End-of-Shift report
Timeframe: Mittwoch 15-10-2014 18:00 − Donnerstag 16-10-2014 18:00
Handler: Robert Waldner
Co-Handler: Otmar Lendl
Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software
cisco-sa-20141015-vcs
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs
SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
cisco-sa-20141015-poodle
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
JSA10656 - 2014-10 Out of Cycle Security Bulletin: Multiple products affected by SSL "POODLE" vulnerability (CVE-2014-3566)
http://kb.juniper.net/index/content&id=JSA10656&actp=RSS
SA-CONTRIB-2014-098 - CKEditor - Cross Site Scripting (XSS)
Advisory ID: DRUPAL-SA-CONTRIB-2014-098Project: CKEditor - WYSIWYG HTML editor (third-party module)Version: 6.x, 7.xDate: 2014-October-15Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionThe CKEditor module (and its predecessor, FCKeditor module) allows Drupal to replace textarea fields with CKEditor 3.x/4.x (FCKeditor 2.x in case of FCKeditor module) - a visual HTML editor, sometimes called WYSIWYG editor.Both
https://www.drupal.org/node/2357029
[DSA 3052-1] wpa security update
CVE ID : CVE-2014-3686 Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process.
https://lists.debian.org/debian-security-announce/2014/msg00238.html
The October 2014 issue of our SWITCH Security Report is available!
A new issue of our monthly SWITCH Security Report has just been released. The topics covered in this report are: Same again? Fingerprint sensor on new iPhone 6 hacked using same method as for previous model Up in the air:
http://securityblog.switch.ch/2014/10/15/the-october-2014-issue-of-our-switch-security-report-is-available/
MindshaRE: Statically Extracting Malware C2s Using Capstone Engine
I decided to share a technique I've been playing around with to pull C2 and other configuration information out of malware that does not store all of its configuration information in a set structure or in the resource section ... Being able to statically extract this information becomes important in the event that the malware does not run properly in your sandbox, the C2s are down or you don?t have thetime / sandbox bandwidth to manually run and extract the information from network indicators.
https://www.arbornetworks.com/asert/2014/10/mindshare-statically-extracting-malware-c2s-using-capstone-engine
C&C Botnet Detection over SSL
...we have designed, implemented and validated a method to detect botnet C&C communication channels over SSL, the security protocol standard de-facto. ... Our analysis also indicates that 0.6% of the SSL connections were broken.
http://essay.utwente.nl/65667/1/Riccardo_Bortolameotti_MasterThesis.pdf
VB2014 paper: DNSSEC - how far have we come?
Nick Sullivan describes how DNSSEC uses cryptography to add authentication and integrity to DNS responses.Over the next months, we will be sharing conference papers as well as video recordings of the presentations. Today, we have added DNSSEC - how far have we come? by CloudFlares Nick Sullivan.It is rather scary to think about how much of the Internet depends on DNS, and how little guarantee that protocol provides about its responses being correct. The Kaminsky attack is well mitigated these
http://www.virusbtn.com/blog/2014/10_16.xml?rss
Factsheet Vulnerability in libxml2
On 16 October 2014, a vulnerability was reported in libxml2, a library for the processing of eXtensible Markup Language (XML). XML is a language for the exchange of structured information between applications. Attackers can use this vulnerability to disrupt the availability of (web) applications through a so called Denial-of-Service (DoS) attack.
http://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/factsheets/vulnerability-in-libxml2.html
POODLE attack takes bytes out of your encrypted data - heres what to do
Heartbleed, Shellshock, Sandworm...and now POODLE. Its a security hole that could let crooks read your encrypted web traffic. Paul Ducklin takes you through how it works, and what you can do to avoid it, in plain (well, plain-ish) English...
http://feedproxy.google.com/~r/nakedsecurity/~3/nyUmrkuhxuM/