[CERT-daily] Tageszusammenfassung - Donnerstag 4-12-2014

Thu Dec 4 18:13:08 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 03-12-2014 18:00 − Donnerstag 04-12-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** An Analysis of the "Destructive" Malware Behind FBI Warnings ***
---------------------------------------------
TrendLabs engineers were recently able to obtain a malware sample of the "destructive malware" described in reports about the Federal Bureau of Investigation (FBI) warning to U.S. businesses last December 2. According to Reuters, the FBI issued a warning to businesses to remain vigilant against this new "destructive" malware in the wake of the recent Sony Pictures...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ZsHCPcPYoQk/


*** Sony Got Hacked Hard: What We Know and Don't Know So Far ***
---------------------------------------------
A week into the Sony hack, however, there is a lot of rampant speculation but few solid facts. Here's a look at what we do and don't know about what's turning out to be the biggest hack of the year.
---------------------------------------------
http://feeds.wired.com/c/35185/f/661467/s/41179d61/sc/28/l/0L0Swired0N0C20A140C120Csony0Ehack0Ewhat0Ewe0Eknow0C/story01.htm


*** Automating Incident data collection with Python, (Thu, Dec 4th) ***
---------------------------------------------
One of my favorite Python modules isImpacketby the guys at Core Labs. Among other things it allows me to create Python scripts that can speak to Windows computers over SMB. I can use it to map network drives, kill processes on a remote machine and much more. During an incident having the ability to reach out to allthe machines in your environment to list or kill processes is very useful. Python andImpacketmake this very easy. Check it out. After installing Impacketall of the awesome modules are...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19025&rss


*** Escaping the Internet Explorer Sandbox: Analyzing CVE-2014-6349 ***
---------------------------------------------
Applications that have been frequently targeted by exploits frequently add sandboxes to their features in order to harden their defenses against these attacks. To carry out a successful exploit, an attacker will have to breach these sandboxes to run malicious code. As a result, researchers will pay particular attention to exploits that are able to...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OnnBY6zHrlw/


*** Android Hacking and Security, Part 15: Hacking Android Apps Using Backup Techniques ***
---------------------------------------------
In the previous article, we had an introduction on how to analyze Android application specific data using Android backup techniques. This article builds on the previous article. We are going to see how local data storage or basic checks that are performed on a local device can be exploited on...
---------------------------------------------
http://resources.infosecinstitute.com/android-hacking-security-part-15-hacking-android-apps-using-backup-techniques/


*** WebSocket Security Issues ***
---------------------------------------------
Overview In this article, we will dive into the concept of WebSocket introduced in HTML 5, security issues around the WebSocket model, and the best practices that should be adopted to address security issues around WebSocket. Before going straight to security, let's refresh our concepts on WebSocket. Why Websocket and...
---------------------------------------------
http://resources.infosecinstitute.com/websocket-security-issues/


*** Avoiding Mod Security False Positives with White-listing ***
---------------------------------------------
We have already discussed in my previous articles how to configure Mod Security Firewall with OWASP rules and also analysed the different types of logs which Mod Security generates. While analysing the logs, we have seen that the OWASP rules generate a lot of false positive results, as these rules [...]The post Avoiding Mod Security False Positives with White-listing appeared first on InfoSec Institute.
---------------------------------------------
http://resources.infosecinstitute.com/avoiding-mod-security-false-positives-white-listing/


*** Apple veröffentlicht Updates für Safari-Browser - und zieht sie wieder zurück ***
---------------------------------------------
Laut Apple soll Safari 8.0.1 unter anderem Fehler im Zusammenhang mit iCloud-Diensten beheben. Gleichzeitig wurden Safari 6.2.1 und 7.1.1 für ältere OS-X-Versionen veröffentlicht. Apple hat die Updates allerdings kommentarlos offline genommen.
---------------------------------------------
http://www.heise.de/security/meldung/Apple-veroeffentlicht-Updates-fuer-Safari-Browser-und-zieht-sie-wieder-zurueck-2480656.html


*** Quantum Attack on Public-Key Algorithm ***
---------------------------------------------
This talk (and paper) describe a lattice-based public-key algorithm called Soliloquy developed by GCHQ, and a quantum-computer attack on it. News article....
---------------------------------------------
https://www.schneier.com/blog/archives/2014/12/quantum_attack_.html


*** The TYPO3 community publishes TYPO3 CMS 7.0 ***
---------------------------------------------
Following our new release cycle, TYPO3 CMS 7.0 is the first sprint release on our way towards the final 7 LTS which will be released in fall 2015. 7.0 will not receive regular bugfix releases, an upgrade to 7.1 should be installed after its release in around 8 weeks instead - see our roadmap for more details.
---------------------------------------------
https://typo3.org/news/article/the-typo3-community-publishes-typo3-cms-70-a-new-version-of-its-free-content-management-system/


*** Cisco Unified Computing System (UCS) Manager Information Disclosure Vulnerability ***
---------------------------------------------
CVE-2014-8009
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8009


*** SA-CONTRIB-2014-117 - Hierarchical Select - Cross Site Scripting (XSS) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-117Project: Hierarchical Select (third-party module)Version: 6.xDate: 2014-December-03Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:All/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingDescriptionThe Hierarchical Select module provides a "hierarchical_select" form element, which is a greatly enhanced way for letting the user select items in a taxonomy. The module does not sanitize some of the user-supplied data...
---------------------------------------------
https://www.drupal.org/node/2386615


*** SA-CONTRIB-2014-116 -Webform Invitation - Cross Site Scripting ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-116Project: Webform Invitation (third-party module)Version: 7.xDate: 2014-December-03Security risk: 8/25 ( Less Critical) AC:Basic/A:User/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionThis module enables you to create custom invitation codes for Webforms.The module failed to sanitize node titles.This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Webform: Create new...
---------------------------------------------
https://www.drupal.org/node/2386387


*** Security Advisory - High Severity - WordPress Download Manager ***
---------------------------------------------
Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote File Inclusion Risk Version: Read More
---------------------------------------------
http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html


*** Security Advisory-DLL Hijacking Vulnerability on Huawei USB Modem products ***
---------------------------------------------
Dec 04, 2014 18:26
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-376152.htm


*** DSA-3086 tcpdump - security update ***
---------------------------------------------
Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service, leaking sensitive information from memory or, potentially, execution of arbitrary code.
---------------------------------------------
https://www.debian.org/security/2014/dsa-3086


*** DSA-3089 jasper - security update ***
---------------------------------------------
Josh Duart of the Google Security Team discovered heap-based bufferoverflow flaws in JasPer, a library for manipulating JPEG-2000 files,which could lead to denial of service (application crash) or theexecution of arbitrary code.
---------------------------------------------
https://www.debian.org/security/2014/dsa-3089


*** DSA-3088 qemu-kvm - security update ***
---------------------------------------------
Paolo Bonzini of Red Hat discovered that the blit region checks wereinsufficient in the Cirrus VGA emulator in qemu-kvm, a fullvirtualization solution on x86 hardware. A privileged guest user coulduse this flaw to write into qemu address space on the host, potentiallyescalating their privileges to those of the qemu host process.
---------------------------------------------
https://www.debian.org/security/2014/dsa-3088


*** DSA-3087 qemu - security update ***
---------------------------------------------
Paolo Bonzini of Red Hat discovered that the blit region checks wereinsufficient in the Cirrus VGA emulator in qemu, a fast processoremulator. A privileged guest user could use this flaw to write into qemuaddress space on the host, potentially escalating their privileges tothose of the qemu host process.
---------------------------------------------
https://www.debian.org/security/2014/dsa-3087


*** GNU cpio Heap Overflow in process_copy_in() Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031285