Tageszusammenfassung - Dienstag 8-07-2014

End-of-Shift report

Timeframe: Montag 07-07-2014 18:00 − Dienstag 08-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

Multi Platform *Coin Miner Attacking Routers on Port 32764, (Mon, Jul 7th)

Thanks to reader Gary for sending us in a sample of a *Coin miner that he found attacking Port 32764. Port 32764 was recently found to offer yet another backdoor on Sercomm equipped devices. We covered this backdoor before [1] The bot itself appears to be a variant of the "zollard" worm sean before by Symantec [2]. Symantecs writeup describes the worm as attacking a php-cgi vulnerability, not the Sercomm backdoor. But this worm has been seen using various exploits. Here some quick,...

https://isc.sans.edu/diary.html?storyid=18353&rss

When Adware Goes Bad: The Installbrain and Sefnit Connection

"Monetize On Non-buyers" is the bold motto of InstallBrain-adware that turns out to have been developed by an Israeli company called iBario Ltd. This motto clearly summarizes the potential risks adware companies can introduce to users, especially when they install stuff on...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nRXcb4Udr5o/

IEEE expands malware initiatives

Clearing-house for software metadata Standards body the IEEE has launched two new anti-malware initiatives designed to help software and security vendors spot malware thats been inserted into other software, and improve the performance of malware detection by cutting down on false positives.

http://go.theregister.com/feed/www.theregister.co.uk/2014/07/08/ieee_expands_malware_initiatives/

NTT Group 2014 Global Threat Intelligence Report

The NTT Group 2014 Global Threat Intelligence Report (GTIR) emphasizes that the security basics, when done right, can be enough to mitigate and even avoid high-profile, costly data breaches altogether. Using statistics and real-world case studies, the report shows that combining threat avoidance and threat response capabilities into a strategic approach provides the best chance to reduce the impact of threats.

http://www.solutionary.com/research/threat-reports/annual-threat-report/ntt-group-gtir-2014/

Paper: VBA is not dead!

Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate.

http://www.virusbtn.com/news/2014/07_07.xml?rss

Android Vulnerability Allows Applications to Make Unauthorized Calls without Permissions

A major vulnerability believed to be present in most versions of Android can allow a malicious Android applications on the Android app store to make phone calls on a user's device, even when they lack the necessary permissions. The critical vulnerability was identified and reported to Google Inc. late last year by researchers from German security firm Curesec. The researchers believe the...

http://thehackernews.com/2014/07/android-vulnerability-allows.html

Google Android / eduroam-Zugangsdaten

Bei mobilen Geräten mit Android-Betriebssystem ist die Default-Konfiguration für die Option CA-Zertifikat für WLAN-Verbindungen "keine Angabe". Konkret bedeutet dieses als normal dokumentierte Verhalten, dass die Prüfung der Zertifikatskette komplett deaktiviert ist, d.h. jedes beliebige Zertifikat wird ohne weitere Warnung akzeptiert. Erschwerend kommt hinzu,...

https://www.dfn-cert.de/aktuell/Google-Android-Eduroam-Zugangsdaten.html

How not to tell your customers how much you care about their security

Weve written before about "what not to do" when sending emails to your customers. Heres another example, with an explanation of why doing the right thing will be better for everyone - including your marketing team! - in the long run.

http://nakedsecurity.sophos.com/2014/07/08/how-not-to-tell-your-customers-how-much-you-care-about-their-security/

Metadaten gegen Viren-Fehlerkennugen

Die IEEE hat eine Datenbank für Metadaten von Binaries gestartet. Sie liefert Informationen, über die ein Virenscanner eindeutig feststellen kann, ob eine Datei gutartig ist.

http://www.heise.de/security/meldung/Metadaten-gegen-Viren-Fehlerkennugen-2251769.html

Security Advisory-Apache Struts2 vulnerability on Huawei multiple products

Jul 07, 2014 21:09

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm

Apple iTunes 11.2.2 Insecure Libraries

Topic: Apple iTunes 11.2.2 Insecure Libraries Risk: High Text:Hi @ll, Apples current iTunes 11.2.2 for Windows comes with the following COMPLETELY outdated and vulnerable 3rd party libr...

http://cxsecurity.com/issue/WLB-2014070042

Apache Syncope Insecure Password Generation

Topic: Apache Syncope Insecure Password Generation Risk: Medium Text:CVE-2014-3503: Insecure Random implementations used to generate passwords in Apache Syncope Severity: Major Vendor: The ...

http://cxsecurity.com/issue/WLB-2014070039

Vuln: WordPress Easy Banners Plugin easy-banners.php Cross Site Scripting Vulnerability

http://www.securityfocus.com/bid/68281

Vuln: WordPress Custom Banners Plugin options.php Cross Site Scripting Vulnerability

http://www.securityfocus.com/bid/68279

TYPO3 CMS 4.5.35, 6.1.10 and 6.2.4 released

The TYPO3 Community announces the versions 4.5.35, 6.1.10 and 6.2.4 of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes.

https://typo3.org/news/article/typo3-cms-4535-6110-and-624-released/

HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access

Potential security vulnerabilities have been identified with HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information.

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04343424