End-of-Shift report
Timeframe: Freitag 11-10-2013 18:00 − Montag 14-10-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
2013-10 Security Bulletin: Junos: GNU libc glob(3) GLOB_LIMIT Remote Denial of Service Vulnerability (CVE-2010-2632)
The glob implementation in libc allows authenticated remote users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames. This vulnerability can be exploited against a device running Junos OS with FTP services enabled to launch a high CPU utilization partial denial of service attack.
http://kb.juniper.net/InfoCenter/index/content&id=JSA10598
Top sites (and maybe the NSA) track users with 'device fingerprinting'
May make it easier to follow privacy-minded users on the darknet.
http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-users-with-device-fingerprinting/
Threat Refinement Ensues with Crypto Locker, SHOTODOR Backdoor
In our 2013 Security Predictions, we anticipated that cybercriminals would focus on refining existing tools, instead of creating new threats. Two threats that both represent refinements of previously known threats show this effectively.
http://blog.trendmicro.com/trendlabs-security-intelligence/threat-refinement-ensues-with-crypto-locker-shotodor-backdoor
Critical Patch Update - October 2013 - Pre-Release Announcement
Critical Patch Update - October 2013 - Pre-Release Announcement
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
Blackhole, Supreme No More
Blackhole exploit kit has always been a favorite example when discussing the impact of kits to internet users. Weve previously mentioned in our posts how fast it was in supporting new vulnerabilities, how it was related to Cool, and that it was the leading kit in our telemetry data. Blackhole and Cool almost always had special mentions in our Threat Reports.
http://www.f-secure.com/weblog/archives/00002622.html
Debian Security Advisory DSA-2776 drupal6
several vulnerabilities
http://www.debian.org/security/2013/dsa-2776
Debian Security Advisory DSA-2777 systemd
several vulnerabilities
http://www.debian.org/security/2013/dsa-2777
Stabiles Debian 7.2 behebt Fehler und löst Sicherheitsprobleme
Das Debian-Projekt aktualisiert die Linux-Distribution Debian 7 (Wheezy) auf Version 7.2 und behebt dabei eine lange Liste von Fehlern und schließt Sicherheitslöcher.
http://www.heise.de/newsticker/meldung/Stabiles-Debian-7-2-behebt-Fehler-und-loest-Sicherheitsprobleme-1977703.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
Google Chrome speichert Kreditkarten-Daten als Klartext
Der Google-Browser Chrome ist einmal mehr unter Beschuss von Sicherheitsexperten. Diese kritisieren, dass Chrome sensible Daten als Klartext auf der Festplatte speichert.
http://futurezone.at/produkte/google-chrome-speichert-kreditkarten-daten-als-klartext/30.824.232
Security Bulletin: WebSphere eXtreme Scale Monitoring Console Web Vulnerabilities (CVE-2013-5390, CVE-2013-5393, CVE-2013-5394)
Three web security vulnerabilities were identified in the WebSphere eXtreme Scale monitoring console, those being a cross site scripting vulnerability, a log-off processing weakness, and vulnerability to a phishing attack.
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_websphere_extreme_scale_monitoring_console_web_vulnerabilities_cve_2013_5390_cve_2013_5393_cve_2013_5394?lang=en_us
Back door found in D-Link routers
D-secret is D-logon string allowing access to everything A group of embedded device hackers has turned up a vulnerability in D-Link consumer-level devices that provides unauthenticated access to the units admin interfaces.
http://www.theregister.co.uk/2013/10/13/dlink_routers_have_admin_backdoor/
Spamvertised T-Mobile 'Picture ID Type:MMS' themed emails lead to malware
The cybercriminals behind last week's profiled fake T-Mobile themed email campaign have resumed operations, and have just spamvertised another round of tens of thousands of malicious emails impersonating the company, in order to trick its customers into executing the malicious attachment, which in this case is once again supposedly a legitimate MMS notification message.
http://www.webroot.com/blog/2013/10/14/spamvertised-t-mobile-picture-id-typemms-themed-emails-lead-malware/
Captain, Where Is Your Ship Compromising Vessel Tracking Systems
In recent years, automated identification systems (AIS) have been introduced to enhance ship tracking and provide extra safety to marine traffic, on top of conventional radar installations. AIS is currently mandatory for all passenger ships and commercial (non-fishing) ships over 300 metric tons. It works by acquiring GPS coordinates and exchanging vessel's position, course and ...
http://blog.trendmicro.com/trendlabs-security-intelligence/captain-where-is-your-ship-compromising-vessel-tracking-systems/
WordPress Cart66 Lite Plugin Cross-Site Request Forgery Vulnerability
WordPress Cart66 Lite Plugin Cross-Site Request Forgery Vulnerability
https://secunia.com/advisories/55265
End User Devices Security Guidance: Windows 7 and Windows 8
This guidance is applicable to devices running Enterprise versions of Windows 7 and Windows 8, acting as client operating systems, which include BitLocker Drive Encryption, AppLocker and Windows VPN features.
https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-7-and-windows-8/end-user-devices-security-guidance-windows-7-and-windows-8