End-of-Shift report
Timeframe: Mittwoch 20-11-2013 18:00 − Donnerstag 21-11-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
EFF Scorecard Shows Crypto Leaders and Laggards
The Electronic Frontier Foundation (EFF) released its Encrypt the Web Report demonstrating how much encryption leading Internet companies and service providers are deploying.
http://threatpost.com/eff-scorecard-shows-crypto-leaders-and-laggards/102987
Tomcat-Wurm springt von Server zu Server
Symantec hat einen Wurm entdeckt, der Apaches Java-Webserver infiziert und als Java-Servlet von Server zu Server springt. Infizierte Rechner werden als DDoS-Schleudern und Proxys missbraucht.
http://www.heise.de/security/meldung/Tomcat-Wurm-springt-von-Server-zu-Server-2051469.html
Are large scale Man in The Middle attacks underway?, (Thu, Nov 21st)
Renesys is reporting two separate incidents where they observed traffic for 1500 IP blocks being diverted for extended periods of time. They observed the traffic redirection for more than 2 months over the last year. Does it seem unusual for internet traffic between Ashburn Virginia (63.218.44.78) and Washington DC (63.234.113.110) to go through Russia to Belarus? That is exactly what they observed. Once traffic flows through your routers there are countless opportunities to capture and modify...
http://isc.sans.edu/diary.html?storyid=17075&rss
A look at security effectiveness by industry
BitSight analyzed security ratings for over 70 Fortune 200 companies in four industries - energy, finance, retail and technology. The objective was to uncover quantifiable differences in security effectiveness and performance across industries from October 2012 through September 2013.
http://www.net-security.org/secworld.php?id=15991
5 Considerations For Post-Breach Security Analytics
Preparing collection mechanisms ahead of time, preserving chain of custody on forensics data, and performing focused analysis all key in inspecting security data after a compromise
http://www.darkreading.com/5-considerations-for-post-breach-securit/240164113
EMC Document Sciences xPression cross-site request forgery
http://xforce.iss.net/xforce/xfdb/89073
SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities
Advisory ID: DRUPAL-SA-CORE-2013-003
Project: Drupal coreVersion: 6.x, 7.x
Date: 2013-November-20
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities
Description: Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7.Multiple vulnerabilities due to optimistic cross-site request forgery protection (Form API validation - Drupal 6 and 7)Drupals form API has built-in cross-site request forgery (CSRF) validation, and also allows any...
https://drupal.org/SA-CORE-2013-003
SA-CONTRIB-2013-096 - Entity reference - Access bypass
SA-CONTRIB-2013-095 - Organic Groups - Access bypass
SA-CONTRIB-2013-094 - EU Cookie Compliance - Cross Site Scripting (XSS)
SA-CONTRIB-2013-093 - Invitation - Access Bypass
https://drupal.org/node/2140237
https://drupal.org/node/2140217
https://drupal.org/node/2140123
https://drupal.org/node/2140097
Vuln: SAP NetWeaver SHSTI_UPLOAD_XML() Function XML External Entity Injection Vulnerability
http://www.securityfocus.com/bid/63779
Vuln: SAP NetWeaver Logviewer Security Bypass Vulnerability
http://www.securityfocus.com/bid/58615
Vuln: SAP NetWeaver SAP Portal URI Redirection Weakness
http://www.securityfocus.com/bid/63783
Vuln: SAProuter NI Route Message Handling Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/60054
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2013-0478, CVE-2013-0477)
IBM InfoSphere Master Data Management - Collaborative Edition versions 10.1, 10.0 and IBM InfoSphere Master Data Management Server for Product Information Management versions 9.1, 9.0, 6.0 are vulnerable to cross-site scripting and content spoofing. CVE(s): CVE-2013-0477, and CVE-2013-0478 Affected product(s) and affected version(s): IBM InfoSphere Master Data Management - Collaborative Edition Versions 10.1 and 10.0 IBM InfoSphere Master Data Management Server for Product Information...
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerabilities_exist_in_ibm_infosphere_master_data_management_collaborative_edition_cve_2013_0478_cve_2013_04771?lang=en_us
SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution
Title: SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution Product: Freemotion.Gate Vendor: SKIDATA,
http://www.skidata.com/en/ Vulnerable Versions: 4.1.3.5 and likely all prior versions.
http://www.keepingkidsonshred.com/2013/11/skidata-rfid-freemotiongate.html
Splunk Cross-Site Scripting Vulnerability
https://secunia.com/advisories/55774
WHMCS "unserialize()" PHP Code Execution and Multiple Unspecified Vulnerabilities
https://secunia.com/advisories/55717