[CERT-daily] Tageszusammenfassung - Dienstag 18-03-2014

Tue Mar 18 18:15:48 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 17-03-2014 18:00 − Dienstag 18-03-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Google's Public DNS Hijacked for 22 Minutes ***
---------------------------------------------
The attackers hijacked the 8.8.8.8/32 DNS server for approximately 22 minutes. According to BGPmon, networks in Brazil and Venezuela were impacted. A screenshot published by the company shows that the traffic was redirected to BT Latin America's networks.
---------------------------------------------
http://news.softpedia.com/news/Google-s-Public-DNS-Hijacked-for-22-Minutes-432502.shtml


*** Anonymisierung: Sniper-Angriff legt Tor-Nodes lahm ***
---------------------------------------------
Mit einer sogenannten Sniper-Attacke können Angreifer nicht nur gezielt einzelne Tor-Knoten außer Gefecht setzen, sondern innerhalb von wenige Minuten das gesamte Netzwerk lahmlegen. Ein Patch wurde bereits erarbeitet.
---------------------------------------------
http://www.golem.de/news/anonymisierung-sniper-angriff-legt-tor-nodes-lahm-1403-105197-rss.html


*** Scans for FCKEditor File Manager, (Mon, Mar 17th) ***
---------------------------------------------
FCKEditor (now known as CKEditor [1]) is a popular full featured GUI editor many web sites use. For example, you frequently find it with blog systems like WordPress or as part of commenting/forum systems. As an additional feature, a filemanager can be added to allow users to upload images or other files. Sadly, while a very nice and functional plugin, this features if frequently not well secured and can be used to upload malicious files. We have seen some scans probing specifically...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17821&rss


*** Hintergründe des Typo3-Hacks weiter im Dunkeln ***
---------------------------------------------
Die Typo3 Association hat keine Informationen zu der Schwachstelle hinter dem Casino-Spam-Hack, der viele Typo3-Webseiten betrifft, und vermutet, dass der Hack andere Ursachen hat. Seiten ohne Typo-Installation sollen ebenfalls betroffen sein.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Hintergruende-des-Typo3-Hacks-weiter-im-Dunkeln-2149176.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** Hidden Windigo UNIX ZOMBIES are EVERYWHERE ***
---------------------------------------------
Check and wipe: The la-la-la-its-not-happening plan is no good Hackers using a Trojan seized control of over 25,000 Unix servers worldwide to create a potent spam and malware distribution platform.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/03/18/windigo_unix_botnet/


*** Threatglass Tool Gives Deep Look Inside Compromised Sites ***
---------------------------------------------
Trying to enumerate the compromised sites on the Internet is a Sisyphian task. Luckily, it's not a task that anyone really needs to perform any longer, especially now that Barracuda Labs has released its new Threatglass tool, a Web-based frontend that allows users to query a massive database of compromised sites to get detailed information...
---------------------------------------------
http://threatpost.com/threatglass-tool-gives-deep-look-inside-compromised-sites/104844


*** March 2014 Security Bulletin Webcast and Q&A ***
---------------------------------------------
Today we published the March 2014 Security Bulletin Webcast Questions & Answers page. We answered eight questions in total, with the majority focusing on the updates for Windows (MS14-016) and Internet Explorer (MS14-012). One question that was not answered on air has been included on the Q&A page.
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/03/17/march-2014-security-bulletin-webcast-and-q-amp-a.aspx


*** When ASLR makes the difference ***
---------------------------------------------
We wrote several times in this blog about the importance of enabling Address Space Layout Randomization mitigation (ASLR) in modern software because it's a very important defense mechanism that can increase the cost of writing exploits for attackers and in some cases prevent reliable exploitation. In today's blog, we'll go through ASLR one more time to show in practice how it can be valuable to mitigate two real exploits seen in the wild and to suggest solutions for programs...
---------------------------------------------
https://blogs.technet.com/b/srd/archive/2014/03/12/when-aslr-makes-the-difference.aspx


*** Red Hat plans unified security management for Fedora 21 ***
---------------------------------------------
One crypto policy to bind them Red Hat is planning a significant change to how its Fedora Linux distribution handles crypto policy, to ship with the due-in-late-2014 Fedora 21 release.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/03/18/red_hat_plans_unified_security_management_for_fedora_21/


*** Open-Xchange AppSuite 7.4.1 / 7.4.2 Cross Site Scripting ***
---------------------------------------------
Topic: Open-Xchange AppSuite 7.4.1 / 7.4.2 Cross Site Scripting Risk: Low Text:Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 31065 Vulnerability type: Cross Site Scriptin...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014030134


*** Security Advisory-Y.1731 Vulnerability on Some Huawei Switches ***
---------------------------------------------
Y.1731 is an ITU-T recommendation for OAM features on Ethernet-based networks. Y.1731 provides connectivity detection, diagnosis, and performance monitoring for VLAN/VSI services on MANs.
Some Huawei switches support Y.1731 and therefore, has the Y.1731 vulnerability in processing special packets. The vulnerability causes the restart of switches (Vulnerability ID: HWPSIRT-2013-1165).
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-329625.htm


*** OpenSSH AcceptEnv Wildcard Processing Flaw May Let Remote Authenticated Users Bypass Environment Restrictions ***
---------------------------------------------
http://www.securitytracker.com/id/1029925


*** DSA-2880 python2.7 ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2880


*** Bugtraq: 2014 World Conference on IST - Madeira Island, April 15-17 ***
---------------------------------------------
The 2014 World Conference on Information Systems and Technologies
---------------------------------------------
http://www.securityfocus.com/archive/1/531513