[CERT-daily] Tageszusammenfassung - Dienstag 16-04-2013

Daily end-of-shift report team at cert.at
Tue Apr 16 18:00:32 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 15-04-2013 18:00 − Dienstag 16-04-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Robert Waldner

*** How mobile spammers verify the validity of harvested phone numbers ***
---------------------------------------------
By Dancho Danchev Just as we anticipated earlier this year in our "How mobile spammers verify the validity of harvested phone number" post, mobile spammers and cybercriminals in general will continue ensuring that QA (Quality Assurance) is applied to their upcoming campaigns. This is done in an attempt to both successfully reach a wider audience and to..
---------------------------------------------
http://blog.webroot.com/2013/04/16/how-mobile-spammers-verify-the-validity-of-harvested-phone-numbers-part-two/




*** Analyzing Malicious PDFs or: How I Learned to Stop Worrying and Love Adobe Reader ***
---------------------------------------------
This blog post and the next blog post will focus on analyzing malicious PDF files and the changes we've made to jsunpack to facilitate this analysis.
---------------------------------------------
http://visiblerisk.com/blog/2013/4/8/analyzing-malicious-pdfs-or-how-i-learned-to-stop-worrying-a.html




*** Tricks neu aufgelegt: Vorsicht bei Copy&Paste ***
---------------------------------------------
Mit einem nicht ganz neuen Trick, der derzeit verstärkt wieder kursiert, können Web-Seiten etwa arglosen Linux-Usern, die zu faul zum Tippen sind, Befehle unterjubeln und deren System kapern.
---------------------------------------------
http://www.heise.de/security/meldung/Tricks-neu-aufgelegt-Vorsicht-bei-Copy-Paste-1841048.html




*** New security protection, fixes for 39 exploitable bugs coming to Java ***
---------------------------------------------
Oracle plans to release an update for the widely exploited Java browser plugin. The update fixes 39 critical vulnerabilities and introduces changes designed to make it harder to carry out drive-by attacks on end-user computers.
---------------------------------------------
http://arstechnica.com/security/2013/04/new-security-protection-fixes-for-39-exploitable-bugs-coming-to-java/




*** Linode Hacked Through ColdFusion Zero Day ***
---------------------------------------------
The attackers who compromised Web hosting provider Linode used a zero day vulnerability in Adobe ColdFusion and were able to access the companys database, source code and customers credit card numbers and passwords. The company said that the customer credit card numbers were encrypted, as were the passwords, but it forced a system-wide password reset after the attack was discovered.read more
---------------------------------------------
https://threatpost.com/en_us/blogs/linode-hacked-through-coldfusion-zero-day-041613




*** MediaWiki Two XML External Entities Vulnerabilities ***
---------------------------------------------
Two vulnerabilities have been reported in MediaWiki, which can be exploited by malicious people to potentially disclose sensitive information and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/53054




*** Nitro Pro Insecure Library Loading Vulnerability ***
---------------------------------------------
SEC Consult has reported a vulnerability in Nitro Pro, which can be exploited by malicious people to compromise a user's system. 
---------------------------------------------
https://secunia.com/advisories/52907




*** EasyPHPCalendar Date Picker Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability has been reported in EasyPHPCalendar, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input related to the date picker is not properly sanitised before being returned to the user. 
---------------------------------------------
https://secunia.com/advisories/53025




*** NetGear WNR1000 ".jpg" Security Bypass Vulnerability ***
---------------------------------------------
Roberto Paleari has reported a vulnerability in NetGear WNR1000, which can be exploited by malicious people to bypass certain security restrictions. The application does not properly restrict access to certain web pages with appended ".jpg" to the URL and can be exploited to e.g. gain knowledge the configuration file including admin credentials.
---------------------------------------------
https://secunia.com/advisories/52856


More information about the Daily mailing list