End-of-Shift report
Timeframe: Donnerstag 09-01-2014 18:00 − Freitag 10-01-2014 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
Understanding and mitigating NTP-based DDoS attacks
Over the last couple of weeks you may have been hearing about a new tool in the DDoS arsenal: NTP-based attacks. These have become popular recently and caused trouble for some gaming web sites and service providers. Wed long thought that NTP might become a vector for DDoS attacks because, like DNS, it is a simple UDP-based protocol that can be persuaded to return a large reply to a small request. Unfortunately, that prediction has come true.
http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks
Advance Notification for January 2014 - Version: 1.0
This is an advance notification of security bulletins that Microsoft is intending to release on January 14, 2014.
This bulletin advance notification will be replaced with the January bulletin summary on January 14, 2014. For more information about the bulletin advance notification service, see...
http://technet.microsoft.com/en-us/security/bulletin/ms14-jan
Oracle Critical Patch Update Pre-Release Announcement - January 2014
This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2014, which will be released on Tuesday, January 14, 2014. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Prenotification Security Advisory for Adobe Reader and Acrobat
Adobe is planning to release security updates on Tuesday, January 14, 2014 for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh.
http://helpx.adobe.com/security/products/reader/apsb14-01.html
Adobe, Microsoft und Oracle zelebrieren ersten Patchday des Jahres
Kommenden Dienstag ist es wieder soweit. Adobe will kritische Lücken in Acrobat und Adobe Reader schließen, Microsoft unter anderem eine Windows-Lücke, die bereits seit November vergangenen Jahres ausgenutzt wird.
http://www.heise.de/security/meldung/Adobe-Microsoft-und-Oracle-zelebrieren-ersten-Patchday-des-Jahres-2082651.html
Tackling the Sefnit botnet Tor hazard
Sefnit, a prevailing malware known for using infected computers for click fraud and bitcoin mining, has left millions of machines potentially vulnerable to future attacks. We recently blogged about Sefnit performing click fraud and how we added detection on the upstream Sefnit installer. In this blog we explain how the Tor client service, added by Sefnit, is posing a risk to millions of machines, and how we are working to address the problem. Win32/Sefnit made headlines last August as it took...
http://blogs.technet.com/b/mmpc/archive/2014/01/09/tackling-the-sefnit-botnet-tor-hazard.aspx
Schon wieder hunderttausende Kundendaten durch xt:Commerce-Lücke geklaut
Eine weitere Sicherheitslücke in xt:Commerce 3 und einigen der Nachfolger wird derzeit ausgenutzt, um die Namen, Mail-Adressen und Passwort-Hashes in Online-Shops zu entwenden. Betroffen sind über 230.000 Kunden vor allem aus Deutschland und Österreich.
http://www.heise.de/security/meldung/Schon-wieder-hunderttausende-Kundendaten-durch-xt-Commerce-Luecke-geklaut-2083403.html
Cisco Context Directory Agent Multiple Vulnerabilities
Multiple vulnerabilities have been reported in Cisco Context Directory Agent, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and manipulate certain data.
https://secunia.com/advisories/56365