End-of-Shift report
Timeframe: Montag 06-10-2014 18:00 − Dienstag 07-10-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Confusion over SSL and 1024 bit keys, (Tue, Oct 7th)
Yesterday and today, a post on reddit.org caused quite a bit of uncertainty about the security of 1024 bit RSA keys if used with OpenSSL. The past referred to a presentation given at a cryptography conference, stating that 1024 Bit SSL keys can be factored with moderate resources ("20 minutes on a Laptop"). It was suggested that this is at least in part due to a bug in OpenSSL, which according to the post doesnt pick the random keys from the entire space available. It looks more and...
https://isc.sans.edu/diary.html?storyid=18775&rss
Yahoo says attackers looking for Shellshock found a different bug
Yahoo said Monday it has fixed a bug that was mistaken for the Shellshock flaw, but no user data was affected.Three of the companys servers with APIs (application programming interfaces) that provide live streaming for its Sports service "had malicious code executed on them this weekend by attackers looking for vulnerable Shellshock servers," wrote Alex Stamos, Yahoos chief information security officer.Stamos wrote on the Hacker News website that the servers had been patched after the...
http://www.csoonline.com/article/2692375/security/yahoo-says-attackers-looking-for-shellshock-found-a-different-bug.html#tk.rss_applicationsecurity
Tyupkin Malware Infects ATMs Worldwide
The Tyupkin malware, spotted on ATMs in Eastern Europe, allows criminals to make withdrawals of 40 banknotes at a time, researchers at Kaspersky Lab said.
http://threatpost.com/tyupkin-malware-infects-atms-in-eastern-europe/108734
Phishing with help from Compromised WordPress Sites
We get thousands of spam and phishing emails daily. We use good spam filters (along with Gmail) and that greatly reduces the noise in our inbox. Today though, one slipped through the crack and showed up in my personal inbox: As I went to mark the email as Spam, I decided to hover over the...
http://blog.sucuri.net/2014/10/phishing-with-help-from-compromised-wordpress-sites.html
Huge Security Hole in ZPanel 10.1
When it comes to managing a VPS, many of our customers would prefer to install some kind of control panel rather than do it all themselves from the command line. ZPanel is perhaps the most popular choice for this. We even offered ZPanel 10.1 as a pre-made image -- it was a very recent version (10.1.1 is the most recent at the time of writing), and there are no published security announcements relating to it. We thought it was safe.
https://chunkhost.com/blog/16/huge_security_hole_in_zpanel_10_1
MMD-0029-2015 - Warning of Mayhem shellshock attack
We afraid this wave will come during the "shellshock", and it did. The attack wave of "ELF .so malware library", and installer of a known botnet called as "Mayhem" just hit all of us. The attack came from various IP, their botnets into many NIX services, utilizing the shellshock web vulnerability scan method to download the remote installer written in Perl (replacing the previous PHP base infection). It obviously a different vector for Mayhem infection, we start
http://blog.malwaremustdie.org/2014/10/mmd-0029-2015-warning-of-mayhem.html
Vulnerabilities in WordPress Themes an Plugins
https://wpvulndb.com/vulnerabilities/7632
https://wpvulndb.com/vulnerabilities/7633
https://wpvulndb.com/vulnerabilities/7635
https://wpvulndb.com/vulnerabilities/7634
Distance Vector Multicast Routing Protocol Misuse
cisco-sr-20141006-dvmrp
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20141006-dvmrp
CA Technologies GNU Bash Shellshock
Topic: CA Technologies GNU Bash Shellshock Risk: Low Text:CA20141001-01: Security Notice for Bash Shellshock Vulnerability Issued: October 01, 2014 Updated: October 03, 2014 ...
http://cxsecurity.com/issue/WLB-2014100036
SSA-214365 (Last Update 2014-10-07): Vulnerabilities in SIMATIC WinCC
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf
Bugzilla 4.0.14, 4.2.10, 4.4.5, and 4.5.5 Security Advisory
The following security issues have been discovered in Bugzilla: * The realname parameter is not correctly filtered on user account creation, which could lead to user data override. * Several places were found in the Bugzilla code where cross-site scripting attacks could be used to access sensitive information. * Private comments can be shown to flagmail recipients who arent in the insider group * Specially formatted values in a CSV search results export could be used in spreadsheet software...
http://www.bugzilla.org/security/4.0.14/
Bugtraq: OWTF 1.0 "Lionheart" released!
http://www.securityfocus.com/archive/1/533629
IBM Security Bulletin: Vulnerabilities in Bash affect SmartCloud Provisioning for IBM Provided Software Virtual Appliance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187)
Vulnerabilities in Bash affect SmartCloud Provisioning for IBM Provided Software Virtual Appliance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187). Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as "Bash Bug" or "Shellshock" and two memory corruption vulnerabilities. IBM recommends that you review your entire environment to identify...
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_bash_affect_smartcloud_provisioning_for_ibm_provided_software_virtual_appliance_cve_2014_6271_cve_2014_7169_cve_2014_7186_cve_2014_7187?lang=en_us
IBM Security Bulletin: Multiple vulnerabilities had been identified in Oracle Database related to the RDBMS Core component. (CVE-2014-4236 and CVE-2014-4245)
Multiple vulnerabilities had been identified in Oracle Database that is consumed by Tivoli Netcool Perfomance Manager for Wireless. (CVE-2014-4236 and CVE-2014-4245 ) CVE(s): CVE-2014-4236 and CVE-2014-4245 Affected product(s) and affected version(s): Tivoli Netcool Performance Manager (TNPM) for Wireless version 1.4 and 1.3.2 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:...
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_had_been_identified_in_oracle_database_related_to_the_rdbms_core_component_cve_2014_4236_and_cve_2014_4245?lang=en_us
Vuln: phpMyAdmin CVE-2014-7217 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/70252
VU#280844: Cryoserver Security Appliance vulnerable to privilege escalation
Vulnerability Note VU#280844 Cryoserver Security Appliance vulnerable to privilege escalation Original Release date: 07 Oct 2014 | Last revised: 07 Oct 2014 Overview Cryoserver Security Appliance 7.3.x vulnerable to privilege escalation Description CWE-264: Permissions, Privileges, and Access Controls Cryoserver Security Appliance 7.3.x does not properly assign permission to the /etc/init.d/cryoserver shell script and allows the default support account to modify it using the /bin/cryo-mgmt
http://www.kb.cert.org/vuls/id/280844
VU#121036: BMC Track-It! contains multiple vulnerabilities
Vulnerability Note VU#121036 BMC Track-It! contains multiple vulnerabilities Original Release date: 07 Oct 2014 | Last revised: 07 Oct 2014 Overview BMC Track-It! version 11.3.0.355 contains multiple vulnerabilities Description CWE-306: Missing Authentication for Critical Function - CVE-2014-4872BMC Track-It! exposes several dangerous remote .NET services on port 9010 without authentication. .NET remoting allows a user to invoke methods remotely and retrieve their result. The exposed service
http://www.kb.cert.org/vuls/id/121036