[CERT-daily] Tageszusammenfassung - Freitag 2-08-2013
Daily end-of-shift report
team at cert.at
Fri Aug 2 17:15:35 CEST 2013
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 01-08-2013 18:00 − Freitag 02-08-2013 17:12
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
*** Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages ***
---------------------------------------------
Exploit called BREACH bypasses the SSL crypto scheme protecting millions of sites.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/40ZrPMXUh8I/story01.htm
*** Siemens Scalance W-7xx Product Family Multiple Vulnerabilities ***
---------------------------------------------
OVERVIEWSiemens has identified multiple vulnerabilities in the Siemens Scalance W-7xx product family and reported them to ICS-CERT. A software update has been produced by Siemens that mitigates these vulnerabilities. Siemens has tested the software update to validate that it resolves the vulnerabilities. Exploitation of these vulnerabilities could allow a man-in-the-middle attack or the ability to gain complete control of the system.These vulnerabilities could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-213-01
*** OSPF LSA Manipulation Vulnerability in Multiple Cisco Products ***
---------------------------------------------
OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf
*** Apple to Fix 'Fake USB Charger' Flaw in iOS 7 ***
---------------------------------------------
Apple claims it will fix a previous disclosed flaw in its mobile operating system that can allow hackers complete access to an iPhone or iPad via a fake USB charger.
---------------------------------------------
http://threatpost.com/apple-to-fix-fake-usb-charger-flaw-in-ios-7/101554
*** Hot Knives Through Butter: Bypassing File-based Sandboxes ***
---------------------------------------------
Diamonds are a girl's best friend. Prime numbers are a mathematician's best friend. And file-based sandboxes are an IT security researcher's best friend. Unfortunately, malware authors know this. Aware that researchers are using sandboxes to monitor file behavior, attackers are ...
---------------------------------------------
http://www.fireeye.com/blog/technical/malware-research/2013/08/hot-knives-through-butter-bypassing-file-based-sandboxes.html
*** Vuln: Drupal Google Authenticator Login Module Access Bypass Vulnerability ***
---------------------------------------------
Drupal Google Authenticator Login Module Access Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/59884
*** vtiger CRM 5.4.0 PHP Code Injection ***
---------------------------------------------
Topic: vtiger CRM 5.4.0 PHP Code Injection Risk: High Text: -- vtiger CRM <= 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080015
*** Vuln: Symantec Backup Exec CVE-2013-4575 Remote Heap Buffer Overflow Vulnerability ***
---------------------------------------------
Symantec Backup Exec CVE-2013-4575 Remote Heap Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/61485
*** "Malware-infected hosts as stepping stones" service offers acccess to hundreds of compromised U.S based hosts ***
---------------------------------------------
By Dancho Danchev Malware-infected hosts with clean IP reputation have always been a desirable underground market item. On the majority of occasions, they will either be abused as distribution/infection vector, used as cash cows, or as 'stepping stones', risk-forwarding the responsibility, and distorting the attribution process, as well as adding an additional OPSEC (Operational Security) layer
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/xpbJBn1gMZA/
*** Java Back Door Acts as Bot ***
---------------------------------------------
The current threat landscape is often driven by web-based malware and exploit kits that are regularly updated with newly found vulnerabilities. Recently, we received an interesting malware binary's JAR package that opens a back door for an attacker to execute commands and acts as a bot after infection. This archive does not exploit any Java Read more...
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/java-back-door-acts-as-bot
*** Black Hat: EFI-Toolkit zur Suche nach Bootkits ***
---------------------------------------------
Sicherheitsforscher haben für die Abhärtung von UEFI ein Rootkit Detection Framework (RDFU) entwickelt. Um dessen Nutzen zu demonstrieren, setzten sie vorher ein Angriffsszenario mit einem Mac-Bootkit um.
---------------------------------------------
http://www.heise.de/security/meldung/Black-Hat-EFI-Toolkit-zur-Suche-nach-Bootkits-1928660.html
*** Black Hat: Zehntausende offene Webcams im Netz ***
---------------------------------------------
In der Firmware zahlreicher Webcams lauern außerordentlich viele Bugs. Sie erlauben die volle Kontrolle von Cams der Hersteller D-Link, Cisco, Trendnet, IQInvision und 3SVision. Updates stehen bereit, werden aber offensichtlich nicht installiert.
---------------------------------------------
http://www.heise.de/security/meldung/Black-Hat-Zehntausende-offene-Webcams-im-Netz-1928831.html
*** ISPmanager Multiple Vulnerabilities ***
---------------------------------------------
ISPmanager Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54330
More information about the Daily
mailing list