[CERT-daily] Tageszusammenfassung - Mittwoch 3-12-2014

Daily end-of-shift report team at cert.at
Wed Dec 3 18:10:02 CET 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 02-12-2014 18:00 − Mittwoch 03-12-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Shodan Add-on for Firefox ***
---------------------------------------------
It's now possible to see what information Shodan has available on a server from within Firefox thanks to the new Shodan add-on created by @PaulWebSec and @romainletendart! It's a minimalistic yet powerful add-on to see what the website you're visiting is exposing to the Internet. And the add-on will also tell you other information about the IP,...
---------------------------------------------
http://shodanio.wordpress.com/2014/12/02/shodan-add-on-for-firefox/




*** Böse Schlüssel werden zum Problem für GnuPG ***
---------------------------------------------
Ein Forscherteam hat demonstriert, wie einfach sich die IDs zu GnuPG-Schlüsseln fälschen lassen und kurzerhand böse Duplikate des kompletten Strong-Sets erzeugt. Das umfasst rund 50.000 besonders eng vernetzte und vertrauenswürdige Schlüssel.
---------------------------------------------
http://www.heise.de/security/meldung/Boese-Schluessel-werden-zum-Problem-fuer-GnuPG-2473281.html




*** IBM Fixes Serious Code Execution Bug in Endpoint Manager Product ***
---------------------------------------------
IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered it said the bug could be used to compromise not...
---------------------------------------------
http://threatpost.com/ibm-fixes-serious-code-execution-bug-in-endpoint-manager-product/109671




*** An interesting case of the CVE-2014-8439 exploit ***
---------------------------------------------
We have recently seen an exploit targeting the Adobe Flash Player vulnerability CVE-2014-8439 (we detect it as  Exploit:SWF/Axpergle). This exploit is being integrated into multiple exploit kits, including the Nuclear exploit kit (Exploit:JS/Neclu) and the Angler exploit kit (Exploit:JS/Axpergle). Adobe released a patch in November to address this exploit (APSB14-26). Coincidentally, our investigation shows that Adobe released a patch to address a different exploit and that patch appears to...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/12/02/an-interesting-case-of-the-cve-2014-8439-exploit.aspx




*** Keeping Your Website Safe From WordPress's XSS Vulnerability ***
---------------------------------------------
Last month, a Finnish IT company by the name of Klikki Oy identified a critical vulnerability in WordPress - one which has been present in the platform for approximately four years. It allows attackers to enter comments which include malicious JavaScript. Once the script in these comments is executed, the attacker could then do anything from infecting the PCs of visitors to completely hijacking the website; locking the original administrator out of their account.
---------------------------------------------
http://www.ahosting.net/blog/keeping-your-website-safe-from-wordpresss-xss-vulnerability/




*** A Physical Security Policy Can Save Your Company Thousands of Dollars ***
---------------------------------------------
Investments in cybersecurity and physical security are proportionally connected to your organization's improved financial picture for a long-term perspective. Our digital lives are getting smaller as technology simplifies our communications, but cyber attacks are also prevalent. While the Internet radically changes the way organizations operate globally, from handling sensitive data to offshore outsourcing of IT architecture, the payoffs of security are significant and can't be...
---------------------------------------------
http://resources.infosecinstitute.com/physical-security-policy-can-save-company-thousands-dollars/




*** Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment ***
---------------------------------------------
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
---------------------------------------------
http://hack-tools.blackploit.com/2014/12/samurai-web-testing-framework-30-livecd.html




*** New LusyPOS malware is a cross between Dexter and Chewbacca ***
---------------------------------------------
A new piece of Point-of-Sale RAM scraping malware has been submitted to VirusTotal and analyzed by researchers, who found that its a cross between two older and different POS malware families and is offered for sale on underground markets for $2,000.
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2926




*** The Future of Auditory Surveillance ***
---------------------------------------------
Interesting essay on the future of speech recognition, microphone miniaturization, and the future ubiquity of auditory surveillance....
---------------------------------------------
https://www.schneier.com/blog/archives/2014/12/the_future_of_a.html




*** DSA-3084 openvpn ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3084




*** Bugtraq: ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534135




*** Bugtraq: ESA-2014-160: RSA Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534136




*** F5 Security Advisories ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/100/sol15147.html?ref=rss
https://support.f5.com:443/kb/en-us/solutions/public/15000/100/sol15158.html?ref=rss
https://support.f5.com:443/kb/en-us/solutions/public/15000/300/sol15329.html?ref=rss




*** Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-14-329-02 Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published November 25, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for two vulnerabilities within products utilizing the Siemens WinCC application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-14-329-02A




*** Elipse SCADA DNP3 Denial of Service ***
---------------------------------------------
Independent researchers Adam Crain and Chris Sistrunk have identified a DNP3 denial of service vulnerability in the Elipse SCADA application. Elipse has produced a new version of the DNP3 driver that mitigates this vulnerability.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-14-303-02




*** Emerson ROC800 Multiple Vulnerabilities (Update A) ***
---------------------------------------------
This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson Process Management's ROC800 remote terminal units (RTUs) products (ROC800, ROC800L, and DL8000).
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-13-259-01A




*** Yokogawa CENTUM and Exaopc Vulnerability (Update A) ***
---------------------------------------------
Tod Beardsley of Rapid7 Inc. and Jim Denaro of CipherLaw have identified an authentication vulnerability and released proof-of-concept (exploit) code for the Yokogawa CENTUM CS 3000 series and Exaopc products. JPCERT and Yokogawa have mitigated this vulnerability.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A




*** IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_powerkvm_affected_by_1_issue_for_perl_data_dumper_cve_2014_4330?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_powerkvm_2_issues_for_curl_cve_2014_3620_cve_2014_3613?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_rational_lifecycle_integration_adapter_tasktop_edition_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_infosphere_replication_dashboard_is_affected_by_poodle_security_vulnerability_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_tivoli_provisioning_manager_for_os_deployment_and_tivoli_provisioning_manager_for_images_cve_2014_3566?lang=en_us


More information about the Daily mailing list