[CERT-daily] Tageszusammenfassung - Freitag 11-10-2013

Fri Oct 11 18:20:55 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 10-10-2013 18:00 − Freitag 11-10-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** WhatsApp Crypto Error Exposes Messages ***
---------------------------------------------
WhatsApp, a popular mobile message application, suffers from crypto implementation vulnerability that leaves messages exposed. Thijs Alkemade, a computer science student at Utrecht University in The Netherlands who works on the open source Adium instant messaging project, disclosed a serious issue this week with the encryption used to secure WhatsApp messages, namely that the same...
---------------------------------------------
http://threatpost.com/whatsapp-crypto-error-exposes-messages/102565


*** Some Bing Ads Redirecting To Malware ***
---------------------------------------------
An anonymous reader writes "Security firm ThreatTrack Security Labs today spotted that certain Bing ads are linking to sites that infect users with malware. Those who click are redirected to a dynamic DNS service subdomain which in turns serves the Sirefef malware from 109(dot)236(dot)81(dot)176. ThreatTrack notes that the scammers could of course be targeting other keywords aside from YouTube. The more popular the keywords, the bigger the potential for infection."    Read more of
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/7RRrvRPB5JM/story01.htm


*** Top 15 Indicators Of Compromise ***
---------------------------------------------
In the quest to detect data breaches more quickly, indicators of compromise can act as important breadcrumbs for security pros watching their IT environments. Unusual activity on the network or odd clues on systems can frequently help organizations spot attacker activity on systems more quickly so that they can either prevent an eventual breach from happening -- or at least stop it in its earliest stages.
---------------------------------------------
http://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise/240162469


*** Vuln: libtar th_read() Function Multiple Heap Buffer Overflow Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/62922


*** libtar "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities ***
---------------------------------------------
libtar "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/55138


*** Bugtraq: [security bulletin] HPSBMU02901 rev.1 - HP Business Process Monitor running on Windows, Remote Execution of Arbitrary Code and Disclosure of Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529117


*** Juniper Junos TCP Packet Handling Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55218


*** Juniper Junos Telnet Messages Handling Buffer Overflow Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55109


*** Hitachi JP1/VERITAS Backup Exec Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55261


*** Cisco Unified IP Phones 9900 Series webapp Interface Buffer Overflow Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55275


*** Dropbear SSH Server User Enumeration Weakness and Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55173


*** Network Security Services (NSS) Uninitialized Memory Read Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55050


*** InduSoft Thin Client ActiveX control buffer overflow ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87788


*** Security Bulletin: IBM InfoSphere Information Server Data Quality Console and Information Analyzer are vulnerable to cross-site request forgery attacks (CVE-2013-4056) ***
---------------------------------------------
A cross-site request forgery vulnerability exists in IBM InfoSphere Information Server Data Quality Console and Information Analyzer which can allow an attacker to trick a legitimate user into opening a URL that results in an action being taken as that user, potentially without the knowledge of that user. Any actions taken require the user being tricked to either be previously authenticated or to authenticate as part of the attack.
---------------------------------------------
https://www-304.ibm.com/support/docview.wss?uid=swg21652413


*** IBM WebSphere Message Broker and IBM Integration Bus Security Vulnerability: Multiple security vulnerabilities in IBM JREs 5 & 7 ***
---------------------------------------------
Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Message Broker for IBM JRE 5.0 SR16-FP3 (and earlier) and the IBM Java Runtime Environment component of IBM Integration Bus for JRE 7.0 SR5 (and earlier).
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_websphere_message_broker_and_ibm_integration_bus_security_vulnerability_multiple_security_vulnerabilities_in_ibm_jres_5_7?lang=en_us