End-of-Shift report
Timeframe: Montag 17-11-2014 18:00 − Dienstag 18-11-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Out-of-band release for Security Bulletin MS14-068
On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows. We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin.
http://blogs.technet.com/b/msrc/archive/2014/11/18/out-of-band-release-for-security-bulletin-ms14-068.aspx
VB2014 paper: Optimized mal-ops. Hack the ad network like a boss
Why buying ad space makes perfect sense for those wanting to spread malware.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added Optimized mal-ops. Hack the ad network like a boss by Bromium researchers Vadim Kotov and Rahul Kashyap.Malicious advertisements (malvertising) go back more than a decade, yet in recent months we have seen a surge in these attacks, including the Kyle and Stan campaign, which...
http://www.virusbtn.com/blog/2014/11_18.xml?rss
l+f: Lücken bei BitTorrent Sync
Ein Security-Audit hat eine Reihe kleinerer und größerer Lücken im Filesharing-Dienst gefunden.
http://www.heise.de/security/meldung/l-f-Luecken-bei-BitTorrent-Sync-2459851.html
Matsnu Botnet DGA Discovers Power of Words
The Matsnu botnet has deployed a new domain generation algorithm that builds domain names from a list of nouns and verbs. The plain English phrases help the DGA elude detection.
http://threatpost.com/matsnu-botnet-dga-discovers-power-of-words/109426
Cisco Releases Security Analytics Framework to Open Source
Ciscos OpenSOC, a security analytics framework, has been released to open source.
http://threatpost.com/cisco-releases-security-analytics-framework-to-open-source/109415
The NSAs Efforts to Ban Cryptographic Research in the 1970s
New article on the NSAs efforts to control academic cryptographic research in the 1970s. It includes new interviews with public-key cryptography inventor Martin Hellman and then NSA-director Bobby Inman....
https://www.schneier.com/blog/archives/2014/11/the_nsas_effort.html
Flashpack Exploit Kit Used in Free Ads, Leads to Malware Delivery Mechanism
In the entry FlashPack Exploit Leads to New Family of Malware, we tackled the Flashpack exploit kit and how it uses three URLs namely (
http://{malicious domain}/[a-z]{3}[0-9]{10,12}/loxotrap.php,
http://{malicious domain}/[0-9,a-z]{6,10}/load0515p6jse9.php,
http://{malicious domain}/[a-z]{3}[0-9]{10,12}/ldcigar.php) as its landing site. We monitored the abovementioned URLs and found out that the FlashPack exploit kit is now using free ads to distribute malware such as...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/-FQFl818dVo/
IT threat evolution Q3 2014
Kaspersky Lab products detected and neutralized a total of 1,325,106,041 threats in the third quarter of 2014. Our solutions blocked 696,977 attacks that attempted to launch malware capable of stealing money from online banking accounts. Were detected 74,489 new malicious mobile programs, including 7010 mobile banking Trojans.
http://securelist.com/analysis/quarterly-malware-reports/67637/it-threat-evolution-q3-2014/
Microsofts SChannel-Fix wird zum Problem-Patch
Microsoft hat bestätigt, dass der Patch für die Krypto-Funktion von Windows auf Servern zu Problemen führt. Es soll sowohl SQL Server als auch IIS beeinträchtigen. Das Update wird aber nach wie vor verteilt.
http://www.heise.de/security/meldung/Microsofts-SChannel-Fix-wird-zum-Problem-Patch-2459375.html
Cisco IOS DLSw Information Disclosure Vulnerability
CVE-2014-7992
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992
Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability
CVE-2014-7996
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7996
Vuln: Check Point Security Gateway Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/67993
Rails Action Pack Bug Lets Remote Users Determine if Specified Files Exist on the Target System
http://www.securitytracker.com/id/1031217
Moodle Bugs Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks
http://www.securitytracker.com/id/1031215
Tcpdump Multiple Flaws Let Remote Users Deny Service
http://www.securitytracker.com/id/1031235
Xen Security Advisory 110 (CVE-2014-8595) - Missing privilege level checks in x86 emulation of far branches
The emulation of far branch instructions (CALL, JMP, and RETF in Intel assembly syntax, LCALL, LJMP, and LRET in AT&T assembly syntax) incompletely performs privilege checks.
http://lists.xen.org/archives/html/xen-announce/2014-11/msg00001.html
Xen Security Advisory 109 (CVE-2014-8594) - Insufficient restrictions on certain MMU update hypercalls
MMU update operations targeting page tables are intended to be used on PV guests only. The lack of a respective check made it possible for such operations to access certain function pointers which remain NULL when the target guest is using Hardware Assisted Paging (HAP).
http://lists.xen.org/archives/html/xen-announce/2014-11/msg00002.html
Apple Security Advisories
APPLE-SA-2014-11-17-1 iOS 8.1.1
APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1
APPLE-SA-2014-11-17-3 Apple TV 7.0.2
http://support.apple.com/kb/HT1222
IBM Security Bulletins related to a Vulnerability in SSLv3 (POODLE)
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_tivoli_netcool_service_quality_manager_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_websphere_transformation_extender_secure_adapter_collection_vulnerabilities_rsa_bsafe_c_cve_2014_4191_cve_2014_4192_and_sslv3_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_automation_framework_security_advisory_cve_2014_3566?lang=en_us
Other IBM Security Bulletins
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_ibm_db2_for_linux_unix_and_windows_affects_ibm_puredata_system_for_transactions_cve_2014_6159?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_smartcloud_orchestrator_keystone_v2_trusts_privilege_escalation_through_user_supplied_project_id_cve_2014_3520?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_smartcloud_orchestrator_keystone_privilege_escalation_through_trust_chained_delegation_cve_2014_3476?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_ibm_business_process_manager_bpm_documentstore_administration_cve_2014_0107_cve_2014_4763?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_openssl_affect_ibm_tivoli_composite_application_manager_for_transactions_cve_2014_3513_cve_2014_3567?lang=en_us