[CERT-daily] Tageszusammenfassung - Freitag 25-07-2014

Daily end-of-shift report team at cert.at
Fri Jul 25 18:06:37 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 24-07-2014 18:00 − Freitag 25-07-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** More Details of Onion/Critroni Crypto Ransomware Emerge ***
---------------------------------------------
New ransomware has been dubbed Onion by researchers at Kaspersky Lab as its creators use command and control servers hidden in the Tor Network (a/k/a The Onion Router) to obscure their malicious activity.
---------------------------------------------
http://threatpost.com/onion-ransomware-demands-bitcoins-uses-tor-advanced-encryption/107408




*** Kali 1.0.8 released with UEFI boot support, more info at http://www.kali.org/news/kali-1-0-8-released-uefi-boot-support/, (Fri, Jul 25th) ***
---------------------------------------------
-- Bojan INFIGO IS (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18443&rss




*** Gefährlicher als die NSA: Firmen unterschätzen kriminelle Hacker ***
---------------------------------------------
Allianz für Cyber-Sicherheit beim deutschen Bundesamt für Sicherheit in der Informationstechnik sieht größten Nachholbedarf in produzierenden Unternehmen
---------------------------------------------
http://derstandard.at/2000003528513




*** TAILS Team Recommends Workarounds for Flaw in I2P ***
---------------------------------------------
The developers of the TAILS operating system say that users can mitigate the severity of the critical vulnerability researchers discovered in the I2P software that's bundled with TAILS with a couple of workarounds, but there is no patch for the bug yet. The vulnerability that affects TAILS is in the I2P anonymity network software that comes...
---------------------------------------------
http://threatpost.com/tails-team-recommends-workarounds-for-flaw-in-i2p/107422




*** Fake GoogleBots are third most common DDoS attacker ***
---------------------------------------------
An analysis of 400 million search engine visits to 10,000 sites done by Incapsula researchers has revealed details that might be interesting to web operators and SEO professionals.
---------------------------------------------
http://www.net-security.org/secworld.php?id=17169




*** New SSL server rules go into effect Nov. 1 ***
---------------------------------------------
Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks.
---------------------------------------------
http://www.networkworld.com/article/2457649/security0/new-ssl-server-rules-go-into-effect-nov-1.html




*** The App I Used to Break Into My Neighbor's Home ***
---------------------------------------------
Leave your ring of cut-brass secrets unattended on your desk at work, at a bar table while you buy another round, or in a hotel room, and any stranger---or friend---can upload your keys to their online collection.
---------------------------------------------
http://feeds.wired.com/c/35185/f/661467/s/3cdb9908/sc/36/l/0L0Swired0N0C20A140C0A70Ckeyme0Elet0Eme0Ebreak0Ein0C/story01.htm




*** Attackers abusing Internet Explorer to enumerate software and detect security products ***
---------------------------------------------
During the last few years we have seen an increase on the number of malicious actors using tricks and browser vulnerabilities to enumerate the software that is running on the victim's system using Internet Explorer.In this blog post we will describe some of the techniques that attackers are using to perform reconnaisance that gives them information for future attacks. We have also seen these techniques being used to decide whether or not they exploit the victim based on detected...
---------------------------------------------
http://www.alienvault.com/open-threat-exchange/blog/attackers-abusing-internet-explorer-to-enumerate-software-and-detect-securi




*** Building a Legal Botnet in the Cloud ***
---------------------------------------------
Two researchers have built a botnet using free anonymous accounts. They only collected 1,000 accounts, but theres no reason this cant scale to much larger numbers....
---------------------------------------------
https://www.schneier.com/blog/archives/2014/07/building_a_lega.html




*** Bugtraq: Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532895




*** Morpho Itemiser 3 Hard-Coded Credential ***
---------------------------------------------
This advisory provides vulnerability information for hard-coded credentials in the Morpho Itemiser 3.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-205-01




*** VU#394540: Sabre AirCentre Crew contains a SQL injection vulnerability ***
---------------------------------------------
Vulnerability Note VU#394540 Sabre AirCentre Crew contains a SQL injection vulnerability Original Release date: 25 Jul 2014 | Last revised: 25 Jul 2014   Overview Sabre AirCentre Crew 2010.2.12.20008 and earlier contains a SQL injection vulnerability.  Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Sabre AirCentre Crew 2010.2.12.20008 and earlier is vulnerable to a SQL Injection attack in the username and password fields in CWPLogin.aspx. 
---------------------------------------------
http://www.kb.cert.org/vuls/id/394540




*** Cisco Unified Presence Server Sync Agent Vulnerability ***
---------------------------------------------
CVE-2014-3328
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328




*** Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
CVE-2014-3305
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3305




*** Cisco WebEx Meetings Server Stack Trace Vulnerability ***
---------------------------------------------
CVE-2014-3301
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3301


More information about the Daily mailing list