Tageszusammenfassung - Donnerstag 27-11-2014

End-of-Shift report

Timeframe: Mittwoch 26-11-2014 18:00 − Donnerstag 27-11-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

New anti-APT tools are no silver bullets: An independent test of APT attack detection appliances

New anti-APT tools are no silver bullets: An independent test of APT attack detection appliances CrySyS Lab, BME http://www.crysys.hu/ MRG-Effitas https://www.mrg-effitas.com/ November 26, 2014. The term Advanced Persistent Threat (APT) refers to a potential attacker that has the capability and the intent to carry out advanced attacks against specific high profile targets in order to [...]

http://blog.crysys.hu/2014/11/new-anti-apt-tools-are-no-silver-bullets-an-independent-test-of-apt-attack-detection-appliances/


Adobe Reader sandbox popped says Google researcher

Yet another reason to make sure youve patched promptly and properly The Acrobat Reader Windows sandbox contains a vulnerability that could allow attackers to break out and gain higher privileges, Google security bod James Forshaw claims.

http://go.theregister.com/feed/www.theregister.co.uk/2014/11/27/adobe_reader_sandbox_popped/


Crunch - Password Cracking Wordlist Generator

Features: crunch generates wordlists in both combination and permutation ways it can breakup output by number of lines or file size * now has resume support * pattern now supports number and symbols * pattern now supports upper and lower case characters separately * adds a status report when generating multiple files * new -l option for literal support of @,%^ * new -d option to limit duplicate characters see man file for details * now has unicode support...

http://hack-tools.blackploit.com/2014/11/crunch-password-cracking-wordlist.html


SEC Risk Factors: How To Determine The Business Value Of Your Data To A Foreign Government

This white paper will explore where the SEC is headed on this issue and propose a novel solution that's both specific to the company and avoids the potential danger of revealing too much information about company vulnerabilities - the ability to verifiably assess the value of your intellectual property (IP) to a rival Nation State by establishing its Target Asset Value™.

http://jeffreycarr.blogspot.co.uk/2014/11/sec-risk-factors-how-to-determine.html


Factsheet HTTPS could be a lot more secure

HTTPS is a frequently used protocol for protecting web traffic against parties setting out to eavesdrop on or manipulate the traffic. Configuring HTTPS requires precision: there are many options, and by no means all of them are secure.

https://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/factsheets/factsheet-https-could-be-a-lot-more-secure.html


Cisco: Fehler in H.264-Plugin betrifft alle Firefox-Nutzer

Ein Fehler in der Speicherverwaltung des H.264-Plugins betrifft potentiell alle Firefox-Nutzer, da Mozilla dieses zwangsweise installiert. Besonders schwerwiegend ist der Fehler zwar nicht, er offenbart aber ein Problem in der Zusammenarbeit mit Cisco.

http://www.golem.de/news/cisco-fehler-in-h-264-plugin-betrifft-alle-firefox-nutzer-1411-110829-rss.html


l+f: Nur zwei Tage vom Patch zum Exploit-Kit

Der Zeitraum zwischen der Bekanntgabe einer Lücke durch einen Patch und deren aktiver Ausnutzung wird immer kürzer.

http://www.heise.de/security/meldung/l-f-Nur-zwei-Tage-vom-Patch-zum-Exploit-Kit-2467550.html


Meta-Hack stört hunderte Medien-Webseiten

Auf hunderten großer Webseiten erschien am Donnerstag die Meldung "You have been hacked". Ursache war eine eingebettete Kommentarfunktion von Gigya.

http://www.heise.de/security/meldung/Meta-Hack-stoert-hunderte-Medien-Webseiten-2467599.html


TYPO3 CMS 4.5.38 and 6.2.7 released

The TYPO3 Community announces the versions 4.5.38 LTS and 6.2.7 LTS of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes.

https://typo3.org/news/article/typo3-cms-4538-and-627-released/


TYPO3-EXT-SA-2014-017: Improper Access Control in WebDav for filemounts (webdav)

It has been discovered that the extension "WebDav for filemounts" (webdav) is susceptible to Improper Access Control. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 2.0.0 Vulnerability Type: Improper Access Control Severity: Medium Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:H/RL:OF/RC:C

http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-017/


DSA-3077 openjdk-6

security update

http://www.debian.org/security/2014/dsa-3077


Cisco ASA SSL VPN Memory Consumption Error Lets Remote Users Deny Service

http://www.securitytracker.com/id/1031269


Mutt Buffer Overflow in mutt_substrdup() Lets Remote Users Deny Service

http://www.securitytracker.com/id/1031266


Xen Security Advisory 112 (CVE-2014-8867) - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor

Acceleration support for the "REP MOVS" instruction, when the first iteration accesses memory mapped I/O emulated internally in the hypervisor, incorrectly assumes that the whole range accessed is handled by the same hypervisor sub-component. Impact: A buggy or malicious HVM guest can crash the host. Mitigation: Running only PV guests will avoid this issue. There is no mitigation available for HVM guests. Resolution: Applying the appropriate attached patch resolves this issue.

http://lists.xen.org/archives/html/xen-announce/2014-11/msg00006.html


Xen Security Advisory 111 (CVE-2014-8866) - Excessive checking in compatibility mode hypercall argument translation

Impact: A buggy or malicious HVM guest can crash the host. Mitigation: Running only PV guests will avoid this issue. There is no mitigation available for HVM guests on any version of Xen so far released by xenproject.org. Resolution: Applying the appropriate attached patch resolves this issue.

http://lists.xen.org/archives/html/xen-announce/2014-11/msg00005.html


F5 Security Advisories

https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15877.html?ref=rss https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15875.html?ref=rss https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15881.html?ref=rss https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15868.html?ref=rss https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15885.html?ref=rss