End-of-Shift report
Timeframe: Dienstag 18-11-2014 18:00 − Mittwoch 19-11-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
MS14-068 - Critical: Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780) - Version: 1.0
This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to...
https://technet.microsoft.com/en-us/library/security/MS14-068
Additional information about CVE-2014-6324
Today Microsoft released update MS14-068 to address CVE-2014-6324, a Windows Kerberos implementation elevation of privilege vulnerability that is being exploited in-the-wild in limited, targeted attacks. The goal of this blog post is to provide additional information about the vulnerability, update priority, and detection guidance for defenders. Microsoft recommends customers apply this update to their domain controllers as quickly as possible. Vulnerability Details CVE-2014-6324 allows...
http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx
Google Removes SSLv3 Fallback Support From Chrome
Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3, the component that was the target of the POODLE attack revealed last month. When the POODLE attack was disclosed by several Google researchers in October, the company said that it had added a change to Chrome that would...
http://threatpost.com/google-removes-sslv3-fallback-support-from-chrome/109455
A New Free CA
Announcing Lets Encrypt, a new free certificate authority. This is a joint project of EFF, Mozilla, Cisco, Akamai, and the University of Michigan. This is an absolutely fantastic idea. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server youre actually talking to is the server you intended to talk to. For many server operators,...
https://www.schneier.com/blog/archives/2014/11/a_new_free_ca.html
Survey: real-time SIEM solutions help orgs detect attacks within minutes
Real-time security information and event management solutions help organizations detect targeted attacks and advanced persistent threats within minutes, according to a McAfee survey.
http://www.scmagazine.com/survey-real-time-siem-solutions-help-orgs-detect-attacks-within-minutes/article/384030/
POWELIKS Levels Up With New Autostart Mechanism
Last August, we wrote about POWELIKS's malware routines that are known for hiding its malicious codes in the registry entry as part of its evasion tactics. In the newer samples we spotted, malware detected as TROJ_POWELIKS.B employed a new autostart mechanism and removes users' privileges in viewing the registry's content. As a result, users won't be able to suspect that...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/zurdvNxST00/
Pan-European Cyber Security Competition organised by ENISA
Today (19 November 2014) the European Union Agency for Network and Information Security (ENISA) is happy to announce the planning of the 1st pan-European Cyber Security Competition in 2015. The competition is organised jointly in collaboration with experienced organisations from EU Member States for students.
http://www.enisa.europa.eu/media/news-items/pan-european-cyber-security-competition-organised-by-enisa
RSS Reveals Malware Injections
There are multiple different ways to detect invisible malware on a website: You can scrutinize the HTML code of web pages. Use external scanners like SiteCheck or UnmaskParasites. Get alerts from anti-viruses or search engines (both in search results and via their Webmaster Tools). Try to open web pages with different User-Agents and check for...
http://blog.sucuri.net/2014/11/rss-reveals-malware-injections.html
Test Tool for Web App Security Scanners Released by Google
A new tool was open-sourced by Google on Tuesday, aiming at improving the efficiency of automated web security scanners by evaluating them with patterns of vulnerabilities already seen in the wild.
http://news.softpedia.com/news/Test-Tool-for-Web-App-Security-Scanners-Released-by-Google-465322.shtml
Microsoft bessert beim SChannel-Patch nach
Still und heimlich haben die Windows-Macher am Dienstag mit dem Update außer der Reihe auch eine neue Revision des SChannel-Patches ausgeliefert. Diese soll die Probleme mit der TLS-Verschlüsselung und massive Performance-Einbußen bei SQL Server beheben.
http://www.heise.de/security/meldung/Microsoft-bessert-beim-SChannel-Patch-nach-2460212.html
Most advanced mobile botnet EVER is coming for your OFFICE Androids
NotCompatible A newly discovered variant of NotCompatible is establishing what has been called the most advanced mobile botnet yet created.
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/19/android_botnet_notcompatible/
jQuery: Cross-Site-Scripting in Captcha-Beispielcode weit verbreitet
Ein populäres jQuery-Plugin liefert Code mit einer Cross-Site-Scripting-Lücke aus. Der verwundbare Code stammt ursprünglich von einem Beispielskript für Captchas, das auf sehr vielen Webseiten zu finden ist.
http://www.golem.de/news/jquery-cross-site-scripting-in-captcha-beispielcode-weit-verbreitet-1411-110660-rss.html
A Peek Inside a PoS Scammer's Toolbox
PoS malware has been receiving a tremendous amount of attention in the past two years with high profile incidents like Target, Home Depot, and Kmart. With the massive "Black Friday" shopping season coming up, PoS malware will surely get additional publicity. This high profile nature means, we constantly look for evolving PoS malware and look into their behavior...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/xF7gxViXP4A/
Nasty Security Bug Fixed in Android Lollipop 5.0
There is a vulnerability in Android versions below 5.0 that could allow an attacker to bypass ASLR and run arbitrary code on a target device under certain circumstances. The bug was fixed in Lollipop, the newest version of the mobile OS, released earlier this week. The vulnerability lies in java.io.ObjectInputStream, which fails to check whether...
http://threatpost.com/nasty-security-bug-fixed-in-android-lollipop-5-0/109476
Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability
CVE-2014-8000
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000
Multiple Samsung Galaxy Devices knox code execution
http://xforce.iss.net/xforce/xfdb/98780
Google Chrome pdfium code execution
Google Chrome pdfium code execution
http://xforce.iss.net/xforce/xfdb/98790
Bugtraq: [SECURITY] [DSA 3074-2] php5 regression update
http://www.securityfocus.com/archive/1/534018
Bugtraq: Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension
http://www.securityfocus.com/archive/1/534017