=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 15-04-2014 18:00 − Mittwoch 16-04-2014 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
*** Phishing-Mail: BSI warnt vor BSI-Warnung ***
---------------------------------------------
Die regelmäßigen Warnungen des BSI vor gehackten Online-Konten haben offenbar Kriminelle zu einer Phishing-Attacke animiert. Von "verdachtigen Aktivitäten" und "anwaltlichen Schritten" ist darin die Rede. (Phishing, Internet)
---------------------------------------------
http://www.golem.de/news/phishing-mail-bsi-warnt-vor-bsi-warnung-1404-10589…
*** RSA BSAFE Micro Edition Suite security bypass ***
---------------------------------------------
RSA BSAFE Micro Edition Suite (MES) could allow a remote attacker to bypass security restrictions, caused by an error within the certificate chain processing logic. An attacker could exploit this vulnerability to create an improperly authenticated SSL connection.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/92408
*** Chef Multiple Vulnerabilities ***
---------------------------------------------
Chef Software has acknowledged multiple security issues and vulnerabilities in Chef, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, bypass certain security restrictions, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/57836
*** WordPress Twitget Plugin Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
dxwsecurity has reported a vulnerability in the Twitget plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change plugin configuration settings when a logged-in administrative user visits a specially crafted web page.
---------------------------------------------
https://secunia.com/advisories/57892
*** Critical Patch Update - April 2014 ***
---------------------------------------------
Security vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below. The product area of the patches for the listed versions is shown in the Patch Availability column corresponding to the specified Products and Versions column.
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
*** Innominate mGuard OpenSSL HeartBleed Vulnerability ***
---------------------------------------------
OVERVIEW Researcher Bob Radvanovsky of Infracritical has notified NCCIC/ICS-CERT that Innominate has released a new firmware version that mitigates the OpenSSL HeartBleed vulnerability in the mGuard products.This vulnerability could be exploited remotely. Exploits that target the OpenSSL Heartbleed vulnerability are known to be publicly available.AFFECTED PRODUCTSThe following Innominate mGuard versions are affected:
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-105-02
*** Siemens Industrial Products OpenSSL HeartBleed Vulnerability ***
---------------------------------------------
OVERVIEWSiemens reported to NCCIC/ICS-CERT a list of products affected by the OpenSSL vulnerability (known as 'Heartbleed'). Joel Langill of Infrastructure Defense Security Services reported to ICS-CERT and Siemens the OpenSSL vulnerability affecting the S7-1500.Siemens has produced an update and Security Advisory (SSA-635659) that mitigates this vulnerability in eLAN and is currently working on updates for the other affected products.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-105-03
*** Looking for malicious traffic in electrical SCADA networks - part 1, (Tue, Apr 15th) ***
---------------------------------------------
When infosec guys are performing intrusion detection, they usually look for attacks like portscans, buffer overflows and specific exploit signature. For example, remember OpenSSL heartbleed vulnerability?
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17967&rss
*** New Feature: Monitoring Certification Revocation Lists https://isc.sans.edu/crls.html, (Wed, Apr 16th) ***
---------------------------------------------
Certificate Revocation Lists (“CRLs”) are used to track revoked certificates. Your browser will download these lists to verify if a certificate presented by a web site has been revoked. The graph above shows how many certificates were revoked each day by the different CRLs we are tracking.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17969&rss
*** Adobe Flash ExternalInterface Use-After-Free ***
---------------------------------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash.
The vulnerability is caused by a use-after-free error when interacting with the "ExternalInterface" class from the browser, which could be exploited to achieve code execution via a malicious web page.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014040102
*** Netgear N600 Password Disclosure / Account Reset ***
---------------------------------------------
While i was lurking around the Netgear firmware today i came across various tweaking and others i was able to find a password disclosure,File uploading vulnerably which could compromise the entire router.as of now no patch from the
vendor.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014040101
*** Apache Syncope 1.0.8 / 1.1.6 Code Execution ***
---------------------------------------------
In the various places in which Apache Commons JEXL expressions are allowed (derived schema definition, user / role templates, account links
of resource mappings) a malicious administrator can inject Java code that can be executed remotely by the JEE container running the Apache
Syncope core.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014040106
*** Bugtraq: CVE-2014-2735 - WinSCP: missing X.509 validation ***
---------------------------------------------
A user can not recognize an easy to perform man-in-the-middle attack, because the client does not validate the "Common Name" of the servers X.509 certificate. In networking environment that is not trustworthy, like a wifi network, using FTP AUTH TLS with WinSCP the servers identity can not be trusted.
---------------------------------------------
http://www.securityfocus.com/archive/1/531847
*** Qemu: out of bounds buffer access, guest triggerable via IDE SMART ***
---------------------------------------------
An out of bounds memory access flaw was found in Qemu's IDE device model. It leads to Qemu's memory corruption via buffer overwrite(4 bytes). It occurs while executing IDE SMART commands.
A guest's user could use this flaw to corrupt Qemu process's memory on the host.
---------------------------------------------
http://seclists.org/oss-sec/2014/q2/116
*** Hintergrund: Warum wir Forward Secrecy brauchen ***
---------------------------------------------
Der SSL-GAU zeigt nachdrücklich, dass Forward Secrecy kein exotisches Feature für Paranoiker ist. Es ist vielmehr das einzige, was uns noch vor einer vollständigen Komplettüberwachung aller Kommunikation durch die Geheimdienste schützt.
---------------------------------------------
http://www.heise.de/security/artikel/Warum-wir-Forward-Secrecy-brauchen-217…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 14-04-2014 18:00 − Dienstag 15-04-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Barracuda Multiple Products OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/57869
*** DSA-2903 strongswan ***
---------------------------------------------
http://www.debian.org/security/2014/dsa-2903
*** Occupy Your Icons Silently on Android ***
---------------------------------------------
FireEye mobile security researchers have discovered a new Android security issue: a malicious app with normal protection level permissions can probe icons on Android home screen and modify them to point to phishing ..
---------------------------------------------
http://www.fireeye.com/blog/uncategorized/2014/04/occupy_your_icons_silentl…
*** From the Trenches: AV Evasion With Dynamic Payload Generation ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/04/14/from-the-…
*** Critical Patch Update - April 2014 - Pre-Release Announcement ***
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
*** First Phase of TrueCrypt Audit Turns Up No Backdoors ***
---------------------------------------------
A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase. A report on the first phase of the audit was released ..
---------------------------------------------
http://beta.slashdot.org/story/200749
*** Microsoft Confirms It Is Dropping Windows 8.1 Support ***
---------------------------------------------
Microsoft TechNet blog makes clear that Windows 8.1 will not be patched, and that users must get Windows 8.1 Update if they want security patches, InfoWorlds Woody Leonhard reports. In what is surely the most customer-antagonistic move of the new Windows regime, Steve Thomas at Microsoft posted a TechNet article on Saturday stating categorically that Microsoft will ..
---------------------------------------------
http://tech.slashdot.org/story/14/04/15/0053213/microsoft-confirms-it-is-dr…
*** VMware reveals 27-patch Heartbleed fix plan ***
---------------------------------------------
Go buy your vSysadmins a big choccy egg: their Easter in peril VMware has confirmed that 27 of its products need patches for the Heartbleed bug.
---------------------------------------------
http://www.theregister.co.uk/2014/04/15/vmware_reveals_27patch_heartbleed_f…
*** Cyberwar-Doku "netwars / out of CTRL": Webdoc bei heise ***
---------------------------------------------
heise online präsentiert parallel zur Arte-Doku den ersten Teil der innovativen Multimedia-Dokumentation zum Thema Cyberwar. Sie entscheiden selbst, ob Sie beispielsweise lieber Details zu Stuxnet oder einen Kommentar des Star-Hackers FX sehen möchten.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Cyberwar-Doku-netwars-out-of-CTRL-We…
*** Samsung Galaxy S5: Fingerabdrucksensor auch schon gehackt ***
---------------------------------------------
Mit einer für das iPhone 5S entwickelten Fingerkuppenattrappe trickste Ben Schlabs die Sperre des neuen Samsung-Flagschiffs aus. Er konnte damit dann sogar Geld überweisen.
---------------------------------------------
http://www.heise.de/security/meldung/Samsung-Galaxy-S5-Fingerabdrucksensor-…
*** SSA-364879 (Last Update 2014-04-15): Vulnerabilities in SINEMA Server ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit…
*** SSA-654382 (Last Update 2014-04-15): Vulnerabilities in SIMATIC S7-1200 CPU ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit…
*** Akamai Withdraws Proposed Heartbleed Patch ***
---------------------------------------------
As researchers demonstrate OpenSSL bug exploits that retrieve private keys, Akamai rescinds a patch suggestion for the SSL/TLS library after a security researcher punches holes in it.
---------------------------------------------
http://www.darkreading.com/application-security/akamai-withdraws-proposed-h…
*** (ISC) launches cyber forensics credential in Europe ***
---------------------------------------------
Information and software security professional body (ISC)2 has announced the availability of its Certified Cyber Forensics Professional certification in Europe. Registration for CCFP-EU is now open, with the first exam available on 30 April 2014 at Pearson VUE test centres across the region. The German translation of the exam is to be available from 15 June 2014.
---------------------------------------------
http://www.computerweekly.com/news/2240218864/ISC2-launches-cyber-forensics…
*** BSI warnt vor BSI-Mails ***
---------------------------------------------
Betrüger missbrauchen den Namen des BSI für eine Phishing-Kampagne, die vorgibt, dass der Empfänger bei "illegalen Aktivitäten" erwischt wurde. Das BSI rät, den Anhang keinesfalls zu öffnen.
---------------------------------------------
http://www.heise.de/security/meldung/BSI-warnt-vor-BSI-Mails-2170549.html
*** Hardware Giant LaCie Acknowledges Year-Long Credit Card Breach ***
---------------------------------------------
Computer hard drive maker LaCie has acknowledged that a hacker break-in at its online store exposed credit card numbers and contact information on customers for the better part of the past ..
---------------------------------------------
http://krebsonsecurity.com/2014/04/hardware-giant-lacie-acknowledges-year-l…
*** Synology räumt nach Heartbleed auf: Passwort-Wechsel und Updates ***
---------------------------------------------
Nachdem es durch die Heartbleed-Lücke gelang, auf Mail-Adressen und Passwörter von Synology-Nutzern zuzugreifen, fordert der Hersteller seine Kunden nun nachdrücklich zum Passwortwechsel auf. Ausserdem gibt es Security-Updates für die Synology-NAS.
---------------------------------------------
http://www.heise.de/security/meldung/Synology-raeumt-nach-Heartbleed-auf-Pa…
*** Exploiting CSRF under NoScript Conditions ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/04/15/exploitin…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 11-04-2014 18:00 − Montag 14-04-2014 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** Heartbleed FAQ ***
---------------------------------------------
Heartbleed FAQ11. April 2014Wir haben jetzt auch unsere Version einer FAQ zur "Heartbleed" veröffentlicht.Dieses Dokument ist kein finaler Bericht, sondern eine Bestandsaufnahme, die mit neuen Daten aktualisiert werden wird. So sind wir etwa dabei, den Status in Österreich noch genauer zu vermessen. Autor: Otmar Lendl
---------------------------------------------
http://www.cert.at/services/blog/20140411232912-1127.html
*** Heartbleed: Keys auslesen ist einfacher als gedacht ***
---------------------------------------------
Zwei Personen ist es gelungen, private Schlüssel mit Hilfe des Heartbleed-Bugs aus einem nginx-Testserver auszulesen. Der Server gehört der Firma Cloudflare, die mit einem Wettbewerb sicherstellen wollte, dass das Auslesen privater Schlüssel unmöglich ist. (Server, OpenSSL)
---------------------------------------------
http://www.golem.de/news/heartbleed-keys-auslesen-ist-einfacher-als-gedacht…
*** NSA will nichts von "Heartbleed"-Lücke gewusst haben ***
---------------------------------------------
In einem Bericht hatte die Nachrichtenagentur Bloomberg behauptet, die OpenSSL-Lücke sei der NSA seit zwei Jahren bekannt gewesen. Die US-Behörden wiesen das jedoch rasch zurück.
---------------------------------------------
http://www.heise.de/security/meldung/NSA-will-nichts-von-Heartbleed-Luecke-…
*** Heartbleed zeigt: Google muss Android-Updates in den Griff bekommen ***
---------------------------------------------
Nur eine fast zwei Jahre alte Version betroffen, aber viele Millionen Geräte gefährdet - Updates unwahrscheinlich
---------------------------------------------
http://derstandard.at/1397301984464
*** "Heartbleed": Noch immer tausende österreichische Webseiten betroffen ***
---------------------------------------------
Sicherheitslücke findet sich auf Webservern öffentlicher Einrichtungen - Schulen und Gemeinden betroffen
---------------------------------------------
http://derstandard.at/1397302008116
*** Identitätsdiebstahl: 7.500 Domain-Betreiber in Österreich betroffen ***
---------------------------------------------
Das Bundeskriminalamt informiert nun alle Betreiber betroffener Domains
---------------------------------------------
http://derstandard.at/1397302034346
*** OpenSSL use-after-free race condition read buffer ***
---------------------------------------------
Topic: OpenSSL use-after-free race condition read buffer Risk: High Text:About two days ago, I was poking around with OpenSSL to find a way to mitigate Heartbleed. I soon discovered that in its defaul...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014040079
*** Citrix VDI-in-a-Box Discloses Administrator Password to Local Users ***
---------------------------------------------
http://www.securitytracker.com/id/1030068
*** Arbitrary Code Execution Bug in Android Reader ***
---------------------------------------------
A security vulnerability in Adobe Reader for Android could give an attacker the ability to execute arbitrary code.
---------------------------------------------
http://threatpost.com/arbitrary-code-execution-bug-in-android-reader/105421
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 10-04-2014 18:00 − Freitag 11-04-2014 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** Heartbleed vendor informations / statistics ***
---------------------------------------------
https://isc.sans.edu/diary/Heartbleed+vendor+notifications/17929https://www.cert.fi/en/reports/2014/vulnerability788210.htmlhttp://securityaffairs.co/wordpress/23878/intelligence/statistics-impact-he…
*** Gehackte Online-Konten: Mehr als zehn Millionen Abrufe von Sicherheitstest ***
---------------------------------------------
Auch der zweite Sicherheitscheck des BSI zu gehackten Online-Konten stößt auf großes Interesse. Für Verwirrung sorgt aber weiter eine Sicherheitssperre von GMX und web.de.
---------------------------------------------
http://www.golem.de/news/gehackte-online-konten-mehr-als-zehn-millionen-abr…
*** The Heartbleed Hit List: The Passwords You Need to Change Right Now ***
---------------------------------------------
... it hasnt always been clear which sites have been affected. Mashable reached out to various companies included on a long list of websites that could potentially have the flaw. Below, weve rounded up the responses from some of the most popular social, email, banking and commerce sites on the web.
---------------------------------------------
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
*** Heartbleed Vulnerability Affects 5% of Select Top Level Domains from Top 1M ***
---------------------------------------------
In trying to gauge the impact of the Heartbleed vulnerability, we proceeded to scanning the Top Level Domain (TLD) names of certain countries extracted from the top 1,000,000 domains by Alexa. We then proceeded to separate the sites which use SSL and further categorized those under "vulnerable" or "safe". The data we were able to...
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/heartbleed-vulne…
*** Spionage-Botnet nutzte Heartbleed-Lücke schon vor Monaten aus ***
---------------------------------------------
Bereits im November hat ein auf Spionage ausgelegtes Botnet offenbar versucht, durch die OpenSSL-Lücke Daten abzugreifen - möglicherweise im Auftrag eines Geheimdienstes. Die gute Nachricht ist: Die Anzahl der noch verwundbaren Server ist rückläufig.
---------------------------------------------
http://www.heise.de/security/meldung/Spionage-Botnet-nutzte-Heartbleed-Luec…
*** Heartbleed: Apple-Nutzer sind nicht betroffen ***
---------------------------------------------
Weder Mac OS X, iOS noch Apples Dienste wie iCloud sind von der Heartbleed-Schwachstelle betroffen. Denn Apple verzichtet auf OpenSSL. Einige Apps verwenden die Kryptobibliothek jedoch. (Apple, Server-Applikationen)
---------------------------------------------
http://www.golem.de/news/heartbleed-apple-nutzer-sind-nicht-betroffen-1404-…
*** Heartbleed Explanation ***
---------------------------------------------
http://xkcd.com/1354/
*** Critical Update for JetPack WordPress Plugin ***
---------------------------------------------
The Jetpack team just released a critical security update to fix a security vulnerability in the Jetpack WordPress plugin. The vulnerability allows an attacker to bypass the site's access control and publish posts on the site. All versions of JetPack since October, 2012 (Jetpack 1.9) are vulnerable, and all users should update to version 2.9.3
---------------------------------------------
http://blog.sucuri.net/2014/04/critical-update-for-jetpack-wordpress-plugin…
*** Security Updates for VMware vSphere ***
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0002.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0003.html
*** IBM SPSS Analytic Server Discloses Passwords to Remote Authenticated Users ***
---------------------------------------------
http://www.securitytracker.com/id/1030051
*** [2014-04-11] Multiple vulnerabilities in Plex Media Server ***
---------------------------------------------
Plex Media Server contains several vulnerability that allow an attacker to intercept traffic between Plex Media Server and clients in plaintext. Furthermore Cross Site Request Forgery (CSRF) vulnerabilities allow an attacker to execute privileged commands in the context of Plex Media Server.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 09-04-2014 18:00 − Donnerstag 10-04-2014 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** Hintergrund: Passwörter in Gefahr - was nun? ***
---------------------------------------------
Durch Heartbleed sind theoretisch schon wieder viele Millionen Passwörter in Gefahr. Sicherheitsexperten raten dazu, alle zu ändern. heise-Security-Chefredakteur Jürgen Schmidt schätzt das anders ein.
---------------------------------------------
http://www.heise.de/security/artikel/Passwoerter-in-Gefahr-was-nun-2167584.…
*** Heartbleed: 600.000 Server immer noch ungeschützt ***
---------------------------------------------
Die Sicherheitslücke Heartbleed zieht immer weitere Kreise. Möglicherweise wurde die Schwachstelle schon seit Monaten ausgenutzt.
---------------------------------------------
http://futurezone.at/digital-life/heartbleed-600-000-server-immer-noch-unge…
*** Sicherheitslücke: Unternehmen können für Schäden durch Heartbleed haftbar sein ***
---------------------------------------------
Der Heartbleed-Bug gilt als eine der gravierendsten Sicherheitslücken aller Zeiten. Millionen SSL-gesicherte Websites waren betroffen, erste Missbrauchsfälle sind bekanntgeworden. Können Unternehmen und Admins, die den Fehler nicht behoben haben, für Schäden belangt werden? Golem.de hat nachgefragt. (Ruby, OpenSSL)
---------------------------------------------
http://www.golem.de/news/sicherheitsluecke-unternehmen-koennen-fuer-schaede…
*** Smartphones vom SSL-GAU (fast) nicht betroffen ***
---------------------------------------------
Keine der wichtigen Smartphone-Plattformen setzt in der aktuellen Version eine der für Heartbleed anfälligen OpenSSL-Bibliotheken ein. Lediglich Android-Nutzer mit einer mittelalten Version benötigen ein Update.
---------------------------------------------
http://www.heise.de/security/meldung/Smartphones-vom-SSL-GAU-fast-nicht-bet…
*** OpenSSL-Bug: Spuren von Heartbleed schon im November 2013 ***
---------------------------------------------
Ein Systemadministrator hat angeblich in einem Logfile vom November letzten Jahres Exploit-Code für den Heartbleed-Bug gefunden. Die EFF ruft andere Administratoren zu Nachforschungen auf. (Technologie, Server)
---------------------------------------------
http://www.golem.de/news/openssl-bug-spuren-von-heartbleed-schon-im-novembe…
*** Kriminalität: Der Untergrund ist digital ***
---------------------------------------------
Wie lässt sich gemeinsam gegen die Kriminalität 2.0 vorgehen? Die Antwort auf dem Kongress des Verbandes für Sicherheitstechnik: Verzahnung, engere Kooperationen, Zusammenarbeit & und Hoffen auf aktive Bürger und die Vorratsdatenspeicherung.
---------------------------------------------
http://www.heise.de/security/meldung/Kriminalitaet-Der-Untergrund-ist-digit…
*** Windows XP: Wechselmuffel im Patch-Dilemma ***
---------------------------------------------
Das offizielle Ende des XP-Supports bedeutet nicht, dass keine Patches mehr im Netz auftauchen dürften. Für Nutzer könnte es aber gefährlich werden, solche Dateien zu installieren. (Microsoft, Spam)
---------------------------------------------
http://www.golem.de/news/windows-xp-wechselmuffel-im-patch-dilemma-1404-105…
*** "Heartbleed"-Lücke - Chance nutzen ***
---------------------------------------------
Wie F-Secure in einem Blog-Post schreibt, sollten Administratoren die Aufräumarbeiten im Zuge der "Heartbleed"-Lücke auch gleich nutzen, um die entsprechenden Konfigurationen auf aktuellen Stand zu bringen. F-Secure empfiehlt dazu den OWASP Transport Layer Protection Cheat Sheet, wir schliessen uns dem an und ergänzen um das Better Crypto Hardening Paper (PDF) von bettercrypto.org.
---------------------------------------------
http://www.cert.at/services/blog/20140409164644-1090.html
*** JSA10623 - 2014-04 Out of Cycle Security Bulletin: Multiple products affected by OpenSSL "Heartbleed" issue (CVE-2014-0160) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10623&actp=RSS
*** JSA10618 - 2014-04 Security Bulletin: Junos: Kernel panic processing high rate of crafted IGMP packets (CVE-2014-0614) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10618&actp=RSS
*** OpenVPN Access Server OpenSSL TLS Heartbeat Information Disclosure Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/57755
*** Multiple Vulnerabilities in Cisco ASA Software ***
---------------------------------------------
Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities:
Cisco ASA ASDM Privilege Escalation Vulnerability
Cisco ASA SSL VPN Privilege Escalation Vulnerability
Cisco ASA SSL VPN Authentication Bypass Vulnerability
Cisco ASA SIP Denial of Service Vulnerability
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 08-04-2014 18:00 − Mittwoch 09-04-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Security updates available for Adobe Flash Player (APSB14-09) ***
---------------------------------------------
A Security Bulletin (APSB14-09) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.
---------------------------------------------
http://blogs.adobe.com/psirt/?p=1081
*** Assessing risk for the April 2014 security updates ***
---------------------------------------------
Today we released four security bulletins addressing 11 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other two have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2014/04/08/assessing-risk-for-the-ap…
*** Summary for April 2014 - Version: 1.0 ***
---------------------------------------------
* Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution
* Cumulative Security Update for Internet Explorer
* Vulnerability in Windows File Handling Component Could Allow Remote Code Execution
* Vulnerability in Microsoft Publisher Could Allow Remote Code Execution
---------------------------------------------
http://technet.microsoft.com/en-ca/security/bulletin/ms14-apr
*** WordPress 3.8.2 Security Release ***
---------------------------------------------
WordPress 3.8.2 is now available. This is an important security release for all previous versions and we strongly encourage you to update your sites immediately.
This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies
---------------------------------------------
http://wordpress.org/news/2014/04/wordpress-3-8-2/
*** OSISoft PI Interface for DNP3 Improper Input Validation ***
---------------------------------------------
OVERVIEWAdam Crain of Automatak and Chris Sistrunk, Sr. Consultant for Mandiant, have identified an improper input validation vulnerability in the OSIsoft PI Interface for DNP3 product. OSIsoft has produced an update that mitigates this vulnerability. OSIsoft and Automatak have tested the new version to validate that it resolves the vulnerabilityThis vulnerability can be remotely exploited.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-098-01
*** WellinTech KingSCADA Stack-Based Buffer Overflow ***
---------------------------------------------
An anonymous researcher working with HP’s Zero Day Initiative has identified a stack-based buffer overflow in the WellinTech KingSCADA Stack. WellinTech has produced a patch that mitigates this vulnerability.This vulnerability could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-098-02
*** OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products ***
---------------------------------------------
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** The April 2014 Security Updates ***
---------------------------------------------
Today, we release four bulletins to address 11 CVEs in Microsoft Windows, Internet Explorer and Microsoft Office.
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/04/08/the-april-2014-security-…
*** Heartbleed SSL-GAU: Neue Zertifikate braucht das Land ***
---------------------------------------------
Ein simples Update reicht nicht: Nach der OpenSSL-Lücke müssen Serverbetreiber Zertifikate austauschen. Bei manchen CAs geht das kostenlos, andere Zertifikats-Anbieter und Hoster belassen es bei Warnungen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Heartbleed-SSL-GAU-Neue-Zertifikate-…
*** Juniper SSL VPN (IVEOS) OpenSSL TLS Heartbeat Information Disclosure Vulnerability ***
---------------------------------------------
Juniper has acknowledged a vulnerability in Juniper SSL VPN (IVEOS), which can be exploited by malicious people to disclose potentially sensitive information.
---------------------------------------------
https://secunia.com/advisories/57758
*** Bugtraq: CVE-2014-0160 mitigation using iptables ***
---------------------------------------------
Following up on the CVE-2014-0160 vulnerability, heartbleed. We've created some iptables rules to block all heartbeat queries using the very powerful u32 module.
The rules allow you to mitigate systems that can't yet be patched by blocking ALL the heartbeat handshakes. We also like the capability to log external scanners :)
---------------------------------------------
http://www.securityfocus.com/archive/1/531779
*** Heartbleed vendor notifications, (Wed, Apr 9th) ***
---------------------------------------------
As people are running around having an entertaining day we thought it might be a good idea to keep track of the various vendor notifications. Id like to start a list here and either via comments or sending it let us know of vendor notifications relating to this issue. Please provide comments to the original article relating to the vulnerability itself, and use this post to only provide links to vendor notifications rather than articles etc about the issue.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17929&rss
*** Bugtraq: SQL Injection in Orbit Open Ad Server ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered vulnerability in Orbit Open Ad Server, which can be exploited to perform SQL Injection attacks, alter SQL requests to database of vulnerable application and potentially gain control over the vulnerable website.
---------------------------------------------
http://www.securityfocus.com/archive/1/531781
*** Office für Mac: Update stopft kritische Lücke ***
---------------------------------------------
Mit einer neuen OS-X-Version von Office 2011 hat Microsoft die RTF-Schwachstelle in Word beseitigt. Die Aktualisierung soll verschiedene Probleme in Outlook, Excel und Word beheben.
---------------------------------------------
http://www.heise.de/security/meldung/Office-fuer-Mac-Update-stopft-kritisch…
*** Sophos Web Appliance Security Bypass Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Sophos Web Appliance, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an unspecified error related to the "Change Password" dialog box and can be exploited to change the administrative password.
---------------------------------------------
https://secunia.com/advisories/57706
*** Security Notice-Statement on OpenSSL Heartbeat Extension Vulnerability ***
---------------------------------------------
Huawei has noticed information regarding OpenSSL heartbeat extension security vulnerability and immediately launched a thorough investigation.
The investigation is still ongoing. Huawei PSIRT will keep updating the SN and will provide conclusions as soon as possible. Please stay tuned.
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 07-04-2014 18:00 − Dienstag 08-04-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Der GAU für Verschlüsselung im Web: Horror-Bug in OpenSSL ***
---------------------------------------------
Ein äußerst schwerwiegender Programmierfehler gefährdet offenbar Verschlüsselung, Schlüssel und Daten der mit OpenSSL gesicherten Verbindungen im Internet. Angesichts der Verbreitung der OpenSource-Biliothek eine ziemliche Katastrophe.
---------------------------------------------
http://www.heise.de/security/meldung/Der-GAU-fuer-Verschluesselung-im-Web-H…
*** VU#568252: Websense Triton Unified Security Center 7.7.3 information disclosure vulnerability ***
---------------------------------------------
Vulnerability Note VU#568252 Websense Triton Unified Security Center 7.7.3 information disclosure vulnerability Original Release date: 07 Apr 2014 | Last revised: 07 Apr 2014 Overview Websense Triton Unified Security Center 7.7.3 and possibly earlier versions contains an information disclosure vulnerability which could allow an authenticated attacker to view stored credentials of a possibly higher privileged user. Description CWE-200: Information ExposureWhen logged into the Websense Triton
---------------------------------------------
http://www.kb.cert.org/vuls/id/568252
*** Energieversorger testet Sicherheit – und fällt durch ***
---------------------------------------------
In „Stirb langsam 4.0“ fahren Cyber-Gauner übers Internet die komplette Stromversorgung im Osten der USA herunter. Ein unrealistisches Szenario? Nicht ganz ...
---------------------------------------------
http://www.heise.de/newsticker/meldung/Energieversorger-testet-Sicherheit-u…
*** The Muddy Waters of XP End-of-Life and Public Disclosures ***
---------------------------------------------
Security researchers who have privately disclosed Windows XP vulnerabilities to Microsoft may never see patches for their bugs with XPs end of life date at hand. Will there be a rash of public disclosures?
---------------------------------------------
http://threatpost.com/the-muddy-waters-of-xp-end-of-life-and-public-disclos…
*** 2013 wurden Daten von über 500 Millionen Nutzern geklaut ***
---------------------------------------------
Daten von mehr als einer halben Milliarde Internet-Nutzer sind im vergangenen Jahr nach Berechnung von IT-Sicherheitsexperten bei Online-Angriffen gestohlen worden.
---------------------------------------------
http://futurezone.at/digital-life/2013-wurden-daten-von-ueber-500-millionen…
*** Hintergrund: ct-Fritzbox-Test spürt verborgene Geräte auf ***
---------------------------------------------
Manche Nutzer des Fritzbox-Tests erhalten unerwartete Ergebnisse. Nicht selten sind WLAN-APs, Repeater oder andere AVM-Geräte die Ursache. Darüber hinaus gibt es auch einige Fehlerquellen, die einen händischen Test erforderlich machen können.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Hintergrund-c-t-Fritzbox-Test-spuert…
*** The 2013 Internet Security Threat Report: Year of the Mega Data Breach ***
---------------------------------------------
Once again, it’s time to reveal the latest findings from our Internet Security Threat Report (ISTR), which looks at the current state of the threat landscape, based on our research and analysis from the past year. Key trends from this year’s report include the large increase in data breaches and targeted attacks, the evolution of mobile malware and ransomware, and the potential threat posed by the Internet of Things.
---------------------------------------------
http://www.symantec.com/connect/blogs/2013-internet-security-threat-report-…
*** Cacti Multiple Vulnerabilities ***
---------------------------------------------
Some vulnerabilities have been reported in Cacti, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and compromise a vulnerable system.
* CVE-2014-2326
* CVE-2014-2708
* CVE-2014-2709
---------------------------------------------
https://secunia.com/advisories/57647
*** Open-Xchange Email Autoconfiguration Information Disclosure Weakness ***
---------------------------------------------
A weakness has been reported in Open-Xchange, which can be exploited by malicious people to disclose certain sensitive information.
The weakness is caused due to the application communicating certain information via parameters of a GET request when using the email autoconfiguration, which can be exploited to disclose the account password.
---------------------------------------------
https://secunia.com/advisories/57654
*** VU#345337: J2k-Codec contains multiple exploitable vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#345337 J2k-Codec contains multiple exploitable vulnerabilities Original Release date: 08 Apr 2014 | Last revised: 08 Apr 2014 Overview J2k-Codec contains multiple exploitable vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description J2k-Codec is a JPEG 2000 decoding library for Windows. J2k-Codec contains multiple exploitable exploitable vulnerabilities that can lead to arbitrary code execution.
---------------------------------------------
http://www.kb.cert.org/vuls/id/345337
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 04-04-2014 18:00 − Montag 07-04-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** BSI-Webseite mit Prüfung ob die eigene Emailadresse im aktuellen Fall betroffen ist ***
---------------------------------------------
Im Rahmen eines laufenden Ermittlungsverfahrens der Staatsanwaltschaft Verden (Aller) ist erneut ein Fall von großflächigem Identitätsdiebstahl aufgedeckt worden.
...
Diese Webseite bietet eine Überprüfungsmöglichkeit, ob Sie von dem Identitätsdiebstahl betroffen sind.
---------------------------------------------
https://www.sicherheitstest.bsi.de/
*** VirusShield: Nur ein Logo - sonst nichts ***
---------------------------------------------
Die App VirusShield für Android erreichte innerhalb kürzester Zeit enorme Verkaufszahlen. Jedoch: Die App tut überhaupt nichts. (Google, Virenscanner)
---------------------------------------------
http://www.golem.de/news/virusshield-nur-ein-logo-sonst-nichts-1404-105677-…
*** Hash-Funktion: Entwurf für SHA-3-Standard liegt vor ***
---------------------------------------------
Die US-Behörde Nist hat einen Entwurf für die Standardisierung der Hashfunktion SHA-3 vorgelegt. Drei Monate lang besteht nun die Möglichkeit, diesen zu kommentieren. (Technologie, Verschlüsselung)
---------------------------------------------
http://www.golem.de/news/hash-funktion-entwurf-fuer-sha-3-standard-liegt-vo…
*** Those strange e-mails with URLs in them can lead to Android malware, (Sat, Apr 5th) ***
---------------------------------------------
Youve probably gotten a few of these e-mails over the last few months (I saw the first one of this latest kind in early Feb), we got one to the handlers list earlier this week which prompted this diary. They seem pretty innocuous, they have little or no text and a URL like the one shown below. Note: the above link doesnt lead to the malware anymore, so I didnt obscure it. Most seem to be sent from Yahoo! (or Yahoo!-related e-mail addresses), so they may be coming from addresses that were
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17909&rss
*** XMPP-Layer Compression Uncontrolled Resource Consumption ***
---------------------------------------------
Topic: XMPP-Layer Compression Uncontrolled Resource Consumption Risk: Medium Text:Uncontrolled Resource Consumption with XMPP-Layer Compression Original Release Date: 2014-04-04 Last Updated: 2014-04-04 ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014040034
*** Fake Voting Campaign Steals Facebook Users’ Identities ***
---------------------------------------------
Contributor: Parag SawantPhishers continuously come up with various plans to enhance their chances of harvesting users’ sensitive information. Symantec recently observed a phishing campaign where data is collected through a fake voting site which asks users to decide whether boys or girls are greater.read more
---------------------------------------------
http://www.symantec.com/connect/blogs/fake-voting-campaign-steals-facebook-…
*** Advice for Enterprises in 2014: Protect Your Core Data ***
---------------------------------------------
Some companies may think – “if it can happen to a spy agency, there’s nothing we could do. We should just give up and not protect our data anymore.” Others may say: “let’s build a bigger wall around our data.” Both approaches are incorrect. Obviously, you have to protect your data. However, neither can enterprises just try and protect everything with the same rigor. ... What an enterprise needs to focus on is what really needs to be protected.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/advice-for-enter…
*** Microsoft spells out new rules for exiling .EXEs ***
---------------------------------------------
Microsoft has updated the methodology it uses to define adware, a move designed to make it clearer just what the company considers worthy for removal by its malware tools. ... The kinds of “unwanted behaviours” that Redmond is looking for will be familiar to anyone whos been burned by mistakenly clicking on the link, with lack of user choice or control topping the list.
---------------------------------------------
http://www.theregister.co.uk/2014/04/07/microsoft_puts_adware_in_the_crossh…
*** Netgear schließt Hintertür in Modemrouter DGN1000 ***
---------------------------------------------
Die Firma hat ein Firmware-Update veröffentlicht, das die Hintertür auf Port 32764 des DSL-Modemrouters schließen soll. Über die Lücke können Angreifer die Passwörter der Geräte abgreifen.
---------------------------------------------
http://www.heise.de/security/meldung/Netgear-schliesst-Hintertuer-in-Modemr…
*** RSA Data Loss Prevention Security Bypass Security Issue ***
---------------------------------------------
A security issue has been reported in RSA Data Loss Prevent, which can be exploited by malicious users to bypass certain security restrictions.
The security issue is caused due an error within the session management and can be exploited to access otherwise restricted content.
---------------------------------------------
https://secunia.com/advisories/57464
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 03-04-2014 18:00 − Freitag 04-04-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** SMBEXEC Rapid Post Exploitation Tool ***
---------------------------------------------
Smbexec is a tool that you can use for penetration testing domain controllers, the program allows to run post exploitation for domain accounts and expand the access to targeted network. this makes pentester have a full access without any privilege requirement.
---------------------------------------------
http://www.sectechno.com/2014/03/30/smbexec-rapid-post-exploitation-tool/
*** IBM Security Bulletin: Fixes available for Cross Site Scripting vulnerabilities in IBM WebSphere Portal (CVE-2014-0828 and CVE-2014-0901) ***
---------------------------------------------
Fixes are available for Cross Site Scripting vulnerabilities in IBM WebSphere Portal.
CVE(s): CVE-2014-0828 and CVE-2014-0901
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** IBM Security Bulletin: WebSphere Partner Gateway Advanced/Enterprise is affected by vulnerabilities that exist in the IBM SDK for Java (CVE-2014-0411) ***
---------------------------------------------
WebSphere Partner Gateway Advanced/Enterprise uses IBM SDK for Java that is based on Oracle JDK . Oracle has released January 2014 critical patch updates (CPU) which contain security vulnerability fixes. The IBM SDK for Java has been updated to incorporate these fixes. CVE(s): CVE-2014-0411
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** OTRS Help Desk clickjacking ***
---------------------------------------------
OTRS Help Desk could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/92233
*** iOS 7.1 bug enables iCloud account deletion, disabling Find My iPhone, without password ***
---------------------------------------------
A bug demonstrated by a YouTube user on Wednesday may enable a thief to delete an iCloud account, disable Find My iPhone, and ultimately restore the device, without the need of a password.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/kToL7uqo4FE/
*** Your files held hostage by CryptoDefense? Dont pay up! The decryption key is on your hard drive ***
---------------------------------------------
Blunder discovered in latest ransomware infecting PCs A basic rookie programming error has crippled an otherwise advanced piece of ransomware dubbed CryptoDefense – but the crap coders are still pulling in more than $30,000 a month from unwary punters.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/04/03/cryptodefen…
*** Advance Notification Service for the April 2014 Security Bulletin Release ***
---------------------------------------------
Today we provide advance notification for the release of four bulletins, two rated Critical and two rated Important in severity. These updates address issues in Microsoft Windows, Office and Internet Explorer. The update provided through MS14-017 fully addresses the Microsoft Word issue first described in Security Advisory 2953095. This advisory also included a Fix it to disable opening rich-text format (RTF) files within Microsoft Word. Once the security update is applied, you should disable
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/04/03/advance-notification-ser…
*** Schneider Electric OPC Factory Server Buffer Overflow ***
---------------------------------------------
OVERVIEW Researcher Wei Gao, formerly of IXIA, has identified a buffer overflow vulnerability in the Schneider Electric OPC Factory Server (OFS) application. Schneider Electric has produced a patch that mitigates this vulnerability. Wei Gao has tested the patch to validate that it resolves the vulnerability.This vulnerability could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-093-01
*** Adware: A new approach ***
---------------------------------------------
Here at the Microsoft Malware Protection Center (MMPC) we understand advertising is part of the modern computing experience. However, we want to give our customers choice and control regarding what happens with their computers. To that end we have recently undergone some changes to both the criteria we use to classify a program as adware and how we remediate it when we find it. This blog will help explain the new criteria and how it affects some programs. Our updated objective criteria
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/04/03/adware-a-new-approach.as…
*** Zeus malware found with valid digital certificate ***
---------------------------------------------
A recently discovered variant of the Zeus banking Trojan was found to use a legitimate digital signature to avoid detection from Web browsers and anti-virus systems.Security vendor Comodo reported Thursday finding the variant 200 times while monitoring and analyzing data from users of its Internet security system. The variant includes the digital signature, a rootkit and a data-stealing malware component."Malware with a valid digital signature is an extremely dangerous situation," the
---------------------------------------------
http://www.csoonline.com/article/2140021/data-protection/zeus-malware-found…
*** Linux-PAM "pam_timestamp" Module Two Directory Traversal Vulnerabilities ***
---------------------------------------------
Two vulnerabilities have been reported in Linux-PAM, which can be exploited by malicious people to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/57317
*** E-Mail-Konten gehackt: BSI will Millionen betroffene Nutzer informieren ***
---------------------------------------------
Behörden und Provider wollen die Nutzer über den Hack von E-Mail-Konten informieren. Wie und wann die Aktion starten soll, steht aber noch nicht fest. (Spam, Computer)
---------------------------------------------
http://www.golem.de/news/e-mail-konten-gehackt-bsi-will-millionen-betroffen…
*** TLS-Bibliotheken: Fehler finden mit fehlerhaften Zertifikaten ***
---------------------------------------------
Mit Hilfe von fehlerhaften X.509-Zertifikaten haben Forscher zahlreiche zum Teil sicherheitskritische Bugs in TLS-Bibliotheken gefunden. Erneut wurde dabei eine gravierende Sicherheitslücke in GnuTLS entdeckt. (Browser, Technologie)
---------------------------------------------
http://www.golem.de/news/tls-bibliotheken-fehler-finden-mit-fehlerhaften-ze…
*** Cisco Emergency Responder - Multiple vulnerabilities ***
---------------------------------------------
Cross-Site Scripting - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
Cross-Site Request Forgery - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
Open Redirect - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
Dynamic Content Modification - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** PHP 5.4.27 released, (Fri, Apr 4th) ***
---------------------------------------------
A new version of PHP has been released. The announcement comments: "The PHP development team announces the immediate availability of PHP 5.4.27. 6 bugs were fixed in this release, including CVE-2013-7345 in fileinfo module."
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17901&rss
*** April 8th: Not Just About XP ***
---------------------------------------------
April 8th will soon be upon us! And that means…Countdown Clocks…the end of extended support for Windows XP. But not just XP. Office 2003 is also reaching its life.And thats especially important to know because theres currently an Office vulnerability in the wild.Microsoft released its Security Bulletin Advance Notification yesterday: And the good news is: a patch for the Word vulnerability appears to be in the pipeline.
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002690.html
*** Dealing with Disaster - A Short Malware Incident Response, (Fri, Apr 4th) ***
---------------------------------------------
I had a client call me recently with a full on service outage - his servers werent reachable, his VOIP phones were giving him more static than voice, and his Exchange server wasnt sending or receiving mail - pretty much everything was offline. I VPNd in (I was not onsite) and started with the firewall, because things were bad enough thats all I could initially get to from a VPN session.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17905&rss
*** Cisco IOS XR Software ICMPv6 Redirect Vulnerability ***
---------------------------------------------
A vulnerability in Internet Control Message Protocol version 6 (ICMPv6) processing of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to affect IPv4 and IPv6 traffic passing through an affected device.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Researchers Uncover Interesting Browser-Based Botnet ***
---------------------------------------------
Security researchers discovered an odd DDoS attack against several sites recently that relied on a persistent cross-site scripting vulnerability in a major video Web site and hijacked users’ browsers in order to flood the site with traffic. The attack on the unnamed site involved the use of injected Javascript on the site which would execute in […]
---------------------------------------------
http://threatpost.com/researchers-uncover-interesting-browser-based-botnet/…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 02-04-2014 18:00 − Donnerstag 03-04-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Researchers Divulge 30 Oracle Java Cloud Service Bugs ***
---------------------------------------------
Upset with the vulnerability handling process at Oracle, researchers yesterday disclosed over two dozen issues with the company’s Java Cloud Service platform.
---------------------------------------------
http://threatpost.com/researchers-divulge-30-oracle-java-cloud-service-bugs…
*** Ad Violations: Why Search Engines Won’t Display Your Site If it’s Infected With Malware ***
---------------------------------------------
As your site’s webmaster, have you ever seen an e-mail from Google like this: Hello, We wanted to alert you that one of your sites violates our advertising policies. Therefore, we won’t be able to run any of your ads that link to that site, and any new ads pointing to that site will alsoRead More
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/kz7JGX2ydIU/ad-violations-why…
*** IBM Lotus Web Content Managemen cross-site scripting ***
---------------------------------------------
IBM Lotus Web Content Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/90566
*** Watching the watchers, (Thu, Apr 3rd) ***
---------------------------------------------
A lot of companies today have various IDS and IPS devices implemented in their internal network (especially if you must be compliant with PCI DSS, for example). So these devices get implemented to monitor various traffic at various interfaces/perimeters in a company, but the question I got asked is how can we be sure that the IDS/IPS is doing its job? Obviously, some simple monitoring should be in place – this typically consists of pinging the device or collecting various counters such
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17895&rss
*** Macro-Enabled Files Used as Infection Vectors (Again) ***
---------------------------------------------
Macro-based attacks were popular in the early 2000s, but they gained much notoriety with the much publicized coverage of the Melissa virus. However, macro-based attacks soon began to drop off the radar. One major reason for this would be the security measures implemented by Microsoft to address malicious macro files. Another probable reason would also […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroMacro-Enabled Files Used as Infection Vectors (Again)
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/1X49GtDdVuU/
*** New Check_MK stable release 1.2.4p1 ***
---------------------------------------------
The most important changes are security patches for two CVEs (CVE-2014-2330 and CVE-2014-2331) which have been published on 2014-03-24 and 2014-03-28 on the bugtraq mailinglist. The mail from 2014-03-24 contained wrong information on the not-fixed issues, which had been corrected with the mail from 2014-03-28. All of the reported security related issues are fixed with this release.
---------------------------------------------
http://lists.mathias-kettner.de/pipermail/checkmk-announce/2014-April/00008…
*** A Series of Introductory Malware Analysis Webcasts ***
---------------------------------------------
If you are looking to get started with malware analysis, tune into the webcast series I created to illustrate key tools and techniques for examining malicious software.
---------------------------------------------
http://blog.zeltser.com/post/80874760857/introductory-malware-analysis-webc…
*** Twelve sources of global cyber attack maps ***
---------------------------------------------
1 - Cyber Warfare Real Time Map by Kaspersky
2 - Top Daily DDoS Attacks Worldwide by Google
3 - Security Tachometer by Deutche Telekom
4 - Cyberfeed Live Botnet Map by AnubisNetworks
5 - Real-time Web Monitor by Akamai
6 - IpViking Live Map by Norse
7 - Honeypots from the Honeynet Project
8 - Global Activity Maps by Arbor
9 - Global Botnet Threat Activity Map by Trend Micro
10 - DDoS Attacks by ShadowServer
11 - Internet Malicious Activity Maps by TeamCymru
12 - Globe and WorldMap by F-Secure
---------------------------------------------
http://sseguranca.blogspot.com.br/2014/03/ten-sources-of-global-cyber-attac…
*** SNMPCheck - Enumerate the SNMP devices ***
---------------------------------------------
Like to snmpwalk, snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring.
---------------------------------------------
http://hack-tools.blackploit.com/2014/04/snmpcheck-enumerate-snmp-devices.h…
*** The Right Stuff: Staffing Your Corporate SOC ***
---------------------------------------------
In my experience, passing a certification exam or getting a degree simply shows that a potential employee is a good test-taker or has the determination to plow through a degree program. Neither substitutes for the wealth of experience SOC analysts need to be good at their jobs.
Don’t get me wrong. Certification programs can be an important piece of a cyber-security practitioner’s complete education.
---------------------------------------------
http://www.darkreading.com/operations/careers-and-people/the-right-stuff-st…
*** FortiBalancer SSH Access Security Bypass Vulnerability ***
---------------------------------------------
A vulnerability has been reported in FortiBalancer, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to a configuration error related to SSH access and can be exploited to gain otherwise restricted SSH access.
The vulnerability is reported in FortiBalancer 400, 1000, 2000, and 3000.
---------------------------------------------
https://secunia.com/advisories/57673
*** Sicherheit: Fahnder entdecken Datensatz mit 18 Millionen Mailkonten ***
---------------------------------------------
Schon wieder ist eine Datei mit Millionen gehackten Mailkonten sichergestellt worden. Alle großen deutschen E-Mail-Provider und mehrere internationale Anbieter sollen betroffen sein. (Spam, Computer)
---------------------------------------------
http://www.golem.de/news/sicherheit-fahnder-entdecken-datensatz-mit-18-mill…
*** Tool Estimates Incident Response Cost for Businesses ***
---------------------------------------------
A new tool called CyberTab will help businesses estimate the cost of real and potential cyberattacks, and the amount a company could possibly save by investing in preventative measures and technologies.
---------------------------------------------
http://threatpost.com/tool-estimates-incident-response-cost-for-businesses/…
*** Bugtraq: [softScheck] Denial of Service in Microsoft Office 2007-2013 ***
---------------------------------------------
softScheck has identified a Denial of Service vulnerability in Microsoft Outlook 2007-2013. A remote attacker can send a plaintext email containing an XML bomb as the message body, causing Outlook to freeze while opening the email. This forces the user to terminate the Outlook process.
In the default Outlook configuration, in which email contents are displayed in a reading pane in the main window, the impact is more severe: Outlook will freeze while starting and will not be able to start anymore, since it tries to open and display the email during startup.
To resolve the issue, Outlook needs to be started in safe mode and the email needs to be deleted.
---------------------------------------------
http://www.securityfocus.com/archive/1/531722
*** DFRWS EU 2014 Annual Conference ***
---------------------------------------------
DFRWS has a long history of being the foremost digital forensics research venue and has decided to hold a sister conference to bring the same opportunities to Europe. The first annual DFRWS EU conference will be held from May 7 to 9, 2014 in Amsterdam, NL.
---------------------------------------------
http://www.dfrws.org/2014eu/
*** Cisco IOS Software IKE Main Mode Vulnerability ***
---------------------------------------------
A vulnerability in the Internet Key Exchange (IKE) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to delete established security associations on an affected device.
The vulnerability is due to improper handling of rogue IKE Main Mode packets. An attacker could exploit this vulnerability by sending a crafted IKE Main Mode packet to an affected device. An exploit could allow the attacker to cause valid, established IKE security associations on an affected device to drop.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…