Tageszusammenfassung - Mittwoch 27-08-2014

End-of-Shift report

Timeframe: Dienstag 26-08-2014 18:00 − Mittwoch 27-08-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

Not all Java from java.com is legitimate

Isn't it ironic getting a Java exploit via java.com, the primary source for one of the most common used browser plugins? Current malvertising campaigns are able to do this. This blog post details a relatively new trend: real-time advertisement bidding platforms being infiltrated by cyber criminals spreading malware.

http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/


Multiple Cross-Site Scripting Vulnerabilities in Transport Gateway for Smart Call Home

A vulnerability in the web framework of Cisco Transport Gateway for Smart Call Home (TG-SCH) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3344


Netflix Open Source Security Tools Solve Range of Challenges

Netflix engineers released two new application security tools to open source this week, a continuing effort from the streaming services company.

http://threatpost.com/netflix-open-source-security-tools-solve-range-of-challenges/107931


ZDI-14-296: Novell Groupwise Administration Server FileUploadServlet poLibMaintenanceFileSave Information Disclosure Vulnerability

This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability.

http://www.zerodayinitiative.com/advisories/ZDI-14-296/


VMware Support Tool temporary files denial of service

VMware Support Tool is vulnerable to a denial of service, caused by a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system and cause a denial of service.

http://xforce.iss.net/xforce/xfdb/95493


VMware Support Tool /tmp directory information disclosure

VMware Support Tool could allow a local attacker to obtain sensitive information, caused by insecure permissions being set for the /tmp directory. An attacker could exploit this vulnerability to obtain sensitive information.

http://xforce.iss.net/xforce/xfdb/95494


Vulnerability in Citrix CloudPlatform Virtual Router could result in unauthorised access to network resources

A vulnerability has been identified in the virtual router component of Citrix CloudPlatform, formerly known as Citrix CloudStack, that could allow ..

http://support.citrix.com/article/CTX140989


Citrix CloudPlatform Virtual Router Firewall Bug Lets Remote Users Access Network Resources

A vulnerability was reported in Citrix CloudPlatform Virtual Router. A remote user can bypass access controls to access network resources.

http://www.securitytracker.com/id/1030762


Google says - patch your Chrome

64-bit browser loads cat vids FIFTEEN PERCENT faster! Google has dropped 50 patches for its flagship Chrome browser plugging holes and handed $30,000 to a lone bug hunter who reported a dangerous sandbox-busting attack. www.theregister.co.uk/2014/08/27/goog_says_patch_your_chrome/

PCI Council wants YOU to give it things to DO

How about enforcing PCI DSS? Crusaders at the Payment Card Industry Security Standards Council have called for submissions into projects for 2015. www.theregister.co.uk/2014/08/27/pci_council_wants_you_to_give_it_things_to_do/

RSA Identity Management and Governance Authentication Flaw Lets Remote Users Bypass Authentication to Gain Access to the Target System

A vulnerability was reported in RSA Identity Management and Governance. A remote user can bypass authentication to gain access to the target system.

http://www.securitytracker.com/id/1030759


Sicherheitsupdate für Synology-Netzwerkspeicher

Auch ein NAS ist meist ein Linux-Server, der gehegt und gepflegt werden muss - insbesondere dann, wenn es über das Internet erreichbar ist. Synology hat deshalb unter anderem OpenSSL auf den aktuellen Stand gebracht und damit diverse Lücken geschlossen.

http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-Synology-Netzwerkspeicher-2302988.html


VB2014 preview: Methods of malware persistence on Mac OS X

Patrick Wardle shows that OS X users really have something to worry about.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at some of the research that will be presented at the event. Today, ..

http://www.virusbtn.com/blog/2014/08_27.xml


IBM: Heartbleed Attacks Thousands of Servers Daily

The 2014 IBM X-Force Threat Intelligence Quarterly takes a look back at Heartbleed and how organizations were affected by it.

http://threatpost.com/ibm-heartbleed-attacks-thousands-of-servers-daily/107936


ZDI-14-297: Juniper Network and Security Manager XDB Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper Network and Security Manager. Authentication is not required to exploit this vulnerability.

http://www.zerodayinitiative.com/advisories/ZDI-14-297/