End-of-Shift report
Timeframe: Montag 18-08-2014 18:00 − Dienstag 19-08-2014 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
New Attack Binds Malware in Parallel to Software Downloads
Open source software distribution systems that lack security processes and integrity checks are prone to a new attack that binds malware to a download without modifying the original application.
http://threatpost.com/new-attack-binds-malware-in-parallel-to-software-downloads/107800
Microsofts Windows 8 App Store Is Full of Scamware
Deathspawner writes Windows 8 brought a lot to the table, with one of its most major features being its app store. However, its not a feature that Microsoft seems too intent on keeping clean. As it is today, the store is completely littered with misleading apps and outright scamware. The unfortunate thing is that ..
http://beta.slashdot.org/story/206067
Virenscanner: Testlabor analysiert das fehlende Prozent
In Labortests erkennen fast alle Virenscanner stets über 99 Prozent der Schädlinge. Doch genau das fehlende Prozent kann den Unterschied machen, wie die Verbreitung der durchgeschlüpften Dateien zeigt.
http://www.heise.de/security/meldung/Virenscanner-Testlabor-analysiert-das-fehlende-Prozent-2293206.html
Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?, (Sun, Aug 17th)
This diary follows from Part 1, published on Sunday August 17, 2014. How is it possible that with no port forwarding enabled through the firewall that Internet originated NTP requests were getting past the firewall to the misconfigured NTP server? The reason why these packets are passing ..
https://isc.sans.edu/diary.html?storyid=18549&rss
Stuxnet: Geschlossene Sicherheitslücke gefährdet noch immer Millionen
Experten führen die hohen Zahlen auf eine mangelnde Wartung von Servern zurück
http://derstandard.at/2000004498863
APT Gang Branches Out to Medical Espionage in Community Health Breach
The Community Health Systems data breach has been tied to a Chinese APT gang that has branched out to medical espionage, stealing patient data in an effort to target intelligence on medical device development.
http://threatpost.com/apt-gang-branches-out-to-medical-espionage-in-community-health-breach/107828
Multipe vulnerabilities in EMC Documentum products
http://www.securityfocus.com/archive/1/533161
http://www.securityfocus.com/archive/1/533160
http://www.securityfocus.com/archive/1/533159
http://www.securityfocus.com/archive/1/533162
DSA-3006 xen
http://www.debian.org/security/2014/dsa-3006
FreeNAS password security bypass
FreeNAS could allow a remote attacker to bypass security restrictions, caused by the use of a blank password by the Web admin. An attacker could exploit this vulnerability to reset the admin password and gain full administrative access to the device.
http://xforce.iss.net/xforce/xfdb/95326
Apache HttpComponents certificate spoofing
Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a ..
http://xforce.iss.net/xforce/xfdb/95327
Cisco NX-OS Software SNMP Information Disclosure Vulnerability
A vulnerability in the Simple Network Management Protocol (SNMP) module of Cisco NX-OS Software could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to a failure to respond to invalid requests in the same manner when specifying a VLAN ID. An attacker could exploit this vulnerability by making a large number of requests to ..
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341