[CERT-daily] Tageszusammenfassung - Freitag 6-12-2013

Fri Dec 6 18:15:20 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 05-12-2013 18:00 − Freitag 06-12-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner


*** Advance Notification Service for December 2013 Security Bulletin Release ***
---------------------------------------------
Today we're providing advance notification for the release of 11 bulletins, five Critical and six Important, for December 2013. The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Critical update for GDI+ fully addresses the publicly disclosed issue described in Security Advisory 2896666.  This release won't include an update for the issue described in Security Advisory 2914486. We're still working to develop a security...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/12/05/advance-notification-service-for-december-2013-security-bulletin-release.aspx


*** Google Docs Scam Stealing Passwords ***
---------------------------------------------
Scammers are up to mischief again by tricking users into clicking false webmail widgets. The core goal of any phishing attempt is to compromise the victims access to a particular service. Usually this is done by posing as the service the attacker wants to hijack from the victim, and sending the username and password information back to the attacker. Ive seen plenty phishing schemes in the
---------------------------------------------
http://research.zscaler.com/2013/12/google-docs-scam-stealing-passwords-in.html


*** Study finds zero-day vulnerabilities abound in popular software ***
---------------------------------------------
Organizations selling exploits for vulnerabilities in software from major companies including Microsoft, Apple, Oracle, and Adobe
---------------------------------------------
http://www.csoonline.com/article/744307/study-finds-zero-day-vulnerabilities-abound-in-popular-software?source=rss_application_security


*** EU cyber security Agency ENISA argues that better protection of SCADA Systems is needed ***
---------------------------------------------
How long can we afford having critical infrastructures that use unpatched SCADA systems, the EU's cyber security Agency ENISA asks? ENISA argues that the EU Member States could proactively deploy patch management to enhance the security of SCADA systems.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/eu-cyber-security-agency-enisa-argues-that-better-protection-of-scada-systems-is-needed


*** Hacking a Reporter: Sleepless Nights Outside a Brooklyn Brownstone (Part 3 of 3) ***
---------------------------------------------
This post is the conclusion of a three-part series that goes into more depth about our experience hacking journalist Adam Penenberg, which resulted in an article on PandoDaily in October. Parts one and two detail the malware aspects of our hack with contributions from Josh Grunzweig, Matt Jakubowski and Daniel Chechik. I, Garret Picchioni (voted to be the bald hacker with a heart tattoo in the original article artwork), will discuss the details of the...
---------------------------------------------
http://blog.spiderlabs.com/2013/12/hacking-a-reporter-sleepless-nights-outside-a-brooklyn-brownstone-part-3-of-3.html


*** Weekly Metasploit Update: SAP and Silverlight ***
---------------------------------------------
We've been all SAP all the time here in the Independent Nations of Metasploit, and expect to be for the rest of the week. You might recall that Metasploit exploit dev, Juan Vazquez published his SAP survey paper a little while back; on Tuesday, we did a moderated twitter chat on the hashtag #pwnSAP with the major SAP-focused Metasploit contributors Bruno Morrison, Chris John Riley, and Dave Hartley; and today (Thursday, December 5), Juan and I will be hosting a webcast on the various and sundry SAP exposures that Metasploit covers, and There Will Be Demos and Q&A, so it should be fun.
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/12/05/weekly-metasploit-update


*** CVE-2013-3346/5065 Technical Analysis ***
---------------------------------------------
In our last post, we warned of a new Windows local privilege escalation vulnerability being used in the wild. We noted that the Windows bug (CVE-2013-5065) was exploited in conjunction with a patched Adobe Reader bug (CVE-2013-3346) to evade the...
---------------------------------------------
http://www.fireeye.com/blog/technical/cyber-exploits/2013/12/cve-2013-33465065-technical-analysis.html


*** Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Control Center ***
---------------------------------------------
A number of security vulnerabilities have been discovered in the Java Runtime Environment and the Cognos Business Intelligence components included in IBM SCC.CVE(s): CVE-2013-1557, CVE-2013-1478, CVE-2013-1571, CVE-2013-1500, CVE-2013-2988, CVE-2013-2978 and CVE-2013-0586  Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms  Refer to the following reference URLs for remediation and additional vulnerability...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerabilities_in_ibm_sterling_control_center1?lang=en_us


*** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) ***
---------------------------------------------
Multiple security vulnerabilities exist in the IBM JRE that is shipped with the Rational Reporting for Development Intelligence (RRDI). The same security vulnerabilities also exist in the IBM Java SDK that is shipped with the IBM WebSphere Application Server (WAS).  CVE(s): CVE-2013-4066 and CVE-2013-4067  Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms  Refer to the following reference URLs for...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerabilities_exist_in_ibm_infosphere_information_server_cve_2013_4066_and_cve_2013_40673?lang=en_us


*** Sonicwall GMS 7.x Filter Bypass ***
---------------------------------------------
Topic: Sonicwall GMS 7.x Filter Bypass Risk: Low Text:Document Title: Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability References (Source): == http...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013120048


*** VMware ESX Server Service Console Two Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55917


*** SSA-568732 (Last Update 2013-12-06): Privilege Escalation in COMOS ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-568732.pdf


*** WordPress JS Hotel Plugin "roomid" Cross-Site Scripting Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55919


*** NVIDIA Graphics Drivers GPU Access Privilege Escalation Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55904


*** HP-UX update for Java ***
---------------------------------------------
https://secunia.com/advisories/55978


*** IBM Forms Viewer XFDL buffer overflow ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87911