Tageszusammenfassung - Freitag 4-04-2014

End-of-Shift report

Timeframe: Donnerstag 03-04-2014 18:00 − Freitag 04-04-2014 18:00 Handler: Robert Waldner Co-Handler: n/a

SMBEXEC Rapid Post Exploitation Tool

Smbexec is a tool that you can use for penetration testing domain controllers, the program allows to run post exploitation for domain accounts and expand the access to targeted network. this makes pentester have a full access without any privilege requirement.

http://www.sectechno.com/2014/03/30/smbexec-rapid-post-exploitation-tool/


IBM Security Bulletin: Fixes available for Cross Site Scripting vulnerabilities in IBM WebSphere Portal (CVE-2014-0828 and CVE-2014-0901)

Fixes are available for Cross Site Scripting vulnerabilities in IBM WebSphere Portal. CVE(s): CVE-2014-0828 and CVE-2014-0901

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_cross_site_scripting_vulnerabilities_in_ibm_websphere_portal_cve_2014_0828_and_cve_2014_0901?lang=en_us


IBM Security Bulletin: WebSphere Partner Gateway Advanced/Enterprise is affected by vulnerabilities that exist in the IBM SDK for Java (CVE-2014-0411)

WebSphere Partner Gateway Advanced/Enterprise uses IBM SDK for Java that is based on Oracle JDK . Oracle has released January 2014 critical patch updates (CPU) which contain security vulnerability fixes. The IBM SDK for Java has been updated to incorporate these fixes. CVE(s): CVE-2014-0411

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_websphere_partner_gateway_advanced_enterprise_is_affected_by_vulnerabilities_that_exist_in_the_ibm_sdk_for_java_cve_2014_0411?lang=en_us


OTRS Help Desk clickjacking

OTRS Help Desk could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks.

http://xforce.iss.net/xforce/xfdb/92233


iOS 7.1 bug enables iCloud account deletion, disabling Find My iPhone, without password

A bug demonstrated by a YouTube user on Wednesday may enable a thief to delete an iCloud account, disable Find My iPhone, and ultimately restore the device, without the need of a password.

http://feedproxy.google.com/~r/SCMagazineHome/~3/kToL7uqo4FE/


Your files held hostage by CryptoDefense? Dont pay up! The decryption key is on your hard drive

Blunder discovered in latest ransomware infecting PCs A basic rookie programming error has crippled an otherwise advanced piece of ransomware dubbed CryptoDefense – but the crap coders are still pulling in more than $30,000 a month from unwary punters.…

http://go.theregister.com/feed/www.theregister.co.uk/2014/04/03/cryptodefense_rsa_private_key_on_disk/


Advance Notification Service for the April 2014 Security Bulletin Release

Today we provide advance notification for the release of four bulletins, two rated Critical and two rated Important in severity. These updates address issues in Microsoft Windows, Office and Internet Explorer. The update provided through MS14-017 fully addresses the Microsoft Word issue first described in Security Advisory 2953095. This advisory also included a Fix it to disable opening rich-text format (RTF) files within Microsoft Word. Once the security update is applied, you should disable

http://blogs.technet.com/b/msrc/archive/2014/04/03/advance-notification-service-for-the-april-2014-security-bulletin-release.aspx


Schneider Electric OPC Factory Server Buffer Overflow

OVERVIEW Researcher Wei Gao, formerly of IXIA, has identified a buffer overflow vulnerability in the Schneider Electric OPC Factory Server (OFS) application. Schneider Electric has produced a patch that mitigates this vulnerability. Wei Gao has tested the patch to validate that it resolves the vulnerability.This vulnerability could be exploited remotely.

http://ics-cert.us-cert.gov/advisories/ICSA-14-093-01


Adware: A new approach

​Here at the Microsoft Malware Protection Center (MMPC) we understand advertising is part of the modern computing experience. However, we want to give our customers choice and control regarding what happens with their computers. To that end we have recently undergone some changes to both the criteria we use to classify a program as adware and how we remediate it when we find it. This blog will help explain the new criteria and how it affects some programs. Our updated objective criteria

http://blogs.technet.com/b/mmpc/archive/2014/04/03/adware-a-new-approach.aspx


Zeus malware found with valid digital certificate

A recently discovered variant of the Zeus banking Trojan was found to use a legitimate digital signature to avoid detection from Web browsers and anti-virus systems.Security vendor Comodo reported Thursday finding the variant 200 times while monitoring and analyzing data from users of its Internet security system. The variant includes the digital signature, a rootkit and a data-stealing malware component."Malware with a valid digital signature is an extremely dangerous situation," the

http://www.csoonline.com/article/2140021/data-protection/zeus-malware-found-with-valid-digital-certificate.html#tk.rss_applicationsecurity


Linux-PAM "pam_timestamp" Module Two Directory Traversal Vulnerabilities

Two vulnerabilities have been reported in Linux-PAM, which can be exploited by malicious people to bypass certain security restrictions.

https://secunia.com/advisories/57317


E-Mail-Konten gehackt: BSI will Millionen betroffene Nutzer informieren

Behörden und Provider wollen die Nutzer über den Hack von E-Mail-Konten informieren. Wie und wann die Aktion starten soll, steht aber noch nicht fest. (Spam, Computer)

http://www.golem.de/news/e-mail-konten-gehackt-bsi-will-millionen-betroffene-nutzer-informieren-1404-105620-rss.html


TLS-Bibliotheken: Fehler finden mit fehlerhaften Zertifikaten

Mit Hilfe von fehlerhaften X.509-Zertifikaten haben Forscher zahlreiche zum Teil sicherheitskritische Bugs in TLS-Bibliotheken gefunden. Erneut wurde dabei eine gravierende Sicherheitslücke in GnuTLS entdeckt. (Browser, Technologie)

http://www.golem.de/news/tls-bibliotheken-fehler-finden-mit-fehlerhaften-zertifikaten-1404-105621-rss.html


Cisco Emergency Responder - Multiple vulnerabilities

Cross-Site Scripting - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2114 Cross-Site Request Forgery - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2115 Open Redirect - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2117 Dynamic Content Modification - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2116

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2114


PHP 5.4.27 released, (Fri, Apr 4th)

A new version of PHP has been released. The announcement comments: "The PHP development team announces the immediate availability of PHP 5.4.27. 6 bugs were fixed in this release, including CVE-2013-7345 in fileinfo module."

http://isc.sans.edu/diary.html?storyid=17901&rss


April 8th: Not Just About XP

April 8th will soon be upon us! And that means…Countdown Clocks…the end of extended support for Windows XP. But not just XP. Office 2003 is also reaching its life.And thats especially important to know because theres currently an Office vulnerability in the wild.Microsoft released its Security Bulletin Advance Notification yesterday: And the good news is: a patch for the Word vulnerability appears to be in the pipeline.

http://www.f-secure.com/weblog/archives/00002690.html


Dealing with Disaster - A Short Malware Incident Response, (Fri, Apr 4th)

I had a client call me recently with a full on service outage - his servers werent reachable, his VOIP phones were giving him more static than voice, and his Exchange server wasnt sending or receiving mail - pretty much everything was offline. I VPNd in (I was not onsite) and started with the firewall, because things were bad enough thats all I could initially get to from a VPN session.

http://isc.sans.edu/diary.html?storyid=17905&rss


Cisco IOS XR Software ICMPv6 Redirect Vulnerability

A vulnerability in Internet Control Message Protocol version 6 (ICMPv6) processing of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to affect IPv4 and IPv6 traffic passing through an affected device.

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2144


Researchers Uncover Interesting Browser-Based Botnet

Security researchers discovered an odd DDoS attack against several sites recently that relied on a persistent cross-site scripting vulnerability in a major video Web site and hijacked users’ browsers in order to flood the site with traffic. The attack on the unnamed site involved the use of injected Javascript on the site which would execute in […]

http://threatpost.com/researchers-uncover-interesting-browser-based-botnet/105250