End-of-Shift report
Timeframe: Montag 17-03-2014 18:00 − Dienstag 18-03-2014 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Google's Public DNS Hijacked for 22 Minutes
The attackers hijacked the 8.8.8.8/32 DNS server for approximately 22 minutes. According to BGPmon, networks in Brazil and Venezuela were impacted. A screenshot published by the company shows that the traffic was redirected to BT Latin America's networks.
http://news.softpedia.com/news/Google-s-Public-DNS-Hijacked-for-22-Minutes-432502.shtml
Anonymisierung: Sniper-Angriff legt Tor-Nodes lahm
Mit einer sogenannten Sniper-Attacke können Angreifer nicht nur gezielt einzelne Tor-Knoten außer Gefecht setzen, sondern innerhalb von wenige Minuten das gesamte Netzwerk lahmlegen. Ein Patch wurde bereits erarbeitet.
http://www.golem.de/news/anonymisierung-sniper-angriff-legt-tor-nodes-lahm-1403-105197-rss.html
Scans for FCKEditor File Manager, (Mon, Mar 17th)
FCKEditor (now known as CKEditor [1]) is a popular full featured GUI editor many web sites use. For example, you frequently find it with blog systems like WordPress or as part of commenting/forum systems. As an additional feature, a filemanager can be added to allow users to upload images or other files. Sadly, while a very nice and functional plugin, this features if frequently not well secured and can be used to upload malicious files. We have seen some scans probing specifically...
http://isc.sans.edu/diary.html?storyid=17821&rss
Hintergründe des Typo3-Hacks weiter im Dunkeln
Die Typo3 Association hat keine Informationen zu der Schwachstelle hinter dem Casino-Spam-Hack, der viele Typo3-Webseiten betrifft, und vermutet, dass der Hack andere Ursachen hat. Seiten ohne Typo-Installation sollen ebenfalls betroffen sein.
http://www.heise.de/newsticker/meldung/Hintergruende-des-Typo3-Hacks-weiter-im-Dunkeln-2149176.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
Hidden Windigo UNIX ZOMBIES are EVERYWHERE
Check and wipe: The la-la-la-its-not-happening plan is no good Hackers using a Trojan seized control of over 25,000 Unix servers worldwide to create a potent spam and malware distribution platform.
http://go.theregister.com/feed/www.theregister.co.uk/2014/03/18/windigo_unix_botnet/
Threatglass Tool Gives Deep Look Inside Compromised Sites
Trying to enumerate the compromised sites on the Internet is a Sisyphian task. Luckily, it's not a task that anyone really needs to perform any longer, especially now that Barracuda Labs has released its new Threatglass tool, a Web-based frontend that allows users to query a massive database of compromised sites to get detailed information...
http://threatpost.com/threatglass-tool-gives-deep-look-inside-compromised-sites/104844
March 2014 Security Bulletin Webcast and Q&A
Today we published the March 2014 Security Bulletin Webcast Questions & Answers page. We answered eight questions in total, with the majority focusing on the updates for Windows (MS14-016) and Internet Explorer (MS14-012). One question that was not answered on air has been included on the Q&A page.
http://blogs.technet.com/b/msrc/archive/2014/03/17/march-2014-security-bulletin-webcast-and-q-amp-a.aspx
When ASLR makes the difference
We wrote several times in this blog about the importance of enabling Address Space Layout Randomization mitigation (ASLR) in modern software because it's a very important defense mechanism that can increase the cost of writing exploits for attackers and in some cases prevent reliable exploitation. In today's blog, we'll go through ASLR one more time to show in practice how it can be valuable to mitigate two real exploits seen in the wild and to suggest solutions for programs...
https://blogs.technet.com/b/srd/archive/2014/03/12/when-aslr-makes-the-difference.aspx
Red Hat plans unified security management for Fedora 21
One crypto policy to bind them Red Hat is planning a significant change to how its Fedora Linux distribution handles crypto policy, to ship with the due-in-late-2014 Fedora 21 release.
http://go.theregister.com/feed/www.theregister.co.uk/2014/03/18/red_hat_plans_unified_security_management_for_fedora_21/
Open-Xchange AppSuite 7.4.1 / 7.4.2 Cross Site Scripting
Topic: Open-Xchange AppSuite 7.4.1 / 7.4.2 Cross Site Scripting Risk: Low Text:Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 31065 Vulnerability type: Cross Site Scriptin...
http://cxsecurity.com/issue/WLB-2014030134
Security Advisory-Y.1731 Vulnerability on Some Huawei Switches
Y.1731 is an ITU-T recommendation for OAM features on Ethernet-based networks. Y.1731 provides connectivity detection, diagnosis, and performance monitoring for VLAN/VSI services on MANs.
Some Huawei switches support Y.1731 and therefore, has the Y.1731 vulnerability in processing special packets. The vulnerability causes the restart of switches (Vulnerability ID: HWPSIRT-2013-1165).
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-329625.htm
OpenSSH AcceptEnv Wildcard Processing Flaw May Let Remote Authenticated Users Bypass Environment Restrictions
http://www.securitytracker.com/id/1029925
DSA-2880 python2.7
security update
http://www.debian.org/security/2014/dsa-2880
Bugtraq: 2014 World Conference on IST - Madeira Island, April 15-17
The 2014 World Conference on Information Systems and Technologies
http://www.securityfocus.com/archive/1/531513