Daily

daily@lists.cert.at

1 participants
3083 discussions

Tageszusammenfassung - Dienstag 21-01-2014
by Daily end-of-shift report 21 Jan '14

21 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 20-01-2014 18:00 − Dienstag 21-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** Sicherheitstest eingerichtet: BSI meldet millionenfachen Identitätsdiebstahl *** --------------------------------------------- Behörden haben bei der Analyse von Botnetzen rund 16 Millionen betroffene Benutzerkonten entdeckt. Das BSI bietet einen Sicherheitstest an, um E-Mails auf Identitätsdiebstahl zu überprüfen. (Internet, Security) --------------------------------------------- http://www.golem.de/news/sicherheitstest-eingerichtet-bsi-meldet-millionenf… *** Android Vulnerability Enables VPN Bypass *** --------------------------------------------- A hole in Androids VPN feature could expose what should be securely communicated data as clear, unencrypted text. --------------------------------------------- http://threatpost.com/android-vulnerability-enables-vpn-bypass/103719 *** Details on Patched Microsoft Office 365 XSS Vulnerability Disclosed *** --------------------------------------------- A cross-site scripting vulnerability in Microsoft Office 365 casts attention on the need to shore up the security of cloud-based enterprise applications. --------------------------------------------- http://threatpost.com/details-on-patched-microsoft-office-365-xss-vulnerabi… *** Kampf um die Hintertüren einer vernetzten Welt *** --------------------------------------------- Adam Philpott vom Netzwerk-Riesen Cisco bestreitet Kooperation mit Geheimdiensten und skizziert neue Bedrohungen im Netz der Zukunft --------------------------------------------- http://derstandard.at/1389857261752 *** Blog: WhatsApp for PC - a guaranteed Trojan banker *** --------------------------------------------- WhatsApp for PC - now from Brazil and bringing banker which will steal your money. It hides itself as an mp3 file and has a low VT detection. --------------------------------------------- http://www.securelist.com/en/blog/208214225/WhatsApp_for_PC_a_guaranteed_Tr… *** EU cyber security Agency ENISA calls for secure e-banking and e-payments: non-replicable, single-use credentials for e-identities are needed in the financial sector *** --------------------------------------------- Different tokens, devices, mobile phones, e-signatures, etc. are used to authenticate our e-identities. Yet, some financial institutions are still not considering the risk of inadequate authentication mechanisms according to a new study by the EU Agency ENISA. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/enisa-calls-for-secure-e-ba… *** Spoiled Onions *** --------------------------------------------- As of January 2014, the Tor anonymity network consists of 5,000 relays of which almost 1,000 are exit relays. As the diagram to the right illustrates, exit relays bridge the gap between the Tor network and the open Internet. As a result, exit relays are able to see anonymised network traffic as it is sent by Tor clients. While most exit relays are innocuous and run by well-meaning volunteers, there are exceptions: In the past, some exit relays were documented to have sniffed and --------------------------------------------- http://www.cs.kau.se/philwint/spoiled_onions/ *** Merkur-Kundendaten mit Nocard geknackt *** --------------------------------------------- Studenten der FH Salzburg ist mit dem Kundenkartengenerator Zugriff auf Kundenprofile gelungen --------------------------------------------- http://derstandard.at/1389857747260 *** WordPress WordFence Plugin "User-Agent" Script Insertion Vulnerability *** --------------------------------------------- Input passed via the "User-Agent" HTTP header is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a administrator's browser session in context of an affected site when the malicious data is being viewed. --------------------------------------------- https://secunia.com/advisories/56558

1 0

Tageszusammenfassung - Montag 20-01-2014
by Daily end-of-shift report 20 Jan '14

20 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 17-01-2014 18:00 − Montag 20-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** NCR: Weltweit 95 Prozent aller Geldautomaten mit Windows XP *** --------------------------------------------- Laut einem hochrangigen Manager des Herstellers NCR laufen fast alle Geldautomaten weltweit noch mit Windows XP. Die Deutsche Kreditwirtschaft will davon nichts wissen, und erklärt, dass die Geldautomaten in Deutschland nicht am Internet hängen. Daher spiele die Art des Betriebssystems keine Rolle. --------------------------------------------- http://www.golem.de/news/ncr-weltweit-95-prozent-aller-geldautomaten-mit-wi… *** Adware vendors buy Chrome Extensions to send ad- and malware-filled updates *** --------------------------------------------- A first-hand account of this, which was first spotted by OMGChrome, was given by Amit Agarwal, developer of the "Add to Feedly" extension. One morning, Agarwal got an e-mail offering "4 figures" for the sale of his Chrome extension. The extension was only about an hours worth of work, so Agarwal agreed to the deal, the money was sent over PayPal, and he transferred ownership of the extension to another Google account.. --------------------------------------------- http://arstechnica.com/security/2014/01/malware-vendors-buy-chrome-extensio… *** VPN Related Vulnerability Discovered on an Android device - Disclosure Report *** --------------------------------------------- As part of our ongoing mobile security research we have uncovered a network vulnerability on Android devices which has serious implications for users using VPN. This vulnerability enables malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the --------------------------------------------- http://cyber.bgu.ac.il/blog/vpn-related-vulnerability-discovered-android-de… *** Looking Forward Into 2014: What 2013′s Mobile Threats Mean Moving Forward *** --------------------------------------------- 2013 was the year that the Android malware not just grew, but matured into a full-fledged threat landscape. Not only did the number of threats grow, the sophistication and capabilities associated with these threats grew as well. As we noted earlier, the number of mobile malware threats has crossed the one million mark, and as of ... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/mF1EIjR8duU/ *** Open-Xchange Server Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Open-Xchange, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting and script insertion attacks. --------------------------------------------- https://secunia.com/advisories/56390 *** F5 ARX Series Cyrus SASL NULL Pointer Dereference Vulnerability *** --------------------------------------------- F5 has acknowledged a vulnerability in F5 ARX Series, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a bundled vulnerable version of Cyrus SASL in relation to the ARX Manager Configuration utility. --------------------------------------------- http://secunia.com/advisories/56077/ *** Moodle Security Bypass Security Issue and Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A security issue and a vulnerability have been reported in Moodle, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/56556

1 0

Tageszusammenfassung - Freitag 17-01-2014
by Daily end-of-shift report 17 Jan '14

17 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 16-01-2014 18:00 − Freitag 17-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** JS-Binding-Over-HTTP Vulnerability and JavaScript Sidedoor: Security Risks Affecting Billions of Android App Downloads *** --------------------------------------------- Third-party libraries, especially ad libraries, are widely used in Android apps. Unfortunately, many of them have security and privacy issues. In this blog, we summarize our findings related to the insecure usage of JavaScript binding in ad libraries. --------------------------------------------- http://www.fireeye.com/blog/technical/2014/01/js-binding-over-http-vulnerab… *** ECAVA INTEGRAXOR BUFFER OVERFLOW VULNERABILITY *** --------------------------------------------- Overview: This advisory is a follow-up to the alert titled ICS-ALERT-14-015-01 Ecava IntegraXor Buffer Overflow Vulnerability that was published January 15, 2014, on the NCCIC/ICS-CERT Web site. Independent researcher Luigi Auriemma identified a buffer overflow vulnerability in the Ecava IntegraXor application without coordination with NCCIC/ICS-CERT, the vendor, or any other coordinating entity known to NCCIC/ICS-CERT. Ecava has produced a patch version that mitigates this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-016-01 *** A Closer Look at the Target Malware, Part II *** --------------------------------------------- Yesterdays story about the point-of-sale malware used in the Target attack has prompted a flood of reporting from antivirus and security vendors. Buried within those reports are some interesting details that speak to possible actors involved and to the timing and discovery of this breach. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/V1LusjgMQk8/ *** HPSBUX02961 SSRT101420 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) *** --------------------------------------------- A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Thingbot: Botnetz infiziert Kühlschrank *** --------------------------------------------- Ein US-Sicherheitsunternehmen hat ein Botnetz enttarnt. Das Besondere daran ist, dass etwa ein Viertel der infizierten Geräte keine Computer sind, sondern andere Internet-fähige Geräte - darunter ein Kühlschrank. (Spam, Malware) --------------------------------------------- http://www.golem.de/news/thingbot-botnetz-infiziert-kuehlschrank-1401-10397… *** Microsoft löscht Tor-Software nach Trojaner-Befall *** --------------------------------------------- Von mehreren hunderttausend Windows-PCs hat Microsoft veraltete Tor-Software gelöscht, die ein Trojaner installiert hatte. Auf bis zu zwei Millionen Rechnern soll der heimlich eingerichtete Dienst immer noch aktiv sein. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-loescht-Tor-Software-nach-Tr… *** Oldboot: the first bootkit on Android *** --------------------------------------------- A few days ago, we found an Android Trojan using brand new method to modify devices boot partition and booting script file to launch system service and extract malicious application during the early stage of systems booting. Due to the special RAM disk feature of Android devices boot partition, all current mobile antivirus product in the world can't completely remove this Trojan or effectively repair the system. We named this Android Trojan family as Oldboot. As far as we --------------------------------------------- http://blogs.360.cn/360mobile/2014/01/17/oldboot-the-first-bootkit-on-andro…

1 0

Tageszusammenfassung - Donnerstag 16-01-2014
by Daily end-of-shift report 16 Jan '14

16 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 15-01-2014 18:00 − Donnerstag 16-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** Compromised Sites Pull Fake Flash Player From SkyDrive *** --------------------------------------------- On most days, our WorldMap shows more of the same thing. Today is an exception.One infection is topping so high in the charts that it pretty much captured our attention.Checking the recent history of this threat, we saw that these past few days, it has been increasing in infection hits.So we dug deeper It wasnt long before we saw that a lot of scripts hosted in various websites got compromised. Our telemetry actually showed that almost 40% of the infected websites were hosted in Germany. In --------------------------------------------- http://www.f-secure.com/weblog/archives/00002659.html *** Microsoft antimalware support for Windows XP *** --------------------------------------------- Microsoft has announced the Windows XP end of support date of April 8, 2014. After this date, Windows XP will no longer be a supported operating system. To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015. This does not affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/01/15/microsoft-antimalware-su… *** SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities *** --------------------------------------------- Advisory ID: DRUPAL-SA-CORE-2014-001Project: Drupal coreVersion: 6.x, 7.xDate: 2014-January-15Security risk: Highly criticalExploitable from: RemoteVulnerability: Multiple vulnerabilitiesDescriptionMultiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7.Impersonation (OpenID module - Drupal 6 and 7 - Highly critical)A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack --------------------------------------------- https://drupal.org/SA-CORE-2014-001 *** A First Look at the Target Intrusion, Malware *** --------------------------------------------- Last weekend, Target finally disclosed at least one cause of the massive data breach that exposed personal and financial information on more than 110 million customers: Malicious software that infected point-of-sale systems at Target checkout counters. Todays post includes new information about the malware apparently used in the attack, according to two sources with knowledge of the matter. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/OVODHvnhoQs/ *** Amazons public cloud fingered as USs biggest MALWARE LAIR *** --------------------------------------------- Cyber-crooks lurve Bezos & Cos servers and their whitelisted IP addresses Amazons public cloud is the largest haven of malware spreaders in the US, according to security company Solutionary.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/01/16/amazon_clou… *** Ecava IntegraXor Buffer Overflow Vulnerability *** --------------------------------------------- NCCIC/ICS-CERT is aware of a public report of a buffer overflow vulnerability with proof-of-concept (PoC) exploit code affecting Ecava IntegraXor, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the vulnerability is exploitable by using a command to load an arbitrary resource from an arbitrary DLL located in the program’s main folder. --------------------------------------------- http://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-015-01 *** Advisory (ICSA-13-344-01) WellinTech Multiple Vulnerabilities *** --------------------------------------------- NCCIC/ICS-CERT received reports from the Zero Day Initiative (ZDI) regarding a remote code execution vulnerability and an information disclosure vulnerability in WellinTech KingSCADA, KingAlarm&Event, and KingGraphic applications. These vulnerabilities were reported to ZDI by security researcher Andrea Micalizzi. WellinTech has produced a new version that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01 *** Google verstärkt Anti-Spam-Team mit Zukauf *** --------------------------------------------- Das Team des Startups Impermium, das ein System gegen E-Mail-Account-Missbrauch entwickelt, wechselt zum Internet-Giganten. --------------------------------------------- http://www.heise.de/security/meldung/Google-verstaerkt-Anti-Spam-Team-mit-Z… *** Telekom reagiert mit Blog-Eintrag auf gefälschte Rechnungen *** --------------------------------------------- Erneut versenden Kriminelle gefälschte Online-Rechnungen der Telekom als Lockmittel, um Schadsoftware zu verbreiten. Dieses Mal reagiert der Konzern mit Warn-Mails und einem Blog-Eintrag, der Unterscheidungsmerkmale zu echten Rechnungen erklärt. --------------------------------------------- http://www.heise.de/security/meldung/Telekom-reagiert-mit-Blog-Eintrag-auf-… *** The Hidden Backdoors to the City of Cron *** --------------------------------------------- An attackers key to creating a profitable malware campaign is its persistency. Malicious code that is easily detected and removed will not generate enough value for their creators. This is the reason why we are seeing more and more malware using creative backdoor techniques, different obfuscation methods, and using unique approaches to increase the lifespanRead More --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/MCeUaRyYi88/the-hidden-backdo… *** DynDNS-Dienst knickt unter DDoS-Attacke ein *** --------------------------------------------- Dyn, Betreiber eines der bekanntesten DynDNS-Dienstes, ist Ziel eines DDoS-Angriffs geworden. Es ist zwar nur ein Teil der DNS-Infrastruktur des Anbieters betroffen, aber die Störung schlägt dennoch bis zu den Nutzern durch. --------------------------------------------- http://www.heise.de/newsticker/meldung/DynDNS-Dienst-knickt-unter-DDoS-Atta… *** Niederländische Behörden warnen vor Webcams *** --------------------------------------------- Die niederländischen Justizbehörden warnen, dass die in Tablets und Latops eingebauten Webcams eine Sicherheitslücke darstellen, über die Hacker eindringen können. Abkleben wird empfohlen. --------------------------------------------- http://www.heise.de/security/meldung/Niederlaendische-Behoerden-warnen-vor-…

1 0

Tageszusammenfassung - Mittwoch 15-01-2014
by Daily end-of-shift report 15 Jan '14

15 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 14-01-2014 18:00 − Mittwoch 15-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Verfassungsschutz: Gefahr der Online-Wirtschaftsspionage noch immer unterschätzt *** --------------------------------------------- Viele kleine und mittelständische Unternehmen sähen Ausgaben für IT-Sicherheit immer noch nicht als gut investiertes Geld an, meinte der Präsident des Bundesamts für Verfassungsschutz. --------------------------------------------- http://www.heise.de/security/meldung/Verfassungsschutz-Gefahr-der-Online-Wi… *** NSA zapft auch Computer ohne Internetverbindung an *** --------------------------------------------- Die NSA hat weltweit auf rund 100.000 Computern Spionagesoftware installiert. Auch zu Computern ohne Internetverbindung hat sich der US-Geheimdienst Zutritt verschafft. --------------------------------------------- http://futurezone.at/netzpolitik/nsa-zapft-auch-computer-ohne-internetverbi… *** A Look Into the Future and the January 2014 Bulletin Release *** --------------------------------------------- In January, there are those who like to make predictions about the upcoming year. I am not one of those people. Instead, I like to quote Niels Bohr who said, "Prediction is very difficult, especially if it's about the future." However, I can say without a doubt that change is afoot in 2014. In February, usage of the MD5 hash algorithm in certificates will be restricted, as first discussed in Security Advisory 2862973, and the update goes out through Microsoft Update on the... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2014/01/14/a-look-into-the-future-a… *** Kritische und wichtige Patches von Adobe und Microsoft *** --------------------------------------------- Was lange währt wird endlich gut: Microsoft hat an seinem Patchday unter anderem die Rechteausweitungslücke in Windows geschlossen, die mindestens seit November für Angriffe missbraucht wird. Von Adobe gibt es dringende Updates für Acrobat und Reader. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-und-wichtige-Patches-von-Ado… *** Oracle schließt 144 Sicherheitslücken *** --------------------------------------------- Update betrifft auch Java 7 und Java 5 --------------------------------------------- http://derstandard.at/1388651059299 *** Adobe Security Bulletins Posted *** --------------------------------------------- Today, we released the following Security Bulletins: APSB14-01 – Security updates available for Adobe Reader and Acrobat APSB14-02 – Security updates available for Adobe Flash Player Customers of the affected products should consult the relevant Security Bulletin(s) for details. --------------------------------------------- http://blogs.adobe.com/psirt/?p=1041 *** Oracle Critical Patch Update Advisory - January 2014 *** --------------------------------------------- Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 144 new security fixes across the product families listed below. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html *** Summary for January 2014 - Version: 1.0 *** --------------------------------------------- This bulletin summary lists security bulletins released for January 2014. With the release of the security bulletins for January 2014, this bulletin summary replaces the bulletin advance notification originally issued January 9, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. --------------------------------------------- http://technet.microsoft.com/en-ca/security/bulletin/ms14-jan

1 0

Tageszusammenfassung - Dienstag 14-01-2014
by Daily end-of-shift report 14 Jan '14

14 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 13-01-2014 18:00 − Dienstag 14-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS) *** --------------------------------------------- A potential security vulnerability has been identified with HP-UX running NTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS). --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Security: Mathematische Formel für den Cyberwar *** --------------------------------------------- Zwei Wissenschaftler aus den USA haben eine Formel entwickelt, mit sie ausrechnen können, wann der beste Zeitpunkt ist, um einen Cyberangriff auf ein bestimmtes Ziel mit bestimmten Mitteln durchzuführen. (Cyberwar, Security) --------------------------------------------- http://www.golem.de/news/security-mathematische-formel-fuer-den-cyberwar-14… *** Router-Backdoor: Cisco, Netgear und Linksys versprechen Schutz *** --------------------------------------------- Erst Ende Januar will Cisco ein Update liefern, das die in einigen Geraten gefundene Hintertür beseitigt; Netgear und Linksys nennen noch keinen Termin. Support-Anfragen zeigen, dass die Hintertür seit mindestens 10 Jahren aktiv ist. --------------------------------------------- http://www.heise.de/security/meldung/Router-Backdoor-Cisco-Netgear-und-Link… *** Spamming and scanning botnets - is there something I can do to block them from my site?, (Tue, Jan 14th) *** --------------------------------------------- Spamming and scanning botnets - is there something I can do to block them from my site? This question keeps popping up on forums and all places popular with those beleaguer souls despondent of the random spamming and over filled logs from scanning. Although this isnt a Magic ball question answer does come out a: Maybe, Maybe not. The reason behind the ambiguity is logical, to a degree; it's easy trying to hinder, frustrate and reduce the effectiveness of automated botnet processes, --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17426&rss *** ISC BIND NSEC3-Signed Zones Queries Handling Denial of Service Vulnerability *** --------------------------------------------- A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling queries for NSEC3-signed zones and can be exploited to cause a crash with an "INSIST" failure by sending a specially crafted query. Successful exploitation requires an authoritative nameservers serving at least one NSEC3-signed zone. --------------------------------------------- https://secunia.com/advisories/56427

1 0

Tageszusammenfassung - Montag 13-01-2014
by Daily end-of-shift report 13 Jan '14

13 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 10-01-2014 18:00 − Montag 13-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** Factsheet published: Certificates with 1024 bit RSA are being phased-out *** --------------------------------------------- Does your organisation still use certificates with an RSA key-length of at most 1024 bits? The NCSC recommends to replace them. The factsheet Certificates with 1024 bit RSA are being phased-out provides you with more information and perspectives for action. --------------------------------------------- https://www.ncsc.nl/english/current-topics/news/factsheet-published-certifi… *** Symantec Endpoint Protection multiple vulnerabilities *** --------------------------------------------- Symantec Endpoint Protection authentication privilege escalation http://xforce.iss.net/xforce/xfdb/90224 Symantec Endpoint Protection search paths privilege escalation http://xforce.iss.net/xforce/xfdb/90226 Symantec Endpoint Protection custom polocies security bypass http://xforce.iss.net/xforce/xfdb/90225 *** Juniper Junos multiple vulnerabilities *** --------------------------------------------- Juniper Junos CLI Commands Let Local Users Gain Elevated Privileges http://www.securitytracker.com/id/1029585 Juniper Junos Branch SRX Series HTTP Processing Flaw Lets Remote Users Deny Service http://www.securitytracker.com/id/1029584 Juniper Junos Branch SRX Series IP Processing Flaw Lets Remote Users Deny Service http://www.securitytracker.com/id/1029583 Juniper Junos BGP Update Processing Flaw Lets Remote Users Deny Service http://www.securitytracker.com/id/1029582 Juniper Junos XNM Command Processor Lets Remote Users Consume Excessive Memory on the Target System http://www.securitytracker.com/id/1029586 *** Die tausend gestopften Löcher des FFmpeg *** --------------------------------------------- Zwei Google-Ingenieure haben vor zwei Jahren damit begonnen, automatisiert nach Fehlern in dem freien Multimedia-Framework FFmpeg zu fahnden, von denen inzwischen über 1120 behoben wurden. --------------------------------------------- http://www.heise.de/security/meldung/Die-tausend-gestopften-Loecher-des-FFm… *** Microsoft Twitter accounts, blog hijacked by SEA *** --------------------------------------------- Another week, ANOTHER security own goal for Redmond Microsoft had two Twitter accounts and an official blog compromised over the weekend in another embarrassing security incident for the Redmond giant. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/01/13/microsoft_t… *** Trends in Targeted Attacks: 2013 *** --------------------------------------------- FireEye has been busy over the last year. We have tracked malware-based espionage campaigns and published research papers on numerous advanced threat actors. We chopped through Poison Ivy, documented a cyber arms dealer, and revealed that Operation Ke3chang had targeted --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2014/01/trends-in-ta… *** Cisco bestätigt Hintertür in mehreren Routern *** --------------------------------------------- Test-Interface erlaubt Zugriff auf sensible Daten - Update soll noch im Jänner folgen --------------------------------------------- http://derstandard.at/1388650811096 *** Bericht: Britischer Geheimdienst GCHQ schwächte GSM-Verschlüsselung *** --------------------------------------------- Bislang wurde kolportiert, die NATO habe in den 1980er-Jahren auf einem schwachen A5/1-Algorithmus bestanden. Nun weist ein norwegischer Wissenschaftler den Briten die Verantwortung dafür zu. --------------------------------------------- http://www.heise.de/security/meldung/Bericht-Britischer-Geheimdienst-GCHQ-s… *** Versorgung mit Virensignaturen für Windows-XP-Rechner vorerst gesichert *** --------------------------------------------- Am 8. April lässt Microsoft den Support für Windows XP fallen, doch die Antiviren-Hersteller beeindruckt das nicht. Die Folge: Um Signatur-Updates muss sich der XP-Anwender vorerst keine Sorgen machen, solange der Virenwächter nicht von Microsoft kommt. --------------------------------------------- http://www.heise.de/security/meldung/Versorgung-mit-Virensignaturen-fuer-Wi… *** LKA NRW warnt vor Betrugsversuchen angeblicher Microsoft-Mitarbeiter *** --------------------------------------------- In den vergangenen Wochen haben sich Fälle gehäuft, in denen angebliche Mitarbeiter des Microsoft-Supports versuchen, PC-Nutzer per Telefon zu schädigen. --------------------------------------------- http://www.heise.de/security/meldung/LKA-NRW-warnt-vor-Betrugsversuchen-ang…

1 0

Tageszusammenfassung - Freitag 10-01-2014
by Daily end-of-shift report 10 Jan '14

10 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 09-01-2014 18:00 − Freitag 10-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Understanding and mitigating NTP-based DDoS attacks *** --------------------------------------------- Over the last couple of weeks you may have been hearing about a new tool in the DDoS arsenal: NTP-based attacks. These have become popular recently and caused trouble for some gaming web sites and service providers. Wed long thought that NTP might become a vector for DDoS attacks because, like DNS, it is a simple UDP-based protocol that can be persuaded to return a large reply to a small request. Unfortunately, that prediction has come true. --------------------------------------------- http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-atta… *** Advance Notification for January 2014 - Version: 1.0 *** --------------------------------------------- This is an advance notification of security bulletins that Microsoft is intending to release on January 14, 2014. This bulletin advance notification will be replaced with the January bulletin summary on January 14, 2014. For more information about the bulletin advance notification service, see... --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms14-jan *** Oracle Critical Patch Update Pre-Release Announcement - January 2014 *** --------------------------------------------- This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2014, which will be released on Tuesday, January 14, 2014. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html *** Prenotification Security Advisory for Adobe Reader and Acrobat *** --------------------------------------------- Adobe is planning to release security updates on Tuesday, January 14, 2014 for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh. --------------------------------------------- http://helpx.adobe.com/security/products/reader/apsb14-01.html *** Adobe, Microsoft und Oracle zelebrieren ersten Patchday des Jahres *** --------------------------------------------- Kommenden Dienstag ist es wieder soweit. Adobe will kritische Lücken in Acrobat und Adobe Reader schließen, Microsoft unter anderem eine Windows-Lücke, die bereits seit November vergangenen Jahres ausgenutzt wird. --------------------------------------------- http://www.heise.de/security/meldung/Adobe-Microsoft-und-Oracle-zelebrieren… *** Tackling the Sefnit botnet Tor hazard *** --------------------------------------------- Sefnit, a prevailing malware known for using infected computers for click fraud and bitcoin mining, has left millions of machines potentially vulnerable to future attacks. We recently blogged about Sefnit performing click fraud and how we added detection on the upstream Sefnit installer. In this blog we explain how the Tor client service, added by Sefnit, is posing a risk to millions of machines, and how we are working to address the problem. Win32/Sefnit made headlines last August as it took... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/01/09/tackling-the-sefnit-botn… *** Schon wieder hunderttausende Kundendaten durch xt:Commerce-Lücke geklaut *** --------------------------------------------- Eine weitere Sicherheitslücke in xt:Commerce 3 und einigen der Nachfolger wird derzeit ausgenutzt, um die Namen, Mail-Adressen und Passwort-Hashes in Online-Shops zu entwenden. Betroffen sind über 230.000 Kunden vor allem aus Deutschland und Österreich. --------------------------------------------- http://www.heise.de/security/meldung/Schon-wieder-hunderttausende-Kundendat… *** Cisco Context Directory Agent Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Cisco Context Directory Agent, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and manipulate certain data. --------------------------------------------- https://secunia.com/advisories/56365

1 0

Tageszusammenfassung - Donnerstag 9-01-2014
by Daily end-of-shift report 09 Jan '14

09 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 08-01-2014 18:00 − Donnerstag 09-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Intercepted Email Attempts to Steal Payments, (Wed, Jan 8th) *** --------------------------------------------- A reader sent in details of a incident that is currently being investigated in their environment. (Thank you Peter for sharing! ) It appears to be a slick yet elaborate scam to divert a customer payment to the scammers. It occurs when the scammer attempts to slip into an email conversation and go undetected in order to channel an ordinary payment for service or goods into his own coffers. Here is a simple breakdown of the flow: Supplier sends business email to customer, email mentions a... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17366&rss *** ZeroAccess Takedown and the TDSS Aftermath *** --------------------------------------------- Early December last year, Microsoft - in cooperation with certain law enforcement agencies - announced their takedown of the ZeroAccess operations. This development, however, also yielded an unexpected effect on another well-known botnet, in particular TDSS. TDSS and ZeroAccess ZeroAccess is one of the most notable botnets in the world, with its malware known for rootkit... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/v07x5pzmpj4/ *** Malvertising attacks via Yahoo ads may precede broader iframe attacks *** --------------------------------------------- A New Years malvertisement attack on Yahoo.com that is believed to have infected the systems and devices of thousands of website visitors could signal an uptick in the use of highly effective iframe Web attacks on larger online communities. --------------------------------------------- http://searchsecurity.techtarget.com/news/2240212218/Malvertising-attacks-v… *** Personal banking apps leak info through phone *** --------------------------------------------- For several years I have been reading about flaws in home banking apps, but I was skeptical. To be honest, when I started this research I was not expecting to find any significant results. --------------------------------------------- http://blog.ioactive.com/2014/01/personal-banking-apps-leak-info-through.ht… *** Falscher Alarm: Avast für Android hält alle Apps für Viren *** --------------------------------------------- Ein fehlerhaftes Signaturupdate hat dazu geführt, dass Avast Android-Virenscanner am heutigen Donnerstag zahlreich fündig wurde. --------------------------------------------- http://www.heise.de/security/meldung/Falscher-Alarm-Avast-fuer-Android-hael… *** WordPress-Angreifer lieben TimThumb *** --------------------------------------------- Akamai hat Attacken auf WordPress-Erweiterungen untersucht und festgestellt, dass sich die Angreifer vor allem auf ein Plug-in eingeschossen haben. --------------------------------------------- http://www.heise.de/security/meldung/WordPress-Angreifer-lieben-TimThumb-20… *** Critics Cut Deep on Yahoo Mail Encryption Rollout *** --------------------------------------------- Yahoo has turned on HTTPS by default for its web-based email service, but the deployment is inconsistent across the board and experts are critical of its use of weak standards and the lack of Perfect Forward Secrecy and HSTS. --------------------------------------------- http://threatpost.com/critics-cut-deep-on-yahoo-mail-encryption-rollout/103… *** Drupal Media 7.x Access Bypass *** --------------------------------------------- Topic: Drupal Media 7.x Access Bypass Risk: High Text:View online: https://drupal.org/node/2169767 * Advisory ID: PSA-2014-001 * Project: Media [1] (third-party module) ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014010051

1 0

Tageszusammenfassung - Mittwoch 8-01-2014
by Daily end-of-shift report 08 Jan '14

08 Jan '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 07-01-2014 18:00 − Mittwoch 08-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** 64-bit ZBOT Leverages Tor, Improves Evasion Techniques *** --------------------------------------------- Reports have surfaced that ZeuS/ZBOT, the notorious online banking malware, is now targeting 64-bit systems. During our own investigation, we have confirmed that several ZBOT 32-bit samples (detected as TSPY_ZBOT.AAMV) do have an embedded 64-bit version (detected as TSPY64_ZBOT.AANP). However, our investigation also lead us to confirm other noteworthy routines of the malware, including its... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/RjjdkzMleq4/ *** Malicious Ads on DailyMotion Redirect to Fake AV Attack *** --------------------------------------------- Popular video-sharing site DailyMotion is serving malicious ads that redirect site visitors to domains hosting Fake AV malware, security firm Invincea reports. --------------------------------------------- http://threatpost.com/malicious-ads-on-dailymotion-redirect-to-fake-av-atta… *** Einbruch in die Opensuse-Foren *** --------------------------------------------- Die öffentlichen Opensuse-Foren sind Opfer eines Angriffs geworden und derzeit abgeschaltet. --------------------------------------------- http://www.heise.de/security/meldung/Einbruch-in-die-Opensuse-Foren-2078128… *** Yahoo Mail: Verschlüsselung wird endlich Default *** --------------------------------------------- Alle Kommunikation mit Webmail-Service nun per HTTPS abgesichert - Aber kein Perfect Forward Secrecy --------------------------------------------- http://derstandard.at/1388650341295 *** Satellite Links for Remote Networks May Pose Soft Target for Attackers *** --------------------------------------------- Land-based terminals that send data to satellites may pose a soft target for hackers, an analysis from a computer security firm shows. VSATs, an abbreviation for "very small aperture terminals," supply Internet access to remote locations, enabling companies to transmit data from an isolated network to an organizations main one. The devices are used in a variety of industries, including energy, financial services and defense. --------------------------------------------- http://www.cio.com/article/745580/Satellite_Links_for_Remote_Networks_May_P… *** Linux Kernel, Font Bugs Fixed in Ubuntu *** --------------------------------------------- A huge number of security vulnerabilities have been fixed in Ubuntu, including a remotely exploitable font flaw that an attacker could use to run arbitrary code on vulnerable machines. A number of Linux kernel flaws also were patched in some versions of the operating system. The font vulnerability affects five different versions of Ubuntu, including... --------------------------------------------- http://threatpost.com/linux-kernel-font-bugs-fixed-in-ubuntu/103500 *** VU#487078: QNAP QTS path traversal vulnerability *** --------------------------------------------- Vulnerability Note VU#487078 QNAP QTS path traversal vulnerability Original Release date: 08 Jan 2014 | Last revised: 08 Jan 2014 Overview QNAP QTS 4.0.3 and possibly earlier versions contain a path traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) - CVE-2013-7174QNAP QTS is a Network-Attached Storage (NAS) system accessible via a web interface. QNAP QTS 4.0.3 and possibly earlier versions contain a path traversal... --------------------------------------------- http://www.kb.cert.org/vuls/id/487078 *** Vuln: Cisco Unified Communications Manager Unauthorized Access Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/64690 *** HP 2620 Switch Series Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56290

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily