End-of-Shift report
Timeframe: Freitag 06-06-2014 18:00 − Dienstag 10-06-2014 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Microsoft preps seven fixes, two critical, for Patch Tuesday release
The critical patches will remediate remote code execute (RCE) bugs in Windows, IE, Office and Microsoft Lync.
http://www.scmagazine.com/microsoft-preps-seven-fixes-two-critical-for-patch-tuesday-release/article/351559/
Microsoft will Uralt-Lücke bei Internet Explorer ausmerzen
Sieben Update-Pakete für kommenden Patchday angekündigt - Support für XP fraglich
http://derstandard.at/2000001862657
Security updates available for Adobe Flash Player (APSB14-16)
Adobe has released security updates for Adobe Flash Player 13.0.0.214 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.359 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:...
https://helpx.adobe.com/security/products/flash-player/apsb14-16.html
Microsoft Fixing Windows 8 Flaws, But Leaving Them In Windows 7
mask.of.sanity sends this news from El Reg: "Microsoft has left Windows 7 exposed by only applying security upgrades to its newest operating systems. Researchers found the gaps after they scanned 900 Windows libraries using a custom diffing tool and uncovered a variety of security functions that were updated in Windows 8 but not in 7. They said the shortcoming could lead to the discovery of zero day vulnerabilities. The missing safe functions were part of Microsofts dedicated libraries...
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Rz2E0q7KOps/story01.htm
Coordinated malware eradication nears launch
Good news: the coordinated malware eradication preparations are almost done. We have held several roundtable meetings at industry events around the world, and the last two are scheduled for June and July. We had insightful conversations with a diverse group of experts from across the antimalware industry. The ideas have converged into a shared vision of how we'll work together to put pressure on the malware ecosystem. I am excited for the first coordinated eradication campaigns to...
http://blogs.technet.com/b/mmpc/archive/2014/06/04/coordinated-malware-eradication-nears-launch.aspx
Routersicherheit: Fritzbox sucht automatisch nach Firmware-Updates
AVM hat eine Konsequenz aus der schweren Sicherheitslücke seiner Router gezogen. Eine Laborversion ermöglicht nun ein automatisches Update der Firmware.
http://www.golem.de/news/routersicherheit-fritzbox-sucht-automatisch-nach-firmware-updates-1406-107040-rss.html
Backstage with the Gameover Botnet Hijackers
When youre planning to rob the Russian cyber mob, youd better be sure that you have the element of surprise, that you can make a clean getaway, and that you understand how your target is going to respond. Todays column features an interview with two security experts who helped plan and execute this weeks global, collaborative effort to hijack the Gameover Zeus botnet, an extremely resilient and sophisticated crime machine that helped an elite group of thieves steal more than $100 million from
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/QUb7mFxjXlc/
Extracting the payload from a CVE-2014-1761 RTF document
Background In March Microsoft published security advisory 2953095, detailing a remote code execution vulnerability in multiple versions of Microsoft Office (CVE-2014-1761). A Technet blog was released at the same time which contained excellent information on how a typical malicious document would be constructed. NCC Group's Cyber Defence Operations team used the information in the Technet blog to identify a malicious document within our malware zoo that exploited this vulnerability which...
https://www.nccgroup.com/en/blog/2014/06/extracting-the-payload-from-a-cve-2014-1761-rtf-document/
Weve Set Up a One-Click Test For GameOver ZeuS
Today weve published a new, quick way to check if your computer is infected by GameOver ZeuS (GOZ). Last week the GOZ botnet was disrupted by international law enforcement together with industry partners, including ourselves.It is of critical importance to realize GOZ was disrupted - not dismantled. Its not technically impossible for the botnet administrators to reclaim control in the near future. More than one million computers are infected by GOZ, time is of the essence.To assist with...
http://www.f-secure.com/weblog/archives/00002712.html
Cyber-Kriminalität kostet laut Studie weltweit über 400 Mrd. Dollar
In Österreich beträgt der Schaden 0,41 Prozent des Bruttoinlandsproduktes
http://derstandard.at/2000001878950
"Red Button" Attack Could Compromise Some Smart TVs
A vulnerability in an emerging interactive television standard could open up number of smart TVs to untraceable drive-by attacks.
http://threatpost.com/red-button-attack-could-compromise-some-smart-tvs/106547
Chrome OS leaks data to Google before switching on a VPN, says GCHQ
UK spy-base wing in new advice for BlackBerry, and Google OSes The sexy-named Communications Electronics Security Group (CESG) - the bit of GCHQ that helps Brits protect secrets from foreign spies (never mind GCHQ) - has issued new advice for securing BlackBerry OS 10, Android and Chrome OS 32.
http://go.theregister.com/feed/www.theregister.co.uk/2014/06/10/security_guidance_for_blackberry_1021_android_44_and_chrome_os/
Zeus Alternative "Pandemiya" Emerges in Cybercrime Underground
Pandemiya has all the capabilities that are typical among banking Trojans, such as injecting fake elements into websites, capturing screenshots of the users computer screen, and encrypting its communications with the control panel. What sets Pandemiya apart from all other banking Trojans is the fact that it has been written from scratch without sharing any source code with Zeus, Fleyder said.
https://www.securityweek.com/zeus-alternative-pandemiya-emerges-cybercrime-underground
iOS Malware Does Exist
Before somebody asks me (again) whether there are any iOS malware or not, I decided to consolidate the information for you.
https://blog.fortinet.com/iOS-malware-do-exist/
Cisco Wireless LAN Controller Cisco Discovery Protocol Denial of Service Vulnerability
CVE-2014-3291
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3291
Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)
Severity: High Overview The OpenSSL security advisory released on the 5 th of June 2014 disclosed six security vulnerabilities in this open source component; these are described below:
http://support.citrix.com/article/CTX140876
SAP Hard-Coded Credentials
Topic: SAP Hard-Coded Credentials Risk: Medium Text: Onapsis Security Advisories:Multiple Hard-coded Usernames (CWE-798) have been found and patched in a variety of SAP componen...
http://cxsecurity.com/issue/WLB-2014060046
MediaWiki Input Validation Flaw in Special:PasswordReset Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1030364
VU#758382: Unauthorized modification of UEFI variables in UEFI systems
Vulnerability Note VU#758382 Unauthorized modification of UEFI variables in UEFI systems Original Release date: 09 Jun 2014 | Last revised: 09 Jun 2014 Overview Certain firmware implementations may not correctly protect and validate information contained in certain UEFI variables. Exploitation of such vulnerabilities could potentially lead to bypass of security features and/or denial of service for the platform. Description According to Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam...
http://www.kb.cert.org/vuls/id/758382
Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability
CVE-2014-3287
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287
WebEx Meeting Server Sensitive Information Disclosure Vulnerability
CVE-2014-3294
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3294
Vuln: Cisco Wireless LAN Controller CVE-2014-3291 Denial of Service Vulnerability
Cisco Wireless LAN Controller CVE-2014-3291 Denial of Service Vulnerability
http://www.securityfocus.com/bid/67926
IBM Security Bulletin: Denial of Service attack possible on Cúram instances using Apache Commons FileUpload (CVE-2014-0050)
A version of Apache Commons FileUpload shipped with Cúram is vulnerable to a denial of service attack. CVE(s): CVE-2014-0050 Affected product(s) and affected version(s): Cúram Social Program Management All products are affected when running code releases 4.5 SP10, 5.0, 5.2, 5.2 SP1, 5.2 SP4, 5.2 SP4 DE, 5.2 SP5, 5.2 SP6, 6.0 SP2, 6.0.3.0, 6.0.4.0, 6.0.4.3, 6.0.4.4, 6.0.4.5, 6.0.5.2, 6.0.5.3, 6.0.5.4. Refer to the following reference URLs for remediation and additional...
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_denial_of_service_attack_possible_on_c%25C3%25BAram_instances_using_apache_commons_fileupload_cve_2014_0050?lang=en_us
WebTitan: Multiple critical vulnerabilities
product: WebTitan vulnerable version: 4.01 (Build 68) fixed version: 4.04 impact: critical ... 1) SQL Injection 2) Remote command execution 3) Path traversal 4) Unprotected Access
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt