End-of-Shift report
Timeframe: Freitag 18-07-2014 18:00 − Montag 21-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
The Little Signature That Could: The Curious Case of CZ Solution
Malware authors are always looking for new ways to masquerade their actions. Attackers are looking for their malware to be not only fully undetectable, but also appear valid on a system, so as not to draw attention. Digital signatures are...
http://www.fireeye.com/blog/technical/2014/07/the-little-signature-that-could-the-curious-case-of-cz-solution.html
Keeping the RATs out: the trap is sprung - Part 3, (Sat, Jul 19th)
As we bring out three part series on RAT tools suffered upon our friends at Hazrat Supply we must visit the centerpiece of it all. The big dog in this fight is indeed the bybtt.cc3 file (Jake suspected this), Backdoor:Win32/Zegost.B. The file is unquestionably a PEDLL but renamed a .cc3 to hide on system like a CueCards Professional database file. Based on the TrendMicro writeup on this family, the backdoor drops four files, including %Program Files%\%SESSIONNAME%\{random characters}.cc3 This...
https://isc.sans.edu/diary.html?storyid=18415&rss
Top 10 Common Database Security Issues
Introduction The database typically contains the crown jewels of any environment; it usually holds the most business sensitive information which is why it is a high priority target for any attacker. The purpose of this post is to create awareness among database administrators and security managers about some of the areas on which it is important to focus on when implementing a new database or hardening the security of an existing one.
https://www.nccgroup.com/en/blog/2014/07/top-10-common-database-security-issues/
Smart Meter Attack Scenarios
In our previous post, we looked at how smart meters were being introduced across multiple countries and regions, and why these devices pose security risks to their users. At their heart, a smart meter is simply... a computer. Let's look at our existing computers - whether they are PCs, smartphones, tablets, or embedded devices. Similarly, these...
http://blog.trendmicro.com/trendlabs-security-intelligence/smart-meter-attack-scenarios/
Angriffe auf Web-Server via Wordpress-Plugin MailPoet
Über eine kürzlich entdeckte Sicherheitslücke werden derzeit systematisch Server gekapert. Wer das Anfang Juli veröffentlichte Update noch nicht installiert hat, sollte das dringend nachholen.
http://www.heise.de/security/meldung/Angriffe-auf-Web-Server-via-Wordpress-Plugin-MailPoet-2263568.html
Home router security to be tested in upcoming hacking contest
Researchers are gearing up to hack an array of different home routers during a contest next month at the Defcon 22 security conference. The contest is called SOHOpelessly Broken - a nod to the small office/home office space targeted by the products - and follows a growing number of large scale attacks this year against routers and other home embedded systems.
http://www.cio.com/article/2455981/home-router-security-to-be-tested-in-upcoming-hacking-contest.html
Sicherheitsforscher weist auf "Hintertüren" in iOS hin
Undokumentierte Systemdienste in iOS machen Angreifern das Auslesen von Nutzerdaten leicht, wenn das iPhone oder iPad mit einem Desktop-Computer lokal gepairt wurde, erklärt Jonathan Zdziarski - und hofft auf Antwort von Apple.
http://www.heise.de/security/meldung/Sicherheitsforscher-weist-auf-Hintertueren-in-iOS-hin-2263888.html
Call for last-minute papers for VB2014 announced
Seven speaking slots waiting to be filled with presentations on hot security topics.
http://www.virusbtn.com/news/2014/07_21.xml?rss
Heartbleed bedroht kritische Industrie-Kontrollsysteme
Über drei Monate nach Bekanntwerden der massiven Sicherheitslücke sind immer noch zahlreiche Systeme von Siemens ungeschützt.
http://futurezone.at/digital-life/heartbleed-bedroht-kritische-industrie-kontrollsysteme/75.670.250
VMSA-2014-0006.8
VMware product updates address OpenSSL security vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
EMC RecoverPoint Internal Firewall Ruleset Error Lets Remote Users Bypass the Firewall
http://www.securitytracker.com/id/1030608
DSA-2981 polarssl
security update
http://www.debian.org/security/2014/dsa-2981
DSA-2982 ruby-activerecord-3.2
security update
http://www.debian.org/security/2014/dsa-2982
IBM Security Bulletins
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_cross_site_scripting_vulnerability_addressed_in_asset_and_service_management_cve_2014_3025?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_cross_site_scripting_vulnerability_addressed_in_asset_and_service_management_cve_2014_0914?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_infosphere_data_quality_console_is_vulnerable_to_a_cross_site_scripting_xss_attack_when_adding_new_project_connections_cve_2014_3071?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_sametime_classic_meeting_server_cve_2014_3088_cve_2014_4747_cve_2014_4748?lang=en_us
VU#688812: Huawei E355 contains a stored cross-site scripting vulnerability
Vulnerability Note VU#688812 Huawei E355 contains a stored cross-site scripting vulnerability Original Release date: 21 Jul 2014 | Last revised: 21 Jul 2014 Overview The Huawei E355 built-in web interface contains a stored cross-site scripting vulnerability. Description Huawei E355 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to receive SMS messages using the connected cellular network.CWE-79: Improper...
http://www.kb.cert.org/vuls/id/688812
Bugtraq: CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.
Vendor: Elasticsearch
Product: Logstash
CVE: CVE-2014-4326
Affected versions: Logstash 1.0.14 through 1.4.1
http://www.securityfocus.com/archive/1/532841