Tageszusammenfassung - Donnerstag 8-05-2014

End-of-Shift report

Timeframe: Mittwoch 07-05-2014 18:00 − Donnerstag 08-05-2014 18:00 Handler: L. Aaron Kaplan Co-Handler: Stephan Richter

The State of Cryptography in 2014, Part 2: Hardware, Black Swans, and What To Do Now

We continue our look into the state of cryptography in 2014; Part 1 was posted earlier this week. Is Hardware Security Any Better? We closed the first post by asking: is hardware any more trustworthy? One would think that it is - but it's not. Recently, chip vendors have been incorporating cryptography into their CPUs or chipsets. Usually,...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5erAjAwWMmU/


SIRv16: Cybercriminal tactics trend toward deceptive measures

Microsoft's Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110 countries/regions worldwide. The report is designed to help IT and security professionals better protect themselves and their organizations from cyberattacks. Malware data is gathered from the Malicious Software Removal Tool (MSRT), which is used to calculate the infection rate...

http://blogs.technet.com/b/mmpc/archive/2014/05/07/sirv16-cybercriminal-tactics-trend-toward-deceptive-measures.aspx


Case Study: Analyzing the Origins of a DDoS Attack

Recently a client was experiencing a massive layer 7 DDOS attack, generating tens of thousands of random HTTP requests per second to the server. The architecture of the website included a cluster of three web servers responsible for handling all incoming traffic, which did little to alleviate the pressures brought about the attack. An interestingRead More

http://feedproxy.google.com/~r/sucuri/blog/~3/7nrfa2OwFuo/map-of-a-ddos-attack.html


Systemkamera Samsung NX300 öffnet Hackern Tür und Tor

Die Kamera enthält eine ganze Reihe von Sicherheitslücken, inklusive einem weit offen stehenden X-Server und einem reprogrammierbaren NFC-Chip. Angreifer könnten diese nutzen, um Schadcode auf dem Gerät auszuführen.

http://www.heise.de/security/meldung/Systemkamera-Samsung-NX300-oeffnet-Hackern-Tuer-und-Tor-2185191.html


April 2014 virus activity review from Doctor Web

April 30, 2014 April 2014 proved to be quite fruitful in terms of the emergence of new threats. In particular, Doctor Webs security researchers discovered a new multi-purpose backdoor targeting Windows. Also registered were numerous incidents involving adware browser extensions for Mac OS X. In addition, a variety of signatures for Android malware were added to the virus databases.

http://news.drweb.com/show/?i=4376&lng=en&c=9


Volafox Mac OS X Memory Analysis Toolkit

Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:...

http://www.sectechno.com/2014/05/04/volafox-mac-os-x-memory-analysis-toolkit/


Security: Gravierende Lücke in AVG Remote Administration

Nutzer, die das Fernwartungspaket AVG Remote Administration nutzen, sollten dringend einen aktuellen Patch installieren. Bisher war es möglich, dass Angreifer über das Programm Code einschleusen konnten - aber das ist nicht die einzige Lücke, weitere stehen noch offen.

http://www.golem.de/news/security-gravierende-luecke-in-avg-remote-administration-1405-106335-rss.html


[2014-05-08] Multiple critical vulnerabilities in AVG Remote Administration

Attackers are able to completely compromise the AVG Admin server (part of AVG Remote Administration) system as they can gain full access at the application and system level by exploiting remote code execution, authentication bypass, missing entity authentication and insecure encryption vulnerabilities. Attackers can also manage endpoints and possibly deploy attacker-controlled code on endpoints.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140508-0_AVG_Remote_Administration_Multiple_critical_vulnerabilities_v10.txt


Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute arbitrary code on the system of a targeted user.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex


SA-CONTRIB-2014-049 - Organic Groups (OG) - Access Bypass

Advisory ID: DRUPAL-SA-CONTRIB-2014-049Project: Organic groups (third-party module)Version: 7.xDate: 2014-May-07Security risk: Moderately criticalExploitable from: RemoteVulnerability: Access bypassDescriptionOrganic groups (OG) enables users to create and manage their own groups. Each group can have subscribers, and maintains a group home page where subscribers communicate amongst themselves.OG doesnt sufficiently check the permissions when a group member is pending or blocked status within...

https://drupal.org/node/2261245


Ruby on Rails Implicit Render Bug Lets Remote Users Obtain Files From the Target System

http://www.securitytracker.com/id/1030210


HP Security Bulletins

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260505


Vuln: vBulletin Multiple Cross Site Scripting Vulnerabilities

http://www.securityfocus.com/bid/66972


Vuln: SAP Solution Manager Background Processing Security Bypass Vulnerability

http://www.securityfocus.com/bid/67107


Vuln: SAP NetWeaver Portal WD Information Disclosure Vulnerability

http://www.securityfocus.com/bid/67104


Security Advisory-Radius Vulnerability on Some Huawei Devices

On huawei Campus Switch, AR, SRG,WLAN devices, the RADIUS component cannot handle malformed RADIUS packets. This vulnerability allows attackers to repeatedly restart the device, causing a DoS attack (Vulnerability ID: HWPSIRT-2014-0307).

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-334751.htm