=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 09-07-2014 18:00 − Donnerstag 10-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** MSRT July 2014 - Caphaw ***
---------------------------------------------
This month we added Win32/Caphaw and Win32/Bepush to the Malicious Software Removal Tool (MSRT). Caphaw is a malware family that can be used by criminals to gain access to your PC - the ultimate goal is to steal your financial or banking-related information. The graph below shows the number of machine encounters we have seen since September 2013. Figure 1: Caphaw encounters Caphaw can be installed on a PC via malicious links posted on Facebook, YouTube, and Skype. It can also spread through
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/07/08/msrt-july-2014-caphaw.as…
*** International Authorities Take Down Shylock Banking Malware ***
---------------------------------------------
Europol announced today that it, along with international law enforcement and industry partners, conducted a successful takedown of the infrastructure supporting the Shylock banking malware.
---------------------------------------------
http://threatpost.com/international-authorities-take-down-shylock-banking-m…
*** Certificate Errors in Office 365 Today, (Thu, Jul 10th) ***
---------------------------------------------
It looks like theres a mis-assignment of certificates today at Office 365. After login, the redirect to portal.office.com reports the following error: portal.office.com uses an invalid security certificate. The certificate is only valid for the following names: *.bing.com, *.platform.bing.com, bing.com, ieonline.microsoft.com, *.windowssearch.com, cn.ieonline.microsoft.com, *.origin.bing.com, *.mm.bing.net, *.api.bing.com, ecn.dev.virtualearth.net, *.cn.bing.net, *.cn.bing.com, *.ssl.bing.com,
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18371&rss
*** ZDI-14-224: (0Day) Embarcadero ER/Studio Data Architect TSVisualization ActiveX loadExtensionFactory Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Embarcadero ER/Studio Data Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-224/
*** SA-CONTRIB-2014-069 - Logintoboggan - Access Bypass and Cross Site Scripting (XSS) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-069Project: LoginToboggan (third-party module)Version: 7.xDate: 2014-July-09Security risk: Moderately criticalExploitable from: RemoteVulnerability: Cross Site Scripting, Access bypassDescriptionThis module enables you to customise the standard Drupal registration and login processes.Cross Site ScriptingThe module doesnt filter user-supplied information from the URL resulting in a reflected Cross Site Scripting (XSS) vulnerability.Access BypassThe module
---------------------------------------------
https://www.drupal.org/node/2300369
*** Cisco WebEx Meetings Client Vulnerabilities ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Cisco Unified Communications Manager DNA Vulnerabilities ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products ***
---------------------------------------------
cisco-sa-20140709-struts2
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Infoblox NetMRI Input Validation Flaw Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030541
*** [2014-07-10] Multiple critical vulnerabilities in Shopizer webshop ***
---------------------------------------------
The webshop software Shopizer is affected by multiple critical vulnerabilities. Attackers are able to completely compromise the system through arbitrary code execution or manipulate product prices or customer data.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
*** [2014-07-10] Multiple high risk vulnerabilities in Shopizer webshop ***
---------------------------------------------
The webshop software Shopizer is affected by multiple high risk vulnerabilities. Attackers are able to bypass authentication / authorization and access invoice data of other customers.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
*** [2014-07-10] Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system ***
---------------------------------------------
Unauthenticated attackers are able to reconfigure the Schrack MICROCONTROL emergency light system by accessing the file system via telnet or FTP. Furthermore a weak default password can be exploited.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
*** [2014-07-10] Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu ***
---------------------------------------------
The vulnerability in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu enables an attacker to extract all the configured passwords without authentication. The attacker can use the extracted passwords to access the WebVisu and control the system.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
*** Vulnerability in Citrix XenDesktop could result in unauthorized access to another users desktop ***
---------------------------------------------
Severity: High Description of Problem A vulnerability has been identified in Citrix XenDesktop that could result in a user gaining unauthorized interactive access to another user's desktop.
---------------------------------------------
http://support.citrix.com/article/CTX139591
*** HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP Cloud Service Automation. The vulnerability could be exploited to allow unauthorized access and disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Software Operation Orchestration. The vulnerabilities could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Vuln: PHP unserialize() Function Type Confusion Security Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/68237
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 08-07-2014 18:00 − Mittwoch 09-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** "Weaponized" exploit can steal sensitive user data on eBay, Tumblr, et al. ***
---------------------------------------------
Google and Twitter already patched against potent "Rosetta Flash" attack.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/B_J-82SKyS4/
*** Who owns your typo?, (Wed, Jul 9th) ***
---------------------------------------------
Heres one way how to get at sensitive data that seems to be making a comeback. Already in the olden days, it was popular with the crooks to register domain names that only differed by a typo from the name of a legitimate high traffic site. Googl.com, for example. The crooks would then run web pages with lots of advertisements on these domains, and live happily ever after from the ad revenue that the misdirected typo traffic alone brought their way. Google put a stop to this by registering, for
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18363&rss
*** Exploiting IoT technologies ***
---------------------------------------------
How many Internet of Things (IoT) devices do you have? From smart TVs to coffee machines, these devices are becoming more and more popular in both homes and offices. A team of researchers at NCC Group, led by technical director, Paul Vlissidis, conducted research into a number of IoT devices and looked at some of the ways that an attacker could exploit them. The team, which also consisted of Pete Beck and Felix Ingram, principal consultants, conducted a live demonstration which explored the
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/07/exploiting-iot-technologies/
*** Who inherits your IP address?, (Wed, Jul 9th) ***
---------------------------------------------
Somewhat similar to the typo squatting story earlier, the recent proliferation of cloud service usage by enterprises has led to a new problem. For a project at a community college, we needed a couple servers, and didnt want (or have the funds) to build them on-site. In view of the limited duration of the experiment, we decided to "rent" the boxes as IaaS (infrastructure as a service) devices from two "cloud" providers. So far, all went well. But when we brought the instances
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18365&rss
*** Yahoo Patches Bugs in Mail, Messenger, Flickr ***
---------------------------------------------
Yahoo recently fixed a trio of remotely exploitable vulnerabilities in its services that could have let attackers execute a handful of nefarious tricks.
---------------------------------------------
http://threatpost.com/yahoo-fixes-trio-of-bugs-in-mail-messenger-flickr/107…
*** Trojan:W32/Lecpetex: Bitcoin miner spreading via FB messages ***
---------------------------------------------
In early March this year, while investigating various threats as part of our Facebook malware cleanup effort, we ran across an interesting one that was spreading in zipped files attached to messages.The messages themselves were classic social engineering bait that lead the users to install the executable file in the attachment, which turned out to be a Bitcoin miner, which we identify as Trojan:W32/Lecpetex. Some of the more interesting details of our analysis are presented in our Lecpetex
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002725.html
*** Indien stellte falsche Google-Zertifikate aus ***
---------------------------------------------
Erneut kam es zu einem schwerwiegenden Zwischenfall bei einem Herausgeber von SSL-Zertifikaten: Die staatlich betriebene CA von Indien hat unter anderem Zertifikate für Google-Dienste herausgegeben. Diese eignen sich zum Ausspähen von SSL-Traffic.
---------------------------------------------
http://www.heise.de/security/meldung/Indien-stellte-falsche-Google-Zertifik…
*** DPAPI vulnerability allows intruders to decrypt personal data ***
---------------------------------------------
Passcape Software has discovered a DPAPI vulnerability that could potentially lead to unauthorized decryption of personal data and passwords of interactive domain users. The vulnerability is present in all Windows Server operating systems.
---------------------------------------------
http://www.net-security.org/secworld.php?id=17094
*** ATTACK of the Windows ZOMBIES on point-of-sale terminals ***
---------------------------------------------
Infosec bods infiltrate botnet, uncover crap password security Security watchers have spotted a fresh Windows-based botnet that attempts to hack into point-of-sale systems.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/09/botnet_brut…
*** Security updates available for Adobe Flash Player (APSB14-17) ***
---------------------------------------------
July 8, 2014
---------------------------------------------
http://blogs.adobe.com/psirt/?p=1108
*** MS14-JUL - Microsoft Security Bulletin Summary for July 2014 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-JUL
*** Assessing risk for the July 2014 security updates ***
---------------------------------------------
Today we released six security bulletins addressing 29 unique CVE's. Two bulletins have a maximum severity rating of Critical, three have maximum severity Important, and one is Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2014/07/08/assessing-risk-for-the-ju…
*** VMSA-2014-0006.6 ***
---------------------------------------------
VMware product updates address OpenSSL security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
*** Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability ***
---------------------------------------------
CVE-2014-3313
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Yokogawa Centum Buffer Overflow Vulnerability ***
---------------------------------------------
Advisory Document
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01
*** DSA-2974 php5 ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2974
*** DSA-2973 vlc ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2973
*** HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP Operations Analytics. The vulnerability could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** ABB Relion 650 Series OpenSSL Vulnerability (Update A) ***
---------------------------------------------
Advisory Document
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-126-01A
*** Cisco IOS Software and Cisco IOS XE Software NTP Access Group Vulnerability ***
---------------------------------------------
CVE-2014-3309
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-14:17.kmem ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532698
*** Juniper Security Bulletins ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10634&actp=RSShttp://kb.juniper.net/index?page=content&id=JSA10633&actp=RSShttp://kb.juniper.net/index?page=content&id=JSA10638&actp=RSShttp://kb.juniper.net/index?page=content&id=JSA10637&actp=RSShttp://kb.juniper.net/index?page=content&id=JSA10641&actp=RSShttp://kb.juniper.net/index?page=content&id=JSA10635&actp=RSShttp://kb.juniper.net/index?page=content&id=JSA10613&actp=RSShttp://kb.juniper.net/index?page=content&id=JSA10640&actp=RSS
*** IBM Security Bulletin: IBM InfoSphere Guardium System x/Flex Systems appliances are affected by vulnerabilities in OpenSSL ***
---------------------------------------------
IBM InfoSphere Guardium System x/Flex Systems appliances are affected by vulnerabilities in OpenSSL (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470) Security vulnerabilities have been discovered in OpenSSL. CVE(s): CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-5298 Affected product(s) and affected version(s): Hardware versions affected: InfoSphere Guardium Collector X1000 InfoSphere
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** IBM Security Bulletin: Rational Systems Tester is affected by Libxml2 vulnerability (CVE-2014-0191) ***
---------------------------------------------
Denial-Of-service vulnerability has been discovered in Libxml2 that was reported on May 09, 2014 CVE(s): CVE-2014-0191 Affected product(s) and affected version(s): Rational Systems Tester 3.3, 3.3.0.1, 3.3.0.2, 3.3.0.3, 3.3.0.4, 3.3.0.5, 3.3.0.6, 3.3.0.7 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21678183 X-Force Database: http://xforce.iss.net/xforce/xfdb/93092
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 07-07-2014 18:00 − Dienstag 08-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Multi Platform *Coin Miner Attacking Routers on Port 32764, (Mon, Jul 7th) ***
---------------------------------------------
Thanks to reader Gary for sending us in a sample of a *Coin miner that he found attacking Port 32764. Port 32764 was recently found to offer yet another backdoor on Sercomm equipped devices. We covered this backdoor before [1] The bot itself appears to be a variant of the "zollard" worm sean before by Symantec [2]. Symantecs writeup describes the worm as attacking a php-cgi vulnerability, not the Sercomm backdoor. But this worm has been seen using various exploits. Here some quick,...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18353&rss
*** When Adware Goes Bad: The Installbrain and Sefnit Connection ***
---------------------------------------------
"Monetize On Non-buyers" is the bold motto of InstallBrain-adware that turns out to have been developed by an Israeli company called iBario Ltd. This motto clearly summarizes the potential risks adware companies can introduce to users, especially when they install stuff on...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nRXcb4Udr5o/
*** IEEE expands malware initiatives ***
---------------------------------------------
Clearing-house for software metadata Standards body the IEEE has launched two new anti-malware initiatives designed to help software and security vendors spot malware thats been inserted into other software, and improve the performance of malware detection by cutting down on false positives.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/08/ieee_expand…
*** NTT Group 2014 Global Threat Intelligence Report ***
---------------------------------------------
The NTT Group 2014 Global Threat Intelligence Report (GTIR) emphasizes that the security basics, when done right, can be enough to mitigate and even avoid high-profile, costly data breaches altogether. Using statistics and real-world case studies, the report shows that combining threat avoidance and threat response capabilities into a strategic approach provides the best chance to reduce the impact of threats.
---------------------------------------------
http://www.solutionary.com/research/threat-reports/annual-threat-report/ntt…
*** Paper: VBA is not dead! ***
---------------------------------------------
Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate.
---------------------------------------------
http://www.virusbtn.com/news/2014/07_07.xml?rss
*** Android Vulnerability Allows Applications to Make Unauthorized Calls without Permissions ***
---------------------------------------------
A major vulnerability believed to be present in most versions of Android can allow a malicious Android applications on the Android app store to make phone calls on a user's device, even when they lack the necessary permissions. The critical vulnerability was identified and reported to Google Inc. late last year by researchers from German security firm Curesec. The researchers believe the...
---------------------------------------------
http://thehackernews.com/2014/07/android-vulnerability-allows.html
*** Google Android / eduroam-Zugangsdaten ***
---------------------------------------------
Bei mobilen Geräten mit Android-Betriebssystem ist die Default-Konfiguration für die Option CA-Zertifikat für WLAN-Verbindungen "keine Angabe". Konkret bedeutet dieses als normal dokumentierte Verhalten, dass die Prüfung der Zertifikatskette komplett deaktiviert ist, d.h. jedes beliebige Zertifikat wird ohne weitere Warnung akzeptiert. Erschwerend kommt hinzu,...
---------------------------------------------
https://www.dfn-cert.de/aktuell/Google-Android-Eduroam-Zugangsdaten.html
*** How not to tell your customers how much you care about their security ***
---------------------------------------------
Weve written before about "what not to do" when sending emails to your customers. Heres another example, with an explanation of why doing the right thing will be better for everyone - including your marketing team! - in the long run.
---------------------------------------------
http://nakedsecurity.sophos.com/2014/07/08/how-not-to-tell-your-customers-h…
*** Metadaten gegen Viren-Fehlerkennugen ***
---------------------------------------------
Die IEEE hat eine Datenbank für Metadaten von Binaries gestartet. Sie liefert Informationen, über die ein Virenscanner eindeutig feststellen kann, ob eine Datei gutartig ist.
---------------------------------------------
http://www.heise.de/security/meldung/Metadaten-gegen-Viren-Fehlerkennugen-2…
*** GKsu and VirtualBox Root Command Execution by Filename (CVE-2014-2943) ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbo…
*** Bugtraq: Backdoor access to Techboard/Syac devices ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532665
*** [remote] - Oracle Event Processing FileUploadServlet Arbitrary File Upload ***
---------------------------------------------
http://www.exploit-db.com/exploits/33989
*** Vuln: GitList CVE-2014-4511 Unspecified Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/68253
*** Security Advisory-Apache Struts2 vulnerability on Huawei multiple products ***
---------------------------------------------
Jul 07, 2014 21:09
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
*** Apple iTunes 11.2.2 Insecure Libraries ***
---------------------------------------------
Topic: Apple iTunes 11.2.2 Insecure Libraries Risk: High Text:Hi @ll, Apples current iTunes 11.2.2 for Windows comes with the following COMPLETELY outdated and vulnerable 3rd party libr...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070042
*** Apache Syncope Insecure Password Generation ***
---------------------------------------------
Topic: Apache Syncope Insecure Password Generation Risk: Medium Text:CVE-2014-3503: Insecure Random implementations used to generate passwords in Apache Syncope Severity: Major Vendor: The ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070039
*** Vuln: WordPress Easy Banners Plugin easy-banners.php Cross Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/68281
*** Vuln: WordPress Custom Banners Plugin options.php Cross Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/68279
*** TYPO3 CMS 4.5.35, 6.1.10 and 6.2.4 released ***
---------------------------------------------
The TYPO3 Community announces the versions 4.5.35, 6.1.10 and 6.2.4 of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes.
---------------------------------------------
https://typo3.org/news/article/typo3-cms-4535-6110-and-624-released/
*** HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 04-07-2014 18:00 − Montag 07-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Self-signing custom Android ROMs ***
---------------------------------------------
The security model on the Google Nexus devices is pretty straightforward. The OS is (nominally) secure and prevents anything from accessing the raw MTD devices. The bootloader will only allow the user to write to partitions if its unlocked. The recovery image will only permit you to install images that are signed with a trusted key. In combination, these facts mean that its impossible for an attacker to modify the OS image without unlocking the bootloader[1], and unlocking the bootloader wipes
---------------------------------------------
http://mjg59.dreamwidth.org/31765.html
*** Java Support ends for Windows XP, (Sat, Jul 5th) ***
---------------------------------------------
Oracle is no longer supporting Java for Windows XP and will only support Windows Vista or later. Java 8 is not supported for Windows XP and users will be unable to install on their systems. Oracle warns "Users may still continue to use Java 7 updates on Windows XP at their own risk" [1] [1] https://www.java.com/en/download/faq/winxp.xml [2] http://www.oracle.com/us/support/library/057419.pdfhttps://www.java.com/en/… ----------- Guy Bruneau IPSS Inc. gbruneau at
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18345&rss
*** Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager ***
---------------------------------------------
Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily to make the whole process very easy, there is a growing market out there for password managers and lockers with extra layers of security. But, if you are using the mobile version of most popular password manager from Password management company
---------------------------------------------
http://feedproxy.google.com/~r/TheHackersNews/~3/Ajpf8i6yTao/critical-vulne…
*** Zwei Patches schließen SQL-Injection-Lücken in Ruby on Rails ***
---------------------------------------------
Zwei recht ähnliche Lücken erlaubten SQL-Injections auf Websites, die auf Ruby on Rails 2.0.0 bis 3.1.18 sowie auf 4.x aufsetzen. In mehreren Anläufen haben die Rails-Entwickler die Lücken nun geschlossen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Zwei-Patches-schliessen-SQL-Injectio…
*** Malware Analysis with pedump, (Sat, Jul 5th) ***
---------------------------------------------
Are you looking for a tool to analyze Windows Portable Executable (PE) files? Consider using pedump a ruby win32 PE binary file analyzer. It currently support DOS MZ EXE, win16 NE and win32/64 PE. There are several ways to install the ruby package; however, the simplest way is to execute "gem install pedump" from a Linux workstation. You can also download the file here or use the pedump website to upload your file for analysis. This example shows the output from the pedump website.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18347&rss
*** Industrial Control System Firms In Dragonfly Attack Identified ***
---------------------------------------------
chicksdaddy (814965) writes Two of the three industrial control system (ICS) software companies that were victims of the so-called "Dragonfly" malware have been identified. ... Dale Peterson of the firm Digitalbond identified the vendors as MB Connect Line, a German maker of industrial routers and remote access appliances and eWon, a Belgian firm that makes virtual private network (VPN) software that is used to access industrial control devices like programmable logic controllers.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Jr0QiFtg7lc/story01.htm
*** Coinbase wallet app in SSL/TLS SNAFU ***
---------------------------------------------
The popular Bitcoin wallet Coinbase has a security flaw in its Android apps which could allow an attacker to steal authentication codes and access users accounts, according to a security researcher. Coinbase is far from alone in leaving its wallet app users vulnerable, so what should you do to stay safe when using mobile banking apps?
---------------------------------------------
http://feedproxy.google.com/~r/nakedsecurity/~3/GsgGIYu7TA0/
*** The Rise of Thin, Mini and Insert Skimmers ***
---------------------------------------------
Like most electronic gadgets these days, ATM skimmers are getting smaller and thinner, with extended battery life. Heres a look at several miniaturized fraud devices that were pulled from compromised cash machines at various ATMs in Europe so far this year.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/8s5hQ323oMY/
*** Fridge hacked. Car hacked. Next up, your LIGHT BULBS ***
---------------------------------------------
So shall you languish in darkness - or under disco-style strobes - FOREVER Those convinced that the emerging Internet of Things (IoT) will become a hackers playground were given more grist for their mill with news on Friday that security researchers have discovered a weakness in Wi-Fi/mesh networked lightbulbs.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/07/wifi_enable…
*** Anwälte: Falsche Filesharing-Abmahnung verbreitet massenhaft Malware ***
---------------------------------------------
Zwei bekannte Anwälte warnen vor gefälschten Abmahnungen wegen illegalen Musikdownloads. An den massenhaft verschickten E-Mails hängt eine Zip-Datei mit Schadcode.
---------------------------------------------
http://www.golem.de/news/anwaelte-falsche-filesharing-abmahnung-verbreitet-…
*** IBM Security Bulletin: Multiple vulnerabilities exist in IMS Enterprise Suite SOAP Gateway (CVE-2014-0453, CVE-2013-4286, CVE-2013-4322) ***
---------------------------------------------
The IMS Enterprise Suite SOAP Gateway is affected by multiple vulnerabilities in IBM SDK, Java Technology Edition (April Update) and Apache Tomcat. CVE(s): CVE-2014-0453, CVE-2013-4286 and CVE-2013-4322 Affected product(s) and affected version(s): CVE ID: CVE-2014-0453 The SOAP Gateway component of the IMS Enterprise Suite versions 2.1, 2.2, 3.1. CVE ID: CVE-2013-4286 CVE ID: CVE-2013-4322 The SOAP Gateway component of the IMS Enterprise Suite versions 2.2, 3.1.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** OpenSSL vulnerabilities in IBM Products ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…
*** RealPlayer MP4 Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030524
*** [webapps] - Netgear WNR1000v3 - Password Recovery Credential Disclosure Vulnerability ***
---------------------------------------------
http://www.exploit-db.com/exploits/33984
*** VU#960193: AVG Secure Search ActiveX control provides insecure methods ***
---------------------------------------------
Vulnerability Note VU#960193 AVG Secure Search ActiveX control provides insecure methods Original Release date: 07 Jul 2014 | Last revised: 07 Jul 2014 Overview The AVG Secure Search toolbar includes an ActiveX control that provides a number of unsafe methods, which may allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user. Description AVG Secure Search is a toolbar add-on for web browsers that "... provides an additional security layer while
---------------------------------------------
http://www.kb.cert.org/vuls/id/960193
*** Bugtraq: CVE-2014-3863 - Stored XSS in JChatSocial ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532662
*** WordPress Theme My Login for WordPress file include ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/94160
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 03-07-2014 18:00 − Freitag 04-07-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Cisco Intelligent Automation for Cloud Form Data Viewer information disclosure ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/94177
*** VU#143740: Netgear GS108PE Prosafe Plus Switch contains hard-coded login credentials ***
---------------------------------------------
Netgear GS108PE Prosafe Plus Switch contains hard-coded login credentials that can be used for authenticating to the web server running on the device. The username is ..
---------------------------------------------
http://www.kb.cert.org/vuls/id/143740
*** MS14-JUL - Microsoft Security Bulletin Advance Notification for July 2014 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-JUL
*** Phishing: iPhone 6 und iWatch als Lockmittel ***
---------------------------------------------
Angreifer nutzen derzeit die Aufmerksamkeit rund um zukünftige Apple-Produkte, um Nutzer auf eine gefälschte Apple-Webseite zu locken. Die Aufmachung der Mail erinnert an offizielle Apple-Mitteilungen.
---------------------------------------------
http://www.heise.de/security/meldung/Phishing-iPhone-6-und-iWatch-als-Lockm…
*** Security Bulletin: IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) Potential IPMI credentials Exposure (CVE-2014-0860) ***
---------------------------------------------
The administrative IPMI credentials for authenticating communications between the IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) are stored in plaintext within the AMM firmware binaries.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…
*** Dailymotion Compromised to Send Users to Exploit Kit ***
---------------------------------------------
Attackers made the popular video site redirect users to the Sweet Orange Exploit Kit. On June 28, the popular video sharing website Dailymotion was compromised to redirect users to the Sweet Orange Exploit Kit. This exploit kit takes advantage of vulnerabilities in Java, Internet Explorer, and Flash Player. If the ..
---------------------------------------------
http://www.symantec.com/connect/blogs/dailymotion-compromised-send-users-ex…
*** HP Universal Configuration Management Database Flaws Let Remote Users Obtain Information and Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030518
*** "Phishing wird vom seltenen Anlass zum Tagesgeschäft" ***
---------------------------------------------
Während immer mehr Phishing-Webseiten auftauchen, werden die angewandten Taktiken immer raffinierter. Opfer werden vermehrt persönlich angesprochen.
---------------------------------------------
http://futurezone.at/digital-life/phishing-wird-vom-seltenen-anlass-zum-tag…
*** Miniduke is back: Nemesis Gemina and the Botgen Studio ***
---------------------------------------------
In the wake of our publications from 2013, the Miniduke campaigns have stopped or at least decreased in intensity. However, in the beginning of 2014 they resumed attacks in full force, once again grabbing our attention. We believe its time to uncover more information on their operations.
---------------------------------------------
https://www.securelist.com/en/blog/208214341/Miniduke_is_back_Nemesis_Gemin…
*** phpinfo() Type Confusion Infoleak Vulnerability and SSL Private Keys ***
---------------------------------------------
In this post we will detail the phpinfo() type confusion vulnerability that we disclosed to PHP.net and show how it allows a PHP script to steal the private SSL key. We demonstrate this on a Ubuntu 12.04 LTS 32 bit default installation of PHP and mod_ssl. Unfortunately this kind of problem is not considered a security problem by PHP.net and therefore this security vulnerability does not have a CVE name assignet to it, yet.
---------------------------------------------
https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 02-07-2014 18:00 − Donnerstag 03-07-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Multiple Vulnerabilities in Cisco Unified Communications Domain Manager ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Analysis of a New Banking Trojan Spammed by Cutwail ***
---------------------------------------------
The Cutwail spambot has a long history of sending spam with attached malicious files such as Zbot, Blackhole Exploit Kit and Cryptolocker. Another trick in Cutwail's portfolio is to use links pointing to popular file hosting services. Over the past weeks, we have observed spam that claims to be an unpaid invoice from ..
---------------------------------------------
http://blog.spiderlabs.com/2014/07/analysis-of-a-banking-trojan-spammed-by-…
*** Simple Javascript Extortion Scheme Advertised via Bing, (Wed, Jul 2nd) ***
---------------------------------------------
Thanks to our reader Dan for spotting this one. As of today, a search for "Katie Matusik" on Bing will include the following result. The rank has been slowly rising during the day, and as of right now, it is the first link after the link to "Videos" Once a user clicks on the link, the user is redirected to ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18337&rss
*** Multiple vulnerabilities in third-party Drupal modules ***
---------------------------------------------
https://www.drupal.org/node/2296783https://www.drupal.org/node/2296511https://www.drupal.org/node/2296495
*** New Android Malware HijackRAT Attacks Mobile Banking Users ***
---------------------------------------------
Cybercriminals have rolled out a new malicious Android application that wraps different varieties of banking fraud trick into a single piece of advanced mobile malware.
---------------------------------------------
http://thehackernews.com/2014/07/new-android-malware-hijackrat-attacks.html
*** Exploring the Java vulnerability (CVE-2013-2465) used in the Fiesta EK ***
---------------------------------------------
While going through our daily analysis this month, we came across several Fiesta Exploit Kit attacks. Although this EK first emerged in August 2013, the authors have constantly updated their ..
---------------------------------------------
http://research.zscaler.com/2014/07/exploring-java-vulnerability-cve-2013.h…
*** Avast hielt Krypto-Messenger für Trojaner ***
---------------------------------------------
Wer angeblich mit dem Trojaner "Android:Banker-BW" infiziert ist, kann die Warnung unter Umständen getrost ignorieren. Der Avast-Virenscanner hat Moxie Marlinspikes Krypto-Messenger TextSecure fälschlicherweise als Malware eingestuft.
---------------------------------------------
http://www.heise.de/security/meldung/Avast-hielt-Krypto-Messenger-fuer-Troj…
*** Bugtraq: [security bulletin] HPSBMU03059 rev.1 - HP SiteScope, Remote Authentication Bypass ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532631
*** DynDNS-Dienst: Microsoft hat Domains an NoIP zurückgegeben ***
---------------------------------------------
Seit Tagen funktioniert der DynDNS-Dienst NoIP für viele Kunden nicht, weil Microsoft die Domains übertragen wurden und viele Anfragen ins Leere liefen. Nun hat Microsoft die Domains zurückgegeben und die Lage sollte sich normalisieren.
---------------------------------------------
http://www.heise.de/security/meldung/DynDNS-Dienst-Microsoft-hat-Domains-an…
*** VU#402020: Autodesk VRED contains an unauthenticated remote code execution vulnerability ***
---------------------------------------------
Improper Neutralization of Special Elements used in an OS Command (OS Command Injection): Autodesk VRED Professional 2014 contains an unauthenticated remote code execution vulnerability. Autodesk VRED Professional 2014.
---------------------------------------------
http://www.kb.cert.org/vuls/id/402020
*** 8 Common Pitfalls of HeartBleed Identification and Remediation (CVE-2014-0160) ***
---------------------------------------------
Unfortunately, one of the biggest vulnerabilities disclosed this year, HeartBleed, has been inefficiently addressed and for some, already forgotten about. Plenty of details about the vulnerability already exist including our FAQ and ..
---------------------------------------------
http://blog.spiderlabs.com/2014/07/pitfalls-of-heartbleed-identification-an…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 01-07-2014 18:00 − Mittwoch 02-07-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Microsoft Expands TLS, Forward Secrecy Support ***
---------------------------------------------
Microsoft announced TLS support on Outlook.com and that OneDrive cloud storage now supports Perfect Forward Secrecy.
---------------------------------------------
http://threatpost.com/microsoft-expands-tls-forward-secrecy-support/106965
*** Cisco Small Cell Command Execution Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…
*** DOWNAD Tops Malware Spam Source in Q2 2014 ***
---------------------------------------------
DOWNAD , also known as Conficker remains to be one of the top 3 malware that affects enterprises and small and medium businesses. This is attributed to the fact that a number of companies are still using Windows XP, susceptible to this threat. It can infect ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/downad-tops-malw…
*** VMSA-2014-0006.4 ***
---------------------------------------------
VMware product updates address OpenSSL security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
*** Microsoft Digital Crimes Unit disrupts Jenxcus and Bladabindi malware families ***
---------------------------------------------
Today, following an investigation to which the Microsoft Malware Protection Center (MMPC) contributed, the Microsoft Digital Crimes Unit initiated a disruption of the Jenxcus and Bladabindi malware families. These families are believed to have been created by individuals Naser Al Mutairi, aka njQ8, and ..
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/06/30/microsoft-digital-crimes…
*** MONSTER COOKIES can nom nom nom ALL THE BLOGS ***
---------------------------------------------
Blog networks can be force-fed more than they can chew Giant cookies could be used to create a denial of service (DoS) on blog networks, says infosec researcher Bogdan Calin.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/02/monster_coo…
*** Transparenzzentrum: Microsoft gewährt Behörden Quellcode-Einsicht ***
---------------------------------------------
In einem Transparenzzentrum will Microsoft Behörden, die Code-Manipulationen durch fremde Geheimdienste befürchten, die Gelegenheit bieten, den Source-Code selbst zu untersuchen.
---------------------------------------------
http://www.heise.de/security/meldung/Transparenzzentrum-Microsoft-gewaehrt-…
*** Anatomy of a buffer overflow - Googles "KeyStore" security module for Android ***
---------------------------------------------
Heres a cautionary tale about a bug, courtesy of IBM. Not that IBM had the bug, just to be clear: Google had the bug, and IBM researchers spotted it.
---------------------------------------------
http://nakedsecurity.sophos.com/2014/07/02/anatomy-of-a-buffer-overflow-goo…
*** OpenSSL legt Sanierungsplan vor ***
---------------------------------------------
Nach der Heartbleed-Katastrophe hat das OpenSSL-Projekt nun eine Roadmap veröffentlicht, die helfen soll, organisatorische Mängel im Entwicklungsprozess auszubessern.
---------------------------------------------
http://www.heise.de/security/meldung/OpenSSL-legt-Sanierungsplan-vor-224810…
*** Rig Exploit Kit Used in Recent Website Compromise ***
---------------------------------------------
Attackers planted code in a popular Web portal to redirect users to an exploit kit ..
---------------------------------------------
http://www.symantec.com/connect/blogs/rig-exploit-kit-used-recent-website-c…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 30-06-2014 18:00 − Dienstag 01-07-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Microsoft Darkens 4MM Sites in Malware Fight ***
---------------------------------------------
Millions of Web sites were shuttered Monday morning after Microsoft executed a legal sneak attack against a malware network thought to be responsible for more than 7.4 million infections of Windows PCs worldwide.
---------------------------------------------
http://krebsonsecurity.com/2014/07/microsoft-darkens-4mm-sites-in-malware-f…
*** Apple Releases Security Updates for OS X, Safari, iOS devices, and Apple TV ***
---------------------------------------------
Apple has released security updates for Mac OS X, Safari, iOS devices, and Apple TV to address multiple vulnerabilities, some of which could allow attackers to execute arbitrary code with system privileges or cause an unexpected application termination.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2014/07/01/Apple-Releases-Sec…
*** [2014-06-30] Multiple vulnerabilities in IBM Algorithmics RICOS ***
---------------------------------------------
Abusing multiple vulnerabilities within IBM Algorithmics RICOS, an attacker can take over foreign user accounts and bypass authorization mechanisms.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
*** JBoss Seam org.jboss.seam.web.AuthenticationFilter code execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/94090
*** ICS Focused Malware ***
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-178-01
*** CERT-Bund: Trojaner-Opfer ändern Passwörter, PCs bleiben infiziert ***
---------------------------------------------
Die Auswertung von zehntausenden kompromittierten Mail-Zugangsdaten zeigt, dass ein beträchtlicher Teil der Opfer zwar sein Passwort ändert, allerdings schnell erneut zum Opfer wird - möglicherweise, weil der Rechner nicht desinfiziert wurde.
---------------------------------------------
http://www.heise.de/security/meldung/CERT-Bund-Trojaner-Opfer-aendern-Passw…
*** [2014-07-01] Stored cross site scripting in EMC Documentum eRoom ***
---------------------------------------------
Due to improper input validation, EMC Documentum eRoom suffers from multiple stored cross-site scripting vulnerabilities, which allow an attacker to steal other users sessions, to impersonate other users and to gain unauthorized access to documents hosted in eRooms.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014…
*** Apple testet Zwei-Faktor-Authentifizierung auf iCloud.com ***
---------------------------------------------
Künftig sollen auch auf Apples Cloud-Portal Zugangsdaten besser abgesichert werden. Gestern war die Funktion kurzzeitig freigegeben.
---------------------------------------------
http://www.heise.de/security/meldung/Apple-testet-Zwei-Faktor-Authentifizie…
*** Verwirrung um Microsofts Sicherheits-Newsletter ***
---------------------------------------------
Wer Windows-Rechner administriert, weiss den Security-Notifications-Newsletter von Microsoft zu schätzen. Letzte Woche kündigte das Unternehmen an, diesen einzustellen - um die Entscheidung kurz darauf zu revidieren.
---------------------------------------------
http://www.heise.de/security/meldung/Verwirrung-um-Microsofts-Sicherheits-N…
*** Cyberspying Campaign Comes With Sabotage Option ***
---------------------------------------------
New research from Symantec spots US and Western European energy interests in the bulls eye, but the campaign could encompass more than just utilities.
---------------------------------------------
http://www.darkreading.com/vulnerabilities---threats/advanced-threats/cyber…
*** Geodo: New Cridex Version Combines Data Stealer and Email Worm ***
---------------------------------------------
Recent efforts by our Research Lab has revealed new activity related to Cridex. As you may recall, Cridex is a data stealer also referred to as Feodo, and Bugat. The new Cridex version we are seeing now, aka Geodo, combines a self-spreading infection method - effectively turning each bot in the botnet ..
---------------------------------------------
http://www.seculert.com/blog/2014/07/geodo-new-cridex-version-combines-data…
*** Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters) ***
---------------------------------------------
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to upload any file remotely to the vulnerable website (i.e., no authentication is required). This is a serious vulnerability, The MailPoet plugin (wysija-newsletters) ..
---------------------------------------------
http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet…
*** IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) Potential IPMI credentials Exposure ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/90880
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 27-06-2014 18:00 − Montag 30-06-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** The Akamai State of the Internet Report ***
---------------------------------------------
The globally distributed Akamai Intelligent Platform delivers over 2 trillion Internet interactions and defends against multiple DDoS attacks each day. This provides us with unique visibility into Internet connection speeds, broadband adoption, mobile usage, outages, and attacks. Drawing ..
---------------------------------------------
http://www.akamai.com/stateoftheinternet/
*** OpenAFS Memory Error Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030459
*** 20 Jahre alte Kompressionsverfahren-Lücke sorgt für Verwirrung ***
---------------------------------------------
Sicherheitsforscher deckte Schwachstelle auf, von der hauptsächlich Linux-User betroffen sein sollen - Entwarnung von Autoren
---------------------------------------------
http://derstandard.at/2000002429137
*** Serious Android crypto key theft vulnerability affects 86% of devices ***
---------------------------------------------
Bug in Android KeyStore that leaks credentials fixed only in KitKat.
---------------------------------------------
http://arstechnica.com/security/2014/06/serious-android-crypto-key-theft-vu…
*** Anatomy of an Android SMS virus - watch out for text messages, even from your friends! ***
---------------------------------------------
Paul Ducklin looks into "Andr/SlfMite-A", an Android SMS virus. The malware sends itself to your top 20 contacts and foists an third party app for an alternative Android software market onto your device...
---------------------------------------------
http://nakedsecurity.sophos.com/2014/06/29/anatomy-of-an-android-sms-virus-…
*** DSA-2970 cacti ***
---------------------------------------------
http://www.debian.org/security/2014/dsa-2970
*** Microsoft Kills Security Emails, Blames Canada ***
---------------------------------------------
In a move that may wind up helping spammers, Microsoft is blaming a new Canadian anti-spam law for the companys recent decision to stop sending regular emails about security updates for its Windows operating system and other Microsoft software.
---------------------------------------------
http://krebsonsecurity.com/2014/06/microsoft-kills-security-emails-blames-c…
*** ICS Focused Malware (Update A) ***
---------------------------------------------
This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS-ALERT-14-176-02 ICS Focused Malware that was published June 25, 2014 on the ICS-CERT web site, and includes information previously published to the US-CERT secure portal.
---------------------------------------------
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-176-02A
*** Disqus Wordpress Plugin Flaw Leaves Millions of Blogs Vulnerable to Hackers ***
---------------------------------------------
A Remote code execution (RCE) vulnerability has been discovered in the comment and discussion service, Disqus plugin for the most popular Blogging Platform Wordpress. While there are more than 70 million websites on the Internet currently running WordPress, about 1.3 million of them use the 'Disqus Comment System' Plugin, making it one of the popular plugins of Wordpress for web comments
---------------------------------------------
http://thehackernews.com/2014/06/disqus-wordpress-plugin-flaw-leaves.html
*** Medienplayer VLC mit kritischer Krypto-Lücke ***
---------------------------------------------
Eine Schwachstelle in GnuTLS kann offenbar auch VLC-Nutzern zum Verhängnis werden: Versucht der Mediaplayer einen Stream von einem präparierten Server zu öffnen, droht die Infektion mit Schadcode.
---------------------------------------------
http://www.heise.de/security/meldung/Medienplayer-VLC-mit-kritischer-Krypto…
*** Analysis: Spam in May 2014 ***
---------------------------------------------
In the run-up to the summer, spammers offered their potential customers seedlings and seeds for gardening. In addition, English-language festive spam in May was dedicated to Mother's Day - the attackers sent out adverts offering flowers and candies.
---------------------------------------------
http://www.securelist.com/en/analysis/204792339/Spam_in_May_2014
*** How to protect yourself against privileged user abuse ***
---------------------------------------------
Network World - The typical organization loses 5% of its revenues to fraud by its own employees each year, with most thefts committed by trusted employees in executive management, operations, accounting, sales, customer service or purchasing, ..
---------------------------------------------
http://www.computerworld.com/s/article/9249440/How_to_protect_yourself_agai…
*** Auch Google schliesst Datenleck im Cloud-Speicher ***
---------------------------------------------
Wer Links in bei Google Drive abgelegten Dokumenten anklickt, hinterlässt Datenspuren. Durch diese können Dritte auf die Dokumente zugreifen.
---------------------------------------------
http://www.heise.de/security/meldung/Auch-Google-schliesst-Datenleck-im-Clo…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 26-06-2014 18:00 − Freitag 27-06-2014 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Stuxnet-like Havex Malware Strikes European SCADA Systems ***
---------------------------------------------
Security researchers have uncovered a new Stuxnet like malware, named as "Havex", which was used in a number of previous cyber attacks against organizations in the energy sector. Just like Famous Stuxnet Worm, which was specially designed to sabotage the Iranian nuclear project, the new trojan Havex is also programmed to infect industrial control system softwares of SCADA and ICS systems,...
---------------------------------------------
http://thehackernews.com/2014/06/stuxnet-like-havex-malware-strikes.html
*** Integer-Overflow: Sicherheitslücke in Kompressionsverfahren LZ4 und LZO ***
---------------------------------------------
Im Code für die weit verbreiteten Kompressionsverfahren LZO und LZ4 wurde eine Sicherheitslücke entdeckt. Das betrifft zahlreiche Anwendungen, darunter den Linux-Kernel, die Multimediabibliotheken FFmpeg und Libav, sowie OpenVPN.
---------------------------------------------
http://www.golem.de/news/integer-overflow-sicherheitsluecke-in-kompressions…
*** Image Stock Spam Reemerges ***
---------------------------------------------
Image stock spam, which can affect share prices and cause financial loss, has become more prominent in the last week. Image spam has been around for a longtime and peaked in January 2007 when Symantec estimated that image spam accounted for nearly 52 percent of all spam. Pump-and-dump image stock spam made up a significant portion of that 52 percent.
---------------------------------------------
http://www.symantec.com/connect/blogs/image-stock-spam-reemerges
*** 1st International Conference on Information Systems Security and Privacy - ICISSP 2015 ***
---------------------------------------------
Venue: ESEO, Angers, Loire Valley, France Event date: 9 - 11 February, 2015 Scope: The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues.
---------------------------------------------
http://www.securityfocus.com/archive/1/532572
*** Neue PHP-Versionen verarzten Sicherheitslücken ***
---------------------------------------------
PHP 5.4.30 und 5.5.14 schließen jeweils eine größere Anzahl von Sicherheitslücken; die Entwickler empfehlen ein zügiges Upgrade.
---------------------------------------------
http://www.heise.de/security/meldung/Neue-PHP-Versionen-verarzten-Sicherhei…
*** Thomson TWG87OUIR Cross Site Request Forgery ***
---------------------------------------------
Topic: Thomson TWG87OUIR Cross Site Request Forgery Risk: Medium Text:#Author: nopesled #Date: 24/06/14 #Vulnerability: POST Password Reset CSRF #Tested on: Thomson TWG87OUIR (Hardware Version) ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060148
*** Bugtraq: [RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532571
*** Security Notice-Statement About the Impact of the Dual_EC_DRBG Vulnerability on Huawei Devices ***
---------------------------------------------
Jun 27, 2014 17:39
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices…
*** Vuln: LZ4 lz4.c Memory Corruption Vulnerability ***
---------------------------------------------
LZ4 lz4.c Memory Corruption Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/68218