Tageszusammenfassung - Montag 14-10-2013

End-of-Shift report

Timeframe: Freitag 11-10-2013 18:00 − Montag 14-10-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a

2013-10 Security Bulletin: Junos: GNU libc glob(3) GLOB_LIMIT Remote Denial of Service Vulnerability (CVE-2010-2632)

The glob implementation in libc allows authenticated remote users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames. This vulnerability can be exploited against a device running Junos OS with FTP services enabled to launch a high CPU utilization partial denial of service attack.

http://kb.juniper.net/InfoCenter/index/content&id=JSA10598


Top sites (and maybe the NSA) track users with 'device fingerprinting'

May make it easier to follow privacy-minded users on the darknet.

http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/


Threat Refinement Ensues with Crypto Locker, SHOTODOR Backdoor

In our 2013 Security Predictions, we anticipated that cybercriminals would focus on refining existing tools, instead of creating new threats. Two threats that both represent refinements of previously known threats show this effectively.

http://blog.trendmicro.com/trendlabs-security-intelligence/threat-refinement-ensues-with-crypto-locker-shotodor-backdoor


Critical Patch Update - October 2013 - Pre-Release Announcement

Critical Patch Update - October 2013 - Pre-Release Announcement

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html


Blackhole, Supreme No More

Blackhole exploit kit has always been a favorite example when discussing the impact of kits to internet users. Weve previously mentioned in our posts how fast it was in supporting new vulnerabilities, how it was related to Cool, and that it was the leading kit in our telemetry data. Blackhole and Cool almost always had special mentions in our Threat Reports.

http://www.f-secure.com/weblog/archives/00002622.html


Debian Security Advisory DSA-2776 drupal6

several vulnerabilities

http://www.debian.org/security/2013/dsa-2776


Debian Security Advisory DSA-2777 systemd

several vulnerabilities

http://www.debian.org/security/2013/dsa-2777


Stabiles Debian 7.2 behebt Fehler und löst Sicherheitsprobleme

Das Debian-Projekt aktualisiert die Linux-Distribution Debian 7 (Wheezy) auf Version 7.2 und behebt dabei eine lange Liste von Fehlern und schließt Sicherheitslöcher.

http://www.heise.de/newsticker/meldung/Stabiles-Debian-7-2-behebt-Fehler-und-loest-Sicherheitsprobleme-1977703.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


Google Chrome speichert Kreditkarten-Daten als Klartext

Der Google-Browser Chrome ist einmal mehr unter Beschuss von Sicherheitsexperten. Diese kritisieren, dass Chrome sensible Daten als Klartext auf der Festplatte speichert.

http://futurezone.at/produkte/google-chrome-speichert-kreditkarten-daten-als-klartext/30.824.232


Security Bulletin: WebSphere eXtreme Scale Monitoring Console Web Vulnerabilities (CVE-2013-5390, CVE-2013-5393, CVE-2013-5394)

Three web security vulnerabilities were identified in the WebSphere eXtreme Scale monitoring console, those being a cross site scripting vulnerability, a log-off processing weakness, and vulnerability to a phishing attack.

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_websphere_extreme_scale_monitoring_console_web_vulnerabilities_cve_2013_5390_cve_2013_5393_cve_2013_5394?lang=en_us


Back door found in D-Link routers

D-secret is D-logon string allowing access to everything A group of embedded device hackers has turned up a vulnerability in D-Link consumer-level devices that provides unauthenticated access to the units admin interfaces.

http://www.theregister.co.uk/2013/10/13/dlink_routers_have_admin_backdoor/


Spamvertised T-Mobile 'Picture ID Type:MMS' themed emails lead to malware

The cybercriminals behind last week's profiled fake T-Mobile themed email campaign have resumed operations, and have just spamvertised another round of tens of thousands of malicious emails impersonating the company, in order to trick its customers into executing the malicious attachment, which in this case is once again supposedly a legitimate MMS notification message.

http://www.webroot.com/blog/2013/10/14/spamvertised-t-mobile-picture-id-typemms-themed-emails-lead-malware/


Captain, Where Is Your Ship Compromising Vessel Tracking Systems

In recent years, automated identification systems (AIS) have been introduced to enhance ship tracking and provide extra safety to marine traffic, on top of conventional radar installations. AIS is currently mandatory for all passenger ships and commercial (non-fishing) ships over 300 metric tons. It works by acquiring GPS coordinates and exchanging vessel's position, course and ...

http://blog.trendmicro.com/trendlabs-security-intelligence/captain-where-is-your-ship-compromising-vessel-tracking-systems/


WordPress Cart66 Lite Plugin Cross-Site Request Forgery Vulnerability

WordPress Cart66 Lite Plugin Cross-Site Request Forgery Vulnerability

https://secunia.com/advisories/55265


End User Devices Security Guidance: Windows 7 and Windows 8

This guidance is applicable to devices running Enterprise versions of Windows 7 and Windows 8, acting as client operating systems, which include BitLocker Drive Encryption, AppLocker and Windows VPN features.

https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-7-and-windows-8/end-user-devices-security-guidance-windows-7-and-windows-8