End-of-Shift report
Timeframe: Dienstag 30-09-2014 18:00 − Mittwoch 01-10-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
How RAM Scrapers Work: The Sneaky Tools Behind the Latest Credit Card Hacks
In the world of hacking, every malicious tool has its heydaythat period when it rules the underground forums and media headlines and is the challenger keeping computer security pros on their toes. Viruses and worms have each had their day in the spotlight. Remote-access Trojans, which allow a hacker to ..
http://www.wired.com/2014/09/ram-scrapers-how-they-work/
Node.js eval() code execution
Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of input prior to being used in an eval() call. An attacker could exploit this vulnerability to inject and execute arbitrary PHP code on the system.
http://xforce.iss.net/xforce/xfdb/96728
Advertising firms struggle to kill malvertisements
One provider finds a vulnerable advertising tool that allowed attackers access ..
http://arstechnica.com/security/2014/09/advertising-firms-struggle-to-kill-malvertisements/
Gedanken nach meinem shellshock
Zum Thema Shellshock ist mir heute nach diesem Artikel wiederholt richtig klar geworden, dass das ganze dieses mal nicht so einfach ist wie Heartbleed - die Diversität mit der sich bash bugs (bzw. shell mis-interpretationen) verstecken ist interessant!Nach lesen des Artikels kann man sich ..
http://www.cert.at/services/blog/20140930221128-1263.html
Several vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting and Cross-Site Request Forgery.
http://www.typo3.org/news/article/several-vulnerabilities-in-extension-phpmyadmin-phpmyadmin/
Splunk Enterprise 6.1.4 and 5.0.10 address four vulnerabilities
Splunk Enterprise versions 6.1.4 and 5.0.10 address the following vulnerabilities: OpenSSL TLS protocol downgrade attack (SPL-88585, SPL-88587, SPL-88588, CVE-2014-3511) Persistent cross-site scripting (XSS) via ..
http://www.splunk.com/view/SP-CAAANHS
Attackers exploiting Shellshock (CVE-2014-6721) in the wild
Yesterday, a new vulnerability affecting Bash (CVE-2014-6271) was published. The new vulnerability allows attackers to execute arbitrary commands formatting an environmental variable using a specific format. It affects Bash (the Bourne Again SHell), the default command shell for Linux and ..
https://www.alienvault.com/open-threat-exchange/blog/attackers-exploiting-shell-shock-cve-2014-6721-in-the-wild
TimThumb is No Longer Supported or Maintained
http://www.binarymoon.co.uk/2014/09/timthumb-end-life/
Multiple vulnerabilities in HP products
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04467807
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c0446829
Multiple product vulnerabilities: all TP-Link "2-series" switches, all TP-Link VxWorks-based product
Telnet is available and cannot be disabled (confirmed by vendor) SSHv1 enabled by default if SSH is enabled (confirmed by vendor)
http://seclists.org/fulldisclosure/2014/Oct/6
SchneiderWEB Server Directory Traversal Vulnerability
This advisory provides firmware updates for a directory traversal vulnerability in Schneider Electric's SchneiderWEB, a web HMI.
https://ics-cert.us-cert.gov//advisories/ICSA-14-273-01
Rockwell Micrologix 1400 DNP3 DOS Vulnerability
This advisory provides a Rockwell Automation firmware revision that mitigates ..
https://ics-cert.us-cert.gov//advisories/ICSA-14-254-02
Firefox/Chrome: BERserk hätte verhindert werden können
Die Sicherheitslücke BERserk ist nur deshalb ein Problem, weil einige Zertifizierungsstellen sich nicht an gängige Empfehlungen für RSA-Schlüssel halten. Mit BERserk akzeptieren Firefox und Chrome gefälschte Zertifikate.
http://www.golem.de/news/firefox-chrome-berserk-haette-verhindert-werden-koennen-1410-109566-rss.html
Studie: Malware ist Hauptgefährdung für Unternehmens-IT
Laut der aktuellen /Microsoft-Sicherheitsstudie hat die Bedrohung der Unternehmens-IT durch Malware die bisherige Nummer ..
http://www.heise.de/security/meldung/Studie-Malware-ist-Hauptgefaehrdung-fuer-Unternehmens-IT-2409557.html
Sicherheitslücke in Xen-Hypervisor betraf Cloud-Anbieter
Ein Programmierfehler in der Virtualisierungssoftware zwang Amazon und Rackspace, zahlreiche virtuelle Maschinen neu zu starten. Inzwischen ist die Lücke in der freien Software geschlossen.
http://www.heise.de/security/meldung/Sicherheitsluecke-in-Xen-Hypervisor-betraf-Cloud-Anbieter-2409800.html
Critical FreePBX RCE Vulnerability (ALL Versions)
We have been made aware of a critical Zero-Day Remote Code Execution and Privilege Escalation exploit within the legacy 'FreePBX ARI Framework module/Asterisk Recording Interface (ARI)'. This affects any user who has installed FreePBX prior to version ..
http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions/24536