[CERT-daily] Tageszusammenfassung - Montag 14-10-2013

Mon Oct 14 18:02:21 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 11-10-2013 18:00 − Montag 14-10-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** 2013-10 Security Bulletin: Junos: GNU libc glob(3) GLOB_LIMIT Remote Denial of Service Vulnerability (CVE-2010-2632) ***
---------------------------------------------
The glob implementation in libc allows authenticated remote users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames. This vulnerability can be exploited against a device running Junos OS with FTP services enabled to launch a high CPU utilization partial denial of service attack.
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598


*** Top sites (and maybe the NSA) track users with 'device fingerprinting' ***
---------------------------------------------
May make it easier to follow privacy-minded users on the darknet.
---------------------------------------------
http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/


*** Threat Refinement Ensues with Crypto Locker, SHOTODOR Backdoor ***
---------------------------------------------
In our 2013 Security Predictions, we anticipated that cybercriminals would focus on refining existing tools, instead of creating new threats. Two threats that both represent refinements of previously known threats show this effectively.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/threat-refinement-ensues-with-crypto-locker-shotodor-backdoor


*** Critical Patch Update - October 2013 - Pre-Release Announcement ***
---------------------------------------------
Critical Patch Update - October 2013 - Pre-Release Announcement
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html


*** Blackhole, Supreme No More ***
---------------------------------------------
Blackhole exploit kit has always been a favorite example when discussing the impact of kits to internet users. Weve previously mentioned in our posts how fast it was in supporting new vulnerabilities, how it was related to Cool, and that it was the leading kit in our telemetry data. Blackhole and Cool almost always had special mentions in our Threat Reports.
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002622.html


*** Debian Security Advisory DSA-2776 drupal6 ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2013/dsa-2776


*** Debian Security Advisory DSA-2777 systemd ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2013/dsa-2777


*** Stabiles Debian 7.2 behebt Fehler und löst Sicherheitsprobleme ***
---------------------------------------------
Das Debian-Projekt aktualisiert die Linux-Distribution Debian 7 (Wheezy) auf Version 7.2 und behebt dabei eine lange Liste von Fehlern und schließt Sicherheitslöcher.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Stabiles-Debian-7-2-behebt-Fehler-und-loest-Sicherheitsprobleme-1977703.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** Google Chrome speichert Kreditkarten-Daten als Klartext ***
---------------------------------------------
Der Google-Browser Chrome ist einmal mehr unter Beschuss von Sicherheitsexperten. Diese kritisieren, dass Chrome sensible Daten als Klartext auf der Festplatte speichert.
---------------------------------------------
http://futurezone.at/produkte/google-chrome-speichert-kreditkarten-daten-als-klartext/30.824.232


*** Security Bulletin: WebSphere eXtreme Scale Monitoring Console Web Vulnerabilities (CVE-2013-5390, CVE-2013-5393, CVE-2013-5394) ***
---------------------------------------------
Three web security vulnerabilities were identified in the WebSphere eXtreme Scale monitoring console, those being a cross site scripting vulnerability, a log-off processing weakness, and vulnerability to a phishing attack. 
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_websphere_extreme_scale_monitoring_console_web_vulnerabilities_cve_2013_5390_cve_2013_5393_cve_2013_5394?lang=en_us


*** Back door found in D-Link routers ***
---------------------------------------------
D-secret is D-logon string allowing access to everything A group of embedded device hackers has turned up a vulnerability in D-Link consumer-level devices that provides unauthenticated access to the units admin interfaces.
---------------------------------------------
http://www.theregister.co.uk/2013/10/13/dlink_routers_have_admin_backdoor/


*** Spamvertised T-Mobile 'Picture ID Type:MMS' themed emails lead to malware ***
---------------------------------------------
The cybercriminals behind last week's profiled fake T-Mobile themed email campaign have resumed operations, and have just spamvertised another round of tens of thousands of malicious emails impersonating the company, in order to trick its customers into executing the malicious attachment, which in this case is once again supposedly a legitimate MMS notification message. 
---------------------------------------------
http://www.webroot.com/blog/2013/10/14/spamvertised-t-mobile-picture-id-typemms-themed-emails-lead-malware/


*** Captain, Where Is Your Ship Compromising Vessel Tracking Systems ***
---------------------------------------------
In recent years, automated identification systems (AIS) have been introduced to enhance ship tracking and provide extra safety to marine traffic, on top of conventional radar installations. AIS is currently mandatory for all passenger ships and commercial (non-fishing) ships over 300 metric tons. It works by acquiring GPS coordinates and exchanging vessel's position, course and ...
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/captain-where-is-your-ship-compromising-vessel-tracking-systems/


*** WordPress Cart66 Lite Plugin Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
WordPress Cart66 Lite Plugin Cross-Site Request Forgery Vulnerability
---------------------------------------------
https://secunia.com/advisories/55265


*** End User Devices Security Guidance: Windows 7 and Windows 8 ***
---------------------------------------------
This guidance is applicable to devices running Enterprise versions of Windows 7 and Windows 8, acting as client operating systems, which include BitLocker Drive Encryption, AppLocker and Windows VPN features.
---------------------------------------------
https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-7-and-windows-8/end-user-devices-security-guidance-windows-7-and-windows-8