[CERT-daily] Tageszusammenfassung - Mittwoch 11-12-2013

Wed Dec 11 18:06:14 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 10-12-2013 18:00 − Mittwoch 11-12-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Robert Waldner

*** Summary for December 2013 - Version: 1.0 ***
---------------------------------------------
This bulletin summary lists security bulletins released for December 2013.

With the release of the security bulletins for December 2013, this bulletin summary replaces the bulletin advance notification originally issued December 5, 2013. 

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-dec

*** Rotbrow: the Sefnit distributor ***
---------------------------------------------
This months addition to the Microsoft Malicious Software Removal Tool is a family that is both old and new. Win32/Rotbrow existed as far back as 2011, but the first time we saw it used for malicious purposes was only in the past few months. In September, Geoff blogged about the dramatic resurgence of Win32/Sefnit (aka Mevade). At the time, we knew of several ways in which Sefnit was distributed, but we continued investigating how it was able to get on so many machines. When we concentrated on
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2013/12/10/rotbrow-the-sefnit-distributor.aspx

*** Firefox 26 Makes Java Plugins Click-to-Play, Fixes 14 Security Flaws ***
---------------------------------------------
Mozilla has released a major new version of Firefox, which includes fixes for more than a dozen security vulnerabilities as well as an important change that makes all Java plugins click-to-play be default. This feature prevents those plugins from running automatically on Web pages, which helps protect users against some Web-based attacks. The modification to […]
---------------------------------------------
http://threatpost.com/firefox-26-makes-java-plugins-click-to-play-fixes-14-security-flaws/103146

*** DSA-2815 munin ***
---------------------------------------------
Christoph Biedl discovered two denial of service vulnerabilities in munin, a network-wide graphing framework.
---------------------------------------------
http://www.debian.org/security/2013/dsa-2815

*** Zero-Day Fixes From Adobe, Microsoft ***
---------------------------------------------
Adobe and Microsoft today each separately released security updates to remedy zero-day bugs and other critical vulnerabilities in their software. Adobe issued fixes for its Flash and Shockwave players, while Microsoft pushed out 11 updates addressing addressing at least two dozen flaws in Windows and other software.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/gWnv_MqLeM4/

*** WordPress 3.7.1 Maintenance Release ***
---------------------------------------------
WordPress 3.7.1 is now available! This maintenance release addresses 11 bugs in WordPress 3.7
---------------------------------------------
http://wordpress.org/news/2013/10/wordpress-3-7-1/

*** Adobe Shockwave Player Two Memory Corruption Vulnerabilities ***
---------------------------------------------
Two vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error can be exploited to cause memory corruption.

2) Another unspecified error can be exploited to cause memory corruption.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
---------------------------------------------
https://secunia.com/advisories/55952

*** Thought your Android phone was locked? THINK AGAIN ***
---------------------------------------------
Another day, another vulnerability Android has taken another step to cement its place behind Java in the world of repeatedly-vulnerable software, with German group Curesec discovering that an attacker can get past users PINs to unlock the phone.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/12/10/android_has_lockbypass_bug/

*** ENISA lists top cyber-threats in this year’s Threat Landscape Report. ***
---------------------------------------------
The EU’s cyber security Agency ENISA has issued its annual Threat Landscape 2013 report, where over 200 publicly available reports and articles have been analysed. Questions addressed are: What are the top cyber-threats of 2013? Who are the adversaries? What are the important cyber-threat trends in the digital ecosystem?
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/enisa-lists-top-cyber-threats-in-this-year2019s-threat-landscape-report

*** HP Officejet Pro 8500 Printer Input Validation Flaw Permits Cross-Site Scripting Attacks ***
---------------------------------------------
A vulnerability was reported in the HP Officejet Pro 8500 Printer. A remote user can conduct cross-site scripting attacks.

The printer interface does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the HP Printer interface and will run in the security context of that site...
---------------------------------------------
http://www.securitytracker.com/id/1029466

*** A New Vulnerability in the Android Framework: Fragment Injection ***
---------------------------------------------
We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings (the one that is found on every Android device), Gmail, Google Now, DropBox and Evernote. To be more accurate, any App which extended the PreferenceActivity class using an exported activity was automatically vulnerable.
---------------------------------------------
http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection/

*** TYPO3-FLOW-SA-2013-001: Cross-Site Scripting in TYPO3 Flow ***
---------------------------------------------
Problem Description: The errorAction method in the ActionController base class of Flow returns error messages without properly encoding them. Because these error messages can contain user input, this could lead to a Cross-Site Scripting vulnerability in Flow driven applications.
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/typo3-flow/typo3-flow-sa-2013-001/

*** Creepware - Who’s Watching You? ***
---------------------------------------------
Some people stick a piece of tape over the webcam on their laptop, maybe you even do it yourself. Are they over cautious, paranoid, a little strange? Are you? Or is there reason behind this madness? Many of us have heard the stories about people being spied on using their own computer or people being blackmailed using embarrassing or incriminating video footage unknowingly recorded from compromised webcams...
---------------------------------------------
http://www.symantec.com/connect/blogs/creepware-who-s-watching-you

*** Blog: The inevitable move - 64-bit ZeuS has come enhanced with Tor ***
---------------------------------------------
The more people switch to 64-bit platforms, the more 64-bit malware appears. We have been following this process for several years now. The more people work on 64-bit platforms, the more 64-bit applications that are developed as well. Sometimes these include some very specific applications, for example, banking applications.... If someone wants to hack into an application like this and steal information, the best tool for that would also be a 64-bit agent. And what’s the most notorious
---------------------------------------------
http://www.securelist.com/en/blog/208214171/The_inevitable_move_64_bit_ZeuS_has_come_enhanced_with_Tor

*** TYPO3 Multiple Vulnerabilities ***
---------------------------------------------
A weakness and multiple vulnerabilities have been reported in TYPO3, which can be exploited by malicious users to disclose sensitive information, conduct script insertion attacks, manipulate certain data, and bypass certain security restrictions and by malicious people to conduct cross-site scripting and spoofing attacks.
---------------------------------------------
https://secunia.com/advisories/55958

*** SAProuter Authentication Bypass Security Bypass Vulnerability ***
---------------------------------------------
ERPScan has reported a vulnerability in SAProuter, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the application not properly restricting access to certain functionalities, which can be exploited to e.g. manipulate the configuration.
---------------------------------------------
https://secunia.com/advisories/56060