End-of-Shift report
Timeframe: Montag 26-08-2013 18:00 − Dienstag 27-08-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
[Video] ThreatVlog, Episode 1: Tor and Apple exploits revealed
What is Tor? Is it really secure? What about the Apple App Store approval process? Are all these applications really looked at? In today's episode, Grayson Milbourne covers the exploitation of the Tor network through Firefox and a proof of concept showing just how insecure Apple app testing can be.
http://blog.webroot.com/2013/08/20/tor-and-apple-exploits-revealed/
[Video] ThreatVlog, Episode 2: Keyloggers and your privacy
Commercial and black hat keyloggers can infect any device, from your PC at home to the phone in your hand. What exactly are these programs trying to steal? How can this data be used harmfully against you? And what can you do to protect all your data and devices from this malicious data gathering? In...
http://blog.webroot.com/2013/08/26/video-threatvlog-episode-2-keyloggers-and-your-privacy/
"thereisnofatebutwhatwemake" - Turbo-charged cracking comes to long passwords
Cracking really long passwords just got a whole lot faster and easier.
http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/
Feature Phone Hack Can Block Calls, Texts On Some Networks
Trailrunner7 writes, quoting Threat Post "By tweaking the firmware on certain kinds of phones, a hacker could make it so other phones in the area are unable to receive incoming calls or SMS messages, according to research presented at the USENIX Security Symposium. The hack involves modifying the baseband processor on some Motorola phones and tricking some older 2G GSM networks into not delivering calls and messages. By watching the messages sent from phone towers and not delivering them
http://it.slashdot.org/story/13/08/26/2254224/feature-phone-hack-can-block-calls-texts-on-some-networks
Patch Management Guidance from NIST, (Tue, Aug 27th)
The National Institute of Standards and Technology (NIST) released a new version of guidance around Patch Management last week, NIST SP800-40. The latest release takes a broader look at etnerprise patch management than the previous version, so well worth the read. Patch Management is clearly called out as a "Quick Win" in Critical Control #3 "Secure Configurations for Hardware and Software". Additionally, Patch Management is something that is required by many of the cyber
http://isc.sans.edu/diary.html?storyid=16445&rss
NSA: Hardening Tips For Mac OS X
....The National Security Agency (NSA) offers "Hardening Tips for Mac OS X" a tri-fold security brochure for the agencys Information Assurance Mission. Its packed with useful tips...... Siehe auch:
http://www.nsa.gov/ia/_files/factsheets/macosx_10_6_hardeningtips.pdf
http://www.nsa.gov/ia/_files/factsheets/macosx_hardening_tips.pdf
The SCADA That Cried Wolf: Who's Really Attacking Your ICS Devices- Part 2
The concern on ICS/SCADA security gained prominence due to high-profile attacks targeting these devices, most notably Flame and Stuxnet. However, we noted recent findings, which prove that the interest in ICS/SCADA devices as attack platforms is far from waning. We've all read about how insecure ICS/SCADA devices are and how certain threat actors are targeting...
http://blog.trendmicro.com/trendlabs-security-intelligence/the-scada-that-cried-wolf-whos-really-attacking-your-ics-devices-part-2/
Malware-Erkennung für Medizingeräte
US-Informatiker wollen über Veränderungen im Stromverbrauch von Medizingeräten Datenschädlinge im Gesundheitsbereich feststellen.
http://www.heise.de/security/meldung/Malware-Erkennung-fuer-Medizingeraete-1934978.html
Security Bulletin: IBM Notes & Domino fixes for multiple vulnerabilities in IBM JRE
IBM Notes and Domino are vulnerable to multiple attacks listed in the Oracle Java SE Critical Patch Update Advisories (February, April and June 2013) as well as miscellaneous client-side attacks listed below. The repaired IBM JRE is available in Notes and Domino 8.5.3 Fix Pack 5 and is also planned for Notes and Domino 9.0.1. CVE(s): CVE-2013-0464, CVE-2012-3325, and CVE-2011-4858 Affected product(s) and affected version(s): IBM Notes and Domino 9.0 IBM Notes and Domino 8.5.x IBM Notes and...
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_notes_domino_fixes_for_multiple_vulnerabilities_in_ibm_jre1?lang=en_us
Security Bulletin: IBM Notes & Domino fixes for multiple vulnerabilities in IBM JRE
IBM Notes and Domino are vulnerable to multiple attacks listed in the Oracle Java SE Critical Patch Update Advisories (February, April and June 2013) as well as miscellaneous client-side attacks listed below. The repaired IBM JRE is available in Notes and Domino 8.5.3 Fix Pack 5 and is also planned for Notes and Domino 9.0.1. CVE(s): CVE-2013-0809, CVE-2013-1493, CVE-2013-3012, CVE-2013-3011, CVE-2013-3010, CVE-2013-3009, CVE-2013-3008, CVE-2013-3007, CVE-2013-3006, CVE-2013-2455, and
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_notes_domino_fixes_for_multiple_vulnerabilities_in_ibm_jre2?lang=en_us
Security Bulletin: IBM Security SiteProtector System can be affected by a vulnerability in the IBM Eclipse Help System (IEHS) (CVE-2013-0467)
IBM Security SiteProtector System can be affected by a vulnerability in the IBM Eclipse Help System (IEHS). This vulnerability could allow a remote attacker to obtain the source code of the Help System. CVE(s): and CVE-2013-0467 Affected product(s) and affected version(s): IBM Security SiteProtector System: 2.8.1 and 2.9 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21647392
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_security_siteprotector_system_can_be_affected_by_a_vulnerability_in_the_ibm_eclipse_help_system_iehs_cve_2013_0467?lang=en_us
Security Bulletin: IBM Content Collector - Eclipse Help System Cross Site Scripting Vulnerability (CVE-2013-0464)
Cross-Site Scripting vulnerability exists in IBM Eclipse Help System, a component bundled with IBM Content Collector, which is used to display the IBM Content Collector help content. CVE(s): and CVE-2013-0464 Affected product(s) and affected version(s): IBM Content Collector 3.0 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21646473 X-Force Database:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_content_collector_eclipse_help_system_cross_site_scripting_vulnerability_cve_2013_0464?lang=en_us
IBM Lotus iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028954
Sixnet Universal Protocol Undocumented Function Codes
OVERVIEW: This updated advisory is a follow-up to the original advisory titled ICSA-13-231-01 Sixnet Universal Protocol Undocumented Function Codes that was published August 19, 2013, on the ICS-CERT Web page. Independent researcher Mehdi Sabraoui has identified undocumented function codes in Sixnet's universal protocol. Sixnet has produced a new version of the remote terminal unit (RTU) firmware that mitigates this vulnerability.
http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01A
RoundCube Webmail Edit Email Script Insertion Vulnerability
https://secunia.com/advisories/54536
IBM DB2 / DB2 Connect Unspecified Security Bypass Vulnerability
https://secunia.com/advisories/54644
Atlassian 4.x Confluence Sensitive Information Leakage
Topic: Atlassian 4.x Confluence Sensitive Information Leakage Risk: Low Text:Since vendor does not seem to care about this issue more than a year after initial report (
https://jira.atlassian.com/browse/C...
http://cxsecurity.com/issue/WLB-2013080213