[CERT-daily] Tageszusammenfassung - Mittwoch 13-11-2013

Wed Nov 13 18:03:44 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 12-11-2013 18:00 − Mittwoch 13-11-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** Summary for November 2013 - Version: 1.0 ***
---------------------------------------------
This bulletin summary lists security bulletins released for November 2013. With the release of the security bulletins for November 2013, this bulletin summary replaces the bulletin advance notification originally issued November 7, 2013.
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-nov


*** Blog: Sinkholing the Hlux/Kelihos botnet - what happened? ***
---------------------------------------------
Back in March 2012 we teamed up with Crowdstrike, the Honeynet Project and Dell SecureWorks in disabling the second version of the Hlux/Kelihos-Botnet. Now we thought it would be a good time for an update on what has happened to that sinkhole-server over the last 19 months.
---------------------------------------------
http://www.securelist.com/en/blog/208214147/Sinkholing_the_Hlux_Kelihos_botnet_what_happened


*** Microsoft Warns Customers Away From SHA-1 and RC4 ***
---------------------------------------------
The RC4 and SHA-1 algorithms have taken a lot of hits in recent years, with new attacks popping up on a regular basis. Many security experts and cryptographers have been recommending that vendors begin phasing the two out, and Microsoft on Tuesday said that is now recommending to developers that they deprecate RC4 and stop using the SHA-1 hash algorithm.
---------------------------------------------
http://threatpost.com/microsoft-warns-customers-away-from-sha-1-and-rc4/102902


*** Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1 ***
---------------------------------------------
In June 2013, we released EMET 4.0 and customer response has been fantastic. Many customers across the world now include EMET as part of their defense-in-depth strategy and appreciate how EMET helps businesses prevent attackers from gaining access to computers systems. Today, we´re releasing a new version,  EMET 4.1, with updates that simplify configuration and accelerate deployment.
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2013/11/12/introducing-enhanced-mitigation-experience-toolkit-emet-4-1.aspx


*** Adobe Patches Flash, ColdFusion Flaws Unrelated to Breach ***
---------------------------------------------
Adobe patched critical vulnerabilities in its Flash Player and ColdFusion Web application server; the company said the bugs are unrelated to the recent breach and source code theft.
---------------------------------------------
http://threatpost.com/adobe-patches-flash-coldfusion-flaws-unrelated-to-breach/102909


*** Simulated attacks give London banks a trial run in readiness ***
---------------------------------------------
The planned event, called "Waking Shark II," marks the second year the city of London had participated in the security preparedness exercises.
---------------------------------------------
http://www.scmagazine.com//simulated-attacks-give-london-banks-a-trial-run-in-readiness/article/320667/


*** November Patch Tuesday Addresses New IE Zero-Day Exploit, But TIFF Vulnerability Still Unpatched ***
---------------------------------------------
It´s worth noting that another recent TIFF-related zero-day that we discussed has not been patched as part of this month´s update, so the recommendations and work-arounds that were suggested at that time remain in effect.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/november-patch-tuesday-addresses-new-ie-zero-day-exploit-but-tiff-vulnerability-still-unpatched/


*** Malicious multi-hop iframe campaign affects thousands of Web sites, leads to a cocktail of client-side exploits ***
---------------------------------------------
Sharing is caring. In this post, I´ll put the spotlight on a currently circulating, massive - thousands of sites affected - malicious iframe campaign, that attempts to drop malicious software on the hosts of unaware Web site visitors through a cocktail of client-side exploits. The campaign, featuring a variety of evasive tactics making it harder to analyze, continues to efficiently pop up on thousands of legitimate Web sites.
---------------------------------------------
http://www.webroot.com/blog/2013/11/13/malicious-multi-hop-iframe-campaign-affects-thousands-of-web-sites-leads-to-cve-2011-3402/


*** Cross-site scripting vulnerabilities in EMC Documentum eRoom ***
---------------------------------------------
Due to improper input validation, Documentum eRoom suffers from multiple cross-site scripting vulnerabilities, which allow an attacker to steal other users sessions, to impersonate other users and to gain unauthorized access to documents hosted in eRooms.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20131107-0_EMC_Documentum_eRoom_Reflected_XSS_v10.txt


*** BlackBerry Patches Remote Access Feature Vulnerable to Exploit ***
---------------------------------------------
BlackBerry patched two serious vulnerabilities in its BlackBerry Link product.
---------------------------------------------
http://threatpost.com/blackberry-patches-remote-access-feature-vulnerable-to-exploit/102914


*** cPanel Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55478


*** Red Hat Network Satellite Server Grants Administrative Access to Remote Users ***
---------------------------------------------
http://www.securitytracker.com/id/1029331


*** JunOS 11.4 Cross Site Scripting ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013110085


*** FortiAnalyzer 5.0.4 - CSRF Vulnerability ***
---------------------------------------------
http://www.exploit-db.com/exploits/29550


*** Security Bulletin: Potential Security Vulnerability fixed in WebSphere Virtual Enterprise (CVE-2013-5425) ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerability_fixed_in_websphere_virtual_enterprise_cve_2013_5425?lang=en_us