[CERT-daily] Tageszusammenfassung - Montag 21-07-2014

Mon Jul 21 18:12:14 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 18-07-2014 18:00 − Montag 21-07-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** The Little Signature That Could: The Curious Case of CZ Solution ***
---------------------------------------------
Malware authors are always looking for new ways to masquerade their actions. Attackers are looking for their malware to be not only fully undetectable, but also appear valid on a system, so as not to draw attention. Digital signatures are...
---------------------------------------------
http://www.fireeye.com/blog/technical/2014/07/the-little-signature-that-could-the-curious-case-of-cz-solution.html


*** Keeping the RATs out: the trap is sprung - Part 3, (Sat, Jul 19th) ***
---------------------------------------------
As we bring out three part series on RAT tools suffered upon our friends at Hazrat Supply we must visit the centerpiece of it all. The big dog in this fight is indeed the bybtt.cc3 file (Jake suspected this), Backdoor:Win32/Zegost.B. The file is unquestionably a PEDLL but renamed a .cc3 to hide on system like a CueCards Professional database file. Based on the TrendMicro writeup on this family, the backdoor drops four files, including %Program Files%\%SESSIONNAME%\{random characters}.cc3 This...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18415&rss


*** Top 10 Common Database Security Issues ***
---------------------------------------------
Introduction The database typically contains the crown jewels of any environment; it usually holds the most business sensitive information which is why it is a high priority target for any attacker. The purpose of this post is to create awareness among database administrators and security managers about some of the areas on which it is important to focus on when implementing a new database or hardening the security of an existing one.
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/07/top-10-common-database-security-issues/


*** Smart Meter Attack Scenarios ***
---------------------------------------------
In our previous post, we looked at how smart meters were being introduced across multiple countries and regions, and why these devices pose security risks to their users. At their heart, a smart meter is simply... a computer. Let's look at our existing computers - whether they are PCs, smartphones, tablets, or embedded devices. Similarly, these...
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/smart-meter-attack-scenarios/


*** Angriffe auf Web-Server via Wordpress-Plugin MailPoet ***
---------------------------------------------
Über eine kürzlich entdeckte Sicherheitslücke werden derzeit systematisch Server gekapert. Wer das Anfang Juli veröffentlichte Update noch nicht installiert hat, sollte das dringend nachholen.
---------------------------------------------
http://www.heise.de/security/meldung/Angriffe-auf-Web-Server-via-Wordpress-Plugin-MailPoet-2263568.html


*** Home router security to be tested in upcoming hacking contest ***
---------------------------------------------
Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference. The contest is called SOHOpelessly Broken - a nod to the small office/home office space targeted by the products - and follows a growing number of large scale attacks this year against routers and other home embedded systems.
---------------------------------------------
http://www.cio.com/article/2455981/home-router-security-to-be-tested-in-upcoming-hacking-contest.html


*** Sicherheitsforscher weist auf "Hintertüren" in iOS hin ***
---------------------------------------------
Undokumentierte Systemdienste in iOS machen Angreifern das Auslesen von Nutzerdaten leicht, wenn das iPhone oder iPad mit einem Desktop-Computer lokal gepairt wurde, erklärt Jonathan Zdziarski - und hofft auf Antwort von Apple.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsforscher-weist-auf-Hintertueren-in-iOS-hin-2263888.html


*** Call for last-minute papers for VB2014 announced ***
---------------------------------------------
Seven speaking slots waiting to be filled with presentations on hot security topics.
---------------------------------------------
http://www.virusbtn.com/news/2014/07_21.xml?rss


*** Heartbleed bedroht kritische Industrie-Kontrollsysteme ***
---------------------------------------------
Über drei Monate nach Bekanntwerden der massiven Sicherheitslücke sind immer noch zahlreiche Systeme von Siemens ungeschützt.
---------------------------------------------
http://futurezone.at/digital-life/heartbleed-bedroht-kritische-industrie-kontrollsysteme/75.670.250


*** VMSA-2014-0006.8 ***
---------------------------------------------
VMware product updates address OpenSSL security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0006.html


*** EMC RecoverPoint Internal Firewall Ruleset Error Lets Remote Users Bypass the Firewall ***
---------------------------------------------
http://www.securitytracker.com/id/1030608


*** DSA-2981 polarssl ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2981


*** DSA-2982 ruby-activerecord-3.2 ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2982


*** IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_cross_site_scripting_vulnerability_addressed_in_asset_and_service_management_cve_2014_3025?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_cross_site_scripting_vulnerability_addressed_in_asset_and_service_management_cve_2014_0914?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_infosphere_data_quality_console_is_vulnerable_to_a_cross_site_scripting_xss_attack_when_adding_new_project_connections_cve_2014_3071?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_sametime_classic_meeting_server_cve_2014_3088_cve_2014_4747_cve_2014_4748?lang=en_us


*** VU#688812: Huawei E355 contains a stored cross-site scripting vulnerability ***
---------------------------------------------
Vulnerability Note VU#688812 Huawei E355 contains a stored cross-site scripting vulnerability Original Release date: 21 Jul 2014 | Last revised: 21 Jul 2014   Overview The Huawei E355 built-in web interface contains a stored cross-site scripting vulnerability.  Description Huawei E355 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to receive SMS messages using the connected cellular network.CWE-79: Improper...
---------------------------------------------
http://www.kb.cert.org/vuls/id/688812


*** Bugtraq: CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs. ***
---------------------------------------------
Vendor: Elasticsearch
Product: Logstash
CVE: CVE-2014-4326
Affected versions: Logstash 1.0.14 through 1.4.1
---------------------------------------------
http://www.securityfocus.com/archive/1/532841