[CERT-daily] Tageszusammenfassung - Montag 8-04-2013

Mon Apr 8 18:24:36 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 05-04-2013 18:00 − Montag 08-04-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Ein weiterer Schwung von Sicherheits-Updates für D-Link-Router ***
---------------------------------------------
Eine Reihe neuer Firmware-Versionen schließen Sicherheitslücken in D-Link-Routern. Da bereits passende Exploit-Module veröffentlicht wurden, sollte man die möglichst bald einspielen.
---------------------------------------------
http://www.heise.de/security/meldung/Ein-weiterer-Schwung-von-Sicherheits-Updates-fuer-D-Link-Router-1836388.html


*** German ransomware threatens with sick kiddie smut ***
---------------------------------------------
IWF warns of scheme to shock victims into police payment Security technicians at Sophos are poring over a new piece of ransomware that uses images of purported child sexual abuse to extort money from internet users, a discovery that has prompted an alert from the Internet Watch Foundation (IWF).
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/04/05/iwf_warning_smut_ransomware/


*** SANS Secure Europe 2013 - Amsterdam, Netherlands ***
---------------------------------------------
"Join us at the Radisson Blu Hotel in the heart of Amsterdam between April 15th and 27th for another unique SANS learning and networking experience. The full line-up for mainland Europes largest IT Security training event is confirmed with Jason Fossens excellent new course, SEC505: Securing Windows and Resisting Malware completing the eight track roster. Course-author Ed Skoudis will be teaching SEC560: Network Pen Testing and Ethical Hacking for the first time in Europe...."
---------------------------------------------
http://www.sans.org/event/secure-europe-2013


*** Joomla GPL Template Cross Site Scripting ***
---------------------------------------------
Topic: Joomla GPL Template Cross Site Scripting Risk: Low Text:# Exploit Title: Joomla GPL Template Cross Site Scripting # # Exploit Author: Ashiyane Digital Security Team # # Home : www...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/0-oy9bDwQbE/WLB-2013040045


*** Zimbra XSS in aspell.php ***
---------------------------------------------
Topic: Zimbra XSS in aspell.php Risk: Low Text:While trying to see how hard a bug would be to fix in Zimbra during a discussion with a coworker, I stumbled across a XSS flaw...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Urwtnfh8RAs/WLB-2013040049


*** Online-Bücherei Scribd wurde gehackt ***
---------------------------------------------
Der Dokumentendienst und die weltgrößte Online-Bücherei Scribd räumte einen Angriff auf sein Netzwerk ein. Von den 100 Millionen Nutzern, die beim Dokumentendienst registriert sind, sollen "weniger als ein Prozent" betroffen sein, meint das Unternehmen.
---------------------------------------------
http://futurezone.at/digitallife/15069-online-buecherei-scribd-wurde-gehackt.php?rss=fuzo


*** Virenschutz für Windows 8 getestet ***
---------------------------------------------
Das AV-Test Institut legt erste Ergebnisse eines Tests unter Windows 8 vor. Virenschutzprogramme der AV-Hersteller mussten darin zeigen, ob sie mehr Schutz bieten als der ins Betriebssystem integrierte Windows Defender.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Virenschutz-fuer-Windows-8-getestet-1836530.html


*** Shylock Trojan Going Global with New Features, Resilient Infrastructure ***
---------------------------------------------
The prolific, credential-stealing Shylock banking Trojan is growing increasingly sophisticated as its creators continue adding new modules and functionalities to the man-in-the-browser malware, according to a Symantec report.read more
---------------------------------------------
https://threatpost.com/en_us/blogs/shylock-going-global-new-features-more-resilient-infrastructure-040513


*** Vuln: Squid strHdrAcptLangGetItem() Function Remote Denial of Service Vulnerability ***
---------------------------------------------
Squid strHdrAcptLangGetItem() Function Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/58316


*** IBM Cognos Disclosure Management EdrawSoft ActiveX Control Insecure Method Vulnerability ***
---------------------------------------------
IBM Cognos Disclosure Management EdrawSoft ActiveX Control Insecure Method Vulnerability
---------------------------------------------
https://secunia.com/advisories/52957


*** Botnetz verteilt Android-Trojaner ***
---------------------------------------------
Ein neuer Android-Trojaner wird über das Cutwail-Botnetz verteilt. Das Angriffsszenario beschränkt sich aber nicht nur auf Android-Geräte. Werden die gefährlichen Links auf Desktop-PCs geöffnet, werden Nutzer auf Seiten mit Blackhole-Exploit-Kit geleitet.
---------------------------------------------
http://www.heise.de/security/meldung/Botnetz-verteilt-Android-Trojaner-1836854.html


*** IBM Rational Products WebSphere Application Server Java SDK Vulnerabilities ***
---------------------------------------------
IBM Rational Products WebSphere Application Server Java SDK Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/52964


*** OTRS ITSM / FAQ Module Security Bypass and Script Insertion Vulnerabilities ***
---------------------------------------------
OTRS ITSM / FAQ Module Security Bypass and Script Insertion Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/52973


*** OTRS Help Desk Object Linking Mechanism Security Bypass Vulnerability ***
---------------------------------------------
OTRS Help Desk Object Linking Mechanism Security Bypass Vulnerability
---------------------------------------------
https://secunia.com/advisories/52969


*** Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities ***
---------------------------------------------
Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/52966


*** Cyber-security experts demonstrate Java attack ***
---------------------------------------------
....Earlier this month Context principal security consultant James Forshaw discovered a previously unknown exploit of Java, or zero-day exploit, at the 2013 Pwn2Own cyber-security competition at CanSecWest in Vancouver. Penetration testing experts from the firm demonstrated how an attacker could use such an exploit to steal sensitive data from a major organisation, based on real-world experience from an assignment carried out by the team...
---------------------------------------------
http://eandt.theiet.org/news/2013/apr/context-cyber.cfm


*** Update on leaked UEFI signing keys - probably no significant risk ***
---------------------------------------------
According to the update here, the signing keys are supposed to be replaced by the hardware vendor. If vendors do that, this ends up being uninteresting from a security perspective - you could generate a signed image, but nothing would trust it. It should be easy enough to verify, though. Just download a firmware image from someone using AMI firmware, pull apart the capsule file, decompress everything and check whether the leaked public key is present in the binaries.
---------------------------------------------
http://mjg59.dreamwidth.org/24463.html


*** ICS-CERT Advisories ***
---------------------------------------------

*** ICS-CERT has released an Advisory "ICSA-13-095-02 - Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities" (PDF) ***
---------------------------------------------
http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf

*** ICS-CERT has released an Advisory "ICSA-13-095-01 - Cogent Real-Time Systems Multiple Vulnerabilities" (PDF) ***
---------------------------------------------
http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf

*** ICS-CERT has released an Alert "ICS-ALERT-13-091-01 - Mitsubishi MX Overflow Vulnerability" (PDF) ***
---------------------------------------------
http://ics-cert.us-cert.gov/pdf/ICS-ALERT-13-091-01.pdf

*** ICS-CERT has released an Alert "ICS-ALERT-13-091-02 - Clorius Controls ICS SCADA Information Disclosure" (PDF) ***
---------------------------------------------
http://ics-cert.us-cert.gov/pdf/ICS-ALERT-13-091-02.pdf

*** ICS-CERT has released an Advisory "ICSA-13-091-01 - Wind River VXWorks SSH and Web Server Multiple Vulnerabilities" (PDF) ***
---------------------------------------------
http://ics-cert.us-cert.gov/pdf/ICSA-13-091-01.pdf
---------------------------------------------


*** Vulnerabilities in various WordPress Plugins ***
---------------------------------------------

*** WordPress Trafficanalyzer Plugin XSS Vulnerability ***
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/dFB_Cr0hxkU/WLB-2013040051

*** WP-Print plugin for WordPress unspecified cross-site request forgery ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/83267

*** Wordpress plugins kioskprox XSS Vulnerability ***
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/B2w18UOqjwA/WLB-2013040055

*** WordPress WP125 Plugin Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/52876

*** WordPress WP-DownloadManager Plugin Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/52863
---------------------------------------------