Tageszusammenfassung - Freitag 7-02-2014

End-of-Shift report

Timeframe: Donnerstag 06-02-2014 18:00 − Freitag 07-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

Advance Notification Service for February 2014 Security Bulletin Release

Today we are providing advance notification for the release of five bulletins, two rated Critical and three rated Important, for February 2014. The Critical updates address vulnerabilities in Microsoft Windows and Security Software while the Important-rated updates address issues in Windows and the .NET Framework.

http://blogs.technet.com/b/msrc/archive/2014/02/06/advance-notification-service-for-february-2014-security-bulletin-release.aspx

---

Syrian Electronic Army nimmt beinahe Facebook vom Netz

Die Hacker der Syrian Electronic Army haben es fast geschafft, Facebooks Domain zu kapern. Zugang verschafften sie sich wohl durch das Administrationsinterface der Registrars MarkMonitor.

http://www.heise.de/security/meldung/Syrian-Electronic-Army-nimmt-beinahe-Facebook-vom-Netz-2108144.html

---

Bug in iOS 7: Fernortung lässt sich abdrehen

Mit einem Trick ist es möglich, bei iOS-7-Geräten Apples "Mein iPhone/iPad suchen", mit dem auch ein geklautes Gerät wiedergefunden werden kann, ohne Passwort zu deaktivieren. Dazu muss das Gerät allerdings entsperrt sein.

http://www.heise.de/security/meldung/Bug-in-iOS-7-Fernortung-laesst-sich-abdrehen-2108078.html

---

A Look at Malware with Virtual Machine Detection

It's not uncommon for the malware of today to include some type of built-in virtual machine detection. Virtual Machines (VMs) are an essential part of a malware analyst's work environment. After all, we wouldn't want to infect our physical - or "bare-metal" computers - to all the...

http://blog.malwarebytes.org/intelligence/2014/02/a-look-at-malware-with-virtual-machine-detection/

---

Large-scale DNS redirection on home routers for financial theft

In late 2013 CERT Polska received confirmed reports about modifications in e-banking websites observed on... iPhones. Users were presented with messages about alleged changes in account numbers that required confirmation with mTANs. This behavior would suggest that some Zeus-like trojan had been ported to iOS. As this would be the first confirmed case of such malware...

https://www.cert.pl/news/8019/langswitch_lang/en

---

Fritzbox-Angriff analysiert: AVM bereitet Firmware-Updates vor

AVM hat den für Telefoniemissbrauch benutzten Angriffsweg nachvollzogen und bereitet Firmware-Updates für Fritzboxen vor, die am Wochenende erscheinen sollen.

http://www.heise.de/security/meldung/Fritzbox-Angriff-analysiert-AVM-bereitet-Firmware-Updates-vor-2108862.html

---

Joomla! PROJOOM Smart Flash Header Component Arbitrary File Upload Vulnerability

https://secunia.com/advisories/56831

---

Bugtraq: CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin

http://www.securityfocus.com/archive/1/530938

---

Core FTP Server Vulnerabilities

CVE-2014-1441: Race condition leading to Denial of Service on the "AUTH SSL" command with invalid SSL data CVE-2014-1442: "XCRC" Directory Traversal Information Disclosure CVE-2014-1443: Password Disclosure Vulnerability

http://permalink.gmane.org/gmane.comp.security.full-disclosure/91518

---

Bugtraq: [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS

http://www.securityfocus.com/archive/1/530936

---

IBM Tealeaf CX Passive Capture Application remote code execution

http://xforce.iss.net/xforce/xfdb/89228

---

IBM Tealeaf CX Passive Capture Application local file include

http://xforce.iss.net/xforce/xfdb/89229

---

Symantec Encryption Management Server Web Email Protection information disclosure

http://xforce.iss.net/xforce/xfdb/90946

---

Palo Alto Networks PAN-OS Certificate Invalidation on Master Key Change Security Bypass Security Issue

https://secunia.com/advisories/56392

---

Schneider Electric SCADAPack VxWorks Debugger Vulnerability

https://secunia.com/advisories/56811

---

osCommerce 2.3.3.4 SQL Injection

Topic: osCommerce 2.3.3.4 SQL Injection Risk: Medium Text:# Title: osCommerce v2.x SQL Injection Vulnerability # Dork: Powered by osCommerce # Author: Ahmed Aboul-Ela # Contact: ahme...

http://cxsecurity.com/issue/WLB-2014020042