Tageszusammenfassung - Freitag 11-10-2013

End-of-Shift report

Timeframe: Donnerstag 10-10-2013 18:00 − Freitag 11-10-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

WhatsApp Crypto Error Exposes Messages

WhatsApp, a popular mobile message application, suffers from crypto implementation vulnerability that leaves messages exposed. Thijs Alkemade, a computer science student at Utrecht University in The Netherlands who works on the open source Adium instant messaging project, disclosed a serious issue this week with the encryption used to secure WhatsApp messages, namely that the same...

http://threatpost.com/whatsapp-crypto-error-exposes-messages/102565


Some Bing Ads Redirecting To Malware

An anonymous reader writes "Security firm ThreatTrack Security Labs today spotted that certain Bing ads are linking to sites that infect users with malware. Those who click are redirected to a dynamic DNS service subdomain which in turns serves the Sirefef malware from 109(dot)236(dot)81(dot)176. ThreatTrack notes that the scammers could of course be targeting other keywords aside from YouTube. The more popular the keywords, the bigger the potential for infection." Read more of

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/7RRrvRPB5JM/story01.htm


Top 15 Indicators Of Compromise

In the quest to detect data breaches more quickly, indicators of compromise can act as important breadcrumbs for security pros watching their IT environments. Unusual activity on the network or odd clues on systems can frequently help organizations spot attacker activity on systems more quickly so that they can either prevent an eventual breach from happening -- or at least stop it in its earliest stages.

http://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise/240162469


Vuln: libtar th_read() Function Multiple Heap Buffer Overflow Vulnerabilities

http://www.securityfocus.com/bid/62922


libtar "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities

libtar "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities

https://secunia.com/advisories/55138


Bugtraq: [security bulletin] HPSBMU02901 rev.1 - HP Business Process Monitor running on Windows, Remote Execution of Arbitrary Code and Disclosure of Information

http://www.securityfocus.com/archive/1/529117


Juniper Junos TCP Packet Handling Denial of Service Vulnerability

https://secunia.com/advisories/55218


Juniper Junos Telnet Messages Handling Buffer Overflow Vulnerability

https://secunia.com/advisories/55109


Hitachi JP1/VERITAS Backup Exec Multiple Vulnerabilities

https://secunia.com/advisories/55261


Cisco Unified IP Phones 9900 Series webapp Interface Buffer Overflow Vulnerability

https://secunia.com/advisories/55275


Dropbear SSH Server User Enumeration Weakness and Denial of Service Vulnerability

https://secunia.com/advisories/55173


Network Security Services (NSS) Uninitialized Memory Read Vulnerability

https://secunia.com/advisories/55050


InduSoft Thin Client ActiveX control buffer overflow

http://xforce.iss.net/xforce/xfdb/87788


Security Bulletin: IBM InfoSphere Information Server Data Quality Console and Information Analyzer are vulnerable to cross-site request forgery attacks (CVE-2013-4056)

A cross-site request forgery vulnerability exists in IBM InfoSphere Information Server Data Quality Console and Information Analyzer which can allow an attacker to trick a legitimate user into opening a URL that results in an action being taken as that user, potentially without the knowledge of that user. Any actions taken require the user being tricked to either be previously authenticated or to authenticate as part of the attack.

https://www-304.ibm.com/support/docview.wss?uid=swg21652413


IBM WebSphere Message Broker and IBM Integration Bus Security Vulnerability: Multiple security vulnerabilities in IBM JREs 5 & 7

Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Message Broker for IBM JRE 5.0 SR16-FP3 (and earlier) and the IBM Java Runtime Environment component of IBM Integration Bus for JRE 7.0 SR5 (and earlier).

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_websphere_message_broker_and_ibm_integration_bus_security_vulnerability_multiple_security_vulnerabilities_in_ibm_jres_5_7?lang=en_us