[CERT-daily] Tageszusammenfassung - Donnerstag 6-11-2014

Thu Nov 6 18:09:38 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 05-11-2014 18:00 − Donnerstag 06-11-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Retefe with a new twist ***
---------------------------------------------
A few months ago, we blogged about the banking trojan Retefe (Blog post in German) that was and still is targeting Switzerland. First off, Retefe is different because it only targets Switzerland, Austria and Sweden (and sometimes Japan). Contrast this...
---------------------------------------------
http://securityblog.switch.ch/2014/11/05/retefe-with-a-new-twist/


*** ENISA calls for Expression of Interest for Membership of the Permanent Stakeholders' Group ***
---------------------------------------------
The Executive Director of European Union Agency for Network and Information Security (ENISA) calls for Expression of Interest for Membership of the Permanent Stakeholders' Group (PSG) to be assigned from February 2015 to August 2017.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/enisa-calls-for-expression-of-interest-for-membership-of-the-permanent-stakeholders2019-group


*** New ENISA report on Cyber Crisis Cooperation and Management ***
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/enisa-publishes-new-report-on-cyber-crisis-cooperation-and-management


*** WireLurker malware infects iOS devices through OS X ***
---------------------------------------------
Non-jailbroken devices infected via enterprise provisioning program.Researchers at Palo Alto Networks have published a research paper (PDF) analysing the WireLurker malware that runs on Mac OS X, and which is then used to further infect iOS devices connected to an infected machine.WireLurker is found to have infected 467 apps on the Maiyadi App Store, a third-party store based in China. Infected apps have been downloaded more than 350,000 times. Malware targeting OS X has become increasingly...
---------------------------------------------
http://www.virusbtn.com/blog/2014/11_06.xml?rss


*** VB2014 paper: DMARC - how to use it to improve your email reputation ***
---------------------------------------------
Terry Zink presents case study in which he describes setting a DMARC policy for Microsoft.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added DMARC - how to use it to improve your email reputation, by Microsofts Terry Zink.Email is a 30-year-old protocol, designed at a time when the Internet was much smaller and you could basically trust anyone. As a consequence, spammers and phishers can easily send email
---------------------------------------------
http://www.virusbtn.com/blog/2014/11_06a.xml?rss


*** ZMap 1.2.1 - The Internet Scanner ***
---------------------------------------------
ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical limit of gigabit Ethernet.
---------------------------------------------
http://hack-tools.blackploit.com/2014/11/zmap-121-internet-scanner.html


*** ICMP Reverse Shell ***
---------------------------------------------
A reverse shell is a type of shell in which the target machine communicates back to the attacking machine. The attacking machine has a listener port on which it receives the connection, which by using, code or command execution is achieved.
---------------------------------------------
http://resources.infosecinstitute.com/icmp-reverse-shell/


*** ZDI-14-373: Trend Micro InterScan Web Security Virtual Appliance Information Disclosure Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to read files from the underlying operating system on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance web application authentication is required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-373/


*** Vuln: Dell EqualLogic CVE-2013-3304 Directory Traversal Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/70760


*** Bugtraq: ESA-2014-135: RSA Web Threat Detection SQL Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533912


*** Bugtraq: [The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533916


*** Cisco Unity Connection Information Disclosure Vulnerability ***
---------------------------------------------
CVE-2014-7988
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7988


*** [R1] PHP Integer Overflow Affects Tenables SecurityCenter ***
---------------------------------------------
November 5, 2014
---------------------------------------------
http://www.tenable.com/security/tns-2014-10


*** [2014-11-06] XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection ***
---------------------------------------------
Attackers are able to perform denial-of-service attacks against the Endpoint Protection Manager which directly impacts the effectiveness of the client-side endpoint protection. Furthermore, session identifiers of users can be stolen to impersonate them and gain unauthorized access to the server.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141106-0_Symantec_Endpoint_Protection_XXE_XSS_Arbitrary_File_Write_v10.txt


*** IBM Security Bulletin: Security vulnerabilities in Node.js modules affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2014-6394, CVE-2014-7191) ***
---------------------------------------------
Security vulnerabilities have been reported for some dependent Node.js modules. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based on open source Node.js technology.  CVE(s): CVE-2014-6394 and CVE-2014-7191  Affected product(s) and affected version(s):   IBM Business Process Manager Express V8.5.5     IBM Business Process Manager Standard V8.5.5  IBM Business Process Manager Advanced V8.5.5       Refer to the following reference
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_security_vulnerabilities_in_node_js_modules_affect_ibm_business_process_manager_bpm_configuration_editor_cve_2014_6394_cve_2014_7191?lang=en_us


*** IBM Security Bulletin: Multiple Reflected XSS Vulnerabilities in Tivoli Netcool/Impact ***
---------------------------------------------
IBM Tivoli Netcool Impact is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.  CVE(s): CVE-2014-6161  Affected product(s) and affected version(s):   IBM Tivoli Netcool Impact 6.1.1    Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21689130 X-Force Database: http://xforce.iss.net/xforce/xfdb/97710
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_reflected_xss_vulnerabilities_in_tivoli_netcool_impact?lang=en_us