End-of-Shift report
Timeframe: Donnerstag 12-09-2013 18:00 − Freitag 13-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
Symantec to start revoking customers SSL certificates by October 1
... Symantec will revoke SSL certificates that are using something other than 2048-bit keys.
The security giant is making this move as a preemptive measure against the pending December 31 deadline imposed by the Certification Authority/Browser (CA/B) Forum and the National Institute of Standards and Technology (NIST) for Certificate Authorities to halt the issue of 1024-bit certificates.
http://www.csoonline.com/article/739590/symantec-to-start-revoking-customer-s-ssl-certificates-by-october-1?source=rss_application_security
Verdacht auf Zero-Day-Lücke in OpenX und Revive
Wie heise berichtet, gibt es aktuell einen Verdacht auf eine Zero-Day-Lücke in der Ad-Server-Software OpenX (und dem Fork Revive). Diese wird angeblich auch bereits aktiv ausgenützt. Wir können das mangels Detailwissen nicht nachvollziehen, und haben bisher auch keine anderen Meldungen über aktive Ausnutzung dieser Lücke gehört.
http://www.cert.at/services/blog/20130912163815-950.html
Debian update for mediawiki
Debian has issued an update for mediawiki. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information.
https://secunia.com/advisories/54787
Apple veröffentlicht OS X 10.8.5
Die jüngste Mountain-Lion-Version soll unter anderem Probleme bei Apple Mail und Dateitransfers über 802.11ac lösen. Außerdem wurden Sicherheitsupdates für Lion und Snow Leopard veröffentlicht.
http://www.heise.de/security/meldung/Apple-veroeffentlicht-OS-X-10-8-5-1955905.html
WordPress Multiple Vulnerabilities
A weakness, a security issue, and a vulnerability have been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system and by malicious people to conduct spoofing attacks.
https://secunia.com/advisories/54803
IBM WebSphere Message Broker Information Center Multiple Vulnerabilities
A security issue and a vulnerability have been reported in IBM WebSphere Message Broker, which can be exploited by malicious people to disclose certain sensitive information and conduct cross-site scripting attacks.
https://secunia.com/advisories/54835
Stealthy Dopant-Level Hardware Trojans
DoctorBit writes "A team of researchers funded in part by the NSF has just published a paper in which they demonstrate a way to introduce hardware Trojans into a chip by altering only the dopant masks of a few of the chips transistors. From the paper: Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/wd-ZoysTfmA/story01.htm
Cisco Unified MeetingPlace Cross-Site Request Forgery Vulnerability
A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site request forgery attacks.
https://secunia.com/advisories/54768
Security Bulletin: Vulnerability in IBM Analytical Decision Management (CVE-2013-4047, CVE-2013-4048, CVE-2013-4049 & CVE-2013-5369)
Vulnerabilities have been identified in IBM Analytical Decision Management which make the product vulnerable to attacks using script injection and remote code execution.
http://www-01.ibm.com/support/docview.wss?uid=swg21648929
Rootkit Cafe
Have you ever wondered about the ads you might have seen being shown on the desktop or in the browser during web browsing sessions at Internet cafes? One of our Analysts, Wayne, certainly did.He recently analyzed a sample (SHA1: c8c643df81df5f60d5cd8cf46cb3902c5f630e96) that gave him an interesting answer. The sample was a rootkit named in its code as LanEx, though we detect it as Rootkit:W32/Sfuzuan.A:Wayne traced the sample back to an advertising company in China called 58wangwei that runs an
http://www.f-secure.com/weblog/archives/00002607.html
D-Link DIR-505 Wireless Router Security Bypass Security Issue
Alessandro Di Pinto has reported a security issue in D-Link DIR-505 Wireless Router, which can be exploited by malicious people to bypass certain security restrictions.
https://secunia.com/advisories/54752
Server Security Scan for WordPress
Server Security Scan checks WordPress installations for unsafe PHP settings and functions, write permissions of directories, errors and error levels, and the presence of security modules. It's worth noting that the tool doesn't fix any of the found issues.
http://news.softpedia.com/news/Security-App-of-the-Week-Server-Security-Scan-for-WordPress-382348.shtml