End-of-Shift report
Timeframe: Freitag 10-10-2014 18:00 − Montag 13-10-2014 18:00
Handler: Stefan Lenzhofer
Co-Handler: Otmar Lendl
Poor punctuation leads to Windows shell vulnerability
An attack on Windows scripts shows that quotation marks aren't just for writers.
http://arstechnica.com/security/2014/10/poor-punctuation-leads-to-windows-shell-vulnerability/
Researchers observe new type of SYN flood DDoS attack
Researchers with Radware are referring to the new type of distributed denial-of-service attack as a Tsunami SYN Flood Attack.
http://www.scmagazine.com/researchers-observe-new-type-of-syn-flood-ddos-attack/article/376576
IBM Security Bulletin: Vulnerabilities in Bash affect IBM SDN VE (CVE-2014-6271,CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as "Bash Bug"? or "Shellshock"? and two memory corruption vulnerabilities. Bash is used by IBM SDN VE. CVE(s): CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE-2014-6278 Affected product(s) and affected version(s): IBM SDN VE, Unified Controller, VMware Edition: 1.2.0
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_bash_affect_ibm_sdn_ve_cve_2014_6271_cve_2014_7169_cve_2014_7186_cve_2014_7187_cve_2014_6277_cve_2014_6278?lang=en_us
Malware overview: Threats to Mac OS X and other IT security hazards of September 2014
October 2, 2014 In September, a number of new threats to Mac OS X were discovered by Doctor Webs security researchers. They included the complex backdoor Mac.BackDoor.iWorm as well as the Trojan Mac.BackDoor.Ventir.1 and the spyware program Mac.BackDoor.XSLCmd. Unexpectedly, gamers came under attack by Trojan.SteamBurglar which steals virtual game items from Steam users to later resell them to other players. As usual, plenty of virus definitions for malware programs geared towards Windows were
http://news.drweb.com/show/?i=5982&lng=en&c=9
Androids Cyanogenmod open to MitM attacks
Code re-use spells zero day for millions of modders More than 10 million users of the popular Cyanogen build of Android are exposed to man-in-the-middle (MitM) attacks thanks to reuse of vulnerable sample code.
http://www.theregister.co.uk/2014/10/13/androids_cyanogenmod_open_to_mitm_attacks/
Adobe, Microsoft, Oracle: Oktober-Patchtag wird aufwendiger als sonst
Adobe, Microsoft und Oracle werden am kommenden Dienstagabend zahlreiche Patches veröffentlichen: Der Oktober-Patchtag bei allen drei Unternehmen überschneidet sich. Einerseits entlastet dies die Admins, andererseits müssen sie sich auf eine größere Patch-Menge einstellen. (Microsoft, Java)
http://www.golem.de/news/adobe-microsoft-oracle-oktober-patchtag-wird-aufwendiger-als-sonst-1410-109793-rss.html
WordPress is the Most Attacked CMS: Report
Data security firm Imperva released its fifth annual Web Application Attack report (WAAR) this week, a study designed track the latest trends and cyber threats facing web applications.
http://www.securityweek.com/wordpress-most-attacked-cms-report
SSA-860967 (Last Update 2014-10-13): GNU Bash Vulnerabilities in Siemens Industrial Products
SSA-860967 (Last Update 2014-10-13): GNU Bash Vulnerabilities in Siemens Industrial Products
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-860967.pdf
SSA-234763 (Last Update 2014-10-13): OpenSSL Vulnerabilities in Siemens Industrial Products
SSA-234763 (Last Update 2014-10-13): OpenSSL Vulnerabilities in Siemens Industrial Products
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234763.pdf
SSA-839231 (Last Update 2014-10-13): Incorrect Certificate Verification in Ruggedcom ROX-based Devices
SSA-839231 (Last Update 2014-10-13): Incorrect Certificate Verification in Ruggedcom ROX-based Devices
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-839231.pdf
PHP 5.6.1 schlie�t potentiell gef�hrlichen Puffer�berlauf
Die aktuelle PHP-Version behebt eine Reihe von Bugs, darunter auch eine von Stefan Esser entdeckte Sicherheitslücke. Diese ist einfach auszunutzen und kann missbraucht werden, um aus der Ferne Schadcode auszuführen.
http://www.heise.de/security/meldung/PHP-5-6-1-schliesst-potentiell-gefaehrlichen-Pufferueberlauf-2418719.html
Mobile threats in September 2014
October 2, 2014 As in previous months, in September Doctor Webs security researchers registered multiple attacks on handhelds. In particular, the Dr.Web virus database was expanded to include numerous definitions of threats to Android involving banking Trojans, ransomware, spies, and even a dangerous vandal Trojan, among others. Also added to the database was an entry for another malicious application that operates on jailbroken devices. The number of new malicious programs for Android and
http://news.drweb.com/show/?i=5983&lng=en&c=9
FinFisher Malware Analysis - Part 3 (Last)
I've already covered most parts of FinFisher malware in last two articles. This time, in this article, which is last article related to FinFisher, I'll cover last important tricks, methods and techniques used by FinFisher. So I'll make categorize them by subject:...
https://www.codeandsec.com/FinFisher-Malware-Analysis-Part-3
Who�s Watching Your WebEx?
KrebsOnSecurity spent a good part of the past week working with Cisco to alert more than four dozen companies -- many of them household names -- about regular corporate WebEx conference meetings that lack passwords and are thus open to anyone who wants to listen in.
http://krebsonsecurity.com/2014/10/whos-watching-your-webex
Kmart becomes the latest retail data breach victim
Kmart has been confirmed as the latest retail chain to be breached after its parent company admitted that some customers� debit and credit card numbers had been compromised.
http://nakedsecurity.sophos.com/2014/10/13/kmart-becomes-the-latest-retail-data-breach-victim/