[CERT-daily] Tageszusammenfassung - Dienstag 17-06-2014

Daily end-of-shift report team at cert.at
Tue Jun 17 18:15:15 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 16-06-2014 18:00 − Dienstag 17-06-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Robert Waldner



*** Malicious Web-based Java applet generating tool spotted in the wild ***
---------------------------------------------
Despite the prevalence of Web based client-side exploitation tools as the cybercrime ecosystem's primary infection vector, in a series of blog posts, we've been emphasizing on the emergence of managed/hosted/DIY malicious Java applet generating tools/platforms, highlighting the existence of a growing market segment relying on 'visual social engineering' vectors for the purpose of tricking end users into executing malicious/rogue/fake Java applets, ultimately joining a
---------------------------------------------
http://www.webroot.com/blog/2014/06/16/malicious-web-based-java-applet-generating-tool-spotted-wild/




*** Cisco ASA WebVPN Information Disclosure Vulnerability ***
---------------------------------------------
CVE ID: CVE-2014-2151
...
A vulnerability in the WebVPN portal of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, remote attacker to view sensitive information from the affected system.
The vulnerability is due to improper input validation in the WebVPN portal. An attacker could exploit this vulnerability by providing a crafted JavaScript file to an authenticated WebVPN user.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2151




*** Security Advisory-Heap Overflow Vulnerability in Huawei eSap Platform ***
---------------------------------------------
Huawei eSap software platform has four heap overflow vulnerabilities. Huawei products that have used this platform are affected. When receiving some special malformed packets, such devices access heap memory that is beyond the valid range and cause unexpected restart of the devices. If an attacker keeps sending such malformed packets, the devices will repeatedly restart, causing a denial of service (DoS) attack (Vulnerability ID: HWPSIRT-2014-0111).
Huawei has provided fixed versions.
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345171.htm




*** IBM AIX ntpd Query Function Lets Remote Users Conduct Amplified Denial of Service Attacks ***
---------------------------------------------
A vulnerability was reported in IBM AIX. A remote user can conduct amplified denial of service attacks.
A remote user can exploit an administrative query function in ntpd to amplify distributed denial of service (DDoS) attacks against other sites.
---------------------------------------------
http://www.securitytracker.com/id/1030433




*** Hacking the Java Debug Wire Protocol - or - 'How I met your Java debugger' ***
---------------------------------------------
In this post, I will explain the Java Debug Wire Protocol (JDWP) and why it is interesting from a pentester's point of view. I will cover some JDWP internals and how to use them to perform code execution, resulting in a reliable and universal exploitation script. ... As a matter of fact, JDWP is used quite a lot in the Java application world. Pentesters might, however, not see it that often when performing remote assessments as firewalls would (and should) mostly block the port it is
---------------------------------------------
http://blog.ioactive.com/2014/04/hacking-java-debug-wire-protocol-or-how.html




*** CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing ***
---------------------------------------------
A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.
---------------------------------------------
https://bugzilla.redhat.com/show_bug.cgi?id=1108447




*** SLocker Android Ransomware Communicates Via Tor And SMS ***
---------------------------------------------
A little over two weeks ago, we found a new family of Android ransomware: SLocker.We have no evidence that SLocker is related to Koler, the most recently discovered Android ransomware. It does however carry through on the threat Koler made. Unlike Koler - which pretended to, but didnt actually encrypt files - SLocker will actually scan the devices SD card for specific file types: When the SLocker app is launched, it encrypts these files and then displays a ransom message:The message
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002716.html




*** Microsoft dichtet OneDrive-Links ab ***
---------------------------------------------
In der Dokument-Freigabe von Microsofts Cloud-Speicher klaffte ein Loch, das es Angreifern erlaubt hätte, unbefugten Zugriff auf Dokumente zu erhalten. Microsoft hat die Lücke nun geschlossen, altere Freigabe-URLs könnten aber noch verwundbar sein.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-dichtet-OneDrive-Links-ab-2227485.html




*** Technology sites "riskier" than illegal sites in 2013, according to Symantec data ***
---------------------------------------------
The 'riskiest' pages to visit in 2013 were technology websites, according to data from users of Norton Web Safe, which monitors billions of traffic requests and millions of software downloads per day.
---------------------------------------------
http://www.scmagazine.com/technology-sites-riskier-than-illegal-sites-in-2013-according-to-symantec-data/article/355982/




*** Popular HTTPS Sites Still Vulnerable to OpenSSL Connection Hijacking Attack ***
---------------------------------------------
Some of the Internets most visited websites that encrypt data with the SSL protocol are still susceptible to a recently announced vulnerability that could allow attackers to intercept and decrypt connections.
---------------------------------------------
http://www.cio.com/article/754250/Popular_HTTPS_Sites_Still_Vulnerable_to_OpenSSL_Connection_Hijacking_Attack?taxonomyId=3089




*** Researchers Outline Spammers Business Ecosystem ***
---------------------------------------------
An anonymous reader writes A team of researchers at the UC Santa Barbara and RWTH Aachen presented new findings on the relationship of spam actors [abstract; full paper here] at the ACM Symposium on Information, Computer and Communications Security. This presents the first end-to-end analysis of the spam delivery ecosystem including: harvesters crawl the web and compile email lists, botmasters infect and operate botnets, and spammers rent botnets and buy email lists to run spam campaigns. 
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/-AKpHVGH5us/story01.htm






More information about the Daily mailing list