[CERT-daily] Tageszusammenfassung - Mittwoch 16-04-2014

Daily end-of-shift report team at cert.at
Wed Apr 16 18:11:19 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 15-04-2014 18:00 − Mittwoch 16-04-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Robert Waldner

*** Phishing-Mail: BSI warnt vor BSI-Warnung ***
---------------------------------------------
Die regelmäßigen Warnungen des BSI vor gehackten Online-Konten haben offenbar Kriminelle zu einer Phishing-Attacke animiert. Von "verdachtigen Aktivitäten" und "anwaltlichen Schritten" ist darin die Rede. (Phishing, Internet)
---------------------------------------------
http://www.golem.de/news/phishing-mail-bsi-warnt-vor-bsi-warnung-1404-105891-rss.html




*** RSA BSAFE Micro Edition Suite security bypass ***
---------------------------------------------
RSA BSAFE Micro Edition Suite (MES) could allow a remote attacker to bypass security restrictions, caused by an error within the certificate chain processing logic. An attacker could exploit this vulnerability to create an improperly authenticated SSL connection.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/92408




*** Chef Multiple Vulnerabilities ***
---------------------------------------------
Chef Software has acknowledged multiple security issues and vulnerabilities in Chef, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, bypass certain security restrictions, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/57836




*** WordPress Twitget Plugin Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
dxwsecurity has reported a vulnerability in the Twitget plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change plugin configuration settings when a logged-in administrative user visits a specially crafted web page.
---------------------------------------------
https://secunia.com/advisories/57892




*** Critical Patch Update - April 2014 ***
---------------------------------------------
Security vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below.  The product area of the patches for the listed versions is shown in the Patch Availability column corresponding to the specified Products and Versions column. 
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html




*** Innominate mGuard OpenSSL HeartBleed Vulnerability ***
---------------------------------------------
OVERVIEW Researcher Bob Radvanovsky of Infracritical has notified NCCIC/ICS-CERT that Innominate has released a new firmware version that mitigates the OpenSSL HeartBleed vulnerability in the mGuard products.This vulnerability could be exploited remotely. Exploits that target the OpenSSL Heartbleed vulnerability are known to be publicly available.AFFECTED PRODUCTSThe following Innominate mGuard versions are affected:
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-105-02




*** Siemens Industrial Products OpenSSL HeartBleed Vulnerability ***
---------------------------------------------
OVERVIEWSiemens reported to NCCIC/ICS-CERT a list of products affected by the OpenSSL vulnerability (known as 'Heartbleed'). Joel Langill of Infrastructure Defense Security Services reported to ICS-CERT and Siemens the OpenSSL vulnerability affecting the S7-1500.Siemens has produced an update and Security Advisory (SSA-635659) that mitigates this vulnerability in eLAN and is currently working on updates for the other affected products.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-105-03




*** Looking for malicious traffic in electrical SCADA networks - part 1, (Tue, Apr 15th) ***
---------------------------------------------
When infosec guys are performing intrusion detection, they usually look for attacks like portscans, buffer overflows and specific exploit signature. For example, remember OpenSSL heartbleed vulnerability?
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17967&rss




*** New Feature: Monitoring Certification Revocation Lists https://isc.sans.edu/crls.html, (Wed, Apr 16th) ***
---------------------------------------------
Certificate Revocation Lists (“CRLs”) are used to track revoked certificates. Your browser will download these lists to verify if a certificate presented by a web site has been revoked. The graph above shows how many certificates were revoked each day by the different CRLs we are tracking. 
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17969&rss




*** Adobe Flash ExternalInterface Use-After-Free ***
---------------------------------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash.
The vulnerability is caused by a use-after-free error when interacting with the "ExternalInterface" class from the browser, which could be exploited to achieve code execution via a malicious web page.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014040102




*** Netgear N600 Password Disclosure / Account Reset ***
---------------------------------------------
While i was lurking around the Netgear firmware today i came across various tweaking and others i was able to find a password disclosure,File uploading vulnerably which could compromise the entire router.as of now no patch from the
vendor.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014040101




*** Apache Syncope 1.0.8 / 1.1.6 Code Execution ***
---------------------------------------------
In the various places in which Apache Commons JEXL expressions are allowed (derived schema definition, user / role templates, account links
of resource mappings) a malicious administrator can inject Java code that can be executed remotely by the JEE container running the Apache
Syncope core.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014040106




*** Bugtraq: CVE-2014-2735 - WinSCP: missing X.509 validation ***
---------------------------------------------
A user can not recognize an easy to perform man-in-the-middle attack, because the client does not validate the "Common Name" of the servers X.509 certificate. In networking environment that is not trustworthy, like a wifi network, using FTP AUTH TLS with WinSCP the servers identity can not be trusted.
---------------------------------------------
http://www.securityfocus.com/archive/1/531847




*** Qemu: out of bounds buffer access, guest triggerable via IDE SMART ***
---------------------------------------------
An out of bounds memory access flaw was found in Qemu's IDE device model. It leads to Qemu's memory corruption via buffer overwrite(4 bytes). It occurs while executing IDE SMART commands.
A guest's user could use this flaw to corrupt Qemu process's memory on the host. 
---------------------------------------------
http://seclists.org/oss-sec/2014/q2/116




*** Hintergrund: Warum wir Forward Secrecy brauchen ***
---------------------------------------------
Der SSL-GAU zeigt nachdrücklich, dass Forward Secrecy kein exotisches Feature für Paranoiker ist. Es ist vielmehr das einzige, was uns noch vor einer vollständigen Komplettüberwachung aller Kommunikation durch die Geheimdienste schützt.
---------------------------------------------
http://www.heise.de/security/artikel/Warum-wir-Forward-Secrecy-brauchen-2171858.html






More information about the Daily mailing list