Tageszusammenfassung - Donnerstag 20-11-2014

End-of-Shift report

Timeframe: Mittwoch 19-11-2014 18:00 − Donnerstag 20-11-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

ROVNIX Infects Systems with Password-Protected Macros

We recently found that the malware family ROVNIX is capable of being distributed via macro downloader. This malware technique was previously seen in the DRIDEX malware, which was notable for using the same routines. DRIDEX is also known as the successor of the banking malware CRIDEX. Though a fairly old method for infection, cybercriminals realized that using malicious macros work...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/0rtiBt3T3E4/


Citadel Variant Targets Password Managers

Some Citadel-infected computers have received a new configuration file, a keylogger triggered to go after the master passwords from three leading password management tools.

http://threatpost.com/citadel-variant-targets-password-managers/109493


CryptoPHP: Analysis of a hidden threat inside popular content management systems

CryptoPHP is a threat that uses backdoored Joomla, WordPress and Drupal themes and plug-ins to compromise webservers on a large scale. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server.

http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/


An inside look: gathering and analyzing the SIR data

At the Microsoft Malware Protection Center, threat data is a critical source of information to help protect our customers. We use it to understand what's going on in the overall malware ecosystem, determine the best way to protect our customers, and find the most effective way to deliver that protection. We also use the data to produce a number of reports to help our customers. This includes our bi-annual Security Intelligence Report (SIR). This blog post gives you a behind-the-scenes...

http://blogs.technet.com/b/mmpc/archive/2014/11/19/an-inside-look-gathering-and-analyzing-the-sir-data.aspx


Annual Privacy Forum 2014 materials and APF2015 - Call for partnership

ENISA's Information Security and Data Protection Unit announces the commencement of preparations for the Annual Privacy Forum of 2015.

http://www.enisa.europa.eu/media/news-items/annual-privacy-forum-2014-materials-and-apf2015-call-for-partnership


Electronic Arts: Datenpanne bei Origin

Einblicke in persönliche Daten von anderen Nutzern zeigt derzeit Origin, das Onlineportal von Electronic Arts, beim Zugriff auf die Foren an.

http://www.golem.de/news/electronic-arts-datenpanne-bei-origin-1411-110689-rss.html


How Splitting A Computer Into Multiple Realities Can Protect You From Hackers

Eight years ago, polish hacker Joanna Rutkowska was experimenting with rootkits - tough-to-detect spyware that infects the deepest level of a computer's operating system - when she came up with a devious notion: What if, instead of putting spyware inside a victim's computer, you put the victim's computer inside the spyware? At the time, a technology known...

http://feeds.wired.com/c/35185/f/661467/s/40ab9794/sc/4/l/0L0Swired0N0C20A140C110Cprotection0Efrom0Ehackers0C/story01.htm


Vulnerabilities identified in three Advantech products

Researchers with Core Security have identified vulnerabilities in three products manufactured by Advantech, some of which can be exploited remotely.

http://www.scmagazine.com/vulnerabilities-identified-in-three-advantech-products/article/384265/


Bugtraq: [CORE-2014-0009] - Advantech EKI-6340 Command Injection

http://www.securityfocus.com/archive/1/534021


Bugtraq: [CORE-2014-0008] - Advantech AdamView Buffer Overflow

http://www.securityfocus.com/archive/1/534022


Bugtraq: [CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow

http://www.securityfocus.com/archive/1/534023


Drupal Patches Denial of Service Vulnerability; Details Disclosed

Drupal has released a patched a denial of service and account hijacking vulnerability, details of which were disclosed by the researchers who discovered the issue.

http://threatpost.com/drupal-patches-denial-of-service-vulnerability-details-disclosed/109502


Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006

Advisory ID: DRUPAL-SA-CORE-2014-006Project: Drupal core Version: 6.x, 7.xDate: 2014-November-19Security risk: 14/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Multiple vulnerabilitiesDescriptionSession hijacking (Drupal 6 and 7)A specially crafted request can give a user access to another users session, allowing an attacker to hijack a random session.This attack is known to be possible on certain Drupal 7 sites which serve both HTTP and HTTPS...

https://www.drupal.org/SA-CORE-2014-006


DRUPAL Security Advisories for Third-Party Modules

https://www.drupal.org/node/2378287 https://www.drupal.org/node/2378279 https://www.drupal.org/node/2378441 https://www.drupal.org/node/2378401 https://www.drupal.org/node/2378367


R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities

https://community.rapid7.com/community/metasploit/blog/2014/11/19/r7-2014-18-hikvision-dvr-devices--multiple-vulnerabilities


Paid Memberships Pro plugin for WordPress getfile.php directory traversal

http://xforce.iss.net/xforce/xfdb/98805


Lsyncd default-rsyncssh.lua command execution

http://xforce.iss.net/xforce/xfdb/98806


Security Advisory-App Validity Check Bypass Vulnerability in Huawei P7 Smartphone

Nov 20, 2014 14:53

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-397472.htm


Vuln: MantisBT core/file_api.php Security Bypass Vulnerability

http://www.securityfocus.com/bid/71104


Xen Security Advisory 113 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling

An error handling path in the processing of MMU_MACHPHYS_UPDATE failed to drop a page reference which was acquired in an earlier processing step.

http://lists.xen.org/archives/html/xen-announce/2014-11/msg00003.html


IBM Security Network Protection Shell Command Injection

http://xforce.iss.net/xforce/xfdb/98519


IBM Security Bulletins related to POODLE

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_infosphere_master_data_management_cve_2014_3566?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_connections_cve_2014_3566?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_host_on_demand_cve_2014_3566?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_business_monitor_cve_2014_3566?lang=en_us


Other IBM Security Bulletins

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fix_available_for_security_vulnerabilities_in_ckeditor_that_affect_ibm_inotes_9_0_1_x_cve_2014_5191?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_openssl_affect_ibm_infosphere_master_data_management_cve_2014_3513_cve_2014_3567?lang=en_us