Tageszusammenfassung - Dienstag 8-10-2013

End-of-Shift report

Timeframe: Montag 07-10-2013 18:00 − Dienstag 08-10-2013 18:00 Handler: Robert Waldner Co-Handler: n/a

Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-13-095-02 Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities that was published April 5, 2013, on the ICS-CERT Web page.

http://ics-cert.us-cert.gov/advisories/ICSA-13-095-02A


Quarian Group Targets Victims With Spearphishing Attacks

The current generation of targeted attacks are getting more sophisticated and evasive. These attacks employ media-savvy stories in their social engineering themes to lure unsuspecting users. We have seen heightened activity by one of the groups, dubbed Quarian. It is believed to be targeting government agencies and embassies around the world including the United States. [...]

http://blogs.mcafee.com/mcafee-labs/quarian-group-targets-victims-with-spearphishing-attacks


xinetd security update

It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342)

https://rhn.redhat.com/errata/RHSA-2013-1409.html


Hackerangriff auf WhatsApp

Einer politische motivieren Hackergruppe ist es offenbar gelungen, die Kontrolle über die WhatsApp-Domain zu übernehmen.

http://www.heise.de/security/meldung/Hackerangriff-auf-WhatsApp-1974342.html


ecoTrialog #9: Blackout

NEA und USV sind im Datacenter seit vielen Jahren ein gängiger Begleiter – Welche Entwicklungen, Trends und Visionen zeigen uns die Lösungsanbieter? – Welche möglichen Fehler sind bei einer Planung zu vermeiden? Das ist das zentrale Thema des neunten ecoTrialogs in Ahrensburg bei Hamburg.

http://datacenter.eco.de/2013/07/26/ecotrialog-10-blackout/


Ad Vulna: A Vulnaggressive (Vulnerable & Aggressive) Adware Threatening Millions

FireEye researchers have discovered a rapidly-growing class of mobile threats represented by a popular ad library affecting apps with over 200 million downloads in total. This ad library, anonymized as “Vulna,” is aggressive at collecting sensitive data and is able to perform dangerous operations such as downloading and running new components on demand. Vulna is also plagued with various classes of vulnerabilities that enable attackers to turn Vulna’s aggressive behaviors against

http://www.fireeye.com/blog/technical/2013/10/ad-vulna-a-vulnaggressive-vulnerable-aggressive-adware-threatening-millions.html


Introducing Kvasir

During our typical assessments we may analyze anywhere between 2,000 and 10,000 hosts for vulnerabilities, perform various exploitation methods such as account enumeration and password attempts, buffer/stack overflows, administrative bypasses, and others. ... We think this isn’t good enough which is why we are releasing our tool, Kvasir, as open source for you to analyze, integrate, update, or ignore. We like the tool a lot and we think it fills a missing key part of penetration testin

http://blogs.cisco.com/security/introducing-kvasir/


CSAM - RFI with a small twist

Logs are under appreciated. We all collect them, but in a majority of organisations you will find that they are only ever looked at once something has gone wrong. Which is unfortunately usually when people discover that either they didnt collect "that" log or timestamps are out of whack, log files rolled over, etc. Which is unfortunate because log files can tell you quite a bit of information as we are hoping to show throughout October as part of the Cyber Security Awareness Month.

https://isc.sans.edu/diary/CSAM+-+RFI+with+a+small+twist/16748


Mehrere Verwundbarketen in Cisco Identity Services Engine

Blind SQL Injection: - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525 Sponsor Portal cross-frame scripting: - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523 Parameter cross-site scripting: - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524

http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityNotice


Cisco IOS Software DHCP Server remember Functionality Vulnerability

An issue in the DHCP server code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause the device to reload. The issue is due to the remember functionality of the DHCP server. An attacker could exploit this issue by obtaining a lease and then releasing it. An exploit could allow the attacker to cause the affected device to reload.

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5499


How the Bible and YouTube are fueling the next frontier of password cracking

Crackers tap new sources to uncover "givemelibertyorgivemedeath" and other phrases.

http://feeds.arstechnica.com/~r/arstechnica/security/~3/w9PZonWnTIA/story01.htm