End-of-Shift report
Timeframe: Montag 27-01-2014 18:00 − Dienstag 28-01-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Making Your Printer Say "Feed Me a Kitten" and Also Exfiltrate Sensitive Data
As of this last release, PJL (HP's Printer Job Language) is now a grown-up Rex::Proto protocol! Since extending a protocol in Metasploit is beyond the scope of this post, we'll just be covering how to use the PoC modules included with the new protocol. Feel free to dig around in lib/rex/proto/pjl*, though!
https://community.rapid7.com/community/metasploit/blog/2014/01/23/hacking-printers-with-metasploit
Coordinated malware eradication
Today, as an industry, we are very effective at disrupting malware families, but those disruptions rarely eradicate them. Instead, the malware families linger on, rearing up again and again to wreak havoc on our customers. To change the game, we need to change the way we work. It is counterproductive when you think about it. The antimalware ecosystem encompasses many strong groups: security vendors, service providers, CERTs, anti-fraud departments, and law enforcement. Each group uses their...
https://blogs.technet.com/b/mmpc/archive/2014/01/27/industry-needs-to-work-together-to-eradicate-malware.aspx
Trustworthy electronic signatures, secure e-Government and trust: the way forward for improving EU citizens' trust in web services, outlined by EU Agency ENISA
The EU's cyber security Agency, ENISA, is publishing a series of new studies about the current security practices of Trust Service Providers (TSPs) and recommendations for improving cross-border trustworthiness and interoperability for the new regulated TSPs and for e-Government services using them.
http://www.enisa.europa.eu/media/press-releases/trustworthy-electronic-signatures-secure-e-government-and-trust-the-way-forward-for-improving-eu-citizens2019-trust-in-web-services-outlined-by-eu-agency-enisa
Android VPN redirect vuln now spotted lurking in Kitkat 4.4
Now may be a good time to check this out, says securo-bod Israeli researchers who specialise in ferreting out Android vulns have discovered a new flaw in KitKat 4.4 that allows an attacker to redirect secure VPN traffic to a third-party server.
http://go.theregister.com/feed/www.theregister.co.uk/2014/01/28/android_vpn_vuln_also_in_kitkat_44/
File Infectors and ZBOT Team Up, Again
File infectors and ZBOT don't usually go together, but we recently saw a case where these two kinds of threats did. This particular file infector - PE_PATNOTE.A - appends its code to all executable files on the infected system,...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/n_0oP1-kYzo/
Login-Diebstahl: Warnung vor manipuliertem Filezilla-Client
Avast warnt vor manipulierten Programmversionen des beliebten Filezilla-Clients. Wer die falsche Version des FTP-Programms nutzt, gibt Kriminellen die Zugangsdaten für die verwendeten FTP-Server. Betroffen sind nur Anwender, die Filezilla von der falschen Quelle heruntergeladen haben.
http://www.golem.de/news/login-diebstahl-warnung-vor-manipuliertem-filezilla-client-1401-104213-rss.html
Blog: A cross-platform java-bot
Early this year, we received a malicious Java application for analysis, which turned out to be a multi-platform bot capable of running on Windows, Mac OS and Linux. The bot was written entirely in Java. The attackers used vulnerability CVE-2013-2465 to infect users with the malware.
http://www.securelist.com/en/blog/8174/A_cross_platform_java_bot
DDoS attacks become smarter, faster and more severe
DDoS attacks will continue to be a serious issue in 2014 - as attackers become more agile and their tools become more sophisticated, according to Radware. Their report was compiled using data from over 300 cases and the Executive Survey consisting of personal interviews with 15 high-ranking security executives.
http://www.net-security.org/secworld.php?id=16268
Worldwide Infrastructure Security Report
Arbor's annual Worldwide Infrastructure Security Report offers unique insight from network operators on the front lines in the global battle against network threats.
http://www.arbornetworks.com/resources/infrastructure-security-report
SI6 Networks IPv6 Toolkit
A security assessment and troubleshooting tool for the IPv6 protocols
http://www.si6networks.com/tools/ipv6toolkit/
Security Bulletin: Multiple vulnerabilities in IBM QRadar SIEM (CVE-2014-0838, CVE-2014-0835, CVE-2014-0836, CVE-2014-0837)
Multiple vulnerabilities exist in the AutoUpdate settings page and the AutoUpdate process within the IBM QRadar SIEM that when used together could result in remote code execution.
https://www-304.ibm.com/support/docview.wss?uid=swg21663066
VU#686662: Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities
Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. If users have not deployed either of these filters then they are not affected.
http://www.kb.cert.org/vuls/id/686662
VU#863369: Mozilla Thunderbird does not adequately restrict HTML elements in email message content
Mozilla Thunderbird does not adequately restrict HTML elements in email content, which could allow an attacker to execute arbitrary script when a specially-crafted email message is forwarded or replied to.
http://www.kb.cert.org/vuls/id/863369