[CERT-daily] Tageszusammenfassung - Donnerstag 28-08-2014

Thu Aug 28 18:14:03 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 27-08-2014 18:00 − Donnerstag 28-08-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** CG Automation Improper Input Validation ***
---------------------------------------------
This advisory provides mitigation details for an improper input validation vulnerability in the CG Automation ePAQ-9410 Substation Gateway DNP3 protocol components.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-238-01


*** Schneider Electric Wonderware Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for vulnerabilities in the Schneider Electric Wonderware Information Server.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-238-02


*** Mobile Security Roundup 1H 2014 ***
---------------------------------------------
The first half of this year has been quite eventful for the mobile threat landscape. Sure, we had an idea the state of affairs from 2013 would continue on to this year, but we didn't know just to what extent. From ballooning mobile malware/high risk app numbers to vulnerabilities upon vulnerabilities, ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-security-roundup-1h-2014/


*** MS14-045 - Important: Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615) - Version: 3.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-045


*** Cisco 1800 Series ISDN Basic Rate Interface Denial of Service ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3347


*** Cybercriminals Leverage Rumored Windows 9 Developer Preview Release With Social Engineering ***
---------------------------------------------
We're seeing schemes that are taking advantage of the buzz around the upcoming developer preview release of Windows 9 this September. One of the threats we saw was found using some combinations of keywords like Windows 9, free, leak and download in popular search engines. It involves a potentially malicious ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-leverage-rumored-windows-9-developer-preview-release-with-social-engineering/


*** My WordPress Website Was Hacked ***
---------------------------------------------
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hosting companies. From Virtual Private Servers (VPS) to shared environments, to managed environments. In most instances we pay and ..
---------------------------------------------
http://blog.sucuri.net/2014/08/my-wordpress-website-was-hacked.html


*** One More Day of Trolling in POS Memory, (Wed, Aug 27th) ***
---------------------------------------------
Further to the recent story on Memory Trolling for PCI data, I was able to spend one more day fishing in memory, I dug a bit deeper and come up with more fun Credit Card / Memory goodness with our friend the Point of Sale application. First of all, just searching for credit card numbers returns a lot of duplicates, as indicated in yesterdays ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18589


*** Smarthome: Die Ifa wird zur Messe der Sicherheitslücken ***
---------------------------------------------
Auf der Internationalen Funkausstellung in Berlin (Ifa) wird das Smarthome zu einem grossen Thema. Kaspersky Lab warnt jetzt erneut vor potenziellen Sicherheitslücken im Heimnetz, und ein Blick in vergangene Meldungen zeigt, dass die ..
---------------------------------------------
http://www.golem.de/news/smarthome-die-ifa-wird-zur-messe-der-sicherheitsluecken-1408-108841-rss.html


*** [2014-08-28] Cross-Site Scripting vulnerabilities in F5 BIG-IP ***
---------------------------------------------
Attacker can steal other users sessions, impersonate other users and to gain unauthorized access to the admin interface.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140828-F5_BIG-IP_Reflected_XSS_v10.txt


*** LibreOffice 4.3.1/ .2.6-secfix ***
---------------------------------------------
The Document Foundation announces LibreOffice 4.3.1, the first minor release of LibreOffice 4.3 "fresh" family, with over 100 fixes (including patches for two CVEs, backported to LibreOffice 4.2.6-secfix, which is also available for download now).
---------------------------------------------
http://listarchives.documentfoundation.org/www/announce/msg00199.html


*** Microsoft gibt Problem-Patch eine zweite Chance ***
---------------------------------------------
Zumindest eine der vier zurückgezogenen Patches steht mit neuer KB-Nummer wieder zur Installation bereit. Er schliesst Lücken in Windows, durch die sich ein Angreifer höhere Rechte verschaffen kann.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-gibt-Problem-Patch-eine-zweite-Chance-2303877.html


*** Srizbi kernel-mode spambot reappears as Pitou ***
---------------------------------------------
Malware possibly still in the brewing stage.In November 2007, we published an article by Kimmo Kasslin (F-Secure) and Elia Florio (Symantec), in which they analysed the Srizbi trojan, notable for being the first malware found in the wild that operated fully in kernel mode. It appears ..
---------------------------------------------
http://www.virusbtn.com/blog/2014/08_28.xml?rss


*** eCrime Research Symposium 2014 ***
---------------------------------------------
The APWG is pleased to present eCrime 2014, a combined event that includes the 2014 Fall General Meeting, and eCrime Researchers Symposium. ... This eCrime Congress will include a one-day, members-only meeting on September 23rd and two full days of open sessions thereafter of programming that will be open to both members and non-members.
---------------------------------------------
http://ecrimeresearch.org/events/ecrime2014/


*** Firefox soll falsche SSL-Zertifikate enttarnen ***
---------------------------------------------
Auch Mozillas Browser wird künftig etwa beim Besuch von Google.com überprüfen, ob das ausgelieferte SSL-Zertifikat von einem Herausgeber stammt, den der Dienst üblicherweise benutzt.
---------------------------------------------
http://www.heise.de/security/meldung/Firefox-soll-falsche-SSL-Zertifikate-enttarnen-2304328.html