[CERT-daily] Tageszusammenfassung - Freitag 7-02-2014

Fri Feb 7 18:08:55 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 06-02-2014 18:00 − Freitag 07-02-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Advance Notification Service for February 2014 Security Bulletin Release ***
---------------------------------------------
Today we are providing advance notification for the release of five bulletins, two rated Critical and three rated Important, for February 2014. The Critical updates address vulnerabilities in Microsoft Windows and Security Software while the Important-rated updates address issues in Windows and the .NET Framework.
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/02/06/advance-notification-service-for-february-2014-security-bulletin-release.aspx


*** Syrian Electronic Army nimmt beinahe Facebook vom Netz ***
---------------------------------------------
Die Hacker der Syrian Electronic Army haben es fast geschafft, Facebooks Domain zu kapern. Zugang verschafften sie sich wohl durch das Administrationsinterface der Registrars MarkMonitor.
---------------------------------------------
http://www.heise.de/security/meldung/Syrian-Electronic-Army-nimmt-beinahe-Facebook-vom-Netz-2108144.html


*** Bug in iOS 7: Fernortung lässt sich abdrehen ***
---------------------------------------------
Mit einem Trick ist es möglich, bei iOS-7-Geräten Apples "Mein iPhone/iPad suchen", mit dem auch ein geklautes Gerät wiedergefunden werden kann, ohne Passwort zu deaktivieren. Dazu muss das Gerät allerdings entsperrt sein.
---------------------------------------------
http://www.heise.de/security/meldung/Bug-in-iOS-7-Fernortung-laesst-sich-abdrehen-2108078.html


*** A Look at Malware with Virtual Machine Detection ***
---------------------------------------------
It's not uncommon for the malware of today to include some type of built-in virtual machine detection. Virtual Machines (VMs) are an essential part of a malware analyst's work environment. After all, we wouldn't want to infect our physical - or "bare-metal" computers - to all the...
---------------------------------------------
http://blog.malwarebytes.org/intelligence/2014/02/a-look-at-malware-with-virtual-machine-detection/


*** Large-scale DNS redirection on home routers for financial theft ***
---------------------------------------------
In late 2013 CERT Polska received confirmed reports about modifications in e-banking websites observed on... iPhones. Users were presented with messages about alleged changes in account numbers that required confirmation with mTANs. This behavior would suggest that some Zeus-like trojan had been ported to iOS. As this would be the first confirmed case of such malware...
---------------------------------------------
https://www.cert.pl/news/8019/langswitch_lang/en


*** Fritzbox-Angriff analysiert: AVM bereitet Firmware-Updates vor ***
---------------------------------------------
AVM hat den für Telefoniemissbrauch benutzten Angriffsweg nachvollzogen und bereitet Firmware-Updates für Fritzboxen vor, die am Wochenende erscheinen sollen.
---------------------------------------------
http://www.heise.de/security/meldung/Fritzbox-Angriff-analysiert-AVM-bereitet-Firmware-Updates-vor-2108862.html


*** Joomla! PROJOOM Smart Flash Header Component Arbitrary File Upload Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/56831


*** Bugtraq: CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin ***
---------------------------------------------
http://www.securityfocus.com/archive/1/530938


*** Core FTP Server Vulnerabilities ***
---------------------------------------------
CVE-2014-1441: Race condition leading to Denial of Service on the "AUTH SSL" command with invalid SSL data CVE-2014-1442: "XCRC" Directory Traversal Information Disclosure CVE-2014-1443: Password Disclosure Vulnerability
---------------------------------------------
http://permalink.gmane.org/gmane.comp.security.full-disclosure/91518


*** Bugtraq: [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS ***
---------------------------------------------
http://www.securityfocus.com/archive/1/530936


*** IBM Tealeaf CX Passive Capture Application remote code execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/89228


*** IBM Tealeaf CX Passive Capture Application local file include ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/89229


*** Symantec Encryption Management Server Web Email Protection information disclosure ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/90946


*** Palo Alto Networks PAN-OS Certificate Invalidation on Master Key Change Security Bypass Security Issue ***
---------------------------------------------
https://secunia.com/advisories/56392


*** Schneider Electric SCADAPack VxWorks Debugger Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/56811


*** osCommerce 2.3.3.4 SQL Injection ***
---------------------------------------------
Topic: osCommerce 2.3.3.4 SQL Injection Risk: Medium Text:# Title: osCommerce v2.x SQL Injection Vulnerability # Dork: Powered by osCommerce # Author: Ahmed Aboul-Ela # Contact: ahme...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020042