[CERT-daily] Tageszusammenfassung - Mittwoch 8-10-2014

Wed Oct 8 18:07:30 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 07-10-2014 18:00 − Mittwoch 08-10-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** ISACA announces entry-level cybersecurity certificate ***
---------------------------------------------
A new cybersecurity certificate has been launched by global IT association ISACA thats intended for those looking to break into the field.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/C8kTkbciKh0/


*** Belkin Router Apocalypse: heartbeat.belkin.com outage taking routers down ***
---------------------------------------------
According ot various reports, many users of Belkin routers had problems connecting to the internet as of last night. It appears that the router will occasionally ping">heartbeat.belkin.com to detect network connectivity. The heartbeat host is however not reachable for some hosts. Currently, the host responds to ICMP">As a workaround, you can add an entry to the routers host file pointing heartbeat.belkin.com to 127.0.0.1. This appears to remove the block. Also, the block only...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18779&rss


*** Caution: Gaming fraud! ***
---------------------------------------------
October 6, 2014 At the end of September, Doctor Web issued a report about the new Trojan program Trojan.SteamBurglar.1, which steals game items from Steam users, particularly Dota 2 fans. So far Doctor Webs security researchers have learnt about several dozen modifications of this malware. However, cybercriminals seeking to take advantage of massively multiplayer online role-playing game (MMORPG) players have other tools at their disposal to make illicit profit. In this post we will talk about...
---------------------------------------------
http://news.drweb.com/show/?i=5987&lng=en&c=9


*** Arbor: DDoS Attacks Getting Bigger as Reflection Increases ***
---------------------------------------------
New reflected distributed denial of service attack techniques are increasing the volume of each attack as well as the overall frequency of large-scale DDoS attacks.
---------------------------------------------
http://threatpost.com/arbor-ddos-attacks-getting-bigger-as-reflection-increases/108752


*** The facts about BadUSB ***
---------------------------------------------
Introduction Since the BadUSB talk[1] by Karsten Nohl and Jakob Lell at Black Hat USA in August there has been much discussion about the implications of this class of USB attack. The discussions gained additional momentum when Adam Caudill and Brandon Wilson investigated the attack further and publicly released working code[2] at the DerbyCon security conference. This blog post is intended to dispel some of the misunderstandings that have arisen around BadUSB and provide some practical advice...
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/10/the-facts-about-badusb/


*** Paper: The Hulk ***
---------------------------------------------
Raul Alvarez studies cavity file infector.Most file infectors increase the length of the infected file, as the malicious code is added as a new section of the host file, or to the last section of that file. Cavity file infectors are different though: they infect files without increasing their size.Today, we publish a paper by Raul Alvarez, a researcher for Fortinet, in which he studies Win32/Huhk, a virus that implements cavity file infection.In the paper, Raul explains what happens when an...
---------------------------------------------
http://www.virusbtn.com/blog/2014/10_08a.xml?rss


*** "Tickende Zeitbombe": Windows XP noch immer verbreitet ***
---------------------------------------------
Fast sieben Prozent aller deutschen Rechner mit Internetanschluss laufen noch unter Windows XP, ein halbes Jahr nach dem offiziellen Support-Ende. Dabei sind die Geräte nicht nur selbst gefährdet, sondern auch eine Gefahr für andere.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Tickende-Zeitbombe-Windows-XP-noch-immer-verbreitet-2413920.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** remote syslog PRI vulnerability CVE-2014-3683 ***
---------------------------------------------
While preparing a fix for CVE-2014-3634 for sysklogd, mancha discovered and privately reported that the initial rsyslog fix set was incomplete. It did not cover cases where PRI values > MAX_INT caused integer overflows resulting in negative values.
---------------------------------------------
http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/


*** [R1] Tenable Nessus Web UI Scanned Content Stored XSS ***
---------------------------------------------
The Nessus scanners web-based user interface (Web UI) was vulnerable to a stored cross-site scripting (XSS) attack. The issue was due to a security control being briefly removed due to a regression error. During this 48 hour window, one new build of the Web UI was released leading to the ability to inject arbitrary script code. This could be done by setting up a malicious web server that returned a crafted host header containing JavaScript. When Nessus scanned the web server, the input would be...
---------------------------------------------
http://www.tenable.com/security/tns-2014-08


*** Alert for CVE-2014-7169 Bash "Shellshock" ***
---------------------------------------------
Alert for CVE-2014-7169 Bash "Shellshock"
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html


*** Cisco Intrusion Prevention System MainApp Denial of Service Vulnerability ***
---------------------------------------------
CVE-2014-3402
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3402


*** VMSA-2014-0010.9 ***
---------------------------------------------
VMware product updates address critical Bash security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0010.html


*** Cuckoo Sandbox 1.1.1 ***
---------------------------------------------
This is an immediate release of Cuckoo Sandbox 1.1.1, an hotfix for a security vulnerability discovered by Robert Michel from G-Data. The vulnerability is an arbitrary file upload from the guest virtual machines to the host system, which could potentially translate in command or code execution. It affects all versions of Cuckoo Sandbox from 0.6.
---------------------------------------------
http://cuckoosandbox.org/2014-10-07-cuckoo-sandbox-111.html


*** IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_security_vulnerabilities_in_ibm_websphere_portal_cve_2014_3083_cve_2014_4761?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_cross_site_scripting_by_http_request_modification_in_ibm_content_navigator?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_open_source_apache_xalan_java_reported_in_april_x_force_report_in_ibm_content_navigator?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_open_secure_shell_for_gpfs_v3_5_on_windows_cve_2014_2653_cve_2014_2532?lang=en_us


*** Wordfence <= 5.2.4 Multiple Vulnerabilities (XSS & Bypasses) ***
---------------------------------------------
2014-10-07T16:27:12
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7636