End-of-Shift report
Timeframe: Dienstag 15-04-2014 18:00 − Mittwoch 16-04-2014 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
Phishing-Mail: BSI warnt vor BSI-Warnung
Die regelmäßigen Warnungen des BSI vor gehackten Online-Konten haben offenbar Kriminelle zu einer Phishing-Attacke animiert. Von "verdachtigen Aktivitäten" und "anwaltlichen Schritten" ist darin die Rede. (Phishing, Internet)
http://www.golem.de/news/phishing-mail-bsi-warnt-vor-bsi-warnung-1404-105891-rss.html
RSA BSAFE Micro Edition Suite security bypass
RSA BSAFE Micro Edition Suite (MES) could allow a remote attacker to bypass security restrictions, caused by an error within the certificate chain processing logic. An attacker could exploit this vulnerability to create an improperly authenticated SSL connection.
http://xforce.iss.net/xforce/xfdb/92408
Chef Multiple Vulnerabilities
Chef Software has acknowledged multiple security issues and vulnerabilities in Chef, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, bypass certain security restrictions, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
https://secunia.com/advisories/57836
WordPress Twitget Plugin Cross-Site Request Forgery Vulnerability
dxwsecurity has reported a vulnerability in the Twitget plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change plugin configuration settings when a logged-in administrative user visits a specially crafted web page.
https://secunia.com/advisories/57892
Critical Patch Update - April 2014
Security vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below. The product area of the patches for the listed versions is shown in the Patch Availability column corresponding to the specified Products and Versions column.
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Innominate mGuard OpenSSL HeartBleed Vulnerability
OVERVIEW Researcher Bob Radvanovsky of Infracritical has notified NCCIC/ICS-CERT that Innominate has released a new firmware version that mitigates the OpenSSL HeartBleed vulnerability in the mGuard products.This vulnerability could be exploited remotely. Exploits that target the OpenSSL Heartbleed vulnerability are known to be publicly available.AFFECTED PRODUCTSThe following Innominate mGuard versions are affected:
http://ics-cert.us-cert.gov/advisories/ICSA-14-105-02
Siemens Industrial Products OpenSSL HeartBleed Vulnerability
OVERVIEWSiemens reported to NCCIC/ICS-CERT a list of products affected by the OpenSSL vulnerability (known as 'Heartbleed'). Joel Langill of Infrastructure Defense Security Services reported to ICS-CERT and Siemens the OpenSSL vulnerability affecting the S7-1500.Siemens has produced an update and Security Advisory (SSA-635659) that mitigates this vulnerability in eLAN and is currently working on updates for the other affected products.
http://ics-cert.us-cert.gov/advisories/ICSA-14-105-03
Looking for malicious traffic in electrical SCADA networks - part 1, (Tue, Apr 15th)
When infosec guys are performing intrusion detection, they usually look for attacks like portscans, buffer overflows and specific exploit signature. For example, remember OpenSSL heartbleed vulnerability?
http://isc.sans.edu/diary.html?storyid=17967&rss
New Feature: Monitoring Certification Revocation Lists https://isc.sans.edu/crls.html, (Wed, Apr 16th)
Certificate Revocation Lists (“CRLs”) are used to track revoked certificates. Your browser will download these lists to verify if a certificate presented by a web site has been revoked. The graph above shows how many certificates were revoked each day by the different CRLs we are tracking.
http://isc.sans.edu/diary.html?storyid=17969&rss
Adobe Flash ExternalInterface Use-After-Free
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash.
The vulnerability is caused by a use-after-free error when interacting with the "ExternalInterface" class from the browser, which could be exploited to achieve code execution via a malicious web page.
http://cxsecurity.com/issue/WLB-2014040102
Netgear N600 Password Disclosure / Account Reset
While i was lurking around the Netgear firmware today i came across various tweaking and others i was able to find a password disclosure,File uploading vulnerably which could compromise the entire router.as of now no patch from the
vendor.
http://cxsecurity.com/issue/WLB-2014040101
Apache Syncope 1.0.8 / 1.1.6 Code Execution
In the various places in which Apache Commons JEXL expressions are allowed (derived schema definition, user / role templates, account links
of resource mappings) a malicious administrator can inject Java code that can be executed remotely by the JEE container running the Apache
Syncope core.
http://cxsecurity.com/issue/WLB-2014040106
Bugtraq: CVE-2014-2735 - WinSCP: missing X.509 validation
A user can not recognize an easy to perform man-in-the-middle attack, because the client does not validate the "Common Name" of the servers X.509 certificate. In networking environment that is not trustworthy, like a wifi network, using FTP AUTH TLS with WinSCP the servers identity can not be trusted.
http://www.securityfocus.com/archive/1/531847
Qemu: out of bounds buffer access, guest triggerable via IDE SMART
An out of bounds memory access flaw was found in Qemu's IDE device model. It leads to Qemu's memory corruption via buffer overwrite(4 bytes). It occurs while executing IDE SMART commands.
A guest's user could use this flaw to corrupt Qemu process's memory on the host.
http://seclists.org/oss-sec/2014/q2/116
Hintergrund: Warum wir Forward Secrecy brauchen
Der SSL-GAU zeigt nachdrücklich, dass Forward Secrecy kein exotisches Feature für Paranoiker ist. Es ist vielmehr das einzige, was uns noch vor einer vollständigen Komplettüberwachung aller Kommunikation durch die Geheimdienste schützt.
http://www.heise.de/security/artikel/Warum-wir-Forward-Secrecy-brauchen-2171858.html