End-of-Shift report
Timeframe: Dienstag 08-07-2014 18:00 − Mittwoch 09-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
"Weaponized" exploit can steal sensitive user data on eBay, Tumblr, et al.
Google and Twitter already patched against potent "Rosetta Flash" attack.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/B_J-82SKyS4/
Who owns your typo?, (Wed, Jul 9th)
Heres one way how to get at sensitive data that seems to be making a comeback. Already in the olden days, it was popular with the crooks to register domain names that only differed by a typo from the name of a legitimate high traffic site. Googl.com, for example. The crooks would then run web pages with lots of advertisements on these domains, and live happily ever after from the ad revenue that the misdirected typo traffic alone brought their way. Google put a stop to this by registering, for
https://isc.sans.edu/diary.html?storyid=18363&rss
Exploiting IoT technologies
How many Internet of Things (IoT) devices do you have? From smart TVs to coffee machines, these devices are becoming more and more popular in both homes and offices. A team of researchers at NCC Group, led by technical director, Paul Vlissidis, conducted research into a number of IoT devices and looked at some of the ways that an attacker could exploit them. The team, which also consisted of Pete Beck and Felix Ingram, principal consultants, conducted a live demonstration which explored the
https://www.nccgroup.com/en/blog/2014/07/exploiting-iot-technologies/
Who inherits your IP address?, (Wed, Jul 9th)
Somewhat similar to the typo squatting story earlier, the recent proliferation of cloud service usage by enterprises has led to a new problem. For a project at a community college, we needed a couple servers, and didnt want (or have the funds) to build them on-site. In view of the limited duration of the experiment, we decided to "rent" the boxes as IaaS (infrastructure as a service) devices from two "cloud" providers. So far, all went well. But when we brought the instances
https://isc.sans.edu/diary.html?storyid=18365&rss
Yahoo Patches Bugs in Mail, Messenger, Flickr
Yahoo recently fixed a trio of remotely exploitable vulnerabilities in its services that could have let attackers execute a handful of nefarious tricks.
http://threatpost.com/yahoo-fixes-trio-of-bugs-in-mail-messenger-flickr/107079
Trojan:W32/Lecpetex: Bitcoin miner spreading via FB messages
In early March this year, while investigating various threats as part of our Facebook malware cleanup effort, we ran across an interesting one that was spreading in zipped files attached to messages.The messages themselves were classic social engineering bait that lead the users to install the executable file in the attachment, which turned out to be a Bitcoin miner, which we identify as Trojan:W32/Lecpetex. Some of the more interesting details of our analysis are presented in our Lecpetex
http://www.f-secure.com/weblog/archives/00002725.html
Indien stellte falsche Google-Zertifikate aus
Erneut kam es zu einem schwerwiegenden Zwischenfall bei einem Herausgeber von SSL-Zertifikaten: Die staatlich betriebene CA von Indien hat unter anderem Zertifikate für Google-Dienste herausgegeben. Diese eignen sich zum Ausspähen von SSL-Traffic.
http://www.heise.de/security/meldung/Indien-stellte-falsche-Google-Zertifikate-aus-2252544.html
DPAPI vulnerability allows intruders to decrypt personal data
Passcape Software has discovered a DPAPI vulnerability that could potentially lead to unauthorized decryption of personal data and passwords of interactive domain users. The vulnerability is present in all Windows Server operating systems.
http://www.net-security.org/secworld.php?id=17094
ATTACK of the Windows ZOMBIES on point-of-sale terminals
Infosec bods infiltrate botnet, uncover crap password security Security watchers have spotted a fresh Windows-based botnet that attempts to hack into point-of-sale systems.
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/09/botnet_brute_forces_pos/
Security updates available for Adobe Flash Player (APSB14-17)
July 8, 2014
http://blogs.adobe.com/psirt/?p=1108
MS14-JUL - Microsoft Security Bulletin Summary for July 2014 - Version: 1.0
https://technet.microsoft.com/en-us/library/security/MS14-JUL
Assessing risk for the July 2014 security updates
Today we released six security bulletins addressing 29 unique CVE's. Two bulletins have a maximum severity rating of Critical, three have maximum severity Important, and one is Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
http://blogs.technet.com/b/srd/archive/2014/07/08/assessing-risk-for-the-july-2014-security-updates.aspx
VMSA-2014-0006.6
VMware product updates address OpenSSL security vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability
CVE-2014-3313
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313
Yokogawa Centum Buffer Overflow Vulnerability
Advisory Document
http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01
DSA-2974 php5
security update
http://www.debian.org/security/2014/dsa-2974
DSA-2973 vlc
security update
http://www.debian.org/security/2014/dsa-2973
HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information
A potential security vulnerability has been identified with HP Operations Analytics. The vulnerability could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04363613
ABB Relion 650 Series OpenSSL Vulnerability (Update A)
Advisory Document
http://ics-cert.us-cert.gov/advisories/ICSA-14-126-01A
Cisco IOS Software and Cisco IOS XE Software NTP Access Group Vulnerability
CVE-2014-3309
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3309
Bugtraq: FreeBSD Security Advisory FreeBSD-SA-14:17.kmem
http://www.securityfocus.com/archive/1/532698
Juniper Security Bulletins
http://kb.juniper.net/index/content&id=JSA10634&actp=RSS
http://kb.juniper.net/index/content&id=JSA10633&actp=RSS
http://kb.juniper.net/index/content&id=JSA10638&actp=RSS
http://kb.juniper.net/index/content&id=JSA10637&actp=RSS
http://kb.juniper.net/index/content&id=JSA10641&actp=RSS
http://kb.juniper.net/index/content&id=JSA10635&actp=RSS
http://kb.juniper.net/index/content&id=JSA10613&actp=RSS
http://kb.juniper.net/index/content&id=JSA10640&actp=RSS
IBM Security Bulletin: IBM InfoSphere Guardium System x/Flex Systems appliances are affected by vulnerabilities in OpenSSL
IBM InfoSphere Guardium System x/Flex Systems appliances are affected by vulnerabilities in OpenSSL (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470) Security vulnerabilities have been discovered in OpenSSL. CVE(s): CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-5298 Affected product(s) and affected version(s): Hardware versions affected: InfoSphere Guardium Collector X1000 InfoSphere
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_infosphere_guardium_system_x_flex_systems_appliances_are_affected_by_vulnerabilities_in_openssl?lang=en_us
IBM Security Bulletin: Rational Systems Tester is affected by Libxml2 vulnerability (CVE-2014-0191)
Denial-Of-service vulnerability has been discovered in Libxml2 that was reported on May 09, 2014 CVE(s): CVE-2014-0191 Affected product(s) and affected version(s): Rational Systems Tester 3.3, 3.3.0.1, 3.3.0.2, 3.3.0.3, 3.3.0.4, 3.3.0.5, 3.3.0.6, 3.3.0.7 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21678183 X-Force Database:
http://xforce.iss.net/xforce/xfdb/93092
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_systems_tester_is_affected_by_libxml2_vulnerability_cve_2014_0191?lang=en_us