[CERT-daily] Tageszusammenfassung - Freitag 15-11-2013

Daily end-of-shift report team at cert.at
Fri Nov 15 18:13:17 CET 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 14-11-2013 18:00 − Freitag 15-11-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** Blog: The rush for CVE-2013-3906 - a hot commodity ***
---------------------------------------------
Two days ago FireEye reported that the recent CVE-2013-3906 exploit has begun to be used by new threat actors other than the original ones. The new infected documents share similarities with previously detected exploits but carry a different payload. This time these exploits are being used to deliver Taidoor and PlugX backdoors, according to FireEye.
---------------------------------------------
http://www.securelist.com/en/blog/208214158/The_rush_for_CVE_2013_3906_a_hot_commodity




*** CVE-2012-1889 is still alive! ***
---------------------------------------------
In  Zscaler´s daily scanning, we identified an instance where CVE-2012-1889 (MSXML Uninitialized Memory Corruption Vulnerability) is still alive. Lets take a look.
---------------------------------------------
http://research.zscaler.com/2013/11/cve-2012-1889-is-still-alive.html




*** Febipos for Internet Explorer ***
---------------------------------------------
In a previous blog post we discussed Trojan:JS/Febipos.A, a malicious browser extension that targets the Facebook profiles of Google Chrome and Mozilla Firefox users.  We recently came across a new Febipos sample that was specifically developed for Internet Explorer - we detect it as Trojan:Win32/Febipos.B!dll.
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2013/11/14/febipos-for-internet-explorer.aspx 




*** Linux backdoor squirts code into SSH to keep its badness buried ***
---------------------------------------------
Fokirtor! It LOOKED like legitimate traffic... 
Security researchers have discovered a Linux backdoor that uses a covert communication protocol to disguise its presence on compromised systems.
---------------------------------------------
http://www.theregister.co.uk/2013/11/15/stealthy_linux_backdoor/




*** Mobile Pwn2Own: Internet Explorer 11 geknackt, Chrome schon geflickt ***
---------------------------------------------
Die von Pinkie Pie benutzte Chrome-Lücke wurde von Google mittlerweile geschlossen. Forscher der Zero Day Initiative gelang es unterdessen, Internet Explorer 11 auf einem Surface Pro zu übernehmen.
---------------------------------------------
http://www.heise.de/security/meldung/Mobile-Pwn2Own-Internet-Explorer-11-geknackt-Chrome-schon-geflickt-2047256.html




*** Blog: AutoCAD - new platform for start page Trojans ***
---------------------------------------------
In China, start page Trojans have become a popular type of malware because by changing users´ browser start pages to point to some navigation site, the owner of the site can get a large amount of web traffic which can then be converted into large sums of money. In order to spread such Trojans as broadly as possible, Trojan authors have even turned their sights to AutoCAD.
---------------------------------------------
http://www.securelist.com/en/blog/8141/AutoCAD_new_platform_for_start_page_Trojans




*** Research Into BIOS Attacks Underscores Their Danger ***
---------------------------------------------
For three years, Dragos Ruiu has attempted to track down a digital ghost in his network, whose presence is only felt in strange anomalies and odd system behavior. The anomalies ranged from system instability, to "bricked" USB sticks and data seemingly modified on the fly, according to online posts.
---------------------------------------------
http://www.darkreading.com/advanced-threats/research-into-bios-attacks-underscore-da/240163919




*** Eight Security Predictions for 2014 ***
---------------------------------------------
2013 was not an easy year in cybersecurity and we expect 2014 attacks will be even more complex. In a new report out today, Websense Security Labs researchers collectively outlined eight predictions and recommendations for 2014. 
---------------------------------------------
http://community.websense.com/blogs/securitylabs/archive/2013/11/14/eight-security-predictions-for-2014.aspx




*** The Security Impact of HTTP Caching Headers, (Fri, Nov 15th) ***
---------------------------------------------
Earlier this week, an update for Media-Wiki fixed a bug in how it used caching headers. The headers allowed authenticated content to be cached, which may lead to sessions being shared between users using the same proxy server. I think this is a good reason to talk a bit about caching in web applications and why it is important for security.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17033&rss




*** Google Chrome for Android Multiple Memory Corruption Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55744




*** Nagios XI "tfPassword" SQL Injection Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55695




*** VMSA-2013-0013 ***
---------------------------------------------
VMware Workstation host privilege escalation vulnerability
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2013-0013.html




*** Cisco IOS CSG Parse Error Drop Function Flaw Lets Remote Users Bypass Access Controls ***
---------------------------------------------
http://www.securitytracker.com/id/1029342




*** Cisco ASA IPv6 NAT Bug Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1029341




*** mod_nss FakeBasicAuth authentication bypass ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013110110




*** APPLE-SA-2013-11-14-1 iOS 7.0.4 ***
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2013/Nov/msg00000.html




*** Security Bulletin: IBM Platform Cluster Manager Standard Edition (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 CVE-2013-4310) ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_platform_cluster_manager_standard_edition_cve_2013_2251_cve_2013_2248_cve_2013_2135_cve_2013_2134_cve_2013_2115_cve_2013_1966_cve_2013_1965_cve_2013_4310?lang=en_us


More information about the Daily mailing list