End-of-Shift report
Timeframe: Mittwoch 11-06-2014 18:00 − Donnerstag 12-06-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Weekly Metasploit Update: Meterpreter Madness
https://community.rapid7.com/community/metasploit/blog/2014/06/11/weekly-metasploit-update
MSRT June 2014 - Necurs
This month we added Win32/Necurs to the Microsoft Malicious Software Removal Tool (MSRT). In a previous blog about Necurs I outlined the familys prevalence and the techniques it uses to execute its payload. In this blog, I will discuss the Necurs rootkit components Trojan:WinNT/Necurs.A and Trojan:Win64/Necurs.A in greater depth. These Necurs rootkit components are sophisticated drivers that try to block security products during every stage of Windows startup. It's important to note that...
http://blogs.technet.com/b/mmpc/archive/2014/06/10/msrt-june-2014-necurs.aspx
Gmail Bug Could Have Exposed Every User's Address
Security tester Oren Hafif says that he found and helped fix a bug in Googles Gmail service that could have been used to extract millions of Gmail addresses, if not all of them, in a matter of days or weeks.
http://feeds.wired.com/c/35185/f/661467/s/3b66e7a5/sc/4/l/0L0Swired0N0C20A140C0A60Cgmail0Ebug0Ecould0Ehave0Eexposed0Eevery0Eusers0Eaddress0C/story01.htm
Small businesses running cloud-based POS software hit with unique POSCLOUD malware
Researchers with IntelCrawler have identified a unique type of malware, known as POSCLOUD, which targets cloud-based point-of-sale software.
http://feedproxy.google.com/~r/SCMagazineHome/~3/PLQgnJ1-_Mc/
Yahoo Toolbar triggers XSS in Google, other popular services, researcher finds
A researcher discovered that Yahoo Toolbar triggers XSS in highly popular services, which could enable an attacker to hijack accounts.
http://feedproxy.google.com/~r/SCMagazineHome/~3/rM026xMWg8U/
Feedly and Evernote Hit by DDoS Attacks, Extortion Demands
Yesterday, the most popular RSS reader Feedly was down as a result of a large scale distributed-denial-of service (DDoS) attack carried by the cybercriminals to extort money. On Wednesday, the Feedly was temporarily unavailable for its users. Feedly posted details of the attack at 5:00 AM ET on its blog saying that they were under a Distributed Denial of Service (DDoS) attack and
http://feedproxy.google.com/~r/TheHackersNews/~3/9ZGb8CUzJwg/feedly-and-evernote-hit-by-ddos-attacks.html
RSS-Dienst: Feedly ist wieder erreichbar
Nach einem Ausfall von knapp 24 Stunden ist der RSS-Dienst Feedly wieder nutzbar. Kriminelle führten eine DDos-Attacke gegen die Feedly-Server durch und forderten eine Geldzahlung, um den Angriff zu beenden.
http://www.golem.de/news/rss-dienst-feedly-ist-wieder-erreichbar-1406-107135-rss.html
Feedly wieder unter DDoS-Beschuss
Die Cyber-Erpresser, die den Newsreader-Dienst Feedly am MIttwoch lahm gelegt haben, geben offenbar nicht auf. Erneut ist der Dienst nicht erreichbar.
http://www.heise.de/security/meldung/Feedly-wieder-unter-DDoS-Beschuss-2220992.html
TweetDeck mit Herzfehler
Durch einen Bug hat der Twitter-Client in Tweets eingebettete JavaScript-Code ausgeführt, wenn daran ein Unicode-Herz angehängt wurde.
http://www.heise.de/security/meldung/TweetDeck-mit-Herzfehler-2220478.html
The Computer Security Threat From Ultrasonic Networks
KentuckyFC (1144503) writes Security researchers in Germany have demonstrated an entirely new way to attack computer networks and steal information without anybody knowing. The new medium of attack is ultrasonic sound. It relies on software that uses the built-in speakers on a laptop to broadcast at ultrasonic frequencies while nearby laptops listen out for the transmissions and pass them on, a set up known as a mesh network. The team has tested this kind of attack on a set of Lenovo T400...
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/1R8EpiBl880/story01.htm
VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable
While the group of vulnerabilities that the OpenSSL Project patched last week hasn't grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products. Vendors are still making their way through the patching process, and VMware has released an advisory confirming that a long list of...
http://threatpost.com/vmware-patches-esxi-against-openssl-flaw-but-many-other-products-still-vulnerable/106605
Project Un1c0rn Wants to Be the Google for Lazy Security Flaws
Following broad security scares like that caused by the Heartbleed bug, it can be frustratingly difficult to find out if a site you use often still has gaping flaws. But a little known community of software developers is trying to change that, by creating a searchable, public index of websites with known security issues.
http://motherboard.vice.com/en_ca/read/is-this-website-vulnerable-to-hackers-project-un1c0rn-has-the-answer
Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
cisco-sa-20140611-ipv6
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140611-ipv6
JSA10628 - 2014-06 Security Bulletin: Junos Pulse Secure Access Service (SSL VPN) and Junos Pulse Access Control Service (UAC): Weak SSL cipher allowed unexpectedly when higher level cipher group is configured (CVE-2014-3812)
http://kb.juniper.net/index/content&id=JSA10628&actp=RSS
JSA10631 - 2014-06 Security Bulletin: NetScreen Firewall: DNS lookup issue may cause denial of service (CVE-2014-3813)
http://kb.juniper.net/index/content&id=JSA10631&actp=RSS
JSA10632 - 2014-06 Security Bulletin: NetScreen Firewall: Malformed IPv6 packet DoS issue (CVE-2014-3814)
http://kb.juniper.net/index/content&id=JSA10632&actp=RSS
JSA10630 - 2014-06 Security Bulletin: Junos WebApp Secure: Local user privilege escalation issue (CVE-2013-2094)
http://kb.juniper.net/index/content&id=JSA10630&actp=RSS
SA-CONTRIB-2014-060- Petitions - Cross Site Request Forgery (CSRF)
Advisory ID: DRUPAL-SA-CONTRIB-2014-060Project: - Petitions - (third-party distribution)Version: 7.xDate: 2014-June-11Security risk: Less criticalExploitable from: RemoteVulnerability: Cross Site Request ForgeryDescriptionThis distribution enables you to build an application that lets users create and sign petitions.The contained wh_petitions module doesnt sufficiently verify the intent of the user when signing a petition. A malicious user could trick another user into signing a petition they...
https://drupal.org/node/2284571
SA-CONTRIB-2014-059 - Touch Theme - Cross Site Scripting (XSS)
Advisory ID: DRUPAL-SA-CONTRIB-2014-059Project: Touch (third-party module)Version: 7.xDate: 2014-June-11Security risk: Moderately criticalExploitable from: RemoteVulnerability: Cross Site ScriptingDescriptionTouch Theme is a light weight theme with modern look and feel.The theme does not sufficiently sanitize theme settings input for Twitter and Facebook username. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer themes".CVE...
https://drupal.org/node/2284415
Cisco IOS XR ASR 9000 IPv6 Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030400
DSA-2956 icinga
security update
http://www.debian.org/security/2014/dsa-2956
DSA-2955 iceweasel
security update
http://www.debian.org/security/2014/dsa-2955
Netscape Portable Runtime API Buffer Overflow May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030404