[CERT-daily] Tageszusammenfassung - Freitag 7-11-2014

Fri Nov 7 18:15:38 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 06-11-2014 18:00 − Freitag 07-11-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Crypto 101 - free book resource, (Thu, Nov 6th) ***
---------------------------------------------
Regular reader and contributor Gebhard sent us a pointer to Crypto 101, an introductory course on cryptography, freely available for programmers of all ages and skill levels byLaurens Van Houtven (lvh) available for everyone, for free, forever. Its a pre-release PDF read of a project that will be released in more formats later. The Crypto 101 course allows you to learn by doing and includes everything you need to understand complete systems such as SSL/TLS: block ciphers, stream ciphers, hash...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18925&rss


*** Metasploit Weekly Wrapup: Another Android Universal XSS ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/11/06/metasploit-weekly-wrapup


*** Navy gunners unphased by "integer overflow bug" concerns ***
---------------------------------------------
Today, Naked Security received an out-of-the-ordinary email... ..from a vacationing coder with a penchant for fitting geekiness into regular life! We loved his story. We think you will too.
---------------------------------------------
http://nakedsecurity.sophos.com/2014/11/06/navy-gunners-unphased-by-integer-overflow-bug-concerns/


*** Slides zum Thema DDoS ***
---------------------------------------------
Slides zum Thema DDoS | 5. November 2014 | Das Abwehramt des österreichischen Bundesheeres veranstaltet jedes Jahr eine Konferenz zum Thema IKT-Sicherheit. Dieses Jahr wurde ich eingeladen, einen Vortrag zum Thema DDoS zu halten.In meiner Präsentaion verweise ich auf diverse externe Dokumente, daher wurde ich gebeten, die Slides zum zum Download anzubieten. Autor: Otmar Lendl
---------------------------------------------
http://www.cert.at/services/blog/20141105124802-1293.html


*** Advance Notification Service for the November 2014 Security Bulletin Release ***
---------------------------------------------
Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD). As per our monthly process, weve
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/11/06/advance-notification-service-for-the-november-2014-security-bulletin-release.aspx


*** Chinese Routing Errors Redirect Russian Traffic ***
---------------------------------------------
In recent weeks, Russian President Vladimir Putin announced a plan to enact measures to protect the Internet of Russia. In a speech to the Russian National Security Council he said, "we need to greatly improve the security of domestic communications networks and information resources." Perhaps he should add Internet routing security to his list because,...
---------------------------------------------
http://research.dyn.com/2014/11/chinese-routing-errors-redirect-russian-traffic/


*** Frankfurt | 04.12.2014 - SAVE us from IP Spoofing and Prefix Hijacking ***
---------------------------------------------
DDoS reflection attacks are promoted by IP spoofing and there have been several incidents in the last couple of years where huge networks or whole countries were disconnected from the internet after BGP hijacking. Nevertheless there are countermeasure like RPKI, BCP38 and S.A.V.E that not only protect your network but also help to create a more robust internet. Matthias Wählisch (FU Berlin) and Gert Döring (Space.Net) are going to present these approaches and open the discussion with...
---------------------------------------------
http://de-cix.eco.de/2014/events/4-12-frankfurt-spoofing-and-hijacking.html


*** Security Holes in Corporate Networks: Network Vulnerabilities ***
---------------------------------------------
In this blogpost, we will review in detail the possible vectors for an attack launched on a corporate network from an infected computer within it.
---------------------------------------------
http://securelist.com/blog/research/67452/security-holes-in-corporate-networks-network-vulnerabilities/


*** Combat Blackhat SEO Infections with SEO Insights ***
---------------------------------------------
Blackhat SEO spam is the plague of the internet, and the big search engines take it seriously. One of the worst spam tactics on the internet is becoming more common every day: innocent websites are hacked, and their best pages begin linking to spam. These Blackhat SEO spam tactics are fighting for expensive, high-competition keywords...
---------------------------------------------
http://blog.sucuri.net/2014/11/combat-blackhat-seo-infections-with-seo-insights.html


*** Macro malware on the rise again ***
---------------------------------------------
Users taught that having to enable enhanced security features is no big deal.When I joined Virus Bulletin almost eight years ago, macro viruses were already a thing of the past, like porn diallers or viruses that did funny things to the characters on your screen: threats that were once a real problem, but that we didnt have to worry about any longer.A few years ago, I even heard a malware researcher bemoan the fact that "kids these days" didnt even know how to analyse macro viruses.
---------------------------------------------
http://www.virusbtn.com/blog/2014/11_07.xml?rss


*** Yosemite Beta ***
---------------------------------------------
When we first announced that future versions of GPGMail would be available for a small fee, we were pretty scared about the reactions. Despite our expectations, weve received mostly positive responses and we would really like to thank you for that. Today were happy to announce that the first beta of GPGMail for Yosemite is finally ready.
---------------------------------------------
https://gpgtools.org/?yosemite


*** GnuPG unterstützt Krypto auf Elliptischen Kurven ***
---------------------------------------------
Das soeben veröffentlichte Release GnuPG 2.1.0 bringt einige neue Funktionen, bessere Abläufe und es schneidet auch ein paar alte Zöpfe ab. Der 2.0er-Zweig wird als stabile Version weiter gepflegt.
---------------------------------------------
http://www.heise.de/security/meldung/GnuPG-unterstuetzt-Krypto-auf-Elliptischen-Kurven-2444337.html


*** Belkin flings out patch after Metasploit module turns guests to admins ***
---------------------------------------------
Open guest networks turned on by default Belkin has patched a vulnerability in a dual band router that allowed attackers on guest networks to gain root access using an automated tool.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/07/belkin_flings_patch_after_metasploit_module_turns_guests_to_admins/


*** VB2014 video: Attack points in health apps & wearable devices - how safe is your quantified self? ***
---------------------------------------------
Health apps and wearable devices found to make many basic security mistakes."I know a lot of you have a Fitbit device."The geeks attending VB conferences tend to like their gadgets, and many of them have the latest ones, so the claim made by Candid Wüest at the beginning of his VB2014 last-minute presentation Attack points in health apps & wearable devices - how safe is your quantified self? was bound to be accurate. But the Symantec researcher really did know how many...
---------------------------------------------
http://www.virusbtn.com/blog/2014/11_07a.xml?rss


*** Security: Tausende unsichere Webcams im Internet zu sehen ***
---------------------------------------------
Über tausende Webcams sind derzeit Menschen zu Hause in ihrem Fernsehsessel oder bei der Arbeit am Rechner zu sehen - ohne dass sie davon wissen. Die unbekannten Betreiber einer Webseite haben dafür weltweit Überwachungskameras angezapft.
---------------------------------------------
http://www.golem.de/news/security-tausende-unsichere-webcams-im-internet-zu-sehen-1411-110401-rss.html


*** Vuln: requests-kerberos requests_kerberos/kerberos_.py Remote Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/70909


*** SOL15792: Path MTU discovery vulnerability CVE-2004-1060 ***
---------------------------------------------
Description: Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Dont Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." (CVE-2004-1060) Impact: The BIG-IP system may be vulnerable to denial-of-service (DoS) attacks.
---------------------------------------------
https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15792.html


*** Bugtraq: Open-Xchange Security Advisory 2014-11-07 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533936


*** [R1] OpenSSL Vulnerabilities (20141015) Affect Tenable Products ***
---------------------------------------------
November 7, 2014
---------------------------------------------
http://www.tenable.com/security/tns-2014-11


*** RSA Web Threat Detection SQL Injection ***
---------------------------------------------
Topic: RSA Web Threat Detection SQL Injection Risk: Medium Text:ESA-2014-135: RSA Web Threat Detection SQL Injection Vulnerability EMC Identifier: ESA-2014-135 CVE Identifier: C...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014110032


*** PHP date_from_ISO8601() buffer overflow ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98522


*** DSA-3067 qemu-kvm ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3067


*** DSA-3066 qemu ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3066


*** DSA-3065 libxml-security-java ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3065


*** IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_tivoli_workload_scheduler_is_affected_by_the_following_curl_libcurl_vulnerabilities_cve_2014_0139_cve_2014_0138?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_security_vulnerability_about_apache_tomcat_jsp_file_upload_in_websphere_application_server_community_edition_3_0_0_4?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_openssl_affect_tivoli_endpoint_manager_for_remote_control_cve_2014_3511_cve_2014_5139?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_and_ibm_java_runtime_affect_tivoli_endpoint_manager_for_remote_control?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_one_vulnerability_in_ibm_filenet_content_manager_and_ibm_content_foundation_cve_2014_4263?lang=en_us