Tageszusammenfassung - Freitag 13-06-2014

End-of-Shift report

Timeframe: Donnerstag 12-06-2014 18:00 − Freitag 13-06-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

Microsoft zieht die "Secure Boot"-Bremse

Mit einem Update für Windows 8, Server 2012, 8.1 und Server 2012 R2 installiert Microsoft neue Schlüssel-Datenbanken, die den Start einiger UEFI-Module blockieren.

http://www.heise.de/security/meldung/Microsoft-zieht-die-Secure-Boot-Bremse-2221023.html


Setting HoneyTraps with ModSecurity: Adding Fake Hidden Form Fields

This blog post continues with the topic of setting "HoneyTraps" within your web applications to catch attackers. Please review the previous posts for more examples: Project Honeypot Integration Unused Web Ports Adding Fake robots.txt Entries Adding Fake HTML Comments This blog post will discuss Recipe 3-4: Adding Fake Hidden Form Fields from my book "Web Application Defenders Cookbook: Battling Hackers and Protecting Users". Recipe 3-4: Adding Fake Hidden Form Fields

http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/btSzvx21q3s/setting-honeytraps-with-modsecurity-adding-fake-hidden-form-fields.html


Hacker claims PayPal loophole generates FREE MONEY

Convicted hacker comes good with fraudster flowchart A PayPal loophole can be exploited to earn free cash according to a convicted former NASA hacker turned white hat.

http://go.theregister.com/feed/www.theregister.co.uk/2014/06/13/hacker_claims_paypal_loophole_generates_free_money/


You have no SQL inj--... sorry, NoSQL injections in your application

Everyone knows about SQL injections. They are classic, first widely publicized by Rain Forest Puppy, and still widely prevalent today (hint: don't interpolate query string params with SQL). But who cares? SQL injections are so ten years ago. I want to talk about a vulnerability I hadn't run into before that I recently had a lot of fun exploiting. It was a NoSQL injection.

https://community.rapid7.com/community/metasploit/blog/2014/06/12/you-have-no-sql-inj--sorry-nosql-injections-in-your-application


Banking malware using Windows to block anti-malware apps

BKDR_VAWTRAK is using Software Restriction Policies to restrict security software.

http://feeds.arstechnica.com/~r/arstechnica/security/~3/s0xxmloC9XA/


Mergers and Acquisitions: When Two Companies and APT Groups Come Together

With Apple's purchase of Beats, Pfizer's failed bids for AstraZeneca, and financial experts pointing to a rally in the M&A market, the last month was a busy one for mergers and acquisitions. Of course, when we first see headlines of...

http://www.fireeye.com/blog/technical/targeted-attack/2014/06/mergers-and-acquisitions-when-two-companies-and-apt-groups-come-together.html


Microsofts Juni-Patches können Office-2013-Installation zerstören

Die Office-2013-Patches vom 11. Juni bereiten mitunter größere Probleme und können dazu führen, sich die Office-Programme nicht mehr starten lassen.

http://www.heise.de/newsticker/meldung/Microsofts-Juni-Patches-koennen-Office-2013-Installation-zerstoeren-2221524.html


How iOS 8 Will Affect the Security of iPhones and iPads

Apple's mobile OS has been enhanced, but is it more secure?

http://www.symantec.com/connect/blogs/how-ios-8-will-affect-security-iphones-and-ipads


Stratfor-Hack: Geheimer Bericht stellt gravierende Sicherheitslücken fest

Eine Untersuchung nach dem Einbruch auf die Stratfor-Server durch die Gruppe Antisec hat ergeben: Das Unternehmen hat wichtigste Sicherheitsmaßnahmen nicht beachtet.

http://www.golem.de/news/stratfor-hack-geheimer-bericht-stellt-gravierende-sicherheitsluecken-fest-1406-107188-rss.html


CloudFlare offers free DDoS protection to public interest websites

A project launched by CloudFlare, a provider of website performance and security services, allows organizations engaged in news gathering, civil society and political or artistic speech to use the companys distributed denial-of-service (DDoS) protection technology for free.The goal of the project, dubbed Galileo, is to protect freedom of expression on the Web by helping sites with public interest information from being censored through online attacks, according to the San Francisco-based

http://www.csoonline.com/article/2363382/cloudflare-offers-free-ddos-protection-to-public-interest-websites.html#tk.rss_applicationsecurity


ISC Patches Critical DoS Vulnerability in BIND

A critical, remotely exploitable bug in some BIND domain name system (DNS) servers could cause a denial of service situation and trigger them to crash.

http://threatpost.com/isc-patches-critical-dos-vulnerability-in-bind/106653


CVE-2014-3859: BIND named can crash due to a defect in EDNS printing processing

A specially crafted query sent to a BIND nameserver can cause it to crash with a REQUIRE assertion error.

https://kb.isc.org/article/AA-01166/74/CVE-2014-3859:-BIND-named-can-crash-due-to-a-defect-in-EDNS-printing-processing.html


IBM Security Bulletin: IBM Algo One - cryptographic key information discovery (CVE-2014-0076)

Under certain circumstances, a local attacker could discover cryptographic key information from IBM Algo One. CVE(s): CVE-2014-0076 Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21675765

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_algo_one_cryptographic_key_information_discovery_cve_2014_0076?lang=en_us


Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL CVE(s): CVE-2010-5298 Affected product(s) and affected version(s): AIX 5.3, 6.1 and 7.1 VIOS 2.X Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory8.asc X-Force Database: http://xforce.iss.net/xforce/xfdb/92632

https://www-304.ibm.com/connections/blogs/PSIRT/entry/race_condition_in_the_ssl3_read_bytes_function_in_s3_pkt_c_in_openssl?lang=en_us


IBM Security Advisory for AIX

AIX OpenSSL SSL/TLS Man In The Middle (MITM) vulnerability AIX OpenSSL DTLS recursion flaw AIX OpenSSL DTLS invalid fragment vulnerability AIX OpenSSL SSL_MODE_RELEASE_BUFFERS NULL pointer dereference AIX OpenSSL Anonymous ECDH denial of service

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc


Cisco Autonomic Networking Infrastructure Overwrite Vulnerability

CVE-2014-3290

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3290


DSA-2958 apt

security update

http://www.debian.org/security/2014/dsa-2958


DSA-2957 mediawiki

security update

http://www.debian.org/security/2014/dsa-2957


VMSA-2014-0006.1

VMware product updates address OpenSSL security vulnerabilities

http://www.vmware.com/security/advisories/VMSA-2014-0006.html


Yealink VoIP Phones XSS / CRLF Injection

Topic: Yealink VoIP Phones XSS / CRLF Injection Risk: Low Text:I. ADVISORY CVE-2014-3427 CRLF Injection in Yealink VoIP Phones CVE-2014-3428 XSS vulnerabilities in Yealink VoIP Phones ...

http://cxsecurity.com/issue/WLB-2014060079


SSA-963338 (Last Update 2014-06-13): Multiple Buffer Overflows in UPnP Interface of OZW and OZS Products

https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf


Bugtraq: AST-2014-005: Remote Crash in PJSIP Channel Drivers Publish/Subscribe Framework

http://www.securityfocus.com/archive/1/532414


Bugtraq: AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections

http://www.securityfocus.com/archive/1/532415


HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access

Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access.

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04336637