Tageszusammenfassung - Dienstag 18-11-2014

End-of-Shift report

Timeframe: Montag 17-11-2014 18:00 − Dienstag 18-11-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

Out-of-band release for Security Bulletin MS14-068

On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows. We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin.

http://blogs.technet.com/b/msrc/archive/2014/11/18/out-of-band-release-for-security-bulletin-ms14-068.aspx


VB2014 paper: Optimized mal-ops. Hack the ad network like a boss

Why buying ad space makes perfect sense for those wanting to spread malware.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added Optimized mal-ops. Hack the ad network like a boss by Bromium researchers Vadim Kotov and Rahul Kashyap.Malicious advertisements (malvertising) go back more than a decade, yet in recent months we have seen a surge in these attacks, including the Kyle and Stan campaign, which...

http://www.virusbtn.com/blog/2014/11_18.xml?rss


l+f: Lücken bei BitTorrent Sync

Ein Security-Audit hat eine Reihe kleinerer und größerer Lücken im Filesharing-Dienst gefunden.

http://www.heise.de/security/meldung/l-f-Luecken-bei-BitTorrent-Sync-2459851.html


Matsnu Botnet DGA Discovers Power of Words

The Matsnu botnet has deployed a new domain generation algorithm that builds domain names from a list of nouns and verbs. The plain English phrases help the DGA elude detection.

http://threatpost.com/matsnu-botnet-dga-discovers-power-of-words/109426


Cisco Releases Security Analytics Framework to Open Source

Ciscos OpenSOC, a security analytics framework, has been released to open source.

http://threatpost.com/cisco-releases-security-analytics-framework-to-open-source/109415


The NSAs Efforts to Ban Cryptographic Research in the 1970s

New article on the NSAs efforts to control academic cryptographic research in the 1970s. It includes new interviews with public-key cryptography inventor Martin Hellman and then NSA-director Bobby Inman....

https://www.schneier.com/blog/archives/2014/11/the_nsas_effort.html


Flashpack Exploit Kit Used in Free Ads, Leads to Malware Delivery Mechanism

In the entry FlashPack Exploit Leads to New Family of Malware, we tackled the Flashpack exploit kit and how it uses three URLs namely (http://{malicious domain}/[a-z]{3}[0-9]{10,12}/loxotrap.php, http://{malicious domain}/[0-9,a-z]{6,10}/load0515p6jse9.php, http://{malicious domain}/[a-z]{3}[0-9]{10,12}/ldcigar.php) as its landing site. We monitored the abovementioned URLs and found out that the FlashPack exploit kit is now using free ads to distribute malware such as...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/-FQFl818dVo/


IT threat evolution Q3 2014

Kaspersky Lab products detected and neutralized a total of 1,325,106,041 threats in the third quarter of 2014. Our solutions blocked 696,977 attacks that attempted to launch malware capable of stealing money from online banking accounts. Were detected 74,489 new malicious mobile programs, including 7010 mobile banking Trojans.

http://securelist.com/analysis/quarterly-malware-reports/67637/it-threat-evolution-q3-2014/


Microsofts SChannel-Fix wird zum Problem-Patch

Microsoft hat bestätigt, dass der Patch für die Krypto-Funktion von Windows auf Servern zu Problemen führt. Es soll sowohl SQL Server als auch IIS beeinträchtigen. Das Update wird aber nach wie vor verteilt.

http://www.heise.de/security/meldung/Microsofts-SChannel-Fix-wird-zum-Problem-Patch-2459375.html


Cisco IOS DLSw Information Disclosure Vulnerability

CVE-2014-7992

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992


Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability

CVE-2014-7996

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7996


Vuln: Check Point Security Gateway Multiple Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/67993


Rails Action Pack Bug Lets Remote Users Determine if Specified Files Exist on the Target System

http://www.securitytracker.com/id/1031217


Moodle Bugs Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks

http://www.securitytracker.com/id/1031215


Tcpdump Multiple Flaws Let Remote Users Deny Service

http://www.securitytracker.com/id/1031235


Xen Security Advisory 110 (CVE-2014-8595) - Missing privilege level checks in x86 emulation of far branches

The emulation of far branch instructions (CALL, JMP, and RETF in Intel assembly syntax, LCALL, LJMP, and LRET in AT&T assembly syntax) incompletely performs privilege checks.

http://lists.xen.org/archives/html/xen-announce/2014-11/msg00001.html


Xen Security Advisory 109 (CVE-2014-8594) - Insufficient restrictions on certain MMU update hypercalls

MMU update operations targeting page tables are intended to be used on PV guests only. The lack of a respective check made it possible for such operations to access certain function pointers which remain NULL when the target guest is using Hardware Assisted Paging (HAP).

http://lists.xen.org/archives/html/xen-announce/2014-11/msg00002.html


Apple Security Advisories

APPLE-SA-2014-11-17-1 iOS 8.1.1 APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1 APPLE-SA-2014-11-17-3 Apple TV 7.0.2

http://support.apple.com/kb/HT1222


IBM Security Bulletins related to a Vulnerability in SSLv3 (POODLE)

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_tivoli_netcool_service_quality_manager_cve_2014_3566?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_websphere_transformation_extender_secure_adapter_collection_vulnerabilities_rsa_bsafe_c_cve_2014_4191_cve_2014_4192_and_sslv3_cve_2014_3566?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_automation_framework_security_advisory_cve_2014_3566?lang=en_us


Other IBM Security Bulletins

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_ibm_db2_for_linux_unix_and_windows_affects_ibm_puredata_system_for_transactions_cve_2014_6159?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_smartcloud_orchestrator_keystone_v2_trusts_privilege_escalation_through_user_supplied_project_id_cve_2014_3520?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_smartcloud_orchestrator_keystone_privilege_escalation_through_trust_chained_delegation_cve_2014_3476?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_ibm_business_process_manager_bpm_documentstore_administration_cve_2014_0107_cve_2014_4763?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_openssl_affect_ibm_tivoli_composite_application_manager_for_transactions_cve_2014_3513_cve_2014_3567?lang=en_us