[CERT-daily] Tageszusammenfassung - Montag 4-08-2014
Daily end-of-shift report
team at cert.at
Mon Aug 4 18:05:20 CEST 2014
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 01-08-2014 18:00 − Montag 04-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** ZDI-14-273: AlienVault OSSIM av-centerd Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-273/
*** Remote code execution on Android devices ***
---------------------------------------------
You walk into a coffee shop and take a seat. While waiting for your coffee, you take out your smartphone and start playing a game you downloaded the other day. Later, you go to work and check your email in the elevator. Without you knowing, an attacker has just gained a foothold in your corporate...
---------------------------------------------
http://labs.bromium.com/2014/07/31/remote-code-execution-on-android-devices/
*** POWELIKS: Malware Hides In Windows Registry ***
---------------------------------------------
We spotted a malware that hides all its malicious codes in the Windows Registry. The said tactic provides evasion and stealth mechanisms to the malware, which Trend Micro detects as TROJ_POWELIKS.A. When executed, TROJ_POWELIKS.A downloads files, which can cause further system infection. Systems affected by this malware risk being infected by other malware, thus causing further...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OEAKGdXwSnc/
*** All Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon, (Sat, Aug 2nd) ***
---------------------------------------------
A remote code execution in nmbd (the NetBIOS name services daemon) has been found in Samba versions 4.0.0 to 4.1.10. ( assgined CVE-2014-3560) and a patch has been release by the team at samba.org. Heres the details from http://www.samba.org/samba/security/CVE-2014-3560 =========== Description =========== All current versions of Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon. A malicious browser can send packets that may overwrite
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18471&rss
*** TP-Link TL-WR740N v4 arbitrary shell command execution ***
---------------------------------------------
Topic: TP-Link TL-WR740N v4 arbitrary shell command execution Risk: High Text:# Exploit Title: TP-Link TL-WR740N v4 router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) arbitrary shell command execution # Dat...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014080013
*** Verschlüsselungstrojaner attackiert Synology-Speichersysteme ***
---------------------------------------------
Cyber-Erpresser haben einen neuen, direkten Weg gefunden, um das digitale Hab und Gut ihrer Opfer als Geisel zu nehmen: Sie nutzen eine Sicherheitslücke in der NAS-Firmware, um den gesamten Netzwerkspeicher zu verschlüsseln.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Verschluesselungstrojaner-attackiert-Synology-Speichersysteme-2282625.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
*** China boots Kaspersky and Symantec off security contractor list ***
---------------------------------------------
Foreign firms dropped from roll of approved infosec vendors Kaspersky Labs and Symantec have both been booted off China's list of approved security vendors for government agencies, as the country continues to tighten up against foreign tech firms in the wake of the NSA indiscriminate surveillance revelations.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/08/04/kaspersky_symantec_china_dropped/
*** Bugtraq: ownCloud Unencrypted Private Key Exposure ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533010
*** Backdoor Techniques in Targeted Attacks ***
---------------------------------------------
Backdoors are an essential part of targeted attacks, as they allow an external threat actor to exercise control over any compromised machines. These allow the threat actor to collect information and move laterally within the targeted organization. Our investigations into various targeted attacks have showed that a wide variety of tactics are used by backdoors to carry out...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fHW4IPov8YE/
*** IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM WebSphere Real Time ***
---------------------------------------------
Java SE issues disclosed in the Oracle July 2014 Critical Patch Update, plus 1 additional vulnerability CVE(s): CVE-2014-3086, CVE-2014-4227, CVE-2014-4262, CVE-2014-4219, CVE-2014-4209, CVE-2014-4220, CVE-2014-4268, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4265, CVE-2014-4221, CVE-2014-4263, CVE-2014-4244 and CVE-2014-4208 Affected product(s) and affected version(s): IBM WebSphere Real Time Version 3 Service Refresh 7 and earlier Refer to the following reference URLs for
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_current_releases_of_the_ibm_websphere_real_time?lang=en_us
*** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat in Rational DOORS Web Access ***
---------------------------------------------
The Apache Tomcat application server in installations of IBM Rational DOORS Web Access version contains security vulnerabilities. CVE(s): CVE-2013-4322, CVE-2013-4590, CVE-2014-0096, CVE-2014-0099 and CVE-2014-0119 Affected product(s) and affected version(s): Rational DOORS Web Access version 9.6.0.x, 9.5.2.x, 9.5.1.x, 9.5.0.x, 1.5.0.x, 1.4.0.4 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_security_vulnerabilities_in_apache_tomcat_in_rational_doors_web_access?lang=en_us
More information about the Daily
mailing list