[CERT-daily] Tageszusammenfassung - Mittwoch 1-10-2014

Wed Oct 1 18:07:36 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 30-09-2014 18:00 − Mittwoch 01-10-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** How RAM Scrapers Work: The Sneaky Tools Behind the Latest Credit Card Hacks ***
---------------------------------------------
In the world of hacking, every malicious tool has its heyday---that period when it rules the underground forums and media headlines and is the challenger keeping computer security pros on their toes. Viruses and worms have each had their day in the spotlight. Remote-access Trojans, which allow a hacker to ..
---------------------------------------------
http://www.wired.com/2014/09/ram-scrapers-how-they-work/


*** Node.js eval() code execution ***
---------------------------------------------
Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of input prior to being used in an eval() call. An attacker could exploit this vulnerability to inject and execute arbitrary PHP code on the system.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/96728


*** Advertising firms struggle to kill malvertisements ***
---------------------------------------------
One provider finds a vulnerable advertising tool that allowed attackers access ..
---------------------------------------------
http://arstechnica.com/security/2014/09/advertising-firms-struggle-to-kill-malvertisements/


*** Gedanken nach meinem shellshock ***
---------------------------------------------
Zum Thema Shellshock ist mir heute nach diesem Artikel wiederholt richtig klar geworden, dass das ganze dieses mal nicht so einfach ist wie Heartbleed - die Diversität mit der sich bash bugs (bzw. shell mis-interpretationen) verstecken ist interessant!Nach lesen des Artikels kann man sich ..
---------------------------------------------
http://www.cert.at/services/blog/20140930221128-1263.html


*** Several vulnerabilities in extension phpMyAdmin (phpmyadmin) ***
---------------------------------------------
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting and Cross-Site Request Forgery.
---------------------------------------------
http://www.typo3.org/news/article/several-vulnerabilities-in-extension-phpmyadmin-phpmyadmin/


*** Splunk Enterprise 6.1.4 and 5.0.10 address four vulnerabilities ***
---------------------------------------------
Splunk Enterprise versions 6.1.4 and 5.0.10 address the following vulnerabilities: OpenSSL TLS protocol downgrade attack (SPL-88585, SPL-88587, SPL-88588, CVE-2014-3511) Persistent cross-site scripting (XSS) via ..
---------------------------------------------
http://www.splunk.com/view/SP-CAAANHS


*** Attackers exploiting Shellshock (CVE-2014-6721) in the wild ***
---------------------------------------------
Yesterday, a new vulnerability affecting Bash (CVE-2014-6271) was published. The new vulnerability allows attackers to execute arbitrary commands formatting an environmental variable using a specific format. It affects Bash (the Bourne Again SHell), the default command shell for Linux and ..
---------------------------------------------
https://www.alienvault.com/open-threat-exchange/blog/attackers-exploiting-shell-shock-cve-2014-6721-in-the-wild


*** TimThumb is No Longer Supported or Maintained ***
---------------------------------------------
http://www.binarymoon.co.uk/2014/09/timthumb-end-life/


*** Multiple vulnerabilities in HP products ***
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04467807
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c0446829


*** Multiple product vulnerabilities: all TP-Link "2-series" switches, all TP-Link VxWorks-based product ***
---------------------------------------------
Telnet is available and cannot be disabled (confirmed by vendor) SSHv1 enabled by default if SSH is enabled (confirmed by vendor)
---------------------------------------------
http://seclists.org/fulldisclosure/2014/Oct/6


*** SchneiderWEB Server Directory Traversal Vulnerability ***
---------------------------------------------
This advisory provides firmware updates for a directory traversal vulnerability in Schneider Electric's SchneiderWEB, a web HMI.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-273-01


*** Rockwell Micrologix 1400 DNP3 DOS Vulnerability ***
---------------------------------------------
This advisory provides a Rockwell Automation firmware revision that mitigates ..
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-254-02


*** Firefox/Chrome: BERserk hätte verhindert werden können ***
---------------------------------------------
Die Sicherheitslücke BERserk ist nur deshalb ein Problem, weil einige Zertifizierungsstellen sich nicht an gängige Empfehlungen für RSA-Schlüssel halten. Mit BERserk akzeptieren Firefox und Chrome gefälschte Zertifikate. 
---------------------------------------------
http://www.golem.de/news/firefox-chrome-berserk-haette-verhindert-werden-koennen-1410-109566-rss.html


*** Studie: Malware ist Hauptgefährdung für Unternehmens-IT ***
---------------------------------------------
Laut der aktuellen /Microsoft-Sicherheitsstudie hat die Bedrohung der Unternehmens-IT durch Malware die bisherige Nummer ..
---------------------------------------------
http://www.heise.de/security/meldung/Studie-Malware-ist-Hauptgefaehrdung-fuer-Unternehmens-IT-2409557.html


*** Sicherheitslücke in Xen-Hypervisor betraf Cloud-Anbieter ***
---------------------------------------------
Ein Programmierfehler in der Virtualisierungssoftware zwang Amazon und Rackspace, zahlreiche virtuelle Maschinen neu zu starten. Inzwischen ist die Lücke in der freien Software geschlossen.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsluecke-in-Xen-Hypervisor-betraf-Cloud-Anbieter-2409800.html


*** Critical FreePBX RCE Vulnerability (ALL Versions) ***
---------------------------------------------
We have been made aware of a critical Zero-Day Remote Code Execution and Privilege Escalation exploit within the legacy 'FreePBX ARI Framework module/Asterisk Recording Interface (ARI)'. This affects any user who has installed FreePBX prior to version ..
---------------------------------------------
http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions/24536