End-of-Shift report
Timeframe: Montag 07-10-2013 18:00 − Dienstag 08-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-13-095-02 Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities that was published April 5, 2013, on the ICS-CERT Web page.
http://ics-cert.us-cert.gov/advisories/ICSA-13-095-02A
Quarian Group Targets Victims With Spearphishing Attacks
The current generation of targeted attacks are getting more sophisticated and evasive. These attacks employ media-savvy stories in their social engineering themes to lure unsuspecting users. We have seen heightened activity by one of the groups, dubbed Quarian. It is believed to be targeting government agencies and embassies around the world including the United States. [...]
http://blogs.mcafee.com/mcafee-labs/quarian-group-targets-victims-with-spearphishing-attacks
xinetd security update
It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342)
https://rhn.redhat.com/errata/RHSA-2013-1409.html
Hackerangriff auf WhatsApp
Einer politische motivieren Hackergruppe ist es offenbar gelungen, die Kontrolle über die WhatsApp-Domain zu übernehmen.
http://www.heise.de/security/meldung/Hackerangriff-auf-WhatsApp-1974342.html
ecoTrialog #9: Blackout
NEA und USV sind im Datacenter seit vielen Jahren ein gängiger Begleiter – Welche Entwicklungen, Trends und Visionen zeigen uns die Lösungsanbieter? – Welche möglichen Fehler sind bei einer Planung zu vermeiden? Das ist das zentrale Thema des neunten ecoTrialogs in Ahrensburg bei Hamburg.
http://datacenter.eco.de/2013/07/26/ecotrialog-10-blackout/
Ad Vulna: A Vulnaggressive (Vulnerable & Aggressive) Adware Threatening Millions
FireEye researchers have discovered a rapidly-growing class of mobile threats represented by a popular ad library affecting apps with over 200 million downloads in total. This ad library, anonymized as “Vulna,” is aggressive at collecting sensitive data and is able to perform dangerous operations such as downloading and running new components on demand. Vulna is also plagued with various classes of vulnerabilities that enable attackers to turn Vulna’s aggressive behaviors against
http://www.fireeye.com/blog/technical/2013/10/ad-vulna-a-vulnaggressive-vulnerable-aggressive-adware-threatening-millions.html
Introducing Kvasir
During our typical assessments we may analyze anywhere between 2,000 and 10,000 hosts for vulnerabilities, perform various exploitation methods such as account enumeration and password attempts, buffer/stack overflows, administrative bypasses, and others. ... We think this isn’t good enough which is why we are releasing our tool, Kvasir, as open source for you to analyze, integrate, update, or ignore. We like the tool a lot and we think it fills a missing key part of penetration testin
http://blogs.cisco.com/security/introducing-kvasir/
CSAM - RFI with a small twist
Logs are under appreciated. We all collect them, but in a majority of organisations you will find that they are only ever looked at once something has gone wrong. Which is unfortunately usually when people discover that either they didnt collect "that" log or timestamps are out of whack, log files rolled over, etc. Which is unfortunate because log files can tell you quite a bit of information as we are hoping to show throughout October as part of the Cyber Security Awareness Month.
https://isc.sans.edu/diary/CSAM+-+RFI+with+a+small+twist/16748
Mehrere Verwundbarketen in Cisco Identity Services Engine
Blind SQL Injection:
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525
Sponsor Portal cross-frame scripting:
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523
Parameter cross-site scripting:
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524
http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityNotice
Cisco IOS Software DHCP Server remember Functionality Vulnerability
An issue in the DHCP server code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause the device to reload. The issue is due to the remember functionality of the DHCP server. An attacker could exploit this issue by obtaining a lease and then releasing it. An exploit could allow the attacker to cause the affected device to reload.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5499
How the Bible and YouTube are fueling the next frontier of password cracking
Crackers tap new sources to uncover "givemelibertyorgivemedeath" and other phrases.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/w9PZonWnTIA/story01.htm