Daily

daily@lists.cert.at

1 participants
3190 discussions

Tageszusammenfassung - Donnerstag 7-08-2014
by Daily end-of-shift report 07 Aug '14

07 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 06-08-2014 18:00 − Donnerstag 07-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability *** --------------------------------------------- cisco-sa-20140806-energywise --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Security expert calls home routers a clear and present danger *** --------------------------------------------- In Black Hat Q&A, In-Q-Tel CISO says home routers are "critical infrastructure." --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/iXnyWy8k6JU/ *** Black Hat 2014: Netzbetreiber-Software zum Fernsteuern von Mobilgeräten erlaubt Missbrauch *** --------------------------------------------- Auf zwei Milliarden Mobilfunkgeräten läuft eine verwundbare Software, die Netzbetreibern zum Kontrollieren der Geräte dient. Mit geringem Aufwand können Angreifer die Geräte unbemerkt aus der Ferne manipulieren und so beispielsweise Datenverkehr mitschneiden. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-2014-Netzbetreiber-Software-… *** Internet Explorer begins blocking out-of-date ActiveX controls *** --------------------------------------------- As part of our ongoing commitment to delivering a more secure browser, starting August 12th Internet Explorer will block out-of-date ActiveX controls. ActiveX controls are small apps that let Web sites provide content, like videos and games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren't automatically updated, they can become outdated as new versions are released. --------------------------------------------- http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-bloc… *** Cisco 2014 Midyear Security Report: Exposing Weak Links to Strengthen the Security Chain *** --------------------------------------------- You may be thinking, "What could have possibly changed since January?" True to form, the attacker community continues to evolve, innovate, and think up new ways to discover and exploit weak links in the security chain. Also true to form, they sometimes simply use tried and true methods to exploit some of the same old vulnerabilities that continue to present themselves. --------------------------------------------- https://blogs.cisco.com/security/cisco-2014-midyear-security-report-exposin… *** Securing VoIP systems *** --------------------------------------------- Countermeasures for these security issues are given below in greater detail: - Encryption - Firewalls - Traffic Analysis - Improved network Security - Authentication mechanisms - Apply appropriate patches - Turn off unnecessary protocols... --------------------------------------------- http://resources.infosecinstitute.com/securing-voip-systems/ *** Jetzt updaten: Ältere Synology NAS-Geräte anfällig für Ransomware *** --------------------------------------------- Der NAS-Hersteller Synology hat Details zu der Lücke bekannt gegeben, die der Erpressungs-Trojaner SynoLocker ausnutzt, um die Daten seiner Opfer zu verschlüsseln. Nach Informationen des Herstellers betrifft das Sicherheitsproblem nur ältere Firmware-Versionen und wurde im Dezember 2013 behoben. Die DiskStation-Manager-Software (DSM) Version 4.3-3810 oder älter soll betroffen sein, ein Update auf DSM 5.0 soll Abhilfe schaffen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Jetzt-updaten-Aeltere-Synology-NAS-G… *** OpenSSL-Updates - diesmal nicht ganz so schlimm *** --------------------------------------------- Die OpenSSL-Entwickler beseitigen neun Sicherheitslücken, die meisten von Google-Forschern entdeckt. Allerdings ist diesmal nichts wirklich dramatisches dabei. --------------------------------------------- http://www.heise.de/newsticker/meldung/OpenSSL-Updates-diesmal-nicht-ganz-s… *** Hintergrund: Politische Lösungen für eine sichere Zukunft der Kommunikation *** --------------------------------------------- Nach den Snowden-Enthüllungen steht eine Diskussion an, was wir zukünftig besser machen können, um Spionage und großflächige Massenüberwachung zu verhindern. Neben der besserer Technik braucht es da auch neue politische Ansätze, meint Linus Neumann. --------------------------------------------- http://www.heise.de/security/artikel/Politische-Loesungen-fuer-eine-sichere… *** Security Notice-Statement on 9 OpenSSL Vulnerabilities *** --------------------------------------------- Aug 07, 2014 20:29 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices…

1 0

Tageszusammenfassung - Mittwoch 6-08-2014
by Daily end-of-shift report 06 Aug '14

06 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 05-08-2014 18:00 − Mittwoch 06-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Another Bypass Identified in PayPal 2FA *** --------------------------------------------- A security researcher has uncovered a simple method for bypassing the two-factor authentication mechanism that PayPal uses to protect accounts that are tied to eBay accounts. The vulnerability is related to the way that the login flow works when a user is prompted to connect her eBay account to her PayPal account. The eBay and... --------------------------------------------- http://threatpost.com/another-bypass-identified-in-paypal-2fa/107605 *** Mozilla zukünftig mit zentralen Sperrlisten *** --------------------------------------------- Sichere Internet-Verbindungen erfordern Mechanismen, kompromittierte Zertifikate als ungültig zu erklären. Die aktuellen Verfahren dazu funktionieren jedoch nicht. Zukünftig soll das bei Firefox und Co die OneCRL richten. --------------------------------------------- http://www.heise.de/security/meldung/Mozilla-zukuenftig-mit-zentralen-Sperr… *** Researchers release CryptoLocker decryption tool *** --------------------------------------------- Tool uses private keys found in database of victims.The CryptoLocker ransomware is one of the nastiest pieces of malware to have targeted Internet users in recent years. The malware uses strong file encryption (more particularly, AES encryption with a key that has been encrypted using an RSA-2048 private key) to deny the user access to their files unless they pay a ransom of around US$300. At a time when we often seem to be learning about accidental or intentional vulnerabilities in encryption,... --------------------------------------------- http://www.virusbtn.com/blog/2014/08_06.xml?rss *** CipherShed *** --------------------------------------------- CipherShed is free (as in free-of-charge and free-speech) encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project. --------------------------------------------- http://n0where.net/ciphershed/ *** Web-Fu - Chrome extension for pentesting web applications *** --------------------------------------------- Chrome extension for pentesting web applications. Web-fu Is a web hacking tool focused on discovering and exploiting web vulnerabilitites. --------------------------------------------- http://hack-tools.blackploit.com/2014/08/web-fu-chrome-extension-for-pentes…

1 0

Tageszusammenfassung - Dienstag 5-08-2014
by Daily end-of-shift report 05 Aug '14

05 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 04-08-2014 18:00 − Dienstag 05-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Synology - erste Informationen bezüglich "Synolocker" *** --------------------------------------------- Special Notes SynoLocker Message Issue - If NAS is not infected: First, close all open ports for external access for now. Backup the data on the DiskStation and update DSM to the latest version. Synology will provide further information as soon as possible if you are vulnerable. If NAS is infected, first do not trust (and ignore) any unauthorized, non-Synology messages or emails. Hard shut down the DiskStation to prevent any further issues. --------------------------------------------- https://myds.synology.com/support/support_form.php?lang=us *** Synolocker: Why OFFLINE Backups are important, (Tue, Aug 5th) *** --------------------------------------------- One current threat causing a lot of sleepless nights to victims is "Cryptolocker" like malware. Various variations of this type of malware are still haunting small businesses and home users by encrypting files and asking for ransom to obtain the decryption key. Your best defense against this type of malware is a good backup. Shadow volume copies may help, but arent always available and complete. In particular for small businesses, various simple NAS systems have become popular over --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18481&rss *** Ubuntu-Sperrbildschirm verliert Tastatureingaben *** --------------------------------------------- Eine jetzt geschlossene Sicherheitslücke im Sperrbildschirm der Linux-Distribution Ubuntu könnte zur Folge haben, dass Nutzer ihr Passwort aus Versehen öffentlich im Internet bekanntgeben. --------------------------------------------- http://www.heise.de/newsticker/meldung/Ubuntu-Sperrbildschirm-verliert-Tast… *** Barracuda Web Application Firewall Reusable URL-Based Authentication Tokens Let Remote Users Bypass Authentication *** --------------------------------------------- http://www.securitytracker.com/id/1030665 *** Evernote Patches Vulnerability in Android App *** --------------------------------------------- We have previously discussed an Android vulnerability that may lead to user data being captured or used to launch attacks. We discovered that the popular Android app for Evernote contained the said vulnerability. We disclosed the details to Evernote, and they took action by issuing an update to the Android version of their app. Evernote has added additional... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/BBLQmuk3RrQ/ *** Symantec Endpoint Protection Local Client Application Device Control Buffer Overflow *** --------------------------------------------- Revisions None Severity CVSS2Base ScoreImpactExploitabilityCVSS2 VectorSEP Local Client ADC Buffer Overflow- Medium6.... --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se… *** Bugtraq: SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director *** --------------------------------------------- http://www.securityfocus.com/archive/1/533024 *** A Peek Into the Lions Den - The Magnitude [aka PopAds] Exploit Kit *** --------------------------------------------- Recently we managed to have an unusual peek into the content that is used on the servers of the prevalent exploit kit, Magnitude. In this blog post we'll review its most up-to-date administration panel and capabilities, as well as review some infection statistics provided by Magnitude over the course of several weeks. These days, after the arrest of Paunch, Blackhole exploit kit creator, exploit kit developers and sellers have learned their lesson regarding doing business in the --------------------------------------------- http://blog.spiderlabs.com/2014/08/a-peek-into-the-lions-den-the-magnitude-… *** Vulnerability in Spotify Android App May Lead to Phishing *** --------------------------------------------- We have discovered a vulnerability that affects versions of the Spotify app for Android older than 1.1.1. If exploited, the vulnerability can allow bad guys to control what is being displayed on the app interface. This vulnerability can be potentially abused by cybercriminals to launch phishing attacks that may result to information loss or theft. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/GZKakDZwRhw/

1 0

Tageszusammenfassung - Montag 4-08-2014
by Daily end-of-shift report 04 Aug '14

04 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 01-08-2014 18:00 − Montag 04-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** ZDI-14-273: AlienVault OSSIM av-centerd Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-273/ *** Remote code execution on Android devices *** --------------------------------------------- You walk into a coffee shop and take a seat. While waiting for your coffee, you take out your smartphone and start playing a game you downloaded the other day. Later, you go to work and check your email in the elevator. Without you knowing, an attacker has just gained a foothold in your corporate... --------------------------------------------- http://labs.bromium.com/2014/07/31/remote-code-execution-on-android-devices/ *** POWELIKS: Malware Hides In Windows Registry *** --------------------------------------------- We spotted a malware that hides all its malicious codes in the Windows Registry. The said tactic provides evasion and stealth mechanisms to the malware, which Trend Micro detects as TROJ_POWELIKS.A. When executed, TROJ_POWELIKS.A downloads files, which can cause further system infection. Systems affected by this malware risk being infected by other malware, thus causing further... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OEAKGdXwSnc/ *** All Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon, (Sat, Aug 2nd) *** --------------------------------------------- A remote code execution in nmbd (the NetBIOS name services daemon) has been found in Samba versions 4.0.0 to 4.1.10. ( assgined CVE-2014-3560) and a patch has been release by the team at samba.org. Heres the details from http://www.samba.org/samba/security/CVE-2014-3560 =========== Description =========== All current versions of Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon. A malicious browser can send packets that may overwrite --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18471&rss *** TP-Link TL-WR740N v4 arbitrary shell command execution *** --------------------------------------------- Topic: TP-Link TL-WR740N v4 arbitrary shell command execution Risk: High Text:# Exploit Title: TP-Link TL-WR740N v4 router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) arbitrary shell command execution # Dat... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014080013 *** Verschlüsselungstrojaner attackiert Synology-Speichersysteme *** --------------------------------------------- Cyber-Erpresser haben einen neuen, direkten Weg gefunden, um das digitale Hab und Gut ihrer Opfer als Geisel zu nehmen: Sie nutzen eine Sicherheitslücke in der NAS-Firmware, um den gesamten Netzwerkspeicher zu verschlüsseln. --------------------------------------------- http://www.heise.de/newsticker/meldung/Verschluesselungstrojaner-attackiert… *** China boots Kaspersky and Symantec off security contractor list *** --------------------------------------------- Foreign firms dropped from roll of approved infosec vendors Kaspersky Labs and Symantec have both been booted off China's list of approved security vendors for government agencies, as the country continues to tighten up against foreign tech firms in the wake of the NSA indiscriminate surveillance revelations. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/08/04/kaspersky_s… *** Bugtraq: ownCloud Unencrypted Private Key Exposure *** --------------------------------------------- http://www.securityfocus.com/archive/1/533010 *** Backdoor Techniques in Targeted Attacks *** --------------------------------------------- Backdoors are an essential part of targeted attacks, as they allow an external threat actor to exercise control over any compromised machines. These allow the threat actor to collect information and move laterally within the targeted organization. Our investigations into various targeted attacks have showed that a wide variety of tactics are used by backdoors to carry out... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fHW4IPov8YE/ *** IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM WebSphere Real Time *** --------------------------------------------- Java SE issues disclosed in the Oracle July 2014 Critical Patch Update, plus 1 additional vulnerability CVE(s): CVE-2014-3086, CVE-2014-4227, CVE-2014-4262, CVE-2014-4219, CVE-2014-4209, CVE-2014-4220, CVE-2014-4268, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4265, CVE-2014-4221, CVE-2014-4263, CVE-2014-4244 and CVE-2014-4208 Affected product(s) and affected version(s): IBM WebSphere Real Time Version 3 Service Refresh 7 and earlier Refer to the following reference URLs for --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat in Rational DOORS Web Access *** --------------------------------------------- The Apache Tomcat application server in installations of IBM Rational DOORS Web Access version contains security vulnerabilities. CVE(s): CVE-2013-4322, CVE-2013-4590, CVE-2014-0096, CVE-2014-0099 and CVE-2014-0119 Affected product(s) and affected version(s): Rational DOORS Web Access version 9.6.0.x, 9.5.2.x, 9.5.1.x, 9.5.0.x, 1.5.0.x, 1.4.0.4 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Freitag 1-08-2014
by Daily end-of-shift report 01 Aug '14

01 Aug '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 31-07-2014 18:00 − Freitag 01-08-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Russian ransomware author takes the easy route *** --------------------------------------------- Symantec Security Response has observed a new variant of ransomcrypt malware which is easy to update and uses open source components to encrypt files. The variant, detected as Trojan.Ransomcrypt.L, uses a legitimate open source implementation of the OpenPGP standard to encrypt files on the victim’s computer. The threat then displays a ransom notice in Russian, asking the user to pay in order to unlock the files. --------------------------------------------- http://www.symantec.com/connect/blogs/russian-ransomware-author-takes-easy-… *** Announcing EMET 5.0 *** --------------------------------------------- Today, we are excited to announce the general availability of the Enhanced Mitigation Experience Toolkit (EMET) 5.0. As many of you already know, EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping detect and block exploitation techniques .. --------------------------------------------- http://blogs.technet.com/b/srd/archive/2014/07/31/announcing-emet-v5.aspx *** Backoff - Technical Analysis *** --------------------------------------------- As discussed in the an advisory published by US-CERT, Trustwave SpiderLabs has discovered a previously unidentified family of Point of Sale (PoS) malware. This blog post serves as a technical analysis of the Backoff malware family. While a number .. --------------------------------------------- http://blog.spiderlabs.com/2014/07/backoff-technical-analysis.html *** BadUSB: Wenn USB-Geräte böse werden *** --------------------------------------------- Wer die Firmware eines USB-Sticks kontrolliert, kann den zu einem perfekten Trojaner umfunktionieren. Deutsche Forscher zeigen, dass das komplett via Software möglich ist und sich damit ganz neue Infektions-Szenarien eröffnen. --------------------------------------------- http://www.heise.de/security/meldung/BadUSB-Wenn-USB-Geraete-boese-werden-2… *** Backups - The Forgotten Website Security Pillar *** --------------------------------------------- I travel a lot (a lot might actually be an understatement these days), but the travel always revolves around a couple common threads - namely website security education and awareness. In these travels, regardless of the community I am engaging with, there are always common questions .. --------------------------------------------- http://blog.sucuri.net/2014/07/backups-the-forgotten-website-security-pilla… *** The Severe Flaw Found in Certain File Locker Apps *** --------------------------------------------- Protecting data has always been one of the most important aspects of our digital life. Given the amount of activity done on smartphones, this is especially rings true for smartphones. While users may use the built-in privacy and security settings of their devices, others take it a step further and employ security .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/the-severe-flaw-… *** MediaWiki Input Validation Flaws Permit Cross-Site Scripting and Clickjacking Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1030660 *** Offensive Security reports of Symantec Endpoint Protection zero-day vulnerability (July 2014) *** --------------------------------------------- This Knowledge Base article will be updated as further information becomes available. Please subscribe to this document to receive update notifications automatically. To mitigate this issue while research is underway and solutions are being identified, uninstall or disable the sysplant driver. --------------------------------------------- http://www.symantec.com/business/support/index?page=content&id=TECH223338 *** Backdoor.Gates: Also Works for Windows *** --------------------------------------------- We have received reports about a Linux malware known as Backdoor.Gates. Analysis showed that this malware has the following features .. --------------------------------------------- http://www.f-secure.com/weblog/archives/00002728.html *** SubSTATION Server Telegyr 8979 Master Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for a Buffer Overflow Vulnerability in the SUBNET Solutions Inc (SUBNET), SubSTATION Server 2, Telegyr 8979 Master .. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-196-01 *** Yes, Hackers Could Build an iPhone Botnet - Thanks to Windows *** --------------------------------------------- A reminder to Apple and smug iPhone owners: Just because iOS has never been the victim of a widespread malware outbreak doesn't mean mass iPhone hacking isn't still possible. Now one group of security researchers plans .. --------------------------------------------- http://www.wired.com/2014/08/yes-hackers-could-build-an-iphone-botnetthanks… *** Citadel Malware Variant Allows Attackers Remote Access, Even After Removal *** --------------------------------------------- A new variant of the Citadel banking Trojan has been discovered where the attackers are using Windows remote shell commands to be enable Remote Desktop Protocol access, even if the malware is discovered and removed. --------------------------------------------- http://threatpost.com/citadel-malware-variant-allows-attackers-remote-acces…

1 0

Tageszusammenfassung - Donnerstag 31-07-2014
by Daily end-of-shift report 31 Jul '14

31 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 30-07-2014 18:00 − Donnerstag 31-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Innominate mGuard Unauthorized Leakage of System Data *** --------------------------------------------- Exploitation of this vulnerability could allow a remote unauthenticated user access to release configuration information. While this is a minor vulnerability, it represents a method for further network reconnaissance. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-189-02 *** How safe is your quantified self? Tracking, monitoring, and wearable tech *** --------------------------------------------- Self-tracking enthusiasts are generating a torrent of personal information through apps and devices. Is this data safe from prying eyes? --------------------------------------------- http://www.symantec.com/connect/blogs/how-safe-your-quantified-self-trackin… *** Why the Security of USB Is Fundamentally Broken *** --------------------------------------------- Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the .. --------------------------------------------- http://www.wired.com/2014/07/usb-security/ *** TA14-212A: Backoff Point-of-Sale Malware *** --------------------------------------------- “Backoff” is a family of PoS malware and has been discovered recently. The malware family has been witnessed on at least three separate forensic investigations. Researchers have identified three primary variants to the “Backoff” malware including .. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA14-212A *** Takedowns: Touchdown or Turnover? *** --------------------------------------------- Over the last several months malware takedowns have made headlines. But what is really involved in such an operation? The recent takedowns have been a collaborative effort mostly between the private sector and government entities, with academic researchers also playing a role. While some operations included arrests, and others included a civil lawsuit, .. --------------------------------------------- http://www.seculert.com/blog/2014/07/takedowns-touchdown-or-turnover.html *** 3 security mistakes small companies make and how to avoid them *** --------------------------------------------- Dedicated IT staff are a luxury most very small businesses do without but those organisations still need to find a way to secure their computers against cyber ciminals who arent looking to cut them a break just because they're small. --------------------------------------------- http://nakedsecurity.sophos.com/2014/07/31/3-security-mistakes-small-compan… *** How to Hunt Down Phishing Kits *** --------------------------------------------- Sites like phishtank and clean-mx act as crowdsourced phishing detection and validation. By knowing how to look, you can consistently find interesting information about how attackers work, and the tools they use to conduct phishing campaigns. This post will give an example of how phishing kits are used, how to find them, as well as show a case study into other .. --------------------------------------------- https://jordan-wright.github.io/blog/2014/07/30/how-to-hunt-down-phishing-k… *** Spy of the Tiger *** --------------------------------------------- A recent report documents a group of attackers known as 'PittyTiger' that appears to have been active since at least 2011; however, they may have been operating as far back as 2008. We have been monitoring the activities of this .. --------------------------------------------- http://www.fireeye.com/blog/technical/threat-intelligence/2014/07/spy-of-th… *** Angriff auf Videospiele-Hersteller: Hacker haben es auf Quellcode abgesehen *** --------------------------------------------- Die Hacker der "Threat Group 3279" sind seit Jahren aktiv und versuchen, Quellcode von Spielen zu stehlen und die Sicherheitsvorkehrungen der dazugehörigen DRM-Systeme zu knacken. Die Gruppe soll aus China stammen. --------------------------------------------- http://www.heise.de/security/meldung/Angriff-auf-Videospiele-Hersteller-Hac…

1 0

Tageszusammenfassung - Mittwoch 30-07-2014
by Daily end-of-shift report 30 Jul '14

30 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 29-07-2014 18:00 − Mittwoch 30-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** 22 Jump Street, Transformers Are Top Movie Lures for Summer *** --------------------------------------------- Summertime has become synonymous with blockbuster movies. Unfortunately, these movies have become a go-to social engineering lure used by cybercriminals. Just like in previous years, Trend Micro engineers searched for possible threats related to movies released during the summer. This year, 22 Jump Street was the top movie used for social .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/22-jump-street-t… *** Google Android Certificate Chain Validation Flaw Lets Applications Gain Elevated Privileges *** --------------------------------------------- The software does not properly validate an application's certificate chain. An application can supply a specially crafted application identity certificate to impersonate a privileged application and gain access to vendor-specific device administration extensions. --------------------------------------------- http://www.securitytracker.com/id/1030654 *** Erpressungs-Trojaner CTB-Locker verschlüsselt sicher und verwischt Spuren *** --------------------------------------------- Wenn man diesem Schädling zum Opfer fällt, gibt es wenig Hoffnung für die eigenen Daten. Diese sind mit State-of-the-Art-Verschlüsselung gesichert und der Trojaner kommuniziert nur verschlüsselt über das Tor-Netz mit seinen Kontrollservern. --------------------------------------------- http://www.heise.de/security/meldung/Erpressungs-Trojaner-CTB-Locker-versch… *** Symantec Endpoint Protection 0day *** --------------------------------------------- In a recent engagement, we had the opportunity to audit the Symantec Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise. --------------------------------------------- http://www.offensive-security.com/vulndev/symantec-endpoint-protection-0day/ *** Scan Shows Possible Heartbleed Fix Failures *** --------------------------------------------- Of more than 1,600 Global 2000 firms, only 3% of their public-facing servers have been fully and properly locked down from the Heartbleed vulnerability that was first revealed .. --------------------------------------------- http://www.darkreading.com/vulnerabilities---threats/vulnerability-manageme… *** Tor security advisory: "relay early" traffic confirmation attack *** --------------------------------------------- On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks. --------------------------------------------- https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-… *** Internet of Things: Kreditkartennummern und das Passwort 1234 *** --------------------------------------------- Hersteller von vernetzten Geräten gehen sorglos mit deren Sicherheit um. Kaputte Webinterfaces, überflüssige Kreditkarteninformationen und zu einfache Passwörter wie 1234 machen viele Geräte angreifbar. --------------------------------------------- http://www.golem.de/news/internet-of-things-kreditkartennummern-und-das-pas… *** Multiple vulnerabilities in Kunena Forum Extension for Joomla *** --------------------------------------------- http://www.securityfocus.com/archive/1/532933 http://www.securityfocus.com/archive/1/532932 *** Multiple vulnerabilities in SAP products *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/94932 http://xforce.iss.net/xforce/xfdb/94931 http://xforce.iss.net/xforce/xfdb/94930 http://xforce.iss.net/xforce/xfdb/94922 http://xforce.iss.net/xforce/xfdb/94923 http://xforce.iss.net/xforce/xfdb/94921

1 0

Tageszusammenfassung - Dienstag 29-07-2014
by Daily end-of-shift report 29 Jul '14

29 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 28-07-2014 18:00 − Dienstag 29-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Critroni/Onion - Newest Addition to Encrypting Ransomware *** --------------------------------------------- In my last blog post about a week ago, I talked about how Cryptolocker and the like are not dead and we will continue to see more of them in action. It's a successful 'business model' and I don't see it going away anytime soon. Not even a few days after my post a new encrypting ransomware emerged. This .. --------------------------------------------- http://www.webroot.com/blog/2014/07/25/critroni-new-encrypting-ransomware/ *** Interesting HTTP User Agent "chroot-apach0day", (Mon, Jul 28th) *** --------------------------------------------- Our reader Robin submitted the following detect: Ive got a site that was scanned this morning by a tool that left these entries in the logs: [HTTP_USER_AGENT] => chroot-apach0day .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18453 *** Cisco Prime Data Center Network Manager Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1030652 *** Hacker klauten Pläne für Israels Raketenschild "Iron Dome" *** --------------------------------------------- Bei einem Hackerangriff auf drei israelische Waffenschmieden sollen Hacker der chinesischen Regierung in den Jahren 2011 und 2012 haufenweise wichtige Daten zu dem Raketenabwehrsystem erbeutet haben. Die Angreifer sollen der Spezialeinheit 61398 angehören. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-klauten-Plaene-fuer-Israels-Rak… *** Android crypto blunder exposes users to highly privileged malware *** --------------------------------------------- The majority of devices running Google's Android operating system are susceptible to hacks that allow malicious apps to bypass a key security sandbox so they can steal user credentials, read e-mail, and access payment histories and other sensitive data, researchers have warned. --------------------------------------------- http://arstechnica.com/security/2014/07/android-crypto-blunder-exposes-user… *** Changes in the Asprox Botnet *** --------------------------------------------- In this blog post, we took a quick overview of Asprox's functions and saw the updates that it has made to its C&C code. With added RSA encryption, another C&C command, and updated messaging format, it does not look like Asprox will stop evolving. We will continue to monitor Asprox for any changes and will keep you updated. --------------------------------------------- https://blog.fortinet.com/Changes-in-the-Asprox-Botnet/ *** How Cybercrime Exploits Digital Certificates *** --------------------------------------------- Security experts recognize 2011 as the worst year for certification authorities. The number of successful attacks against major companies reported during the year has no precedent, many of them had serious consequences. --------------------------------------------- http://resources.infosecinstitute.com/cybercrime-exploits-digital-certifica… *** Security: Antivirenscanner machen Rechner unsicher *** --------------------------------------------- Ein Datenexperte hat sich aktuelle Virenscanner angesehen. Viele seien durch einfache Fehler angreifbar, meint er. Da sie tief ins System eingreifen, stellen sie eine besondere Gefahr dar - obwohl sie eigentlich schützen sollen. --------------------------------------------- http://www.golem.de/news/security-antivirenscanner-machen-rechner-unsicher-… *** Elasticsearch-Lücke verwandelt Amazon-Cloud-Server in DDoS-Zombies *** --------------------------------------------- Durch eine Sicherheitslücke in einer älteren Elasticsearch-Version können Angreifer beliebigen Schadcode ausführen. Das wird momentan dazu genutzt, Server in Amazons EC2-Cloud zu kapern und für DDoS-Angriffe zu missbrauchen. --------------------------------------------- http://www.heise.de/security/meldung/Elasticsearch-Luecke-verwandelt-Amazon… *** Multiple vulnerabilities in Oxwall 1.7.0 *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070156 http://cxsecurity.com/issue/WLB-2014070155

1 0

Tageszusammenfassung - Montag 28-07-2014
by Daily end-of-shift report 28 Jul '14

28 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 25-07-2014 18:00 − Montag 28-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Cisco WebEx Meetings Server Authenticated Encryption Vulnerability *** --------------------------------------------- A vulnerability in the user.php script of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cacti cross-site scripting *** --------------------------------------------- Cacti is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the Full Name field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting .. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/94862 *** Cisco WebEx Meetings Server OutlookAction Class Vulnerability *** --------------------------------------------- A vulnerability in the OutlookAction Class of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco WebEx Meetings Server Web Framework Vulnerability *** --------------------------------------------- A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability occurs because sensitive information is passed in a query string. An attacker could .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Service Drains Competitors' Online Ad Budget *** --------------------------------------------- The longer one lurks in the Internet underground, the more difficult it becomes to ignore the harsh reality that for nearly every legitimate online business there is a cybercrime-oriented anti-business. Case in point: Todays post looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors. --------------------------------------------- http://krebsonsecurity.com/2014/07/service-drains-competitors-online-ad-bud… *** Daimler: Mit eigener Hacker-Gruppe gegen Sicherheitslücken *** --------------------------------------------- Der Automobilhersteller Daimler beschäftigt eine fest angestellte Gruppe von Datenspezialisten, deren Aufgabe es ist, das eigene Firmennetzwerk zu attackieren. So sollen Sicherheitslücken schneller aufgespürt werden. --------------------------------------------- http://www.golem.de/news/daimler-mit-eigener-hacker-gruppe-gegen-sicherheit… *** Ubiquiti UbiFi Controller 2.4.5 Password Hash Disclosure *** --------------------------------------------- If remote logging is enabled on the UniFi controller, syslog messages are sent to a syslog server. Contained within the syslog messages is the admin password that is used by both the UniFi controller, and all managed Access Points. This CVE was .. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070146 *** Tails: Zero-Day im Invisible Internet Project *** --------------------------------------------- In der Linux-Distribution Tails befindet sich eine Sicherheitslücke, über die Nutzeridentitäten aufgedeckt werden können. Die Schwachstelle ist nicht in Tor, sondern im Invisible-Internet-Project-Netzwerk zu finden. --------------------------------------------- http://www.golem.de/news/tails-zero-day-im-invisible-internet-project-1407-… *** DANE disruptiv: Authentifizierte OpenPGP-Schlüssel im DNS *** --------------------------------------------- Pretty Good Privacy soll das DNS zur Schlüsselpropagierung nutzen. Auf der Liste der Entwickler der Internet Engineering Task Force (IETF) steht als nächstes die Zulassung eigenen Schlüsselmaterials. --------------------------------------------- http://www.heise.de/security/meldung/DANE-disruptiv-Authentifizierte-OpenPG… *** Behind the Android.OS.Koler distribution network *** --------------------------------------------- Android.OS.Koler.a a ransomware program that blocks the screen of an infected device and requests a ransom in order to unlock the device. An entire network of malicious porn sites linked to a traffic direction system that redirects the victim to different payloads targeting not only mobile devices but any other visitor. --------------------------------------------- https://securelist.com/blog/research/65189/behind-the-android-os-koler-dist… *** Dissecting the CVE-2013-2460 Java Exploit *** --------------------------------------------- In this vulnerability, code is able to get the references of some restricted classes which are cleverly used for privilege escalation and bypassing the JVM sandbox. The vulnerable 'invoke' method of the 'sun.tracing.ProviderSkeleton' class is used to .. --------------------------------------------- http://research.zscaler.com/2014/07/dissecting-cve-2013-2460-java-exploit.h… *** Anatomy of an iTunes phish - tips to avoid getting caught out *** --------------------------------------------- Even if youd back yourself to spot a phish every time, heres a step-by-step account that might help to save your friends and family in the future... --------------------------------------------- http://nakedsecurity.sophos.com/2014/07/28/anatomy-of-an-itunes-phish-tips-… *** ICS 3C - ICS Cybersecurity Council Conference *** --------------------------------------------- ICS 3C gathers experts and decision makers placing Cybersecurity at the heart of a Pan-European Dialogue on solutions for securing critical processes. --------------------------------------------- http://www.anapur.de/u_e_ICS_Cybersecurity_Conference_2014_HD.htm *** Trojaner: Warnungen vor gefälschten Ikea-Mails *** --------------------------------------------- Schon mehrere tausend Funde, E-Mails sind "täuschend echt" .. --------------------------------------------- http://derstandard.at/2000003626539 *** Malware, Would You Install it for One Cent? *** --------------------------------------------- A research study report entitled It's All About The Benjamins: An empirical study on incentivizing users to ignore security .. --------------------------------------------- http://www.seculert.com/blog/2014/07/would-you-install-potential-malware-fo…

1 0

Tageszusammenfassung - Freitag 25-07-2014
by Daily end-of-shift report 25 Jul '14

25 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 24-07-2014 18:00 − Freitag 25-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** More Details of Onion/Critroni Crypto Ransomware Emerge *** --------------------------------------------- New ransomware has been dubbed Onion by researchers at Kaspersky Lab as its creators use command and control servers hidden in the Tor Network (a/k/a The Onion Router) to obscure their malicious activity. --------------------------------------------- http://threatpost.com/onion-ransomware-demands-bitcoins-uses-tor-advanced-e… *** Kali 1.0.8 released with UEFI boot support, more info at http://www.kali.org/news/kali-1-0-8-released-uefi-boot-support/, (Fri, Jul 25th) *** --------------------------------------------- -- Bojan INFIGO IS (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18443&rss *** Gefährlicher als die NSA: Firmen unterschätzen kriminelle Hacker *** --------------------------------------------- Allianz für Cyber-Sicherheit beim deutschen Bundesamt für Sicherheit in der Informationstechnik sieht größten Nachholbedarf in produzierenden Unternehmen --------------------------------------------- http://derstandard.at/2000003528513 *** TAILS Team Recommends Workarounds for Flaw in I2P *** --------------------------------------------- The developers of the TAILS operating system say that users can mitigate the severity of the critical vulnerability researchers discovered in the I2P software that's bundled with TAILS with a couple of workarounds, but there is no patch for the bug yet. The vulnerability that affects TAILS is in the I2P anonymity network software that comes... --------------------------------------------- http://threatpost.com/tails-team-recommends-workarounds-for-flaw-in-i2p/107… *** Fake GoogleBots are third most common DDoS attacker *** --------------------------------------------- An analysis of 400 million search engine visits to 10,000 sites done by Incapsula researchers has revealed details that might be interesting to web operators and SEO professionals. --------------------------------------------- http://www.net-security.org/secworld.php?id=17169 *** New SSL server rules go into effect Nov. 1 *** --------------------------------------------- Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks. --------------------------------------------- http://www.networkworld.com/article/2457649/security0/new-ssl-server-rules-… *** The App I Used to Break Into My Neighbor's Home *** --------------------------------------------- Leave your ring of cut-brass secrets unattended on your desk at work, at a bar table while you buy another round, or in a hotel room, and any stranger---or friend---can upload your keys to their online collection. --------------------------------------------- http://feeds.wired.com/c/35185/f/661467/s/3cdb9908/sc/36/l/0L0Swired0N0C20A… *** Attackers abusing Internet Explorer to enumerate software and detect security products *** --------------------------------------------- During the last few years we have seen an increase on the number of malicious actors using tricks and browser vulnerabilities to enumerate the software that is running on the victim's system using Internet Explorer.In this blog post we will describe some of the techniques that attackers are using to perform reconnaisance that gives them information for future attacks. We have also seen these techniques being used to decide whether or not they exploit the victim based on detected... --------------------------------------------- http://www.alienvault.com/open-threat-exchange/blog/attackers-abusing-inter… *** Building a Legal Botnet in the Cloud *** --------------------------------------------- Two researchers have built a botnet using free anonymous accounts. They only collected 1,000 accounts, but theres no reason this cant scale to much larger numbers.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/07/building_a_lega.html *** Bugtraq: Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14 *** --------------------------------------------- http://www.securityfocus.com/archive/1/532895 *** Morpho Itemiser 3 Hard-Coded Credential *** --------------------------------------------- This advisory provides vulnerability information for hard-coded credentials in the Morpho Itemiser 3. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-205-01 *** VU#394540: Sabre AirCentre Crew contains a SQL injection vulnerability *** --------------------------------------------- Vulnerability Note VU#394540 Sabre AirCentre Crew contains a SQL injection vulnerability Original Release date: 25 Jul 2014 | Last revised: 25 Jul 2014 Overview Sabre AirCentre Crew 2010.2.12.20008 and earlier contains a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Sabre AirCentre Crew 2010.2.12.20008 and earlier is vulnerable to a SQL Injection attack in the username and password fields in CWPLogin.aspx. --------------------------------------------- http://www.kb.cert.org/vuls/id/394540 *** Cisco Unified Presence Server Sync Agent Vulnerability *** --------------------------------------------- CVE-2014-3328 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability *** --------------------------------------------- CVE-2014-3305 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco WebEx Meetings Server Stack Trace Vulnerability *** --------------------------------------------- CVE-2014-3301 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily