Tageszusammenfassung - Montag 31-03-2014

End-of-Shift report

Timeframe: Freitag 28-03-2014 18:00 − Montag 31-03-2014 18:00 Handler: Robert Waldner Co-Handler: n/a

Siemens ROS Improper Input Validation

Researcher Aivar Liimets from Martem Telecontrol Systems reported an improper input validation vulnerability in the Siemens Rugged Operating System (ROS), which could cause a denial-of-service (DoS) condition against the device's management web interface. Siemens coordinated the vulnerability details with NCCIC/ICS-CERT and has provided information for mitigation of the vulnerability.This vulnerability can be exploited remotely.

http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01


WiFi Bug Plagues Philips Internet-Enabled TVs

Some versions of Philips internet-enabled SmartTVs are vulnerable to cookie theft and an array of other tricks that abuse a lax WiFi setting.

http://threatpost.com/wifi-bug-plagues-philips-internet-enabled-tvs/105119


VulDB: Adobe Reader 11.0.06 Sandbox erweiterte Rechte

Die Schwachstelle wurde am 28.03.2014 von VUPEN via Pwn2Own 2014 publiziert. Die Identifikation der Schwachstelle wird seit dem 20.12.2013 mit CVE-2014-0512 vorgenommen. Sie ist schwierig auszunutzen. Der Angriff kann über das Netzwerk erfolgen. Zur Ausnutzung ist keine spezifische Authentisierung erforderlich. Es sind zwar keine technische Details, jedoch ein privater Exploit zur Schwachstelle bekannt.

http://www.scip.ch/?vuldb.12723


Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code

A remote user can create specially crafted content that, when loaded by the target user on a Windows-based system, will trigger a use-after-free and execute arbitrary code on the target system [CVE-2014-0506]. The code will run with the privileges of the target user. VUPEN reported this vulnerability (via Pwn2Own at CanSecWest 2014). A remote user can create specially crafted content that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target system [CVE-2014-0510]. The code will run with the privileges of the target user. Zeguang Zhao and Liang Chen reported this vulnerability (via Pwn2Own at CanSecWest 2014).

http://www.securitytracker.com/id/1029969 (Notiz: soweit wir bisher herausfinden konnten, sind noch keine Exploits dazu "in the wild" aufgetaucht.)

nginx 1.4.6/1.5.11 Heap-based buffer overflow in the SPDY

A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution (CVE-2014-0133). The problem affects nginx 1.3.15 - 1.5.11, compiled with the ngx_http_spdy_module module (which is not compiled by default) and without --with-debug configure option, if the "spdy" option of the "listen" directive is used in a configuration file. The problem is fixed in nginx 1.5.12, 1.4.7.

http://cxsecurity.com/issue/WLB-2014030250


Chip.de-Forum offenbar gehackt: 2,5 Millionen Nutzerdaten betroffen

Forumsmitglieder wurden per Mail über Hack informiert - Passwörter wurden außerdem unzureichend geschützt

http://derstandard.at/1395363600546


Who's Behind the "BLS Weblearn" Credit Card Scam?

A new rash of credit and debit card scams involving bogus sub-$15 charges and attributed to a company called "BLS Weblearn" is part of a prolific international scheme designed to fleece unwary consumers. This post delves deeper into the history and identity of the credit card processing network that has been enabling this type of activity for years.

http://feedproxy.google.com/~r/KrebsOnSecurity/~3/MxEDIVQPC94/


More Device Malware: This is why your DVR attacked my Synology Disk Station, (Mon, Mar 31st)

Last week, we reported that some of the hosts scanning for port 5000 are DVRs (to be more precise: Hikvision DVRs, commonly used to record video from surveillance cameras [1] ). Today, we were able to recover the malware responsible. You can download the malware here https://isc.sans.edu/diaryimages/hikvision.zip (password: infected) . The malware resides in /dev/cmd.so . A number of additional suspect files where located in the /dev directory which we still need to recover / analyze from the

http://isc.sans.edu/diary.html?storyid=17879&rss


Crack team of cyber warriors arrives to SAVE UK from grid-crippling HACK ATTACKS

National CERT goes live today The UK is finally getting a national Computer Emergency Response Team (CERT), with the delayed launch of the organisation taking place today.

http://go.theregister.com/feed/www.theregister.co.uk/2014/03/31/cert_uk_launch/


Cisco Security Response Team Opens Its Toolbox

With a variety of security tools, CSIRT is able to detect and analyze malicious traffic throughout the network, including virus propagation, targeted attacks, and commonplace exploits. Because CSIRT continually identifies new security threats, the team needs some historical look-back at what occurred on the network. They also need a solution that can dissect the finer details of security incidents while facing the ever-present restrictions with data storage.

https://blogs.cisco.com/security/cisco-security-response-team-opens-its-toolbox/