End-of-Shift report
Timeframe: Donnerstag 07-11-2013 18:00 − Freitag 08-11-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Advance Notification for November 2013 - Version: 1.0
This is an advance notification of security bulletins that Microsoft is intending to release on November 12, 2013.
http://technet.microsoft.com/en-us/security/bulletin/ms13-nov
Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release
Today, we're providing advance notification for the release of eight bulletins, three Critical and five Important, for November 2013. The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows, and the Important updates address issues in Windows and Office. While this release won't include an update for the issue first described in Security Advisory 2896666, we'd like to tell you a bit more about it. We're working to develop a security update...
http://blogs.technet.com/b/msrc/archive/2013/11/07/clarification-on-security-advisory-2896666-and-the-ans-for-the-november-2013-security-bulletin-release.aspx
Exploits of critical Microsoft zero day more widespread than thought
At least two hacker gangs exploit TIFF vulnerability to hijack users computers.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/6hCE3JS8yQI/story01.htm
Despite patches, Supermicros IPMI firmware is far from secure, researchers say
The IPMI in Supermicro motherboards has vulnerabilities that can give attackers unuathorized access to servers, Rapid7 researchers said
http://www.csoonline.com/article/742836/despite-patches-supermicro-39-s-ipmi-firmware-is-far-from-secure-researchers-say?source=rss_application_security
PCI council publishes updated payment security standards
Version 3.0 of the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS) became available today.
http://feedproxy.google.com/~r/SCMagazineHome/~3/Ktdq0wWA1L8/
VU#274923: Dual_EC_DRBG output using untrusted curve constants may be predictable
Vulnerability Note VU#274923 Dual_EC_DRBG output using untrusted curve constants may be predictable Original Release date: 07 Nov 2013 | Last revised: 07 Nov 2013 Overview Output of the Dual Elliptic Curve Deterministic Random Bit Generator (DUAL_EC_DRBG) algorithm may be predictable by an attacker who has chosen elliptic curve parameters in advance. Description NIST SP 800-90A defines three elliptic curves for use in Dual_EC_DBRG but does not describe the provenance of the parameters used
http://www.kb.cert.org/vuls/id/274923
Source code for proprietary spam bot offered for sale, acts as force multiplier for cybercrime-friendly activity
In a professional cybercrime ecosystem, largely resembling that of a legitimate economy, market participants constantly strive to optimize their campaigns, achieve stolen assets liquidity, and most importantly, aim to reach a degree of efficiency that would help them gain market share. Thus, help them secure multiple revenue streams. Despite the increased transparency on the Russian/Easter European underground market - largely thanks to improved social networking courtesy of the...
http://www.webroot.com/blog/2013/11/07/source-code-proprietary-spam-bot-offered-sale-acts-force-multiplier-cybercrime-friendly-activity/
Security Bulletin: Vulnerabilities in Sametime Enterprise Meeting Server (CVE-2013-3044, CVE-2013-3045, CVE-2013-0537, CVE-2013-3985)
The security bulletin addresses various vulnerabilities found in the Sametime Enterprise Meeting Server regarding spoofing and domain cookies. CVE(s): and CVE-2013-3044, CVE-2013-3045, CVE-2013-0537, CVE-2013-3985 Affected product(s) and affected version(s): IBM Lotus Sametime WebPlayer versions 8.5.2 and 8.5.2.1 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21654355 X-Force
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vulnerabilities_in_sametime_enterprise_meeting_server_cve_2013_3044_cve_2013_3045_cve_2013_0537_cve_2013_3985?lang=en_us
Security Bulletin: IBM Lotus Sametime WebPlayer Denial-of-Service (CVE-2013-3986)
An attacker participating in a Sametime Audio Visual (AV) session may be able to crash the IBM Sametime WebPlayer extension (Firefox extension) session of other users. CVE(s): and CVE-2013-3986 Affected product(s) and affected version(s): IBM Lotus Sametime WebPlayer versions 8.5.2 and 8.5.2.1 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21654041 X-Force Database:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_lotus_sametime_webplayer_denial_of_service_cve_2013_3986?lang=en_us
Security Bulletin: For safer administration of IBM Domino server, use Domino Administrator client instead of Domino Web Administrator
IBM Domino Web Administrator (webadmin.nsf) has two cross-site scripting vulnerabilities and one cross-site request forgery of low CVSS score. These vulnerabilities do not exist in the Domino Administrator client. To prevent the potential for these attacks, use the Domino Administrator client or mitigations listed below. Domino Web Administrator is deprecated. CVE(s): CVE-2013-4051, CVE-2013-4055, CVE-2013-4050..
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_for_safer_administration_of_ibm_domino_server_use_domino_administrator_client_instead_of_domino_web_administrator?lang=en_us
IBM WebSphere Real Time Java Multiple Vulnerabilities
https://secunia.com/advisories/55618
CTF365: A New Capture The Flag Platform for Ongoing Competitions
https://community.rapid7.com/community/metasploit/blog/2013/11/08/ctf365--information-security-through-gamification--learning-training-improving
OpenSSH Security Advisory: gcmrekey.adv
A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (
aes128-gcm at openssh.com or
aes256-gcm at openssh.com) is selected during kex exchange.
http://www.openssh.org/txt/gcmrekey.adv