Tageszusammenfassung - Mittwoch 23-07-2014

End-of-Shift report

Timeframe: Dienstag 22-07-2014 18:00 − Mittwoch 23-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

DDoS attacks remain up, stronger in Q2, report says

Prolexics second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.

http://www.scmagazine.com/ddos-attacks-remain-up-stronger-in-q2-report-says/article/362256/


De-obfuscating the DOM based JavaScript obfuscation found in EK's such as Fiesta and Rig

There is little doubt that exploit kit (EK) developers are continuing to improve their techniques and are making exploit kits harder to detect. They have heavily leveraged obfuscation techniques for JavaScript and are utilizing browser functionality to their advantage. Recent exploit kits such as "Fiesta" and "Rig" for example, have been found to be using DOM based JavaScript obfuscation. In...

http://research.zscaler.com/2014/07/de-obfuscating-dom-based-javascript.html


Securing the Nest Thermostat

A group of hackers are using a vulnerability in the Nest thermostat to secure it against Nests remote data collection....

https://www.schneier.com/blog/archives/2014/07/securing_the_ne.html


WordPress brute force attack via wp.getUsersBlogs, (Tue, Jul 22nd)

Now that the XMLRPC "pingback" DDoS problem in WordPress is increasingly under control, the crooks now seem to try brute force password guessing attacks via the "wp.getUsersBlogs" method of xmlrpc.php. ISC reader Robert sent in some logs that show a massive distributed (> 3000 source IPs) attempt at guessing passwords on his Wordpress installation. The requests look like the one shown below and are posted into xmlrpc.php. Unfortunately, the web server responds with a

https://isc.sans.edu/diary.html?storyid=18427&rss


New Feature: "Live" SSH Brute Force Logs and New Kippo Client, (Wed, Jul 23rd)

We are announcing a new feature we have been working on for a while, that will display live statistics on passwords used by SSH brute forcing bots. In addition, we also updated our script that will allow you to contribute data to this effort. Right now, we are supporting the kippo honeypot to collect data. This script will submit usernames, passwords and the IP address of the attacker to our system. To download the script see https://isc.sans.edu/clients/kippo/kippodshield.pl . The script uses

https://isc.sans.edu/diary.html?storyid=18433&rss


Arbeit für Admins: Apache 2.4.10 stopft Sicherheitslücken

Für Administratoren von Webservern, die auf Apache 2.4.x laufen, heißt es updaten. Die Apache-Entwickler haben mit der neuesten Version der Software fünf Lücken geschlossen, eine davon erlaubt das Ausführen von Schadcode aus dem Netz.

http://www.heise.de/security/meldung/Arbeit-fuer-Admins-Apache-2-4-10-stopft-Sicherheitsluecken-2265619.html


How Thieves Can Hack and Disable Your Home Alarm System

When it comes to the security of the Internet of Things, a lot of the attention has focused on the dangers of the connected toaster, fridge and thermostat. But a more insidious security threat lies with devices that aren't even on the internet: wireless home alarms. Two researchers say that top-selling home alarm setups can...

http://feeds.wired.com/c/35185/f/661467/s/3cc7d302/sc/15/l/0L0Swired0N0C20A140C0A70Chacking0Ehome0Ealarms0C/story01.htm


EU to Roll Out Cybercrime Taskforce

International Team Will Target Cross-Border Crime Campaigns The European Union is set to launch a trial run of an international cybercrime task force that will coordinate investigations across Europe, as well as with a handful of other countries, including Australia, Canada and the United States.

http://www.bankinfosecurity.com/eu-to-roll-out-cybercrime-taskforce-a-7093


The psychology of phishing

Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients.

http://www.net-security.org/article.php?id=2078


Just Released - The Phishing Planning Kit

One of the biggest challenges with an effective phishing program is not the technology you use, but how you communicate and implement your phishing program. To assist you in getting the most out of your phishing program we have put together the Phishing Planning Kit. Based on the feedback and input of numerous security awareness officers, this kit...

http://www.securingthehuman.org/blog/2014/07/22/phishing-planning-kit


Facebook Scam Leads to Nuclear Exploit Kit

Attackers have become more aggressive and are now using Facebook scams to lead to exploit kits so they can control a user's system.

http://www.symantec.com/connect/blogs/facebook-scam-leads-nuclear-exploit-kit


Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability

CVE-2014-3322

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322


SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting

Topic: SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting Risk: Low Text:I. VULNERABILITY - Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 II. BACKGROUND ...

http://cxsecurity.com/issue/WLB-2014070121


Barracuda Networks Spam And Virus Firewall 6.0.2 XSS

Topic: Barracuda Networks Spam And Virus Firewall 6.0.2 XSS Risk: Low Text:Document Title: Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability Re...

http://cxsecurity.com/issue/WLB-2014070118


Security Notice-Statement on the XSS Security Vulnerability in Huawei E355

Jul 23, 2014 17:37

http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-356647.htm


SSA-214365 (Last Update 2014-07-23): Vulnerabilities in SIMATIC WinCC

https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf


Omron NS Series HMI Vulnerabilities

This advisory provides mitigation details for multiple vulnerabilities in Omron Corporation's NS series human-machine interface (HMI) terminals.

http://ics-cert.us-cert.gov//advisories/ICSA-14-203-01


Honeywell FALCON XLWeb Controllers Vulnerabilities

This advisory was originally posted to the US-CERT secure Portal library on June 24, 2014, and is being released to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for vulnerabilities in Honeywell FALCON XLWeb controllers.

http://ics-cert.us-cert.gov//advisories/ICSA-14-175-01


HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information

A potential security vulnerability has been identified with HP Network Vitalization. The vulnerability could be exploited remotely to allow execution of code and disclosure of information.

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202