Tageszusammenfassung - Mittwoch 16-07-2014

End-of-Shift report

Timeframe: Dienstag 15-07-2014 18:00 − Mittwoch 16-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a

SSL Black List Aims to Publicize Certificates Associated With Malware

Malware and botnet operators are always adapting their tactics, trying to stay a step or two ahead of defensive technologies and techniques. One of the methods many attackers have adopted is using SSL to communicate with the infected machines they control, and a researcher has started a new ..

http://threatpost.com/ssl-black-list-aims-to-publicize-certificates-associated-with-malware/107229

---

Early Review of LibreSSL Finds Problematic PRNG

A critical vulnerability was reported in the random number generator in LibreSSL, a fork of OpenSSL. LibreSSL preview versions were released this weekend.

http://threatpost.com/early-review-of-libressl-finds-problematic-prng/107239

---

Critical Patch Update - July 2014

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

---

About Two Recently Patched IBM DB2 LUW Vulnerabilities

IBM recently released patches for three security vulnerabilities affecting various versions of DB2 for Linux, Unix and Windows. This post will explore some more technical details of two of these vulnerabilities (CVE-2014-0907 and CVE-2013-6744) to help database administrators assess the risk of ..

http://blog.spiderlabs.com/2014/07/about-two-ibm-db2-luw-vulnerabilities-patched-recently.htm

---

Citrix XenServer Multiple Security Updates

A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix ..

http://support.citrix.com/article/CTX140984

---

Elipse E3 Scada PLC Denial Of Service

http://cxsecurity.com/issue/WLB-2014070083

---

[2014-07-16] Multiple SSRF vulnerabilities in Alfresco Community Edition

The Alfresco Community Edition Server is prone to multiple Server Side Request Forgery vulnerabilities allowing access to internal resources for an unauthenticated attacker.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt

---

HP Data Protector, Remote Execution of Arbitrary Code

A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code.

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04373818-1&ac.admitted=1405506482024.876444892.492883150

---

[2014-07-16] Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client"

Remote attackers can execute arbitrary code and execute other attacks on computers with the OpenVPN Access Server "Desktop Client" installed.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-1_OpenVPN_Access_Server_Desktop_Client_Remote_Code_Execution_via_CSRF_v10.txt

---

[2014-07-16] Multiple critical vulnerabilities in Bitdefender GravityZone

Attackers are able to completely compromise the Bitdefender GravityZone solution as they can gain system and database level access.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-3_Bitdefender_GravityZone_Multiple_critical_vulnerabilities_v10.txt

---

Schwachstelle in Symfony: W0rm hackt Cnet

Die russische Hackergruppe W0rm hat sich Zugang zu den Servern der Nachrichtenwebseite Cnet verschafft. Die Datenbank mit Benutzerdaten wollen die Hacker für einen symbolische Betrag von einem Bitcoin verkaufen.

http://www.golem.de/news/schwachstelle-in-symfony-w0rm-hackt-cnet-1407-107918-rss.html

---

Common Misconceptions IT Admins Have on Targeted Attacks

In our efforts around addressing targeted attacks, we often work with IT administrators from different companies in dealing with threats against their network. During these collaborations, we've recognized certain misconceptions that IT administrators - or perhaps enterprises in general - have in terms of targeted attacks. I will cover some of them in this ..

http://blog.trendmicro.com/trendlabs-security-intelligence/common-misconceptions-it-admins-have-on-targeted-attacks/