[CERT-daily] Tageszusammenfassung - Donnerstag 12-06-2014

Daily end-of-shift report team at cert.at
Thu Jun 12 18:18:23 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 11-06-2014 18:00 − Donnerstag 12-06-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Weekly Metasploit Update: Meterpreter Madness ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/06/11/weekly-metasploit-update




*** MSRT June 2014 - Necurs ***
---------------------------------------------
This month we added Win32/Necurs to the Microsoft Malicious Software Removal Tool (MSRT). In a previous blog about Necurs I outlined the familys prevalence and the techniques it uses to execute its payload. In this blog, I will discuss the Necurs rootkit components Trojan:WinNT/Necurs.A and Trojan:Win64/Necurs.A in greater depth. These Necurs rootkit components are sophisticated drivers that try to block security products during every stage of Windows startup. It's important to note that...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/06/10/msrt-june-2014-necurs.aspx




*** Gmail Bug Could Have Exposed Every User's Address ***
---------------------------------------------
Security tester Oren Hafif says that he found and helped fix a bug in Googles Gmail service that could have been used to extract millions of Gmail addresses, if not all of them, in a matter of days or weeks.
---------------------------------------------
http://feeds.wired.com/c/35185/f/661467/s/3b66e7a5/sc/4/l/0L0Swired0N0C20A140C0A60Cgmail0Ebug0Ecould0Ehave0Eexposed0Eevery0Eusers0Eaddress0C/story01.htm




*** Small businesses running cloud-based POS software hit with unique POSCLOUD malware ***
---------------------------------------------
Researchers with IntelCrawler have identified a unique type of malware, known as POSCLOUD, which targets cloud-based point-of-sale software.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/PLQgnJ1-_Mc/




*** Yahoo Toolbar triggers XSS in Google, other popular services, researcher finds ***
---------------------------------------------
A researcher discovered that Yahoo Toolbar triggers XSS in highly popular services, which could enable an attacker to hijack accounts.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/rM026xMWg8U/




*** Feedly and Evernote Hit by DDoS Attacks, Extortion Demands ***
---------------------------------------------
Yesterday, the most popular RSS reader Feedly was down as a result of a large scale distributed-denial-of service (DDoS) attack carried by the cybercriminals to extort money. On Wednesday, the Feedly was temporarily unavailable for its users. Feedly posted details of the attack at 5:00 AM ET on its blog saying that they were under a Distributed Denial of Service (DDoS) attack and
---------------------------------------------
http://feedproxy.google.com/~r/TheHackersNews/~3/9ZGb8CUzJwg/feedly-and-evernote-hit-by-ddos-attacks.html




*** RSS-Dienst: Feedly ist wieder erreichbar ***
---------------------------------------------
Nach einem Ausfall von knapp 24 Stunden ist der RSS-Dienst Feedly wieder nutzbar. Kriminelle führten eine DDos-Attacke gegen die Feedly-Server durch und forderten eine Geldzahlung, um den Angriff zu beenden.
---------------------------------------------
http://www.golem.de/news/rss-dienst-feedly-ist-wieder-erreichbar-1406-107135-rss.html




*** Feedly wieder unter DDoS-Beschuss ***
---------------------------------------------
Die Cyber-Erpresser, die den Newsreader-Dienst Feedly am MIttwoch lahm gelegt haben, geben offenbar nicht auf. Erneut ist der Dienst nicht erreichbar.
---------------------------------------------
http://www.heise.de/security/meldung/Feedly-wieder-unter-DDoS-Beschuss-2220992.html




*** TweetDeck mit Herzfehler ***
---------------------------------------------
Durch einen Bug hat der Twitter-Client in Tweets eingebettete JavaScript-Code ausgeführt, wenn daran ein Unicode-Herz angehängt wurde.
---------------------------------------------
http://www.heise.de/security/meldung/TweetDeck-mit-Herzfehler-2220478.html




*** The Computer Security Threat From Ultrasonic Networks ***
---------------------------------------------
KentuckyFC (1144503) writes Security researchers in Germany have demonstrated an entirely new way to attack computer networks and steal information without anybody knowing. The new medium of attack is ultrasonic sound. It relies on software that uses the built-in speakers on a laptop to broadcast at ultrasonic frequencies while nearby laptops listen out for the transmissions and pass them on, a set up known as a mesh network. The team has tested this kind of attack on a set of Lenovo T400...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/1R8EpiBl880/story01.htm




*** VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable ***
---------------------------------------------
While the group of vulnerabilities that the OpenSSL Project patched last week hasn't grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products. Vendors are still making their way through the patching process, and VMware has released an advisory confirming that a long list of...
---------------------------------------------
http://threatpost.com/vmware-patches-esxi-against-openssl-flaw-but-many-other-products-still-vulnerable/106605




*** Project Un1c0rn Wants to Be the Google for Lazy Security Flaws ***
---------------------------------------------
Following broad security scares like that caused by the Heartbleed bug, it can be frustratingly difficult to find out if a site you use often still has gaping flaws. But a little known community of software developers is trying to change that, by creating a searchable, public index of websites with known security issues.
---------------------------------------------
http://motherboard.vice.com/en_ca/read/is-this-website-vulnerable-to-hackers-project-un1c0rn-has-the-answer




*** Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability ***
---------------------------------------------
cisco-sa-20140611-ipv6
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140611-ipv6




*** JSA10628 - 2014-06 Security Bulletin: Junos Pulse Secure Access Service (SSL VPN) and Junos Pulse Access Control Service (UAC): Weak SSL cipher allowed unexpectedly when higher level cipher group is configured (CVE-2014-3812) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10628&actp=RSS




*** JSA10631 - 2014-06 Security Bulletin: NetScreen Firewall: DNS lookup issue may cause denial of service (CVE-2014-3813) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10631&actp=RSS




*** JSA10632 - 2014-06 Security Bulletin: NetScreen Firewall: Malformed IPv6 packet DoS issue (CVE-2014-3814) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10632&actp=RSS




*** JSA10630 - 2014-06 Security Bulletin: Junos WebApp Secure: Local user privilege escalation issue (CVE-2013-2094) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10630&actp=RSS




*** SA-CONTRIB-2014-060- Petitions - Cross Site Request Forgery (CSRF) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-060Project: - Petitions - (third-party distribution)Version: 7.xDate: 2014-June-11Security risk: Less criticalExploitable from: RemoteVulnerability: Cross Site Request ForgeryDescriptionThis distribution enables you to build an application that lets users create and sign petitions.The contained wh_petitions module doesnt sufficiently verify the intent of the user when signing a petition. A malicious user could trick another user into signing a petition they...
---------------------------------------------
https://drupal.org/node/2284571




*** SA-CONTRIB-2014-059 - Touch Theme - Cross Site Scripting (XSS) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-059Project: Touch (third-party module)Version: 7.xDate: 2014-June-11Security risk: Moderately criticalExploitable from: RemoteVulnerability: Cross Site ScriptingDescriptionTouch Theme is a light weight theme with modern look and feel.The theme does not sufficiently sanitize theme settings input for Twitter and Facebook username. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer themes".CVE...
---------------------------------------------
https://drupal.org/node/2284415




*** Cisco IOS XR ASR 9000 IPv6 Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1030400




*** DSA-2956 icinga ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2956




*** DSA-2955 iceweasel ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2955




*** Netscape Portable Runtime API Buffer Overflow May Let Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030404


More information about the Daily mailing list