[CERT-daily] Tageszusammenfassung - Dienstag 8-10-2013

Daily end-of-shift report team at cert.at
Tue Oct 8 18:02:29 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 07-10-2013 18:00 − Dienstag 08-10-2013 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-13-095-02 Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities that was published April 5, 2013, on the ICS-CERT Web page.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-095-02A




*** Quarian Group Targets Victims With Spearphishing Attacks ***
---------------------------------------------
The current generation of targeted attacks are getting more sophisticated and evasive. These attacks employ media-savvy stories in their social engineering themes to lure unsuspecting users. We have seen heightened activity by one of the groups, dubbed Quarian. It is believed to be targeting government agencies and embassies around the world including the United States. [...]
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/quarian-group-targets-victims-with-spearphishing-attacks




*** xinetd security update ***
---------------------------------------------
It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342)
---------------------------------------------
https://rhn.redhat.com/errata/RHSA-2013-1409.html




*** Hackerangriff auf WhatsApp ***
---------------------------------------------
Einer politische motivieren Hackergruppe ist es offenbar gelungen, die Kontrolle über die WhatsApp-Domain zu übernehmen.
---------------------------------------------
http://www.heise.de/security/meldung/Hackerangriff-auf-WhatsApp-1974342.html




*** ecoTrialog #9: Blackout ***
---------------------------------------------
NEA und USV sind im Datacenter seit vielen Jahren ein gängiger Begleiter – Welche Entwicklungen, Trends und Visionen zeigen uns die Lösungsanbieter? – Welche möglichen Fehler sind bei einer Planung zu vermeiden? Das ist das zentrale Thema des neunten ecoTrialogs in Ahrensburg bei Hamburg.
---------------------------------------------
http://datacenter.eco.de/2013/07/26/ecotrialog-10-blackout/




*** Ad Vulna: A Vulnaggressive (Vulnerable & Aggressive) Adware Threatening Millions ***
---------------------------------------------
FireEye researchers have discovered a rapidly-growing class of mobile threats represented by a popular ad library affecting apps with over 200 million downloads in total. This ad library, anonymized as “Vulna,” is aggressive at collecting sensitive data and is able to perform dangerous operations such as downloading and running new components on demand. Vulna is also plagued with various classes of vulnerabilities that enable attackers to turn Vulna’s aggressive behaviors against
---------------------------------------------
http://www.fireeye.com/blog/technical/2013/10/ad-vulna-a-vulnaggressive-vulnerable-aggressive-adware-threatening-millions.html




*** Introducing Kvasir ***
---------------------------------------------
During our typical assessments we may analyze anywhere between 2,000 and 10,000 hosts for vulnerabilities, perform various exploitation methods such as account enumeration and password attempts, buffer/stack overflows, administrative bypasses, and others. ... We think this isn’t good enough which is why we are releasing our tool, Kvasir, as open source for you to analyze, integrate, update, or ignore. We like the tool a lot and we think it fills a missing key part of penetration testin
---------------------------------------------
http://blogs.cisco.com/security/introducing-kvasir/




*** CSAM - RFI with a small twist ***
---------------------------------------------
Logs are under appreciated. We all collect them, but in a majority of organisations you will find that they are only ever looked at once something has gone wrong. Which is unfortunately usually when people discover that either they didnt collect "that" log or timestamps are out of whack, log files rolled over, etc. Which is unfortunate because log files can tell you quite a bit of information as we are hoping to show throughout October as part of the Cyber Security Awareness Month.
---------------------------------------------
https://isc.sans.edu/diary/CSAM+-+RFI+with+a+small+twist/16748




*** Mehrere Verwundbarketen in Cisco Identity Services Engine ***
---------------------------------------------
Blind SQL Injection:
 - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525
Sponsor Portal cross-frame scripting:
 - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523
Parameter cross-site scripting:
 - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524
---------------------------------------------
http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityNotice




*** Cisco IOS Software DHCP Server remember Functionality Vulnerability ***
---------------------------------------------
An issue in the DHCP server code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause the device to reload. The issue is due to the remember functionality of the DHCP server. An attacker could exploit this issue by obtaining a lease and then releasing it. An exploit could allow the attacker to cause the affected device to reload.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5499




*** How the Bible and YouTube are fueling the next frontier of password cracking ***
---------------------------------------------
Crackers tap new sources to uncover "givemelibertyorgivemedeath" and other phrases.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/w9PZonWnTIA/story01.htm






More information about the Daily mailing list