End-of-Shift report
Timeframe: Mittwoch 21-05-2014 18:00 − Donnerstag 22-05-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
145 Millionen Kunden von eBay-Hack betroffen
Unbekannte haben einen grossen Teil der Kundendatenbank der Online-Handelsplattform kopiert. Während der Druck auf eBay steigt, gibt es erste Hinweise, dass die gestohlenen Daten schon missbraucht werden.
http://www.heise.de/security/meldung/145-Millionen-Kunden-von-eBay-Hack-betroffen-2195974.html
Multiple Vulnerabilities in Cisco NX-OS-Based Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos
SA-CONTRIB-2014-057 - Password policy - General logic error
Advisory ID: DRUPAL-SA-CONTRIB-2014-057, Project: Password policy (third-party module), Version: 7, Security risk: Moderately critical; This module enables you to define password policies with various constraints on allowable user passwords. The history constraint, when enabled, disallows a users password from being changed to match a specified number of their ..
https://drupal.org/node/2271839
SA-CONTRIB-2014-055 - Require Login - Access bypass
Advisory ID: DRUPAL-SA-CONTRIB-2014-055, Project: Require Login (third-party module), Version: 7, Security risk: Moderately critical; This module enables you to restrict access to a site for all non-authenticated users.The module does not protect the front page, thereby exposing any sensitive information on the front page to anonymous users.This vulnerability is mitigated by the fact that private/sensitive information ..
https://drupal.org/node/2271837
SA-CONTRIB-2014-056 - Commerce Moneris - Information Disclosure
Advisory ID: DRUPAL-SA-CONTRIB-2014-056, Project: Commerce Moneris (third-party module), Version: 7, Security risk: Critical; Commerce Moneris is a payment module that integrates the Moneris payment system with Drupal Commerce.The module stores credit card data in a commerce order object unnecessarily for the purpose of passing the credit card information to the payment gateway. The credit card information is ..
https://drupal.org/node/2271823
SA-CONTRIB-2014-054 - Views - Access Bypass
Advisory ID: DRUPAL-SA-CONTRIB-2014-054, Project: Views (third-party module), Version: 7, Security risk: Moderately critical; The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented.The module doesnt sufficiently check handler access when returning the list of handlers ..
https://drupal.org/node/2271809
IBM Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Portal
IBM WebSphere Application Server is shipped as a component of IBM WebSphere Portal. Information about a security vulnerabilities affecting IBM WebSphere Application Server has been published in security bulletins. CVE(s): CVE-2014-0963 Affected product(s) ..
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_security_vulnerabilities_have_been_identified_in_ibm_websphere_application_server_shipped_with_ibm_websphere_portal?lang=en_us
A peek inside a newly launched all-in-one E-shop for cybercrime-friendly services
Cybercriminals continue diversifying their portfolios of standardized fraudulent services, in an attempt to efficiently monetize their malicious 'know-how', further contributing to the growth of the cybercrime ecosystem. In a series of blog posts highlighting the emergence of the boutique cybercrime-friendly E-shops, we've been emphasizing on the over-supply of compromised/stolen accounting data, efficiently aggregated ..
http://www.webroot.com/blog/2014/05/21/peek-inside-newly-launched-one-e-shop-cybercrime-friendly-services/
Redmond wont fix IE 8 zero day, says harden up instead
Phishers get fresh code execution bait Microsoft has decided not to fix an IE 8 zero-day first identified seven months ago, instead telling users to harden up their browsers.
http://go.theregister.com/feed/www.theregister.co.uk/2014/05/22/ie_8_zero_day_dumped_after_7_months_redmond_says_harden_up/
Hacker wollen Apples iOS-Aktivierungssperre geknackt haben
Eine Team aus den Niederlanden und Marokko behauptet, die in iCloud integrierte Funktion ausgehebelt zu haben, mit der Apple die Nutzung geklauter iPhones und iPads verhindern will - angeblich per Man-in-the-Middle-Angriff. Bislang fehlen viele Details.
http://www.heise.de/security/meldung/Hacker-wollen-Apples-iOS-Aktivierungssperre-geknackt-haben-2195353.html
Multiple Vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Overall Severity: Medium
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
XML Schema, DTD, and Entity Attacks - A Compendium of Known Techniques
The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. ... When used incorrectly, certain aspects of these document definition and validation features can lead to security vulnerabilities in applications that use XML. This document attempts to provide an up to date reference on these attacks, enumerating all publicly known techniques applicable to the most popular XML parsers in use while exploring a few novel attacks as well.
http://packetstorm.interhost.co.il/papers/general/XMLDTDEntityAttacks.pdf