Tageszusammenfassung - Samstag 5-10-2013

End-of-Shift report

Timeframe: Donnerstag 03-10-2013 18:00 − Freitag 04-10-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl

Adobe Preparing Critical Patches for Reader, Acrobat Next Week

Adobe has announced that it plans next week to patch critical vulnerabilities in two products, Adobe Reader and Acrobat XI (11.0.04) for Windows.

http://threatpost.com/adobe-preparing-critical-patches-for-reader-acrobat-next-week/102513

Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067)

Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) CVE(s): CVE-2013-4066, CVE-2013-4067 Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerabilities_exist_in_ibm_infosphere_information_server_cve_2013_4066_and_cve_2013_4067?lang=en_us

Hacking Summit Names Nations With Cyberwarfare Capabilities

In 2009, I read with great interest a paper published in the Journal of International Security Affairs titled The Art of (Cyber) War. In this paper, Brian M. Mazanec explained the People's Republic of China was interested in cyberwarfare and had improved its capabilities to conduct military operations in the cyberspace.

http://blogs.mcafee.com/mcafee-labs/hacking-summit-names-nations-with-cyberwarfare-capabilities

AIX printer commands vulnerability (CVE-2013-5419)

AIX printer commands vulnerability. CVE(s): CVE-2013-5419 Affected product(s) and affected version(s): AIX 6.1 and 7.1 releases Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc X-Force Database: http://xforce.iss.net/xforce/xfdb/87481

https://www-304.ibm.com/connections/blogs/PSIRT/entry/aix_printer_commands_vulnerability_cve_2013_5419?lang=en_us

CSAM: Web Honeypot Logs, (Thu, Oct 3rd)

Todays logs come from a honeypot. The fun part about honeypots is that you dont have to worry about filtering out "normal" logs. Usually I check the honeypot for anything new and interesting first, then look on my real web server to figure out if I see similar attacks. In the real web server, these attack would otherwise drown in the noise. SSL Conection to a web server not supporting SSL Invalid method in request \x80w\x01\x03\x01 The first few bytes of the request are interpreted

http://isc.sans.edu/diary.html?storyid=16718&rss

Blog: Ekoparty Security Conference 2013

The Ekoparty Security Conference 2013 was held in the beautiful city of Buenos Aires, Argentina, from 25 to 27 September, This event,the most important security conference in Latin America, is now in is ninth year and was attended by 1,500 people

http://www.securelist.com/en/blog/208214073/Ekoparty_Security_Conference_2013

Adobe To Announce Source Code, Customer Data Breach

Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its Cold Fusion Web application platform, and possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts.

http://feedproxy.google.com/~r/KrebsOnSecurity/~3/jWJBDb7eE-o/

October Patch Tuesday Preview (CVE-2013-3893 patch coming!)

So far, we got pre-announcements from Microsoft and Adobe. Microsoft promises 8 bulletins, split evenly between critical and important. The critical bulletins affect Windows, Internet Explorer and the .Net framework, while the important bulletins affect Office and Silverlight. So this sounds like an average, very client heavy patch Tuesday. On the server end, only Sharepoint server (again) and Office Server are affected. Important: The cumulative IE update included will include a patch for

http://isc.sans.edu/diary.html?storyid=16721&rss

EMC Atmos Unauthenticated Database Access

Topic: EMC Atmos Unauthenticated Database Access Risk: High Text:ESA-2013-062: EMC Atmos Unauthenticated Database Access Vulnerability EMC Identifier: ESA-2013-062 CVE Identifier: C...

http://cxsecurity.com/issue/WLB-2013100034

SQL injection vulnerability in Zabbix

The monitoring solution Zabbix is vulnerable to SQL injection. Attackers are able to gain access to database contents or elevate privileges and even take over the monitoring system.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20131004-0_Zabbix_SQL_injection_v10.txt

Commercially available Blackhat SEO enabled multi-third-party product licenses empowered VPSs spotted in the wild

In this post, I'll discuss a recent example of standardization, in particular, a blackhat SEO friendly VPS (Virtual Private Server) that comes with over a dozen multi-blackhat-seo-friendly product licenses from third-party products integrated. It empowers potential customers new to this unethical and potentially fraudulent/malicious practice with everything they need to hijack legitimate traffic from major search engines internationally.

http://www.webroot.com/blog/2013/10/04/commercially-available-blackhat-seo-enabled-multi-third-party-bhseo-product-licenses-empowered-vps-servers-spotted-wild/

Certain HP FutureSmart MFP, Weak PDF Encryption, Local Disclosure of Information

Potential security vulnerabilities have been identified with certain HP FutureSmart LaserJet printers. The vulnerabilities might lead to weak encryption of PDF documents or local disclosure of scanned information. References: CVE-2013-4828 (SSRT101249) CVE-2013-4829 (SSRT101327)

http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03888014

Apple OS X Directory Services Authentication Flaw Lets Local Users Gain Elevated Privileges

OS X v10.8.5 Supplemental Update Directory Services Available for: OS X Mountain Lion v10.8 to v10.8.5 Impact: A local user may modify Directory Services records with system privileges Description: A logic issue existed in Directory Servicess verification of authentication credentials allowing a local attacker to bypass password validation. The issue was addressed through improved credential validation.

http://support.apple.com/kb/HT5964

Hintergrund: Todesurteil für Verschlüsselung in den USA

Die Anordnung eines US-Gerichts, Ermittlungsbeamten den geheimen Schlüssel zu übergeben, mit dem sie Zugriff auf die Daten aller Lavabit-Kunden erhielten, ruiniert den letzten Rest Vertrauen in die amerikanischen Cloud-Anbieter.

http://www.heise.de/security/artikel/Todesurteil-fuer-Verschluesselung-in-den-USA-1972561.html

Corel PaintShop Pro X5 / X6 Insecure Library Loading Vulnerability

https://secunia.com/advisories/53618

McAfee Agent Framework Service Denial of Service Vulnerability

https://secunia.com/advisories/55158