End-of-Shift report
Timeframe: Donnerstag 11-12-2014 18:00 − Freitag 12-12-2014 18:00
Handler: Alexander Riepl
Co-Handler: Otmar Lendl
Archie and Astrum: New Players in the Exploit Kit Market
Thu, 11 Dec 2014 17:10:55 +0200
https://www.f-secure.com/weblog/archives/00002776.html
Researcher: Lax Crossdomain Policy Puts Yahoo Mail At Risk
A security researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that puts email content and contacts at risk.
http://threatpost.com/researcher-lax-crossdomain-policy-puts-yahoo-mail-at-risk/109849
DSA-3098 graphviz - security update
Joshua Rogers discovered a format string vulnerability in the yyerrorfunction in lib/cgraph/scan.l in Graphviz, a rich set of graph drawingtools. An attacker could use this flaw to cause graphviz to crash orpossibly execute arbitrary code.
https://www.debian.org/security/2014/dsa-3098
ZDI-14-424: Honeywell OPOS Suite HWOPOSScale.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/8tlo_ZfI4BE/
ZDI-14-423: Honeywell OPOS Suite HWOPOSSCANNER.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/ZDVuupIJS6Q/
ZDI-14-422: ManageEngine NetFlow Analyzer CollectorConfInfoServlet COLLECTOR_ID Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/sBfZBCsAKl4/
ZDI-14-421: ManageEngine Password Manager Pro UploadAccountActivities filename Directory Traversal Denial of Service Vulnerability
This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of ManageEngine Password Manager Pro. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/agLsqjzz9u4/
ZDI-14-420: ManageEngine Desktop Central MSP NativeAppServlet UDID JSON Object Code Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/YGf1aa88_QM/
Targeted Phishing Against GoDaddy Customers
I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it's missing a name. When you get them from a bank you don't even deal with that's a pretty good clue. However, when the phishing is well doneRead More
http://feedproxy.google.com/~r/sucuri/blog/~3/uan3MNQ2J9g/targeted-phishing-against-godaddy-customers.html
Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update B)
This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02A Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS-CERT web site.
https://ics-cert.us-cert.gov//advisories/ICSA-14-329-02B
Wire transfer spam spreads Upatre
The Microsoft Malware Protection Center (MMPC) is currently monitoring a spam email campaign that is using a wire transfer claim to spread Trojan:Win32/Upatre. It is important to note that customers running up-to-date Microsoft security software are protected from this threat. Additionally, customers with Microsoft Active Protection Service Community (MAPS) enabled also benefit from our cloud protection service. Upatre typically uses spam email campaigns to spread and then downloads other
http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-spam-spreads-upatre.aspx
Digitaler Anschlag: Cyber-Attacke soll Ölpipeline zerstört haben
Ein Cyber-Angriff soll 2008 die Explosion einer Ölpipeline in der Türkei verursacht haben, wie anonyme Quellen berichten. Es gibt dafür aber nur Indizien. (Cyberwar, Virus)
http://www.golem.de/news/digitaler-anschlag-cyber-attacke-soll-oelpipeline-zerstoert-haben-1412-111128-rss.html
Cross-Signed Certificates Crashes Android
We have discovered a vulnerability in Android that affects how cross-signed certificates are handled. No current Android release correctly handles these certificates, which are created when two certificates are signed with a looped certificate chain (certificate A signs certificate B; certificate B signs certificate A). We've already notified Google about this vulnerability, and there is no fix
Post from: Trendlabs Security Intelligence Blog - by Trend MicroCross-Signed
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/K85aQffE_W0/
Microsoft: Neues Zertifikats-Update, noch ein zurückgezogener Patch
Microsoft hat ein neues Zertifikats-Update für Windows 7 und Server 2008 ausgeliefert, das die Update-Probleme beheben soll. In der Zwischenzeit musste allerdings der dritte Patch in wenigen Tagen zurückgezogen werden, da er Silverlight zerschossen hatte.
http://www.heise.de/security/meldung/Microsoft-Neues-Zertifikats-Update-noch-ein-zurueckgezogener-Patch-2488906.html
Office für Mac 2011: Microsoft beseitigt kritische Schwachstelle
Das Update für die OS-X-Version der Büro-Suite soll eine Sicherheitslücke in Word beseitigen, die das Einschleusen und Ausführen von Schadcode erlaubt. Auch ein kleineres Problem wird behoben.
http://www.heise.de/security/meldung/Office-fuer-Mac-2011-Microsoft-beseitigt-kritische-Schwachstelle-2489046.html
Microsoft pulls Patch Tuesday fix - "Outlook can't connect to Exchange"
Part of Patch Tuesday is now only partly available as Microsoft recalls its already-delayed Exchange 2010 update. Paul Ducklin takes a look...
http://feedproxy.google.com/~r/nakedsecurity/~3/pyrMdTGYdYo/
DFN-CERT-2014-1647/">MantisBT: Mehrere Schwachstellen ermöglichen das Ausführen beliebigen Programmcodes
12.12.2014
https://portal.cert.dfn.de/adv/DFN-CERT-2014-1647/
OphionLocker: Joining in the Ransomware Race
Fri, 12 Dec 2014 16:32:35 +0200
https://www.f-secure.com/weblog/archives/00002777.html
SSL-Lücke: Der POODLE beißt Windows Phone 7
Windows Phone 7 kann Mails nur mit dem uralten SSL-Protokoll Version 3 abholen. Das wird aber von vielen Mailservern wegen der POODLE-Lücke nicht mehr angeboten. Auf Abhilfe können Nutzer wohl nicht hoffen. (Windows Phone, E-Mail)
http://www.golem.de/news/ssl-luecke-der-poodle-beisst-windows-phone-7-1412-111153-rss.html