Tageszusammenfassung - Mittwoch 22-10-2014

End-of-Shift report

Timeframe: Dienstag 21-10-2014 18:00 − Mittwoch 22-10-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

Security Advisory 3010060 released

Today, we released Security Advisory 3010060 to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file. As part of this Security Advisory, we have included an easy, one-click Fix it solution to address the known cyberattack. Please review the...

http://blogs.technet.com/b/msrc/archive/2014/10/21/security-advisory-3010060-released.aspx

Android NFC hack allow users to have free rides in public transportation

More and more people keep talking about the feature of payments via NFC. The problem in this particular case is that somebody reversed the "Tarjeta BIP!" cards and found a means to re-charge them for free.

http://securelist.com/blog/virus-watch/67283/android-nfc-hack-allow-users-to-have-free-rides-in-public-transportation/

SSL-Verschlüsselung: Noch viel Arbeit für Mail-Provider und Banken

heise Security hat getestet und festgestellt, dass einige Mail-Provider bereits auf die jüngsten Angriffe auf Verschlüsselung reagiert haben - aber längst nicht alle. Schlimmer noch sieht es bei den Servern für das Online-Banking via HBCI aus.

http://www.heise.de/security/meldung/SSL-Verschluesselung-Noch-viel-Arbeit-fuer-Mail-Provider-und-Banken-2429414.html

Malvertising Payload Targets Home Routers

A few weeks ago we wrote about compromised websites being used to attack your web routers at home by changing DNS settings. In that scenario the attackers embedded iFrames to do the heavy lifting, the short fall with this method is they require a website to inject the iFrame. As is often the case, tacticsRead More

http://blog.sucuri.net/2014/10/malvertising-payload-targets-home-routers.html

Gezielte Angriffe über Onlinewerbung

Datendiebe haben offenbar mit manipulierter Onlinewerbung Rüstungs- und Luftfahrtkonzerne angegriffen. Die Werbung konnte über das so genannte Real Time Bidding gezielt platziert werden.

http://www.golem.de/news/phishing-gezielte-angriffe-ueber-onlinewerbung-1410-110014-rss.html

Netzangriffe: DDoS-Botnetz weitet sich ungebremst aus

Ein kürzlich entdecktes Botnetz für DDoS-Angriffe breitet sich nach Angaben von Experten ungehemmt aus. Inzwischen seien auch Windows-Server gefährdet. Der Zweck der darüber gefahrenen Angriffe bleibt aber unklar.

http://www.golem.de/news/netzangriffe-ddos-botnetz-weitet-sich-ungebremst-aus-1410-110024-rss.html

Hostile Subdomain Takeover using Heroku/Github/Desk + more

Hackers can claim subdomains with the help of external services. This attack is practically non-traceable, and affects at least 17 large service providers and multiple domains are affected. Find out if you are one of them by using our quick tool, or go through your DNS-entries and remove all which are active and unused OR pointing to External Services which you do not use anymore.

http://blog.detectify.com/post/100600514143/hostile-subdomain-takeover-using-heroku-github-desk

TYPO3 CMS 4.5.37, 4.7.20, 6.1.12 and 6.2.6 released

IMPORTANT: These versions include important security fixes to the TYPO3 core. A security announcement has just been released: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-002/

https://typo3.org/news/article/typo3-cms-4537-4720-6112-and-626-released/

Security_Advisory-DLL Hijacking Vulnerability on Huawei USB Modem products

Oct 21, 2014 20:23

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-376152.htm

IBM Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere MQ, IBM WebSphere MQ Internet Pass-Thru and IBM Mobile Messaging and M2M Client Pack (CVE-2014-3566)

SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in IBM WebSphere MQ. CVE(s): CVE-2014-3566 Affected product(s) and affected version(s): The vulnerability affects all versions and releases of IBM WebSphere MQ, IBM WebSphere MQ Internet Pass-Thru and IBM Mobile Messaging and M2M Client Pack.

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_websphere_mq_ibm_websphere_mq_internet_pass_thru_and_ibm_mobile_messaging_and_m2m_client_pack_cve_2014_3566?lang=en_us