Tageszusammenfassung - Mittwoch 18-12-2013

End-of-Shift report

Timeframe: Dienstag 17-12-2013 18:00 − Mittwoch 18-12-2013 18:00 Handler: Stephan Richter Co-Handler: n/a

Cybercriminals offer fellow cybercriminals training in Operational Security (OPSEC)

In need of a fresh example that malicious and fraudulent adversaries continue professionalizing, and standardizing demanded cybercrime-friendly products and services, all for the sake of monetizing their experience and expertise in the profitable world of cybercrime? Publicly launched around the middle of 2013, a product/training course targeting novice cybercriminals is offering them a manual, recommendations for open source/free software, as well as access to a private forum set up for...

http://www.webroot.com/blog/2013/12/17/cybercriminals-offer-fellow-cybercriminals-training-in-operational-security-opsec/


Apple stopft Lücken in WebKit und Safari

Mit den Safari-Versionen 6.1.1 und 7.0.1 behebt Apple einige Speicherverwaltungsfehler in WebKit, die zur Ausführung von Schadcode über das Internet missbraucht werden können.

http://www.heise.de/security/meldung/Apple-stopft-Luecken-in-WebKit-und-Safari-2068518.html


DGA Changer Malware Able to Modify Domain-Generation Seed on the Fly

Malware authors have been using domain-generation algorithms for a few years now, often in botnet-related malware that needs to stay one step ahead of takedown attempts and law enforcement agencies. Now, researchers have discovered that a strain of malware that may have been part of the attack in October on PHP.net is employing a DGA...

http://threatpost.com/dga-changer-malware-able-to-modify-domain-generation-seed-on-the-fly/103225


The Biggest Skimmers of All: Fake ATMs

This blog has spotlighted some incredibly elaborate and minaturized ATM skimmers, fraud devices that thieves attach to ATMs in a bid to steal card data and PINs. But a skimmer discovered in Brazil last month takes this sort of fraud to another level, using a completely fake ATM designed to be stacked directly on top...

http://krebsonsecurity.com/2013/12/the-biggest-skimmers-of-all-fake-atms/


A quick look at a (new?) cross-platform DDoS botnet

At the beginning of December we started to observe a new botnet spreading on both Linux and Windows machines. In case of the Linux operating systems, the bot was installed through an SSH dictionary attack. The attacker logged in to compromised server and simply downloaded and executed a bot file. The malware...

https://www.cert.pl/news/7849/langswitch_lang/en


[SECURITY] [DSA 2821-1] gnupg security update

http://lists.debian.org/debian-security-announce/2013/msg00235.html


Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability

An issue in the tNetTaskLimit process of the Cisco ONS 15454 Transport Node Controller (TNC) could allow an unauthenticated, remote attacker to cause the TNC to reload due to a watchdog timeout.

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6701


Security Bulletin: Multiple vulnerabilities in IBM SPSS Collaboration and Deployment Services

Multiple vulnerabilities exist in IBM SPSS Collaboration and Deployment Services. See the individual descriptions for details.

http://www-01.ibm.com/support/docview.wss?uid=swg21660191


IBM Scale Out Network Attached Storage (SONAS) Multiple Vulnerabilities

Multiple vulnerabilities have been reported in IBM Scale Out Network Attached Storage, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

https://secunia.com/advisories/56095


Security Bulletin: GSKit SSL negotiation vulnerability in Tivoli Access Manager for e-business (CVE-2013-6329)

A vulnerability has been identified in the GSKit component utilized by Tivoli Access Manager for e-business (TAM). A specially crafted SSL message can cause the TAM server component using GSKit to crash CVE(s): CVE-2013-6329 Affected product(s) and affected version(s): All supported Tivoli Access Manager for e-business versions are affected.

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_gskit_ssl_negotiation_vulnerability_in_tivoli_access_manager_for_e_business_cve_2013_6329?lang=en_us


RealOne RMP File Heap Overflow Lets Remote Users Execute Arbitrary Code

http://www.securitytracker.com/id/1029511


Vuln: Juvia Ruby on Rails secret_token.rb Default Secret Key Security Bypass Vulnerability

http://www.securityfocus.com/bid/64368


Vuln: ownCloud Admin Page Unspecified Security Bypass Vulnerability

http://www.securityfocus.com/bid/63926


Zimbra Collaboration Server Unspecified Vulnerability

https://secunia.com/advisories/56138


Python Hash Collision Denial of Service Vulnerability

https://secunia.com/advisories/55955