[CERT-daily] Tageszusammenfassung - Montag 15-04-2013

Mon Apr 15 18:04:28 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 12-04-2013 18:00 − Montag 15-04-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Robert Waldner

*** Brute Force Attacks Build WordPress Botnet ***
---------------------------------------------
Security experts are warning that an escalating series of attacks designed to break into poorly-secured WordPress blogs is fueling the growth of a botnet made up of Web servers that could be the precursor to a broad-scale campaign to distribute malicious software and launch debilitating network attacks.Related Posts:Network Solutions Again Under SiegeAdobe, Microsoft, WordPress Issue Security FixesNew Tools Bypass Wireless Router SecurityPassword Do’s and Don’tsAttackers Hit Weak
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/EBD0wNNgwW0/


*** USA und China richten Arbeitsgruppen für Internet-Sicherheit ein ***
---------------------------------------------
Bei seinem China-Besuch hat der US-Außenminister die Einsetzung von Arbeitsgruppen zu den Themen Cyber-Security und globaler Klimaschutz vereinbart.
---------------------------------------------
http://www.heise.de/security/meldung/USA-und-China-richten-Arbeitsgruppen-fuer-Internet-Sicherheit-ein-1841506.html


*** Social Media Widget remote file inclusion ***
---------------------------------------------
Topic: Social Media Widget remote file inclusion Risk: High Text:http://blog.sucuri.net/2013/04/wordpress-plugin-social-media-widget.html http://securityledger.com/hacked-wordpress-plug-in-pu...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/AgtWJoX3sg0/WLB-2013040103


*** Under the microscope: The bug that caught PayPal with its pants down ***
---------------------------------------------
Payment giant suffers textbook SQL injection flaw Security researchers have published a more complete rundown on a recently patched SQL injection flaw on PayPals website.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/04/15/paypal_sql_injection/


*** 8 Steps To Secure Your WordPress Blog ***
---------------------------------------------
Wordpress blogs are regular targets to brute force attacks, there is one large attack going on right now. These attacks are automated across all the hosting platforms and attempt to find bloggers that are using default usernames, weak passwords and outdated WordPress installations.
---------------------------------------------
http://www.howtomakemyblog.com/wordpress/7-simple-steps-to-make-your-wordpress-blog-more-secure/


*** Kippo 0.8 small SSH honeypot to keep track of brute force attacks ***
---------------------------------------------
New release have been announced on Kippo one of the most widely used ssh honeypot. this tool is a python based and emulates a shell on the server end to detect brute force attack. Kippo is a low to medium interaction SSH honeypot and can be a good addition to your honeypot solution.
---------------------------------------------
http://www.sectechno.com/2013/04/14/kippo-0-8-small-ssh-honeypot-to-keep-track-of-brute-force-attacks/


*** Linksys EA2700 Multiple Vulnerabilities ***
---------------------------------------------
Linksys EA2700 Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/52985


*** AndroTotal ***
---------------------------------------------
AndroTotal is a free service to scan suspicious APKs against multiple mobile antivirus apps.
---------------------------------------------
http://beta.andrototal.org/


*** Parallels Plesk Panel Privilege Escalation Vulnerabilities ***
---------------------------------------------
Parallels Plesk Panel Privilege Escalation Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/52998


*** Vaillant-Heizungen mit Sicherheits-Leck ***
---------------------------------------------
Die Heizungsanlage ecoPower 1.0 kann man über das Internet steuern – allerdings auch dann, wenn man dazu gar nicht berechtigt ist. Ein Angreifer könnte die Anlage dadurch potenziell dauerhaft beschädigen. Kunden sollen jetzt den Netzwerkstecker ziehen.
---------------------------------------------
http://www.heise.de/security/meldung/Vaillant-Heizungen-mit-Sicherheits-Leck-1840919.html


*** Blog: Winnti returns with PlugX ***
---------------------------------------------
Continuing our investigation into Winnti, in this post we describe how the group tried to re-infect a certain gaming company and what malware they used. After discovering that the company’s servers were infected, we began to clean them up in conjunction with the company’s system administrator, removing malicious files from the corporate network. This took a while because it was not clear at first exactly how the cybercriminals had penetrated the corporate network; we couldn’t
---------------------------------------------
http://www.securelist.com/en/blog/208194224/Winnti_returns_with_PlugX