End-of-Shift report
Timeframe: Donnerstag 10-07-2014 18:00 − Freitag 11-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Finding the Clowns on the Syslog Carousel, (Thu, Jul 10th)
So often I see clients faithfully logging everything from the firewalls, routers and switches - taking terabytes of disk space to store it all. Sadly, the interaction after the logs are created is often simply to make sure that the partition doesnt fill up - either old logs are just deleted, or each month logs are burned to DVD and filed away. The comment I often get is that logs entries are complex, and that the sheer volume of information makes it impossible to make sense of it.
https://isc.sans.edu/diary.html?storyid=18373&rss
Security Advisory 2982792 released, Certificate Trust List updated
Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With this update, most customers will be automatically protected against this issue and will not need to take any action. If you do not have automatic updates enabled, or if you are on Windows Server...
http://blogs.technet.com/b/msrc/archive/2014/07/10/security-advisory-2982792-released-certificate-trust-list-updated.aspx
Weekly Metasploit Update: Another Meterpreter Evasion Option
https://community.rapid7.com/community/metasploit/blog/2014/07/10/weekly-metasploit-update
Website Malware - Mobile Redirect to BaDoink Porn App
A few weeks ago we reported that we were seeing a huge increase in the number of web sites compromised with a hidden redirection to pornographic content. It was a very tricky injection, with the redirection happening only once per day per IP address and only if the visitor was using a mobile device...
http://feedproxy.google.com/~r/sucuri/blog/~3/pAisQqonxQM/website-malware-mobile-redirect-to-badoink-porn-app.html
VU#712660: Raritian PX power distribution software is vulnerable to the cipher zero attack.
Vulnerability Note VU#712660 Raritian PX power distribution software is vulnerable to the cipher zero attack. Original Release date: 10 Jul 2014 | Last revised: 10 Jul 2014 Overview Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. Description CWE-287: Improper Authentication -
http://www.kb.cert.org/vuls/id/712660
Oracle Critical Patch Update - July 2014 - Pre-Release Announcement
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Cisco ASA Filter and Inspect Overlap Denial of Service Vulnerability
CVE-2013-5567
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5567
Adobe Flash: The most INSECURE program on a UK users PC
XML a weak spot, but nothings as dire as Adobe player Adobe Flash Player was the most insecure program installed on UK computer users PCs throughout the second quarter of 2014, according to stats from vulnerability management firm Secunia.
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/10/secunia_pc_insecurity/
Crooks Seek Revival of "Gameover Zeus" Botnet
Cybercrooks today began taking steps to resurrect the Gameover ZeuS botnet, a complex crime machine that has been blamed for the theft more than $100 million from banks, businesses and consumers worldwide. The revival attempt comes roughly five weeks after the FBI joined several nations, researchers and security firms in a global and thus far successful effort to eradicate it.
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/yLU9-y_8J-k/
VMSA-2014-0006.7
VMware product updates address OpenSSL security vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
DSA-2976 eglibc
security update
http://www.debian.org/security/2014/dsa-2976
osCommerce 2.3.4 - Multiple vulnerabilities
Topic: osCommerce 2.3.4 - Multiple vulnerabilities Risk: Medium Text:#Title: osCommerce 2.3.4 - Multiple vulnerabilities #Date: 10.07.14 #Affected versions: => 2.3.4 (latest atm) #Vendor: oscom...
http://cxsecurity.com/issue/WLB-2014070059
C99 Shell Authentication Bypass via Backdoor
Topic: C99 Shell Authentication Bypass via Backdoor Risk: Medium Text:# Exploit Title: C99 Shell Authentication Bypass via Backdoor # Google Dork: inurl:c99.php # Date: June 23, 2014 # Exploit A...
http://cxsecurity.com/issue/WLB-2014070057
Exploit emerges for LZO algo hole
Take one Nyan Cat, add Firefox and hope your Linux distro has been patched Security Mouse security researcher Don A Bailey has showcased an exploit of the Lempel-Ziv-Oberhumer (LZ0) compression algorithm running in the Mplayer2 media player and says it could leave some Linuxes vulnerable to attack.
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/11/firefox_lzo_rce/
Microsoft entzieht Indischer CA das Vertrauen
Als Konsequenz auf die missbräuchlich ausgestellten Google-Zertifikate hat Microsoft die betroffenen SubCAs auf die Sperrliste gesetzt. Darüber hinaus wurde das ganze Ausmaß des Zwischenfalls bekannt: Betroffen sind 45 Domains - auch von Yahoo.
http://www.heise.de/security/meldung/Microsoft-entzieht-Indischer-CA-das-Vertrauen-2255992.html
Lack of Certificate Pinning Exposes Encrypted iOS Gmail App Communication
Google has failed to implement certificate pinning in its official iOS Gmail application, which could enable Man-in-the-Middle attacks exposing encrypted user communications.
http://threatpost.com/lack-of-certificate-pinning-exposes-encrypted-ios-gmail-app-communication/107154