Daily

daily@lists.cert.at

1 participants
3287 discussions

Tageszusammenfassung - Montag 21-07-2014
by Daily end-of-shift report 21 Jul '14

21 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 18-07-2014 18:00 − Montag 21-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** The Little Signature That Could: The Curious Case of CZ Solution *** --------------------------------------------- Malware authors are always looking for new ways to masquerade their actions. Attackers are looking for their malware to be not only fully undetectable, but also appear valid on a system, so as not to draw attention. Digital signatures are... --------------------------------------------- http://www.fireeye.com/blog/technical/2014/07/the-little-signature-that-cou… *** Keeping the RATs out: the trap is sprung - Part 3, (Sat, Jul 19th) *** --------------------------------------------- As we bring out three part series on RAT tools suffered upon our friends at Hazrat Supply we must visit the centerpiece of it all. The big dog in this fight is indeed the bybtt.cc3 file (Jake suspected this), Backdoor:Win32/Zegost.B. The file is unquestionably a PEDLL but renamed a .cc3 to hide on system like a CueCards Professional database file. Based on the TrendMicro writeup on this family, the backdoor drops four files, including %Program Files%\%SESSIONNAME%\{random characters}.cc3 This... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18415&rss *** Top 10 Common Database Security Issues *** --------------------------------------------- Introduction The database typically contains the crown jewels of any environment; it usually holds the most business sensitive information which is why it is a high priority target for any attacker. The purpose of this post is to create awareness among database administrators and security managers about some of the areas on which it is important to focus on when implementing a new database or hardening the security of an existing one. --------------------------------------------- https://www.nccgroup.com/en/blog/2014/07/top-10-common-database-security-is… *** Smart Meter Attack Scenarios *** --------------------------------------------- In our previous post, we looked at how smart meters were being introduced across multiple countries and regions, and why these devices pose security risks to their users. At their heart, a smart meter is simply... a computer. Let's look at our existing computers - whether they are PCs, smartphones, tablets, or embedded devices. Similarly, these... --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/smart-meter-atta… *** Angriffe auf Web-Server via Wordpress-Plugin MailPoet *** --------------------------------------------- Über eine kürzlich entdeckte Sicherheitslücke werden derzeit systematisch Server gekapert. Wer das Anfang Juli veröffentlichte Update noch nicht installiert hat, sollte das dringend nachholen. --------------------------------------------- http://www.heise.de/security/meldung/Angriffe-auf-Web-Server-via-Wordpress-… *** Home router security to be tested in upcoming hacking contest *** --------------------------------------------- Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference. The contest is called SOHOpelessly Broken - a nod to the small office/home office space targeted by the products - and follows a growing number of large scale attacks this year against routers and other home embedded systems. --------------------------------------------- http://www.cio.com/article/2455981/home-router-security-to-be-tested-in-upc… *** Sicherheitsforscher weist auf "Hintertüren" in iOS hin *** --------------------------------------------- Undokumentierte Systemdienste in iOS machen Angreifern das Auslesen von Nutzerdaten leicht, wenn das iPhone oder iPad mit einem Desktop-Computer lokal gepairt wurde, erklärt Jonathan Zdziarski - und hofft auf Antwort von Apple. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsforscher-weist-auf-Hintertu… *** Call for last-minute papers for VB2014 announced *** --------------------------------------------- Seven speaking slots waiting to be filled with presentations on hot security topics. --------------------------------------------- http://www.virusbtn.com/news/2014/07_21.xml?rss *** Heartbleed bedroht kritische Industrie-Kontrollsysteme *** --------------------------------------------- Über drei Monate nach Bekanntwerden der massiven Sicherheitslücke sind immer noch zahlreiche Systeme von Siemens ungeschützt. --------------------------------------------- http://futurezone.at/digital-life/heartbleed-bedroht-kritische-industrie-ko… *** VMSA-2014-0006.8 *** --------------------------------------------- VMware product updates address OpenSSL security vulnerabilities --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0006.html *** EMC RecoverPoint Internal Firewall Ruleset Error Lets Remote Users Bypass the Firewall *** --------------------------------------------- http://www.securitytracker.com/id/1030608 *** DSA-2981 polarssl *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-2981 *** DSA-2982 ruby-activerecord-3.2 *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-2982 *** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** VU#688812: Huawei E355 contains a stored cross-site scripting vulnerability *** --------------------------------------------- Vulnerability Note VU#688812 Huawei E355 contains a stored cross-site scripting vulnerability Original Release date: 21 Jul 2014 | Last revised: 21 Jul 2014 Overview The Huawei E355 built-in web interface contains a stored cross-site scripting vulnerability. Description Huawei E355 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to receive SMS messages using the connected cellular network.CWE-79: Improper... --------------------------------------------- http://www.kb.cert.org/vuls/id/688812 *** Bugtraq: CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs. *** --------------------------------------------- Vendor: Elasticsearch Product: Logstash CVE: CVE-2014-4326 Affected versions: Logstash 1.0.14 through 1.4.1 --------------------------------------------- http://www.securityfocus.com/archive/1/532841

1 0

Tageszusammenfassung - Freitag 18-07-2014
by Daily end-of-shift report 18 Jul '14

18 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 17-07-2014 18:00 − Freitag 18-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** SQL Injection Vulnerability - vBulletin 5.x *** --------------------------------------------- The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member list page. Every vBulletin user needs to upgrade to the latest version asap. vBulletin is a very popular forum sofware used on more than .. --------------------------------------------- http://blog.sucuri.net/2014/07/sql-injection-on-vbulletin-5-x.html *** Siemens OpenSSL Vulnerabilities *** --------------------------------------------- Siemens has identified four vulnerabilities in its OpenSSL cryptographic software library affecting several Siemens industrial products. Updates are available for APE 2.0.2 and WinCC OA (PVSS). The ROX 1, ROX 2, S7-1500, and CP1543-1 products do not have a patch at this time; however, Siemens has made mitigation recommendations. Siemens is continuing to work on patching these vulnerabilities. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-198-03 *** Cogent DataHub Code Injection Vulnerability *** --------------------------------------------- NCCIC/ICS-CERT has become aware of a code injection vulnerability affecting the Cogent DataHub application produced by Cogent Real-Time Systems, Inc. (hereafter referred to as Cogent). Security researcher John Leitch reported this vulnerability to the Zero Day Initiative (ZDI), who then reported it directly to Cogent. Successful exploitation of this vulnerability could allow remote execution of arbitrary code. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-198-01 *** Advantech WebAccess Vulnerabilities *** --------------------------------------------- NCCIC/ICS-CERT received a report from the Zero Day Initiative (ZDI) concerning vulnerabilities affecting the Advantech WebAccess application. These vulnerabilities were reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others. Advantech has produced an updated software version that mitigates these vulnerabilities. --------------------------------------------- http://ics-cert.us-cert.gov//advisories/ICSA-14-198-02 *** Mitigating UAF Exploits with Delay Free for Internet Explorer *** --------------------------------------------- After introducing the 'isolated heap' in June security patch for Internet Explorer, Microsoft has once again introduced several improvements in the July patch for Internet Explorer. The most interesting and smart improvement is one which we will call 'delay free.' This improvement is designed to mitigate Use After Free (UAF) vulnerability exploits .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/mitigating-uaf-e… *** DSA-2979 fail2ban *** --------------------------------------------- Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resulting in denial of service. --------------------------------------------- http://www.debian.org/security/2014/dsa-2979 *** Bugtraq: Microsoft MSN HBE - Blind SQL Injection Vulnerability *** --------------------------------------------- A boolean-based blind SQL Injection web vulnerability has been detected in the official MSN (habitos.be.msn.com) web application Service. The vulnerability allows remote attackers to inject own sql commands to compromise the affected .. --------------------------------------------- http://www.securityfocus.com/archive/1/532830 *** Critroni Crypto Ransomware Seen Using Tor for Command and Control *** --------------------------------------------- There's a new kid on the crypto ransomware block, known as Critroni, that's been sold in underground forums for the last month or so and is now being dropped by the Angler exploit kit. The ransomware includes a number of unusual features and researchers say .. --------------------------------------------- http://threatpost.com/critroni-crypto-ransomware-seen-using-tor-for-command… *** LibreSSL: Linuxer und OpenBSDler raufen sich zusammen *** --------------------------------------------- Anhand der Probleme bei der Portierung von LibreSSL auf andere Plattformen wie Linux kann man erkennen, wie aus OpenSSL so ein Security-Alptraum werden konnte. Und der ist noch längst nicht vorbei. --------------------------------------------- http://www.heise.de/security/meldung/LibreSSL-Linuxer-und-OpenBSDler-raufen…

1 0

Tageszusammenfassung - Donnerstag 17-07-2014
by Daily end-of-shift report 17 Jul '14

17 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-07-2014 18:00 − Donnerstag 17-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Kritische Sicherheitslücke gefährdet Router und Modems von Cisco *** --------------------------------------------- Neun Consumer-Router und Kabelmodems von Cisco sind anfällig für eine kritische Lücke, die es Angreifern aus dem Netz ermöglicht, das Gerät zu kapern. Auch deutsche Provider setzten die betroffenen Modelle ein. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Sicherheitsluecke-gefaehrdet… *** Cisco Wireless Residential Gateway Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscos… *** Cisco Cable Modem Buffer Overflow Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A remote user can send a specially crafted HTTP request to the target device to trigger a buffer overflow and execute arbitrary code on the target system. --------------------------------------------- http://www.securitytracker.com/id/1030598 *** Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- The specific flaw exists within the updating of mod_status. A race condition in mod_status allows an attacker to disclose information or corrupt memory with several requests to endpoints with handler server-status and other endpoints. By abusing this flaw, an attacker can possibly disclose credentials or leverage this situation to achieve remote code execution. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-236/ *** Zusatzinformationen zum Interview im Standard *** --------------------------------------------- Zusatzinformationen zum Interview im Standard16. Juli 2014Wir freuen uns (fast) immer, wenn wir in Medien zitiert werden, und wir damit eine deutlich breitere Masse erreichen, als nur über unsere direkten Kanäle (Webseite, RSS, Mail, Twitter).Nur: Interviews müssen meist recht schnell gehen, Journalisten arbeiten täglich mit harten Deadlines und auf Papier gibt es beschränkten Platz und keine Hyperlinks.Daher will ich hier ein bisschen Kontext zum Interview geben, das .. --------------------------------------------- http://www.cert.at/services/blog/20140716101643-1199.html *** SA-CORE-2014-003 - Drupal core - Multiple vulnerabilities *** --------------------------------------------- Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. (Denial of Service, Cross Site Scripting, Access Bypass) --------------------------------------------- https://www.drupal.org/SA-CORE-2014-003 *** SA-CONTRIB-2014-071 - FileField - Access bypass *** --------------------------------------------- A vulnerability was discovered in the FileField third-party module that could allow attackers to gain access to private files. --------------------------------------------- https://www.drupal.org/node/2304561 *** Kaum eingeführt, schon umgestellt: Apple verbessert iCloud-Mail-Verschlüsselung *** --------------------------------------------- Nur wenige Tage nach der Einführung einer Transportverschlüsselung für Apples iCloud-Mail-Dienste bessert der Konzern nach. Zumindest einige Server genügen jetzt aktuellen Anforderungen an gute Verschlüsselung. --------------------------------------------- http://www.heise.de/security/meldung/Kaum-eingefuehrt-schon-umgestellt-Appl… *** Pushdo Trojan outbreak: 11 THOUSAND systems infected in just 24 hours *** --------------------------------------------- A wave of attacks by cybercrooks pushing a new variant of the resilient Pushdo Trojan has compromised more than 11,000 systems in just 24 hours. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/17/pushdo_troj… *** Paper: Mayhem - a hidden threat for *nix web servers *** --------------------------------------------- New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system. --------------------------------------------- http://www.virusbtn.com/news/2014/07_17.xml *** Havex, It's Down With OPC *** --------------------------------------------- FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as 'Fertger' or 'PEACEPIPE'), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in .. --------------------------------------------- http://www.fireeye.com/blog/technical/targeted-attack/2014/07/havex-its-dow…

1 0

Tageszusammenfassung - Mittwoch 16-07-2014
by Daily end-of-shift report 16 Jul '14

16 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 15-07-2014 18:00 − Mittwoch 16-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** SSL Black List Aims to Publicize Certificates Associated With Malware *** --------------------------------------------- Malware and botnet operators are always adapting their tactics, trying to stay a step or two ahead of defensive technologies and techniques. One of the methods many attackers have adopted is using SSL to communicate with the infected machines they control, and a researcher has started a new .. --------------------------------------------- http://threatpost.com/ssl-black-list-aims-to-publicize-certificates-associa… *** Early Review of LibreSSL Finds Problematic PRNG *** --------------------------------------------- A critical vulnerability was reported in the random number generator in LibreSSL, a fork of OpenSSL. LibreSSL preview versions were released this weekend. --------------------------------------------- http://threatpost.com/early-review-of-libressl-finds-problematic-prng/107239 *** Critical Patch Update - July 2014 *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html *** About Two Recently Patched IBM DB2 LUW Vulnerabilities *** --------------------------------------------- IBM recently released patches for three security vulnerabilities affecting various versions of DB2 for Linux, Unix and Windows. This post will explore some more technical details of two of these vulnerabilities (CVE-2014-0907 and CVE-2013-6744) to help database administrators assess the risk of .. --------------------------------------------- http://blog.spiderlabs.com/2014/07/about-two-ibm-db2-luw-vulnerabilities-pa… *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix .. --------------------------------------------- http://support.citrix.com/article/CTX140984 *** Elipse E3 Scada PLC Denial Of Service *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070083 *** [2014-07-16] Multiple SSRF vulnerabilities in Alfresco Community Edition *** --------------------------------------------- The Alfresco Community Edition Server is prone to multiple Server Side Request Forgery vulnerabilities allowing access to internal resources for an unauthenticated attacker. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** HP Data Protector, Remote Execution of Arbitrary Code *** --------------------------------------------- A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. --------------------------------------------- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDispl… *** [2014-07-16] Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client" *** --------------------------------------------- Remote attackers can execute arbitrary code and execute other attacks on computers with the OpenVPN Access Server "Desktop Client" installed. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-07-16] Multiple critical vulnerabilities in Bitdefender GravityZone *** --------------------------------------------- Attackers are able to completely compromise the Bitdefender GravityZone solution as they can gain system and database level access. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Schwachstelle in Symfony: W0rm hackt Cnet *** --------------------------------------------- Die russische Hackergruppe W0rm hat sich Zugang zu den Servern der Nachrichtenwebseite Cnet verschafft. Die Datenbank mit Benutzerdaten wollen die Hacker für einen symbolische Betrag von einem Bitcoin verkaufen. --------------------------------------------- http://www.golem.de/news/schwachstelle-in-symfony-w0rm-hackt-cnet-1407-1079… *** Common Misconceptions IT Admins Have on Targeted Attacks *** --------------------------------------------- In our efforts around addressing targeted attacks, we often work with IT administrators from different companies in dealing with threats against their network. During these collaborations, we've recognized certain misconceptions that IT administrators - or perhaps enterprises in general - have in terms of targeted attacks. I will cover some of them in this .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/common-misconcep…

1 0

Tageszusammenfassung - Dienstag 15-07-2014
by Daily end-of-shift report 15 Jul '14

15 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 14-07-2014 18:00 − Dienstag 15-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Introduction to Smart Meters *** --------------------------------------------- While wearable personal technology may be the most 'public' face of the Internet of Everything, the most widespread use of it may be in smart meters. What is a smart meter, exactly? It's a meter for utilities (electricity, gas, or water) that records the consumption of the utility in question, and transmits it .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/introduction-to-… *** Disclosure: Insecure Nonce Generation in WPtouch *** --------------------------------------------- If you use the popular WPtouch plugin (5m+ downloads) on your WordPress website, you should update it immediately. During a routine audit for our WAF, we discovered a very dangerous vulnerability that could potentially allow a user with no administrative privileges, who was logged in .. --------------------------------------------- http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wpto… *** Five Year Old Phishing Campaign Unveiled *** --------------------------------------------- Details have been disclosed on a five-year-old phishing campaign where in attackers have pilfered victims's login credentials from Google, Yahoo, Facebook, Dropbox and Skype. --------------------------------------------- http://threatpost.com/five-year-old-phishing-campaign-unveiled/107197 *** OpenVPN PrivateTunnel ptservice privilege escalation *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/94482 *** HP StoreVirtual Bugs Let Remote Users Obtain Information and Remote Authenticated Users Gain Elevated Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1030567 *** Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates *** --------------------------------------------- A number of security vulnerabilities have been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway, formerly known .. --------------------------------------------- http://support.citrix.com/article/CTX140863 *** iCloud-Mail-Versand jetzt auch verschlüsselt *** --------------------------------------------- Als einer der letzten grossen Mail-Provider hat Apple nun die Sicherung des Transports gegen einfaches Mitlesen eingeschaltet. Die eingesetzten Verfahren lassen allerdings viel zu wünschen übrig. --------------------------------------------- http://www.heise.de/security/meldung/iCloud-Mail-Versand-jetzt-auch-verschl… *** OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070078 *** Oracle zur Zukunft von Java 7 unter Windows XP *** --------------------------------------------- Java 7 wird bis frühestens April 2015 mit Security-Updates versorgt. Alle weiteren Releases der vorletzten Java-Version bis dahin werden auch weiterhin mit dem nicht mehr von Microsoft offiziell unterstützten Windows XP funktionieren. --------------------------------------------- http://www.heise.de/security/meldung/Oracle-zur-Zukunft-von-Java-7-unter-Wi… *** The 'Forbidden' Apple: App Stores and the Illusion of Control Part I *** --------------------------------------------- There is no doubt we truly live in an 'App Economy.' From personal to professional, we direct and live our lives through our smart phones. But while we enjoy the latest games, stream the latest content or catch up on our friends activities, few think .. --------------------------------------------- http://research.zscaler.com/2014/07/the-forbidden-apple-app-stores-and.html *** And the mice will 'Play': App Stores and the Illusion of Control Part II *** --------------------------------------------- In the last blog, we began analyzing what we've termed the vApp Dichotomy' of the App Economy - The fact that we are at least as much the consumed, as we are the consumer. Our goal was to analyze popular apps from Apple's App Store and Google Play to .. --------------------------------------------- http://research.zscaler.com/2014/07/and-mice-will-play-app-stores-and.html *** Project Zero: Google baut Internet-Sicherheitsteam auf *** --------------------------------------------- Mit Vollzeit-Entwicklern im Project Zero will Google, das Sicherheitsforschung bisher nur nebenbei betrieben hat, das Internet sicherer machen und politisch Verfolgten helfen. --------------------------------------------- http://www.golem.de/news/project-zero-google-baut-internet-sicherheitsteam-… *** New Kronos Banking Malware Advertised On Russian Forums *** --------------------------------------------- Researchers have spotted a new banking Trojan advertised for sale on Russian forums. Kronos promises features that help it evade detection and analysis, such as a Ring3 rootkit. --------------------------------------------- http://threatpost.com/new-kronos-banking-malware-advertised-on-russian-foru…

1 0

Tageszusammenfassung - Montag 14-07-2014
by Daily end-of-shift report 14 Jul '14

14 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 11-07-2014 18:00 − Montag 14-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Oracle to release 115 security patches *** --------------------------------------------- Oracle is planning to release 115 security patches for vulnerabilities affecting a wide array of its products, including its flagship database, Java SE, Fusion Middleware and business applications. The update includes fixes for 20 weaknesses in Java SE, all of which can be exploited by an attacker remotely, without the need for login credentials, .. --------------------------------------------- http://www.cio.com/article/2453362/oracle-to-release-115-security-patches.h… *** VU#917348: Datum Systems satellite modem devices contain multiple vulnerabilities *** --------------------------------------------- The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no credentials required, which allows open access to sensitive areas of the file system. A remote unauthenticated attacker may be able to gain full control of the device. --------------------------------------------- http://www.kb.cert.org/vuls/id/917348 *** Cisco ASA CIFS Share Enumeration Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the WebVPN Common Internet File System (CIFS) access function of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, remote attacker to trigger a reload of the affected device. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Juniper Junos Unspecified Command Line Interface Flaw Lets Local Users Gain Root Privileges *** --------------------------------------------- A local user on the command line interface can invoke certain combinations of commands to gain root privileges on the target system. --------------------------------------------- http://www.securitytracker.com/id/1030559 *** Dell Sonicwall Scrutinizer 11.01 Code Execution / SQL Injection *** --------------------------------------------- Dell Sonicwall Scrutinizer suffers from several SQL injections, many of which can end up with remote code execution. An attacker needs to be authenticated, but not as an administrator. However, that wouldn not stop anyone since there is also a privilege escalation vulnerability in that .. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070065 *** Schrack MICROCONTROL XSS / Disclosure / Weak Default Password *** --------------------------------------------- The Microcontrol emergency light system, distributed by Schrack Technik GmbH, is an autarchic emergency light system, which is configurable over a web interface. Through the vulnerabilities described in this advisory an attacker can reconfigure the whole emergency light system without authentication. Furthermore he can perform attacks.. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070067 *** 'Gameover' malware returns from the dead *** --------------------------------------------- In early June 2014, a internationally co-ordinated law enforcement effort against the criminals behind the infamous Gameover malware pretty much wiped out their botnet altogether. Bad news - it looks as though Gameover is back... --------------------------------------------- http://nakedsecurity.sophos.com/2014/07/13/gameover-malware-returns-from-th… *** Popular password protection programs p0wnable *** --------------------------------------------- LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword all flawed Researchers have detailed a series of quickly patched vulnerabilities in five popular password managers that could allow attackers to steal user credentials. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/14/popular_web… *** Beware Keyloggers at Hotel Business Centers *** --------------------------------------------- The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests. --------------------------------------------- http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-cent… *** The Internet of Things: How do you "on-board" devices?, (Mon, Jul 14th) *** --------------------------------------------- Certified pre-pw0ned devices are nothing new. We talked years ago about USB picture frames that came with malware pre-installed. But for the most part, the malware was added to the device accidentally, or for example by customers who later returned the device just to have it resold without adequately resetting/wiping the device. But more recently, more evidence emerged that .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18387&rss *** Verschlüsselung: LibreSSL wird flügge *** --------------------------------------------- Die Entwickler des OpenSSL-Forks LibreSSL haben die erste Version ihrer Software veröffentlicht, die andere Plattformen als OpenBSD unterstützt. Damit schickt sich die SSL-Bibliothek an, eine echte Alternative zum Heartbleed-geplagten OpenSSL zu werden. --------------------------------------------- http://www.heise.de/security/meldung/Verschluesselung-LibreSSL-wird-fluegge… *** Understanding Ransomware *** --------------------------------------------- Our Cyber Defence Operations team, led by David Cannings, has published a new whitepaper on understanding ransomware. It looks at the impact, evolution and defensive strategies that can be employed by organisations. While the paper is primarily focused on Microsoft Windows due to the historic .. --------------------------------------------- https://www.nccgroup.com/en/blog/2014/07/understanding-ransomware/ *** VU#204988: Kaseyas agent driver contains NULL pointer dereference *** --------------------------------------------- Kaseyas agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference. A local authenticated attacker may be able to crash the application, thereby causing a denial of service. Kaseya has .. --------------------------------------------- http://www.kb.cert.org/vuls/id/204988 *** WordPress Download Manager 2.6.8 Shell Upload *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070062 *** Shopizer 1.1.5 Code Execution / XSS / CSRF / Data Manipulation *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070066

1 0

Tageszusammenfassung - Freitag 11-07-2014
by Daily end-of-shift report 11 Jul '14

11 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 10-07-2014 18:00 − Freitag 11-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Finding the Clowns on the Syslog Carousel, (Thu, Jul 10th) *** --------------------------------------------- So often I see clients faithfully logging everything from the firewalls, routers and switches - taking terabytes of disk space to store it all. Sadly, the interaction after the logs are created is often simply to make sure that the partition doesnt fill up - either old logs are just deleted, or each month logs are burned to DVD and filed away. The comment I often get is that logs entries are complex, and that the sheer volume of information makes it impossible to make sense of it. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18373&rss *** Security Advisory 2982792 released, Certificate Trust List updated *** --------------------------------------------- Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With this update, most customers will be automatically protected against this issue and will not need to take any action. If you do not have automatic updates enabled, or if you are on Windows Server... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2014/07/10/security-advisory-298279… *** Weekly Metasploit Update: Another Meterpreter Evasion Option *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/07/10/weekly-me… *** Website Malware - Mobile Redirect to BaDoink Porn App *** --------------------------------------------- A few weeks ago we reported that we were seeing a huge increase in the number of web sites compromised with a hidden redirection to pornographic content. It was a very tricky injection, with the redirection happening only once per day per IP address and only if the visitor was using a mobile device... --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/pAisQqonxQM/website-malware-m… *** VU#712660: Raritian PX power distribution software is vulnerable to the cipher zero attack. *** --------------------------------------------- Vulnerability Note VU#712660 Raritian PX power distribution software is vulnerable to the cipher zero attack. Original Release date: 10 Jul 2014 | Last revised: 10 Jul 2014 Overview Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. Description CWE-287: Improper Authentication - --------------------------------------------- http://www.kb.cert.org/vuls/id/712660 *** Oracle Critical Patch Update - July 2014 - Pre-Release Announcement *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html *** Cisco ASA Filter and Inspect Overlap Denial of Service Vulnerability *** --------------------------------------------- CVE-2013-5567 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Adobe Flash: The most INSECURE program on a UK users PC *** --------------------------------------------- XML a weak spot, but nothings as dire as Adobe player Adobe Flash Player was the most insecure program installed on UK computer users PCs throughout the second quarter of 2014, according to stats from vulnerability management firm Secunia. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/10/secunia_pc_… *** Crooks Seek Revival of "Gameover Zeus" Botnet *** --------------------------------------------- Cybercrooks today began taking steps to resurrect the Gameover ZeuS botnet, a complex crime machine that has been blamed for the theft more than $100 million from banks, businesses and consumers worldwide. The revival attempt comes roughly five weeks after the FBI joined several nations, researchers and security firms in a global and thus far successful effort to eradicate it. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/yLU9-y_8J-k/ *** VMSA-2014-0006.7 *** --------------------------------------------- VMware product updates address OpenSSL security vulnerabilities --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0006.html *** DSA-2976 eglibc *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-2976 *** osCommerce 2.3.4 - Multiple vulnerabilities *** --------------------------------------------- Topic: osCommerce 2.3.4 - Multiple vulnerabilities Risk: Medium Text:#Title: osCommerce 2.3.4 - Multiple vulnerabilities #Date: 10.07.14 #Affected versions: => 2.3.4 (latest atm) #Vendor: oscom... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070059 *** C99 Shell Authentication Bypass via Backdoor *** --------------------------------------------- Topic: C99 Shell Authentication Bypass via Backdoor Risk: Medium Text:# Exploit Title: C99 Shell Authentication Bypass via Backdoor # Google Dork: inurl:c99.php # Date: June 23, 2014 # Exploit A... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070057 *** Exploit emerges for LZO algo hole *** --------------------------------------------- Take one Nyan Cat, add Firefox and hope your Linux distro has been patched Security Mouse security researcher Don A Bailey has showcased an exploit of the Lempel-Ziv-Oberhumer (LZ0) compression algorithm running in the Mplayer2 media player and says it could leave some Linuxes vulnerable to attack. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/11/firefox_lzo… *** Microsoft entzieht Indischer CA das Vertrauen *** --------------------------------------------- Als Konsequenz auf die missbräuchlich ausgestellten Google-Zertifikate hat Microsoft die betroffenen SubCAs auf die Sperrliste gesetzt. Darüber hinaus wurde das ganze Ausmaß des Zwischenfalls bekannt: Betroffen sind 45 Domains - auch von Yahoo. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-entzieht-Indischer-CA-das-Ve… *** Lack of Certificate Pinning Exposes Encrypted iOS Gmail App Communication *** --------------------------------------------- Google has failed to implement certificate pinning in its official iOS Gmail application, which could enable Man-in-the-Middle attacks exposing encrypted user communications. --------------------------------------------- http://threatpost.com/lack-of-certificate-pinning-exposes-encrypted-ios-gma…

1 0

Tageszusammenfassung - Donnerstag 10-07-2014
by Daily end-of-shift report 10 Jul '14

10 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 09-07-2014 18:00 − Donnerstag 10-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** MSRT July 2014 - Caphaw *** --------------------------------------------- This month we added Win32/Caphaw and Win32/Bepush to the Malicious Software Removal Tool (MSRT). Caphaw is a malware family that can be used by criminals to gain access to your PC - the ultimate goal is to steal your financial or banking-related information. The graph below shows the number of machine encounters we have seen since September 2013. Figure 1: Caphaw encounters Caphaw can be installed on a PC via malicious links posted on Facebook, YouTube, and Skype. It can also spread through --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/07/08/msrt-july-2014-caphaw.as… *** International Authorities Take Down Shylock Banking Malware *** --------------------------------------------- Europol announced today that it, along with international law enforcement and industry partners, conducted a successful takedown of the infrastructure supporting the Shylock banking malware. --------------------------------------------- http://threatpost.com/international-authorities-take-down-shylock-banking-m… *** Certificate Errors in Office 365 Today, (Thu, Jul 10th) *** --------------------------------------------- It looks like theres a mis-assignment of certificates today at Office 365. After login, the redirect to portal.office.com reports the following error: portal.office.com uses an invalid security certificate. The certificate is only valid for the following names: *.bing.com, *.platform.bing.com, bing.com, ieonline.microsoft.com, *.windowssearch.com, cn.ieonline.microsoft.com, *.origin.bing.com, *.mm.bing.net, *.api.bing.com, ecn.dev.virtualearth.net, *.cn.bing.net, *.cn.bing.com, *.ssl.bing.com, --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18371&rss *** ZDI-14-224: (0Day) Embarcadero ER/Studio Data Architect TSVisualization ActiveX loadExtensionFactory Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Embarcadero ER/Studio Data Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-14-224/ *** SA-CONTRIB-2014-069 - Logintoboggan - Access Bypass and Cross Site Scripting (XSS) *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2014-069Project: LoginToboggan (third-party module)Version: 7.xDate: 2014-July-09Security risk: Moderately criticalExploitable from: RemoteVulnerability: Cross Site Scripting, Access bypassDescriptionThis module enables you to customise the standard Drupal registration and login processes.Cross Site ScriptingThe module doesnt filter user-supplied information from the URL resulting in a reflected Cross Site Scripting (XSS) vulnerability.Access BypassThe module --------------------------------------------- https://www.drupal.org/node/2300369 *** Cisco WebEx Meetings Client Vulnerabilities *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco Unified Communications Manager DNA Vulnerabilities *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products *** --------------------------------------------- cisco-sa-20140709-struts2 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Infoblox NetMRI Input Validation Flaw Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1030541 *** [2014-07-10] Multiple critical vulnerabilities in Shopizer webshop *** --------------------------------------------- The webshop software Shopizer is affected by multiple critical vulnerabilities. Attackers are able to completely compromise the system through arbitrary code execution or manipulate product prices or customer data. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-07-10] Multiple high risk vulnerabilities in Shopizer webshop *** --------------------------------------------- The webshop software Shopizer is affected by multiple high risk vulnerabilities. Attackers are able to bypass authentication / authorization and access invoice data of other customers. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-07-10] Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system *** --------------------------------------------- Unauthenticated attackers are able to reconfigure the Schrack MICROCONTROL emergency light system by accessing the file system via telnet or FTP. Furthermore a weak default password can be exploited. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-07-10] Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu *** --------------------------------------------- The vulnerability in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu enables an attacker to extract all the configured passwords without authentication. The attacker can use the extracted passwords to access the WebVisu and control the system. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Vulnerability in Citrix XenDesktop could result in unauthorized access to another users desktop *** --------------------------------------------- Severity: High Description of Problem A vulnerability has been identified in Citrix XenDesktop that could result in a user gaining unauthorized interactive access to another user's desktop. --------------------------------------------- http://support.citrix.com/article/CTX139591 *** HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Cloud Service Automation. The vulnerability could be exploited to allow unauthorized access and disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Software Operation Orchestration. The vulnerabilities could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Vuln: PHP unserialize() Function Type Confusion Security Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/68237

1 0

Tageszusammenfassung - Mittwoch 9-07-2014
by Daily end-of-shift report 09 Jul '14

09 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 08-07-2014 18:00 − Mittwoch 09-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** "Weaponized" exploit can steal sensitive user data on eBay, Tumblr, et al. *** --------------------------------------------- Google and Twitter already patched against potent "Rosetta Flash" attack. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/B_J-82SKyS4/ *** Who owns your typo?, (Wed, Jul 9th) *** --------------------------------------------- Heres one way how to get at sensitive data that seems to be making a comeback. Already in the olden days, it was popular with the crooks to register domain names that only differed by a typo from the name of a legitimate high traffic site. Googl.com, for example. The crooks would then run web pages with lots of advertisements on these domains, and live happily ever after from the ad revenue that the misdirected typo traffic alone brought their way. Google put a stop to this by registering, for --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18363&rss *** Exploiting IoT technologies *** --------------------------------------------- How many Internet of Things (IoT) devices do you have? From smart TVs to coffee machines, these devices are becoming more and more popular in both homes and offices. A team of researchers at NCC Group, led by technical director, Paul Vlissidis, conducted research into a number of IoT devices and looked at some of the ways that an attacker could exploit them. The team, which also consisted of Pete Beck and Felix Ingram, principal consultants, conducted a live demonstration which explored the --------------------------------------------- https://www.nccgroup.com/en/blog/2014/07/exploiting-iot-technologies/ *** Who inherits your IP address?, (Wed, Jul 9th) *** --------------------------------------------- Somewhat similar to the typo squatting story earlier, the recent proliferation of cloud service usage by enterprises has led to a new problem. For a project at a community college, we needed a couple servers, and didnt want (or have the funds) to build them on-site. In view of the limited duration of the experiment, we decided to "rent" the boxes as IaaS (infrastructure as a service) devices from two "cloud" providers. So far, all went well. But when we brought the instances --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18365&rss *** Yahoo Patches Bugs in Mail, Messenger, Flickr *** --------------------------------------------- Yahoo recently fixed a trio of remotely exploitable vulnerabilities in its services that could have let attackers execute a handful of nefarious tricks. --------------------------------------------- http://threatpost.com/yahoo-fixes-trio-of-bugs-in-mail-messenger-flickr/107… *** Trojan:W32/Lecpetex: Bitcoin miner spreading via FB messages *** --------------------------------------------- In early March this year, while investigating various threats as part of our Facebook malware cleanup effort, we ran across an interesting one that was spreading in zipped files attached to messages.The messages themselves were classic social engineering bait that lead the users to install the executable file in the attachment, which turned out to be a Bitcoin miner, which we identify as Trojan:W32/Lecpetex. Some of the more interesting details of our analysis are presented in our Lecpetex --------------------------------------------- http://www.f-secure.com/weblog/archives/00002725.html *** Indien stellte falsche Google-Zertifikate aus *** --------------------------------------------- Erneut kam es zu einem schwerwiegenden Zwischenfall bei einem Herausgeber von SSL-Zertifikaten: Die staatlich betriebene CA von Indien hat unter anderem Zertifikate für Google-Dienste herausgegeben. Diese eignen sich zum Ausspähen von SSL-Traffic. --------------------------------------------- http://www.heise.de/security/meldung/Indien-stellte-falsche-Google-Zertifik… *** DPAPI vulnerability allows intruders to decrypt personal data *** --------------------------------------------- Passcape Software has discovered a DPAPI vulnerability that could potentially lead to unauthorized decryption of personal data and passwords of interactive domain users. The vulnerability is present in all Windows Server operating systems. --------------------------------------------- http://www.net-security.org/secworld.php?id=17094 *** ATTACK of the Windows ZOMBIES on point-of-sale terminals *** --------------------------------------------- Infosec bods infiltrate botnet, uncover crap password security Security watchers have spotted a fresh Windows-based botnet that attempts to hack into point-of-sale systems. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/09/botnet_brut… *** Security updates available for Adobe Flash Player (APSB14-17) *** --------------------------------------------- July 8, 2014 --------------------------------------------- http://blogs.adobe.com/psirt/?p=1108 *** MS14-JUL - Microsoft Security Bulletin Summary for July 2014 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS14-JUL *** Assessing risk for the July 2014 security updates *** --------------------------------------------- Today we released six security bulletins addressing 29 unique CVE's. Two bulletins have a maximum severity rating of Critical, three have maximum severity Important, and one is Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. --------------------------------------------- http://blogs.technet.com/b/srd/archive/2014/07/08/assessing-risk-for-the-ju… *** VMSA-2014-0006.6 *** --------------------------------------------- VMware product updates address OpenSSL security vulnerabilities --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2014-0006.html *** Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability *** --------------------------------------------- CVE-2014-3313 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Yokogawa Centum Buffer Overflow Vulnerability *** --------------------------------------------- Advisory Document --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01 *** DSA-2974 php5 *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-2974 *** DSA-2973 vlc *** --------------------------------------------- security update --------------------------------------------- http://www.debian.org/security/2014/dsa-2973 *** HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP Operations Analytics. The vulnerability could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** ABB Relion 650 Series OpenSSL Vulnerability (Update A) *** --------------------------------------------- Advisory Document --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-126-01A *** Cisco IOS Software and Cisco IOS XE Software NTP Access Group Vulnerability *** --------------------------------------------- CVE-2014-3309 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-14:17.kmem *** --------------------------------------------- http://www.securityfocus.com/archive/1/532698 *** Juniper Security Bulletins *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10634&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10633&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10638&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10637&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10641&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10635&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10613&actp=RSS http://kb.juniper.net/index?page=content&id=JSA10640&actp=RSS *** IBM Security Bulletin: IBM InfoSphere Guardium System x/Flex Systems appliances are affected by vulnerabilities in OpenSSL *** --------------------------------------------- IBM InfoSphere Guardium System x/Flex Systems appliances are affected by vulnerabilities in OpenSSL (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470) Security vulnerabilities have been discovered in OpenSSL. CVE(s): CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-5298 Affected product(s) and affected version(s): Hardware versions affected: InfoSphere Guardium Collector X1000 InfoSphere --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin… *** IBM Security Bulletin: Rational Systems Tester is affected by Libxml2 vulnerability (CVE-2014-0191) *** --------------------------------------------- Denial-Of-service vulnerability has been discovered in Libxml2 that was reported on May 09, 2014 CVE(s): CVE-2014-0191 Affected product(s) and affected version(s): Rational Systems Tester 3.3, 3.3.0.1, 3.3.0.2, 3.3.0.3, 3.3.0.4, 3.3.0.5, 3.3.0.6, 3.3.0.7 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21678183 X-Force Database: http://xforce.iss.net/xforce/xfdb/93092 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin…

1 0

Tageszusammenfassung - Dienstag 8-07-2014
by Daily end-of-shift report 08 Jul '14

08 Jul '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 07-07-2014 18:00 − Dienstag 08-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Multi Platform *Coin Miner Attacking Routers on Port 32764, (Mon, Jul 7th) *** --------------------------------------------- Thanks to reader Gary for sending us in a sample of a *Coin miner that he found attacking Port 32764. Port 32764 was recently found to offer yet another backdoor on Sercomm equipped devices. We covered this backdoor before [1] The bot itself appears to be a variant of the "zollard" worm sean before by Symantec [2]. Symantecs writeup describes the worm as attacking a php-cgi vulnerability, not the Sercomm backdoor. But this worm has been seen using various exploits. Here some quick,... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=18353&rss *** When Adware Goes Bad: The Installbrain and Sefnit Connection *** --------------------------------------------- "Monetize On Non-buyers" is the bold motto of InstallBrain-adware that turns out to have been developed by an Israeli company called iBario Ltd. This motto clearly summarizes the potential risks adware companies can introduce to users, especially when they install stuff on... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nRXcb4Udr5o/ *** IEEE expands malware initiatives *** --------------------------------------------- Clearing-house for software metadata Standards body the IEEE has launched two new anti-malware initiatives designed to help software and security vendors spot malware thats been inserted into other software, and improve the performance of malware detection by cutting down on false positives. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/07/08/ieee_expand… *** NTT Group 2014 Global Threat Intelligence Report *** --------------------------------------------- The NTT Group 2014 Global Threat Intelligence Report (GTIR) emphasizes that the security basics, when done right, can be enough to mitigate and even avoid high-profile, costly data breaches altogether. Using statistics and real-world case studies, the report shows that combining threat avoidance and threat response capabilities into a strategic approach provides the best chance to reduce the impact of threats. --------------------------------------------- http://www.solutionary.com/research/threat-reports/annual-threat-report/ntt… *** Paper: VBA is not dead! *** --------------------------------------------- Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate. --------------------------------------------- http://www.virusbtn.com/news/2014/07_07.xml?rss *** Android Vulnerability Allows Applications to Make Unauthorized Calls without Permissions *** --------------------------------------------- A major vulnerability believed to be present in most versions of Android can allow a malicious Android applications on the Android app store to make phone calls on a user's device, even when they lack the necessary permissions. The critical vulnerability was identified and reported to Google Inc. late last year by researchers from German security firm Curesec. The researchers believe the... --------------------------------------------- http://thehackernews.com/2014/07/android-vulnerability-allows.html *** Google Android / eduroam-Zugangsdaten *** --------------------------------------------- Bei mobilen Geräten mit Android-Betriebssystem ist die Default-Konfiguration für die Option CA-Zertifikat für WLAN-Verbindungen "keine Angabe". Konkret bedeutet dieses als normal dokumentierte Verhalten, dass die Prüfung der Zertifikatskette komplett deaktiviert ist, d.h. jedes beliebige Zertifikat wird ohne weitere Warnung akzeptiert. Erschwerend kommt hinzu,... --------------------------------------------- https://www.dfn-cert.de/aktuell/Google-Android-Eduroam-Zugangsdaten.html *** How not to tell your customers how much you care about their security *** --------------------------------------------- Weve written before about "what not to do" when sending emails to your customers. Heres another example, with an explanation of why doing the right thing will be better for everyone - including your marketing team! - in the long run. --------------------------------------------- http://nakedsecurity.sophos.com/2014/07/08/how-not-to-tell-your-customers-h… *** Metadaten gegen Viren-Fehlerkennugen *** --------------------------------------------- Die IEEE hat eine Datenbank für Metadaten von Binaries gestartet. Sie liefert Informationen, über die ein Virenscanner eindeutig feststellen kann, ob eine Datei gutartig ist. --------------------------------------------- http://www.heise.de/security/meldung/Metadaten-gegen-Viren-Fehlerkennugen-2… *** GKsu and VirtualBox Root Command Execution by Filename (CVE-2014-2943) *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbo… *** Bugtraq: Backdoor access to Techboard/Syac devices *** --------------------------------------------- http://www.securityfocus.com/archive/1/532665 *** [remote] - Oracle Event Processing FileUploadServlet Arbitrary File Upload *** --------------------------------------------- http://www.exploit-db.com/exploits/33989 *** Vuln: GitList CVE-2014-4511 Unspecified Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/68253 *** Security Advisory-Apache Struts2 vulnerability on Huawei multiple products *** --------------------------------------------- Jul 07, 2014 21:09 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Apple iTunes 11.2.2 Insecure Libraries *** --------------------------------------------- Topic: Apple iTunes 11.2.2 Insecure Libraries Risk: High Text:Hi @ll, Apples current iTunes 11.2.2 for Windows comes with the following COMPLETELY outdated and vulnerable 3rd party libr... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070042 *** Apache Syncope Insecure Password Generation *** --------------------------------------------- Topic: Apache Syncope Insecure Password Generation Risk: Medium Text:CVE-2014-3503: Insecure Random implementations used to generate passwords in Apache Syncope Severity: Major Vendor: The ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014070039 *** Vuln: WordPress Easy Banners Plugin easy-banners.php Cross Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/68281 *** Vuln: WordPress Custom Banners Plugin options.php Cross Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/68279 *** TYPO3 CMS 4.5.35, 6.1.10 and 6.2.4 released *** --------------------------------------------- The TYPO3 Community announces the versions 4.5.35, 6.1.10 and 6.2.4 of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes. --------------------------------------------- https://typo3.org/news/article/typo3-cms-4535-6110-and-624-released/ *** HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access *** --------------------------------------------- Potential security vulnerabilities have been identified with HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily