Tageszusammenfassung - Donnerstag 3-04-2014

End-of-Shift report

Timeframe: Mittwoch 02-04-2014 18:00 − Donnerstag 03-04-2014 18:00 Handler: Robert Waldner Co-Handler: n/a

Researchers Divulge 30 Oracle Java Cloud Service Bugs

Upset with the vulnerability handling process at Oracle, researchers yesterday disclosed over two dozen issues with the company’s Java Cloud Service platform.

http://threatpost.com/researchers-divulge-30-oracle-java-cloud-service-bugs/105190


Ad Violations: Why Search Engines Won’t Display Your Site If it’s Infected With Malware

As your site’s webmaster, have you ever seen an e-mail from Google like this: Hello, We wanted to alert you that one of your sites violates our advertising policies. Therefore, we won’t be able to run any of your ads that link to that site, and any new ads pointing to that site will alsoRead More

http://feedproxy.google.com/~r/sucuri/blog/~3/kz7JGX2ydIU/ad-violations-why-search-engines-wont-display-your-site-if-its-infected-with-malware.html


IBM Lotus Web Content Managemen cross-site scripting

IBM Lotus Web Content Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

http://xforce.iss.net/xforce/xfdb/90566


Watching the watchers, (Thu, Apr 3rd)

A lot of companies today have various IDS and IPS devices implemented in their internal network (especially if you must be compliant with PCI DSS, for example). So these devices get implemented to monitor various traffic at various interfaces/perimeters in a company, but the question I got asked is how can we be sure that the IDS/IPS is doing its job? Obviously, some simple monitoring should be in place – this typically consists of pinging the device or collecting various counters such

http://isc.sans.edu/diary.html?storyid=17895&rss


Macro-Enabled Files Used as Infection Vectors (Again)

Macro-based attacks were popular in the early 2000s, but they gained much notoriety with the much publicized coverage of the Melissa virus. However, macro-based attacks soon began to drop off the radar. One major reason for this would be the security measures implemented by Microsoft to address malicious macro files. Another probable reason would also […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroMacro-Enabled Files Used as Infection Vectors (Again)

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/1X49GtDdVuU/


New Check_MK stable release 1.2.4p1

The most important changes are security patches for two CVEs (CVE-2014-2330 and CVE-2014-2331) which have been published on 2014-03-24 and 2014-03-28 on the bugtraq mailinglist. The mail from 2014-03-24 contained wrong information on the not-fixed issues, which had been corrected with the mail from 2014-03-28. All of the reported security related issues are fixed with this release.

http://lists.mathias-kettner.de/pipermail/checkmk-announce/2014-April/000083.html


A Series of Introductory Malware Analysis Webcasts

If you are looking to get started with malware analysis, tune into the webcast series I created to illustrate key tools and techniques for examining malicious software.

http://blog.zeltser.com/post/80874760857/introductory-malware-analysis-webcasts


Twelve sources of global cyber attack maps

1 - Cyber Warfare Real Time Map by Kaspersky 2 - Top Daily DDoS Attacks Worldwide by Google 3 - Security Tachometer by Deutche Telekom 4 - Cyberfeed Live Botnet Map by AnubisNetworks 5 - Real-time Web Monitor by Akamai 6 - IpViking Live Map by Norse 7 - Honeypots from the Honeynet Project 8 - Global Activity Maps by Arbor 9 - Global Botnet Threat Activity Map by Trend Micro 10 - DDoS Attacks by ShadowServer 11 - Internet Malicious Activity Maps by TeamCymru 12 - Globe and WorldMap by F-Secure

http://sseguranca.blogspot.com.br/2014/03/ten-sources-of-global-cyber-attack-maps.html


SNMPCheck - Enumerate the SNMP devices

Like to snmpwalk, snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring.

http://hack-tools.blackploit.com/2014/04/snmpcheck-enumerate-snmp-devices.html


The Right Stuff: Staffing Your Corporate SOC

In my experience, passing a certification exam or getting a degree simply shows that a potential employee is a good test-taker or has the determination to plow through a degree program. Neither substitutes for the wealth of experience SOC analysts need to be good at their jobs. Don’t get me wrong. Certification programs can be an important piece of a cyber-security practitioner’s complete education.

http://www.darkreading.com/operations/careers-and-people/the-right-stuff-staffing-your-corporate-soc/d/d-id/1127873


FortiBalancer SSH Access Security Bypass Vulnerability

A vulnerability has been reported in FortiBalancer, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a configuration error related to SSH access and can be exploited to gain otherwise restricted SSH access. The vulnerability is reported in FortiBalancer 400, 1000, 2000, and 3000.

https://secunia.com/advisories/57673


Sicherheit: Fahnder entdecken Datensatz mit 18 Millionen Mailkonten

Schon wieder ist eine Datei mit Millionen gehackten Mailkonten sichergestellt worden. Alle großen deutschen E-Mail-Provider und mehrere internationale Anbieter sollen betroffen sein. (Spam, Computer)

http://www.golem.de/news/sicherheit-fahnder-entdecken-datensatz-mit-18-millionen-mailkonten-1404-105598-rss.html


Tool Estimates Incident Response Cost for Businesses

A new tool called CyberTab will help businesses estimate the cost of real and potential cyberattacks, and the amount a company could possibly save by investing in preventative measures and technologies.

http://threatpost.com/tool-estimates-incident-response-cost-for-businesses/105224


Bugtraq: [softScheck] Denial of Service in Microsoft Office 2007-2013

softScheck has identified a Denial of Service vulnerability in Microsoft Outlook 2007-2013. A remote attacker can send a plaintext email containing an XML bomb as the message body, causing Outlook to freeze while opening the email. This forces the user to terminate the Outlook process. In the default Outlook configuration, in which email contents are displayed in a reading pane in the main window, the impact is more severe: Outlook will freeze while starting and will not be able to start anymore, since it tries to open and display the email during startup. To resolve the issue, Outlook needs to be started in safe mode and the email needs to be deleted.

http://www.securityfocus.com/archive/1/531722


DFRWS EU 2014 Annual Conference

DFRWS has a long history of being the foremost digital forensics research venue and has decided to hold a sister conference to bring the same opportunities to Europe. The first annual DFRWS EU conference will be held from May 7 to 9, 2014 in Amsterdam, NL.

http://www.dfrws.org/2014eu/


Cisco IOS Software IKE Main Mode Vulnerability

A vulnerability in the Internet Key Exchange (IKE) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to delete established security associations on an affected device. The vulnerability is due to improper handling of rogue IKE Main Mode packets. An attacker could exploit this vulnerability by sending a crafted IKE Main Mode packet to an affected device. An exploit could allow the attacker to cause valid, established IKE security associations on an affected device to drop.

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2143