End-of-Shift report
Timeframe: Mittwoch 05-11-2014 18:00 − Donnerstag 06-11-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Retefe with a new twist
A few months ago, we blogged about the banking trojan Retefe (Blog post in German) that was and still is targeting Switzerland. First off, Retefe is different because it only targets Switzerland, Austria and Sweden (and sometimes Japan). Contrast this...
http://securityblog.switch.ch/2014/11/05/retefe-with-a-new-twist/
ENISA calls for Expression of Interest for Membership of the Permanent Stakeholders' Group
The Executive Director of European Union Agency for Network and Information Security (ENISA) calls for Expression of Interest for Membership of the Permanent Stakeholders' Group (PSG) to be assigned from February 2015 to August 2017.
http://www.enisa.europa.eu/media/press-releases/enisa-calls-for-expression-of-interest-for-membership-of-the-permanent-stakeholders2019-group
New ENISA report on Cyber Crisis Cooperation and Management
http://www.enisa.europa.eu/media/news-items/enisa-publishes-new-report-on-cyber-crisis-cooperation-and-management
WireLurker malware infects iOS devices through OS X
Non-jailbroken devices infected via enterprise provisioning program.Researchers at Palo Alto Networks have published a research paper (PDF) analysing the WireLurker malware that runs on Mac OS X, and which is then used to further infect iOS devices connected to an infected machine.WireLurker is found to have infected 467 apps on the Maiyadi App Store, a third-party store based in China. Infected apps have been downloaded more than 350,000 times. Malware targeting OS X has become increasingly...
http://www.virusbtn.com/blog/2014/11_06.xml?rss
VB2014 paper: DMARC - how to use it to improve your email reputation
Terry Zink presents case study in which he describes setting a DMARC policy for Microsoft.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added DMARC - how to use it to improve your email reputation, by Microsofts Terry Zink.Email is a 30-year-old protocol, designed at a time when the Internet was much smaller and you could basically trust anyone. As a consequence, spammers and phishers can easily send email
http://www.virusbtn.com/blog/2014/11_06a.xml?rss
ZMap 1.2.1 - The Internet Scanner
ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical limit of gigabit Ethernet.
http://hack-tools.blackploit.com/2014/11/zmap-121-internet-scanner.html
ICMP Reverse Shell
A reverse shell is a type of shell in which the target machine communicates back to the attacking machine. The attacking machine has a listener port on which it receives the connection, which by using, code or command execution is achieved.
http://resources.infosecinstitute.com/icmp-reverse-shell/
ZDI-14-373: Trend Micro InterScan Web Security Virtual Appliance Information Disclosure Vulnerability
This vulnerability allows remote attackers to read files from the underlying operating system on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance web application authentication is required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-14-373/
Vuln: Dell EqualLogic CVE-2013-3304 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/70760
Bugtraq: ESA-2014-135: RSA Web Threat Detection SQL Injection Vulnerability
http://www.securityfocus.com/archive/1/533912
Bugtraq: [The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser
http://www.securityfocus.com/archive/1/533916
Cisco Unity Connection Information Disclosure Vulnerability
CVE-2014-7988
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7988
[R1] PHP Integer Overflow Affects Tenables SecurityCenter
November 5, 2014
http://www.tenable.com/security/tns-2014-10
[2014-11-06] XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection
Attackers are able to perform denial-of-service attacks against the Endpoint Protection Manager which directly impacts the effectiveness of the client-side endpoint protection. Furthermore, session identifiers of users can be stolen to impersonate them and gain unauthorized access to the server.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141106-0_Symantec_Endpoint_Protection_XXE_XSS_Arbitrary_File_Write_v10.txt
IBM Security Bulletin: Security vulnerabilities in Node.js modules affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2014-6394, CVE-2014-7191)
Security vulnerabilities have been reported for some dependent Node.js modules. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based on open source Node.js technology. CVE(s): CVE-2014-6394 and CVE-2014-7191 Affected product(s) and affected version(s): IBM Business Process Manager Express V8.5.5 IBM Business Process Manager Standard V8.5.5 IBM Business Process Manager Advanced V8.5.5 Refer to the following reference
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_security_vulnerabilities_in_node_js_modules_affect_ibm_business_process_manager_bpm_configuration_editor_cve_2014_6394_cve_2014_7191?lang=en_us
IBM Security Bulletin: Multiple Reflected XSS Vulnerabilities in Tivoli Netcool/Impact
IBM Tivoli Netcool Impact is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. CVE(s): CVE-2014-6161 Affected product(s) and affected version(s): IBM Tivoli Netcool Impact 6.1.1 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:
http://www.ibm.com/support/docview.wss?uid=swg21689130 X-Force Database:
http://xforce.iss.net/xforce/xfdb/97710
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_reflected_xss_vulnerabilities_in_tivoli_netcool_impact?lang=en_us