[CERT-daily] Tageszusammenfassung - Montag 13-10-2014

Mon Oct 13 18:19:24 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 10-10-2014 18:00 − Montag 13-10-2014 18:00
Handler:     Stefan Lenzhofer
Co-Handler:  Otmar Lendl

*** Poor punctuation leads to Windows shell vulnerability ***
---------------------------------------------
An attack on Windows scripts shows that quotation marks aren't just for writers.
---------------------------------------------
http://arstechnica.com/security/2014/10/poor-punctuation-leads-to-windows-shell-vulnerability/


*** Researchers observe new type of SYN flood DDoS attack ***
---------------------------------------------
Researchers with Radware are referring to the new type of distributed denial-of-service attack as a Tsunami SYN Flood Attack.
---------------------------------------------
http://www.scmagazine.com/researchers-observe-new-type-of-syn-flood-ddos-attack/article/376576


*** IBM Security Bulletin: Vulnerabilities in Bash affect IBM SDN VE (CVE-2014-6271,CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) ***
---------------------------------------------
Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as "Bash Bug"? or "Shellshock"? and two memory corruption vulnerabilities. Bash is used by IBM SDN VE.  CVE(s): CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE-2014-6278  Affected product(s) and affected version(s):   IBM SDN VE, Unified Controller, VMware Edition: 1.2.0
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_bash_affect_ibm_sdn_ve_cve_2014_6271_cve_2014_7169_cve_2014_7186_cve_2014_7187_cve_2014_6277_cve_2014_6278?lang=en_us


*** Malware overview: Threats to Mac OS X and other IT security hazards of September 2014 ***
---------------------------------------------
October 2, 2014 In September, a number of new threats to Mac OS X were discovered by Doctor Webs security researchers. They included the complex backdoor Mac.BackDoor.iWorm as well as the Trojan Mac.BackDoor.Ventir.1 and the spyware program Mac.BackDoor.XSLCmd. Unexpectedly, gamers came under attack by Trojan.SteamBurglar which steals virtual game items from Steam users to later resell them to other players. As usual, plenty of virus definitions for malware programs geared towards Windows were
---------------------------------------------
http://news.drweb.com/show/?i=5982&lng=en&c=9


*** Androids Cyanogenmod open to MitM attacks ***
---------------------------------------------
Code re-use spells zero day for millions of modders More than 10 million users of the popular Cyanogen build of Android are exposed to man-in-the-middle (MitM) attacks thanks to reuse of vulnerable sample code.
---------------------------------------------
http://www.theregister.co.uk/2014/10/13/androids_cyanogenmod_open_to_mitm_attacks/


*** Adobe, Microsoft, Oracle: Oktober-Patchtag wird aufwendiger als sonst ***
---------------------------------------------
Adobe, Microsoft und Oracle werden am kommenden Dienstagabend zahlreiche Patches veröffentlichen: Der Oktober-Patchtag bei allen drei Unternehmen überschneidet sich. Einerseits entlastet dies die Admins, andererseits müssen sie sich auf eine größere Patch-Menge einstellen. (Microsoft, Java)
---------------------------------------------
http://www.golem.de/news/adobe-microsoft-oracle-oktober-patchtag-wird-aufwendiger-als-sonst-1410-109793-rss.html


*** WordPress is the Most Attacked CMS: Report ***
---------------------------------------------
Data security firm Imperva released its fifth annual Web Application Attack report (WAAR) this week, a study designed track the latest trends and cyber threats facing web applications.
---------------------------------------------
http://www.securityweek.com/wordpress-most-attacked-cms-report


*** SSA-860967 (Last Update 2014-10-13): GNU Bash Vulnerabilities in Siemens Industrial Products ***
---------------------------------------------
SSA-860967 (Last Update 2014-10-13): GNU Bash Vulnerabilities in Siemens Industrial Products
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-860967.pdf


*** SSA-234763 (Last Update 2014-10-13): OpenSSL Vulnerabilities in Siemens Industrial Products ***
---------------------------------------------
SSA-234763 (Last Update 2014-10-13): OpenSSL Vulnerabilities in Siemens Industrial Products
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234763.pdf


*** SSA-839231 (Last Update 2014-10-13): Incorrect Certificate Verification in Ruggedcom ROX-based Devices ***
---------------------------------------------
SSA-839231 (Last Update 2014-10-13): Incorrect Certificate Verification in Ruggedcom ROX-based Devices
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-839231.pdf


*** PHP 5.6.1 schlie�t potentiell gef�hrlichen Puffer�berlauf ***
---------------------------------------------
Die aktuelle PHP-Version behebt eine Reihe von Bugs, darunter auch eine von Stefan Esser entdeckte Sicherheitslücke. Diese ist einfach auszunutzen und kann missbraucht werden, um aus der Ferne Schadcode auszuführen.
---------------------------------------------
http://www.heise.de/security/meldung/PHP-5-6-1-schliesst-potentiell-gefaehrlichen-Pufferueberlauf-2418719.html


*** Mobile threats in September 2014 ***
---------------------------------------------
October 2, 2014 As in previous months, in September Doctor Webs security researchers registered multiple attacks on handhelds. In particular, the Dr.Web virus database was expanded to include numerous definitions of threats to Android involving banking Trojans, ransomware, spies, and even a dangerous vandal Trojan, among others.  Also added to the database was an entry for another malicious application that operates on jailbroken devices.  The number of new malicious programs for Android and
---------------------------------------------
http://news.drweb.com/show/?i=5983&lng=en&c=9


*** FinFisher Malware Analysis - Part 3 (Last) ***
---------------------------------------------
I've already covered most parts of FinFisher malware in last two articles. This time, in this article, which is last article related to FinFisher, I'll cover last important tricks, methods and techniques used by FinFisher. So I'll make categorize them by subject:...
---------------------------------------------
https://www.codeandsec.com/FinFisher-Malware-Analysis-Part-3


*** Who�s Watching Your WebEx? ***
---------------------------------------------
KrebsOnSecurity spent a good part of the past week working with Cisco to alert more than four dozen companies -- many of them household names -- about regular corporate WebEx conference meetings that lack passwords and are thus open to anyone who wants to listen in.
---------------------------------------------
http://krebsonsecurity.com/2014/10/whos-watching-your-webex


*** Kmart becomes the latest retail data breach victim ***
---------------------------------------------
Kmart has been confirmed as the latest retail chain to be breached after its parent company admitted that some customers� debit and credit card numbers had been compromised.
---------------------------------------------
http://nakedsecurity.sophos.com/2014/10/13/kmart-becomes-the-latest-retail-data-breach-victim/