[CERT-daily] Tageszusammenfassung - Donnerstag 12-12-2013

Thu Dec 12 18:09:24 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 11-12-2013 18:00 − Donnerstag 12-12-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** How cybercriminals efficiently violate YouTube, Facebook, Twitter, Instagram, SoundCloud and Google+'s ToS ***
---------------------------------------------
With social media, now an inseparable part of the marketing expenditures for every modern organization, cybercriminals quickly adapted to the ongoing buzz, and over the last couple of years, have been persistently supplying the market segment with social media metrics performance boosts, in the the form of bogus likes, dislikes, comments, favorites, subscribers, and video/music plays.
---------------------------------------------
http://www.webroot.com/blog/2013/12/11/cybercriminals-efficiently-violate-monetize-youtube-facebook-twitter-instagram-soundcloud-googles-tos/


*** Inside the TextSecure, CyanogenMod Integration ***
---------------------------------------------
Moxie Marlinspike explains how Open WhisperSystems plans to bring end-to-end encrypted secure communications to major platforms such as Android, iOS and popular Web browsers.
---------------------------------------------
http://threatpost.com/inside-the-textsecure-cyanogenmod-integration/103164


*** The Kernel is calling a zero(day) pointer - CVE-2013-5065 - Ring Ring ***
---------------------------------------------
SpiderLabs investigates a number of suspicious binary files on a daily basis. A week ago we came across a PDF file which had two different vulnerabilities, a remote-code-execution vulnerability in Adobe Reader and a new escalation-of-privileges vulnerability in Windows Kernel.
---------------------------------------------
http://blog.spiderlabs.com/2013/12/the-kernel-is-calling-a-zeroday-pointer-cve-2013-5065-ring-ring.html


*** Software defense: mitigating common exploitation techniques ***
---------------------------------------------
In our previous posts in this series, we described various mitigation improvements that attempt to prevent the exploitation of specific classes of memory safety vulnerabilities such as those that involve stack corruption, heap corruption, and unsafe list management and reference count mismanagement. These mitigations are typically associated with a specific developer mistake such as writing beyond the bounds of a stack or heap buffer, failing to correctly track reference counts, and so on.
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2013/12/11/software-defense-mitigating-common-exploitation-techniques.aspx


*** Operation Ke3chang: Targeted Attacks Against Ministries of Foreign Affairs ***
---------------------------------------------
This week, FireEye released a report detailing how Chinese-speaking advanced persistent threat (APT) actors systematically attacked European ministries of foreign affairs (MFAs). Within 24 hours, the Chinese government officially responded.
---------------------------------------------
http://www.fireeye.com/blog/technical/malware-research/2013/12/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs.html


*** Blog: Forecasts for 2014 - expert opinion ***
---------------------------------------------
In 2014 we expect significant growth in the number of threats related to economic and domestic cyber-espionage, with cyber-mercenaries/cyber-detectives playing an active role in such attacks.
---------------------------------------------
http://www.securelist.com/en/blog/8167/Forecasts_for_2014_expert_opinion


Tausende Online-Shops auf Basis von xt:Commerce akut bedroht
---------------------------------------------
Die Shop-Software xt:Commerce 3 und deren Ableger wie Gambio und Modified enthalten zwei Fehler, die es in Kombination erlauben, Shops komplett zu übernehmen. Ersten groben Schätzungen zufolge wird die Software ungefähr 50.000 Shops eingesetzt. Zum Glück gibt es Workarounds und Patches, um sich zu schützen.
---------------------------------------------
http://www.heise.de/security/meldung/Tausende-Online-Shops-auf-Basis-von-xt-Commerce-akut-bedroht-2065104.html


*** D-Link DSL-6740U Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55999


*** InstantCMS "orderby" SQL Injection Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/56041


*** PHP OpenSSL Extension X.509 Certificate Parsing Memory Corruption Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/56055


*** Adobe ColdFusion 9/10 Administrative Login Bypass ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013120084


*** Vtiger 5.4.0 Cross Site Scripting ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013120088


*** Plone Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/56015