End-of-Shift report
Timeframe: Freitag 17-10-2014 18:00 − Montag 20-10-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Erneut Sicherheitsupdates für PHP
Zum zweiten Mal im laufenden Monat veröffentlichten die PHP-Entwickler sicherheitsrelevante Patches für ihr Projekt. Allein im Versionszweig 5.6 haben sie vier Schwachstellen beseitigt.
http://www.heise.de/security/meldung/Erneut-Sicherheitsupdates-fuer-PHP-2428497.html
Spike in Malware Attacks on Aging ATMs
This author has long been fascinated with ATM skimmers, custom-made fraud devices designed to steal card data and PINs from unsuspecting users of compromised cash machines. But a recent spike in malicious software capable of infecting and jackpotting ATMs is shifting the focus away from innovative, high-tech skimming devices toward the rapidly aging ATM infrastructure in the United States and abroad.
http://krebsonsecurity.com/2014/10/spike-in-malware-attacks-on-aging-atms/
Breaking International Voicemail Security via VVM Exploitation
A few days ago, I gave a presentation at Ruxcon about breaking international voicemail security. Whilst the crowd and conference were absolutely amazing - my overall research, I think has a much wider scope in the terms of whom it could affect. This blog post acts as a technical writeup and companion to my slides presented at Ruxcon. TL;DR Briefly put, through researching the visual voicemail protocol, we were able to document a number of different vulnerabilities, including some which affected...
https://shubh.am/breaking-international-voicemail-security-via-vvm-exploitation/
Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2
V1.0 (October 14, 2014): Advisory published.
V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. Microsoft recommends that customers experiencing issues uninstall this update. Microsoft is investigating behavior associated with this update, and will update the advisory when more information becomes available.
https://technet.microsoft.com/en-us/library/security/2949927
An Analysis of A Windows Kernel-Mode Vulnerability (CVE-2014-4113)
Three zero-day vulnerabilities - CVE-2014-4114, CVE-2014-4148, and CVE-2014-4113 - were reported last week and patched by Microsoft in their October 2014 Patch Tuesday. CVE-2014-4114, also known as the Sandworm vulnerability, can enable attackers to easily craft malware payloads when exploited. This particular vulnerability has been linked to targeted attacks against European sectors and industries. In addition, our researchers found that...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/vwOtSBJrH3I/
Smart Lock Devices: Security Risks and Opportunities
Security is one of the top concerns when consumers consider buying smart devices. With cybercrime making the headlines every day, one has to think: is this smart device vulnerable to cyber attacks? Are these technologies secure enough for us to rely on them in our everyday lives? A good example of a technology that we need...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/gtATHkHYNv4/
Black Hat Europe - day 2
IPv6 versus IDPS, XSS in WYSIWYG editors, and reflected file downloads.After a busy first day, I was somewhat glad that the talks on the second day of Black Hat Europe appealed slightly less to my personal tastes and interests, as this gave me a chance to meet some old and new friends, and to have those conversations that perhaps form the heart of a security conference.I did attend three talks though, each of which was very interesting.Early in the morning, Antonios Atlasis, Enno Rey and Rafael...
http://www.virusbtn.com/blog/2014/10_20.xml?rss
Dropbox-Server als Phishing-Helfer
Phishing-Mails verweisen meist auf dubiose Domains - nicht so in diesem Fall: Datensammler nutzen eine offizielle Dropbox-Domain, um Zugangsdaten aller Art abzugreifen.
http://www.heise.de/security/meldung/Dropbox-Server-als-Phishing-Helfer-2428452.html
Soundsquatting Unraveled: Homophone-based Domain Squatting
The Domain Name System (DNS) plays a vital role in the operation of the Internet. Over the years, it has been a primary target for malicious users looking for vulnerabilities in its protocol and infrastructure. Some examples include cache poisoning attacks, vulnerable DNS server implementations, and bogus user interactions. Taking advantage of users' spelling mistakes...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Jv_ckUgwnAs/
Targeted Attack Protection via Network Topology Alteration
When it comes to targeted attacks, attackers are not omniscient. They need to gather information in the early stages to know the target they may gather information from various sources of intelligence, like Google, Whois, Twitter, and Facebook. They may gather data such as email addresses, IP ranges, and contact lists. These will then be used as...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/75OKb_Lt8XA/
Microsoft MSRT October Update, (Sun, Oct 19th)
This past week Microsoft MSRT push contains detections/removals for several widely used APT tools. The coalition (led by Novetta) that brought about the inclusions of these tools in this month MSRT, are encouraging enterprises to push/execute this month MSRT update. Some of malware included in this month MSRT update have a preliminary report posted here. If you are using either Snort or Sourcefire, the ruleIDs to detect some of the threat/family in this month MSRT release are listed below and...
https://isc.sans.edu/diary.html?storyid=18853&rss
Staying in control of your browser: New detection changes
This week we made some important changes to how we detect browser modifiers and adware. These changes are designed to better protect your browsing experience. We have already blogged about the changes to the behaviors we detect as adware. I will explain the changes to our browser modifier detections below. Our objective criteria has all the details about how and why we detect unwanted software. Unacceptable behaviors There are two new browser modifier behaviors that we detect: Bypassing
http://blogs.technet.com/b/mmpc/archive/2014/10/17/staying-in-control-of-your-browser-new-detection-changes.aspx
Drupal SQL Injection Attempts in the Wild
Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of Drupal 7.x. In our last post, we talked about the vulnerability and that we expected to see attacks starting very soon due to how severe and easy it was to...
http://blog.sucuri.net/2014/10/drupal-sql-injection-attempts-in-the-wild.html
Metasploit Weekly Wrapup: POODLE Mitigations
https://community.rapid7.com/community/metasploit/blog/2014/10/17/metasploit-weekly-wrapup-poodle-mitigations
OpenX multiple open redirect
OpenX could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the adclick.php and the ck.php scripts. By sending a specially-crafted URL, an attacker could exploit this vulnerability using the dest and _maxdest parameters to redirect a victim to arbitrary Web sites.
http://xforce.iss.net/xforce/xfdb/97621
VMSA-2014-0010.13
VMware product updates address critical Bash security vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
Rich Counter 1.1.5 - Cross Site Scripting (XSS)
2014-10-18T19:45:31
https://wpvulndb.com/vulnerabilities/7648
Information Disclosure vulnerability in Dynamic Content Elements (dce)
It has been discovered that the extension "Dynamic Content Elements" (dce) is susceptible to Information Disclosure.
http://www.typo3.org/news/article/information-disclosure-vulnerability-in-dynamic-content-elements-dce/
DSA-3050 iceweasel
security update
http://www.debian.org/security/2014/dsa-3050
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2014-4244, CVE-2014-4263)
There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by Rational Service Tester and were disclosed as part of the IBM Java SDK updates in July 2014. CVE(s): CVE-2014-4263 and CVE-2014-4244 Affected product(s) and affected version(s): Rational Service Tester versions 8.1 - 8.6 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:
http://www.ibm.com/support/docview.wss?uid=swg21685122 X-Force
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_affect_rational_service_tester_cve_2014_4244_cve_2014_4263?lang=en_us
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2014-4244, CVE-2014-4263)
There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by Rational Performance Tester and were disclosed as part of the IBM Java SDK updates in July 2014. CVE(s): CVE-2014-4263 and CVE-2014-4244 Affected product(s) and affected version(s): Rational Performance Tester versions 8.1 - 8.6 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:
http://www.ibm.com/support/docview.wss?uid=swg21685121
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_affect_rational_performance_tester_cve_2014_4244_cve_2014_4263?lang=en_us
IBM Security Bulletin: Sametime Classic Meeting Record and Playback File Vulnerability (CVE-2014-4766)
A vulnerability in the Record and Playback (RAP) file that is exported by Classic Meeting (CVE-2014-4766). CVE(s): CVE-2014-4766 Affected product(s) and affected version(s): IBM Sametime Classic Meeting Server versions 8.0.x and 8.5.x Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21687361 X-Force Database:
http://xforce.iss.net/xforce/xfdb/94793
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_sametime_classic_meeting_record_and_playback_file_vulnerability_cve_2014_4766?lang=en_us