Tageszusammenfassung - Montag 7-07-2014

End-of-Shift report

Timeframe: Freitag 04-07-2014 18:00 − Montag 07-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

Self-signing custom Android ROMs

The security model on the Google Nexus devices is pretty straightforward. The OS is (nominally) secure and prevents anything from accessing the raw MTD devices. The bootloader will only allow the user to write to partitions if its unlocked. The recovery image will only permit you to install images that are signed with a trusted key. In combination, these facts mean that its impossible for an attacker to modify the OS image without unlocking the bootloader[1], and unlocking the bootloader wipes

http://mjg59.dreamwidth.org/31765.html


Java Support ends for Windows XP, (Sat, Jul 5th)

Oracle is no longer supporting Java for Windows XP and will only support Windows Vista or later. Java 8 is not supported for Windows XP and users will be unable to install on their systems. Oracle warns "Users may still continue to use Java 7 updates on Windows XP at their own risk" [1] [1] https://www.java.com/en/download/faq/winxp.xml [2] http://www.oracle.com/us/support/library/057419.pdfhttps://www.java.com/en/download/faq/winxp.xml Guy Bruneau IPSS Inc. gbruneau at

https://isc.sans.edu/diary.html?storyid=18345&rss


Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager

Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily to make the whole process very easy, there is a growing market out there for password managers and lockers with extra layers of security. But, if you are using the mobile version of most popular password manager from Password management company

http://feedproxy.google.com/~r/TheHackersNews/~3/Ajpf8i6yTao/critical-vulnerability-and-privacy.html


Zwei Patches schließen SQL-Injection-Lücken in Ruby on Rails

Zwei recht ähnliche Lücken erlaubten SQL-Injections auf Websites, die auf Ruby on Rails 2.0.0 bis 3.1.18 sowie auf 4.x aufsetzen. In mehreren Anläufen haben die Rails-Entwickler die Lücken nun geschlossen.

http://www.heise.de/newsticker/meldung/Zwei-Patches-schliessen-SQL-Injection-Luecken-in-Ruby-on-Rails-2250189.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


Malware Analysis with pedump, (Sat, Jul 5th)

Are you looking for a tool to analyze Windows Portable Executable (PE) files? Consider using pedump a ruby win32 PE binary file analyzer. It currently support DOS MZ EXE, win16 NE and win32/64 PE. There are several ways to install the ruby package; however, the simplest way is to execute "gem install pedump" from a Linux workstation. You can also download the file here or use the pedump website to upload your file for analysis. This example shows the output from the pedump website.

https://isc.sans.edu/diary.html?storyid=18347&rss


Industrial Control System Firms In Dragonfly Attack Identified

chicksdaddy (814965) writes Two of the three industrial control system (ICS) software companies that were victims of the so-called "Dragonfly" malware have been identified. ... Dale Peterson of the firm Digitalbond identified the vendors as MB Connect Line, a German maker of industrial routers and remote access appliances and eWon, a Belgian firm that makes virtual private network (VPN) software that is used to access industrial control devices like programmable logic controllers.

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Jr0QiFtg7lc/story01.htm


Coinbase wallet app in SSL/TLS SNAFU

The popular Bitcoin wallet Coinbase has a security flaw in its Android apps which could allow an attacker to steal authentication codes and access users accounts, according to a security researcher. Coinbase is far from alone in leaving its wallet app users vulnerable, so what should you do to stay safe when using mobile banking apps?

http://feedproxy.google.com/~r/nakedsecurity/~3/GsgGIYu7TA0/


The Rise of Thin, Mini and Insert Skimmers

Like most electronic gadgets these days, ATM skimmers are getting smaller and thinner, with extended battery life. Heres a look at several miniaturized fraud devices that were pulled from compromised cash machines at various ATMs in Europe so far this year.

http://feedproxy.google.com/~r/KrebsOnSecurity/~3/8s5hQ323oMY/


Fridge hacked. Car hacked. Next up, your LIGHT BULBS

So shall you languish in darkness - or under disco-style strobes - FOREVER Those convinced that the emerging Internet of Things (IoT) will become a hackers playground were given more grist for their mill with news on Friday that security researchers have discovered a weakness in Wi-Fi/mesh networked lightbulbs.

http://go.theregister.com/feed/www.theregister.co.uk/2014/07/07/wifi_enabled_led_light_bulb_is_hackable_shocker/


Anwälte: Falsche Filesharing-Abmahnung verbreitet massenhaft Malware

Zwei bekannte Anwälte warnen vor gefälschten Abmahnungen wegen illegalen Musikdownloads. An den massenhaft verschickten E-Mails hängt eine Zip-Datei mit Schadcode.

http://www.golem.de/news/anwaelte-falsche-filesharing-abmahnung-verbreitet-massenhaft-malware-1407-107705-rss.html


IBM Security Bulletin: Multiple vulnerabilities exist in IMS Enterprise Suite SOAP Gateway (CVE-2014-0453, CVE-2013-4286, CVE-2013-4322)

The IMS Enterprise Suite SOAP Gateway is affected by multiple vulnerabilities in IBM SDK, Java Technology Edition (April Update) and Apache Tomcat. CVE(s): CVE-2014-0453, CVE-2013-4286 and CVE-2013-4322 Affected product(s) and affected version(s): CVE ID: CVE-2014-0453 The SOAP Gateway component of the IMS Enterprise Suite versions 2.1, 2.2, 3.1. CVE ID: CVE-2013-4286 CVE ID: CVE-2013-4322 The SOAP Gateway component of the IMS Enterprise Suite versions 2.2, 3.1.

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_exist_in_ims_enterprise_suite_soap_gateway_cve_2014_0453_cve_2013_4286_cve_2013_4322?lang=en_us


OpenSSL vulnerabilities in IBM Products

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_openssl_vulnerability_in_ibm_flex_system_v7000_cve_2014_0224?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_security_bulletin_ibm_sterling_connect_direct_for_unix_is_affected_by_the_following_openssl_vulnerabilities_cve_2014_0224?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_sdk_for_node_js_is_affected_by_the_following_openssl_vulnerabilities_cve_2014_0224_cve_2014_0221_cve_2014_0195_cve_2014_0198_cve_2010_5298_cve_2014_3470?lang=en_us


RealPlayer MP4 Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code

http://www.securitytracker.com/id/1030524


[webapps] - Netgear WNR1000v3 - Password Recovery Credential Disclosure Vulnerability

http://www.exploit-db.com/exploits/33984


VU#960193: AVG Secure Search ActiveX control provides insecure methods

Vulnerability Note VU#960193 AVG Secure Search ActiveX control provides insecure methods Original Release date: 07 Jul 2014 | Last revised: 07 Jul 2014 Overview The AVG Secure Search toolbar includes an ActiveX control that provides a number of unsafe methods, which may allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user. Description AVG Secure Search is a toolbar add-on for web browsers that "... provides an additional security layer while

http://www.kb.cert.org/vuls/id/960193


Bugtraq: CVE-2014-3863 - Stored XSS in JChatSocial

http://www.securityfocus.com/archive/1/532662


WordPress Theme My Login for WordPress file include

http://xforce.iss.net/xforce/xfdb/94160