[CERT-daily] Tageszusammenfassung - Freitag 11-07-2014

Fri Jul 11 18:35:41 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 10-07-2014 18:00 − Freitag 11-07-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Finding the Clowns on the Syslog Carousel, (Thu, Jul 10th) ***
---------------------------------------------
So often I see clients faithfully logging everything from the firewalls, routers and switches - taking terabytes of disk space to store it all. Sadly, the interaction after the logs are created is often simply to make sure that the partition doesnt fill up - either old logs are just deleted, or each month logs are burned to DVD and filed away. The comment I often get is that logs entries are complex, and that the sheer volume of information makes it impossible to make sense of it.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18373&rss


*** Security Advisory 2982792 released, Certificate Trust List updated ***
---------------------------------------------
Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With this update, most customers will be automatically protected against this issue and will not need to take any action. If you do not have automatic updates enabled, or if you are on Windows Server...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/07/10/security-advisory-2982792-released-certificate-trust-list-updated.aspx


*** Weekly Metasploit Update: Another Meterpreter Evasion Option ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/07/10/weekly-metasploit-update


*** Website Malware - Mobile Redirect to BaDoink Porn App ***
---------------------------------------------
A few weeks ago we reported that we were seeing a huge increase in the number of web sites compromised with a hidden redirection to pornographic content. It was a very tricky injection, with the redirection happening only once per day per IP address and only if the visitor was using a mobile device...
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/pAisQqonxQM/website-malware-mobile-redirect-to-badoink-porn-app.html


*** VU#712660: Raritian PX power distribution software is vulnerable to the cipher zero attack. ***
---------------------------------------------
Vulnerability Note VU#712660 Raritian PX power distribution software is vulnerable to the cipher zero attack. Original Release date: 10 Jul 2014 | Last revised: 10 Jul 2014   Overview Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.  Description CWE-287: Improper Authentication -
---------------------------------------------
http://www.kb.cert.org/vuls/id/712660


*** Oracle Critical Patch Update - July 2014 - Pre-Release Announcement ***
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html


*** Cisco ASA Filter and Inspect Overlap Denial of Service Vulnerability ***
---------------------------------------------
CVE-2013-5567
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5567


*** Adobe Flash: The most INSECURE program on a UK users PC ***
---------------------------------------------
XML a weak spot, but nothings as dire as Adobe player Adobe Flash Player was the most insecure program installed on UK computer users PCs throughout the second quarter of 2014, according to stats from vulnerability management firm Secunia.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/10/secunia_pc_insecurity/


*** Crooks Seek Revival of "Gameover Zeus" Botnet ***
---------------------------------------------
Cybercrooks today began taking steps to resurrect the Gameover ZeuS botnet, a complex crime machine that has been blamed for the theft more than $100 million from banks, businesses and consumers worldwide. The revival attempt comes roughly five weeks after the FBI joined several nations, researchers and security firms in a global and thus far successful effort to eradicate it.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/yLU9-y_8J-k/


*** VMSA-2014-0006.7 ***
---------------------------------------------
VMware product updates address OpenSSL security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0006.html


*** DSA-2976 eglibc ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2976


*** osCommerce 2.3.4 - Multiple vulnerabilities ***
---------------------------------------------
Topic: osCommerce 2.3.4 - Multiple vulnerabilities Risk: Medium Text:#Title: osCommerce 2.3.4 - Multiple vulnerabilities #Date: 10.07.14 #Affected versions: => 2.3.4 (latest atm) #Vendor: oscom...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070059


*** C99 Shell Authentication Bypass via Backdoor ***
---------------------------------------------
Topic: C99 Shell Authentication Bypass via Backdoor Risk: Medium Text:# Exploit Title: C99 Shell Authentication Bypass via Backdoor # Google Dork: inurl:c99.php # Date: June 23, 2014 # Exploit A...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070057


*** Exploit emerges for LZO algo hole ***
---------------------------------------------
Take one Nyan Cat, add Firefox and hope your Linux distro has been patched Security Mouse security researcher Don A Bailey has showcased an exploit of the Lempel-Ziv-Oberhumer (LZ0) compression algorithm running in the Mplayer2 media player and says it could leave some Linuxes vulnerable to attack.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/11/firefox_lzo_rce/


*** Microsoft entzieht Indischer CA das Vertrauen ***
---------------------------------------------
Als Konsequenz auf die missbräuchlich ausgestellten Google-Zertifikate hat Microsoft die betroffenen SubCAs auf die Sperrliste gesetzt. Darüber hinaus wurde das ganze Ausmaß des Zwischenfalls bekannt: Betroffen sind 45 Domains - auch von Yahoo.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-entzieht-Indischer-CA-das-Vertrauen-2255992.html


*** Lack of Certificate Pinning Exposes Encrypted iOS Gmail App Communication ***
---------------------------------------------
Google has failed to implement certificate pinning in its official iOS Gmail application, which could enable Man-in-the-Middle attacks exposing encrypted user communications.
---------------------------------------------
http://threatpost.com/lack-of-certificate-pinning-exposes-encrypted-ios-gmail-app-communication/107154