End-of-Shift report
Timeframe: Mittwoch 18-09-2013 18:00 − Donnerstag 19-09-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
Security Bulletin: Buffer Overflow Vulnerability in IBM iNotes (CVE-2013-4068)
IBM iNotes 8.5.3 and 9.0 are at risk from a buffer overflow vulnerability. The fix for this issue is available in IBM Domino 8.5.3 Fix Pack 5 Interim Fix 1 and IBM Domino 9.0 Interim Fix 4.
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_buffer_overflow_vulnerability_in_ibm_inotes_cve_2013_4068?lang=en_us
Cisco DCNM Update Released, (Wed, Sep 18th)
We continue to see web applications deployed to manage datacenter functions. And Im sorry to say, we continue to see security issues in these applications - some of them so simple a quick run-through with Burp or ZAP would red-flag them. In that theme, today Cisco posts updates to DCNM (Cisco Prime Data Center Network Manager).
http://isc.sans.edu/diary.html?storyid=16613&rss
How to avoid unwanted software
We've all seen it; maybe it's on your own computer, or that of a friend, your spouse, child, or parent. Your home page has been changed to some search engine you've never heard of, there's a new, annoying toolbar in your browser. Maybe you're getting popup ads or have a rogue security product claiming you're infected and asking you to buy the program to remove the infection. Even worse, you don't know how it got there!
http://www.webroot.com/blog/2013/09/18/avoid-unwanted-software/
More Goodies in the Apple Security Update Basket!, (Wed, Sep 18th)
APPLE-SA-2013-09-18-3 An OSX update that fixes a situation where the hostname in a certificate is not checked against the actual hostname. This vulnerability means that anyone with a valid certificate can impersonate any host - lots of attack applications in this, when combined with MITM or DNS hijack attacks APPLE-SA-2013-09-18-2 An absolute TON of updates for IOS, which should be no surprise in a new version.
http://isc.sans.edu/diary.html?storyid=16619&rss
Cisco NX-OS BGP Regex Processing Flaw Lets Remote Users Deny Service
Cisco NX-OS BGP Regex Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029048
Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE
This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment (JRE) included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security vulnerabilities reported in Oracles Critical Patch Update releases of April and June 2013.
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_operational_decision_manager_and_websphere_ilog_jrules_multiple_security_vulnerabilities_in_ibm_jre?lang=en_us
Security Bulletin: IBM Tivoli Monitoring Basic Services Vulnerabilities (CVE-2013-2960, CVE-2013-2961 , CVE-2013-0548, CVE-2013-0551)
Several vulnerabilites have been resolved in the Basic Services component of IBM Tivoli Monitoring. These vulnerabilies could have potentially caused a denial of service or Cross Site Scripting (XSS) exposure. CVE(s): CVE-2013-2960, CVE-2013-2961, CVE-2013-0548, and CVE-2013-0551
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_tivoli_monitoring_basic_services_vulnerabilities_cve_2013_2960_cve_2013_2961_cve_2013_0548_cve_2013_05511?lang=en_us
Bugtraq: Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
http://www.securityfocus.com/archive/1/528721
New IE Zero Day is Actively Exploited In Targeted Attacks
Right after a week from September Patch Tuesday, Microsoft had to rush a "Fix It" workaround tool to address a new zero-day Internet Explorer vulnerability (CVE-2013-3893), which is reportedly being actively exploited in certain targeted attacks. As Microsoft advised, the said exploit is targeting a Use After Free Vulnerability in IE's HTML rendering engine (mshtml.dll).
http://blog.trendmicro.com/trendlabs-security-intelligence/new-ie-zero-day-is-actively-exploited-in-targeted-attacks/
Drupal Google Site Search 6.x / 7.x Cross Site Scripting
Topic: Drupal Google Site Search 6.x / 7.x Cross Site Scripting Risk: Low Text:View online:
https://drupal.org/node/2092395 * Advisory ID: DRUPAL-SA-CONTRIB-2013-077 * Project: Google Site Search [1...
http://cxsecurity.com/issue/WLB-2013090133
Hidden Lynx
Symantec hat eine Hackergruppe aufgespürt, die hunderte Organisationen angegriffen haben soll.
http://www.heise.de/newsticker/meldung/Hidden-Lynx-Raffinierte-Auftrags-Hacker-mit-Geduld-1960682.html
EvilGrab Malware Family Used In Targeted Attacks In Asia
Recently, we spotted a new malware family that was being used in targeted attacks the EvilGrab malware family. It is called EvilGrab due to its behavior of grabbing audio, video, and screenshots from affected machines. The most common arrival vector for EvilGrab malware is spear phishing messages with malicious Microsoft Office Attachments.
http://blog.trendmicro.com/trendlabs-security-intelligence/evilgrab-malware-family-used-in-targeted-attacks-in-asia/
ENISA Threat Landscape mid year 2013
ENISA today presented its list of top cyber threats, as a first "taste" of its interim Threat Landscape 2013 report. The study analyses 50 reports, and identifies an increase in threats to: infrastructure through targeted attacks; mobile devices; and social media identity thefts carried out by cyber-criminals over Cloud services.
https://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-threat-landscape-mid-year-2013/
Apple schließt kritische iTunes-Lücke
Das Update auf iTunes-Version 11.1 bringt nicht nur den Streaming-Dienst "iTunes Radio" mit, es schließt auch Schwachstelle im ActiveX-Plug-in.
http://www.heise.de/newsticker/meldung/Apple-schliesst-kritische-iTunes-Luecke-1961373.html
Apple Xcode GIT "git-imap-send" SSL Certificate Verification Security Issue
Apple Xcode GIT "git-imap-send" SSL Certificate Verification Security Issue
https://secunia.com/advisories/54887
iOS 7 Security Prompts
Apples iOS 7 was released yesterday. And it has some nice new security prompts...
http://www.f-secure.com/weblog/archives/00002610.html