[CERT-daily] Tageszusammenfassung - Freitag 3-01-2014

Daily end-of-shift report team at cert.at
Fri Jan 3 18:25:25 CET 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 02-01-2014 18:00 − Freitag 03-01-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  L. Aaron Kaplan

*** Greyhats expose 4.5 million Snapchat phone numbers using 'theoretical' hack ***
---------------------------------------------
Snapchat largely discounted weakness that partially exposed user numbers.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/8aPSkYeU_SA/




*** Target's Use of 3DES Encryption Invites Scrutiny, Worry ***
---------------------------------------------
Targets admission that encrypted PIN data was stolen and secured with 3DES encryption has experts concerned because of the age of the algorithm and the availability of stronger options.
---------------------------------------------
http://threatpost.com/targets-use-of-3des-encryption-invites-scrutiny-worry/103389




*** Mysterioese Backdoor in diversen Router-Modellen ***
---------------------------------------------
Auf Routern von Linksys und Netgear lauscht ein undokumentierter Dienst, der auf Befehle wartet. Bislang gibt es lediglich ein Indiz dafuer, was es damit auf sich haben koennte.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Mysterioese-Backdoor-in-diversen-Router-Modellen-2074394.html/from/rss09?wt_mc=rss.ho.beitrag.rdf




*** Scans Increase for New Linksys Backdoor (32764/TCP), (Thu, Jan 2nd) ***
---------------------------------------------
We do see a lot of probes for port 32764/TCP . According to a post to github from 2 days ago, some Linksys devices may be listening on this port enabling full unauthenticated admin access. [1]  At this point, I urge everybody to scan their networks for devices listening on port 32764/TCP. If you use a Linksys router, try to scan its public IP address from outside your network.   Our data shows almost no scans to the port prior to today, but a large number from 3 source IPs today. The by far
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17336&rss




*** NSA Exploit of the Day: DEITYBOUNCE ***
---------------------------------------------
Todays item from the NSAs Tailored Access Operations (TAO) group implant catalog is DEITYBOUNCE: DEITYBOUNCE (TS//SI//REL) DEITYBOUNCE provides software application persistence on Dell PowerEdge servers by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to gain periodic execution while the Operating System loads. (TS//SI//REL) This technique supports multi-processor systems with RAID hardware and Microsoft Windows 2000, 2003, and...
---------------------------------------------
https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html




*** Advanced Dewplayer plugin for WordPress download-file.php directory traversal ***
---------------------------------------------
Advanced Dewplayer plugin for WordPress download-file.php directory traversal
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/89978




*** "Penetrating Hard Targets": NSA arbeitet an Quantencomputern zur Kryptoanlayse ***
---------------------------------------------
Dokumente des NSA-Whistleblowers Edward Snowden legen nahe, dass die NSA bei der Entwicklung von Quantencomputern keinen Vorsprung hat. Mit derartiger Technik koennte bestehende Public-Key-Kryptographie geknackt werden.
---------------------------------------------
http://www.heise.de/security/meldung/Penetrating-Hard-Targets-NSA-arbeitet-an-Quantencomputern-zur-Kryptoanlayse-2074540.html




*** HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code.
---------------------------------------------
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422-1




*** Bundesnetzagentur praesentiert Entwurf des IT-Sicherheitskatalogs ***
---------------------------------------------
Eine Liste von Sicherheitsanforderungen soll die IT-Infrastruktur unserer Stromnetze absichern. Bis Februar kann man diesen Entwurf noch kommentieren.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Bundesnetzagentur-praesentiert-Entwurf-des-IT-Sicherheitskatalogs-2074724.html/from/rss09?wt_mc=rss.ho.beitrag.rdf




*** Cost/Benefit Analysis of NSAs 215 Metadata Collection Program ***
---------------------------------------------
It has amazed me that the NSA doesnt seem to do any cost/benefit analyses on any of its surveillance programs. This seems particularly important for bulk surveillance programs, as they have significant costs aside from the obvious monetary costs. In this paper, John Mueller and Mark G. Stewart have done the analysis on one of these programs. Worth reading....
---------------------------------------------
https://www.schneier.com/blog/archives/2014/01/costbenefit_ana_1.html




*** UPDATED X1 : OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor, (Thu, Jan 2nd) ***
---------------------------------------------
By now, most of you have heard that the openssl.org website was defaced. While the source code and repositories were not tampered with, this obviously concerned people. What is more interesting is that the attack was made possible by gaining access to the hypervisor that hosts the VM responsible for the website. Attacks of this sort are likely to be more common as time goes on as it provides easy ability to take over a host without having to go through the effort of actually rooting a box.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17333&rss




*** Bankautomaten per USB-Stick uebernommen ***
---------------------------------------------
Sicherheitsforscher haben Schadcode entdeckt, der per USB-Stick auf Geldautomaten geladen wird und Ganoven dann beliebig Geld auszahlt. Die Malware enthaelt ausserdem raffinierte Funktionen, die den Hintermaennern Kontrolle ueber die Auszahlungen gibt
---------------------------------------------
http://www.heise.de/security/meldung/Bankautomaten-per-USB-Stick-uebernommen-2074773.html




*** Ubuntu bessert TLSv1.2-Unterstuetzung nach ***
---------------------------------------------
In aktuellen Ubuntu-Versionen kann die zentrale Crypto-Bibliothek OpenSSL kein TLSv1.2; das soll sich erst mit Ubuntu 14.04 LTS aendern.
---------------------------------------------
http://www.heise.de/security/meldung/Ubuntu-bessert-TLSv1-2-Unterstuetzung-nach-2074817.html




*** Ueberwachung: BND fischt deutlich weniger Kommunikation ab ***
---------------------------------------------
Der Bundesnachrichtendienst hat seine Filtermethoden offenbar verbessert. Im Jahr 2012 sind viel weniger verdaechtige Kommunikationsinhalte als in den Vorjahren in den Netzen haengengeblieben. (Datenschutz, DE-CIX)
---------------------------------------------
http://www.golem.de/news/ueberwachung-bnd-fischt-deutlich-weniger-kommunikation-ab-1401-103691-rss.html




*** Slovenian jailed for creating code behind 12 MILLION strong Mariposa botnet army ***
---------------------------------------------
A Slovenian virus writer who created an infamous strain of malware used to infect an estimated 12 million computers worldwide has been jailed for almost five years.
---------------------------------------------
http://www.theregister.co.uk/2014/01/03/mariposa_botnet_mastermind_jailed/






More information about the Daily mailing list