End-of-Shift report
Timeframe: Freitag 05-12-2014 18:00 − Dienstag 09-12-2014 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Advance Notification Service for the December 2014 Security Bulletin Release
Today, we provide advance notification for the release of seven Security Bulletins. Three of these updates are rated Critical and four are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer (IE), Office and Exchange. As per our monthly process, we've scheduled the Security Bulletin release for the second Tuesday of the month, December 9, 2014, at approximately 10 a.m. PDT. Until then, please review the ANS summary page for more information to help...
http://blogs.technet.com/b/msrc/archive/2014/12/04/advance-notification-service-for-the-december-2014-security-bulletin-release.aspx
Leveraging the WordPress Platform for SPAM
We've all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comments, comment spam isn't a major problem for most websites these days. I have seen however, a new trend starting to emerge when it comes to spam involving WordPress. In recent years...
http://blog.sucuri.net/2014/12/leveraging-the-wordpress-platform-for-spam.html
SSLv3: Kaspersky-Software hebelt Schutz vor Poodle-Lücke aus
Das Paket Kaspersky Internet Security kann auch bei Browsern, die unsichere Verbindungen per SSLv3 nicht unterstützen, das veraltete Protokoll dennoch aktivieren. Patchen will das der Hersteller erst 2015, es gibt aber schon jetzt eine einfache Lösung.
http://www.golem.de/news/sslv3-kaspersky-software-hebelt-schutz-vor-poodle-luecke-aus-1412-111046-rss.html
Sicherheitslücken: Java-Sandbox-Ausbrüche in Googles App Engine
Ein Forscherteam hat diverse Möglichkeiten und Lücken gefunden, aus der Java-Sandbox von Googles App Engine auszubrechen. Dadurch seien sogar beliebige Systemaufrufe im darunter liegenden Betriebssystem möglich.
http://www.golem.de/news/sicherheitsluecken-java-sandbox-ausbrueche-in-googles-app-engine-1412-111054-rss.html
DNS-Server BIND, PowerDNS und Unbound droht Endlosschleife
Eine Sicherheitslücke in den drei DNS-Servern kann dazu ausgenutzt werden, die Software lahmzulegen. Dazu muss ein Angreifer allerdings die Zonen manipulieren oder einen bösartigen DNS-Resolver einschleusen.
http://www.heise.de/security/meldung/DNS-Server-BIND-PowerDNS-und-Unbound-droht-Endlosschleife-2483068.html
The Penquin Turla - A Turla/Snake/Uroburos Malware for Linux
So far, every single Turla sample weve encountered was designed for the Microsoft Windows family, 32 and 64 bit operating systems. The newly discovered Turla sample is unusual in the fact that its the first Turla sample targeting the Linux operating system that we have discovered.
https://securelist.com/blog/research/67962/the-penquin-turla-2/
Setting Up Your Gadgets Securely
I'm sure that many of us will take home brand new iPhones and Android devices and set it up just the way we want our personal devices to be. We should take a minute to remember, however, that because these devices are so personal to us, the damage a hacked smartphone can do to is significant. Imagine what would happen if a hacker stole your personal data. We don't have to imagine, however, as this has happened to many users in 2014. At the very least, this is embarrassing to the user...
http://blog.trendmicro.com/trendlabs-security-intelligence/setting-up-your-gadgets-securely/
Social Engineering improvements keep Rogues/FakeAV a viable scam
The threat landscape has been accustomed to rogues for a while now. They've been rampant for the past few years and there likely isn't any end in sight to this scam. These aren't complex pieces of malware by any means and typically don't fool the average experienced user, but that's because they're aimed at the inexperienced user. We're going to take a look at some of the improvements seen recently in the latest round of FakeAVs that lead to their success.
http://www.webroot.com/blog/2014/12/05/social-engineering-improvements-keep-roguesfakeav-viable-scam/
MediaWiki unspecified cross-site request forgery
http://xforce.iss.net/xforce/xfdb/99151
MediaWiki unspecified code execution
http://xforce.iss.net/xforce/xfdb/99152
[Xen-announce] Xen Security Advisory 114 (CVE-2014-9065, CVE-2014-9066) - p2m lock starvation
http://lists.xen.org/archives/html/xen-announce/2014-12/msg00001.html
[TYPO3-announce] Announcing TYPO3 CMS 6.2.8 LTS
The TYPO3 Community has just released TYPO3 CMS version 6.2.8 LTS,
which is now ready for you to download. This version is maintenance releases and contains bug fixes. The packages can be downloaded here:
http://typo3.org/download/
http://typo3.org/news/article/typo3-cms-628-released/
Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting, Denial of Service and Local File Inclusion.
http://www.typo3.org/news/article/multiple-vulnerabilities-in-extension-phpmyadmin-phpmyadmin/