End-of-Shift report
Timeframe: Dienstag 21-01-2014 18:00 − Mittwoch 22-01-2014 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
[2014-01-22] Backdoor account & command injection vulnerabilities in Allnet IP-Cam ALL2281
The IP camera Allnet ALL2281 is affected by critical vulnerabilities that allow an attacker to gain access to the webinterface via a backdoor account. Furthermore, executing arbitrary OS commands is possible.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140122-1_Allnet_IP-Cam_ALL2281_Backdoors_and_OS_command_execution_v10.txt
Feodo Tracker kämpft gegen Rechnungs-Spam
Das Feodo-Botnet beschert Deutschland aktuell massenhaft Viren-Spam – vermeintlich im Namen bekannter Mobilfunkprovider und Banken. Der Feodo-Tracker sammelt Indizien, um das Spam-Netzwerk zu bremsen.
http://www.heise.de/security/meldung/Feodo-Tracker-kaempft-gegen-Rechnungs-Spam-2092934.html
Security Bulletins: Citrix XenServer Multiple Security Updates
A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.2 Service Pack 1.
The following vulnerabilities have been addressed: CVE-2013-4494, CVE-2013-4554, CVE-2013-6885
http://support.citrix.com/article/CTX140038
Security Bulletins: Citrix XenClient XT Multiple Security Updates
A number of security vulnerabilities have been identified in Citrix XenClient XT. These vulnerabilities affect all currently supported versions of Citrix XenClient XT up to and including version 3.2.
The following vulnerabilities have been addressed: CVE-2013-4355, CVE-2013-4370, CVE-2013-4416, CVE-2013-4494, CVE-2013-4554
http://support.citrix.com/article/CTX139624
SSL Labs: Stricter security requirements for 2014
Today, were releasing a new version of SSL Rating Guide as well as a new version of SSL Test to go with it. Because the SSL/TLS and PKI ecosystem continues to move at a fast pace, we have to periodically evaluate our rating criteria to keep up.
http://blog.ivanristic.com/2014/01/ssl-labs-stricter-security-requirements-for-2014.html
[2014-01-22] Critical vulnerabilities in T-Mobile HOME NET Router LTE (Huawei B593u-12)
Attackers are able to completely compromise the T-Mobile Austria HOME NET router (based on Huawei B593u-12) without prior authentication. Depending on the configuration of the router it is also possible to exploit the flaws directly from the Internet.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140122-0_T-Mobile_HOMENET_LTE_Huawei_B593_Router_critical_vulnerabilities_wo_poc_v10.txt
Digitally signed data-stealing malware targets Mac users in "undelivered courier item" attack
Our colleagues at SophosLabs pointed us at a interesting item of malware the other day, namely a data-stealing Trojan aimed at Mac users. In fact, it was somewhat more than that: it was one of those "undelivered courier item" emails linking to a dodgy web server that guessed whether you were running Windows or OS X, and targeted you accordingly.
http://nakedsecurity.sophos.com/2014/01/21/data-stealing-malware-targets-mac-users-in-undelivered-courier-item-attack/
Cisco TelePresence System Software Command Execution Vulnerability
Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon (SSCD) code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts
Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability
Cisco TelePresence Video Communication Server (VCS) contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the failure of several critical processes which may cause active call to be dropped and prevent users from making new calls until the affected system is reloaded.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs
Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability
Cisco TelePresence ISDN Gateway contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the drop of the data channel (D-channel), causing all calls to be terminated and preventing users from making new calls.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-isdngw