End-of-Shift report
Timeframe: Freitag 01-08-2014 18:00 − Montag 04-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
ZDI-14-273: AlienVault OSSIM av-centerd Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-14-273/
Remote code execution on Android devices
You walk into a coffee shop and take a seat. While waiting for your coffee, you take out your smartphone and start playing a game you downloaded the other day. Later, you go to work and check your email in the elevator. Without you knowing, an attacker has just gained a foothold in your corporate...
http://labs.bromium.com/2014/07/31/remote-code-execution-on-android-devices/
POWELIKS: Malware Hides In Windows Registry
We spotted a malware that hides all its malicious codes in the Windows Registry. The said tactic provides evasion and stealth mechanisms to the malware, which Trend Micro detects as TROJ_POWELIKS.A. When executed, TROJ_POWELIKS.A downloads files, which can cause further system infection. Systems affected by this malware risk being infected by other malware, thus causing further...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OEAKGdXwSnc/
All Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon, (Sat, Aug 2nd)
A remote code execution in nmbd (the NetBIOS name services daemon) has been found in Samba versions 4.0.0 to 4.1.10. ( assgined CVE-2014-3560) and a patch has been release by the team at samba.org. Heres the details from
http://www.samba.org/samba/security/CVE-2014-3560 Description All current versions of Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon. A malicious browser can send packets that may overwrite
https://isc.sans.edu/diary.html?storyid=18471&rss
TP-Link TL-WR740N v4 arbitrary shell command execution
Topic: TP-Link TL-WR740N v4 arbitrary shell command execution Risk: High Text:# Exploit Title: TP-Link TL-WR740N v4 router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) arbitrary shell command execution # Dat...
http://cxsecurity.com/issue/WLB-2014080013
Verschlüsselungstrojaner attackiert Synology-Speichersysteme
Cyber-Erpresser haben einen neuen, direkten Weg gefunden, um das digitale Hab und Gut ihrer Opfer als Geisel zu nehmen: Sie nutzen eine Sicherheitslücke in der NAS-Firmware, um den gesamten Netzwerkspeicher zu verschlüsseln.
http://www.heise.de/newsticker/meldung/Verschluesselungstrojaner-attackiert-Synology-Speichersysteme-2282625.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
China boots Kaspersky and Symantec off security contractor list
Foreign firms dropped from roll of approved infosec vendors Kaspersky Labs and Symantec have both been booted off China's list of approved security vendors for government agencies, as the country continues to tighten up against foreign tech firms in the wake of the NSA indiscriminate surveillance revelations.
http://go.theregister.com/feed/www.theregister.co.uk/2014/08/04/kaspersky_symantec_china_dropped/
Bugtraq: ownCloud Unencrypted Private Key Exposure
http://www.securityfocus.com/archive/1/533010
Backdoor Techniques in Targeted Attacks
Backdoors are an essential part of targeted attacks, as they allow an external threat actor to exercise control over any compromised machines. These allow the threat actor to collect information and move laterally within the targeted organization. Our investigations into various targeted attacks have showed that a wide variety of tactics are used by backdoors to carry out...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fHW4IPov8YE/
IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM WebSphere Real Time
Java SE issues disclosed in the Oracle July 2014 Critical Patch Update, plus 1 additional vulnerability CVE(s): CVE-2014-3086, CVE-2014-4227, CVE-2014-4262, CVE-2014-4219, CVE-2014-4209, CVE-2014-4220, CVE-2014-4268, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4265, CVE-2014-4221, CVE-2014-4263, CVE-2014-4244 and CVE-2014-4208 Affected product(s) and affected version(s): IBM WebSphere Real Time Version 3 Service Refresh 7 and earlier Refer to the following reference URLs for
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_current_releases_of_the_ibm_websphere_real_time?lang=en_us
IBM Security Bulletin: Security vulnerabilities in Apache Tomcat in Rational DOORS Web Access
The Apache Tomcat application server in installations of IBM Rational DOORS Web Access version contains security vulnerabilities. CVE(s): CVE-2013-4322, CVE-2013-4590, CVE-2014-0096, CVE-2014-0099 and CVE-2014-0119 Affected product(s) and affected version(s): Rational DOORS Web Access version 9.6.0.x, 9.5.2.x, 9.5.1.x, 9.5.0.x, 1.5.0.x, 1.4.0.4 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_security_vulnerabilities_in_apache_tomcat_in_rational_doors_web_access?lang=en_us