Microsoft Online Services Bug Bounty Program which will pay out a minimum of $500 for vulnerabilities found in its cloud services such as Office 365. --------------------------------------------- http://threatpost.com/microsoft-starts-online-services-bug-bounty/108486 *** jQuery.com Compromise: The Dangers of Third Party Hosted Content, (Tue, Sep 23rd) *** --------------------------------------------- jQuery is a popular Javascript framework, used by many websites (including isc.sans.edu) . jQuery provides many features, like easy access to webservices as well as advanced user interface features. When using jQuery, sites have the option to download and host the complete code, or let jQuery.com and its CDN (Content Delivery Network) host the code. There are two advantages in allowing jQuery.com to host the code: Performance: Code is typically delivered faster, and a user may already have the... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18699&rss *** Auch Mozilla verabschiedet sich langsam von SHA-1 *** --------------------------------------------- Die Entwickler der freien Web-Browsers Firefox wollen den angreifbaren Hash-Algorithmus in Zukunft nicht mehr für verschlüsselte Verbindungen akzeptieren. Server-Betreibern bleibt jedoch noch Zeit für die Umstellung. --------------------------------------------- http://www.heise.de/security/meldung/Auch-Mozilla-verabschiedet-sich-langsa… *** Remote exploit vulnerability in bash CVE-2014-6271 *** --------------------------------------------- A remotely exploitable vulnerability has been discovered in bash on Linux and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271. This affects Debian as well as other Linux distributions. If you have have Microsoft Services for UNIX you will need to patch ASAP. Bash supports exporting she variables as well as shell functions to other bash instances. This is accomplished through the process environment to a child process. From Debian:Current bash versions use an --------------------------------------------- http://www.csoonline.com/article/2687265/application-security/remote-exploi… *** Bugtraq: CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser *** --------------------------------------------- http://www.securityfocus.com/archive/1/533515 *** Huawei Security Advisory - CSRF Vulnerabilities in Multiple Products *** --------------------------------------------- Cross-site request forgery (CSRF) vulnerabilities are discovered in multiple products, including FusionManager (Vulnerability ID: HWPSIRT-2014-0408) and USG firewall series (Vulnerability ID: HWPSIRT-2014-0406). --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Huawei Security Advisory - Information Leakage Vulnerability via MPLS Ping in VRP Platform *** --------------------------------------------- Information leakage vulnerability exists in several devices using VRP platform, because the MPLS LSP Ping service is bound to unnecessary interfaces, which can cause the leak of IP addresses of devices (Vulnerability ID: HWPSIRT-2014-0418). --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Security Advisory - Hikashop Extension for Joomla! *** --------------------------------------------- Advisory for: Hikashop for Joomla! Security Risk: High (DREAD score : 7/10) Vulnerability: Object Injection / Remote Code Execution Updated Version: 2.3.2 In a routine audit of our Website Firewall we discovered a serious vulnerability within the Hikashop ecommerce product for Joomla! allowing remote code execution on the vulnerable website[s]. What are the risks? ThisRead More --------------------------------------------- http://blog.sucuri.net/2014/09/security-advisory-hikashop-extension-for-joo…

1 0

Tageszusammenfassung - Dienstag 23-09-2014
by Daily end-of-shift report 23 Sep '14

23 Sep '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 22-09-2014 18:00 − Dienstag 23-09-2014 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Cyber Campaigns *** --------------------------------------------- This website simply lists multiple cyber-espionage and cyber-attack campaigns. These campaigns have successfully compromised hundreds of government entities and global corporations in over 50 countries. Click on any of the links below to access more detailed information regarding these cyber campaigns. If you see one missing, just let me know. --------------------------------------------- http://cybercampaigns.net/ *** Whonix Anonymous Operating System Version 9 Released *** --------------------------------------------- Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP. --------------------------------------------- https://www.whonix.org/blog/whonix-anonymous-9-released *** UK banks hook themselves up to real-time cop data feed *** --------------------------------------------- Not like the movies: Law enforcement is on it... UK banks will receive real-time warnings about threats to their customers accounts as well as the overall integrity of their banking systems from a new financial crime alert system. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/09/23/uk_bank_fra… *** HPSBPI03107 rev.1 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access *** --------------------------------------------- A potential security vulnerability has been identified with certain HP LaserJet Printers, MFPs and certain HP OfficeJet Enterprise Printers using OpenSSL. The vulnerability could be exploited remotely to allow remote unauthorized access. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** BIND 9.8.8, 9.9.6 and 9.10.1 Release Notes *** --------------------------------------------- https://kb.isc.org/article/AA-01211/81/BIND-9.8.8-Release-Notes.html https://kb.isc.org/article/AA-01210/81/BIND-9.9.6-Release-Notes.html https://kb.isc.org/article/AA-01209/81/BIND-9.10.1-Release-Notes.html *** Bugtraq: Glype proxy cookie jar path traversal allows code execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/533504 *** Security Advisory-Screen Capture Vulnerability on Huawei Ascend P6 Mobile Phones *** --------------------------------------------- Sep 23, 2014 17:47 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** TYPO3 CMS 4.5.36, 6.1.11 and 6.2.5 released *** --------------------------------------------- All versions are maintenance releases and contain bug fixes. --------------------------------------------- https://typo3.org/news/article/typo3-cms-4536-6111-and-625-released/ *** [20140901] - Core - XSS Vulnerability *** --------------------------------------------- Project: Joomla! SubProject: CMS Severity: Moderate Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3 Exploit type: XSS Vulnerability Reported Date: 2014-August-27 Fixed Date: 2014-September-23 CVE Number: CVE-2014-6631 Description Inadequate escaping leads to XSS vulnerability in com_media. Affected Installs Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3 Solution Upgrade to version 3.2.5 or 3.3.4 Contact The JSST at the Joomla! Security Center. Reported By: Dingjie (Daniel) --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/EiyFsQIjpu4/593-20140901-c… *** [20140902] - Core - Unauthorised Logins *** --------------------------------------------- Project: Joomla! SubProject: CMS Severity: Moderate Versions: 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3 Exploit type: Unauthorised Logins Reported Date: 2014-September-09 Fixed Date: 2014-September-23 CVE Number: CVE-2014-6632 Description Inadequate checking allowed unauthorised logins via LDAP authentication. Affected Installs Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3 Solution --------------------------------------------- http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/uFCKpt1YcxU/594-20140902-c… *** XEN Security Advisories *** ------------------------------- *** Race condition in HVMOP_track_dirty_vram *** --------------------------------------------- http://xenbits.xen.org/xsa/advisory-104.html *** Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation *** --------------------------------------------- http://xenbits.xen.org/xsa/advisory-105.html *** Missing privilege level checks in x86 emulation of software interrupts *** --------------------------------------------- http://xenbits.xen.org/xsa/advisory-106.html

1 0

Tageszusammenfassung - Montag 22-09-2014
by Daily end-of-shift report 22 Sep '14

22 Sep '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 19-09-2014 18:00 − Montag 22-09-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Tiny Tinba Trojan Could Pose Big Threat *** --------------------------------------------- In July 2014, the original source code of Tinba was made public in an underground forum. This leaked version comes with complete documentation and full source code. This follows other source code leaks from much more infamous and prevalent threats, which researchers worry that attackers could use as the basis for new versions. Similar to... --------------------------------------------- http://www.seculert.com/blog/2014/09/tiny-tinba-trojan-could-pose-big-threa… *** Apple Pay: A Security Analysis *** --------------------------------------------- Has Apple taken a bite out of hackers' arsenals? The company is betting on it. Its recent announcement about a new secure payment option has the retail and tech worlds buzzing. If Apple can implement its near-field communication (NFC) payment... --------------------------------------------- http://www.fireeye.com/blog/corporate/2014/09/apple-pay-a-security-analysis… *** How to secure your new iPhone in three simple steps *** --------------------------------------------- Summary: Symantec recommends best practices to keep your Apple ID account and iPhone safe. --------------------------------------------- http://www.symantec.com/connect/blogs/how-secure-your-new-iphone-three-simp… *** Conditional Malicious iFrame Targeting WordPress Web Sites *** --------------------------------------------- We have an email, labs(a)sucuri.net where we receive multiple questions a day about various forms of malware. One of the most common questions happen when our Free Security Scanner, SiteCheck, detects a spam injection or a hidden iframe and the user is unable to locate the infection in the source code. It's not until we... --------------------------------------------- http://blog.sucuri.net/2014/09/conditional-malicious-iframe-targeting-wordp… *** PHP Fixes Several Bugs in Version 5.4 and 5.5, (Fri, Sep 19th) *** --------------------------------------------- PHP announced the released of version 5.5.17 and 5.4.33. Ten bugs were fixed in version 5.4.33 and 15 bugs were fixed in version 5.5.17. All PHP users are encouraged to upgrade.The latest version are available for download here. [1] http://php.net/ChangeLog-5.php#5.4.33 [2] http://php.net/ChangeLog-5.php#5.5.17 [3] http://windows.php.net/download ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18683&rss *** CipherShed Fork from TrueCrypt Project, Support Windows, Mac OS and Linux - https://ciphershed.org, (Fri, Sep 19th) *** --------------------------------------------- ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18677&rss *** New OWASP Testing guide version 4! Check https://www.owasp.org/images/1/19/OTGv4.pdf, (Sat, Sep 20th) *** --------------------------------------------- Manuel Humberto Santander Peláez SANS Internet Storm Center - Handler Twitter: (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18687&rss *** CloudFlare ditches private SSL keys for better security *** --------------------------------------------- Sorry, spooks, we cant decrypt this for you CloudFlare has announced the outcome of what it says is two years work - switching on Keyless SSL - which lets customers encrypt their web traffic via the companys services without having to hand over their private SSL keys. --------------------------------------------- http://www.theregister.co.uk/2014/09/22/cloudflare_ditches_keys_for_better_… *** Holzleim: Fingerabdrucksensor des iPhone 6 ausgetrickst *** --------------------------------------------- Mit einer simpel angefertigten Kopie hat Ben Schlabs von den SRLabs den Fingerabdrucksensor des iPhone 6 getäuscht. Da Apple unter iOS 8 auch Drittanbieter diese Authentifizierungsmethode nutzen lässt, ist dies brisanter als beim iPhone 5S. --------------------------------------------- http://www.golem.de/news/holzleim-fingerabdrucksensor-des-iphone-6-ausgetri… *** VB2014 preview: Tech Support Scams 2.0: an inside look into the evolution of the classic Microsoft tech support scam *** --------------------------------------------- Jérôme Segura looks at recent developments in malicious cold calls. In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we are looking at some of the research that will be presented at the event. Today, in the final entry in this series, we look at the paper Tech Support Scams 2.0: an inside look into the evolution of the classic Microsoft tech support scam, by Jérôme Segura (Malwarebytes).Two years ago, at VB2012 in Dallas, I... --------------------------------------------- https://www.virusbtn.com/blog/2014/09_22.xml *** Doubleclick und Zedo lieferten virenverseuchte Werbung aus *** --------------------------------------------- Das große Werbenetzwerk Zedo und die Google-Tochter Doubleclick sollen nach Angaben eines Antivirenherstellers fast einen Monat lang Schadcode über ihre Werbung verteilt haben. Auch größere Webseiten wie Last.fm waren betroffen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Doubleclick-und-Zedo-lieferten-viren… *** iOS 7.1.x Exploit Released (CVE-2014-4377), (Mon, Sep 22nd) *** --------------------------------------------- Havent upgraded to iOS 8 yet? Aside from a lot of new features, Apple also fixed a number of security vulnerabilities in iOS 8. For example CVE-2014-4377, a memory corrupion issue in iOSs core graphics library. An exploit is now available for this vulnerability. NOTE: I have not verified yet that the exploit is working / genuine. We will not link at this point to the exploit code, but basic Google Fu should allow you to find it. The author claims that the exploit is "compleatly reliable --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18693&rss *** Datenleck: WhatsApp petzt Online-Status *** --------------------------------------------- Ob und wie oft man WhatsApp öffnet, will man unter Umständen lieber für sich behalten. Der Betreiber macht diese Information allerdings für jedermann zugänglich, der die Nummer kennt. Selbst, wenn man dies in den Datenschutz-Einstellungen deaktiviert hat. --------------------------------------------- http://www.heise.de/security/meldung/Datenleck-WhatsApp-petzt-Online-Status… *** VU#730964: FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities *** --------------------------------------------- Vulnerability Note VU#730964 FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities Original Release date: 19 Sep 2014 | Last revised: 19 Sep 2014 Overview Fortinet FortiGate and FortiWiFi appliances are susceptible to man-in-the-middle attacks (CWE-300) and a heap-based overflow vulnerability (CWE-122). Description Fortinet FortiGate and FortiWiFi 4.00.6 and possibly earlier versions are susceptible to man-in-the-middle attacks (CWE-300) and a heap-based overflow... --------------------------------------------- http://www.kb.cert.org/vuls/id/730964 *** Cisco Nexus 1000V Cross-Site Scripting Vulnerability *** --------------------------------------------- CVE-2014-3367 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_pure_application_… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletins for ClearQuest *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** Asterisk PJSIP channel denial of service *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/96073

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily