End-of-Shift report
Timeframe: Dienstag 22-04-2014 18:00 − Mittwoch 23-04-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Wartungsarbeiten Mailing-Listen-Server 24. April 2014
Am Nachmittag des 24. April werden wir Wartungsarbeiten an unserem Mailing-Listen-Server (lists.cert.at) durchführen. Auswirkungen: verzögerte Zustellung von Listen-Mails Administrations-Interface (Subscribe/Unsubscribe etc.) der Mailing-Listen nicht verfügbar Mailing-Listen-Archive nicht verfügbar. Wir werden uns bemühen, die Ausfälle so kurz wie möglich zu halten, können jedoch keine genaue...
http://www.cert.at/services/blog/20140423085410-1134.html
DBIR: Poor Patching, Weak Credentials Open Door to Data Breaches
Weak or default credentials, poor configurations and a lack of patching are common denominators in most data breaches, according to the 2014 Verizon Data Breach Investigations Report.
http://threatpost.com/dbir-poor-patching-weak-credentials-open-door-to-data-breaches/105619
Millions Feedly users vulnerable to Javascript Injection attack
A security researcher discovered a serious Javascript Injection vulnerability in the popular Feedly Android App impacting Millions Users.
http://securityaffairs.co/wordpress/24209/hacking/feedly-javascript-vulnerable.html
Apple stopft Sicherheitslücken in iOS, OS X und WLAN-Basisstationen
Die Updates sollen kritische Schwachstellen in Apples Betriebssystemen beseitigen - darunter eine weitere Lücke, die das Ausspähen von SSL-Verbindungen erlaubt. Für die AirPort-Stationen steht ein Heartbleed-Fix bereit.
http://www.heise.de/security/meldung/Apple-stopft-Sicherheitsluecken-in-iOS-OS-X-und-WLAN-Basisstationen-2174670.html
Operation Francophoned: The Persistence and Evolution of a Dual-Pronged Social Engineering Attack
Operation Francophoned, first uncovered by Symantec in May 2013, involved organizations receiving direct phone calls and spear phishing emails impersonating a known telecommunication provider in France, all in an effort to install malware and steal information and ultimately money from targets.
http://www.symantec.com/connect/blogs/operation-francophoned-persistence-and-evolution-dual-pronged-social-engineering-attack
Blog: An SMS Trojan with global ambitions
Recently, we’ve seen SMS Trojans starting to appear in more and more countries. One prominent example is Trojan-SMS.AndroidOS.Stealer.a: this Trojan came top in Kaspersky Lab's recent mobile malware ТОР 20. It can currently send short messages to premium-rate numbers in 14 countries around the world.
http://www.securelist.com/en/blog/8209/An_SMS_Trojan_with_global_ambitions
ISC stellt Entwicklung an seinem BIND10-DNS-Server ein
Das Unternehmen hat die letzte von ihm entwickelte Version veröffentlicht und zieht sich aus der weiteren Entwicklung zurück. Dabei sollte BIND10 ursprünglich BIND9 ablösen, das seinerzeit Hochleistungs-Server nur unzureichend ausschöpfen konnte.
http://www.heise.de/newsticker/meldung/ISC-stellt-Entwicklung-an-seinem-BIND10-DNS-Server-ein-2175058.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
Nine patterns make up 92 percent of security incidents
Verizon security researchers have found that 92 percent of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry.
http://www.net-security.org/secworld.php?id=16725
Dissecting the unpredictable DDoS landscape
DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage, according to Neustar.
http://www.net-security.org/secworld.php?id=16726
-- Alex Stanford - GIAC GWEB, Research Operations Manager, SANS Internet Storm Center (c) SANS Internet Storm Center.
http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://isc.sans.edu/diary.html?storyid=18013&rss
Apple splats new SSL snooping bug in iOS, OS X - but its no Heartbleed
Triple-handshake flaw stalks Macs and iThings Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs.
http://go.theregister.com/feed/www.theregister.co.uk/2014/04/23/apple_ssl_update/
Joomla Plugin Constructor Backdoor
We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joomla plugin. It was so well organized that at first we didn't realize there was a backdoor even though we knew something was wrong. That's how the code of...
http://blog.sucuri.net/2014/04/joomla-plugin-constructor-backdoor.html
Citrix Security Advisory for CVE-2014-0160, aka the Heartbleed vulnerability
A vulnerability has been recently disclosed in OpenSSL that could result in remote attackers being able to obtain sensitive data from the process address space of a vulnerable OpenSS...
http://support.citrix.com/article/CTX140605
IBM PSIRT - OpenSSL Heartbleed (CVE-2014-0160)
We will continue to update this blog to include information about products. The following is a list of products affected by the Heartbleed vulnerability. Please follow the links below to view the security bulletins for the affected products.
https://www-304.ibm.com/connections/blogs/PSIRT/entry/openssl_heartbleed_cve_2014_0160?lang=en_us
Information on Norton products and the Heartbleed vulnerability
This article answers many of the questions that are currently being asked about the Heartbleed bug and the role that Norton products play in defending against this attack.
https://support.norton.com/sp/en/us/home/current/solutions/v98431836_EndUserProfile_en_us
OpenSSL Security Vulnerability - aka. "Heartbleed Bug" - CVE-2014-0160 - Security Incident Response for D-Link Devices and Services
D-Link is investigating all devices and systems that utilize the OpenSSL software library to determine if our devices and customers are affected by this security vulnerability. You will find current status below and can contact us at
security at dlink.com about specific questions.
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10022
Heartbleed Vulnerability in Various Products
http://tomcat.apache.org/native-doc/news/2014.html
http://tomcat.apache.org/native-doc/miscellaneous/changelog.html http://www.fortiguard.com/advisory/FG-IR-14-011/ http://www.sybase.com/detail?id=1099387
https://secunia.com/advisories/58188 (Symantec Multiple Products)
https://secunia.com/advisories/58148 (Xerox WorkCentre 3315/3325)
VU#350089: IBM Notes and Domino on x86 Linux specify an executable stack
Vulnerability Note VU#350089 IBM Notes and Domino on x86 Linux specify an executable stack Original Release date: 22 Apr 2014 | Last revised: 22 Apr 2014 Overview IBM Notes and Domino on x86 Linux are incorrectly built requesting an executable stack. This can make it easier for attackers to exploit vulnerabilities in Notes, Domino, and any of the child processes that they may spawn. Description The build environment for the x86 Linux versions of IBM Notes and Domino incorrectly specified the...
http://www.kb.cert.org/vuls/id/350089
Cisco ASA SIP Inspection Memory Leak Vulnerability
A vulnerability in the Session Initiation Protocol (SIP) inspection engine code could allow an unauthenticated, remote attacker to cause a slow memory leak, which may cause instability on the affected system.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2154
AirPort Extreme and AirPort Time Capsule OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1030132
Apple OS X Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1030133
Sixnet Sixview 2.4.1 Directory Traversal
Topic: Sixnet Sixview 2.4.1 Directory Traversal Risk: Medium Text:#Exploit Title: Sixnet sixview web console directory traversal #Date: 2014-04-21 #Exploit Author: daniel svartman #Vendor Ho...
http://cxsecurity.com/issue/WLB-2014040150
Parallels Plesk Panel 12.x Key Disclosure
Topic: Parallels Plesk Panel 12.x Key Disclosure Risk: High Text:While auditing the source code for Parallels Plesk Panel 12.x on Linux I noticed the following feature that leads to leakage o...
http://cxsecurity.com/issue/WLB-2014040151
[2014-04-23] Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances
An unauthenticated remote attacker can exploit the identified Path Traversal vulnerability in order to retrieve arbitrary files from the affected WD Arkeia Network Backup appliances and execute system commands.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140423-0_WD_Arkeia_Path_Traversal_v10.txt
Security Advisory-Improper Input Validation Vulnerability on Multiple Quidway Switch Products
Once exploited, the vulnerability might cause a excessive resource (e.g. memory) consumption of the vulnerable system and even cause the system to restart in serious cases.
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-333184.htm
HP Security Bulletins
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04261644
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260385
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260637
Security Advisories Relating to Symantec Products - Symantec Messaging Gateway Management Console Reflected XSS
Symantec's Messaging Gateway management console is susceptible to a reflected cross-site scripting (XSS) issue found in one of the administrative interface pages. Successful exploitation could result in potential session hijacking or unauthorized actions directed against the console with the privileges of the targeted user's browser.
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140422_00
Security Bulletin: IBM Sterling Order Management is affected by Cross Site Scripting (XSS) Vulnerability (CVE-2014-0932)
IBM Sterling Order Management is vulnerable to a cross-site scripting attack which could lead to unauthorized access through the injected scripts.
http://www-01.ibm.com/support/docview.wss?uid=swg21670912
Django Security Issue and Multiple Vulnerabilities
A security issue and multiple vulnerabilities have been reported in Django, which can be exploited by malicious people to potentially disclose certain sensitive information, manipulate certain data, and compromise a vulnerable system.
https://secunia.com/advisories/58201
Hitachi Multiple Cosminexus / uCosminexus Products Java Multiple Vulnerabilities
https://secunia.com/advisories/58197
Hitachi Multiple Cosminexus / uCosminexus Products SSL/TLS Initialization Vector Selection Weakness
https://secunia.com/advisories/58240