[CERT-daily] Tageszusammenfassung - Montag 14-07-2014

Daily end-of-shift report team at cert.at
Mon Jul 14 18:13:57 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 11-07-2014 18:00 − Montag 14-07-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** Oracle to release 115 security patches ***
---------------------------------------------
Oracle is planning to release 115 security patches for vulnerabilities affecting a wide array of its products, including its flagship database, Java SE, Fusion Middleware and business applications. The update includes fixes for 20 weaknesses in Java SE, all of which can be exploited by an attacker remotely, without the need for login credentials, ..
---------------------------------------------
http://www.cio.com/article/2453362/oracle-to-release-115-security-patches.html




*** VU#917348: Datum Systems satellite modem devices contain multiple vulnerabilities ***
---------------------------------------------
The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no credentials required, which allows open access to sensitive areas of the file system. A remote unauthenticated attacker may be able to gain full control of the device.
---------------------------------------------
http://www.kb.cert.org/vuls/id/917348




*** Cisco ASA CIFS Share Enumeration Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the WebVPN Common Internet File System (CIFS) access function of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, remote attacker to trigger a reload of the affected device.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6691




*** Juniper Junos Unspecified Command Line Interface Flaw Lets Local Users Gain Root Privileges ***
---------------------------------------------
A local user on the command line interface can invoke certain combinations of commands to gain root privileges on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1030559




*** Dell Sonicwall Scrutinizer 11.01 Code Execution / SQL Injection ***
---------------------------------------------
Dell Sonicwall Scrutinizer suffers from several SQL injections, many of which can end up with remote code execution. An attacker needs to be authenticated, but not as an administrator. However, that wouldn not stop anyone since there is also a privilege escalation vulnerability in that ..
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070065




*** Schrack MICROCONTROL XSS / Disclosure / Weak Default Password ***
---------------------------------------------
The Microcontrol emergency light system, distributed by Schrack Technik GmbH, is an autarchic emergency light system, which is configurable over a web interface. Through the vulnerabilities described in this advisory an attacker can reconfigure the whole emergency light system without authentication. Furthermore he can perform attacks..
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070067




*** 'Gameover' malware returns from the dead ***
---------------------------------------------
In early June 2014, a internationally co-ordinated law enforcement effort against the criminals behind the infamous Gameover malware pretty much wiped out their botnet altogether. Bad news - it looks as though Gameover is back...
---------------------------------------------
http://nakedsecurity.sophos.com/2014/07/13/gameover-malware-returns-from-the-dead/



*** Popular password protection programs p0wnable ***
---------------------------------------------
LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword all flawed Researchers have detailed a series of quickly patched vulnerabilities in five popular password managers that could allow attackers to steal user credentials.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/14/popular_web_password_vaults_blurting_codes/




*** Beware Keyloggers at Hotel Business Centers ***
---------------------------------------------
The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.
---------------------------------------------
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/




*** The Internet of Things: How do you "on-board" devices?, (Mon, Jul 14th) ***
---------------------------------------------
Certified pre-pw0ned devices are nothing new. We talked years ago about USB picture frames that came with malware pre-installed. But for the most part, the malware was added to the device accidentally, or for example by customers who later returned the device just to have it resold without adequately resetting/wiping the device. But more recently, more evidence emerged that ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18387&rss




*** Verschlüsselung: LibreSSL wird flügge ***
---------------------------------------------
Die Entwickler des OpenSSL-Forks LibreSSL haben die erste Version ihrer Software veröffentlicht, die andere Plattformen als OpenBSD unterstützt. Damit schickt sich die SSL-Bibliothek an, eine echte Alternative zum Heartbleed-geplagten OpenSSL zu werden.
---------------------------------------------
http://www.heise.de/security/meldung/Verschluesselung-LibreSSL-wird-fluegge-2260042.html




*** Understanding Ransomware ***
---------------------------------------------
Our Cyber Defence Operations team, led by David Cannings, has published a new whitepaper on understanding ransomware. It looks at the impact, evolution and defensive strategies that can be employed by organisations. While the paper is primarily focused on Microsoft Windows due to the historic ..
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/07/understanding-ransomware/




*** VU#204988: Kaseyas agent driver contains NULL pointer dereference ***
---------------------------------------------
Kaseyas agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference. A local authenticated attacker may be able to crash the application, thereby causing a denial of service. Kaseya has ..
---------------------------------------------
http://www.kb.cert.org/vuls/id/204988





*** WordPress Download Manager 2.6.8 Shell Upload ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070062




*** Shopizer 1.1.5 Code Execution / XSS / CSRF / Data Manipulation ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070066



More information about the Daily mailing list