[CERT-daily] Tageszusammenfassung - Freitag 21-03-2014

Fri Mar 21 18:18:16 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 20-03-2014 18:00 − Freitag 21-03-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl

*** Taken in phishing attack, Microsoft's unmentionables aired by hacktivists ***
---------------------------------------------
If Microsoft and eBay arent safe from social engineering attacks, who is?
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/B9IE0Uei57U/


*** Kaspersky Internet Security Regular Expression Patterns Processing Denial of Service Vulnerability ***
---------------------------------------------
CXsecurity has discovered a vulnerability in Kaspersky Internet Security, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing regular expression patterns and can be exploited to exhaust CPU resources and render the system unusable.
---------------------------------------------
https://secunia.com/advisories/57316


*** DotNetNuke Unspecified Script Insertion Vulnerability ***
---------------------------------------------
A vulnerability has been reported in DotNetNuke, which can be exploited by malicious users to conduct script insertion attacks.
Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
---------------------------------------------
https://secunia.com/advisories/57429


*** WordPress WP-Filebase Download Manager Plugin Arbitrary Code Execution Vulnerability ***
---------------------------------------------
A vulnerability has been reported in the WP-Filebase Download Manager plugin for WordPress, which can be exploited by malicious users to compromise a vulnerable system.
...
Successful exploitation of this vulnerability requires access rights to upload files (e.g. "Editor" access rights).
The vulnerability is reported in version 0.3.0.03. Prior versions may also be affected.
---------------------------------------------
https://secunia.com/advisories/57456


*** Zeus variant blocks user activity with full-screen pop-ups ***
---------------------------------------------
Infected users are forced to contend with open windows, which are actually legitimate sites being displayed on their desktops.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/KHHSZFOdcH0/


*** A peek inside a modular, Tor C&C enabled, Bitcoin mining malware bot ***
---------------------------------------------
Cybercriminals continue to maliciously 'innovate', further confirming the TTP (tactics, techniques and procedure) observations we made in our Cybercrime Trends 2013 assessment back in December, 2013, namely, that the diverse cybercrime ecosystem is poised for exponential growth. Standardizing the very basics of fraudulent and malicious operations, throughout the years, cybercriminals have successfully achieved a state of malicious economies of scale...
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/V6XSH_U-eoU/


*** Siemens SIMATIC S7-1200 Improper Input Validation Vulnerabilities ***
---------------------------------------------
OVERVIEWSiemens has reported two improper input validation vulnerabilities discovered separately by Prof. Dr. Hartmut Pohl of softScheck GmbH and Arne Vidström of Swedish Defence Research Agency (FOI) in Siemens' SIMATIC S7-1200 PLC. Siemens has produced a new version that mitigates these vulnerabilities.These vulnerabilities could be exploited remotely.AFFECTED PRODUCTSThe following SIMATIC S7-1200 PLC versions are affected:
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-01


*** Siemens SIMATIC S7-1200 Vulnerabilities ***
---------------------------------------------
OVERVIEWSiemens, Ralf Spenneberg of OpenSource Training, Lucian Cojocar of EURECOM, Sascha Zinke from the FU Berlin's work team SCADACS, and Positive Technologies' researchers (Alexey Osipov, and Alex Timorin) have identified six vulnerabilities in the Siemens SIMATIC S7-1200 CPU family. Siemens has produced a new product release that mitigates these vulnerabilities.These vulnerabilities could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02


*** Cisco AsyncOS Patch , (Fri, Mar 21st) ***
---------------------------------------------
Cisco released a patch for AsyncOS, the operating system used in its E-Mail Security Appliance (ESA) and Security Management Appliance (SMA).  The vulnerability is exploited by an authenticated attacker uploading a crafted blocklist file. The file has to be uploaded via FTP, so this vulnerability is only exploitable if the FTP service is enabled. Once the blacklist is pared, arbitrary commands are executed.  This sounds like an OS command injection vulnerability. The parameters (assumed to be
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17839&rss


*** Linux Kernel Netfilter DCCP Processing Flaw Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
Description:   A vulnerability was reported in the Linux Kernel. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted DCCP data to trigger a memory corruption flaw in 'nf_conntrack_proto_dccp.c' and execute arbitrary code on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1029945


*** Horde Framework Unserialize PHP Code Execution ***
---------------------------------------------
Topic: Horde Framework Unserialize PHP Code Execution
Risk: High
Text:## # This module requires Metasploit
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014030175


*** Monitoring for unusual network traffic key to banking botnet detection ***
---------------------------------------------
Malware authors have had great success targeting financial institutions in recent years, and in turn those organizations have a vested interest in improving their banking botnet detection capabilities. However, one expert says financial firms are failing because they ignore unusual network traffic.
---------------------------------------------
http://searchsecurity.techtarget.com/news/2240216637/Monitoring-for-unusual-network-traffic-key-to-banking-botnet-detection


*** Nokia X Android smartphone security features detailed ***
---------------------------------------------
... the Nokia X comes with the required security features to protect the data stored on the device without downloading third-party security apps. The three main ways to protect the data on the Nokia X smartphone is the screen security, encryption, and SIM card lock.
---------------------------------------------
http://gadgets.ndtv.com/mobiles/news/nokia-x-android-smartphone-security-features-detailed-497994


*** Linux Worm Darlloz Infects over 31,000 Devices in Four Months ***
---------------------------------------------
The worm is designed to infect computers running Intel x86 architectures, but it's also capable of infecting devices running MIPS, ARM, PowerPC architectures. Routers, set-top boxes and other devices usually have this kind of architecture. Based on its investigation, Symantec has determined that the main goal of Darlloz is to abuse infected devices for crypto-currency mining. Once it's installed on a computer, the worm installs open source mining software (cpuminer).
---------------------------------------------
http://news.softpedia.com/news/Linux-Worm-Darlloz-Infects-over-31-000-Devices-in-Four-Months-433242.shtml


*** Mass-Produced ATM Skimmers, Rogue PoS Terminals via 3D Printing? ***
---------------------------------------------
On several underground forums, a cybercriminal named gripper is selling ATM skimmers and fake POS terminals, and is making some very bold claims doing so: Figure 1. Underground advertisement. The cybercriminal claims that he can mass-produce VeriFone VerixV point-of-sale (PoS) devices. (Verifone is a US-based provider of POS terminals.) Some specific VeriFone products such as the Vx510...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/YmksHI4j1OM/


*** Spotlight on Java SE 8 Security ***
---------------------------------------------
March 18, 2014 was the long anticipated release of Java SE 8. I though I would spotlight some of the key security features of Java 8 for readers. First, many are not aware of security improvements made to Java 7. Let's begin with a quick review the Java SE 7 security features that were rolled into Java SE 8.
---------------------------------------------
http://www.securitycurmudgeon.com/2014/03/20/spotlight-on-java-se-8-security/


*** IBM Security Bulletin: IBM WebSphere MQ Internet Pass-Thru - Potential denial of service on the command port listener (CVE-2013-5401) ***
---------------------------------------------
A denial of service vulnerability exists and could be exploited by a remotely connected user to stop the remote administration service.  CVE(s): CVE-2013-5401  Affected product(s) and affected version(s):   WebSphere MQIPT 2.1.0.0  WebSphere MQIPT 2.0.x    Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21666863 X-Force Database: http://xforce.iss.net/xforce/xfdb/87297
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_websphere_mq_internet_pass_thru_potential_denial_of_service_on_the_command_port_listener_cve_2013_5401?lang=en_us


*** OpenSSL ECDSA Nonces Recovery Weakness ***
---------------------------------------------
Yuval Yarom and Naomi Benger have reported a weakness in OpenSSL, which can be exploited by malicious, local users to disclose certain sensitive information.
---------------------------------------------
https://secunia.com/advisories/57091


*** OpenSSH "child_set_env()" Security Bypass Security Issue ***
---------------------------------------------
The security issue is caused due to an error within the "child_set_env()" function (usr.bin/ssh/session.c) and can be exploited to bypass intended environment restrictions by using a substring before a wildcard character.
---------------------------------------------
https://secunia.com/advisories/57488


*** Oracle VirtualBox 3D Acceleration Multiple Privilege Escalation Vulnerabilities ***
---------------------------------------------
Core Security has reported multiple vulnerabilities in Oracle VirtualBox, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges.
---------------------------------------------
https://secunia.com/advisories/57384


*** Cisco Hosted Collaboration Solution Packet Processing Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Cisco Hosted Collaboration Solution, which can be exploited by malicious people to cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/57496


*** Video zeigt Jailbreak von iOS 7.1 ***
---------------------------------------------
Ein Entwickler hat seine Arbeit an einem Jailbreak von iOS 7.1 demonstriert. Apple hatte mit dem jüngsten iOS-Update die Schwachstellen geschlossen, die für den letzten Jailbreak zum Einsatz kamen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Video-zeigt-Jailbreak-von-iOS-7-1-2152274.html/from/rss09?wt_mc=rss.ho.beitrag.rdf