[CERT-daily] Tageszusammenfassung - Samstag 5-10-2013

Daily end-of-shift report team at cert.at
Sat Oct 5 09:51:37 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 03-10-2013 18:00 − Freitag 04-10-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Matthias Fraidl

*** Adobe Preparing Critical Patches for Reader, Acrobat Next Week ***
---------------------------------------------
Adobe has announced that it plans next week to patch critical vulnerabilities in two products, Adobe Reader and Acrobat XI (11.0.04) for Windows.
---------------------------------------------
http://threatpost.com/adobe-preparing-critical-patches-for-reader-acrobat-next-week/102513




*** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) ***
---------------------------------------------
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067)    CVE(s): CVE-2013-4066, CVE-2013-4067    Affected product(s) and affected version(s):  IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerabilities_exist_in_ibm_infosphere_information_server_cve_2013_4066_and_cve_2013_4067?lang=en_us




*** Hacking Summit Names Nations With Cyberwarfare Capabilities ***
---------------------------------------------
In 2009, I read with great interest a paper published in the Journal of International Security Affairs titled The Art of (Cyber) War. In this paper, Brian M. Mazanec explained the People's Republic of China was interested in cyberwarfare and had improved its capabilities to conduct military operations in the cyberspace.
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/hacking-summit-names-nations-with-cyberwarfare-capabilities




*** AIX printer commands vulnerability (CVE-2013-5419) ***
---------------------------------------------
AIX printer commands vulnerability.    CVE(s): CVE-2013-5419    Affected product(s) and affected version(s):  AIX 6.1 and 7.1 releases  Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc 
X-Force Database: http://xforce.iss.net/xforce/xfdb/87481
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/aix_printer_commands_vulnerability_cve_2013_5419?lang=en_us




*** CSAM: Web Honeypot Logs, (Thu, Oct 3rd) ***
---------------------------------------------
Todays logs come from a honeypot. The fun part about honeypots is that you dont have to worry about filtering out "normal" logs. Usually I check the honeypot for anything new and interesting first, then look on my real web server to figure out if I see similar attacks. In the real web server, these attack would otherwise drown in the noise.  SSL Conection to a web server not supporting SSL  Invalid method in request \x80w\x01\x03\x01  The first few bytes of the request are interpreted
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16718&rss




*** Blog: Ekoparty Security Conference 2013 ***
---------------------------------------------
The Ekoparty Security Conference 2013 was held in the beautiful city of Buenos Aires, Argentina, from 25 to 27 September, This event,the most important security conference in Latin America, is now in is ninth year and was attended by 1,500 people
---------------------------------------------
http://www.securelist.com/en/blog/208214073/Ekoparty_Security_Conference_2013




*** Adobe To Announce Source Code, Customer Data Breach ***
---------------------------------------------
Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its Cold Fusion Web application platform, and possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/jWJBDb7eE-o/




*** October Patch Tuesday Preview (CVE-2013-3893 patch coming!) ***
---------------------------------------------
So far, we got pre-announcements from Microsoft and Adobe.  Microsoft promises 8 bulletins, split evenly between critical and important. The critical bulletins affect Windows, Internet Explorer and the .Net framework, while the important bulletins affect Office and Silverlight.  So this sounds like an average, very client heavy patch Tuesday. On the server end, only Sharepoint server (again) and Office Server are affected.  Important: The cumulative IE update included will include a patch for
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16721&rss




*** EMC Atmos Unauthenticated Database Access ***
---------------------------------------------
Topic: EMC Atmos Unauthenticated Database Access Risk: High Text:ESA-2013-062: EMC Atmos Unauthenticated Database Access Vulnerability EMC Identifier: ESA-2013-062 CVE Identifier: C...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100034




*** SQL injection vulnerability in Zabbix ***
---------------------------------------------
The monitoring solution Zabbix is vulnerable to SQL injection. Attackers are able to gain access to database contents or elevate privileges and even take over the monitoring system.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20131004-0_Zabbix_SQL_injection_v10.txt




*** Commercially available Blackhat SEO enabled multi-third-party product licenses empowered VPSs spotted in the wild ***
---------------------------------------------
In this post, I'll discuss a recent example of standardization, in particular, a blackhat SEO friendly VPS (Virtual Private Server) that comes with over a dozen multi-blackhat-seo-friendly product licenses from third-party products integrated. It empowers potential customers new to this unethical and potentially fraudulent/malicious practice with everything they need to hijack legitimate traffic from major search engines internationally.
---------------------------------------------
http://www.webroot.com/blog/2013/10/04/commercially-available-blackhat-seo-enabled-multi-third-party-bhseo-product-licenses-empowered-vps-servers-spotted-wild/




*** Certain HP FutureSmart MFP, Weak PDF Encryption, Local Disclosure of Information ***
---------------------------------------------
Potential security vulnerabilities have been identified with certain HP FutureSmart LaserJet printers. The vulnerabilities might lead to weak encryption of PDF documents or local disclosure of scanned information. References: CVE-2013-4828 (SSRT101249) CVE-2013-4829 (SSRT101327)
---------------------------------------------
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03888014




*** Apple OS X Directory Services Authentication Flaw Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
OS X v10.8.5 Supplemental Update Directory Services Available for: OS X Mountain Lion v10.8 to v10.8.5 Impact: A local user may modify Directory Services records with system privileges Description: A logic issue existed in Directory Servicess verification of authentication credentials allowing a local attacker to bypass password validation. The issue was addressed through improved credential validation.
---------------------------------------------
http://support.apple.com/kb/HT5964




*** Hintergrund: Todesurteil für Verschlüsselung in den USA ***
---------------------------------------------
Die Anordnung eines US-Gerichts, Ermittlungsbeamten den geheimen Schlüssel zu übergeben, mit dem sie Zugriff auf die Daten aller Lavabit-Kunden erhielten, ruiniert den letzten Rest Vertrauen in die amerikanischen Cloud-Anbieter.
---------------------------------------------
http://www.heise.de/security/artikel/Todesurteil-fuer-Verschluesselung-in-den-USA-1972561.html




*** Corel PaintShop Pro X5 / X6 Insecure Library Loading Vulnerability ***
---------------------------------------------
Corel PaintShop Pro X5 / X6 Insecure Library Loading Vulnerability
---------------------------------------------
https://secunia.com/advisories/53618




*** McAfee Agent Framework Service Denial of Service Vulnerability ***
---------------------------------------------
McAfee Agent Framework Service Denial of Service Vulnerability
---------------------------------------------
https://secunia.com/advisories/55158






More information about the Daily mailing list