[CERT-daily] Tageszusammenfassung - Mittwoch 23-07-2014

Daily end-of-shift report team at cert.at
Wed Jul 23 18:10:26 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 22-07-2014 18:00 − Mittwoch 23-07-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** DDoS attacks remain up, stronger in Q2, report says ***
---------------------------------------------
Prolexics second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.
---------------------------------------------
http://www.scmagazine.com/ddos-attacks-remain-up-stronger-in-q2-report-says/article/362256/




*** De-obfuscating the DOM based JavaScript obfuscation found in EK's such as Fiesta and Rig ***
---------------------------------------------
There is little doubt that exploit kit (EK) developers are continuing to improve their techniques and are making exploit kits harder to detect. They have heavily leveraged obfuscation techniques for JavaScript and are utilizing browser functionality to their advantage. Recent exploit kits such as "Fiesta" and "Rig" for example, have been found to be using DOM based JavaScript obfuscation. In...
---------------------------------------------
http://research.zscaler.com/2014/07/de-obfuscating-dom-based-javascript.html




*** Securing the Nest Thermostat ***
---------------------------------------------
A group of hackers are using a vulnerability in the Nest thermostat to secure it against Nests remote data collection....
---------------------------------------------
https://www.schneier.com/blog/archives/2014/07/securing_the_ne.html




*** WordPress brute force attack via wp.getUsersBlogs, (Tue, Jul 22nd) ***
---------------------------------------------
Now that the XMLRPC "pingback" DDoS problem in WordPress is increasingly under control, the crooks now seem to try brute force password guessing attacks via the "wp.getUsersBlogs" method of xmlrpc.php. ISC reader Robert sent in some logs that show a massive distributed (> 3000 source IPs) attempt at guessing passwords on his Wordpress installation. The requests look like the one shown below  and are posted into xmlrpc.php. Unfortunately, the web server responds with a
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18427&rss




*** New Feature: "Live" SSH Brute Force Logs and New Kippo Client, (Wed, Jul 23rd) ***
---------------------------------------------
We are announcing a new feature we have been working on for a while, that will display live statistics on passwords used by SSH brute forcing bots. In addition, we also updated our script that will allow you to contribute data to this effort. Right now, we are supporting the kippo honeypot to collect data. This script will submit usernames, passwords and the IP address of the attacker to our system. To download the script see https://isc.sans.edu/clients/kippo/kippodshield.pl . The script uses
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18433&rss




*** Arbeit für Admins: Apache 2.4.10 stopft Sicherheitslücken ***
---------------------------------------------
Für Administratoren von Webservern, die auf Apache 2.4.x laufen, heißt es updaten. Die Apache-Entwickler haben mit der neuesten Version der Software fünf Lücken geschlossen, eine davon erlaubt das Ausführen von Schadcode aus dem Netz.
---------------------------------------------
http://www.heise.de/security/meldung/Arbeit-fuer-Admins-Apache-2-4-10-stopft-Sicherheitsluecken-2265619.html




*** How Thieves Can Hack and Disable Your Home Alarm System ***
---------------------------------------------
When it comes to the security of the Internet of Things, a lot of the attention has focused on the dangers of the connected toaster, fridge and thermostat. But a more insidious security threat lies with devices that aren't even on the internet: wireless home alarms. Two researchers say that top-selling home alarm setups can...
---------------------------------------------
http://feeds.wired.com/c/35185/f/661467/s/3cc7d302/sc/15/l/0L0Swired0N0C20A140C0A70Chacking0Ehome0Ealarms0C/story01.htm




*** EU to Roll Out Cybercrime Taskforce ***
---------------------------------------------
International Team Will Target Cross-Border Crime Campaigns The European Union is set to launch a trial run of an international cybercrime task force that will coordinate investigations across Europe, as well as with a handful of other countries, including Australia, Canada and the United States.
---------------------------------------------
http://www.bankinfosecurity.com/eu-to-roll-out-cybercrime-taskforce-a-7093




*** The psychology of phishing ***
---------------------------------------------
Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients.
---------------------------------------------
http://www.net-security.org/article.php?id=2078




*** Just Released - The Phishing Planning Kit ***
---------------------------------------------
One of the biggest challenges with an effective phishing program is not the technology you use, but how you communicate and implement your phishing program. To assist you in getting the most out of your phishing program we have put together the Phishing Planning Kit. Based on the feedback and input of numerous security awareness officers, this kit...
---------------------------------------------
http://www.securingthehuman.org/blog/2014/07/22/phishing-planning-kit




*** Facebook Scam Leads to Nuclear Exploit Kit ***
---------------------------------------------
Attackers have become more aggressive and are now using Facebook scams to lead to exploit kits so they can control a user's system.
---------------------------------------------
http://www.symantec.com/connect/blogs/facebook-scam-leads-nuclear-exploit-kit




*** Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability ***
---------------------------------------------
CVE-2014-3322
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322




*** SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting ***
---------------------------------------------
Topic: SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting Risk: Low Text:I. VULNERABILITY - Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 II. BACKGROUND ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070121




*** Barracuda Networks Spam And Virus Firewall 6.0.2 XSS ***
---------------------------------------------
Topic: Barracuda Networks Spam And Virus Firewall 6.0.2 XSS Risk: Low Text:Document Title: Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability Re...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070118




*** Security Notice-Statement on the XSS Security Vulnerability in Huawei E355 ***
---------------------------------------------
Jul 23, 2014 17:37
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-356647.htm




*** SSA-214365 (Last Update 2014-07-23): Vulnerabilities in SIMATIC WinCC ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf




*** Omron NS Series HMI Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for multiple vulnerabilities in Omron Corporation's NS series human-machine interface (HMI) terminals.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-203-01




*** Honeywell FALCON XLWeb Controllers Vulnerabilities ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on June 24, 2014, and is being released to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for vulnerabilities in Honeywell FALCON XLWeb controllers.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-175-01




*** HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP Network Vitalization. The vulnerability could be exploited remotely to allow execution of code and disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202


More information about the Daily mailing list