End-of-Shift report
Timeframe: Montag 01-12-2014 18:00 − Dienstag 02-12-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Researcher Releases Database of Known-Good ICS and SCADA Files
A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones. The database, known as WhiteScope, comprises nearly 350,000 files, including executables and DLLs,...
http://threatpost.com/researcher-releases-database-of-known-good-ics-and-scada-files/109652
CVE-2014-1824 - A New Windows Fuzzing Target
As time progresses, due to constant fuzzing and auditing many common Microsoft products are becoming reasonably hard targets to fuzz and find interesting crashes. There are two solutions to this: write a better fuzzer (
http://lcamtuf.coredump.cx/afl/) or pick a less audited target. In a search for less audited attack surface, we are brought to MS14-038, Vulnerability...
http://blog.beyondtrust.com/cve-2014-1824-searching-for-windows-attack-surface
Kritische Lücke legt OpenVPN-Server lahm
Wer einen OpenVPN-Server betreibt, sollte diesen umgehend auf den aktuellen Stand bringen. Durch eine Schwachstelle können Angreifer dessen Erreichbarkeit erheblich beeinträchtigen.
http://www.heise.de/security/meldung/Kritische-Luecke-legt-OpenVPN-Server-lahm-2472178.html
Operation DeathClick
The era of spear phishing and the waterhole attack, which uses social engineering, has come to an end. Hackers are now moving their tricky brains towards targeted Malvertising - a type of attack that uses online advertising to spread malware. A recent campaign termed "Operation death click" displays a new form of cyber-attack focused on specific targets. The attack is also defined as micro targeted malvertising. In this newly targeted variation of malvertising, the hackers are
http://resources.infosecinstitute.com/operation-deathclick/
3Q 2014 Security Roundup: Vulnerabilities Under Attack
Our report on the threats seen in 3Q 2014 shows us that once again, software vulnerabilities are the most favored cybercriminal targets. Following the second quarter's infamous Heartbleed vulnerability came another serious vulnerability in open-source software: Shellshock. Having gone unnoticed for years, the Shellshock incident suggests that there might be more vulnerabilities in Bash or in...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4qiLKTUdqhM/
Betrügerische E-Mails im Namen des Finanzministeriums in Umlauf
Täuschend echte Phishing-Masken in Design von FinanzOnline
http://derstandard.at/2000008913504
JSA10607 - 2014-01 Security Bulletin: Junos: Memory-consumption DoS attack possible when xnm-ssl or xnm-clear-text service enabled (CVE-2014-0613)
Product Affected: This issue can affect any product or platform running Junos OS.
Problem: When xnm-ssl or xnm-clear-text is enabled within the [edit system services] hierarchy level of the Junos configuration, an unauthenticated, remote user could exploit the XNM command processor to consume excessive amounts of memory. This, in turn, could lead to system instability or other performance issues.
http://kb.juniper.net/index/content&id=JSA10607
Security advisory - High severity - InfiniteWP Client WordPress plugin
Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation and potential Object Injection vulnerability. Patched Version: 1.3.8 If you're using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of our Website FirewallRead More
http://blog.sucuri.net/2014/12/security-advisory-high-severity-infinitewp-client-wordpress-plugin.html
Security Bulletin: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management (CVE-2014-6140)
A vulnerability exists in IBM Endpoint Manager Mobile Device Management component, where an attacker could misuse cookies to execute arbitrary code.
http://www-01.ibm.com/support/docview.wss?uid=swg21691701
Security Advisory: PHP vulnerability CVE-2013-2110
(SOL15876)
https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15876.html?ref=rss
Security Advisory: SOAP parser vulnerability CVE-2013-1824
(SOL15879)
https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15879.html?ref=rss
Yokogawa FAST/TOOLS XML information disclosure
http://xforce.iss.net/xforce/xfdb/99018
EntryPass N5200 Credential Disclosure
Topic: EntryPass N5200 Credential Disclosure Risk: Low Text:Advisory: EntryPass N5200 Credentials Disclosure EntryPass N5200 Active Network Control Panels allow the unauthenticated do...
http://cxsecurity.com/issue/WLB-2014120010
1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting
Topic: 1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting Risk: Low Text: # # # SWISSCOM CSIRT ADVISORY -
http://www.swisscom.com/security # # # # CVE ID: ...
http://cxsecurity.com/issue/WLB-2014120009
Security Advisory-Multiple Vulnerabilities on Huawei P2 product
Dec 02, 2014 15:22
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm