End-of-Shift report
Timeframe: Mittwoch 08-10-2014 18:00 − Donnerstag 09-10-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Pricing Policies in the Cyber Criminal Underground
Underground markets are places on the Internet where criminal gangs offer a wide range of illegal products and services. Black markets are crowded places where single individuals or criminal organizations could acquire or rent products and services at very competitive prices. Like any other market, in black markets the relationship between supply and demand determines the price of the products. A growing number of highly specialized sellers are offering their wares, and the huge offer is...
http://resources.infosecinstitute.com/pricing-policies-cyber-criminal-underground/
Working Paper: Data Breaches in Europe: Reported Breaches of Compromised Personal Records in Europe, 2005-2014
Some 229 data breach incidents involved the personal records of people in Europe. Globally, all these incidents resulted in the loss of some 645 million records, though not all of these breaches exclusively involved people in Europe. Within Europe, we confirmed 200 cases involving people in Europe, and 227 million records lost in Europe...
http://www.databreaches.net/working-paper-data-breaches-in-europe-reported-breaches-of-compromised-personal-records-in-europe-2005%E2%80%902014/
Bash Bug Saga Continues: Shellshock Exploit Via DHCP
The Bash vulnerability known as Shellshock can be exploited via several attack surfaces including web applications, DHCP, SIP, and SMTP. With multiple proofs of concept (including Metasploit code) available in the public domain, this vulnerability is being heavily exploited. Most discussion of Shellshock attacks have focused on attacks on web apps. There has been relatively...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/1tDC5sTfbUQ/
Android: Rund die Hälfte aller Geräte von Sicherheitslücke betroffen
45 Prozent aller Android-Smartphones sind noch immer von einer vor wenigen Wochen entdeckten Sicherheitslücke im Smartphone-Browser betroffen. In Deutschland liegt die Zahl sogar deutlich höher.
http://www.golem.de/news/android-rund-die-haelfte-aller-geraete-von-sicherheitsluecke-betroffen-1410-109719-rss.html
Flying Blind
With all the news about data breaches lately, it's not particularly surprising to wake up to headlines describing yet another one. What is perhaps a bit surprising, however, is the common theme that seems to exist in many of the...
http://www.fireeye.com/blog/corporate/2014/10/flying-blind.html
Multiple Vulnerabilities in Cisco ASA Software
cisco-sa-20141008-asa
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
Juniper Junos Security Bulletins
http://kb.juniper.net/index/content&id=JSA10655&actp=RSS
http://kb.juniper.net/index/content&id=JSA10654&actp=RSS
http://kb.juniper.net/index/content&id=JSA10653&actp=RSS
http://kb.juniper.net/index/content&id=JSA10652&actp=RSS
http://kb.juniper.net/index/content&id=JSA10651&actp=RSS
http://kb.juniper.net/index/content&id=JSA10650&actp=RSS
http://kb.juniper.net/index/content&id=JSA10649&actp=RSS
Schneider Electric SCADA Expert ClearSCADA Vulnerabilities (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-14-259-01 Schneider Electric SCADA Expert ClearSCADA Vulnerabilities that was published September 16, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for vulnerabilities in Schneider Electric's StruxureWare SCADA Expert ClearSCADA.
https://ics-cert.us-cert.gov//advisories/ICSA-14-259-01A
Siemens SIMATIC WinCC Vulnerabilities (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-14-205-02 Siemens SIMATIC WinCC Vulnerabilities that was published July 24, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for vulnerabilities in the Siemens SIMATIC WinCC application.
https://ics-cert.us-cert.gov//advisories/ICSA-14-205-02A
Security_Advisory-9 OpenSSL Vulnerabilities on Huawei products
Oct 08, 2014 20:28
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
VMSA-2014-0010.10
VMware product updates address critical Bash security vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
SA-CONTRIB-2014-097 - nodeaccess - Access Bypass
Advisory ID: DRUPAL-SA-CONTRIB-2014-097Project: Nodeaccess (third-party module)Version: 6.x, 7.xDate: 2014-October-08Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:UncommonVulnerability: Access bypassDescriptionNodeaccess is a Drupal access control module which provides view, edit and delete access to nodes.This module enables you to inadvertently allow an author of a node view/edit/delete the node in question (who may not have access). The module
https://www.drupal.org/node/2352757
SA-CONTRIB-2014-096 - OAuth2 Client - Cross Site Scripting (XSS)
Advisory ID: DRUPAL-SA-CONTRIB-2014-096Project: OAuth2 Client (third-party module)Version: 7.xDate: 2014-October-08Security risk: 10/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionOAuth2 Client is an API support module, enabling other modules to connect to services using OAuth2 authentication.Within its API code the Client class exposes variables in an error message, which originate from a third party source without
https://www.drupal.org/node/2352747
DSA-3048 apt
security update
http://www.debian.org/security/2014/dsa-3048
OpenSSH <=6.6 SFTP misconfiguration exploit for 64bit Linux
OpenSSH lets you grant SFTP access to users without allowing full command execution using "ForceCommand internal-sftp". However, if you misconfigure the server and dont use ChrootDirectory, the user will be able to access all parts of the filesystem that he has access to - including procfs. On modern Linux kernels (>=2.6.39, I think), /proc/self/maps reveals the memory layout and /proc/self/mem lets you write to arbitrary memory positions. Combine those and you get easy RCE.
http://seclists.org/fulldisclosure/2014/Oct/35
Onapsis Security Advisories for SAP Products
http://cxsecurity.com/issue/WLB-2014100052
http://cxsecurity.com/issue/WLB-2014100051
http://cxsecurity.com/issue/WLB-2014100050
http://cxsecurity.com/issue/WLB-2014100049
http://cxsecurity.com/issue/WLB-2014100048
http://cxsecurity.com/issue/WLB-2014100047
http://cxsecurity.com/issue/WLB-2014100046
Security Advisory-Memory Overflow Vulnerabilities on Huawei E5332 Webserver
Oct 09, 2014 11:51
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-373056.htm
HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution
A potential security vulnerability has been identified with HP Operations Manager for UNIX. The vulnerability can be exploited remotely to execute arbitrary code.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866
HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code
Potential security vulnerabilities have been identified with HP Sprinter. The vulnerabilities could be exploited remotely to allow execution of code.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04454636
Spider Facebook 1.0.8 - SQL Injection
2014-10-08T19:00:47
https://wpvulndb.com/vulnerabilities/7639
Contact Form DB 2.8.13 - 2 x Cross-Site Scripting (XSS)
2014-10-09T11:38:57
https://wpvulndb.com/vulnerabilities/7641
EWWW Image Optimizer 2.0.1 Cross-Site Scripting (XSS)
2014-10-09T11:35:36
https://wpvulndb.com/vulnerabilities/7640