Daily

daily@lists.cert.at

1 participants
3190 discussions

Tageszusammenfassung - Donnerstag 24-07-2014
by Daily end-of-shift report 24 Jul '14

24 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 23-07-2014 18:00 − Donnerstag 24-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** ZDI-14-264: (0Day) Apple QuickTime mvhd Atom Heap Memory Corruption Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-264/ *** ZDI-14-263: (0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 1091 Directory Traversal Arbitrary File Write Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-263/ *** ZDI-14-262: (0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 305 Directory Traversal Arbitrary File Creation Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-262/ *** [Honeypot Alert] Wordpress XML-RPC Brute Force Scanning *** --------------------------------------------- There are news reports of new Wordpress XML-PRC brute force attacks being seen in the wild. The SANS Internet Storm Center also has a Diary entry showing similar data. We have captured similar attacks in our web honeypots so we wanted to share more data with the community. Please reference earlier blog posts we have done related to Wordpress: Wordpress XML-RPC Pingback Vulnerability Analysis Defending Wordpress Logins from Brute Force Attacks Thanks goes to my SpiderLabs Research colleague --------------------------------------------- http://blog.spiderlabs.com/2014/07/honeypot-alert-wordpress-xml-rpc-brute-f… *** Smart Grid Attack Scenarios *** --------------------------------------------- This is the third (and last) in a series of posts looking at the threats surrounding smart grids and smart meters. In the first post, we introduced smart meters, smart grids, and showed why these can pose risks. In the second post, we looked at the risks of attacks on smart meters. In this post,... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6sRN65gV904/ *** Windows Previous Versions against ransomware, (Thu, Jul 24th) *** --------------------------------------------- One of the cool features that Microsoft actually added in Windows Vista is the ability to recover previous versions of files and folders. This is part of the VSS (Volume Shadow Copy Service) which allows automatic creation of backup copies on the system. Most users "virtually meet" this service when they are installing new software, when a restore point is created that allows a user to easily revert the operating system back to the original state, if something goes wrong. However, --------------------------------------------- https://isc.sans.edu/diary/Windows+Previous+Versions+against+ransomware/184… *** BMWs ConnectedDrive falls over, bosses blame upgrade snafu *** --------------------------------------------- Traffic flows up 20% as motorway middle lanes miraculously unclog BMWs ConnectedDrive car-to-mobe interface has suffered a UK-wide outage that may also affect customers in mainland Europe. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/24/bmw_connect… *** Dirty Dozen Spampionship - which country is spewing the most spam? *** --------------------------------------------- The World Cup may be done and dusted, but the Spampionship continues! Where did you come in our spam-sending league tables? --------------------------------------------- http://nakedsecurity.sophos.com/2014/07/22/dirty-dozen-spampionship-which-c… *** A new generation of ransomware *** --------------------------------------------- Trojan-Ransom.Win32.Onion a highly dangerous threat and one of the most technologically advanced encryptors out there. Its developers used both proven techniques 'tested' on its predecessors and solutions that are completely new for this class of malware. The use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server. --------------------------------------------- https://securelist.com/analysis/publications/64608/a-new-generation-of-rans… *** Bugcrowd Releases Open Source Vulnerability Disclosure Framework *** --------------------------------------------- The problems that come from doing security research on modern Web applications and other software aren't just challenging for researchers, but also for the companies on the receiving end of their advisories. Companies unaccustomed to dealing with researchers can find themselves in a difficult position, trying to figure out the clearest path forward. To help... --------------------------------------------- http://threatpost.com/bugcrowd-releases-open-source-vulnerability-disclosur… *** SA-CONTRIB-2014-072 - Freelinking, Freelinking Case Tracker - Access bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-072Project: freelinking (third-party module)Project: freelinking case tracker (third-party module)Version: 6.x, 7.xDate: 2014-July-23Security risk: CriticalExploitable from: RemoteVulnerability: Access bypassDescriptionThe freelinking and freelinking case tracker modules implement a filter for the easier creation of HTML links to other pages in the site or external sites with a wiki style format such as [[pluginname:identifier]].The module doesnt sufficiently... --------------------------------------------- https://www.drupal.org/node/2308503 *** Siemens OpenSSL Vulnerabilities (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-14-198-03 Siemens OpenSSL Vulnerabilities that was published July 17, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for vulnerabilities in the Siemens OpenSSL cryptographic software library affecting several Siemens industrial products. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-198-03A *** Sierra Wireless AirLink Raven X EV-DO Vulnerabilities (Update B) *** --------------------------------------------- This updated advisory is a follow-up to the advisory titled ICSA-14-007-01A Sierra Wireless AirLink Raven X EV-DO Multiple Vulnerabilities that was published January 16, 2014, on the NCCIC/ICS CERT web site. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-007-01B *** HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Cisco TelePresence Management Interface Vulnerability *** --------------------------------------------- CVE-2014-3324 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Bugtraq: Beginners error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account *** --------------------------------------------- Beginners error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account --------------------------------------------- http://www.securityfocus.com/archive/1/532875

1 0

Tageszusammenfassung - Mittwoch 23-07-2014
by Daily end-of-shift report 23 Jul '14

23 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 22-07-2014 18:00 − Mittwoch 23-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** DDoS attacks remain up, stronger in Q2, report says *** --------------------------------------------- Prolexics second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth. --------------------------------------------- http://www.scmagazine.com/ddos-attacks-remain-up-stronger-in-q2-report-says… *** De-obfuscating the DOM based JavaScript obfuscation found in EK's such as Fiesta and Rig *** --------------------------------------------- There is little doubt that exploit kit (EK) developers are continuing to improve their techniques and are making exploit kits harder to detect. They have heavily leveraged obfuscation techniques for JavaScript and are utilizing browser functionality to their advantage. Recent exploit kits such as "Fiesta" and "Rig" for example, have been found to be using DOM based JavaScript obfuscation. In... --------------------------------------------- http://research.zscaler.com/2014/07/de-obfuscating-dom-based-javascript.html *** Securing the Nest Thermostat *** --------------------------------------------- A group of hackers are using a vulnerability in the Nest thermostat to secure it against Nests remote data collection.... --------------------------------------------- https://www.schneier.com/blog/archives/2014/07/securing_the_ne.html *** WordPress brute force attack via wp.getUsersBlogs, (Tue, Jul 22nd) *** --------------------------------------------- Now that the XMLRPC "pingback" DDoS problem in WordPress is increasingly under control, the crooks now seem to try brute force password guessing attacks via the "wp.getUsersBlogs" method of xmlrpc.php. ISC reader Robert sent in some logs that show a massive distributed (> 3000 source IPs) attempt at guessing passwords on his Wordpress installation. The requests look like the one shown below and are posted into xmlrpc.php. Unfortunately, the web server responds with a --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18427&rss *** New Feature: "Live" SSH Brute Force Logs and New Kippo Client, (Wed, Jul 23rd) *** --------------------------------------------- We are announcing a new feature we have been working on for a while, that will display live statistics on passwords used by SSH brute forcing bots. In addition, we also updated our script that will allow you to contribute data to this effort. Right now, we are supporting the kippo honeypot to collect data. This script will submit usernames, passwords and the IP address of the attacker to our system. To download the script see https://isc.sans.edu/clients/kippo/kippodshield.pl . The script uses --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18433&rss *** Arbeit für Admins: Apache 2.4.10 stopft Sicherheitslücken *** --------------------------------------------- Für Administratoren von Webservern, die auf Apache 2.4.x laufen, heißt es updaten. Die Apache-Entwickler haben mit der neuesten Version der Software fünf Lücken geschlossen, eine davon erlaubt das Ausführen von Schadcode aus dem Netz. --------------------------------------------- http://www.heise.de/security/meldung/Arbeit-fuer-Admins-Apache-2-4-10-stopf… *** How Thieves Can Hack and Disable Your Home Alarm System *** --------------------------------------------- When it comes to the security of the Internet of Things, a lot of the attention has focused on the dangers of the connected toaster, fridge and thermostat. But a more insidious security threat lies with devices that aren't even on the internet: wireless home alarms. Two researchers say that top-selling home alarm setups can... --------------------------------------------- http://feeds.wired.com/c/35185/f/661467/s/3cc7d302/sc/15/l/0L0Swired0N0C20A… *** EU to Roll Out Cybercrime Taskforce *** --------------------------------------------- International Team Will Target Cross-Border Crime Campaigns The European Union is set to launch a trial run of an international cybercrime task force that will coordinate investigations across Europe, as well as with a handful of other countries, including Australia, Canada and the United States. --------------------------------------------- http://www.bankinfosecurity.com/eu-to-roll-out-cybercrime-taskforce-a-7093 *** The psychology of phishing *** --------------------------------------------- Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients. --------------------------------------------- http://www.net-security.org/article.php?id=2078 *** Just Released - The Phishing Planning Kit *** --------------------------------------------- One of the biggest challenges with an effective phishing program is not the technology you use, but how you communicate and implement your phishing program. To assist you in getting the most out of your phishing program we have put together the Phishing Planning Kit. Based on the feedback and input of numerous security awareness officers, this kit... --------------------------------------------- http://www.securingthehuman.org/blog/2014/07/22/phishing-planning-kit *** Facebook Scam Leads to Nuclear Exploit Kit *** --------------------------------------------- Attackers have become more aggressive and are now using Facebook scams to lead to exploit kits so they can control a user's system. --------------------------------------------- http://www.symantec.com/connect/blogs/facebook-scam-leads-nuclear-exploit-k… *** Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability *** --------------------------------------------- CVE-2014-3322 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting *** --------------------------------------------- Topic: SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting Risk: Low Text:I. VULNERABILITY - Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 II. BACKGROUND ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070121 *** Barracuda Networks Spam And Virus Firewall 6.0.2 XSS *** --------------------------------------------- Topic: Barracuda Networks Spam And Virus Firewall 6.0.2 XSS Risk: Low Text:Document Title: Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability Re... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070118 *** Security Notice-Statement on the XSS Security Vulnerability in Huawei E355 *** --------------------------------------------- Jul 23, 2014 17:37 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices… *** SSA-214365 (Last Update 2014-07-23): Vulnerabilities in SIMATIC WinCC *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** Omron NS Series HMI Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for multiple vulnerabilities in Omron Corporation's NS series human-machine interface (HMI) terminals. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-203-01 *** Honeywell FALCON XLWeb Controllers Vulnerabilities *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on June 24, 2014, and is being released to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for vulnerabilities in Honeywell FALCON XLWeb controllers. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-175-01 *** HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Network Vitalization. The vulnerability could be exploited remotely to allow execution of code and disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…

1 0

Tageszusammenfassung - Dienstag 22-07-2014
by Daily end-of-shift report 22 Jul '14

22 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 21-07-2014 18:00 − Dienstag 22-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Retefe Bankentrojaner *** --------------------------------------------- Die meisten [...] Bankentrojaner basieren auf technisch betrachtet ziemlich komplexen Softwarekomponenten: Verschlüsselte Konfigurationen, Man-in-the-Browser-Funktionalität, Persistenz- und Updatemechanismen, um einige zu nennen. Im letzten halben Jahr hat sich eine gänzlich neue Variante behauptet, welche erst im Februar 2014 einen Namen erhielt: Retefe. --------------------------------------------- http://securityblog.switch.ch/2014/07/22/retefe-bankentrojaner/ *** IBM Fixes Code Execution, Cookie-Stealing Vulnerabilities in Switches *** --------------------------------------------- IBM recently patched a handful of vulnerabilities in some of its KVM switches that if exploited, could have given an attacker free reign over any system attached to it. --------------------------------------------- http://threatpost.com/ibm-fixes-code-execution-cookie-stealing-vulnerabilit… *** Mobile App Wall of Shame: CNN App for iPhone *** --------------------------------------------- The CNN App for iPhone is one of the most popular news applications available for the iPhone. At present, it is sitting at #2 in the iTunes free News app category and #165 among all free apps. Along with providing news stories, alerts and live video, it also includes iReport functionality, allowing... --------------------------------------------- http://research.zscaler.com/2014/07/cnn-app-for-iphone.html *** OWASP Zed Attack Proxy, (Mon, Jul 21st) *** --------------------------------------------- Affectionately know as ZAP the OWASP Zed Attack Proxy in an excellent web application testing tool. It finds its way into the hands of experienced penetration testers, newer security administrators, vulnerability assessors, as well as auditors and the curious. One of the reasons for its popularity is the ease of use and the extensive granular capability to examine transactions. While some may know ZAP as a fork or successor to the old Paros proxy,it is so much more. Roughly 20% of the code base... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18421&rss *** Old and Persistent Malware *** --------------------------------------------- User error is the best reason to explain why Excel spreadsheets infected with the Laroux macro virus have been published on the China Securities Regulatory Commission website (csrc.gov.cn). The commission regulates China's financial markets and provides an online law library on their website where visitors can download various files and texts. Two of the files available in the library contain the MSEXcel.Laroux virus. --------------------------------------------- https://blogs.cisco.com/security/old-and-persistent-malware/ *** FakeNet Malware Analysis *** --------------------------------------------- FakeNet is a tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware's network activity from within a safe environment. --------------------------------------------- http://www.ehacking.net/2014/07/fakenet-malware-analysis.html *** Cisco-Routerlücke: Der mysteriöse Vorab-Patch *** --------------------------------------------- Die kritische Sicherheitslücke, die neun Router und Kabelmodems von Cisco verwundbar für Angriffe aus dem Netz macht, ist bei deutschen Providern vor Jahren mit einem Update geschlossen worden. Allerdings bleibt unklar, warum Cisco den Fix erst jetzt öffentlich machte. --------------------------------------------- http://www.heise.de/security/meldung/Cisco-Routerluecke-Der-mysterioese-Vor… *** App "telemetry", (Tue, Jul 22nd) *** --------------------------------------------- ISC reader James had just installed "Foxit Reader" on his iPhone, and had answered "NO" to the "In order to help us improve Foxit Mobile PDF, we would like to collect anonymous usage data..." question, when he noticed his phone talking to China anyway. The connected-to site was alog.umeng.com, 211.151.151.7. Umeng is an "application telemetry" and online advertising company. Below is what was sent (some of the ids are masked or have been obfuscated) I --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18425&rss *** Massive Malware Infection Breaking WordPress Sites *** --------------------------------------------- The last few days has brought about a massive influx of broken WordPress websites. What makes it so unique is that the malicious payload is being blindly injected which is causing websites to break. While we're still researching, we do want to share share some observations: This infection is aimed at websites built on the... --------------------------------------------- http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.h… *** Privacy Badger Extension Blocks Tracking Through Social Icons *** --------------------------------------------- Online tracking has been a thorny problem for years, and as Web security companies, browser vendors and users have become more aware of the problem and smarter about how to defend themselves, ad companies and trackers have responded in kind. The advent of social networks has made it far easier for tracking companies to monitor user behavior across... --------------------------------------------- http://threatpost.com/privacy-badger-extension-blocks-tracking-through-soci… *** [webapps] - MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities *** --------------------------------------------- http://www.exploit-db.com/exploits/34128 *** Apache Multiple Flaws Let Remote Users Deny Service or Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1030615 *** Tenable Nessus Access Control Flaw in Web UI Lets Remote Users Obtain Potentially Sensitive Information *** --------------------------------------------- http://www.securitytracker.com/id/1030614 *** Apache Scoreboard / Status Race Condition *** --------------------------------------------- Topic: Apache Scoreboard / Status Race Condition Risk: Medium Text:Hi there, --[ 0. Sparse summary Race condition between updating ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070114 *** HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Autonomy IDOL. The vulnerability could be exploited to allow remote unauthorized access and disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Moodle rubric/advanced grading cross-site scripting *** --------------------------------------------- Moodle rubric/advanced grading cross-site scripting --------------------------------------------- http://xforce.iss.net/xforce/xfdb/94724 *** OleumTech WIO Family Vulnerabilities *** --------------------------------------------- Security researchers Lucas Apa and Carlos Mario Penagos Hollman of IOActive have identified multiple vulnerabilities in OleumTech's WIO family including the sensors and the DH2 data collector. The researchers have coordinated the vulnerability details with NCCIC/ICS-CERT and OleumTech in hopes the vendor would develop security patches to resolve these vulnerabilities. While ICS-CERT has had many discussions with both OleumTech and IOActive this past year, there has not been consensus... --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01 *** Bugtraq: Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080 *** --------------------------------------------- http://www.securityfocus.com/archive/1/532857

1 0

Tageszusammenfassung - Montag 21-07-2014
by Daily end-of-shift report 21 Jul '14

21 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 18-07-2014 18:00 − Montag 21-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** The Little Signature That Could: The Curious Case of CZ Solution *** --------------------------------------------- Malware authors are always looking for new ways to masquerade their actions. Attackers are looking for their malware to be not only fully undetectable, but also appear valid on a system, so as not to draw attention. Digital signatures are... --------------------------------------------- http://www.fireeye.com/blog/technical/2014/07/the-little-signature-that-cou… *** Keeping the RATs out: the trap is sprung - Part 3, (Sat, Jul 19th) *** --------------------------------------------- As we bring out three part series on RAT tools suffered upon our friends at Hazrat Supply we must visit the centerpiece of it all. The big dog in this fight is indeed the bybtt.cc3 file (Jake suspected this), Backdoor:Win32/Zegost.B. The file is unquestionably a PEDLL but renamed a .cc3 to hide on system like a CueCards Professional database file. Based on the TrendMicro writeup on this family, the backdoor drops four files, including %Program Files%\%SESSIONNAME%\{random characters}.cc3 This... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18415&rss *** Top 10 Common Database Security Issues *** --------------------------------------------- Introduction The database typically contains the crown jewels of any environment; it usually holds the most business sensitive information which is why it is a high priority target for any attacker. The purpose of this post is to create awareness among database administrators and security managers about some of the areas on which it is important to focus on when implementing a new database or hardening the security of an existing one. --------------------------------------------- https://www.nccgroup.com/en/blog/2014/07/top-10-common-database-security-is… *** Smart Meter Attack Scenarios *** --------------------------------------------- In our previous post, we looked at how smart meters were being introduced across multiple countries and regions, and why these devices pose security risks to their users. At their heart, a smart meter is simply... a computer. Let's look at our existing computers - whether they are PCs, smartphones, tablets, or embedded devices. Similarly, these... --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/smart-meter-atta… *** Angriffe auf Web-Server via Wordpress-Plugin MailPoet *** --------------------------------------------- Über eine kürzlich entdeckte Sicherheitslücke werden derzeit systematisch Server gekapert. Wer das Anfang Juli veröffentlichte Update noch nicht installiert hat, sollte das dringend nachholen. --------------------------------------------- http://www.heise.de/security/meldung/Angriffe-auf-Web-Server-via-Wordpress-… *** Home router security to be tested in upcoming hacking contest *** --------------------------------------------- Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference. The contest is called SOHOpelessly Broken - a nod to the small office/home office space targeted by the products - and follows a growing number of large scale attacks this year against routers and other home embedded systems. --------------------------------------------- http://www.cio.com/article/2455981/home-router-security-to-be-tested-in-upc… *** Sicherheitsforscher weist auf "Hintertüren" in iOS hin *** --------------------------------------------- Undokumentierte Systemdienste in iOS machen Angreifern das Auslesen von Nutzerdaten leicht, wenn das iPhone oder iPad mit einem Desktop-Computer lokal gepairt wurde, erklärt Jonathan Zdziarski - und hofft auf Antwort von Apple. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsforscher-weist-auf-Hintertu… *** Call for last-minute papers for VB2014 announced *** --------------------------------------------- Seven speaking slots waiting to be filled with presentations on hot security topics. --------------------------------------------- http://www.virusbtn.com/news/2014/07_21.xml?rss *** Heartbleed bedroht kritische Industrie-Kontrollsysteme *** --------------------------------------------- Über drei Monate nach Bekanntwerden der massiven Sicherheitslücke sind immer noch zahlreiche Systeme von Siemens ungeschützt. --------------------------------------------- http://futurezone.at/digital-life/heartbleed-bedroht-kritische-industrie-ko… *** VMSA-2014-0006.8 *** --------------------------------------------- VMware product updates address OpenSSL security vulnerabilities --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0006.html *** EMC RecoverPoint Internal Firewall Ruleset Error Lets Remote Users Bypass the Firewall *** --------------------------------------------- http://www.securitytracker.com/id/1030608 *** DSA-2981 polarssl *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-2981 *** DSA-2982 ruby-activerecord-3.2 *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-2982 *** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** VU#688812: Huawei E355 contains a stored cross-site scripting vulnerability *** --------------------------------------------- Vulnerability Note VU#688812 Huawei E355 contains a stored cross-site scripting vulnerability Original Release date: 21 Jul 2014 | Last revised: 21 Jul 2014 Overview The Huawei E355 built-in web interface contains a stored cross-site scripting vulnerability. Description Huawei E355 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to receive SMS messages using the connected cellular network.CWE-79: Improper... --------------------------------------------- http://www.kb.cert.org/vuls/id/688812 *** Bugtraq: CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs. *** --------------------------------------------- Vendor: Elasticsearch Product: Logstash CVE: CVE-2014-4326 Affected versions: Logstash 1.0.14 through 1.4.1 --------------------------------------------- http://www.securityfocus.com/archive/1/532841

1 0

Tageszusammenfassung - Freitag 18-07-2014
by Daily end-of-shift report 18 Jul '14

18 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 17-07-2014 18:00 − Freitag 18-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** SQL Injection Vulnerability - vBulletin 5.x *** --------------------------------------------- The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member list page. Every vBulletin user needs to upgrade to the latest version asap. vBulletin is a very popular forum sofware used on more than .. --------------------------------------------- http://blog.sucuri.net/2014/07/sql-injection-on-vbulletin-5-x.html *** Siemens OpenSSL Vulnerabilities *** --------------------------------------------- Siemens has identified four vulnerabilities in its OpenSSL cryptographic software library affecting several Siemens industrial products. Updates are available for APE 2.0.2 and WinCC OA (PVSS). The ROX 1, ROX 2, S7-1500, and CP1543-1 products do not have a patch at this time; however, Siemens has made mitigation recommendations. Siemens is continuing to work on patching these vulnerabilities. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-198-03 *** Cogent DataHub Code Injection Vulnerability *** --------------------------------------------- NCCIC/ICS-CERT has become aware of a code injection vulnerability affecting the Cogent DataHub application produced by Cogent Real-Time Systems, Inc. (hereafter referred to as Cogent). Security researcher John Leitch reported this vulnerability to the Zero Day Initiative (ZDI), who then reported it directly to Cogent. Successful exploitation of this vulnerability could allow remote execution of arbitrary code. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-198-01 *** Advantech WebAccess Vulnerabilities *** --------------------------------------------- NCCIC/ICS-CERT received a report from the Zero Day Initiative (ZDI) concerning vulnerabilities affecting the Advantech WebAccess application. These vulnerabilities were reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others. Advantech has produced an updated software version that mitigates these vulnerabilities. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-198-02 *** Mitigating UAF Exploits with Delay Free for Internet Explorer *** --------------------------------------------- After introducing the 'isolated heap' in June security patch for Internet Explorer, Microsoft has once again introduced several improvements in the July patch for Internet Explorer. The most interesting and smart improvement is one which we will call 'delay free.' This improvement is designed to mitigate Use After Free (UAF) vulnerability exploits .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/mitigating-uaf-e… *** DSA-2979 fail2ban *** --------------------------------------------- Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resulting in denial of service. --------------------------------------------- http://www.debian.org/security/2014/dsa-2979 *** Bugtraq: Microsoft MSN HBE - Blind SQL Injection Vulnerability *** --------------------------------------------- A boolean-based blind SQL Injection web vulnerability has been detected in the official MSN (habitos.be.msn.com) web application Service. The vulnerability allows remote attackers to inject own sql commands to compromise the affected .. --------------------------------------------- http://www.securityfocus.com/archive/1/532830 *** Critroni Crypto Ransomware Seen Using Tor for Command and Control *** --------------------------------------------- There's a new kid on the crypto ransomware block, known as Critroni, that's been sold in underground forums for the last month or so and is now being dropped by the Angler exploit kit. The ransomware includes a number of unusual features and researchers say .. --------------------------------------------- http://threatpost.com/critroni-crypto-ransomware-seen-using-tor-for-command… *** LibreSSL: Linuxer und OpenBSDler raufen sich zusammen *** --------------------------------------------- Anhand der Probleme bei der Portierung von LibreSSL auf andere Plattformen wie Linux kann man erkennen, wie aus OpenSSL so ein Security-Alptraum werden konnte. Und der ist noch längst nicht vorbei. --------------------------------------------- http://www.heise.de/security/meldung/LibreSSL-Linuxer-und-OpenBSDler-raufen…

1 0

Tageszusammenfassung - Donnerstag 17-07-2014
by Daily end-of-shift report 17 Jul '14

17 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-07-2014 18:00 − Donnerstag 17-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Kritische Sicherheitslücke gefährdet Router und Modems von Cisco *** --------------------------------------------- Neun Consumer-Router und Kabelmodems von Cisco sind anfällig für eine kritische Lücke, die es Angreifern aus dem Netz ermöglicht, das Gerät zu kapern. Auch deutsche Provider setzten die betroffenen Modelle ein. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Sicherheitsluecke-gefaehrdet… *** Cisco Wireless Residential Gateway Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscos… *** Cisco Cable Modem Buffer Overflow Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A remote user can send a specially crafted HTTP request to the target device to trigger a buffer overflow and execute arbitrary code on the target system. --------------------------------------------- http://www.securitytracker.com/id/1030598 *** Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- The specific flaw exists within the updating of mod_status. A race condition in mod_status allows an attacker to disclose information or corrupt memory with several requests to endpoints with handler server-status and other endpoints. By abusing this flaw, an attacker can possibly disclose credentials or leverage this situation to achieve remote code execution. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-236/ *** Zusatzinformationen zum Interview im Standard *** --------------------------------------------- Zusatzinformationen zum Interview im Standard16. Juli 2014Wir freuen uns (fast) immer, wenn wir in Medien zitiert werden, und wir damit eine deutlich breitere Masse erreichen, als nur über unsere direkten Kanäle (Webseite, RSS, Mail, Twitter).Nur: Interviews müssen meist recht schnell gehen, Journalisten arbeiten täglich mit harten Deadlines und auf Papier gibt es beschränkten Platz und keine Hyperlinks.Daher will ich hier ein bisschen Kontext zum Interview geben, das .. --------------------------------------------- http://www.cert.at/services/blog/20140716101643-1199.html *** SA-CORE-2014-003 - Drupal core - Multiple vulnerabilities *** --------------------------------------------- Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. (Denial of Service, Cross Site Scripting, Access Bypass) --------------------------------------------- https://www.drupal.org/SA-CORE-2014-003 *** SA-CONTRIB-2014-071 - FileField - Access bypass *** --------------------------------------------- A vulnerability was discovered in the FileField third-party module that could allow attackers to gain access to private files. --------------------------------------------- https://www.drupal.org/node/2304561 *** Kaum eingeführt, schon umgestellt: Apple verbessert iCloud-Mail-Verschlüsselung *** --------------------------------------------- Nur wenige Tage nach der Einführung einer Transportverschlüsselung für Apples iCloud-Mail-Dienste bessert der Konzern nach. Zumindest einige Server genügen jetzt aktuellen Anforderungen an gute Verschlüsselung. --------------------------------------------- http://www.heise.de/security/meldung/Kaum-eingefuehrt-schon-umgestellt-Appl… *** Pushdo Trojan outbreak: 11 THOUSAND systems infected in just 24 hours *** --------------------------------------------- A wave of attacks by cybercrooks pushing a new variant of the resilient Pushdo Trojan has compromised more than 11,000 systems in just 24 hours. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/17/pushdo_troj… *** Paper: Mayhem - a hidden threat for *nix web servers *** --------------------------------------------- New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system. --------------------------------------------- http://www.virusbtn.com/news/2014/07_17.xml *** Havex, It's Down With OPC *** --------------------------------------------- FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as 'Fertger' or 'PEACEPIPE'), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in .. --------------------------------------------- http://www.fireeye.com/blog/technical/targeted-attack/2014/07/havex-its-dow…

1 0

Tageszusammenfassung - Mittwoch 16-07-2014
by Daily end-of-shift report 16 Jul '14

16 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 15-07-2014 18:00 − Mittwoch 16-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** SSL Black List Aims to Publicize Certificates Associated With Malware *** --------------------------------------------- Malware and botnet operators are always adapting their tactics, trying to stay a step or two ahead of defensive technologies and techniques. One of the methods many attackers have adopted is using SSL to communicate with the infected machines they control, and a researcher has started a new .. --------------------------------------------- http://threatpost.com/ssl-black-list-aims-to-publicize-certificates-associa… *** Early Review of LibreSSL Finds Problematic PRNG *** --------------------------------------------- A critical vulnerability was reported in the random number generator in LibreSSL, a fork of OpenSSL. LibreSSL preview versions were released this weekend. --------------------------------------------- http://threatpost.com/early-review-of-libressl-finds-problematic-prng/107239 *** Critical Patch Update - July 2014 *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html *** About Two Recently Patched IBM DB2 LUW Vulnerabilities *** --------------------------------------------- IBM recently released patches for three security vulnerabilities affecting various versions of DB2 for Linux, Unix and Windows. This post will explore some more technical details of two of these vulnerabilities (CVE-2014-0907 and CVE-2013-6744) to help database administrators assess the risk of .. --------------------------------------------- http://blog.spiderlabs.com/2014/07/about-two-ibm-db2-luw-vulnerabilities-pa… *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix .. --------------------------------------------- http://support.citrix.com/article/CTX140984 *** Elipse E3 Scada PLC Denial Of Service *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070083 *** [2014-07-16] Multiple SSRF vulnerabilities in Alfresco Community Edition *** --------------------------------------------- The Alfresco Community Edition Server is prone to multiple Server Side Request Forgery vulnerabilities allowing access to internal resources for an unauthenticated attacker. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** HP Data Protector, Remote Execution of Arbitrary Code *** --------------------------------------------- A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. --------------------------------------------- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDispl… *** [2014-07-16] Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client" *** --------------------------------------------- Remote attackers can execute arbitrary code and execute other attacks on computers with the OpenVPN Access Server "Desktop Client" installed. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-07-16] Multiple critical vulnerabilities in Bitdefender GravityZone *** --------------------------------------------- Attackers are able to completely compromise the Bitdefender GravityZone solution as they can gain system and database level access. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Schwachstelle in Symfony: W0rm hackt Cnet *** --------------------------------------------- Die russische Hackergruppe W0rm hat sich Zugang zu den Servern der Nachrichtenwebseite Cnet verschafft. Die Datenbank mit Benutzerdaten wollen die Hacker für einen symbolische Betrag von einem Bitcoin verkaufen. --------------------------------------------- http://www.golem.de/news/schwachstelle-in-symfony-w0rm-hackt-cnet-1407-1079… *** Common Misconceptions IT Admins Have on Targeted Attacks *** --------------------------------------------- In our efforts around addressing targeted attacks, we often work with IT administrators from different companies in dealing with threats against their network. During these collaborations, we've recognized certain misconceptions that IT administrators - or perhaps enterprises in general - have in terms of targeted attacks. I will cover some of them in this .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/common-misconcep…

1 0

Tageszusammenfassung - Dienstag 15-07-2014
by Daily end-of-shift report 15 Jul '14

15 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 14-07-2014 18:00 − Dienstag 15-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Introduction to Smart Meters *** --------------------------------------------- While wearable personal technology may be the most 'public' face of the Internet of Everything, the most widespread use of it may be in smart meters. What is a smart meter, exactly? It's a meter for utilities (electricity, gas, or water) that records the consumption of the utility in question, and transmits it .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/introduction-to-… *** Disclosure: Insecure Nonce Generation in WPtouch *** --------------------------------------------- If you use the popular WPtouch plugin (5m+ downloads) on your WordPress website, you should update it immediately. During a routine audit for our WAF, we discovered a very dangerous vulnerability that could potentially allow a user with no administrative privileges, who was logged in .. --------------------------------------------- http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wpto… *** Five Year Old Phishing Campaign Unveiled *** --------------------------------------------- Details have been disclosed on a five-year-old phishing campaign where in attackers have pilfered victims's login credentials from Google, Yahoo, Facebook, Dropbox and Skype. --------------------------------------------- http://threatpost.com/five-year-old-phishing-campaign-unveiled/107197 *** OpenVPN PrivateTunnel ptservice privilege escalation *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/94482 *** HP StoreVirtual Bugs Let Remote Users Obtain Information and Remote Authenticated Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1030567 *** Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway, formerly known .. --------------------------------------------- http://support.citrix.com/article/CTX140863 *** iCloud-Mail-Versand jetzt auch verschlüsselt *** --------------------------------------------- Als einer der letzten grossen Mail-Provider hat Apple nun die Sicherung des Transports gegen einfaches Mitlesen eingeschaltet. Die eingesetzten Verfahren lassen allerdings viel zu wünschen übrig. --------------------------------------------- http://www.heise.de/security/meldung/iCloud-Mail-Versand-jetzt-auch-verschl… *** OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070078 *** Oracle zur Zukunft von Java 7 unter Windows XP *** --------------------------------------------- Java 7 wird bis frühestens April 2015 mit Security-Updates versorgt. Alle weiteren Releases der vorletzten Java-Version bis dahin werden auch weiterhin mit dem nicht mehr von Microsoft offiziell unterstützten Windows XP funktionieren. --------------------------------------------- http://www.heise.de/security/meldung/Oracle-zur-Zukunft-von-Java-7-unter-Wi… *** The 'Forbidden' Apple: App Stores and the Illusion of Control Part I *** --------------------------------------------- There is no doubt we truly live in an 'App Economy.' From personal to professional, we direct and live our lives through our smart phones. But while we enjoy the latest games, stream the latest content or catch up on our friends activities, few think .. --------------------------------------------- http://research.zscaler.com/2014/07/the-forbidden-apple-app-stores-and.html *** And the mice will 'Play': App Stores and the Illusion of Control Part II *** --------------------------------------------- In the last blog, we began analyzing what we've termed the vApp Dichotomy' of the App Economy - The fact that we are at least as much the consumed, as we are the consumer. Our goal was to analyze popular apps from Apple's App Store and Google Play to .. --------------------------------------------- http://research.zscaler.com/2014/07/and-mice-will-play-app-stores-and.html *** Project Zero: Google baut Internet-Sicherheitsteam auf *** --------------------------------------------- Mit Vollzeit-Entwicklern im Project Zero will Google, das Sicherheitsforschung bisher nur nebenbei betrieben hat, das Internet sicherer machen und politisch Verfolgten helfen. --------------------------------------------- http://www.golem.de/news/project-zero-google-baut-internet-sicherheitsteam-… *** New Kronos Banking Malware Advertised On Russian Forums *** --------------------------------------------- Researchers have spotted a new banking Trojan advertised for sale on Russian forums. Kronos promises features that help it evade detection and analysis, such as a Ring3 rootkit. --------------------------------------------- http://threatpost.com/new-kronos-banking-malware-advertised-on-russian-foru…

1 0

Tageszusammenfassung - Montag 14-07-2014
by Daily end-of-shift report 14 Jul '14

14 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 11-07-2014 18:00 − Montag 14-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Oracle to release 115 security patches *** --------------------------------------------- Oracle is planning to release 115 security patches for vulnerabilities affecting a wide array of its products, including its flagship database, Java SE, Fusion Middleware and business applications. The update includes fixes for 20 weaknesses in Java SE, all of which can be exploited by an attacker remotely, without the need for login credentials, .. --------------------------------------------- http://www.cio.com/article/2453362/oracle-to-release-115-security-patches.h… *** VU#917348: Datum Systems satellite modem devices contain multiple vulnerabilities *** --------------------------------------------- The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no credentials required, which allows open access to sensitive areas of the file system. A remote unauthenticated attacker may be able to gain full control of the device. --------------------------------------------- http://www.kb.cert.org/vuls/id/917348 *** Cisco ASA CIFS Share Enumeration Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the WebVPN Common Internet File System (CIFS) access function of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, remote attacker to trigger a reload of the affected device. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Juniper Junos Unspecified Command Line Interface Flaw Lets Local Users Gain Root Privileges *** --------------------------------------------- A local user on the command line interface can invoke certain combinations of commands to gain root privileges on the target system. --------------------------------------------- http://www.securitytracker.com/id/1030559 *** Dell Sonicwall Scrutinizer 11.01 Code Execution / SQL Injection *** --------------------------------------------- Dell Sonicwall Scrutinizer suffers from several SQL injections, many of which can end up with remote code execution. An attacker needs to be authenticated, but not as an administrator. However, that wouldn not stop anyone since there is also a privilege escalation vulnerability in that .. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070065 *** Schrack MICROCONTROL XSS / Disclosure / Weak Default Password *** --------------------------------------------- The Microcontrol emergency light system, distributed by Schrack Technik GmbH, is an autarchic emergency light system, which is configurable over a web interface. Through the vulnerabilities described in this advisory an attacker can reconfigure the whole emergency light system without authentication. Furthermore he can perform attacks.. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070067 *** 'Gameover' malware returns from the dead *** --------------------------------------------- In early June 2014, a internationally co-ordinated law enforcement effort against the criminals behind the infamous Gameover malware pretty much wiped out their botnet altogether. Bad news - it looks as though Gameover is back... --------------------------------------------- http://nakedsecurity.sophos.com/2014/07/13/gameover-malware-returns-from-th… *** Popular password protection programs p0wnable *** --------------------------------------------- LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword all flawed Researchers have detailed a series of quickly patched vulnerabilities in five popular password managers that could allow attackers to steal user credentials. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/14/popular_web… *** Beware Keyloggers at Hotel Business Centers *** --------------------------------------------- The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests. --------------------------------------------- http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-cent… *** The Internet of Things: How do you "on-board" devices?, (Mon, Jul 14th) *** --------------------------------------------- Certified pre-pw0ned devices are nothing new. We talked years ago about USB picture frames that came with malware pre-installed. But for the most part, the malware was added to the device accidentally, or for example by customers who later returned the device just to have it resold without adequately resetting/wiping the device. But more recently, more evidence emerged that .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18387&rss *** Verschlüsselung: LibreSSL wird flügge *** --------------------------------------------- Die Entwickler des OpenSSL-Forks LibreSSL haben die erste Version ihrer Software veröffentlicht, die andere Plattformen als OpenBSD unterstützt. Damit schickt sich die SSL-Bibliothek an, eine echte Alternative zum Heartbleed-geplagten OpenSSL zu werden. --------------------------------------------- http://www.heise.de/security/meldung/Verschluesselung-LibreSSL-wird-fluegge… *** Understanding Ransomware *** --------------------------------------------- Our Cyber Defence Operations team, led by David Cannings, has published a new whitepaper on understanding ransomware. It looks at the impact, evolution and defensive strategies that can be employed by organisations. While the paper is primarily focused on Microsoft Windows due to the historic .. --------------------------------------------- https://www.nccgroup.com/en/blog/2014/07/understanding-ransomware/ *** VU#204988: Kaseyas agent driver contains NULL pointer dereference *** --------------------------------------------- Kaseyas agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference. A local authenticated attacker may be able to crash the application, thereby causing a denial of service. Kaseya has .. --------------------------------------------- http://www.kb.cert.org/vuls/id/204988 *** WordPress Download Manager 2.6.8 Shell Upload *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070062 *** Shopizer 1.1.5 Code Execution / XSS / CSRF / Data Manipulation *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070066

1 0

Tageszusammenfassung - Freitag 11-07-2014
by Daily end-of-shift report 11 Jul '14

11 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 10-07-2014 18:00 − Freitag 11-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Finding the Clowns on the Syslog Carousel, (Thu, Jul 10th) *** --------------------------------------------- So often I see clients faithfully logging everything from the firewalls, routers and switches - taking terabytes of disk space to store it all. Sadly, the interaction after the logs are created is often simply to make sure that the partition doesnt fill up - either old logs are just deleted, or each month logs are burned to DVD and filed away. The comment I often get is that logs entries are complex, and that the sheer volume of information makes it impossible to make sense of it. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18373&rss *** Security Advisory 2982792 released, Certificate Trust List updated *** --------------------------------------------- Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With this update, most customers will be automatically protected against this issue and will not need to take any action. If you do not have automatic updates enabled, or if you are on Windows Server... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2014/07/10/security-advisory-298279… *** Weekly Metasploit Update: Another Meterpreter Evasion Option *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/07/10/weekly-me… *** Website Malware - Mobile Redirect to BaDoink Porn App *** --------------------------------------------- A few weeks ago we reported that we were seeing a huge increase in the number of web sites compromised with a hidden redirection to pornographic content. It was a very tricky injection, with the redirection happening only once per day per IP address and only if the visitor was using a mobile device... --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/pAisQqonxQM/website-malware-m… *** VU#712660: Raritian PX power distribution software is vulnerable to the cipher zero attack. *** --------------------------------------------- Vulnerability Note VU#712660 Raritian PX power distribution software is vulnerable to the cipher zero attack. Original Release date: 10 Jul 2014 | Last revised: 10 Jul 2014 Overview Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. Description CWE-287: Improper Authentication - --------------------------------------------- http://www.kb.cert.org/vuls/id/712660 *** Oracle Critical Patch Update - July 2014 - Pre-Release Announcement *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html *** Cisco ASA Filter and Inspect Overlap Denial of Service Vulnerability *** --------------------------------------------- CVE-2013-5567 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Adobe Flash: The most INSECURE program on a UK users PC *** --------------------------------------------- XML a weak spot, but nothings as dire as Adobe player Adobe Flash Player was the most insecure program installed on UK computer users PCs throughout the second quarter of 2014, according to stats from vulnerability management firm Secunia. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/10/secunia_pc_… *** Crooks Seek Revival of "Gameover Zeus" Botnet *** --------------------------------------------- Cybercrooks today began taking steps to resurrect the Gameover ZeuS botnet, a complex crime machine that has been blamed for the theft more than $100 million from banks, businesses and consumers worldwide. The revival attempt comes roughly five weeks after the FBI joined several nations, researchers and security firms in a global and thus far successful effort to eradicate it. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/yLU9-y_8J-k/ *** VMSA-2014-0006.7 *** --------------------------------------------- VMware product updates address OpenSSL security vulnerabilities --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0006.html *** DSA-2976 eglibc *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-2976 *** osCommerce 2.3.4 - Multiple vulnerabilities *** --------------------------------------------- Topic: osCommerce 2.3.4 - Multiple vulnerabilities Risk: Medium Text:#Title: osCommerce 2.3.4 - Multiple vulnerabilities #Date: 10.07.14 #Affected versions: => 2.3.4 (latest atm) #Vendor: oscom... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070059 *** C99 Shell Authentication Bypass via Backdoor *** --------------------------------------------- Topic: C99 Shell Authentication Bypass via Backdoor Risk: Medium Text:# Exploit Title: C99 Shell Authentication Bypass via Backdoor # Google Dork: inurl:c99.php # Date: June 23, 2014 # Exploit A... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070057 *** Exploit emerges for LZO algo hole *** --------------------------------------------- Take one Nyan Cat, add Firefox and hope your Linux distro has been patched Security Mouse security researcher Don A Bailey has showcased an exploit of the Lempel-Ziv-Oberhumer (LZ0) compression algorithm running in the Mplayer2 media player and says it could leave some Linuxes vulnerable to attack. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/11/firefox_lzo… *** Microsoft entzieht Indischer CA das Vertrauen *** --------------------------------------------- Als Konsequenz auf die missbräuchlich ausgestellten Google-Zertifikate hat Microsoft die betroffenen SubCAs auf die Sperrliste gesetzt. Darüber hinaus wurde das ganze Ausmaß des Zwischenfalls bekannt: Betroffen sind 45 Domains - auch von Yahoo. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-entzieht-Indischer-CA-das-Ve… *** Lack of Certificate Pinning Exposes Encrypted iOS Gmail App Communication *** --------------------------------------------- Google has failed to implement certificate pinning in its official iOS Gmail application, which could enable Man-in-the-Middle attacks exposing encrypted user communications. --------------------------------------------- http://threatpost.com/lack-of-certificate-pinning-exposes-encrypted-ios-gma…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily