[CERT-daily] Tageszusammenfassung - Freitag 9-05-2014

Daily end-of-shift report team at cert.at
Fri May 9 18:13:00 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 08-05-2014 18:00 − Freitag 09-05-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Advance Notification Service for the May 2014 Security Bulletin Release ***
---------------------------------------------
Today we provide Advance Notification Service (ANS) for the release of eight bulletins, two rated Critical and six rated Important in severity. These updates will address vulnerabilities for .NET Framework, Office, Internet Explorer, and Windows. As we do every month, we've scheduled the security bulletin release for the second Tuesday of the month, May 13, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for deployment guidance and further analysis together with a brief
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/05/08/advance-notification-service-for-the-may-2014-security-bulletin-release.aspx




*** Prenotification Security Advisory for Adobe Reader and Acrobat ***
---------------------------------------------
Adobe is planning to release security updates on Tuesday, May 13, 2014 for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh.
---------------------------------------------
https://helpx.adobe.com/security/products/reader/apsb14-15.html




*** SQL Injection In Insert, Update, And Delete ***
---------------------------------------------
This is a brief whitepaper that goes over different payloads that can be leveraged in SQL injection attacks.
---------------------------------------------
http://packetstormsecurity.com/files/126527/SQL-Injection-In-Insert-Update-And-Delete.html




*** SNMP: The next big thing in DDoS Attacks? ***
---------------------------------------------
It started with DNS: Simple short DNS queries are easily spoofed and the replies can be much larger then the request, leading to an amplification of the attack by orders of magnitude. Next came NTP. Same game, different actors: NTPs "monlist" feature allows for small requests (again: UDP, so trivially spoofed) and large responses. Today, we received a packet capture from a reader showing yet another reflective DDoS mode: SNMP. The "reflector" in this case...
---------------------------------------------
https://isc.sans.edu/diary/SNMP%3A+The+next+big+thing+in+DDoS+Attacks%3F/18089




*** Heartbleed, IE Zero Days, Firefox vulnerabilities - Whats a System Administrator to do? ***
---------------------------------------------
With the recent headlines, weve seen heartbleed (which was not exclusive to Linux, but was predominately there), an IE zero day that had folks over-reacting with headlines of "stop using IE", but Firefox and Safari vulnerabilities where not that far back in the news either. So what is "safe"? And as an System Administrator or CSO what should you be doing to protect your organization?
---------------------------------------------
https://isc.sans.edu/diary/Heartbleed%2C+IE+Zero+Days%2C+Firefox+vulnerabilities+-+What%27s+a+System+Administrator+to+do%3F/18101




*** Exploit Kit Roundup: Best of Obfuscation Techniques ***
---------------------------------------------
The world of exploit kits is an ever-changing one, if you happen to look away even just for one month, you'll come back to find that most everything has changed around you. Because of this, people like us, who work on a secure web gateway product, are continuously immersed in the world of exploit kits. Every once in a while it's a good idea to stop, take a look around us, and review what's changed. We would like to share some of the more interesting obfuscation techniques
---------------------------------------------
http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/R9KtNDgyouY/exploit-kit-roundup-best-of-obfuscation-techniques.html




*** Surge in Viknok infections bolsters click fraud campaign ***
---------------------------------------------
Researchers detected over 16,500 Viknok infections in the first week of May alone.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/6mC7Lf47bgY/




*** Malicious DIY Java applet distribution platforms going mainstream - part two ***
---------------------------------------------
In a cybercrime ecosystem, dominated by client-side exploits serving Web malware exploitation kits, cybercriminals continue relying on good old fashioned social engineering tricks in an attempt to trick gullible end users into knowingly/unknowingly installing malware. In a series of blog posts, we've been highlighting the existence of DIY (do-it-yourself), social engineering driven, Java drive-by type of Web based platforms, further enhancing the current efficient state of social...
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/6wG1i4Gl5HQ/




*** Bitly shortens life of users passwords after credential compromise ***
---------------------------------------------
OAuth tentacles mean its time to change ANOTHER password URL-shortening and online marketing outfit Bit.ly has warned its systems have been accessed by parties unknown and suggested users change their passwords.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/05/09/bitly_shortens_life_of_users_passwords_after_credential_compromise/




*** Weekly Metasploit Update: Disclosing Usernames, More Flash Bugs, and Wireshark Targets ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/05/08/weekly-metasploit-update




*** Heartbleed: Noch immer 300.000 Server verwundbar ***
---------------------------------------------
Vier Wochen nach Auftauchen der Lücke zeigt Untersuchung nur wenig Fortschritte
---------------------------------------------
http://derstandard.at/1399507030882




*** Cyber Security Challenge sucht österreichische IT-Talente ***
---------------------------------------------
Bereits zum dritten Mal wird im Rahmen der Cyber Security Challenge Austria nach jungen Hacker-Talenten gesucht. Dieses Jahr gibt es auch einen europaweiten Wettbewerb.
---------------------------------------------
http://futurezone.at/netzpolitik/cyber-security-challenge-sucht-oesterreichische-it-talente/64.493.015




*** CVE-2014-3214: A Defect in Prefetch Can Cause Recursive Servers to Crash ***
---------------------------------------------
A defect in the pre-fetch feature (which is enabled by default) can cause BIND 9.10.0 to terminate with a "REQUIRE" assertion failure if it processes queries whose answers have particular attributes. This can be triggered as the result of normal query processing.
---------------------------------------------
https://kb.isc.org/article/AA-01161




*** QNAP-Photostation V.3.2 XSS ***
---------------------------------------------
XSS-Lücke in QNAP-Photostation V.3.2 (auf QNAP NAS TS259+ Pro - Firmware 4.0.7 vom 12.04.2014)
---------------------------------------------
http://sdcybercom.wordpress.com/2014/04/25/qnap-cross-site-scripting-nicht-schon-wieder/




*** Digi International OpenSSL Vulnerability ***
---------------------------------------------
Digi International has identified five products that are vulnerable to the OpenSSL Heartbleed bug. Digi International has produced downloadable firmware upgrade versions that mitigate this vulnerability.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-128-01




*** IBM Security Bulletins for TADDM ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_security_improvement_tomcat_default_files_and_non_encrypted_administrative_interfaces_available?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_ndash_security_improvement_more_restricted_permission_on_taddm_files_on_unix_like_servers?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_ndash_security_improvement_birt_report_viewer_application_vulnerable_to_directory_traversal_attack?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_ndash_security_improvement_axis_in_taddm_reveal_configuration_information_without_authentication?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_reject_weak_and_medium_ciphers_on_taddm_ports?lang=en_us




*** Kaspersky Internet Security Null Pointer Dereference in prremote.dll Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030203




*** Multiple BIG-IP products iControl command execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/93015




*** Security Bulletin: IBM iNotes Cross-Site Scripting Vulnerability (CVE-2014-0913) ***
---------------------------------------------
IBM iNotes versions 9.0.1 and 8.5.3 Fix Pack 6 contain a cross-site scripting vulnerability. The fixes for these issues were introduced in IBM Domino and IBM iNotes versions 9.0.1 Fix Pack 1 and 8.5.3 Fix Pack 6 Interim Fix 2.
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21671981




*** HPSBMU03035 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross-Site Scripting (XSS) ***
---------------------------------------------
A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. This vulnerability could be exploited remotely to allow cross-site scripting (XSS).
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273695




*** HPSBGN03008 rev.2 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information ***
---------------------------------------------
The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04248997




*** R7-2013-19.2 Disclosure: Yokogawa CENTUM CS 3000 BKESimmgr.exe Buffer Overflow (CVE-2014-0782) ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/05/09/r7-2013-192-disclosure-yokogawa-centum-cs-3000-vulnerabilities


More information about the Daily mailing list