Tageszusammenfassung - Montag 24-03-2014

End-of-Shift report

Timeframe: Freitag 21-03-2014 18:00 − Montag 24-03-2014 18:00 Handler: Robert Waldner Co-Handler: n/a

NSA Targets Sys Admins to Infiltrate Networks

The latest Snowden documents show how the National Security Agency targets system administrators, in particular their personal email and social media accounts, in order to access target networks.

http://threatpost.com/nsa-targets-sys-admins-to-infiltrate-networks/104953


IBM Security Bulletin: IBM Security Directory Server can be affected by a vulnerability in IBM WebSphere Application Server (CVE-2014-0411)

The IBM WebSphere Application Server component provided with IBM Security Directory Server is vulnerable to a transport layer security (TLS) timing attack.

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_security_directory_server_can_be_affected_by_a_vulnerability_in_ibm_websphere_application_server_cve_2014_04111?lang=en_us


BlackOS software package automates website hacking, costs $3,800 a year

An updated version of a malicious software package designed to automate the process of hacking websites is being offered up on underground markets for $3,800 a year, according to a blog by Trend Micro.

http://feedproxy.google.com/~r/SCMagazineHome/~3/yw9wyT8CoMQ/


WPA2 Wireless Security Crackable WIth "Relative Ease"

An anonymous reader writes "Achilleas Tsitroulis of Brunel University, UK, Dimitris Lampoudis of the University of Macedonia, Greece and Emmanuel Tsekleves of Lancaster University, UK, have investigated the vulnerabilities in WPA2 and present its weakness. They say that this wireless security system might now be breached with relative ease [original, paywalled paper] by a malicious attack on a network.

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/GNlVmrhVOM4/story01.htm


Android update process gives malware a leg-up to evil: Indiana U

Old apps get access to privileges that didnt exist when they were written Researchers from Indiana University Bloomington have tagged a vulnerability in the way Android handles updates, which they say puts practically every Android device at risk of malicious software.…

http://go.theregister.com/feed/www.theregister.co.uk/2014/03/23/android_updates_a_critical_vuln_indiana_u/


AWS urges developers to scrub GitHub of secret keys

Devs hit with unexpected bills after leaving secret keys exposed. Amazon Web Services (AWS) is urging developers using the code sharing site GitHub to check their posts to ensure they havent inadvertently exposed their log-in credentials.

http://www.itnews.com.au/News/375785,aws-urges-developers-to-scrub-github-of-secret-keys.aspx


D-Link DIR-600L Cross-Site Request Forgery Vulnerability

A vulnerability has been reported in D-Link DIR-600L, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change administrative credentials when a logged-in user visits a specially crafted web page.

https://secunia.com/advisories/57392


Array Networks vxAG / vAPV Undocumented Accounts Security Issues

Some security issues have been reported in Array Networks vxAG and vAPV, which can be exploited by malicious people to bypass certain security restrictions. The security issues are caused due to the device using certain undocumented user accounts with default credentials, which can be exploited to gain otherwise restricted access to the device.

https://secunia.com/advisories/57442


PayPal for Android SSL Certificate Validation Security Issue

MWR InfoSecurity has reported a security issue in PayPal for Android, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to an error when verifying server SSL certificate within the WebHybridClient class and can be exploited to spoof a HTTPS connection and e.g. conduct Man-in-the-Middle (MitM) attacks.

https://secunia.com/advisories/57351


php-font-lib "name" Cross-Site Scripting Vulnerability

Daniel C. Marques has reported a vulnerability in php-font-lib, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "name" GET parameter to www/make_subset.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

https://secunia.com/advisories/57558