[CERT-daily] Tageszusammenfassung - Mittwoch 17-09-2014

Daily end-of-shift report team at cert.at
Wed Sep 17 18:07:52 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 16-09-2014 18:00 − Mittwoch 17-09-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** https://yourfakebank.support -- TLD confusion starts!, (Tue, Sep 16th) ***
---------------------------------------------
Pretty much ever since the new top level domain (TLD) ".biz" went online a couple years ago, and the only ones buying domains in this space were the scammers, we kinda knew what would happen when ICANNs latest folly and money-grab went live. It looks like a number of the "new" top level domains, like ".support", ".club", etc have now come online. And again, it seems like only the crooks are buying. We are currently investigating a wave of phishing emails
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18651&rss




*** Hintergrund: Nach Snowden: Wenig Schlaf für Kryptoforscher ***
---------------------------------------------
Bei der Internet Engineering Task Force in Toronto stellte Lange vor kurzem einen Überblick über elliptische Kurven Verschlüsselung vor und riet dringend, sich für neuere Varianten zu entscheiden. Sie sprach am Rande der Veranstaltung mit heise Security.
---------------------------------------------
http://www.heise.de/security/artikel/Nach-Snowden-Wenig-Schlaf-fuer-Kryptoforscher-2392236.html




*** Virus activity overview: Adware and other security events of August 2014 ***
---------------------------------------------
September 1, 2014 The last summer month of 2014 witnessed not only a large number of encryption Trojans in action but also a myriad of malicious programs displaying annoying (and sometimes fraudulent) ads in an effort to generate revenue for the criminals behind them. Also at summers end, Chinese attackers intensified their efforts to port certain Linux malware programs to Windows. In addition, security researchers discovered new threats to Android. Viruses Statistics collected by Dr.Web
---------------------------------------------
http://news.drweb.com/show/?i=5935&lng=en&c=9




*** Netzwerkanalyse-Tool Message Analyzer in Version 1.1 veröffentlicht ***
---------------------------------------------
Microsoft hat sein Sniffing- und Analysetool Message Analyzer in der Version 1.1 herausgebracht. Die neue Fassung schneidet unter anderem Netzwerkdaten aus der Ferne mit oder entschlüsselt SSL-gesicherte Datenströme.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Netzwerkanalyse-Tool-Message-Analyzer-in-Version-1-1-veroeffentlicht-2394627.html/from/rss09?wt_mc=rss.ho.beitrag.rdf




*** Understanding the WordPress Security Plugin Ecosystem ***
---------------------------------------------
As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one persons ear, and that message gets relayed around the circle? Wasn't it always funny to see what the final message received would be? Oh and how it would have morphed as it was processed and conveyed by each individual in the group. This is what I see when I look at the WordPress Security Ecosystem.
---------------------------------------------
http://blog.sucuri.net/2014/09/understanding-the-wordpress-security-plugin-ecosystem.html




*** FreeBSD Denial of Service advisory (CVE-2004-0230), (Tue, Sep 16th) ***
---------------------------------------------
A vulnerability has been discovered by Johnathan Looney at the Juniper SIRT in FreeBSD (base for Junos and many other products) in the way that FreeBSD processes certain TCP packets (https://www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc) If you send TCP SYN packets for an existing connection (i.e. the correct source IP, source port, destination IP, destination port combination) the operating system will tear down the connection.  The attack is similar to the "slipping in the
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18657&rss




*** EMC Documentum Content Server Flaws Let Remote Authenticated Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1030855




*** Bugtraq: Android Bluetooth Pairing Packet Processing Vulnerability (by wangzq from NCNIPC) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533462




*** DSA-3025-1 apt -- security update ***
---------------------------------------------
It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages downloaded by the apt-get download command (CVE-2014-0490). For the stable distribution (wheezy), these problems have been fixed in version...
---------------------------------------------
https://www.debian.org/security/2014/dsa-3025




*** Schneider Electric SCADA Expert ClearSCADA Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for three vulnerabilities in Schneider Electric's StruxureWare SCADA Expert ClearSCADA.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-259-01




*** IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_upgrade_jre_used_by_cics_da_server_to_avoid_security_vulnerability?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_sql_injection_and_incorrect_handling_of_ssh_connection_vulnerability_in_qradar_cve_2014_4824_cve_2014_4826?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_openssl_affect_tivoli_workload_scheduler_for_application_list_applicable_cve_2014_3505_cve_2014_3506_cve_2014_3507_cve_2014_3510?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_affect_tivoli_provisioning_manager_for_software?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_cognos_bi_server_is_affected_by_the_following_vulnerabilities_cve_2014_0107_cve_2014_0075_cve_2014_0096_cve_2014_0099_cve_2014_0119_cve_2014_0878_cve_2014_0460?lang=en_us


More information about the Daily mailing list