Tageszusammenfassung - Freitag 6-12-2013

End-of-Shift report

Timeframe: Donnerstag 05-12-2013 18:00 − Freitag 06-12-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner

Advance Notification Service for December 2013 Security Bulletin Release

Today we're providing advance notification for the release of 11 bulletins, five Critical and six Important, for December 2013. The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Critical update for GDI+ fully addresses the publicly disclosed issue described in Security Advisory 2896666. This release won't include an update for the issue described in Security Advisory 2914486. We're still working to develop a security...

http://blogs.technet.com/b/msrc/archive/2013/12/05/advance-notification-service-for-december-2013-security-bulletin-release.aspx


Google Docs Scam Stealing Passwords

Scammers are up to mischief again by tricking users into clicking false webmail widgets. The core goal of any phishing attempt is to compromise the victims access to a particular service. Usually this is done by posing as the service the attacker wants to hijack from the victim, and sending the username and password information back to the attacker. Ive seen plenty phishing schemes in the

http://research.zscaler.com/2013/12/google-docs-scam-stealing-passwords-in.html


Study finds zero-day vulnerabilities abound in popular software

Organizations selling exploits for vulnerabilities in software from major companies including Microsoft, Apple, Oracle, and Adobe

http://www.csoonline.com/article/744307/study-finds-zero-day-vulnerabilities-abound-in-popular-software?source=rss_application_security


EU cyber security Agency ENISA argues that better protection of SCADA Systems is needed

How long can we afford having critical infrastructures that use unpatched SCADA systems, the EU's cyber security Agency ENISA asks? ENISA argues that the EU Member States could proactively deploy patch management to enhance the security of SCADA systems.

http://www.enisa.europa.eu/media/press-releases/eu-cyber-security-agency-enisa-argues-that-better-protection-of-scada-systems-is-needed


Hacking a Reporter: Sleepless Nights Outside a Brooklyn Brownstone (Part 3 of 3)

This post is the conclusion of a three-part series that goes into more depth about our experience hacking journalist Adam Penenberg, which resulted in an article on PandoDaily in October. Parts one and two detail the malware aspects of our hack with contributions from Josh Grunzweig, Matt Jakubowski and Daniel Chechik. I, Garret Picchioni (voted to be the bald hacker with a heart tattoo in the original article artwork), will discuss the details of the...

http://blog.spiderlabs.com/2013/12/hacking-a-reporter-sleepless-nights-outside-a-brooklyn-brownstone-part-3-of-3.html


Weekly Metasploit Update: SAP and Silverlight

We've been all SAP all the time here in the Independent Nations of Metasploit, and expect to be for the rest of the week. You might recall that Metasploit exploit dev, Juan Vazquez published his SAP survey paper a little while back; on Tuesday, we did a moderated twitter chat on the hashtag #pwnSAP with the major SAP-focused Metasploit contributors Bruno Morrison, Chris John Riley, and Dave Hartley; and today (Thursday, December 5), Juan and I will be hosting a webcast on the various and sundry SAP exposures that Metasploit covers, and There Will Be Demos and Q&A, so it should be fun.

https://community.rapid7.com/community/metasploit/blog/2013/12/05/weekly-metasploit-update


CVE-2013-3346/5065 Technical Analysis

In our last post, we warned of a new Windows local privilege escalation vulnerability being used in the wild. We noted that the Windows bug (CVE-2013-5065) was exploited in conjunction with a patched Adobe Reader bug (CVE-2013-3346) to evade the...

http://www.fireeye.com/blog/technical/cyber-exploits/2013/12/cve-2013-33465065-technical-analysis.html


Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Control Center

A number of security vulnerabilities have been discovered in the Java Runtime Environment and the Cognos Business Intelligence components included in IBM SCC.CVE(s): CVE-2013-1557, CVE-2013-1478, CVE-2013-1571, CVE-2013-1500, CVE-2013-2988, CVE-2013-2978 and CVE-2013-0586 Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms Refer to the following reference URLs for remediation and additional vulnerability...

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerabilities_in_ibm_sterling_control_center1?lang=en_us


Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067)

Multiple security vulnerabilities exist in the IBM JRE that is shipped with the Rational Reporting for Development Intelligence (RRDI). The same security vulnerabilities also exist in the IBM Java SDK that is shipped with the IBM WebSphere Application Server (WAS). CVE(s): CVE-2013-4066 and CVE-2013-4067 Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms Refer to the following reference URLs for...

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerabilities_exist_in_ibm_infosphere_information_server_cve_2013_4066_and_cve_2013_40673?lang=en_us


Sonicwall GMS 7.x Filter Bypass

Topic: Sonicwall GMS 7.x Filter Bypass Risk: Low Text:Document Title: Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability References (Source): == http...

http://cxsecurity.com/issue/WLB-2013120048


VMware ESX Server Service Console Two Vulnerabilities

https://secunia.com/advisories/55917


SSA-568732 (Last Update 2013-12-06): Privilege Escalation in COMOS

https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-568732.pdf


WordPress JS Hotel Plugin "roomid" Cross-Site Scripting Vulnerability

https://secunia.com/advisories/55919


NVIDIA Graphics Drivers GPU Access Privilege Escalation Vulnerability

https://secunia.com/advisories/55904


HP-UX update for Java

https://secunia.com/advisories/55978


IBM Forms Viewer XFDL buffer overflow

http://xforce.iss.net/xforce/xfdb/87911