[CERT-daily] Tageszusammenfassung - Donnerstag 4-09-2014

Thu Sep 4 18:04:43 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 03-09-2014 18:00 − Donnerstag 04-09-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Paper: Prosecting the Citadel botnet - revealing the dominance of the Zeus descendent: part one ***
---------------------------------------------
Aditya K. Sood and Rohit Bansal dissect botnet primarily used for financial fraud.It is unlikely that anyone still thinks that cybercrime is performed by 16-year-old kids who write short pieces of code that wreak havoc all over the world, but if you do still hold that belief, it wont hurt to take a look behind the scenes of a modern botnet operation. Todays botnets show how cybercrime has become a professional industry in which many tactics seen in the legitimate e-commerce and IT service
---------------------------------------------
http://www.virusbtn.com/blog/2014/09_03.xml


*** [webapps] - vBulletin 4.0.x - 4.1.2 (search.php, cat param) - SQL Injection Exploit ***
---------------------------------------------
http://www.exploit-db.com/exploits/34526


*** WordPress Plugins Bogged Down with CSRF, XSS Vulnerabilities ***
---------------------------------------------
A handful of bugs, mostly XSS and CSRF vulnerabilities, have been plaguing at least eight different Wordpress plugins as of late.
---------------------------------------------
http://threatpost.com/wordpress-plugins-bogged-down-with-csrf-xss-vulnerabilities/108058


*** CERT/CC Enumerates Android App SSL Validation Failures ***
---------------------------------------------
The CERT Coordination Center at Carnegie Mellon today released a list of Android applications hosted on Google Play and Amazon that it says fail to validate SSL certificates over HTTPS.
---------------------------------------------
http://threatpost.com/certcc-enumerates-android-app-ssl-validation-failures/108067


*** Splunk Enterprise 6.0.6 addresses two vulnerabilities ***
---------------------------------------------
Description Splunk Enterprise version 6.0.6 addresses the following vulnerabilities: OpenSSL TLS protocol downgrade attack (SPL-88587, CVE-2014-3511) Reflective cross-site scripting (XSS) referer header vulnerability (SPL-85360) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk ..
---------------------------------------------
http://www.splunk.com/view/SP-CAAANE2


*** Identifying Firewalls from the Outside-In. Or, "Theres Gold in them thar UDP ports!", (Thu, Sep 4th) ***
---------------------------------------------
In a penetration test, often the key to bypassing a security control is as simple as knowing identifying the platform its implemented on. In other words, its a lot easier to get past something if you know what it is. For instance, quite often youll be probing a set of perimeter addresses, and if there are no vulnerable hosts NAT-ed out for you, you might start ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18617


*** Mozilla Firefox <v32 Secret Leak PoC ***
---------------------------------------------
Depending on a variety of factors, problems like that may leak secrets across web origins, or more prosaically, may help attackers bypass security measures such as ASLR. This code is a proof of concept for versions prior to 32.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014090017


*** heap overflow in procmails formail utility ***
---------------------------------------------
prcomails formail utility is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when parsing addresses with unbalanced quotes. By sending an overly long argument, a remote attacker could overflow a buffer ..
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95688


*** Kostenloses G-Data-Tool schützt vor BadUSB-Angriffen ***
---------------------------------------------
Der G Data USB Keyboard Guard kontrolliert neu an den PC angeschlossene Tastaturen. Der Anwender kann damit entscheiden, ob er diese tatsächlich benutzen will oder ob er einen Angriff befürchtet und das Gerät lieber aussperrt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Kostenloses-G-Data-Tool-schuetzt-vor-BadUSB-Angriffen-2329545.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** Akamai warnt vor Linux-Server-Botnet ***
---------------------------------------------
Mit einer Sicherheitswarnung mit "Risikofaktor: Hoch" warnt Netzwerk-Spezialist Akamai vor einem Botnetz aus Linux-Servern, das verteilte DoS-Attacken durchführt, um andere Server in die Knie zu zwingen.
---------------------------------------------
http://www.heise.de/security/meldung/Akamai-warnt-vor-Linux-Server-Botnet-2344811.html


*** zAnti - Android Penetration Testing Toolkit (Free!) ***
---------------------------------------------
zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety. zANTI offers a comprehensive range of fully customizable scans to reveal everything from authentication, backdoor and brute-force attempts to database, DNS and protocol-specific attacks - including rogue access points.
---------------------------------------------
http://hack-tools.blackploit.com/2014/09/zanti-android-penetration-testing.html


*** New file-encrypting ransomware called CryptoGraphic Locker ***
---------------------------------------------
A new file-encrypting ransomware was discovered today by BartBlaze called CryptoGraphic Locker. Just like other encrypting ransomware, this infection will scan your your data files and encrypt them so that they are unusable. The infection will then display a ransom note that requires you to purchase ..
---------------------------------------------
http://www.bleepingcomputer.com/forums/t/546749/new-file-encrypting-ransomware-called-cryptographic-locker/


*** Apple OS X: Security Through Obscurity is becoming an Absurdity ***
---------------------------------------------
Today's blog on a new Mac malware is a reminder that attackers go where the money is. Apple usage within the enterprise is growing rapidly, with 52 percent of newly issued computers being Macs according to Forrester. Forrester also ..
---------------------------------------------
http://www.fireeye.com/blog/corporate/2014/09/apple-os-x-security-through-obscurity-is-becoming-an-absurdity.html


*** Forced to Adapt: XSLCmd Backdoor Now on OS X ***
---------------------------------------------
Introduction FireEye Labs recently discovered a previously unknown variant of the APT backdoor XSLCmd - OSX.XSLCmd - which is designed to compromise Apple OS X systems. This ..
---------------------------------------------
http://www.fireeye.com/blog/technical/malware-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html


*** VU#855836: Arris Touchstone cable modem information leakage vulnerabiliity ***
---------------------------------------------
Arris Touchstone DG950A cable modem enables SNMP public access by default.  Description CWE-200 - Information ExposureThe Arris Touchstone DG950A cable modem running software version 7.10.131 was found to expose sensitive ..
---------------------------------------------
http://www.kb.cert.org/vuls/id/855836


*** Semalt botnet hijacked nearly 300k computers ***
---------------------------------------------
The "Semalt" botnet is quickly spreading across the Internet, Incapsula researchers warn. The botnet is named after a Ukrainian startup that poses as a legitimate online SEO service, and it currently numbers around 290,000 malware infected machines that continually spam millions of websites in a large-scale, referrer spam campaign.
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2857