End-of-Shift report
Timeframe: Donnerstag 08-05-2014 18:00 − Freitag 09-05-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Advance Notification Service for the May 2014 Security Bulletin Release
Today we provide Advance Notification Service (ANS) for the release of eight bulletins, two rated Critical and six rated Important in severity. These updates will address vulnerabilities for .NET Framework, Office, Internet Explorer, and Windows. As we do every month, we've scheduled the security bulletin release for the second Tuesday of the month, May 13, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for deployment guidance and further analysis together with a brief
http://blogs.technet.com/b/msrc/archive/2014/05/08/advance-notification-service-for-the-may-2014-security-bulletin-release.aspx
Prenotification Security Advisory for Adobe Reader and Acrobat
Adobe is planning to release security updates on Tuesday, May 13, 2014 for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh.
https://helpx.adobe.com/security/products/reader/apsb14-15.html
SQL Injection In Insert, Update, And Delete
This is a brief whitepaper that goes over different payloads that can be leveraged in SQL injection attacks.
http://packetstormsecurity.com/files/126527/SQL-Injection-In-Insert-Update-And-Delete.html
SNMP: The next big thing in DDoS Attacks?
It started with DNS: Simple short DNS queries are easily spoofed and the replies can be much larger then the request, leading to an amplification of the attack by orders of magnitude. Next came NTP. Same game, different actors: NTPs "monlist" feature allows for small requests (again: UDP, so trivially spoofed) and large responses. Today, we received a packet capture from a reader showing yet another reflective DDoS mode: SNMP. The "reflector" in this case...
https://isc.sans.edu/diary/SNMP%3A+The+next+big+thing+in+DDoS+Attacks%3F/18089
Heartbleed, IE Zero Days, Firefox vulnerabilities - Whats a System Administrator to do?
With the recent headlines, weve seen heartbleed (which was not exclusive to Linux, but was predominately there), an IE zero day that had folks over-reacting with headlines of "stop using IE", but Firefox and Safari vulnerabilities where not that far back in the news either. So what is "safe"? And as an System Administrator or CSO what should you be doing to protect your organization?
https://isc.sans.edu/diary/Heartbleed%2C+IE+Zero+Days%2C+Firefox+vulnerabilities+-+What%27s+a+System+Administrator+to+do%3F/18101
Exploit Kit Roundup: Best of Obfuscation Techniques
The world of exploit kits is an ever-changing one, if you happen to look away even just for one month, you'll come back to find that most everything has changed around you. Because of this, people like us, who work on a secure web gateway product, are continuously immersed in the world of exploit kits. Every once in a while it's a good idea to stop, take a look around us, and review what's changed. We would like to share some of the more interesting obfuscation techniques
http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/R9KtNDgyouY/exploit-kit-roundup-best-of-obfuscation-techniques.html
Surge in Viknok infections bolsters click fraud campaign
Researchers detected over 16,500 Viknok infections in the first week of May alone.
http://feedproxy.google.com/~r/SCMagazineHome/~3/6mC7Lf47bgY/
Malicious DIY Java applet distribution platforms going mainstream - part two
In a cybercrime ecosystem, dominated by client-side exploits serving Web malware exploitation kits, cybercriminals continue relying on good old fashioned social engineering tricks in an attempt to trick gullible end users into knowingly/unknowingly installing malware. In a series of blog posts, we've been highlighting the existence of DIY (do-it-yourself), social engineering driven, Java drive-by type of Web based platforms, further enhancing the current efficient state of social...
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/6wG1i4Gl5HQ/
Bitly shortens life of users passwords after credential compromise
OAuth tentacles mean its time to change ANOTHER password URL-shortening and online marketing outfit Bit.ly has warned its systems have been accessed by parties unknown and suggested users change their passwords.
http://go.theregister.com/feed/www.theregister.co.uk/2014/05/09/bitly_shortens_life_of_users_passwords_after_credential_compromise/
Weekly Metasploit Update: Disclosing Usernames, More Flash Bugs, and Wireshark Targets
https://community.rapid7.com/community/metasploit/blog/2014/05/08/weekly-metasploit-update
Heartbleed: Noch immer 300.000 Server verwundbar
Vier Wochen nach Auftauchen der Lücke zeigt Untersuchung nur wenig Fortschritte
http://derstandard.at/1399507030882
Cyber Security Challenge sucht österreichische IT-Talente
Bereits zum dritten Mal wird im Rahmen der Cyber Security Challenge Austria nach jungen Hacker-Talenten gesucht. Dieses Jahr gibt es auch einen europaweiten Wettbewerb.
http://futurezone.at/netzpolitik/cyber-security-challenge-sucht-oesterreichische-it-talente/64.493.015
CVE-2014-3214: A Defect in Prefetch Can Cause Recursive Servers to Crash
A defect in the pre-fetch feature (which is enabled by default) can cause BIND 9.10.0 to terminate with a "REQUIRE" assertion failure if it processes queries whose answers have particular attributes. This can be triggered as the result of normal query processing.
https://kb.isc.org/article/AA-01161
QNAP-Photostation V.3.2 XSS
XSS-Lücke in QNAP-Photostation V.3.2 (auf QNAP NAS TS259+ Pro - Firmware 4.0.7 vom 12.04.2014)
http://sdcybercom.wordpress.com/2014/04/25/qnap-cross-site-scripting-nicht-schon-wieder/
Digi International OpenSSL Vulnerability
Digi International has identified five products that are vulnerable to the OpenSSL Heartbleed bug. Digi International has produced downloadable firmware upgrade versions that mitigate this vulnerability.
http://ics-cert.us-cert.gov/advisories/ICSA-14-128-01
IBM Security Bulletins for TADDM
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_security_improvement_tomcat_default_files_and_non_encrypted_administrative_interfaces_available?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_ndash_security_improvement_more_restricted_permission_on_taddm_files_on_unix_like_servers?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_ndash_security_improvement_birt_report_viewer_application_vulnerable_to_directory_traversal_attack?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_ndash_security_improvement_axis_in_taddm_reveal_configuration_information_without_authentication?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_taddm_reject_weak_and_medium_ciphers_on_taddm_ports?lang=en_us
Kaspersky Internet Security Null Pointer Dereference in prremote.dll Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030203
Multiple BIG-IP products iControl command execution
http://xforce.iss.net/xforce/xfdb/93015
Security Bulletin: IBM iNotes Cross-Site Scripting Vulnerability (CVE-2014-0913)
IBM iNotes versions 9.0.1 and 8.5.3 Fix Pack 6 contain a cross-site scripting vulnerability. The fixes for these issues were introduced in IBM Domino and IBM iNotes versions 9.0.1 Fix Pack 1 and 8.5.3 Fix Pack 6 Interim Fix 2.
http://www-01.ibm.com/support/docview.wss?uid=swg21671981
HPSBMU03035 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross-Site Scripting (XSS)
A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. This vulnerability could be exploited remotely to allow cross-site scripting (XSS).
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273695
HPSBGN03008 rev.2 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04248997
R7-2013-19.2 Disclosure: Yokogawa CENTUM CS 3000 BKESimmgr.exe Buffer Overflow (CVE-2014-0782)
https://community.rapid7.com/community/metasploit/blog/2014/05/09/r7-2013-192-disclosure-yokogawa-centum-cs-3000-vulnerabilities