End-of-Shift report
Timeframe: Donnerstag 12-06-2014 18:00 − Freitag 13-06-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Microsoft zieht die "Secure Boot"-Bremse
Mit einem Update für Windows 8, Server 2012, 8.1 und Server 2012 R2 installiert Microsoft neue Schlüssel-Datenbanken, die den Start einiger UEFI-Module blockieren.
http://www.heise.de/security/meldung/Microsoft-zieht-die-Secure-Boot-Bremse-2221023.html
Setting HoneyTraps with ModSecurity: Adding Fake Hidden Form Fields
This blog post continues with the topic of setting "HoneyTraps" within your web applications to catch attackers. Please review the previous posts for more examples: Project Honeypot Integration Unused Web Ports Adding Fake robots.txt Entries Adding Fake HTML Comments This blog post will discuss Recipe 3-4: Adding Fake Hidden Form Fields from my book "Web Application Defenders Cookbook: Battling Hackers and Protecting Users". Recipe 3-4: Adding Fake Hidden Form Fields
http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/btSzvx21q3s/setting-honeytraps-with-modsecurity-adding-fake-hidden-form-fields.html
Hacker claims PayPal loophole generates FREE MONEY
Convicted hacker comes good with fraudster flowchart A PayPal loophole can be exploited to earn free cash according to a convicted former NASA hacker turned white hat.
http://go.theregister.com/feed/www.theregister.co.uk/2014/06/13/hacker_claims_paypal_loophole_generates_free_money/
You have no SQL inj--... sorry, NoSQL injections in your application
Everyone knows about SQL injections. They are classic, first widely publicized by Rain Forest Puppy, and still widely prevalent today (hint: don't interpolate query string params with SQL).
But who cares? SQL injections are so ten years ago. I want to talk about a vulnerability I hadn't run into before that I recently had a lot of fun exploiting. It was a NoSQL injection.
https://community.rapid7.com/community/metasploit/blog/2014/06/12/you-have-no-sql-inj--sorry-nosql-injections-in-your-application
Banking malware using Windows to block anti-malware apps
BKDR_VAWTRAK is using Software Restriction Policies to restrict security software.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/s0xxmloC9XA/
Mergers and Acquisitions: When Two Companies and APT Groups Come Together
With Apple's purchase of Beats, Pfizer's failed bids for AstraZeneca, and financial experts pointing to a rally in the M&A market, the last month was a busy one for mergers and acquisitions. Of course, when we first see headlines of...
http://www.fireeye.com/blog/technical/targeted-attack/2014/06/mergers-and-acquisitions-when-two-companies-and-apt-groups-come-together.html
Microsofts Juni-Patches können Office-2013-Installation zerstören
Die Office-2013-Patches vom 11. Juni bereiten mitunter größere Probleme und können dazu führen, sich die Office-Programme nicht mehr starten lassen.
http://www.heise.de/newsticker/meldung/Microsofts-Juni-Patches-koennen-Office-2013-Installation-zerstoeren-2221524.html
How iOS 8 Will Affect the Security of iPhones and iPads
Apple's mobile OS has been enhanced, but is it more secure?
http://www.symantec.com/connect/blogs/how-ios-8-will-affect-security-iphones-and-ipads
Stratfor-Hack: Geheimer Bericht stellt gravierende Sicherheitslücken fest
Eine Untersuchung nach dem Einbruch auf die Stratfor-Server durch die Gruppe Antisec hat ergeben: Das Unternehmen hat wichtigste Sicherheitsmaßnahmen nicht beachtet.
http://www.golem.de/news/stratfor-hack-geheimer-bericht-stellt-gravierende-sicherheitsluecken-fest-1406-107188-rss.html
CloudFlare offers free DDoS protection to public interest websites
A project launched by CloudFlare, a provider of website performance and security services, allows organizations engaged in news gathering, civil society and political or artistic speech to use the companys distributed denial-of-service (DDoS) protection technology for free.The goal of the project, dubbed Galileo, is to protect freedom of expression on the Web by helping sites with public interest information from being censored through online attacks, according to the San Francisco-based
http://www.csoonline.com/article/2363382/cloudflare-offers-free-ddos-protection-to-public-interest-websites.html#tk.rss_applicationsecurity
ISC Patches Critical DoS Vulnerability in BIND
A critical, remotely exploitable bug in some BIND domain name system (DNS) servers could cause a denial of service situation and trigger them to crash.
http://threatpost.com/isc-patches-critical-dos-vulnerability-in-bind/106653
CVE-2014-3859: BIND named can crash due to a defect in EDNS printing processing
A specially crafted query sent to a BIND nameserver can cause it to crash with a REQUIRE assertion error.
https://kb.isc.org/article/AA-01166/74/CVE-2014-3859:-BIND-named-can-crash-due-to-a-defect-in-EDNS-printing-processing.html
IBM Security Bulletin: IBM Algo One - cryptographic key information discovery (CVE-2014-0076)
Under certain circumstances, a local attacker could discover cryptographic key information from IBM Algo One. CVE(s): CVE-2014-0076 Source Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21675765
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_algo_one_cryptographic_key_information_discovery_cve_2014_0076?lang=en_us
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL CVE(s): CVE-2010-5298 Affected product(s) and affected version(s): AIX 5.3, 6.1 and 7.1 VIOS 2.X Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory8.asc X-Force Database:
http://xforce.iss.net/xforce/xfdb/92632
https://www-304.ibm.com/connections/blogs/PSIRT/entry/race_condition_in_the_ssl3_read_bytes_function_in_s3_pkt_c_in_openssl?lang=en_us
IBM Security Advisory for AIX
AIX OpenSSL SSL/TLS Man In The Middle (MITM) vulnerability AIX OpenSSL DTLS recursion flaw AIX OpenSSL DTLS invalid fragment vulnerability AIX OpenSSL SSL_MODE_RELEASE_BUFFERS NULL pointer dereference AIX OpenSSL Anonymous ECDH denial of service
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
Cisco Autonomic Networking Infrastructure Overwrite Vulnerability
CVE-2014-3290
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3290
DSA-2958 apt
security update
http://www.debian.org/security/2014/dsa-2958
DSA-2957 mediawiki
security update
http://www.debian.org/security/2014/dsa-2957
VMSA-2014-0006.1
VMware product updates address OpenSSL security vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
Yealink VoIP Phones XSS / CRLF Injection
Topic: Yealink VoIP Phones XSS / CRLF Injection Risk: Low Text:I. ADVISORY CVE-2014-3427 CRLF Injection in Yealink VoIP Phones CVE-2014-3428 XSS vulnerabilities in Yealink VoIP Phones ...
http://cxsecurity.com/issue/WLB-2014060079
SSA-963338 (Last Update 2014-06-13): Multiple Buffer Overflows in UPnP Interface of OZW and OZS Products
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf
Bugtraq: AST-2014-005: Remote Crash in PJSIP Channel Drivers Publish/Subscribe Framework
http://www.securityfocus.com/archive/1/532414
Bugtraq: AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections
http://www.securityfocus.com/archive/1/532415
HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04336637