Tageszusammenfassung - Donnerstag 6-02-2014

End-of-Shift report

Timeframe: Mittwoch 05-02-2014 18:00 − Donnerstag 06-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

Target Hackers Broke in Via HVAC Company

Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers.

http://feedproxy.google.com/~r/KrebsOnSecurity/~3/JuvkO7plF2E/


Angriffe auf Fritzboxen: AVM empfiehlt Abschaltung der Fernkonfiguration

Nach ersten Fällen von Telefonie-Missbrauch halten Angriffe auf Fritzboxen über die Fernkonfiguration an. Um Schäden vorzubeugen, sollen Fritzbox-Nutzer die Funktion vorübergehend deaktivieren.

http://www.heise.de/security/meldung/Angriffe-auf-Fritzboxen-AVM-empfiehlt-Abschaltung-der-Fernkonfiguration-2106542.html


Demystifying Point of Sale Malware and Attacks

Cybercriminals have an insatiable thirst for credit card data. There are multiple ways to steal this information on-line, but Point of Sales are the most tempting target. An estimated 60 percent of purchases at retailers' Point of Sale (POS) are paid for using a credit or debit card. Given that large retailers may process thousands of transactions daily though their POS, it stands to reason that POS terminals have come into the crosshairs of cybercriminals seeking large volumes of credit...

http://www.symantec.com/connect/blogs/demystifying-point-sale-malware-and-attacks


Malware Uses ZWS Compression for Evasion Tactic

Cybercriminals can certainly be resourceful when it comes to avoiding detection. We have seen many instances wherein malware came equipped with improved evasion techniques, such as preventing execution of analysis tools, hiding from debuggers, blending in with normal network traffic, along with various JavaScript techniques. Security researchers have now come across malware that uses a legitimate compression technique to go unnoticed by security solutions.

http://blog.trendmicro.com/trendlabs-security-intelligence/malware-uses-zws-compression-for-evasion-tactic/


New Asprox Variant Goes Above and Beyond to Hijack Victims

[UPDATE] After further analysis, this threat was identified as Asprox botnet and not Zbot

http://research.zscaler.com/2014/02/new-zbot-variant-goes-above-and-beyond.html


OpenLDAP 2.4.36 Remote Users Deny Of Service

Topic: OpenLDAP 2.4.36 Remote Users Deny Of Service Risk: Medium Text:It was discovered that OpenLDAP, with the rwm overlay to slapd, could segfault if a user were able to query the directory and i...

http://cxsecurity.com/issue/WLB-2014020032


Rockwell RSLogix 5000 Password Vulnerability

OVERVIEW: This advisory was originally posted to the US-CERT secure Portal library on January 21, 2014, and is now being released to the NCCIC/ICS-CERT Web site.Independent researcher Stephen Dunlap has identified a password vulnerability in the Rockwell Automation RSLogix 5000 software. Rockwell Automation has produced a new version that mitigates this vulnerability.

http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01


NETGEAR Router D6300B Telnet Backdoor Lets Remote Users Gain Root Access

http://www.securitytracker.com/id/1029727


DSA-2855 libav

several vulnerabilities

http://www.debian.org/security/2014/dsa-2855


Security Bulletin: IBM Domino IMAP Server Denial of Service Vulnerability (CVE-2014-0822)

The IMAP server in IBM Domino contains a denial of service vulnerability. A remote unauthenticated attacker could exploit this security vulnerability to cause a crash of the Domino server. The fix for this issue is available as a hotfix and is planned to be incorporated in all upcoming Interim Fixes, Fix Packs and Maintenance Releases.

http://www-01.ibm.com/support/docview.wss?uid=swg21663023


Bugtraq: ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability

http://www.securityfocus.com/archive/1/530929


Vulnerabilities in Drupal Third-Party Modules

https://drupal.org/node/2187453 https://drupal.org/node/2189509 https://drupal.org/node/2189643 https://drupal.org/node/2189751


WordPress WooCommerce SagePay Direct Payment Gateway Cross-Site Scripting Vulnerability

https://secunia.com/advisories/56801