End-of-Shift report
Timeframe: Dienstag 12-11-2013 18:00 − Mittwoch 13-11-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
Summary for November 2013 - Version: 1.0
This bulletin summary lists security bulletins released for November 2013. With the release of the security bulletins for November 2013, this bulletin summary replaces the bulletin advance notification originally issued November 7, 2013.
http://technet.microsoft.com/en-us/security/bulletin/ms13-nov
Blog: Sinkholing the Hlux/Kelihos botnet - what happened?
Back in March 2012 we teamed up with Crowdstrike, the Honeynet Project and Dell SecureWorks in disabling the second version of the Hlux/Kelihos-Botnet. Now we thought it would be a good time for an update on what has happened to that sinkhole-server over the last 19 months.
http://www.securelist.com/en/blog/208214147/Sinkholing_the_Hlux_Kelihos_botnet_what_happened
Microsoft Warns Customers Away From SHA-1 and RC4
The RC4 and SHA-1 algorithms have taken a lot of hits in recent years, with new attacks popping up on a regular basis. Many security experts and cryptographers have been recommending that vendors begin phasing the two out, and Microsoft on Tuesday said that is now recommending to developers that they deprecate RC4 and stop using the SHA-1 hash algorithm.
http://threatpost.com/microsoft-warns-customers-away-from-sha-1-and-rc4/102902
Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1
In June 2013, we released EMET 4.0 and customer response has been fantastic. Many customers across the world now include EMET as part of their defense-in-depth strategy and appreciate how EMET helps businesses prevent attackers from gaining access to computers systems. Today, we´re releasing a new version, EMET 4.1, with updates that simplify configuration and accelerate deployment.
http://blogs.technet.com/b/srd/archive/2013/11/12/introducing-enhanced-mitigation-experience-toolkit-emet-4-1.aspx
Adobe Patches Flash, ColdFusion Flaws Unrelated to Breach
Adobe patched critical vulnerabilities in its Flash Player and ColdFusion Web application server; the company said the bugs are unrelated to the recent breach and source code theft.
http://threatpost.com/adobe-patches-flash-coldfusion-flaws-unrelated-to-breach/102909
Simulated attacks give London banks a trial run in readiness
The planned event, called "Waking Shark II," marks the second year the city of London had participated in the security preparedness exercises.
http://www.scmagazine.com//simulated-attacks-give-london-banks-a-trial-run-in-readiness/article/320667/
November Patch Tuesday Addresses New IE Zero-Day Exploit, But TIFF Vulnerability Still Unpatched
It´s worth noting that another recent TIFF-related zero-day that we discussed has not been patched as part of this month´s update, so the recommendations and work-arounds that were suggested at that time remain in effect.
http://blog.trendmicro.com/trendlabs-security-intelligence/november-patch-tuesday-addresses-new-ie-zero-day-exploit-but-tiff-vulnerability-still-unpatched/
Malicious multi-hop iframe campaign affects thousands of Web sites, leads to a cocktail of client-side exploits
Sharing is caring. In this post, I´ll put the spotlight on a currently circulating, massive - thousands of sites affected - malicious iframe campaign, that attempts to drop malicious software on the hosts of unaware Web site visitors through a cocktail of client-side exploits. The campaign, featuring a variety of evasive tactics making it harder to analyze, continues to efficiently pop up on thousands of legitimate Web sites.
http://www.webroot.com/blog/2013/11/13/malicious-multi-hop-iframe-campaign-affects-thousands-of-web-sites-leads-to-cve-2011-3402/
Cross-site scripting vulnerabilities in EMC Documentum eRoom
Due to improper input validation, Documentum eRoom suffers from multiple cross-site scripting vulnerabilities, which allow an attacker to steal other users sessions, to impersonate other users and to gain unauthorized access to documents hosted in eRooms.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20131107-0_EMC_Documentum_eRoom_Reflected_XSS_v10.txt
BlackBerry Patches Remote Access Feature Vulnerable to Exploit
BlackBerry patched two serious vulnerabilities in its BlackBerry Link product.
http://threatpost.com/blackberry-patches-remote-access-feature-vulnerable-to-exploit/102914
cPanel Multiple Vulnerabilities
https://secunia.com/advisories/55478
Red Hat Network Satellite Server Grants Administrative Access to Remote Users
http://www.securitytracker.com/id/1029331
JunOS 11.4 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013110085
FortiAnalyzer 5.0.4 - CSRF Vulnerability
http://www.exploit-db.com/exploits/29550
Security Bulletin: Potential Security Vulnerability fixed in WebSphere Virtual Enterprise (CVE-2013-5425)
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerability_fixed_in_websphere_virtual_enterprise_cve_2013_5425?lang=en_us