[CERT-daily] Tageszusammenfassung - Mittwoch 13-08-2014

Wed Aug 13 18:15:05 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 12-08-2014 18:00 − Mittwoch 13-08-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** (Updated 2014/8/13) Syria offline - initial analysis of BGP (and explanation) ***
---------------------------------------------
This blog post evolved over time - initially it was a mere scratchpad for notes during our initial research between 2012/11/29 and 11/30. Later, after Syria was back online again, I added a summary and some potential explanations of what might have happened at the end of this blog post.

UPDATE 2014/8/13: It seems it was the NSA that hacked a router, according to Snowden. Scroll to the end for links.
---------------------------------------------
http://www.cert.at/services/blog/20121129184048-616.html


*** MS14-AUG - Microsoft Security Bulletin Summary for August 2014 - Version: 1.0 ***
---------------------------------------------
This bulletin summary lists security bulletins released for August 2014.
With the release of the security bulletins for August 2014, this bulletin summary replaces the bulletin advance notification originally issued August 7, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-AUG


*** Assessing risk for the August 2014 security updates ***
---------------------------------------------
Today we released nine security bulletins addressing 40 unique CVEs. Two bulletins have a maximum severity rating of Critical while the other seven have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment.    Bulletin Most likely attack vector Max Bulletin Severity Max exploit-ability Likely first 30 days impact Platform mitigations and key notes   MS14-051 (Internet Explorer)  Victim browses
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspx


*** Microsoft-Patchday: 26 Lücken im Internet Explorer gestopft ***
---------------------------------------------
Wie am zweiten Dienstag im Monat üblich, hat Microsoft eine Reihe von Sicherheitslücken im Internet Explorer, in Windows und in anderen Produkten geschlossen. Für den IE gibt es 26 einzelne Patches, eine Lücke wird bereits von Angreifern aktiv genutzt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Microsoft-Patchday-26-Luecken-im-Internet-Explorer-gestopft-2291321.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability ***
---------------------------------------------
CVE-2014-3339
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339


*** Study: Firmware Plagued By Poor Encryption and Backdoors ***
---------------------------------------------
itwbennett writes: The first large-scale analysis of firmware has revealed poor security practices that could present opportunities for hackers probing the Internet of Things. Researchers with Eurecom, a technology-focused graduate school in France, developed a web crawler that plucked more than 30,000 firmware images from the websites of manufacturers including Siemens, Xerox, Bosch, Philips, D-Link, Samsung, LG and Belkin. In one instance, the researchers found a Linux kernel that was 10...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/-X--LranmlI/story01.htm


*** Fifteen zero days found in hacker router comp romp ***
---------------------------------------------
Four routers rooted in SOHOpelessly Broken challenge DEF CON Researchers have unveiled 15 zero day vulnerabilities in four home and small business routers as part of the SOHOpelessly Broken hacker competition in DEF CON this week.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/08/13/fifteen_zero_days_found_in_hacker_router_romp/


*** Black Hat USA 2014 talk about hypervisor security ***
---------------------------------------------
This week I presented at Black Hat USA. The talk is titled "Poacher turned gatekeeper: lessons learned from eight years of breaking hypervisors". The main points were: Describe the attack surface of Type 1 and Type 2 hypervisors Show that despite not being 100% bulletproof, hypervisors are still the best usable way to isolate potentially...
---------------------------------------------
http://labs.bromium.com/2014/08/11/black-hat-usa-2014-talk-about-hypervisor-security/


*** Wireless Auditing, Intrusion Detection & Prevention System ***
---------------------------------------------
WAIDPS is an open source wireless swissknife written in Python and work on Linux environment. This is a multipurpose tools designed for audit (penetration testing) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point).
---------------------------------------------
http://www.ehacking.net/2014/08/wireless-auditing-intrusion-detection.html


*** SSA-635659 (Last Update 2014-08-14): Heartbleed Vulnerability in Siemens Industrial Products ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-635659.pdf


*** Gefälschtes Tor-Browser-Bundle mit Trojaner ***
---------------------------------------------
Eine täuschend echte Kopie der Seite torproject.org verteilt einen Trojaner. Der Student Julien Voisin hat ihn zerlegt - und konnte Kontakt zu den Verantwortlichen herstellen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Gefaelschtes-Tor-Browser-Bundle-mit-Trojaner-2291417.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** Ältere Versionen von Disqus für WordPress angreifbar ***
---------------------------------------------
Ein Sicherheitsforscher hat Sicherheitslücken im beliebten Disqus-Plug-in für WordPress entdeckt. Administratoren sollten sicherstellen, dass die entsprechenden Updates installiert sind.
---------------------------------------------
http://www.heise.de/security/meldung/Aeltere-Versionen-von-Disqus-fuer-WordPress-angreifbar-2291810.html


*** New Metasploit 4.10: Credentials Are the New Exploits ***
---------------------------------------------
We’ve given credentials a new boost with Metasploit 4.10. It’s now easier to manage, reuse and report on credentials as part of a penetration test.
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/08/13/credentials-are-the-new-exploits-make-credentials-work-for-you-with-with-metasploit-410