[CERT-daily] Tageszusammenfassung - Donnerstag 18-04-2013

Thu Apr 18 18:06:10 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 17-04-2013 18:00 − Donnerstag 18-04-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Otmar Lendl

*** Cisco Network Admission Control Manager SQL Injection Vulnerability ***
---------------------------------------------
Cisco Network Admission Control (NAC) Manager contains a vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code and take full control of the vulnerable system. 
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac


*** Sitecom WLM-3500 Backdoor Accounts ***
---------------------------------------------
Sitecom WLM-3500 routers contain an undocumented access backdoor that can be abused to bypass existing authentication mechanisms. These hard-coded accounts are persistently stored inside the device firmware image. 
---------------------------------------------
https://cxsecurity.com/wlb/WLB-2013040131


*** Open-Xchange 6 / OX AppSuite Cross Site Scripting ***
---------------------------------------------
Open-Xchange Security Advisory (multiple vulnerabilities) Multiple security issues for Open-Xchange Server 6 and OX AppSui...
---------------------------------------------
https://cxsecurity.com/wlb/WLB-2013040130


*** ZPanel Code Execution ***
---------------------------------------------
Theres an arbitrary (PHP) code execution in ZPanel, a free and open-source shared hosting control panel.
---------------------------------------------
https://cxsecurity.com/wlb/WLB-2013040127


*** DIY Russian mobile number harvesting tool spotted in the wild ***
---------------------------------------------
By Dancho Danchev Earlier this year we profiled a newly released mobile/phone number harvesting application, a common tool in the arsenal of mobile spammers, as well as vendors of mobile spam services. Since the practice is an inseparable part of the mobile spamming process, cybercriminals continue periodically releasing new mobile number harvesting applications, update their features, but most interestingly..
---------------------------------------------
http://blog.webroot.com/2013/04/18/diy-russian-mobile-number-harvesting-tool-spotted-in-the-wild/    


*** Exploiting SOHO Routers ***
---------------------------------------------
Researchers have discovered critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points. We define a critical security vulnerability in a router as one that allows a remote attacker to take full control of the routers configuration settings, or one that allows a local attacker to bypass authentication and take control.
---------------------------------------------
http://securityevaluators.com//content/case-studies/routers/soho_router_hacks.jsp


*** Oracle schließt 128 Lücken in Datenbankprodukten ***
---------------------------------------------
Die Updates verteilen sich quer über das gesamte Produktspektrum des Herstellers; allein 25 betreffen die Open-Source-Datenbank MySQL.
---------------------------------------------
http://www.heise.de/security/meldung/Oracle-schliesst-128-Luecken-in-Datenbankprodukten-1844571.html


*** Microsoft Security Intelligence Report Vol. 14 ***
---------------------------------------------
The Microsoft Security Intelligence Report (SIR) analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide. Threat awareness can help you protect your organization, software, and people.
---------------------------------------------
https://www.microsoft.com/security/sir/default.aspx


*** Bostoner Attentat wird für neue Spamwelle missbraucht ***
---------------------------------------------
Zehn bis zwanzig Prozent des gesamten Spam-Aufkommens soll der "Boston Spam" schon ausmachen. Die Kriminellen starten falsche Twitter-Accounts zur "Spendenaquise" und lenken Nutzer auf verseuchte Webseiten.
---------------------------------------------
http://www.heise.de/security/meldung/Bostoner-Attentat-wird-fuer-neue-Spamwelle-missbraucht-1844484.html
https://www.cert.at/services/blog/20130417110508-824.html


*** Cyberthugs put YOUR PC to work as Bitcoin-mining SLAVE ***
---------------------------------------------
E-currency just went mainstream The recent crash in the value of Bitcoins hasnt prevented cybercriminals from cooking up new ways to distribute malware engineered to mine the currency using compromised computers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/04/18/bitcoin_mining_blackhole/


*** Magic mystery malware menaces many UK machines - new claim ***
---------------------------------------------
Who exactly is spying on thousands of Brit biz PCs? Security researchers have found malware that communicates using an unknown protocol and is largely targeting UK businesses.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/04/18/magic_malware_menaces_uk/


*** Plone Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Plone, which can be exploited by malicious people to conduct cross-site request forgery attacks.
---------------------------------------------
https://secunia.com/advisories/52955