[CERT-daily] Tageszusammenfassung - Freitag 20-12-2013

Daily end-of-shift report team at cert.at
Fri Dec 20 18:15:41 CET 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 19-12-2013 18:00 − Freitag 20-12-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** Do You Hear What I Hear? ***
---------------------------------------------
This article, recently published in the Journal of Communications, adds another log to the BadBIOS fire. It has been stated that devices in the BadBIOS case are communicating across an air-gap with commodity PC audio hardware. This paper clearly spells out one workable way to communicate in this way. Even if this doesn't end up...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XrnMZDjVZpk/




*** NSA's broken Dual_EC random number generator has a "fatal bug" in OpenSSL ***
---------------------------------------------
No plans to fix a bug in "toxic" algorithm that no one seems to use.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/DAvvFpw-R04/story01.htm




*** Microsoft warnt vor signierter Malware ***
---------------------------------------------
Immer mehr Schädlinge tragen eine gültige digitale Signatur. Die Unterschriften werden typischerweise mit gestohlenen Entwicklerzertifikaten erstellt.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-warnt-vor-signierter-Malware-2070348.html




*** Exploiting Password Recovery Functionalities ***
---------------------------------------------
Password recovery functionalities can result in vulnerabilities in the same application they are intended to protect. Vulnerabilities such as username enumeration (showing different error messages when the user exists or not in the database), sensitive information disclosure (sending the password in clear-text by e-mail to user) and recover password message hijack (involving an attacker receiving a copy of the recover password message) are some common vulnerabilities that may be found in a...
---------------------------------------------
http://blog.spiderlabs.com/2013/12/exploiting-password-recovery-functionalities.html




*** Quick Joomla Refresher ***
---------------------------------------------
I havent come into contact with Joomla for a while, but I had the opportunity recently in a penetration test of a web site that was running the popular Content Management System (CMS). In this blog post I mention some of the tools I used to check the security of a particular Joomla installation and comment upon their effectiveness. Depending on your source, Joomla is within the top five contenders for the most popular CMS. Alternatives include WordPress, Drupal and others. CMS frameworks have...
---------------------------------------------
http://blog.spiderlabs.com/2013/12/quick-joomla-refresher.html




*** Not quite the average exploit kit: Zuponcic ***
---------------------------------------------
This post connects three recent developments in the realm of malware infections: .htaccess server compromise, the Zuponcic exploit kit and the Ponmocup botnet. It seems that the defacto standard of exploit kits is getting competition. Understanding how this exploit kit works will give you a better chance of defending against it and for identifying the .htaccess compromise on your server.
---------------------------------------------
http://blog.fox-it.com/2013/12/19/not-quite-the-average-exploit-kit-zuponcic/




*** Nach BKA-Einsatz: ZeroAccess-Botnetz streicht die Segel ***
---------------------------------------------
Die Drahtzieher hinter dem ZeroAccess-Botnetz schwenken die virtuelle weiße Fahne. Nach weiteren Aktionen der Strafverfolgungsbehörden haben sie das Bot hüten anscheinend vorerst aufgegeben.
---------------------------------------------
http://www.heise.de/security/meldung/Nach-BKA-Einsatz-ZeroAccess-Botnetz-streicht-die-Segel-2070908.html




*** Digitale Forensik: Ungelöste Probleme bei Beweissicherung digitaler Artefakte ***
---------------------------------------------
Etliche Probleme der Beweissicherung digitaler Artefakte sind noch längst nicht gelöst, zeigte sich auf dem Workshop Forensik und Internetkriminalität. Dazu lieferte das BSI ein Lagebild, das von einem ungebrochenen Anstieg der Netzkriminalität ausgeht.
---------------------------------------------
http://www.heise.de/security/meldung/Digitale-Forensik-Ungeloeste-Probleme-bei-Beweissicherung-digitaler-Artefakte-2071187.html




*** BitTorrent stellt Peer-to-Peer-Chat-System vor ***
---------------------------------------------
Als Antwort auf die flächendeckende NSA-Schnüffelei hat BitTorrent ein Chat-System entwickelt, das ohne zentralen Server auskommt und anonyme, verschlüsselte Kommunikation ermöglicht.
---------------------------------------------
http://www.heise.de/security/meldung/BitTorrent-stellt-Peer-to-Peer-Chat-System-vor-2071268.html




*** Erneute Lücke in OpenX wird aktiv ausgenutzt ***
---------------------------------------------
Kritische Sicherheitslücken in der aktuellen Version der Anzeigen-Server-Software OpenX und in dessen Fork Revive werden genutzt, um Schad-Software zu verteilen. Das CERT-Bund benachrichtigt täglich mehrere betroffene Server-Betreiber.
---------------------------------------------
http://www.heise.de/security/meldung/Erneute-Luecke-in-OpenX-wird-aktiv-ausgenutzt-2071266.html




*** Viren-Statistiken: Rückblick finster, Ausblick noch finsterer ***
---------------------------------------------
Das Jahr 2014 hält für Smartphone-Benutzer besonders viele digitale Angriffe bereit, sagen Antivirenhersteller nach Auswertung ihrer Statistiken.
---------------------------------------------
http://www.heise.de/security/meldung/Viren-Statistiken-Rueckblick-finster-Ausblick-noch-finsterer-2070330.html




*** RSA Archer eGRC Input Validation Flaws Permit Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1029523




*** WordPress URL Redirector Abuse and XSS vulnerabilities ***
---------------------------------------------
Topic: WordPress URL Redirector Abuse and XSS vulnerabilities Risk: Low Text:Hello list! As Ive announced earlier (http://seclists.org/fulldisclosure/2013/Nov/219), I conducted a Day of bugs in WordP...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013120142




*** Google Picasa RAW Image Parsing Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55555




*** cPanel Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/56146




*** Hitachi Cosminexus Products XML External Entities Information Disclosure Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/56142




*** IBM Security Access Manager for Enterprise Single Sign-On Security Issue and Two Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/56176




*** Revive Adserver "what" SQL Injection Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55963




*** Apache Santuario DTD Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1029524




*** Apple Motion Memory Access Error Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1029521


More information about the Daily mailing list