Tageszusammenfassung - Montag 27-10-2014

End-of-Shift report

Timeframe: Freitag 24-10-2014 18:00 − Montag 27-10-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a

OpenBSD ELF denial of service

OpenBSD is vulnerable to a denial of service. A local attacker could exploit this vulnerability using a malicious ELF executable to cause a kernel panic.

http://xforce.iss.net/xforce/xfdb/97747

---

A Tale of Two Powerpoint Vulnerabilities

It's been already a week after the announcement of the CVE-2014-4114 vulnerability, and the tally of the exploiters have only increased. There are even ..

http://www.f-secure.com/weblog/archives/00002756.html

---

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

http://www.scmagazine.com/distributed-denial-of-service-attacks-are-increasing-in-power/article/379299/

---

OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes

ownCloud developer Lukas Reschke has sent an email to the Ubuntu Devel mailing list, requesting that ownCloud (server) is removed from the Ubuntu repositories because the package is old and there are multiple critical security bugs for ..

http://linux.slashdot.org/story/14/10/25/0046256/owncloud-dev-requests-removal-from-ubuntu-repos-over-security-holes

---

iTunes 12.0.1 for Windows DLL Hijacking

http://cxsecurity.com/issue/WLB-2014100154

---

Shellshock-Angriffe auf Mailserver

Nach Informationen von heise Security versuchen Cyber-Kriminelle derzeit vermehrt, durch die Shellshock-Lücken in Mailserver einzudringen. Server-Betreiber sollten umgehend handeln.

http://www.heise.de/security/meldung/Shellshock-Angriffe-auf-Mailserver-2432107.html

---

WordPress Count-per-Day Plugin (notes.php) Remote Code Upload

http://cxsecurity.com/issue/WLB-2014100161

---

WordPress Download Manager Plugin Arbitrary File Download

http://cxsecurity.com/issue/WLB-2014100160

---

Sipgate und Fidor Bank: DDoS-Angriffe waren Erpressungsversuch

Mit dem gross angelegten DDoS-Angriff gegen Sipgate sollte Geld erpresst werden. Auch die Fidor Bank aus München war betroffen.

http://www.golem.de/news/sipgate-und-fidor-bank-ddos-angriffe-waren-erpressungsversuch-1410-110107.html

---

ASP Backdoors? Sure! It's not just about PHP

I recently came to the realization that it might appear that we're partial to PHP and WordPress. This realization has brought about an overwhelming need to correct that perception. While they do make up an interesting percentage, there are various ..

http://blog.sucuri.net/2014/10/asp-backdoors-its-not-all-about-php.html