[CERT-daily] Tageszusammenfassung - Freitag 13-06-2014
Daily end-of-shift report
team at cert.at
Fri Jun 13 18:26:03 CEST 2014
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 12-06-2014 18:00 − Freitag 13-06-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Microsoft zieht die "Secure Boot"-Bremse ***
---------------------------------------------
Mit einem Update für Windows 8, Server 2012, 8.1 und Server 2012 R2 installiert Microsoft neue Schlüssel-Datenbanken, die den Start einiger UEFI-Module blockieren.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-zieht-die-Secure-Boot-Bremse-2221023.html
*** Setting HoneyTraps with ModSecurity: Adding Fake Hidden Form Fields ***
---------------------------------------------
This blog post continues with the topic of setting "HoneyTraps" within your web applications to catch attackers. Please review the previous posts for more examples: Project Honeypot Integration Unused Web Ports Adding Fake robots.txt Entries Adding Fake HTML Comments This blog post will discuss Recipe 3-4: Adding Fake Hidden Form Fields from my book "Web Application Defenders Cookbook: Battling Hackers and Protecting Users". Recipe 3-4: Adding Fake Hidden Form Fields
---------------------------------------------
http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/btSzvx21q3s/setting-honeytraps-with-modsecurity-adding-fake-hidden-form-fields.html
*** Hacker claims PayPal loophole generates FREE MONEY ***
---------------------------------------------
Convicted hacker comes good with fraudster flowchart A PayPal loophole can be exploited to earn free cash according to a convicted former NASA hacker turned white hat.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/06/13/hacker_claims_paypal_loophole_generates_free_money/
*** You have no SQL inj--... sorry, NoSQL injections in your application ***
---------------------------------------------
Everyone knows about SQL injections. They are classic, first widely publicized by Rain Forest Puppy, and still widely prevalent today (hint: don't interpolate query string params with SQL).
But who cares? SQL injections are so ten years ago. I want to talk about a vulnerability I hadn't run into before that I recently had a lot of fun exploiting. It was a NoSQL injection.
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/06/12/you-have-no-sql-inj--sorry-nosql-injections-in-your-application
*** Banking malware using Windows to block anti-malware apps ***
---------------------------------------------
BKDR_VAWTRAK is using Software Restriction Policies to restrict security software.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/s0xxmloC9XA/
*** Mergers and Acquisitions: When Two Companies and APT Groups Come Together ***
---------------------------------------------
With Apple's purchase of Beats, Pfizer's failed bids for AstraZeneca, and financial experts pointing to a rally in the M&A market, the last month was a busy one for mergers and acquisitions. Of course, when we first see headlines of...
---------------------------------------------
http://www.fireeye.com/blog/technical/targeted-attack/2014/06/mergers-and-acquisitions-when-two-companies-and-apt-groups-come-together.html
*** Microsofts Juni-Patches können Office-2013-Installation zerstören ***
---------------------------------------------
Die Office-2013-Patches vom 11. Juni bereiten mitunter größere Probleme und können dazu führen, sich die Office-Programme nicht mehr starten lassen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Microsofts-Juni-Patches-koennen-Office-2013-Installation-zerstoeren-2221524.html
*** How iOS 8 Will Affect the Security of iPhones and iPads ***
---------------------------------------------
Apple's mobile OS has been enhanced, but is it more secure?
---------------------------------------------
http://www.symantec.com/connect/blogs/how-ios-8-will-affect-security-iphones-and-ipads
*** Stratfor-Hack: Geheimer Bericht stellt gravierende Sicherheitslücken fest ***
---------------------------------------------
Eine Untersuchung nach dem Einbruch auf die Stratfor-Server durch die Gruppe Antisec hat ergeben: Das Unternehmen hat wichtigste Sicherheitsmaßnahmen nicht beachtet.
---------------------------------------------
http://www.golem.de/news/stratfor-hack-geheimer-bericht-stellt-gravierende-sicherheitsluecken-fest-1406-107188-rss.html
*** CloudFlare offers free DDoS protection to public interest websites ***
---------------------------------------------
A project launched by CloudFlare, a provider of website performance and security services, allows organizations engaged in news gathering, civil society and political or artistic speech to use the companys distributed denial-of-service (DDoS) protection technology for free.The goal of the project, dubbed Galileo, is to protect freedom of expression on the Web by helping sites with public interest information from being censored through online attacks, according to the San Francisco-based
---------------------------------------------
http://www.csoonline.com/article/2363382/cloudflare-offers-free-ddos-protection-to-public-interest-websites.html#tk.rss_applicationsecurity
*** ISC Patches Critical DoS Vulnerability in BIND ***
---------------------------------------------
A critical, remotely exploitable bug in some BIND domain name system (DNS) servers could cause a denial of service situation and trigger them to crash.
---------------------------------------------
http://threatpost.com/isc-patches-critical-dos-vulnerability-in-bind/106653
*** CVE-2014-3859: BIND named can crash due to a defect in EDNS printing processing ***
---------------------------------------------
A specially crafted query sent to a BIND nameserver can cause it to crash with a REQUIRE assertion error.
---------------------------------------------
https://kb.isc.org/article/AA-01166/74/CVE-2014-3859:-BIND-named-can-crash-due-to-a-defect-in-EDNS-printing-processing.html
*** IBM Security Bulletin: IBM Algo One - cryptographic key information discovery (CVE-2014-0076) ***
---------------------------------------------
Under certain circumstances, a local attacker could discover cryptographic key information from IBM Algo One. CVE(s): CVE-2014-0076 Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21675765
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_algo_one_cryptographic_key_information_discovery_cve_2014_0076?lang=en_us
*** Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL ***
---------------------------------------------
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL CVE(s): CVE-2010-5298 Affected product(s) and affected version(s): AIX 5.3, 6.1 and 7.1 VIOS 2.X Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory8.asc X-Force Database: http://xforce.iss.net/xforce/xfdb/92632
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/race_condition_in_the_ssl3_read_bytes_function_in_s3_pkt_c_in_openssl?lang=en_us
*** IBM Security Advisory for AIX ***
---------------------------------------------
AIX OpenSSL SSL/TLS Man In The Middle (MITM) vulnerability AIX OpenSSL DTLS recursion flaw AIX OpenSSL DTLS invalid fragment vulnerability AIX OpenSSL SSL_MODE_RELEASE_BUFFERS NULL pointer dereference AIX OpenSSL Anonymous ECDH denial of service
---------------------------------------------
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
*** Cisco Autonomic Networking Infrastructure Overwrite Vulnerability ***
---------------------------------------------
CVE-2014-3290
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3290
*** DSA-2958 apt ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2958
*** DSA-2957 mediawiki ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2957
*** VMSA-2014-0006.1 ***
---------------------------------------------
VMware product updates address OpenSSL security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
*** Yealink VoIP Phones XSS / CRLF Injection ***
---------------------------------------------
Topic: Yealink VoIP Phones XSS / CRLF Injection Risk: Low Text:I. ADVISORY CVE-2014-3427 CRLF Injection in Yealink VoIP Phones CVE-2014-3428 XSS vulnerabilities in Yealink VoIP Phones ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060079
*** SSA-963338 (Last Update 2014-06-13): Multiple Buffer Overflows in UPnP Interface of OZW and OZS Products ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf
*** Bugtraq: AST-2014-005: Remote Crash in PJSIP Channel Drivers Publish/Subscribe Framework ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532414
*** Bugtraq: AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532415
*** HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04336637
More information about the Daily
mailing list