[CERT-daily] Tageszusammenfassung - Montag 18-11-2013

Mon Nov 18 18:14:02 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 15-11-2013 18:00 − Montag 18-11-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Password hack of vBulletin.com fuels fears of in-the-wild 0-day attacks ***
---------------------------------------------
Hacks on sites using the widely used forum software spread to its maker.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/FIA9t0-8N04/story01.htm


*** BKDR_SHIZ Responsible For SAP Attacks, And More ***
---------------------------------------------
There have been recent reports of malware that targeted SAP users for information theft. We detect this threat as BKDR_SHIZ.TO, and it belongs to a malware family that has been detected since 2010. So far, this particular family has received little attention, but its targeting of SAP applications has raised its profile considerably. So what...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/O578f6Dl3Js/


*** Exploiting the Supermicro Onboard IPMI Controller ***
---------------------------------------------
Last week @hdmoore published the details about several vulnerabilities into the Supermicro IPMI firmware. With the advisory's release, several modules were landed into Metasploit in order to check Supermicro's device against several of the published vulnerabilities.
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/11/15/exploiting-the-supermicro-onboard-ipmi-controller


*** Explaining and Speculating About QUANTUM ***
---------------------------------------------
Nicholas Weaver has a great essay explaining how the NSAs QUANTUM packet injection system works, what we know it does, what else it can possibly do, and how to defend against it. Remember that while QUANTUM is an NSA program, other countries engage in these sorts of attacks as well. By securing the Internet against QUANTUM, we protect ourselves against...
---------------------------------------------
https://www.schneier.com/blog/archives/2013/11/explaining_and.html


*** Various Schneier Audio and Video Talks and Interviews ***
---------------------------------------------
News articles about me (or with good quotes by me). My talk at the IETF Vancouver meeting on NSA and surveillance. Im the first speaker after the administrivia. Press articles about me and the IETF meeting. Other video interviews with me....
---------------------------------------------
https://www.schneier.com/blog/archives/2013/11/various_schneie.html


*** Sagan as a Log Normalizer, (Sat, Nov 16th) ***
---------------------------------------------
"Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine that run under *nix operating systems (Linux/FreeBSD/ OpenBSD/etc)."[1]  Sagan is a log analysis engine that uses structure rules with the same basic structure as Snort rules. The alerts can be written to a Snort IDS/IPS database in the Unified2 file format using Barnyard2. This mean the alerts can be read using Sguil, BASE or SQueRT to name a few. It is easy to setup, just need to
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17039&rss


*** SpiderLabs Radio November 15, 2013 w/ Space Rogue ***
---------------------------------------------
This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs and features stories about Stuxnet on ISS, Facebook scans for Adobe, MacRumours, SEA hits Vice, bitcash.cz, Cracked gets cracked, Loyaltybuild, No Nukes in JP, OWASP AppSec USA, SRs Last SLR and more!   Listen to SpiderLabs radio in iTunes. Or you can download the MP3 file directly here. Or listen right from your browser with this embedded player.
---------------------------------------------
http://blog.spiderlabs.com/2013/11/spiderlabs-radio-november-15-2013-w-space-rogue.html


*** Vendor of TDoS products/services releases new multi-threaded SIP-based TDoS tool ***
---------------------------------------------
Telephony Denial of Service Attacks (TDoS) continue representing a growing market segment within the Russian/Eastern European underground market, with more vendors populating it with propositions for products and services aiming to disrupt the phone communications of prospective victims. From purely malicious in-house infrastructure - dozens of USB hubs with 3G USB modems using fraudulently obtained, non-attributable SIM cards - abuse of legitimate infrastructure, like Skype, ICQ, a...
---------------------------------------------
http://www.webroot.com/blog/2013/11/15/vendor-tdos-productsservices-releases-new-multi-threaded-sip-based-tdos-tool/


*** Bugtraq: Cross-Site Scripting (XSS) in Tweet Blender Wordpress Plugin ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529853


*** Vuln: GnuTLS libdane/dane.c CVE-2013-4487 Incomplete Fix Remote Buffer Overflow Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63469


*** MS13-095 - Important : Vulnerability in Digital Signatures Could Allow Denial of Service (2868626) - Version: 1.0 ***
---------------------------------------------
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service when an affected web service processes a specially crafted X.509 certificate.
---------------------------------------------
http://technet.microsoft.com/en-gb/security/bulletin/ms13-095


*** SAP Netweaver Web Application Server J2EE SAP Portal Redirection Weakness ***
*** SAP Netweaver DataCollector and JavaDumpService Servlets Multiple Cross-Site Scripting Vulnerabilities ***
*** SAP NetWeaver Input Validation Flaw in SRTT_GET_COUNT_BEFORE_KEY_RFC Function Lets Remote Authenticated Users Inject SQL Commands ***
---------------------------------------------
https://secunia.com/advisories/55778
https://secunia.com/advisories/55777
http://www.securitytracker.com/id/1029352


*** gitlab-shell Multiple Vulnerabilities ***
*** GitLab API Access Security Bypass Security Issue ***
---------------------------------------------
https://secunia.com/advisories/55683
https://secunia.com/advisories/55691


*** IBM Tivoli System Automation Application Manager Java Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55794


*** Foreman Host and Host Group SQL Injection Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55722


*** [webapps] - ManageEngine DesktopCentral 8.0.0 build 80293 - Arbitrary File Upload Vulnerability ***
---------------------------------------------
http://www.exploit-db.com/exploits/29674