[CERT-daily] Tageszusammenfassung - Freitag 19-09-2014

Daily end-of-shift report team at cert.at
Fri Sep 19 18:09:50 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 18-09-2014 18:00 − Freitag 19-09-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl



*** WordFence WordPress Security Plugin Pushes a Security Update ***
---------------------------------------------
If you are one of the many users of the WordPress Security Plugin, WordFence, we highly encourage you to update. They recently pushed out an important security update that ..
---------------------------------------------
http://blog.sucuri.net/2014/09/security-disclosure-the-wordfence-wordpress-security-plugin-pushes-a-security-update.html



*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3379
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3378
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3377
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3376




*** CosmicDuke and the latest political news ***
---------------------------------------------
After we had published the CosmicDuke report in July 2014, we continued to actively follow the malware. Today, we discovered two new samples that both leverage timely, political topics to deceive the recipient into opening ..
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002745.html




*** Nuclear exploit kit - complete infection cycle ***
---------------------------------------------
Zscaler ThreatLabZ has been seeing a steady increase in the Nuclear Exploit Kit (EK) traffic over the past few weeks. The detection of malicious activity performed by this EK remains low, due to usage of dynamic content and heavy ..
---------------------------------------------
http://research.zscaler.com/2014/09/nuclear-exploit-kit-complete-infection.html



*** Web Scan looking for /info/whitelist.pac, (Fri, Sep 19th) ***
---------------------------------------------
Nathan reported today that he has been seeing a new trend of web scanning against his webservers looking for /info/whitelist.pac. The scanning he has observed is over SSL. He has been ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18675




*** Asterisk res_fax_spandsp Module Processing Flaw Lets Remote Authenticated Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1030876




*** Asterisk SIP SUBSCRIBE Type Handling Flaw Lets Remote Authenticated Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1030875




*** Android ist in Zukunft standardmässig verschlüsselt ***
---------------------------------------------
Wie Google offiziell bekannt gegeben hat, wird die Verschlüsselungsfunktion in Android L erstmals ab Werk eingeschaltet sein.
---------------------------------------------
http://futurezone.at/produkte/android-ist-in-zukunft-standardmaessig-verschluesselt/86.632.469




*** Advantech WebAccess Vulnerabilities ***
---------------------------------------------
Researcher Ricardo Narvaja of Core Security Technologies has identified several buffer overflow vulnerabilities in Advantech's WebAccess application. Advantech has produced a patch that mitigates these vulnerabilities. The researcher has ..
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-261-01




*** Bugtraq: CVE ID Syntax Change - Deadline Approaching ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533478




*** How to Detect SQL Injection Attacks ***
---------------------------------------------
SQL Injection (SQLi) attacks have been around for over a decade. You might wonder why they are still so prevalent. The main reason is that they still work on quite a few web application targets. In fact, according to Veracode's 2014 State of Security Software Report , SQL injection vulnerabilities still ..
---------------------------------------------
http://thehackernews.com/2014/09/how-to-detect-sql-injection-attacks.html




*** Hackerangriff auf Home Depot: 56 Millionen Kreditkarten betroffen ***
---------------------------------------------
Hacker sind weiter auf Beutezug durch den US-Einzelhandel: Erst verschafften sie sich Zugriff auf rund 40 Millionen Bankkarten bei Target-Supermärkten, jetzt könnten bei der Baumarktkette Home Depot 56 Millionen Karten betroffen sein.
---------------------------------------------
http://www.heise.de/security/meldung/Hackerangriff-auf-Home-Depot-56-Millionen-Kreditkarten-betroffen-2399827.html




*** Cloudflare: TLS-Verbindungen ohne Schlüssel sollen Banken schützen ***
---------------------------------------------
Cloudflare bietet Kunden künftig ein neues Feature namens Keyless SSL, mit dem der Teil des TLS-Handshakes, der den privaten Schlüssel benötigt, ausgelagert werden kann. Damit können Unternehmen die Kontrolle über den Schlüssel behalten.
---------------------------------------------
http://www.golem.de/news/cloudflare-tls-verbindungen-ohne-schluessel-sollen-banken-schuetzen-1409-109351.html




*** XSS: Cross-Site-Scripting über DNS-Records ***
---------------------------------------------
Eine besonders kreative Variante einer Cross-Site-Scripting-Lücke macht auf der Webseite Hacker News die Runde: Mittels eines TXT-DNS-Records lässt sich auf zahlreichen Webseiten Javascript einfügen.
---------------------------------------------
http://www.golem.de/news/xss-cross-site-scripting-ueber-dns-records-1409-109354.html





More information about the Daily mailing list