End-of-Shift report
Timeframe: Mittwoch 07-05-2014 18:00 − Donnerstag 08-05-2014 18:00
Handler: L. Aaron Kaplan
Co-Handler: Stephan Richter
The State of Cryptography in 2014, Part 2: Hardware, Black Swans, and What To Do Now
We continue our look into the state of cryptography in 2014; Part 1 was posted earlier this week. Is Hardware Security Any Better? We closed the first post by asking: is hardware any more trustworthy? One would think that it is - but it's not. Recently, chip vendors have been incorporating cryptography into their CPUs or chipsets. Usually,...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5erAjAwWMmU/
SIRv16: Cybercriminal tactics trend toward deceptive measures
Microsoft's Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110 countries/regions worldwide. The report is designed to help IT and security professionals better protect themselves and their organizations from cyberattacks. Malware data is gathered from the Malicious Software Removal Tool (MSRT), which is used to calculate the infection rate...
http://blogs.technet.com/b/mmpc/archive/2014/05/07/sirv16-cybercriminal-tactics-trend-toward-deceptive-measures.aspx
Case Study: Analyzing the Origins of a DDoS Attack
Recently a client was experiencing a massive layer 7 DDOS attack, generating tens of thousands of random HTTP requests per second to the server. The architecture of the website included a cluster of three web servers responsible for handling all incoming traffic, which did little to alleviate the pressures brought about the attack. An interestingRead More
http://feedproxy.google.com/~r/sucuri/blog/~3/7nrfa2OwFuo/map-of-a-ddos-attack.html
Systemkamera Samsung NX300 öffnet Hackern Tür und Tor
Die Kamera enthält eine ganze Reihe von Sicherheitslücken, inklusive einem weit offen stehenden X-Server und einem reprogrammierbaren NFC-Chip. Angreifer könnten diese nutzen, um Schadcode auf dem Gerät auszuführen.
http://www.heise.de/security/meldung/Systemkamera-Samsung-NX300-oeffnet-Hackern-Tuer-und-Tor-2185191.html
April 2014 virus activity review from Doctor Web
April 30, 2014 April 2014 proved to be quite fruitful in terms of the emergence of new threats. In particular, Doctor Webs security researchers discovered a new multi-purpose backdoor targeting Windows. Also registered were numerous incidents involving adware browser extensions for Mac OS X. In addition, a variety of signatures for Android malware were added to the virus databases.
http://news.drweb.com/show/?i=4376&lng=en&c=9
Volafox Mac OS X Memory Analysis Toolkit
Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:...
http://www.sectechno.com/2014/05/04/volafox-mac-os-x-memory-analysis-toolkit/
Security: Gravierende Lücke in AVG Remote Administration
Nutzer, die das Fernwartungspaket AVG Remote Administration nutzen, sollten dringend einen aktuellen Patch installieren. Bisher war es möglich, dass Angreifer über das Programm Code einschleusen konnten - aber das ist nicht die einzige Lücke, weitere stehen noch offen.
http://www.golem.de/news/security-gravierende-luecke-in-avg-remote-administration-1405-106335-rss.html
[2014-05-08] Multiple critical vulnerabilities in AVG Remote Administration
Attackers are able to completely compromise the AVG Admin server (part of AVG Remote Administration) system as they can gain full access at the application and system level by exploiting remote code execution, authentication bypass, missing entity authentication and insecure encryption vulnerabilities. Attackers can also manage endpoints and possibly deploy attacker-controlled code on endpoints.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140508-0_AVG_Remote_Administration_Multiple_critical_vulnerabilities_v10.txt
Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute arbitrary code on the system of a targeted user.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex
SA-CONTRIB-2014-049 - Organic Groups (OG) - Access Bypass
Advisory ID: DRUPAL-SA-CONTRIB-2014-049Project: Organic groups (third-party module)Version: 7.xDate: 2014-May-07Security risk: Moderately criticalExploitable from: RemoteVulnerability: Access bypassDescriptionOrganic groups (OG) enables users to create and manage their own groups. Each group can have subscribers, and maintains a group home page where subscribers communicate amongst themselves.OG doesnt sufficiently check the permissions when a group member is pending or blocked status within...
https://drupal.org/node/2261245
Ruby on Rails Implicit Render Bug Lets Remote Users Obtain Files From the Target System
http://www.securitytracker.com/id/1030210
HP Security Bulletins
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260505
Vuln: vBulletin Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/66972
Vuln: SAP Solution Manager Background Processing Security Bypass Vulnerability
http://www.securityfocus.com/bid/67107
Vuln: SAP NetWeaver Portal WD Information Disclosure Vulnerability
http://www.securityfocus.com/bid/67104
Security Advisory-Radius Vulnerability on Some Huawei Devices
On huawei Campus Switch, AR, SRG,WLAN devices, the RADIUS component cannot handle malformed RADIUS packets. This vulnerability allows attackers to repeatedly restart the device, causing a DoS attack (Vulnerability ID: HWPSIRT-2014-0307).
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-334751.htm