Tageszusammenfassung - Freitag 9-05-2014

End-of-Shift report

Timeframe: Donnerstag 08-05-2014 18:00 − Freitag 09-05-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

Advance Notification Service for the May 2014 Security Bulletin Release

Today we provide Advance Notification Service (ANS) for the release of eight bulletins, two rated Critical and six rated Important in severity. These updates will address vulnerabilities for .NET Framework, Office, Internet Explorer, and Windows. As we do every month, we've scheduled the security bulletin release for the second Tuesday of the month, May 13, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for deployment guidance and further analysis together with a brief

http://blogs.technet.com/b/msrc/archive/2014/05/08/advance-notification-service-for-the-may-2014-security-bulletin-release.aspx


Prenotification Security Advisory for Adobe Reader and Acrobat

Adobe is planning to release security updates on Tuesday, May 13, 2014 for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh.

https://helpx.adobe.com/security/products/reader/apsb14-15.html


SQL Injection In Insert, Update, And Delete

This is a brief whitepaper that goes over different payloads that can be leveraged in SQL injection attacks.

http://packetstormsecurity.com/files/126527/SQL-Injection-In-Insert-Update-And-Delete.html


SNMP: The next big thing in DDoS Attacks?

It started with DNS: Simple short DNS queries are easily spoofed and the replies can be much larger then the request, leading to an amplification of the attack by orders of magnitude. Next came NTP. Same game, different actors: NTPs "monlist" feature allows for small requests (again: UDP, so trivially spoofed) and large responses. Today, we received a packet capture from a reader showing yet another reflective DDoS mode: SNMP. The "reflector" in this case...

https://isc.sans.edu/diary/SNMP%3A+The+next+big+thing+in+DDoS+Attacks%3F/18089


Heartbleed, IE Zero Days, Firefox vulnerabilities - Whats a System Administrator to do?

With the recent headlines, weve seen heartbleed (which was not exclusive to Linux, but was predominately there), an IE zero day that had folks over-reacting with headlines of "stop using IE", but Firefox and Safari vulnerabilities where not that far back in the news either. So what is "safe"? And as an System Administrator or CSO what should you be doing to protect your organization?

https://isc.sans.edu/diary/Heartbleed%2C+IE+Zero+Days%2C+Firefox+vulnerabilities+-+What%27s+a+System+Administrator+to+do%3F/18101


Exploit Kit Roundup: Best of Obfuscation Techniques

The world of exploit kits is an ever-changing one, if you happen to look away even just for one month, you'll come back to find that most everything has changed around you. Because of this, people like us, who work on a secure web gateway product, are continuously immersed in the world of exploit kits. Every once in a while it's a good idea to stop, take a look around us, and review what's changed. We would like to share some of the more interesting obfuscation techniques

http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/R9KtNDgyouY/exploit-kit-roundup-best-of-obfuscation-techniques.html


Surge in Viknok infections bolsters click fraud campaign

Researchers detected over 16,500 Viknok infections in the first week of May alone.

http://feedproxy.google.com/~r/SCMagazineHome/~3/6mC7Lf47bgY/


Malicious DIY Java applet distribution platforms going mainstream - part two

In a cybercrime ecosystem, dominated by client-side exploits serving Web malware exploitation kits, cybercriminals continue relying on good old fashioned social engineering tricks in an attempt to trick gullible end users into knowingly/unknowingly installing malware. In a series of blog posts, we've been highlighting the existence of DIY (do-it-yourself), social engineering driven, Java drive-by type of Web based platforms, further enhancing the current efficient state of social...

http://feedproxy.google.com/~r/WebrootThreatBlog/~3/6wG1i4Gl5HQ/


Bitly shortens life of users passwords after credential compromise

OAuth tentacles mean its time to change ANOTHER password URL-shortening and online marketing outfit Bit.ly has warned its systems have been accessed by parties unknown and suggested users change their passwords.

http://go.theregister.com/feed/www.theregister.co.uk/2014/05/09/bitly_shortens_life_of_users_passwords_after_credential_compromise/


Weekly Metasploit Update: Disclosing Usernames, More Flash Bugs, and Wireshark Targets

https://community.rapid7.com/community/metasploit/blog/2014/05/08/weekly-metasploit-update


Heartbleed: Noch immer 300.000 Server verwundbar

Vier Wochen nach Auftauchen der Lücke zeigt Untersuchung nur wenig Fortschritte

http://derstandard.at/1399507030882


Cyber Security Challenge sucht österreichische IT-Talente

Bereits zum dritten Mal wird im Rahmen der Cyber Security Challenge Austria nach jungen Hacker-Talenten gesucht. Dieses Jahr gibt es auch einen europaweiten Wettbewerb.

http://futurezone.at/netzpolitik/cyber-security-challenge-sucht-oesterreichische-it-talente/64.493.015


CVE-2014-3214: A Defect in Prefetch Can Cause Recursive Servers to Crash

A defect in the pre-fetch feature (which is enabled by default) can cause BIND 9.10.0 to terminate with a "REQUIRE" assertion failure if it processes queries whose answers have particular attributes. This can be triggered as the result of normal query processing.

https://kb.isc.org/article/AA-01161


QNAP-Photostation V.3.2 XSS

XSS-Lücke in QNAP-Photostation V.3.2 (auf QNAP NAS TS259+ Pro - Firmware 4.0.7 vom 12.04.2014)

http://sdcybercom.wordpress.com/2014/04/25/qnap-cross-site-scripting-nicht-schon-wieder/


Digi International OpenSSL Vulnerability

Digi International has identified five products that are vulnerable to the OpenSSL Heartbleed bug. Digi International has produced downloadable firmware upgrade versions that mitigate this vulnerability.

http://ics-cert.us-cert.gov/advisories/ICSA-14-128-01


IBM Security Bulletins for TADDM

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_security_improvement_tomcat_default_files_and_non_encrypted_administrative_interfaces_available?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_ndash_security_improvement_more_restricted_permission_on_taddm_files_on_unix_like_servers?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_ndash_security_improvement_birt_report_viewer_application_vulnerable_to_directory_traversal_attack?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_ndash_security_improvement_axis_in_taddm_reveal_configuration_information_without_authentication?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_reject_weak_and_medium_ciphers_on_taddm_ports?lang=en_us


Kaspersky Internet Security Null Pointer Dereference in prremote.dll Lets Remote Users Execute Arbitrary Code

http://www.securitytracker.com/id/1030203


Multiple BIG-IP products iControl command execution

http://xforce.iss.net/xforce/xfdb/93015


Security Bulletin: IBM iNotes Cross-Site Scripting Vulnerability (CVE-2014-0913)

IBM iNotes versions 9.0.1 and 8.5.3 Fix Pack 6 contain a cross-site scripting vulnerability. The fixes for these issues were introduced in IBM Domino and IBM iNotes versions 9.0.1 Fix Pack 1 and 8.5.3 Fix Pack 6 Interim Fix 2.

http://www-01.ibm.com/support/docview.wss?uid=swg21671981


HPSBMU03035 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross-Site Scripting (XSS)

A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. This vulnerability could be exploited remotely to allow cross-site scripting (XSS).

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273695


HPSBGN03008 rev.2 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information

The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability.

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04248997


R7-2013-19.2 Disclosure: Yokogawa CENTUM CS 3000 BKESimmgr.exe Buffer Overflow (CVE-2014-0782)

https://community.rapid7.com/community/metasploit/blog/2014/05/09/r7-2013-192-disclosure-yokogawa-centum-cs-3000-vulnerabilities