End-of-Shift report
Timeframe: Donnerstag 23-10-2014 18:00 − Freitag 24-10-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Operation Pawn Storm: Putting Outlook Web Access Users at Risk
In our recently released report, Operation Pawn Storm, we talked about an operation that involved three attack scenarios. For this post, we will talk about the third scenario: phishing emails that redirect victims to fake Outlook Web Access login pages. What's most notable about this is that it is simple, effective, and can be easily replicated. Through one...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/CrAgUjYrv14/
Has the "Sandworm" zero-day exploit burrowed back to the surface?
You may have noticed that Microsoft recently published a Security Advisory that sounds a lot like the "Sandworm" vulnerability all over again. Paul Ducklin explains...
http://nakedsecurity.sophos.com/2014/10/24/has-the-sandworm-exploit-burrowed-back/
The Insecurity of Things : Part One
Everyday we read about some newfangled internet connected device being released. Things we use everyday are being made "smart" with some rushed-to-production software embedded in a cheap micro-controller. Fitness trackers, smoke alarms, televisions, cars, wall-outlets, even water-bottles. Internet connected-water bottles? What a time to be alive!
http://www.xipiter.com/musings/the-insecurity-of-things-part-one
The Insecurity of Things: Part Two
When we last left off, we were setting the stage for sharing what the Interns found in a handful of "IOT" or internet connected devices they purchased. So well be starting with a simple one. One that only required simple techniques to compromise it. This first device is a "Smart"-Home Controller. For a bit of background on whats going on here, please see "Part One" of this series otherwise were going to jump right in but first a disclaimer:...
http://www.xipiter.com/musings/the-insecurity-of-things-part-two
The Case of the Modified Binaries
After creating and using a new exitmap module, I found downloaded binaries being patched through a Tor exit node in Russia. Tor is a wonderful tool for protecting the identity of journalists, their sources, and even regular users around the world; however, anonymity does not guarantee security.
http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/
Sipgate: Dienste nach DDoS-Angriff wiederhergestellt
Nachdem Sipgate über Nacht seine Dienste teilweise wiederhergestellt hatte, ist das Unternehmen am Freitagmorgen erneut einem DDoS-Angriff ausgesetzt worden. Jetzt sollen die Dienste wieder funktionieren.
http://www.golem.de/news/sipgate-dienste-nach-ddos-angriff-wiederhergestellt-1410-110078-rss.html
QuickTime-Update für Windows schließt Bündel an Sicherheitslücken
Insgesamt vier Fehler steckten in der Windows-Version von Apples Multimedia-Unterstützung, die sich von Angreifern über manipulierte Dateien ausnützen lassen sollen.
http://www.heise.de/security/meldung/QuickTime-Update-fuer-Windows-schliesst-Buendel-an-Sicherheitsluecken-2431624.html
Manipulating WordPress Plugin Functions to Inject Malware
Most authors of website malware usually rely on the same tricks, making it easy for malware researchers to spot obfuscated code, random files that don't belong, and malicious lines injected at the top of a file. However, it can become difficult when the malware is buried deep within the lines of code on normal files.
http://blog.sucuri.net/2014/10/manipulating-wordpress-plugin-functions-to-inject-malware.html
Filr 1.1 - Security Update 1
Abstract: This patch addresses the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability on the Filr 1.1.0 appliance.Document ID: 5194317Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:readme-Filr-1.1.0.654.HP.txt (1.26 kB)Filr-1.1.0.654.HP.zip (5.64 MB)Products:Filr 1.1Superceded Patches: None
https://download.novell.com/Download?buildid=3wpN2nVj2D8~
Filr - Security Update 3
Abstract: This patch addresses the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability on the Filr 1.0.0 and 1.0.1 appliances.Document ID: 5194316Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:readme-Filr-1.0.0-SU3.txt (2.49 kB)readme-Filr-1.0.1-SU3.txt (2.49 kB)Filr-1.0.0-SU3.zip (5.64 MB)Filr-1.0.1-SU3.zip (5.64 MB)Products:Filr 1.0Filr 1.0.1Superceded Patches: None
https://download.novell.com/Download?buildid=_N6A9M3Jvig~
Cisco IOS and IOS XE Software Ethernet Connectivity Fault Management Vulnerability
CVE-2014-3409
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3409
Bugtraq: [SECURITY] [DSA 3055-1] pidgin security update
http://www.securityfocus.com/archive/1/533797
ZDI-14-368: Apple OS X GateKeeper Bypass Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://www.zerodayinitiative.com/advisories/ZDI-14-368/