Tageszusammenfassung - Donnerstag 24-07-2014

End-of-Shift report

Timeframe: Mittwoch 23-07-2014 18:00 − Donnerstag 24-07-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

ZDI-14-264: (0Day) Apple QuickTime mvhd Atom Heap Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

http://www.zerodayinitiative.com/advisories/ZDI-14-264/


ZDI-14-263: (0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 1091 Directory Traversal Arbitrary File Write Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability.

http://www.zerodayinitiative.com/advisories/ZDI-14-263/


ZDI-14-262: (0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 305 Directory Traversal Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability.

http://www.zerodayinitiative.com/advisories/ZDI-14-262/


[Honeypot Alert] Wordpress XML-RPC Brute Force Scanning

There are news reports of new Wordpress XML-PRC brute force attacks being seen in the wild. The SANS Internet Storm Center also has a Diary entry showing similar data. We have captured similar attacks in our web honeypots so we wanted to share more data with the community. Please reference earlier blog posts we have done related to Wordpress: Wordpress XML-RPC Pingback Vulnerability Analysis Defending Wordpress Logins from Brute Force Attacks Thanks goes to my SpiderLabs Research colleague

http://blog.spiderlabs.com/2014/07/honeypot-alert-wordpress-xml-rpc-brute-force-scanning.html


Smart Grid Attack Scenarios

This is the third (and last) in a series of posts looking at the threats surrounding smart grids and smart meters. In the first post, we introduced smart meters, smart grids, and showed why these can pose risks. In the second post, we looked at the risks of attacks on smart meters. In this post,...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6sRN65gV904/


Windows Previous Versions against ransomware, (Thu, Jul 24th)

One of the cool features that Microsoft actually added in Windows Vista is the ability to recover previous versions of files and folders. This is part of the VSS (Volume Shadow Copy Service) which allows automatic creation of backup copies on the system. Most users "virtually meet" this service when they are installing new software, when a restore point is created that allows a user to easily revert the operating system back to the original state, if something goes wrong. However,

https://isc.sans.edu/diary/Windows+Previous+Versions+against+ransomware/18439


BMWs ConnectedDrive falls over, bosses blame upgrade snafu

Traffic flows up 20% as motorway middle lanes miraculously unclog BMWs ConnectedDrive car-to-mobe interface has suffered a UK-wide outage that may also affect customers in mainland Europe.

http://go.theregister.com/feed/www.theregister.co.uk/2014/07/24/bmw_connected_drive/


Dirty Dozen Spampionship - which country is spewing the most spam?

The World Cup may be done and dusted, but the Spampionship continues! Where did you come in our spam-sending league tables?

http://nakedsecurity.sophos.com/2014/07/22/dirty-dozen-spampionship-which-country-is-spewing-the-most-spam/


A new generation of ransomware

Trojan-Ransom.Win32.Onion a highly dangerous threat and one of the most technologically advanced encryptors out there. Its developers used both proven techniques 'tested' on its predecessors and solutions that are completely new for this class of malware. The use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server.

https://securelist.com/analysis/publications/64608/a-new-generation-of-ransomware/


Bugcrowd Releases Open Source Vulnerability Disclosure Framework

The problems that come from doing security research on modern Web applications and other software aren't just challenging for researchers, but also for the companies on the receiving end of their advisories. Companies unaccustomed to dealing with researchers can find themselves in a difficult position, trying to figure out the clearest path forward. To help...

http://threatpost.com/bugcrowd-releases-open-source-vulnerability-disclosure-framework/107399


SA-CONTRIB-2014-072 - Freelinking, Freelinking Case Tracker - Access bypass

Advisory ID: DRUPAL-SA-CONTRIB-2014-072Project: freelinking (third-party module)Project: freelinking case tracker (third-party module)Version: 6.x, 7.xDate: 2014-July-23Security risk: CriticalExploitable from: RemoteVulnerability: Access bypassDescriptionThe freelinking and freelinking case tracker modules implement a filter for the easier creation of HTML links to other pages in the site or external sites with a wiki style format such as [[pluginname:identifier]].The module doesnt sufficiently...

https://www.drupal.org/node/2308503


Siemens OpenSSL Vulnerabilities (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-14-198-03 Siemens OpenSSL Vulnerabilities that was published July 17, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for vulnerabilities in the Siemens OpenSSL cryptographic software library affecting several Siemens industrial products.

http://ics-cert.us-cert.gov//advisories/ICSA-14-198-03A


Sierra Wireless AirLink Raven X EV-DO Vulnerabilities (Update B)

This updated advisory is a follow-up to the advisory titled ICSA-14-007-01A Sierra Wireless AirLink Raven X EV-DO Multiple Vulnerabilities that was published January 16, 2014, on the NCCIC/ICS CERT web site.

http://ics-cert.us-cert.gov//advisories/ICSA-14-007-01B


HPSBMU03076 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities

Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities.

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04379485


HPSBMU03074 rev.1 - HP Insight Control server migration on Linux and Windows running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information

Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information.

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04378799


Cisco TelePresence Management Interface Vulnerability

CVE-2014-3324

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3324


Bugtraq: Beginners error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

Beginners error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

http://www.securityfocus.com/archive/1/532875