End-of-Shift report
Timeframe: Mittwoch 19-11-2014 18:00 − Donnerstag 20-11-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
ROVNIX Infects Systems with Password-Protected Macros
We recently found that the malware family ROVNIX is capable of being distributed via macro downloader. This malware technique was previously seen in the DRIDEX malware, which was notable for using the same routines. DRIDEX is also known as the successor of the banking malware CRIDEX. Though a fairly old method for infection, cybercriminals realized that using malicious macros work...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/0rtiBt3T3E4/
Citadel Variant Targets Password Managers
Some Citadel-infected computers have received a new configuration file, a keylogger triggered to go after the master passwords from three leading password management tools.
http://threatpost.com/citadel-variant-targets-password-managers/109493
CryptoPHP: Analysis of a hidden threat inside popular content management systems
CryptoPHP is a threat that uses backdoored Joomla, WordPress and Drupal themes and plug-ins to compromise webservers on a large scale. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server.
http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/
An inside look: gathering and analyzing the SIR data
At the Microsoft Malware Protection Center, threat data is a critical source of information to help protect our customers. We use it to understand what's going on in the overall malware ecosystem, determine the best way to protect our customers, and find the most effective way to deliver that protection. We also use the data to produce a number of reports to help our customers. This includes our bi-annual Security Intelligence Report (SIR). This blog post gives you a behind-the-scenes...
http://blogs.technet.com/b/mmpc/archive/2014/11/19/an-inside-look-gathering-and-analyzing-the-sir-data.aspx
Annual Privacy Forum 2014 materials and APF2015 - Call for partnership
ENISA's Information Security and Data Protection Unit announces the commencement of preparations for the Annual Privacy Forum of 2015.
http://www.enisa.europa.eu/media/news-items/annual-privacy-forum-2014-materials-and-apf2015-call-for-partnership
Electronic Arts: Datenpanne bei Origin
Einblicke in persönliche Daten von anderen Nutzern zeigt derzeit Origin, das Onlineportal von Electronic Arts, beim Zugriff auf die Foren an.
http://www.golem.de/news/electronic-arts-datenpanne-bei-origin-1411-110689-rss.html
How Splitting A Computer Into Multiple Realities Can Protect You From Hackers
Eight years ago, polish hacker Joanna Rutkowska was experimenting with rootkits - tough-to-detect spyware that infects the deepest level of a computer's operating system - when she came up with a devious notion: What if, instead of putting spyware inside a victim's computer, you put the victim's computer inside the spyware? At the time, a technology known...
http://feeds.wired.com/c/35185/f/661467/s/40ab9794/sc/4/l/0L0Swired0N0C20A140C110Cprotection0Efrom0Ehackers0C/story01.htm
Vulnerabilities identified in three Advantech products
Researchers with Core Security have identified vulnerabilities in three products manufactured by Advantech, some of which can be exploited remotely.
http://www.scmagazine.com/vulnerabilities-identified-in-three-advantech-products/article/384265/
Bugtraq: [CORE-2014-0009] - Advantech EKI-6340 Command Injection
http://www.securityfocus.com/archive/1/534021
Bugtraq: [CORE-2014-0008] - Advantech AdamView Buffer Overflow
http://www.securityfocus.com/archive/1/534022
Bugtraq: [CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow
http://www.securityfocus.com/archive/1/534023
Drupal Patches Denial of Service Vulnerability; Details Disclosed
Drupal has released a patched a denial of service and account hijacking vulnerability, details of which were disclosed by the researchers who discovered the issue.
http://threatpost.com/drupal-patches-denial-of-service-vulnerability-details-disclosed/109502
Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006
Advisory ID: DRUPAL-SA-CORE-2014-006Project: Drupal core Version: 6.x, 7.xDate: 2014-November-19Security risk: 14/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Multiple vulnerabilitiesDescriptionSession hijacking (Drupal 6 and 7)A specially crafted request can give a user access to another users session, allowing an attacker to hijack a random session.This attack is known to be possible on certain Drupal 7 sites which serve both HTTP and HTTPS...
https://www.drupal.org/SA-CORE-2014-006
DRUPAL Security Advisories for Third-Party Modules
https://www.drupal.org/node/2378287
https://www.drupal.org/node/2378279
https://www.drupal.org/node/2378441
https://www.drupal.org/node/2378401
https://www.drupal.org/node/2378367
R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities
https://community.rapid7.com/community/metasploit/blog/2014/11/19/r7-2014-18-hikvision-dvr-devices--multiple-vulnerabilities
Paid Memberships Pro plugin for WordPress getfile.php directory traversal
http://xforce.iss.net/xforce/xfdb/98805
Lsyncd default-rsyncssh.lua command execution
http://xforce.iss.net/xforce/xfdb/98806
Security Advisory-App Validity Check Bypass Vulnerability in Huawei P7 Smartphone
Nov 20, 2014 14:53
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-397472.htm
Vuln: MantisBT core/file_api.php Security Bypass Vulnerability
http://www.securityfocus.com/bid/71104
Xen Security Advisory 113 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
An error handling path in the processing of MMU_MACHPHYS_UPDATE failed to drop a page reference which was acquired in an earlier processing step.
http://lists.xen.org/archives/html/xen-announce/2014-11/msg00003.html
IBM Security Network Protection Shell Command Injection
http://xforce.iss.net/xforce/xfdb/98519
IBM Security Bulletins related to POODLE
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_infosphere_master_data_management_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_connections_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_host_on_demand_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_business_monitor_cve_2014_3566?lang=en_us
Other IBM Security Bulletins
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fix_available_for_security_vulnerabilities_in_ckeditor_that_affect_ibm_inotes_9_0_1_x_cve_2014_5191?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_openssl_affect_ibm_infosphere_master_data_management_cve_2014_3513_cve_2014_3567?lang=en_us