End-of-Shift report
Timeframe: Mittwoch 29-01-2014 18:00 − Donnerstag 30-01-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
New Clues in the Target Breach
An examination of the malware used in the Target breach suggests that the attackers may have taken advantage of a poorly secured feature built into a widely-used IT management software product that was running on the retailers internal network.
http://krebsonsecurity.com/2014/01/new-clues-in-the-target-breach/
How to Debug DKIM, (Wed, Jan 29th)
DKIM is one way to make it easier for other servers to figure out if an e-mail sent on behalf of your domain is spoofed. Your mail server will add a digital signature to each email authenticating the source. This isnt as good a signing the entire e-mail, but it is a useful tool to at least validate the domain used as part of the "From" header. The problem is that DKIM can be tricky to debug. If you have mail rejected, it is useful to be able to manually verify what went wrong. For
http://isc.sans.edu/diary.html?storyid=17528
Honey Encryption Tricks Hackers with Decryption Deception
Honey Encryption is an encryption tool in the works that fools an attacker with bogus decrypted data that looks like it could be a plausible guess at an encryption key or password.
http://threatpost.com/honey-encryption-tricks-hackers-with-decryption-deception/103950
Attacker extorts coveted Twitter username in elaborate social engineering scheme
Naoki Hiroshima recently relinquished to an attacker a prized possession that he owned since 2007: a very rare Twitter username so coveted that not only have people tried to steal it, but one person offered $50,000 for it.
http://www.scmagazine.com//attacker-extorts-coveted-twitter-username-in-elaborate-social-engineering-scheme/article/331675/
Security 101 fail: 3G/4G modems expose control panels to hackers
Embedded kit depressingly riddled with cross-site request forgery vulns, says researcher Vulnerabilities in a number of 3G and 4G USB modems can be exploited to steal login credentials - or rack up victims mobile bills by sending text messages to premium-rate numbers - a security researcher warns.
http://go.theregister.com/feed/www.theregister.co.uk/2014/01/30/3gmodem_security_peril/
Energy: cyber security is crucial for protection against threats for smart grids which are key for energy availability claims EU cyber security Agency in new report
The EU's cyber security agency ENISA signals that assessing the threats for smart grids is crucial for their protection and is therefore a key element in ensuring energy availability.
http://www.enisa.europa.eu/media/press-releases/energy-cyber-security-is-crucial-for-protection-against-threats-for-smart-grids-which-are-key-for-energy-availability-claims-eu-cyber-security-agency-in-new-report
Code-Einschleusung durch MediaWiki-Lücke
In der beliebten Wiki-Software klafft eine kritische Lücke, durch die Angreifer den Server kompromittieren können. Gepatchte Versionen sorgen für Abhilfe.
http://www.heise.de/security/meldung/Code-Einschleusung-durch-MediaWiki-Luecke-2099852.html
Windows-Taskmanager Process Explorer 16 mit Einbindung von VirusTotal
Die nun erschienene Version 16 des Process Explorer befragt auf Wunsch den web-basierten Multi-Scanner VirusTotal. Dort prüfen rund 50 Virenscanner, ob eine Datei gefährlich ist.
http://www.heise.de/security/meldung/Windows-Taskmanager-Process-Explorer-16-mit-Einbindung-von-VirusTotal-2101852.html
Critical infrastructure hack data found in public domain
Data available from mainstream online media - such as blogs, social networking websites, and specialist online publications - could be used by malevolent agents to mount a cyber-attack on UK critical national infrastructure (CNI), the findings of an investigative assessment to be presented next week will warn.
http://eandt.theiet.org/news/2014/jan/ics-security.cfm
Pidgin Multiple Vulnerabilities
Multiple vulnerabilities have been reported in Pidgin, which can be exploited by malicious people to compromise a user's system.
https://secunia.com/advisories/56693
Bugtraq: SimplyShare v1.4 iOS - Multiple Web Vulnerabilities
The Vulnerability Laboratory Research Team discovered multiple web vulnerabilities in the official SimplyShare v1.4 iOS mobile application.
http://www.securityfocus.com/archive/1/530906
OTRS Security Advisory 2014-01 - CSRF issue in customer web interface
An attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks.
https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/
OTRS Security Advisory 2014-02 - SQL injection issue
Affected by this vulnerability are all releases of OTRS 3.1.x up to and including 3.1.18, 3.2.x up to and including 3.2.13 and 3.3.x up to and including 3.3.3.
https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/
VLC Media Player RTSP Processing "parseRTSPRequestString()" Buffer Overflow Vulnerability
A vulnerability has been discovered in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
https://secunia.com/advisories/56676
SA-CONTRIB-2014-007 - Services - Multiple access bypass vulnerabilities
Advisory ID: DRUPAL-SA-CONTRIB-2014-007
Project: Services (third-party module)
Version: 7.xDate: 2014-January-29
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Multiple access bypass vulnerabilitiesDescriptionThis module enables you to expose an API to third party systems using REST, XML-RPC or other protocols.The form API provides a method for developers to submit forms programmatically using the function drupal_form_submit(). During programmatic form submissions, all access...
https://drupal.org/node/2184843
SA-CONTRIB-2014-008 - Tribune - Cross Site Scripting (XSS)
Advisory ID: DRUPAL-SA-CONTRIB-2014-008
Project: Tribune (third-party module)Version: 6.x, 7.xDate: 2014-January-29
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting
DescriptionA tribune is a type of chatroom.The module doesnt sufficiently filter user provided text from Tribune node titles.This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create a Tribune node.
https://drupal.org/node/2184845