Tageszusammenfassung - Mittwoch 5-11-2014

End-of-Shift report

Timeframe: Dienstag 04-11-2014 18:00 − Mittwoch 05-11-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

Tool Tip: vFeed, (Wed, Nov 5th)

I have had a number of occasions lately to use or talk about vFeed from Toolswatch.org (@toolwatch). NJ a useful Python CLI tool that pulls CVEs and other Mitre datasets. From the vFeed Github repo: vFeed framework is an open source naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML schema. It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for

https://isc.sans.edu/diary.html?storyid=18917&rss


Perfider Schädling haust in der Registry

Viren sind typischerweise in Dateien Zuhause, die mal besser und mal schlechter auf dem System versteckt sind. Ein neuer Trojaner kommt ohne Dateien aus, wodurch man ihn schwer aufspüren kann. Er wird seit kurzem auch über ein Exploit-Kit verteilt.

http://www.heise.de/security/meldung/Perfider-Schaedling-haust-in-der-Registry-2442082.html


Which Messaging Technologies Are Truly Safe and Secure?

In the face of widespread Internet data collection and surveillance, we need a secure and practical means of talking to each other from our phones and computers. Many companies offer "secure messaging" products - but how can users know if these systems actually secure? The Electronic Frontier Foundation (EFF) released its Secure Messaging Scorecard today, evaluating dozens of messaging technologies on a range of security best practices.

https://www.eff.org/press/releases/which-messaging-technologies-are-truly-safe-and-secure


Crypto collision used to hijack Windows Update goes mainstream

Final nail in the coffin for the MD5 hash The cryptographic hash collision attack used by cyberspies to subvert Microsofts Windows Update has gone mainstream, revealing that MD5 is hopelessly broken.

http://go.theregister.com/feed/www.theregister.co.uk/2014/11/05/md5_hash_collision/


New Phishing Technique Outfoxes Site Owners: Operation Huyao

We've found a new phishing technique targeting online shopping sites that may significantly change the threat landscape for phishing sites. Conventional phishing sites require an attacker to replicate the targeted site; a more accurate copy is more likely to fool intended victims. This technique we found allows for the creation of nearly perfect copies...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/SfVy0fROxfs/


Novembers Issue of the OUCH Newsletter is available, covering Social Engineering! http://www.securingthehuman.org/ouch, (Wed, Nov 5th)

-- Alex Stanford - GIAC GWEB GSEC, Research Operations Manager, SANS Internet Storm Center (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

https://isc.sans.edu/diary.html?storyid=18921&rss


Mehr Updates gegen die UEFI-Sicherheitslücke

Für die vor Monaten entdeckte Sicherheitslücke in UEFI-Firmware stellen nun mehr PC- und Mainboard-Hersteller Patches bereit, andere geben Entwarnung - und manche forschen noch.

http://www.heise.de/newsticker/meldung/Mehr-Updates-gegen-die-UEFI-Sicherheitsluecke-2442775.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


.onion-Domains: Falsches Zertifikat für Tor-Facebook

Einem Sicherheitsforscher ist es gelungen, ein gefälschtes Zertifikat für die .onion-URL von Facebook ausstellen zu lassen. Facebook ist seit kurzem über das Tor-Netzwerk erreichbar. (Soziales Netz, Facebook)

http://www.golem.de/news/onion-domains-falsches-zertifikat-fuer-tor-facebook-1411-110337-rss.html


Bugtraq: CVE-2014-6617 Softing FG-100 Backdoor Account

http://www.securityfocus.com/archive/1/533902


Bugtraq: KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read

KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read

http://www.securityfocus.com/archive/1/533901


Cross-Site Scripting vulnerability in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting.

http://www.typo3.org/news/article/cross-site-scripting-vulnerability-in-extension-phpmyadmin-phpmyadmin/


Advisory (ICSA-14-308-01) ABB RobotStudio and Test Signal Viewer DLL Hijack Vulnerability

Ivan Sanchez of WiseSecurity Team has identified a dll hijack vulnerability in the ABB RobotStudio and Test Signal Viewer applications. ABB has produced new versions that mitigate this vulnerability. Mr. Sanchez has tested the new version to validate that it resolves the vulnerability.

https://ics-cert.us-cert.gov/advisories/ICSA-14-308-01


Axway Secure Transport 5.1 SP2 Arbitary File Upload via CSRF

Topic: Axway Secure Transport 5.1 SP2 Arbitary File Upload via CSRF Risk: Medium Text:<!-- # Exploit Title: Axway Secure Transport 5.1 SP2 Arbitary File Upload via CSRF # Exploit author: Emmanuel Law # Public ...

http://cxsecurity.com/issue/WLB-2014110021


Multiple Vulnerabilities in Cisco Small Business RV Series Routers

cisco-sa-20141105-rv

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv


DSA-3064 php5

security update

http://www.debian.org/security/2014/dsa-3064


FreeBSD setlogin() Lets Local Users Obtain Portions of Kernel Memory

http://www.securitytracker.com/id/1031169


FreeBSD OpenSSH Child Process Deadlock Lets Remote Users Deny Service

http://www.securitytracker.com/id/1031168


IBM Security Bulletins related to POODLE (CVE-2014-3566)

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_liberty_for_java_for_ibm_bluemix_cve_2014_3566?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_support_assistant_team_server_cve_2014_3566?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_sterling_connect_express_for_unix_cve_2014_3566?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_sterling_connect_express_for_microsoft_windows_cve_2014_3566?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_multi_enterprise_integration_gateway_cve_2014_3566?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_case_manager_cve_2014_3566?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_build_forge_security_advisory_cve_2014_3566?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_sdk_for_node_js_in_ibm_bluemix_cve_2014_3566?lang=en_us


Other IBM Security Bulletins

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_express_is_affected_by_the_following_vulnerability_cve_2014_0107?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_express_is_affected_by_the_following_vulnerability_cve_2014_0863?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_apache_denial_of_service_vulnerability_in_qradar_cve_2014_0118?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_express_is_affected_by_the_following_openssl_vulnerabilities_cve_2014_0224?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_express_is_affected_by_the_following_tomcat_vulnerability_cve_2013_4322?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_express_is_affected_by_the_following_vulnerabilities_cve_2014_0878_cve_2014_0460?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_express_is_affected_by_the_following_vulnerabilities_cve_2014_0416_cve_2014_0411_cve_2014_0423?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_smart_analytics_system_5600_is_affected_by_a_vulnerability_in_the_gnu_c_library_cve_2014_5119?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_smart_analytics_system_5600_is_affected_by_multiple_vulnerabilities_in_the_ibm_sdk_java_trade_technology_edition_version_6?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_websphere_mq_is_affected_by_a_vulnerability_in_gskit_cve_2014_0076?lang=en_us