Tageszusammenfassung - Dienstag 1-07-2014

End-of-Shift report

Timeframe: Montag 30-06-2014 18:00 − Dienstag 01-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a

Microsoft Darkens 4MM Sites in Malware Fight

Millions of Web sites were shuttered Monday morning after Microsoft executed a legal sneak attack against a malware network thought to be responsible for more than 7.4 million infections of Windows PCs worldwide.

http://krebsonsecurity.com/2014/07/microsoft-darkens-4mm-sites-in-malware-fight/


Apple Releases Security Updates for OS X, Safari, iOS devices, and Apple TV

Apple has released security updates for Mac OS X, Safari, iOS devices, and Apple TV to address multiple vulnerabilities, some of which could allow attackers to execute arbitrary code with system privileges or cause an unexpected application termination.

https://www.us-cert.gov/ncas/current-activity/2014/07/01/Apple-Releases-Security-Updates-OS-X-Safari-iOS-devices-and-Apple


[2014-06-30] Multiple vulnerabilities in IBM Algorithmics RICOS

Abusing multiple vulnerabilities within IBM Algorithmics RICOS, an attacker can take over foreign user accounts and bypass authorization mechanisms.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt


JBoss Seam org.jboss.seam.web.AuthenticationFilter code execution

http://xforce.iss.net/xforce/xfdb/94090


ICS Focused Malware

http://ics-cert.us-cert.gov//advisories/ICSA-14-178-01


CERT-Bund: Trojaner-Opfer ändern Passwörter, PCs bleiben infiziert

Die Auswertung von zehntausenden kompromittierten Mail-Zugangsdaten zeigt, dass ein beträchtlicher Teil der Opfer zwar sein Passwort ändert, allerdings schnell erneut zum Opfer wird - möglicherweise, weil der Rechner nicht desinfiziert wurde.

http://www.heise.de/security/meldung/CERT-Bund-Trojaner-Opfer-aendern-Passwoerter-PCs-bleiben-infiziert-2243405.html


[2014-07-01] Stored cross site scripting in EMC Documentum eRoom

Due to improper input validation, EMC Documentum eRoom suffers from multiple stored cross-site scripting vulnerabilities, which allow an attacker to steal other users sessions, to impersonate other users and to gain unauthorized access to documents hosted in eRooms.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140701-0_EMC_Documentum_eRoom_Stored_XSS_v10.txt


Apple testet Zwei-Faktor-Authentifizierung auf iCloud.com

Künftig sollen auch auf Apples Cloud-Portal Zugangsdaten besser abgesichert werden. Gestern war die Funktion kurzzeitig freigegeben.

http://www.heise.de/security/meldung/Apple-testet-Zwei-Faktor-Authentifizierung-auf-iCloud-com-2243841.html


Verwirrung um Microsofts Sicherheits-Newsletter

Wer Windows-Rechner administriert, weiss den Security-Notifications-Newsletter von Microsoft zu schätzen. Letzte Woche kündigte das Unternehmen an, diesen einzustellen - um die Entscheidung kurz darauf zu revidieren.

http://www.heise.de/security/meldung/Verwirrung-um-Microsofts-Sicherheits-Newsletter-2243456.html


Cyberspying Campaign Comes With Sabotage Option

New research from Symantec spots US and Western European energy interests in the bulls eye, but the campaign could encompass more than just utilities.

http://www.darkreading.com/vulnerabilitiesthreats/advanced-threats/cyberspying-campaign-comes-with-sabotage-option/d/d-id/1278990


Geodo: New Cridex Version Combines Data Stealer and Email Worm

Recent efforts by our Research Lab has revealed new activity related to Cridex. As you may recall, Cridex is a data stealer also referred to as Feodo, and Bugat. The new Cridex version we are seeing now, aka Geodo, combines a self-spreading infection method - effectively turning each bot in the botnet ..

http://www.seculert.com/blog/2014/07/geodo-new-cridex-version-combines-data-stealer-and-email-worm.html


Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)

Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to upload any file remotely to the vulnerable website (i.e., no authentication is required). This is a serious vulnerability, The MailPoet plugin (wysija-newsletters) ..

http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html


IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) Potential IPMI credentials Exposure

http://xforce.iss.net/xforce/xfdb/90880