[CERT-daily] Tageszusammenfassung - Donnerstag 19-09-2013

Thu Sep 19 18:02:52 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 18-09-2013 18:00 − Donnerstag 19-09-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Matthias Fraidl

*** Security Bulletin: Buffer Overflow Vulnerability in IBM iNotes (CVE-2013-4068) ***
---------------------------------------------
IBM iNotes 8.5.3 and 9.0 are at risk from a buffer overflow vulnerability. The fix for this issue is available in IBM Domino 8.5.3 Fix Pack 5 Interim Fix 1 and IBM Domino 9.0 Interim Fix 4.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_buffer_overflow_vulnerability_in_ibm_inotes_cve_2013_4068?lang=en_us


*** Cisco DCNM Update Released, (Wed, Sep 18th) ***
---------------------------------------------
We continue to see web applications deployed to manage datacenter functions. And Im sorry to say, we continue to see security issues in these applications - some of them so simple a quick run-through with Burp or ZAP would red-flag them.  In that theme, today Cisco posts updates to DCNM (Cisco Prime Data Center Network Manager).
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16613&rss


*** How to avoid unwanted software ***
---------------------------------------------
We've all seen it; maybe it's on your own computer, or that of a friend, your spouse, child, or parent. Your home page has been changed to some search engine you've never heard of, there's a new, annoying toolbar in your browser. Maybe you're getting popup ads or have a rogue security product claiming you're infected and asking you to buy the program to remove the infection. Even worse, you don't know how it got there!
---------------------------------------------
http://www.webroot.com/blog/2013/09/18/avoid-unwanted-software/


*** More Goodies in the Apple Security Update Basket!, (Wed, Sep 18th) ***
---------------------------------------------
APPLE-SA-2013-09-18-3 An OSX update that fixes a situation where the hostname in a certificate is not checked against the actual hostname. This vulnerability means that anyone with a valid certificate can impersonate any host - lots of attack applications in this, when combined with MITM or DNS hijack attacks  APPLE-SA-2013-09-18-2 An absolute TON of updates for IOS, which should be no surprise in a new version.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16619&rss


*** Cisco NX-OS BGP Regex Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
Cisco NX-OS BGP Regex Processing Flaw Lets Remote Users Deny Service
---------------------------------------------
http://www.securitytracker.com/id/1029048


*** Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE ***
---------------------------------------------
This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment (JRE) included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security vulnerabilities reported in Oracles Critical Patch Update releases of April and June 2013.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_operational_decision_manager_and_websphere_ilog_jrules_multiple_security_vulnerabilities_in_ibm_jre?lang=en_us


*** Security Bulletin: IBM Tivoli Monitoring Basic Services Vulnerabilities (CVE-2013-2960, CVE-2013-2961 , CVE-2013-0548, CVE-2013-0551) ***
---------------------------------------------
Several vulnerabilites have been resolved in the Basic Services component of IBM Tivoli Monitoring. These vulnerabilies could have potentially caused a denial of service or Cross Site Scripting (XSS) exposure.  CVE(s): CVE-2013-2960, CVE-2013-2961, CVE-2013-0548, and CVE-2013-0551
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_tivoli_monitoring_basic_services_vulnerabilities_cve_2013_2960_cve_2013_2961_cve_2013_0548_cve_2013_05511?lang=en_us


*** Bugtraq: Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability ***
---------------------------------------------
Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/528721


*** New IE Zero Day is Actively Exploited In Targeted Attacks ***
---------------------------------------------
Right after a week from September Patch Tuesday, Microsoft had to rush a "Fix It" workaround tool to address a new zero-day Internet Explorer vulnerability (CVE-2013-3893), which is reportedly being actively exploited in certain targeted attacks. As Microsoft advised, the said exploit is targeting a Use After Free Vulnerability in IE's HTML rendering engine (mshtml.dll).
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/new-ie-zero-day-is-actively-exploited-in-targeted-attacks/


*** Drupal Google Site Search 6.x / 7.x Cross Site Scripting ***
---------------------------------------------
Topic: Drupal Google Site Search 6.x / 7.x Cross Site Scripting Risk: Low Text:View online: https://drupal.org/node/2092395 * Advisory ID: DRUPAL-SA-CONTRIB-2013-077 * Project: Google Site Search [1...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090133


*** Hidden Lynx ***
---------------------------------------------
Symantec hat eine Hackergruppe aufgespürt, die hunderte Organisationen angegriffen haben soll.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Hidden-Lynx-Raffinierte-Auftrags-Hacker-mit-Geduld-1960682.html


*** EvilGrab Malware Family Used In Targeted Attacks In Asia ***
---------------------------------------------
Recently, we spotted a new malware family that was being used in targeted attacks the EvilGrab malware family. It is called EvilGrab due to its behavior of grabbing audio, video, and screenshots from affected machines. The most common arrival vector for EvilGrab malware is spear phishing messages with malicious Microsoft Office Attachments.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/evilgrab-malware-family-used-in-targeted-attacks-in-asia/


*** ENISA Threat Landscape mid year 2013 ***
---------------------------------------------
ENISA today presented its list of top cyber threats, as a first "taste" of its interim Threat Landscape 2013 report. The study analyses 50 reports, and identifies an increase in threats to: infrastructure through targeted attacks; mobile devices; and social media identity thefts carried out by cyber-criminals over Cloud services.
---------------------------------------------
https://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-threat-landscape-mid-year-2013/


*** Apple schließt kritische iTunes-Lücke ***
---------------------------------------------
Das Update auf iTunes-Version 11.1 bringt nicht nur den Streaming-Dienst "iTunes Radio" mit, es schließt auch Schwachstelle im ActiveX-Plug-in.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Apple-schliesst-kritische-iTunes-Luecke-1961373.html


*** Apple Xcode GIT "git-imap-send" SSL Certificate Verification Security Issue ***
---------------------------------------------
Apple Xcode GIT "git-imap-send" SSL Certificate Verification Security Issue
---------------------------------------------
https://secunia.com/advisories/54887


*** iOS 7 Security Prompts ***
---------------------------------------------
Apples iOS 7 was released yesterday. And it has some nice new security prompts...
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002610.html