End-of-Shift report
Timeframe: Donnerstag 10-10-2013 18:00 − Freitag 11-10-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
WhatsApp Crypto Error Exposes Messages
WhatsApp, a popular mobile message application, suffers from crypto implementation vulnerability that leaves messages exposed. Thijs Alkemade, a computer science student at Utrecht University in The Netherlands who works on the open source Adium instant messaging project, disclosed a serious issue this week with the encryption used to secure WhatsApp messages, namely that the same...
http://threatpost.com/whatsapp-crypto-error-exposes-messages/102565
Some Bing Ads Redirecting To Malware
An anonymous reader writes "Security firm ThreatTrack Security Labs today spotted that certain Bing ads are linking to sites that infect users with malware. Those who click are redirected to a dynamic DNS service subdomain which in turns serves the Sirefef malware from 109(dot)236(dot)81(dot)176. ThreatTrack notes that the scammers could of course be targeting other keywords aside from YouTube. The more popular the keywords, the bigger the potential for infection." Read more of
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/7RRrvRPB5JM/story01.htm
Top 15 Indicators Of Compromise
In the quest to detect data breaches more quickly, indicators of compromise can act as important breadcrumbs for security pros watching their IT environments. Unusual activity on the network or odd clues on systems can frequently help organizations spot attacker activity on systems more quickly so that they can either prevent an eventual breach from happening -- or at least stop it in its earliest stages.
http://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise/240162469
Vuln: libtar th_read() Function Multiple Heap Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/62922
libtar "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities
libtar "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities
https://secunia.com/advisories/55138
Bugtraq: [security bulletin] HPSBMU02901 rev.1 - HP Business Process Monitor running on Windows, Remote Execution of Arbitrary Code and Disclosure of Information
http://www.securityfocus.com/archive/1/529117
Juniper Junos TCP Packet Handling Denial of Service Vulnerability
https://secunia.com/advisories/55218
Juniper Junos Telnet Messages Handling Buffer Overflow Vulnerability
https://secunia.com/advisories/55109
Hitachi JP1/VERITAS Backup Exec Multiple Vulnerabilities
https://secunia.com/advisories/55261
Cisco Unified IP Phones 9900 Series webapp Interface Buffer Overflow Vulnerability
https://secunia.com/advisories/55275
Dropbear SSH Server User Enumeration Weakness and Denial of Service Vulnerability
https://secunia.com/advisories/55173
Network Security Services (NSS) Uninitialized Memory Read Vulnerability
https://secunia.com/advisories/55050
InduSoft Thin Client ActiveX control buffer overflow
http://xforce.iss.net/xforce/xfdb/87788
Security Bulletin: IBM InfoSphere Information Server Data Quality Console and Information Analyzer are vulnerable to cross-site request forgery attacks (CVE-2013-4056)
A cross-site request forgery vulnerability exists in IBM InfoSphere Information Server Data Quality Console and Information Analyzer which can allow an attacker to trick a legitimate user into opening a URL that results in an action being taken as that user, potentially without the knowledge of that user. Any actions taken require the user being tricked to either be previously authenticated or to authenticate as part of the attack.
https://www-304.ibm.com/support/docview.wss?uid=swg21652413
IBM WebSphere Message Broker and IBM Integration Bus Security Vulnerability: Multiple security vulnerabilities in IBM JREs 5 & 7
Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Message Broker for IBM JRE 5.0 SR16-FP3 (and earlier) and the IBM Java Runtime Environment component of IBM Integration Bus for JRE 7.0 SR5 (and earlier).
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_websphere_message_broker_and_ibm_integration_bus_security_vulnerability_multiple_security_vulnerabilities_in_ibm_jres_5_7?lang=en_us