[CERT-daily] Tageszusammenfassung - Freitag 19-04-2013

Fri Apr 19 18:18:17 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 18-04-2013 18:00 − Freitag 19-04-2013 18:00
Handler:     Stephan Richter
Co-Handler:  L. Aaron Kaplan


*** Yes, “design flaw” in 1Password is a problem, just not for end users ***
---------------------------------------------
It may very well be time for a new and improved hashing function.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/p6YJzwrXgpU/


*** SAP ConfigServlet command execution ***
---------------------------------------------
SAP ConfigServlet command execution
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/83637


*** IBM Lotus Connections reflected cross-site scripting ***
---------------------------------------------
IBM Lotus Connections reflected cross-site scripting
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/82265


*** Microsoft releases 4 of Enhanced Mitigation Experience Toolkit (EMET), More here: http://www.microsoft.com/en-us/download/details.aspx?id=38761, (Thu, Apr 18th) ***
---------------------------------------------
--  John Bambenek  bambenek \at\ gmail /dot/ com  Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15635&rss


*** ISC Handler Lenny Zeltsers REMnux v4 Reviewed on Hak5, (Thu, Apr 18th) ***
---------------------------------------------
Earlier this money, Lenny released version 4 of REMnux, a lightweight Ubuntu Linux-based distro for analyzing malware. It was recently reviewed on Hak5. Take a look and if you havent already, download the image and send Lenny your feedback.  -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15638&rss


*** Novell GroupWise WebAccess Input Validation Flaw in OnError Attribute Permits Cross-Site Scripting Attacks ***
---------------------------------------------
Novell GroupWise WebAccess Input Validation Flaw in OnError Attribute Permits Cross-Site Scripting Attacks
---------------------------------------------
http://www.securitytracker.com/id/1028454


*** Xen denial of service ***
---------------------------------------------
Xen denial of service
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/83645
http://xforce.iss.net/xforce/xfdb/83646


*** SWFUpload v.ALL <= (Object Injection/CSRF) Vulnerabilities ***
---------------------------------------------
Topic: SWFUpload v.ALL
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/jQYLW7Im9Hg/WLB-2013040138


*** Vuln: Drupal MP3 Player Module Cross Site Scripting Vulnerability ***
---------------------------------------------
Drupal MP3 Player Module Cross Site Scripting Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/59276


*** Vuln: Drupal elFinder Module Cross Site Request Forgery Vulnerability ***
---------------------------------------------
Drupal elFinder Module Cross Site Request Forgery Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/59277


*** WordPress attack highlights 30 million targets ***
---------------------------------------------
Summary: The recent botnet attack on websites running WordPress hasnt had much impact — yet. But with millions of vulnerable sites and a knowledge gap at the low end of the market, things could get much, much worse.
---------------------------------------------
http://www.zdnet.com/wordpress-attack-highlights-30-million-targets-7000014256/


*** Using Nessus to Discover Malware and Botnet Hosts ***
---------------------------------------------
...Tenable has released several plugins to identify hosts in your environment that show signs of a compromise such as containing malware or participating in a botnet. The steps below outline which plugins to enable and how to create filters to easily find the relevant plugins...
---------------------------------------------
http://www.tenable.com/blog/using-nessus-to-discover-malware-and-botnet-hosts


*** OpenPGP Best Practices ***
---------------------------------------------
Some thoughts on best practices for OpenPGP keys
---------------------------------------------
https://we.riseup.net/debian/openpgp-best-practices


*** Facebook closes cross-site scripting holes ***
---------------------------------------------
Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Securitys CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its "Check in" and Messenger for Windows components.
---------------------------------------------
http://www.h-online.com/security/news/item/Facebook-closes-cross-site-scripting-holes-1845850.html


*** Microsoft Discovers Trojan That Erases Evidence Of Its Existence ***
---------------------------------------------
Researchers at Microsoft have spotted a Trojan downloader that does something very savvy yet rare: It deletes its own components so researchers and forensics investigators cant analyze or identify it.
---------------------------------------------
http://www.darkreading.com/vulnerability/microsoft-discovers-trojan-that-erases-e/240152960


*** Hitachi Vulnerabilities in Multiple Products ***
---------------------------------------------
Hitachi Multiple Products Apache HTTP Server Cross-Site Scripting Vulnerability
---------------------------------------------
https://secunia.com/advisories/52990
https://secunia.com/advisories/53136
https://secunia.com/advisories/53139


*** Bugtraq: TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation ***
---------------------------------------------
TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation
---------------------------------------------
http://www.securityfocus.com/archive/1/526403