=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 20-05-2014 18:00 − Mittwoch 21-05-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Ebay: Kundendaten bei Hackerangriff gestohlen ***
---------------------------------------------
Hacker hatten im Februar und März Zugriff auf Kundendaten
---------------------------------------------
http://derstandard.at/2000001422781
*** Enterprises Still Lax on Privileged User Access Controls ***
---------------------------------------------
The results of a survey commissioned by Raytheon demonstrate that enterprises still dont have a firm grasp on privileged users and their activities on corporate networks.
---------------------------------------------
http://threatpost.com/enterprises-still-lax-on-privileged-user-access-contr…
*** iBanking: Exploiting the Full Potential of Android Malware ***
---------------------------------------------
http://www.symantec.com/connect/blogs/ibanking-exploiting-full-potential-an…
*** World's most pricey trojan is veritable Swiss Army knife targeting Android ***
---------------------------------------------
Malicious Android app contains remote bugging, SMS interception, and much more.
---------------------------------------------
http://arstechnica.com/security/2014/05/worlds-most-pricey-trojan-is-verita…
*** Siemens Industrial Products OpenSSL Heartbleed Vulnerability (Update B) ***
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-105-03B
*** [2014-05-21] Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4 ***
---------------------------------------------
The software CoSoSys Endpoint Protector is affected by critical, unauthenticated SQL injection vulnerabilities and backdoor accounts.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
*** Security App of the Week: WP Security Audit Log ***
---------------------------------------------
WP Security Audit Log is a WordPress plugin that logs all the actions and events that take place under your website's hood. The plugin is useful not only in case of a data breach, but also for preventing one. The plugin is designed to generate a security alert when certain actions are detected. For instance, ..
---------------------------------------------
http://news.softpedia.com/news/Security-App-of-the-Week-WP-Security-Audit-L…
*** Hook Analyser 3.1 - Malware Analysis Tool ***
---------------------------------------------
Hook Analyser is a freeware application which allows an investigator/analyst to perform 'static & run-time / dynamic' analysis of suspicious applications, also gather (analyse & co-related) threat intelligence related information (or data) from various open sources on the Internet.
---------------------------------------------
http://www.darknet.org.uk/2014/05/hook-analyser-3-1-malware-analysis-tool/
*** Why You Should Ditch Adobe Shockwave ***
---------------------------------------------
This author has long advised computer users who have Adobes Shockwave Player installed to junk the product, mainly on the basis that few sites actually require the browser plugin, and because its yet another plugin that requires constant updating. But I was positively shocked this week to learn that this software introduces a far more pernicious problem: Turns out, ..
---------------------------------------------
http://krebsonsecurity.com/2014/05/why-you-should-ditch-adobe-shockwave/
*** LSE stellt Authentifizierungs-Tool LinOTP unter Open-Source-Lizenz ***
---------------------------------------------
Das Authentifizierungswerkzeug LinOTP steht ab sofort als Open-Source-Produkt zum kostenlosen Download bereit.
---------------------------------------------
http://www.heise.de/newsticker/meldung/LSE-stellt-Authentifizierungs-Tool-L…
*** Bugs in your TV ***
---------------------------------------------
Introduction As part of our research into the Internet of Things (IoT), we were asked to look at the current generation of Smart TVs and see whether they posed any new issues when used in the home or office. In particular, the latest sets come with built-in cameras (for use with video chat applications, ..
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/05/bugs-in-your-tv/
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 19-05-2014 18:00 − Dienstag 20-05-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Blackshades - Coordinated Takedown Leads to Multiple Arrests ***
---------------------------------------------
The FBI, Europol and several other law enforcement agencies have arrested dozens of individuals suspected of cybercriminal activity centered around the malware known as Blackshades (a.k.a. W32.Shadesrat).read more
---------------------------------------------
http://www.symantec.com/connect/blogs/blackshades-coordinated-takedown-lead…
*** Moodle Bugs Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1030256
*** Silverlight finally becomes popular ... with criminals ***
---------------------------------------------
Angler exploit kit targets Redmonds unloved rich web application kit Silverlight has become a choice target for VXers who are foisting nasty exploit kits on users through hacked advertising networks.
---------------------------------------------
http://www.theregister.co.uk/2014/05/20/silverlight_attacks_spike_as_ekers_…
*** Cisco IOS XR DHCPv6 Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1030259
*** Bugtraq: t214: Call for Papers 2014 (Helsinki / Finland) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532154
*** When Networks Turn Hostile ***
---------------------------------------------
We've previously discussed how difficult it is to safely connect to networks when on the go. This is particularly true on vacations and holidays, where the availability of Internet access is one of the most important factors when looking for a place to stay.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/when-networks-tu…
*** Cisco IOS Software IPv6 Denial of Service Vulnerability ***
---------------------------------------------
cisco-sa-20110928-ipv6
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Sicherheitslücke in iTunes: BSI drängt zum Update ***
---------------------------------------------
Eine durch Apples Medien-Software verursachte Schwachstelle erlaubt lokalen Nutzern einen umfassenden Zugriff auf andere Benutzerkonten - das Bundesamt für Sicherheit in der Informationstechnik rät zum Update auf Version 11.2.1.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsluecke-in-iTunes-BSI-draeng…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 16-05-2014 18:00 − Montag 19-05-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** January-April 2014 ***
---------------------------------------------
The 'NCCIC/ICS-CERT Monitor' newsletter offers a means of promoting preparedness, information sharing, and collaboration with the 16 critical infrastructure sectors. ICS-CERT accomplishes this on a day-to-day basis through sector briefings, meetings, conferences, and information product releases.
This publication highlights recent activities and information products affecting industrial control systems (ICSs), and provides a look ahead at upcoming ICS-related events.
---------------------------------------------
http://ics-cert.us-cert.gov//monitors/ICS-MM201404
*** IBM Security Bulletin: Fixes available for vulnerability in Apache Commons FileUpload contained in IBM WebSphere Portal (CVE-2014-0050) ***
---------------------------------------------
Fixes available for a denial of service vulnerability in the open source library Apache Commons FileUpload which affects IBM WebSphere Portal.
CVE(s): CVE-2014-0050
Affected product(s) and affected version(s):
WebSphere Portal 8
WebSphere Portal 7
WebSphere Portal 6.1.x
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** IBM Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Rational ClearCase ***
---------------------------------------------
IBM WebSphere Application Server is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.
CVE(s): CVE-2014-0964
Affected product(s) and affected version(s):
IBM Rational ClearCase, CM Server component, release 7.1.x (7.1.0.x, 7.1.1.x, and 7.1.2.x).
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** Mozilla gründet "Winter of Security" ***
---------------------------------------------
Studenten können bei Mozillas Programm für ihr Studium ein Projekt durchführen, das eine Bedeutung auch außerhalb der Universität hat. Begleitet wird die Arbeit von einem Entwickler.
---------------------------------------------
http://www.heise.de/security/meldung/Mozilla-gruendet-Winter-of-Security-21…
*** Malvertising Up By Over 200% ***
---------------------------------------------
An anonymous reader writes "Online Trust Alliance (OTA) Executive Director and President Craig Spiezle testified before the U.S. Senates Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations, outlining the risks of malicious advertising, and possible solutions to stem the rising tide. According to OTA research, malvertising increased by over 200% in 2013 to over 209,000 incidents, generating over 12.4 billion malicious ad impressions.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ZUq6VAva50Y/story01.htm
*** DDoS Trojans attack Linux ***
---------------------------------------------
May 15, 2014 The fallacy that Linux is fully protected against malware thanks to the specific features of its architecture makes life much easier for intruders distributing such software. In May 2014, Doctor Webs security analysts identified and examined a record-high number of Trojans for Linux, a large portion of which is designed to (distributed denial of service) attacks. These programs share common features: first, they carry out DDoS attacks via various protocols, and second, they appear ..
---------------------------------------------
http://news.drweb.com/show/?i=5760&lng=en&c=9
*** Security: Datenbank informiert über Identitätsklau ***
---------------------------------------------
Eine Datenbank gibt Informationen darüber, ob Passwörter oder Kontodaten eines Nutzers auf einschlägigen Foren zu finden sind. Die vom Hasso-Plattner-Institut bereitgestellten Informationen unterscheiden sich von denen des BSI.
---------------------------------------------
http://www.golem.de/news/security-datenbank-informiert-ueber-identitaetskla…
*** Cisco ASA Crafter RADIUS Packets Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the implementation of the Remote Authentication Dial-in User Services (RADIUS) code of Cisco ASA Software could allow an authenticated, remote attacker to cause an affected system to reload.
The vulnerability is due to insufficient validation of RADIUS packets including crafted attributes. An attacker could exploit this vulnerability by sending crafted RADIUS packets to the affected system. The attacker must know the RADIUS shared secret and inject the crafted packet while a RADIUS exchange is in progress.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Mid-2014 Tech Security Rundown: 5 Current Exploits Worth Knowing About ***
---------------------------------------------
Here are just a few of the security threats that have risen to prominence in recent months.
...
Rotbrow
Mobile Side Channel Leakage
IoT Hardware & Software
Ad Network Intrusion
Out of Harm's Way
Besides these exploits, web users must contend with on-going threats like SQL injection and cross-site scripting.
---------------------------------------------
http://hackersnewsbulletin.com/2014/05/mid-2014-tech-security-rundown-5-cur…
*** Online-Banking: Verstärkte Angriffe auf das mTAN-Verfahren ***
---------------------------------------------
Experten warnen vor verstärkten Infektionen mit dem Android-Trojaner FakeToken. Die Software kopiert empfangene SMS, die TANs enthalten. Ganoven können dann das Konto des Opfers leer räumen.
---------------------------------------------
http://www.heise.de/security/meldung/Online-Banking-Verstaerkte-Angriffe-au…
*** Kryptographie: Schnellerer Algorithmus für das diskrete Logarithmusproblem ***
---------------------------------------------
Auf der Eurocrypt-Konferenz ist ein schnellerer Algorithmus für eine spezielle Variante des diskreten Logarithmusproblems vorgestellt worden. Dieses Problem ist die Grundlage zahlreicher kryptographischer Verfahren, doch eine direkte Bedrohung für real eingesetzte Algorithmen gibt es zur Zeit nicht.
---------------------------------------------
http://www.golem.de/news/kryptographie-schnellerer-algorithmus-fuer-das-dis…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 15-05-2014 18:00 − Freitag 16-05-2014 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
*** CSWorks Software SQL Injection Vulnerability ***
---------------------------------------------
Researcher John Leitch, working with HP's Zero Day Initiative (ZDI), has identified an SQL injection vulnerability in CSWorks' CSWorks software framework. CSWorks has produced an updated version that mitigates this vulnerability.
This vulnerability could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-135-01
*** Statistik: Verschlüsselter Datenverkehr nimmt zu ***
---------------------------------------------
Laut einer Studie steigt seit Beginn der Enthüllungen des Whistleblowsers Edward Snowden der Anteil an SSL-verschlüsselten Verbindungen im Internet. Die Zunahmen in den USA und Europa unterscheiden sich aber.
---------------------------------------------
http://www.heise.de/security/meldung/Statistik-Verschluesselter-Datenverkeh…
*** Torque 2.5.13 Buffer Overflow ***
---------------------------------------------
Topic: Torque 2.5.13 Buffer Overflow Risk: High Text:A buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014050086
*** Apple Releases OS X 10.9.3, Fixes Serious Flaw in iTunes ***
---------------------------------------------
Apple has released a new version of OS X Mavericks, which includes all of the security fixes it pushed out last month. OS X 10.9.3 includes the patches for the so-called triple handshake SSL vulnerability, as well as fixes for several remote code-execution vulnerabilities.
---------------------------------------------
http://threatpost.com/apple-releases-os-x-10-9-3-fixes-serious-flaw-in-itun…
*** Understanding how Fuzzing Relates to a Vulnerability like Heartbleed ***
---------------------------------------------
Fuzzing is a security-focused testing technique in which a compiled program is executed so that the attack surface can be tested as it actually runs. The attack surfaces are the components of code that accept user input. Since this is the most vulnerable part of code, it should be rigorously tested with anomalous data.
---------------------------------------------
http://labs.bromium.com/2014/05/14/understanding-how-fuzzing-relates-to-a-v…
*** iTunes: Apple schließt problematische Lücke in PC-Version ***
---------------------------------------------
Das Update 11.2 stopft ein Leck, über das es unter Windows XP SP3 bis 8 möglich war, iTunes-Zugangsdaten zu stehlen.
---------------------------------------------
http://www.heise.de/security/meldung/iTunes-Apple-schliesst-problematische-…
*** PayPal Fixes Serious Account Hijacking Bug in Manager ***
---------------------------------------------
PayPal patched a hole in its Manager functionality this week that could have made it easy for an attacker to hijack an admin's account, change their password and steal their personal information -- not to mention their savings.
---------------------------------------------
http://threatpost.com/paypal-fixes-serious-account-hijacking-bug-in-manager…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 13-05-2014 18:00 − Mittwoch 14-05-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Microsoft Security Bulletin Summary for May 2014 - Version: 2.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-MAY
*** Assessing risk for the May 2014 security updates ***
---------------------------------------------
Today we released eight security bulletins addressing 13 unique CVEs. Two bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important. The table is designed to help you prioritize the deployment of updates appropriately for your ..
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2014/05/13/assessing-risk-for-the-ma…
*** Operation Saffron Rose ***
---------------------------------------------
There is evolution and development underway within Iranian-based hacker groups that coincides with Iran's efforts at controlling political dissent and expanding offensive cyber capabilities. The capabilities of ..
---------------------------------------------
http://www.fireeye.com/blog/technical/malware-research/2014/05/operation-sa…
*** Yokogawa Multiple Products Vulnerabilities ***
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-133-01
*** DSA-2927 libxfont ***
---------------------------------------------
http://www.debian.org/security/2014/dsa-2927
*** WordPress Formidable Forms Remote Code Execution ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014050069
*** Patchday: Adobe flickt Flash und Illustrator ***
---------------------------------------------
Adobe hat am Mai-Patchday Sicherheitsupdates für Lücken im Flash-Player und in Adobe Illustrator CS6 herausgegeben. Die Updates für beide Programme werden von der Firma als kritisch eingeschätzt.
---------------------------------------------
http://www.heise.de/security/meldung/Patchday-Adobe-flickt-Flash-und-Illust…
*** Security updates available for Adobe Flash Player ***
---------------------------------------------
Adobe has released security updates for Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.356 and earlier versions for Linux. These updates address vulnerabilities that could ..
---------------------------------------------
https://helpx.adobe.com/security/products/flash-player/apsb14-14.html
*** Security hotfix available for Adobe Illustrator (CS6) ***
---------------------------------------------
Adobe has released a security hotfix for Adobe Illustrator (CS6) for Windows and Macintosh. This hotfix addresses a vulnerability that could be exploited to gain remote code execution on the affected system. Adobe recommends users ..
---------------------------------------------
https://helpx.adobe.com/security/products/illustrator/apsb14-11.html
*** Heartbleed-Betroffene stecken Kopf in den Sand ***
---------------------------------------------
Wer einen Server mit einer für Heartbleed anfälligen OpenSSL-Version betrieben hat, muss damit rechnen, dass seine Private Keys kompromittiert wurden. Trotzdem sind diese in den meisten Fällen immer noch im Einsatz.
---------------------------------------------
http://www.heise.de/security/meldung/Heartbleed-Betroffene-stecken-Kopf-in-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 12-05-2014 18:00 − Dienstag 13-05-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** NSA manipuliert per Post versandte US-Netzwerktechnik ***
---------------------------------------------
Bereits Anfang des Jahres hatte Jacob Appelbaum behauptet, die NSA fange per Post versandte Geräte ab, um darauf Spyware zu installieren. Nun untermauert Glenn Greenwald diese Anschuldigung: Betroffen seien unter anderem Router und Server von Cisco.
---------------------------------------------
http://www.heise.de/security/meldung/NSA-manipuliert-per-Post-versandte-US-…
*** AV-Firma warnt wieder vor Adware-Trojaner für OS X ***
---------------------------------------------
Nach Angabe von Doctor Web ist aktuell neue Adware im Umlauf, die auf Mac-Nutzer abzielt. Die unerwünschten Browser-Plugins werden bei der Installation von OS-X-Software mit eingespielt.
---------------------------------------------
http://www.heise.de/security/meldung/AV-Firma-warnt-wieder-vor-Adware-Troja…
*** Zertifikate: DANE und DNSSEC könnten mehr Sicherheit bringen ***
---------------------------------------------
DANE könnte die Echtheitsprüfung von Zertifikaten bei TLS-Verbindungen verbessern. Allerdings benötigt das System DNSSEC - und das ist bislang kaum verbreitet. Der Mailanbieter Posteo prescht jetzt voran und will das System etablieren.
---------------------------------------------
http://www.golem.de/news/zertifikate-dane-und-dnssec-koennten-mehr-sicherhe…
*** Lücken in AVG Remote Administration bleiben offen ***
---------------------------------------------
Auf Anfrage teilte die Firma mit, dass sie Angriffe aus dem LAN heraus nicht verhindern könne und deswegen drei Lücken in der Software nicht schliessen wolle. Durch die Lücken können Angreifer den Virenschutz einer Organisation von innen abschalten.
---------------------------------------------
http://www.heise.de/security/meldung/Luecken-in-AVG-Remote-Administration-b…
*** Proactively Hardening Systems Against Intrusion: Configuration Hardening ***
---------------------------------------------
The concept of 'hardening' has nice imagery to it. When we use it to describe battle-hardened soldiers who have been tested in combat a grim, determined image invariably leaps to mind. The same thing happens when we speak of hardened steel that's been repeatedly quenched and tempered, or ..
---------------------------------------------
http://www.tripwire.com/state-of-security/security-data-protection/automati…
*** Adobe Security Bulletins Posted ***
---------------------------------------------
http://blogs.adobe.com/psirt/?p=1100
*** Linux Kernel raw_cmd_copyin() privilege escalation ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/93050
*** RSA Security Analytics Lets Remote Users Bypass Authentication ***
---------------------------------------------
http://www.securitytracker.com/id/1030220
*** RSA NetWitness Lets Remote Users Bypass Authentication ***
---------------------------------------------
http://www.securitytracker.com/id/1030219
*** Flag Module for importer code execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/93086
*** grub-mkconfig local access to password ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014050063
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 09-05-2014 18:00 − Montag 12-05-2014 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
*** Collabtive folder SQL injection ***
---------------------------------------------
Collabtive is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the managefile.php script using the folder parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/93029
*** Cobbler kickstart value file include ***
---------------------------------------------
Cobbler could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request using the Kickstart value when creating new profiles, to specify a malicious file from the local system, which could allow the attacker to obtain sensitive information or execute arbitrary code on the vulnerable Web server.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/93033
*** Bitcoin Miner Utilizing IRC Worm ***
---------------------------------------------
Bitcoin miners have given a new reason for attackers to communicate en mass with infected users. IRC worms are not exactly the most hip way to communicate, but they remain effective at sending and receiving commands. I recently came across several samples which bit coin mining examples leveraging IRC. The malicious binary, once installed, queries for the network shares connected to the
---------------------------------------------
http://feedproxy.google.com/~r/zscaler/research/~3/2xQ7VPxF-ms/bitcoin-mine…
*** strongSwan Null Pointer Dereference in Processing ID_DER_ASN1_DN ID Payloads Lets Remote Users Deny Service ***
---------------------------------------------
A vulnerability was reported in strongSwan. A remote user can cause denial of service conditions.
A remote user can send a specially crafted ID_DER_ASN1_DN ID payload to trigger a null pointer dereference and cause the target IKE service to crash.
---------------------------------------------
http://www.securitytracker.com/id/1030209
*** G Data: Symantecs "Ende der Antivirensoftware" verunsichert Nutzer ***
---------------------------------------------
Nicht verunsichern lassen und weiter Antivirensoftware kaufen - so lautet ein Aufruf von G Data. Symantec hatte zuvor erklärt, dass nur noch durchschnittlich 45 Prozent aller Angriffe von Antivirensoftware erkannt werden.
---------------------------------------------
http://www.golem.de/news/g-data-symantecs-ende-der-antivirensoftware-veruns…
*** Drupal Flag 7.x-3.5 Command Execution ***
---------------------------------------------
Topic: Drupal Flag 7.x-3.5 Command Execution Risk: High Text:Drupal Flag 7.x-3.5 Module Vulnerability Report Author: Ubani Anthony Balogun Reported: May 07, 2014 ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014050054
*** Nach Heartbleed: Neues Zertifikat, alter Key ***
---------------------------------------------
Nach dem Heartbleed-Bug haben viele Administratoren Zertifikate für TLS-Verbindungen ausgetauscht. Viele haben dabei jedoch einen fatalen Fehler begangen: Sie erstellten zwar ein neues Zertifikat, aber keinen neuen Schlüssel. (Technologie, Applikationen)
---------------------------------------------
http://www.golem.de/news/nach-heartbleed-neues-zertifikat-alter-key-1405-10…
*** Backdoor Xtrat Continues to Evade Detection ***
---------------------------------------------
While reviewing recent reports scanned by ZULU, we came across a malicious report that drew our attention. It was notable as the final redirection downloaded ZIP content by accessing a PHP file on the domain www.stisanic.com. URL: hxxp://www[.]stisanic[.]com/wp-content/coblackberrycomnotasdevozdate07052014[.]php ZULUs virustotal check scored the file as higher risk. At the time 10
---------------------------------------------
http://feedproxy.google.com/~r/zscaler/research/~3/OqS4L1x6ebQ/backdoor-xtr…
*** Link-shortening service Bit.ly suffers data breach ***
---------------------------------------------
We have reason to believe that Bitly account credentials have been compromised; specifically, users' email addresses, encrypted passwords, API keys and OAuth tokens. We have no indication at this time that any accounts have been accessed without permission. We have taken steps to ensure the security of all accounts, including disconnecting all users' Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login.
---------------------------------------------
http://blog.bitly.com/post/85169217199/urgent-security-update-regarding-you…
*** Falsche Zertifikate unterwandern HTTPS-Verbindungen ***
---------------------------------------------
Forscher sprechen von signifikantem Teil der verschlüsselten Kommunikation - Vor allem Firewalls und Antivirensoftware verantwortlich
---------------------------------------------
http://derstandard.at/1399507237936
*** Linux-Kernel: Root-Rechte für Nutzer ***
---------------------------------------------
Durch einen Fehler im Linux-Kernel kann ein einfacher Nutzer Root-Rechte erlangen. Bekannt ist der Fehler schon seit gut einer Woche, aber jetzt gibt es einen öffentlichen Exploit.
---------------------------------------------
http://www.golem.de/news/linux-kernel-root-rechte-fuer-nutzer-1405-106407-r…
*** Race Condition in the Linux kernel ***
---------------------------------------------
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
---------------------------------------------
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196
*** Unbekannte bieten 33 Millionen E-Mail-Adressen feil ***
---------------------------------------------
Das könnte die nächste Spam-Welle auslösen: Unbekannte bieten per E-Mail mehrere Millionen Mailadressen von deutschen Providern zum Kauf an. Angeblich handelt es sich um 100 Prozent gültige Adressen.
---------------------------------------------
http://www.heise.de/security/meldung/Unbekannte-bieten-33-Millionen-E-Mail-…
*** HPSBST03038 rev.1 - HP H-series Fibre Channel Switches, Remote Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with certain HP H-series Fibre Channel Switches. This vulnerability could be exploited remotely to disclose information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Bugtraq: ESA-2014-027: RSA NetWitness and RSA Security Analytics Authentication Bypass Vulnerability ***
---------------------------------------------
RSA NetWitness and RSA Security Analytics each contain a security fix for an authentication bypass vulnerability that could potentially be exploited to compromise the affected system. When PAM for Kerberos is enabled, an attacker can authenticate to the vulnerable system with a valid user name and without specifying a password. This issue does not affect other authentication methods.
---------------------------------------------
http://www.securityfocus.com/archive/1/532077
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 08-05-2014 18:00 − Freitag 09-05-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Advance Notification Service for the May 2014 Security Bulletin Release ***
---------------------------------------------
Today we provide Advance Notification Service (ANS) for the release of eight bulletins, two rated Critical and six rated Important in severity. These updates will address vulnerabilities for .NET Framework, Office, Internet Explorer, and Windows. As we do every month, we've scheduled the security bulletin release for the second Tuesday of the month, May 13, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for deployment guidance and further analysis together with a brief
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/05/08/advance-notification-ser…
*** Prenotification Security Advisory for Adobe Reader and Acrobat ***
---------------------------------------------
Adobe is planning to release security updates on Tuesday, May 13, 2014 for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh.
---------------------------------------------
https://helpx.adobe.com/security/products/reader/apsb14-15.html
*** SQL Injection In Insert, Update, And Delete ***
---------------------------------------------
This is a brief whitepaper that goes over different payloads that can be leveraged in SQL injection attacks.
---------------------------------------------
http://packetstormsecurity.com/files/126527/SQL-Injection-In-Insert-Update-…
*** SNMP: The next big thing in DDoS Attacks? ***
---------------------------------------------
It started with DNS: Simple short DNS queries are easily spoofed and the replies can be much larger then the request, leading to an amplification of the attack by orders of magnitude. Next came NTP. Same game, different actors: NTPs "monlist" feature allows for small requests (again: UDP, so trivially spoofed) and large responses. Today, we received a packet capture from a reader showing yet another reflective DDoS mode: SNMP. The "reflector" in this case...
---------------------------------------------
https://isc.sans.edu/diary/SNMP%3A+The+next+big+thing+in+DDoS+Attacks%3F/18…
*** Heartbleed, IE Zero Days, Firefox vulnerabilities - Whats a System Administrator to do? ***
---------------------------------------------
With the recent headlines, weve seen heartbleed (which was not exclusive to Linux, but was predominately there), an IE zero day that had folks over-reacting with headlines of "stop using IE", but Firefox and Safari vulnerabilities where not that far back in the news either. So what is "safe"? And as an System Administrator or CSO what should you be doing to protect your organization?
---------------------------------------------
https://isc.sans.edu/diary/Heartbleed%2C+IE+Zero+Days%2C+Firefox+vulnerabil…
*** Exploit Kit Roundup: Best of Obfuscation Techniques ***
---------------------------------------------
The world of exploit kits is an ever-changing one, if you happen to look away even just for one month, you'll come back to find that most everything has changed around you. Because of this, people like us, who work on a secure web gateway product, are continuously immersed in the world of exploit kits. Every once in a while it's a good idea to stop, take a look around us, and review what's changed. We would like to share some of the more interesting obfuscation techniques
---------------------------------------------
http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/R9KtNDgyouY/exploit-ki…
*** Surge in Viknok infections bolsters click fraud campaign ***
---------------------------------------------
Researchers detected over 16,500 Viknok infections in the first week of May alone.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/6mC7Lf47bgY/
*** Malicious DIY Java applet distribution platforms going mainstream - part two ***
---------------------------------------------
In a cybercrime ecosystem, dominated by client-side exploits serving Web malware exploitation kits, cybercriminals continue relying on good old fashioned social engineering tricks in an attempt to trick gullible end users into knowingly/unknowingly installing malware. In a series of blog posts, we've been highlighting the existence of DIY (do-it-yourself), social engineering driven, Java drive-by type of Web based platforms, further enhancing the current efficient state of social...
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/6wG1i4Gl5HQ/
*** Bitly shortens life of users passwords after credential compromise ***
---------------------------------------------
OAuth tentacles mean its time to change ANOTHER password URL-shortening and online marketing outfit Bit.ly has warned its systems have been accessed by parties unknown and suggested users change their passwords.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/05/09/bitly_short…
*** Weekly Metasploit Update: Disclosing Usernames, More Flash Bugs, and Wireshark Targets ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/05/08/weekly-me…
*** Heartbleed: Noch immer 300.000 Server verwundbar ***
---------------------------------------------
Vier Wochen nach Auftauchen der Lücke zeigt Untersuchung nur wenig Fortschritte
---------------------------------------------
http://derstandard.at/1399507030882
*** Cyber Security Challenge sucht österreichische IT-Talente ***
---------------------------------------------
Bereits zum dritten Mal wird im Rahmen der Cyber Security Challenge Austria nach jungen Hacker-Talenten gesucht. Dieses Jahr gibt es auch einen europaweiten Wettbewerb.
---------------------------------------------
http://futurezone.at/netzpolitik/cyber-security-challenge-sucht-oesterreich…
*** CVE-2014-3214: A Defect in Prefetch Can Cause Recursive Servers to Crash ***
---------------------------------------------
A defect in the pre-fetch feature (which is enabled by default) can cause BIND 9.10.0 to terminate with a "REQUIRE" assertion failure if it processes queries whose answers have particular attributes. This can be triggered as the result of normal query processing.
---------------------------------------------
https://kb.isc.org/article/AA-01161
*** QNAP-Photostation V.3.2 XSS ***
---------------------------------------------
XSS-Lücke in QNAP-Photostation V.3.2 (auf QNAP NAS TS259+ Pro - Firmware 4.0.7 vom 12.04.2014)
---------------------------------------------
http://sdcybercom.wordpress.com/2014/04/25/qnap-cross-site-scripting-nicht-…
*** Digi International OpenSSL Vulnerability ***
---------------------------------------------
Digi International has identified five products that are vulnerable to the OpenSSL Heartbleed bug. Digi International has produced downloadable firmware upgrade versions that mitigate this vulnerability.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-128-01
*** IBM Security Bulletins for TADDM ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** Kaspersky Internet Security Null Pointer Dereference in prremote.dll Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030203
*** Multiple BIG-IP products iControl command execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/93015
*** Security Bulletin: IBM iNotes Cross-Site Scripting Vulnerability (CVE-2014-0913) ***
---------------------------------------------
IBM iNotes versions 9.0.1 and 8.5.3 Fix Pack 6 contain a cross-site scripting vulnerability. The fixes for these issues were introduced in IBM Domino and IBM iNotes versions 9.0.1 Fix Pack 1 and 8.5.3 Fix Pack 6 Interim Fix 2.
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21671981
*** HPSBMU03035 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross-Site Scripting (XSS) ***
---------------------------------------------
A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. This vulnerability could be exploited remotely to allow cross-site scripting (XSS).
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** HPSBGN03008 rev.2 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information ***
---------------------------------------------
The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** R7-2013-19.2 Disclosure: Yokogawa CENTUM CS 3000 BKESimmgr.exe Buffer Overflow (CVE-2014-0782) ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/05/09/r7-2013-1…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 07-05-2014 18:00 − Donnerstag 08-05-2014 18:00
Handler: L. Aaron Kaplan
Co-Handler: Stephan Richter
*** The State of Cryptography in 2014, Part 2: Hardware, Black Swans, and What To Do Now ***
---------------------------------------------
We continue our look into the state of cryptography in 2014; Part 1 was posted earlier this week. Is Hardware Security Any Better? We closed the first post by asking: is hardware any more trustworthy? One would think that it is - but it's not. Recently, chip vendors have been incorporating cryptography into their CPUs or chipsets. Usually,...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5erAjAwWMmU/
*** SIRv16: Cybercriminal tactics trend toward deceptive measures ***
---------------------------------------------
Microsoft's Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110 countries/regions worldwide. The report is designed to help IT and security professionals better protect themselves and their organizations from cyberattacks. Malware data is gathered from the Malicious Software Removal Tool (MSRT), which is used to calculate the infection rate...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/05/07/sirv16-cybercriminal-tac…
*** Case Study: Analyzing the Origins of a DDoS Attack ***
---------------------------------------------
Recently a client was experiencing a massive layer 7 DDOS attack, generating tens of thousands of random HTTP requests per second to the server. The architecture of the website included a cluster of three web servers responsible for handling all incoming traffic, which did little to alleviate the pressures brought about the attack. An interestingRead More
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/7nrfa2OwFuo/map-of-a-ddos-att…
*** Systemkamera Samsung NX300 öffnet Hackern Tür und Tor ***
---------------------------------------------
Die Kamera enthält eine ganze Reihe von Sicherheitslücken, inklusive einem weit offen stehenden X-Server und einem reprogrammierbaren NFC-Chip. Angreifer könnten diese nutzen, um Schadcode auf dem Gerät auszuführen.
---------------------------------------------
http://www.heise.de/security/meldung/Systemkamera-Samsung-NX300-oeffnet-Hac…
*** April 2014 virus activity review from Doctor Web ***
---------------------------------------------
April 30, 2014 April 2014 proved to be quite fruitful in terms of the emergence of new threats. In particular, Doctor Webs security researchers discovered a new multi-purpose backdoor targeting Windows. Also registered were numerous incidents involving adware browser extensions for Mac OS X. In addition, a variety of signatures for Android malware were added to the virus databases.
---------------------------------------------
http://news.drweb.com/show/?i=4376&lng=en&c=9
*** Volafox Mac OS X Memory Analysis Toolkit ***
---------------------------------------------
Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:...
---------------------------------------------
http://www.sectechno.com/2014/05/04/volafox-mac-os-x-memory-analysis-toolki…
*** Security: Gravierende Lücke in AVG Remote Administration ***
---------------------------------------------
Nutzer, die das Fernwartungspaket AVG Remote Administration nutzen, sollten dringend einen aktuellen Patch installieren. Bisher war es möglich, dass Angreifer über das Programm Code einschleusen konnten - aber das ist nicht die einzige Lücke, weitere stehen noch offen.
---------------------------------------------
http://www.golem.de/news/security-gravierende-luecke-in-avg-remote-administ…
*** [2014-05-08] Multiple critical vulnerabilities in AVG Remote Administration ***
---------------------------------------------
Attackers are able to completely compromise the AVG Admin server (part of AVG Remote Administration) system as they can gain full access at the application and system level by exploiting remote code execution, authentication bypass, missing entity authentication and insecure encryption vulnerabilities. Attackers can also manage endpoints and possibly deploy attacker-controlled code on endpoints.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
*** Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players ***
---------------------------------------------
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute arbitrary code on the system of a targeted user.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** SA-CONTRIB-2014-049 - Organic Groups (OG) - Access Bypass ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-049Project: Organic groups (third-party module)Version: 7.xDate: 2014-May-07Security risk: Moderately criticalExploitable from: RemoteVulnerability: Access bypassDescriptionOrganic groups (OG) enables users to create and manage their own groups. Each group can have subscribers, and maintains a group home page where subscribers communicate amongst themselves.OG doesnt sufficiently check the permissions when a group member is pending or blocked status within...
---------------------------------------------
https://drupal.org/node/2261245
*** Ruby on Rails Implicit Render Bug Lets Remote Users Obtain Files From the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1030210
*** HP Security Bulletins ***
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Vuln: vBulletin Multiple Cross Site Scripting Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/66972
*** Vuln: SAP Solution Manager Background Processing Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/67107
*** Vuln: SAP NetWeaver Portal WD Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/67104
*** Security Advisory-Radius Vulnerability on Some Huawei Devices ***
---------------------------------------------
On huawei Campus Switch, AR, SRG,WLAN devices, the RADIUS component cannot handle malformed RADIUS packets. This vulnerability allows attackers to repeatedly restart the device, causing a DoS attack (Vulnerability ID: HWPSIRT-2014-0307).
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…