Tageszusammenfassung - Dienstag 14-10-2014

End-of-Shift report

Timeframe: Montag 13-10-2014 18:00 − Dienstag 14-10-2014 18:00 Handler: Stefan Lenzhofer Co-Handler: Otmar Lendl

Developer of hacked Snapchat web app says "Snappening" claims are hoax

500 MB of images pulled from third-party site, but no user data was attached.

http://arstechnica.com/security/2014/10/developer-of-hacked-snapchat-web-app-says-snappening-claims-are-hoax/

VB2014 paper: The evolution of webinjects

Jean-Ian Boutin looks at the increased commoditization of webinjects.Virus Bulletin has always been about sharing information, and the Virus Bulletin conference is an important part of that. We would love to be able to share some of the discussions attendees had during the lunch and coffee breaks, the late-night or early-morning meetings in the hotel lobby, and the inspiration one gets from being around such bright minds.Of course, we are unable to do that. But what we can do is share some of

http://www.virusbtn.com/blog/2014/10_13.xml?rss

Cisco AsycnOS Software ZIP Filtering By-Pass Vulnerability

CVE-2014-3381

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3381

Exploring and Exploiting iOS Web Browsers

Today we begin a three-post series about mobile security. We start with a discussion of vulnerabilities in iOS web browsers. Later this week well cover jailbreaking and the detection of it. While the release and adoption of iOS 8 may plug some of the holes discussed in this post, many users will continue to use iOS 7 for some time and may remain vulnerable. In Q1 2014, the market share of web traffic from mobile browsers exceeded 30% [1], and it is constantly growing. According to data provided

http://blog.spiderlabs.com/2014/10/exploring-and-exploiting-ios-web-browsers.html

VMSA-2014-0010.12

VMware product updates address critical Bash security vulnerabilities

http://www.vmware.com/security/advisories/VMSA-2014-0010.html

A Code Signature Plugin for IDA

When reversing embedded code, it is often the case that completely different devices are built around a common code base, either due to code re-use by the vendor, or through the use of third-party software; this is especially true of devices running the same Real Time Operating System. For example, ...

http://www.devttys0.com/2014/10/a-code-signature-plugin-for-ida/

vBulletin Input Validation Flaw in XMLRPC API Lets Remote Users Inject SQL Commands

http://www.securitytracker.com/id/1031001

vBulletin Input Validation Flaw in XMLRPC API Permits Cross-Site Scripting Attacks

http://www.securitytracker.com/id/1031000

iSIGHT discovers zero-day vulnerability CVE-2014-4114

Zero-day impacting all versions of Microsoft Windows used in Russian cyber-espionage campaign targeting NATO, European Union, Telecommunications and Energy sectors.

http://www.isightpartners.com/2014/10/cve-2014-4114/

HTTPS-Zertifikate: Key Pinning schützt vor bösartigen Zertifizierungsstellen

Eine bislang wenig beachtete HTTPS-Erweiterung mit dem Namen HTTP Public Key Pinning (HPKP) steht kurz vor ihrer Standardisierung. Durch Public Key Pinning könnten viele Probleme mit den Zertifizierungsstellen gelöst werden. (Google, Browser)

http://www.golem.de/news/https-zertifikate-key-pinning-schuetzt-vor-boesartigen-zertifizierungsstellen-1410-109799-rss.html

Windows-Exploit: Russische Hacker greifen angeblich Nato und Regierungen an

Russische Hacker sollen in den vergangenen Jahren zahlreiche Ziele im Westen und in der Ukraine angegriffen haben. Sie nutzten dabei offenbar eine Sicherheitslücke aus, die in allen aktuellen Windows-Versionen bestehen und am Dienstag gepatcht werden soll. (Microsoft, Datenschutz)

http://www.golem.de/news/windows-exploit-russische-hacker-greifen-angeblich-nato-und-regierungen-an-1410-109827-rss.html

Truly scary SSL 3.0 vuln to be revealed soon: sources

So worrying, no ones breathing a word until patch is out Gird your loins, sysadmins: The Register has learned that news of yet another major security vulnerability - this time in SSL 3.0 - is probably imminent.

http://www.theregister.co.uk/2014/10/14/nasty_ssl_30_vulnerability_to_drop_tomorrow/

Angeblich 7 Millionen Dropbox-Passwörter im Umlauf

Hacker wollen Millionen von Passwörtern für Dropbox-Accounts abgegriffen haben. Diese sollen gegen Bitcoins nun veröffentlicht werden. Dropbox streitet ab, dass die Daten echt sind.

http://www.heise.de/security/meldung/Angeblich-7-Millionen-Dropbox-Passwoerter-im-Umlauf-2423684.html

VeraCrypt a Worthy TrueCrypt Alternative

If youre reluctant to continue using TrueCrypt now that the open source encryption project has been abandoned, and you dont want to wait for the CipherShed fork to mature, one alternative thats well worth investigating is VeraCrypt.

http://www.esecurityplanet.com/open-source-security/veracrypt-a-worthy-truecrypt-alternative.html

Apache mod_cache Null Pointer Dereference Lets Remote Users Deny Service

http://www.securitytracker.com/id/1031005

Analysis of the Linux backdoor used in freenode IRC network compromise

Background freenode is a large IRC network providing services to Free and Open Source Software communities, and in September the freenode staff team blogged about a potential compromise of an IRC server. NCC Group's Cyber Defence Operations team provided pro bono digital forensic and reverse engineering services to assist the freenode infrastructure team with their incident response activities. In this post we discuss a subset of the information we documented about one of the components

https://www.nccgroup.com/en/blog/2014/10/analysis-of-the-linux-backdoor-used-in-freenode-irc-network-compromise/

[webapps] - Bosch Security Systems DVR 630/650/670 Series - Multiple Vulnerabilities

Bosch Security Systems DVR 630/650/670 Series - Multiple Vulnerabilities

http://www.exploit-db.com/exploits/34956

YouTube Ads Lead To Exploit Kits, Hit US Victims

Malicious ads are a common method of sending users to sites that contain malicious code. Recently, however, these ads have showed up on a new attack platform: YouTube. Over the past few months, we have been monitoring a malicious campaign that used malicious ads to direct users to various malicious sites. Users in the United States have ..

http://blog.trendmicro.com/trendlabs-security-intelligence/youtube-ads-lead-to-exploit-kits-hit-us-victims/

IBM Security Bulletin: Vulnerabilities in Bash affect IBM SAN b-type Switches (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as "Bash Bug" or "Shellshock" and two memory corruption vulnerabilities. Bash is used by IBM SAN b-type Switches. CVE(s): CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE-2014-6278 Affected product(s) and affected version(s): IBM MTM: 2499-816 IBM System

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_bash_affect_ibm_san_b_type_switches_cve_2014_6271_cve_2014_7169_cve_2014_7186_cve_2014_7187_cve_2014_6277_cve_2014_6278?lang=en_us

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Endpoint Manager for Remote Control. CVE-2014-3511, CVE-2014-5139

There are multiple vulnerabilities in OpenSSL that is used by IBM Endpoint Manager for Remote Control. These issues were disclosed on August 6, 2014 by the OpenSSL Project. CVE(s): CVE-2014-3511 and CVE-2014-5139 Affected product(s) and affected version(s): IBM Endpoint Manager for Remote Control version 9.1.0. Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21682034 X-Force

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_openssl_affect_ibm_endpoint_manager_for_remote_control_cve_2014_3511_cve_2014_5139?lang=en_us

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime, affect IBM Endpoint Manager for Remote Control

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 Service Refresh 7 and earlier, and IBM Runtime Environment Java Technology Edition, Version 7 Service Refresh 7 and earlier, that is used by IBM Endpoint Manager for Remote Control. These issues were disclosed as part of the IBM Java SDK updates in July 2014. CVE(s): CVE-2014-3086, CVE-2014-4227, CVE-2014-4262, CVE-2014-4219, CVE-2014-4209, CVE-2014-4220,

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_and_ibm_java_runtime_affect_ibm_endpoint_manager_for_remote_control?lang=en_us

IBM Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.35

Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 7.0.0.35, IBM WebSphere Application Server Hypervisor 7.0.0.35 and IBM HTTP Server 7.0.0.35. CVE(s): CVE-2014-3021, CVE-2014-3083, CVE-2014-0226, CVE-2014-0231, CVE-2014-0118, CVE-2013-5704, CVE-2014-4770 and CVE-2014-4816 Affected product(s) and affected version(s): Version 8.5 Full Profile and Liberty Profile Version 8 Version 7 Refer to the following reference URLs for remediation and

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_35?lang=en_us

Jailbreak Detection Methods

This post concludes our three-part series about mobile security. Todays post will outline some options for detecting jailbroken devices, should you choose to do so. Yesterday, we asked whether blocking an apps execution on jailbroken devices was worth it. Earlier this week, we described some vulnerabilities in iOS web browsers. Many iOS applications contain some sort of jailbreak detection mechanism. Some of the detection mechanisms can be bypassed by attackers (sometimes easily), whereas

http://blog.spiderlabs.com/2014/10/jailbreak-detection-methods.html

Executing Apps on Jailbroken Devices

This post is part two of a three-part series about mobile security. Todays post will discuss the execution of apps on jailbroken devices. Yesterday, we described some vulnerabilities in iOS web browsers. Tomorrow, well explore detecting jailbroken devices.

http://blog.spiderlabs.com/2014/10/executing-apps-on-jailbroken-devices.html

5 steps to lock down your webmail account

For most people Gmail, Outlook.com or Yahoo! Mail is their main personal account. Here are some of the most important steps to keep unwanted people out of your web-based email account.

http://nakedsecurity.sophos.com/2014/10/14/5-steps-to-lock-down-your-webmail-account/