End-of-Shift report
Timeframe: Montag 10-02-2014 18:00 − Dienstag 11-02-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Update (2/10) - Advance Notification Service for February 2014 Security Bulletin Release
Update as of February 10, 2014 We are adding two updates to the February release. There will be Critical-rated updates for Internet Explorer and VBScript in addition to the previously announced updates scheduled for release on February 11, 2014. These updates have completed testing and will be included in tomorrow's release. This brings the total for Tuesday's release to seven bulletins, four Critical. Please review the ANS summary page for updated information to help customers...
http://blogs.technet.com/b/msrc/archive/2014/02/10/advance-notification-service-for-february-2014-security-bulletin-release.aspx
IBMs remote firmware configuration protocol
I spent last week looking into the firmware configuration protocol used on current IBM system X servers. IBM provide a tool called ASU for configuring firmware settings, either in-band (ie, running on the machine you want to reconfigure) or out of band (ie, running on a remote computer and communicating with the baseboard management controller - IMM in IBM-speak). Im not a fan of using vendor binaries for this kind of thing. They tend to be large (ASU is a 20MB executable) and difficult to
http://mjg59.dreamwidth.org/29210.html
Das Ende des Magnetstreifens - USA wechseln auf Chip&Pin
Die USA ist eine Hochburg für den Betrug mit geklauten Kreditkartendaten. Doch ab 2015 soll damit Schluss sein -- Visa und Mastercard stellen auf die in Europa seit langem üblichen Karten mit SmartCard-Chip um.
http://www.heise.de/security/meldung/Das-Ende-des-Magnetstreifens-USA-wechseln-auf-Chip-Pin-2110204.html
Survey: Just 1 in 3 Euro biz slackers meets card security standards
Yet PCI-DSS has largely been a failure, wails securo-bod European businesses are lagging far behind the rest of the world in compliance with global payment card industry security standards, according to a new survey.
http://go.theregister.com/feed/www.theregister.co.uk/2014/02/11/pci_survey_verizon/
NTP-Reflection: Cloudflare meldet massiven DDoS-Angriff
Der Netzwerksicherheitsanbieter Cloudflare hat in der Nacht einen massiven DDoS-Angriff auf einen seiner Kunden gemeldet. Es handele sich um einen NTP-Reflection-Angriff, der größer sein soll als der Angriff auf Spamhaus Mitte 2013. (Server, DE-CIX)
http://www.golem.de/news/ntp-reflection-cloudfare-meldet-massiven-ddos-angriff-1402-104491-rss.html
Anti-Diebstahl-Software für Notebooks als Einfallstor
Sicherheitsexperten haben die auf Notebooks oft vorinstallierte Anwendung Computrace unter die Lupe genommen. Ergebnis: Die Software hat eine massive Sicherheitslücke. Außerdem lässt sie sich nicht immer deaktivieren.
http://www.heise.de/security/meldung/Anti-Diebstahl-Software-fuer-Notebooks-als-Einfallstor-2110747.html
The Mask/Careto: Hochentwickelter Cyberangriff auf Energieunternehmen
Bis Januar 2014 war die Cyberwaffe The Mask aktiv, die Sicherheitslücken in Kaspersky-Software und im Adobe Flash Player ausnutzte. Die Malware arbeitet mit Rootkit, Bootkit und Versionen für Mac OS X, Linux, Android und iOS und löscht ihre Logdateien durch überschreiben.
http://www.golem.de/news/the-mask-careto-hochentwickelter-cyberangriff-auf-energieunternehmen-1402-104493-rss.html
Blog: The Careto/Mask APT: Frequently Asked Questions
The Mask is an advanced threat actor that has been involved in cyber-espionage operations since at least 2007.
http://www.securelist.com/en/blog/208216078/The_Careto_Mask_APT_Frequently_Asked_Questions
Five OAuth Bugs Lead to Github Hack
A Russian researcher was able to take five low severity OAuth bugs and string them together to create what he calls a "simple but high severity exploit" in Github.
http://threatpost.com/five-oauth-bugs-lead-to-github-hack/104178
Your PenTest Tools Arsenal
When it comes about information security one of the major problems is to set your PenTest Tools Arsenal. The truth is there are too many tools out there and it would take forever to try half of them to see if it fit your needs. Over the years, there are some well established tools that most of security professionals use them but that doesn't mean that out there are not unknown still very good pentest tools.
https://community.rapid7.com/community/metasploit/blog/2014/02/11/your-pentest-tools-arsenal
Symantec Web Gateway Security Management Console Multiple Security Issues
Symantec Web Gateway (SWG) Appliance management console is susceptible to both local and remote access cross-site scripting (XSS) and local access SQL injection (sqli) vulnerabilities. Successful exploitation may result in an authorized user gaining unauthorized access to files on the management console or possibility being able to manipulate the backend data base. There is also potential for remote hijacking of an authorized user session with associated privileges.
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00
Schneider ClearSCADA File Parsing Vulnerability
https://secunia.com/advisories/56880
[webapps] - WiFi Camera Roll 1.2 iOS - Multiple Vulnerabilities
http://www.exploit-db.com/exploits/31573
IBM WebSphere Portal Arbitrary File Upload Security Bypass Vulnerability
https://secunia.com/advisories/56805
Bugtraq: Open-Xchange Security Advisory 2014-02-10
http://www.securityfocus.com/archive/1/531005
parcimonie (0.6 to 0.8, included) possible correlation between key fetches
Topic: parcimonie (0.6 to 0.8, included) possible correlation between key fetches Risk: Low Text:Hi, Holger Levsen discovered that parcimonie [1], a privacy-friendly helper to refresh a GnuPG k...
http://cxsecurity.com/issue/WLB-2014020072
Joomla JomSocial Remote Code Execution Vulnerability
The JomSocial team just released an update that fixes a very serious remote code execution vulnerability that affects any JomSocial version older than 3.1.0.4. From their hot-fix update: Yesterday we released version 3.1.0.4 which fixes two vulnerabilities. As a result of the first vulnerability, our own site was hacked. Thankfully, our security experts spotted the...
http://blog.sucuri.net/2014/02/joomla-jomsocial-remote-code-execution-vulnerability.html
Perl Regex Processing Flaw Lets Remote and Local Users Deny Service
http://www.securitytracker.com/id/1029735
Titan FTP Server 10.32 Build 1816 Directory Traversals
http://cxsecurity.com/issue/WLB-2014020075
Avaya Call Management System (CMS) Security Issue and Two Vulnerabilities
https://secunia.com/advisories/56926
Google Android addJavascriptInterface code execution
http://xforce.iss.net/xforce/xfdb/90998