End-of-Shift report
Timeframe: Donnerstag 05-12-2013 18:00 − Freitag 06-12-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
Advance Notification Service for December 2013 Security Bulletin Release
Today we're providing advance notification for the release of 11 bulletins, five Critical and six Important, for December 2013. The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Critical update for GDI+ fully addresses the publicly disclosed issue described in Security Advisory 2896666. This release won't include an update for the issue described in Security Advisory 2914486. We're still working to develop a security...
http://blogs.technet.com/b/msrc/archive/2013/12/05/advance-notification-service-for-december-2013-security-bulletin-release.aspx
Google Docs Scam Stealing Passwords
Scammers are up to mischief again by tricking users into clicking false webmail widgets. The core goal of any phishing attempt is to compromise the victims access to a particular service. Usually this is done by posing as the service the attacker wants to hijack from the victim, and sending the username and password information back to the attacker. Ive seen plenty phishing schemes in the
http://research.zscaler.com/2013/12/google-docs-scam-stealing-passwords-in.html
Study finds zero-day vulnerabilities abound in popular software
Organizations selling exploits for vulnerabilities in software from major companies including Microsoft, Apple, Oracle, and Adobe
http://www.csoonline.com/article/744307/study-finds-zero-day-vulnerabilities-abound-in-popular-software?source=rss_application_security
EU cyber security Agency ENISA argues that better protection of SCADA Systems is needed
How long can we afford having critical infrastructures that use unpatched SCADA systems, the EU's cyber security Agency ENISA asks? ENISA argues that the EU Member States could proactively deploy patch management to enhance the security of SCADA systems.
http://www.enisa.europa.eu/media/press-releases/eu-cyber-security-agency-enisa-argues-that-better-protection-of-scada-systems-is-needed
Hacking a Reporter: Sleepless Nights Outside a Brooklyn Brownstone (Part 3 of 3)
This post is the conclusion of a three-part series that goes into more depth about our experience hacking journalist Adam Penenberg, which resulted in an article on PandoDaily in October. Parts one and two detail the malware aspects of our hack with contributions from Josh Grunzweig, Matt Jakubowski and Daniel Chechik. I, Garret Picchioni (voted to be the bald hacker with a heart tattoo in the original article artwork), will discuss the details of the...
http://blog.spiderlabs.com/2013/12/hacking-a-reporter-sleepless-nights-outside-a-brooklyn-brownstone-part-3-of-3.html
Weekly Metasploit Update: SAP and Silverlight
We've been all SAP all the time here in the Independent Nations of Metasploit, and expect to be for the rest of the week. You might recall that Metasploit exploit dev, Juan Vazquez published his SAP survey paper a little while back; on Tuesday, we did a moderated twitter chat on the hashtag #pwnSAP with the major SAP-focused Metasploit contributors Bruno Morrison, Chris John Riley, and Dave Hartley; and today (Thursday, December 5), Juan and I will be hosting a webcast on the various and sundry SAP exposures that Metasploit covers, and There Will Be Demos and Q&A, so it should be fun.
https://community.rapid7.com/community/metasploit/blog/2013/12/05/weekly-metasploit-update
CVE-2013-3346/5065 Technical Analysis
In our last post, we warned of a new Windows local privilege escalation vulnerability being used in the wild. We noted that the Windows bug (CVE-2013-5065) was exploited in conjunction with a patched Adobe Reader bug (CVE-2013-3346) to evade the...
http://www.fireeye.com/blog/technical/cyber-exploits/2013/12/cve-2013-33465065-technical-analysis.html
Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Control Center
A number of security vulnerabilities have been discovered in the Java Runtime Environment and the Cognos Business Intelligence components included in IBM SCC.CVE(s): CVE-2013-1557, CVE-2013-1478, CVE-2013-1571, CVE-2013-1500, CVE-2013-2988, CVE-2013-2978 and CVE-2013-0586 Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms Refer to the following reference URLs for remediation and additional vulnerability...
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerabilities_in_ibm_sterling_control_center1?lang=en_us
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067)
Multiple security vulnerabilities exist in the IBM JRE that is shipped with the Rational Reporting for Development Intelligence (RRDI). The same security vulnerabilities also exist in the IBM Java SDK that is shipped with the IBM WebSphere Application Server (WAS). CVE(s): CVE-2013-4066 and CVE-2013-4067 Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms Refer to the following reference URLs for...
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerabilities_exist_in_ibm_infosphere_information_server_cve_2013_4066_and_cve_2013_40673?lang=en_us
Sonicwall GMS 7.x Filter Bypass
Topic: Sonicwall GMS 7.x Filter Bypass Risk: Low Text:Document Title: Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability References (Source): == http...
http://cxsecurity.com/issue/WLB-2013120048
VMware ESX Server Service Console Two Vulnerabilities
https://secunia.com/advisories/55917
SSA-568732 (Last Update 2013-12-06): Privilege Escalation in COMOS
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-568732.pdf
WordPress JS Hotel Plugin "roomid" Cross-Site Scripting Vulnerability
https://secunia.com/advisories/55919
NVIDIA Graphics Drivers GPU Access Privilege Escalation Vulnerability
https://secunia.com/advisories/55904
HP-UX update for Java
https://secunia.com/advisories/55978
IBM Forms Viewer XFDL buffer overflow
http://xforce.iss.net/xforce/xfdb/87911