[CERT-daily] Tageszusammenfassung - Mittwoch 24-04-2013

Wed Apr 24 18:08:27 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 23-04-2013 18:00 − Mittwoch 24-04-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner


*** Kenneth van Wyk: Making safer iOS apps ***
---------------------------------------------
When it comes to developing secure apps for the iOS operating system, theres both good and bad news. Lets get the bad news out of the way first. There are a lot of apps out there, including ones developed by various businesses for their customers to use, that have egregious and easy-to-avoid security vulnerabilities.
---------------------------------------------
https://www.computerworld.com/s/article/9238618/Kenneth_van_Wyk_Making_safer_iOS_apps


*** Encrypted Disk Detector - Useful during incident response to quickly and non-intrusively check for encrypted volumes ***
---------------------------------------------
Encrypted Disk Detector - Useful during incident response to quickly and non-intrusively check for encrypted volumes
---------------------------------------------
http://info.magnetforensics.com/encrypted-disk-detector


*** Serial Offenders: Widespread Flaws in Serial Port Servers ***
---------------------------------------------
Serial Offenders: Widespread Flaws in Serial Port Servers
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/04/23/serial-offenders-widespread-flaws-in-serial-port-servers


*** CVE-2013-2423 Java Vulnerability Exploit ITW ***
---------------------------------------------
A few days after Oracle released a critical patch, CVE-2013-2423 is found to already been exploited. Upon checking the history, the exploitation seems to have begun on April 21st and is still actively happening until a few hours ago:For a closer look, the image below contains a comparison of the classes found in the Metasploit module and that of the ITW sample:Interestingly, the Metasploit module was published on the 20th, and as mentioned earlier, the exploit was seen in the wild the day
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002544.html


*** Malware Callbacks ***
---------------------------------------------
Today we released our first-ever analysis of malware callbacks. Our report can be accessed here: http://www2.fireeye.com/WEB2013ATLReport.html. FireEye monitored more than 12 million malware communications seeking instructions—or callbacks—across hundreds of thousands of infected enterprise hosts, capturing details of advanced attacks as … Continue reading →
---------------------------------------------
http://www.fireeye.com/blog/technical/malware-research/2013/04/malware-callbacks.html


*** Schneider Electric MiCOM S1 Studio Improper Authorization Vulnerability ***
---------------------------------------------
OverviewThis advisory provides mitigation details for a vulnerability affecting the Schneider Electric MiCOM S1 Studio Software.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-100-01


*** 3S CODESYS Gateway-Server Multiple Vulnerabilities (Update A) ***
---------------------------------------------
OverviewThis updated advisory is a follow-up to the original advisory titled ICSA-13-050-01, 3S CODESYS Gateway-Server Multiple Vulnerabilities that was published February 19, 2013, on the ICS-CERT Web page.This updated advisory provides mitigation details for multiple vulnerabilities in the 3S-Smart Software Solutions GmbH CODESYS Gateway-Server.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A


*** OpenText/IXOS ECM for SAP NetWeaver Remote ABAP Code Injection ***
---------------------------------------------
Topic: OpenText/IXOS ECM for SAP NetWeaver Remote ABAP Code Injection Risk: High Text:[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to http://www.esnc.de for the...
---------------------------------------------
http://cxsecurity.com/wlb/WLB-2013040165


*** ClamAV Unspecified Vulnerabilities ***
---------------------------------------------
ClamAV Unspecified Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/53150


*** FSC-2013-1: Remote code execution vulnerability in DLL component ***
---------------------------------------------
A vulnerability in a legacy DLL component related to ActiveX control, in certain F-Secure’s server products, allows arbitrary connections to be made to the ODBC drivers when using the Internet Explorer (IE) web browser. If the local server is running using local authentication, an attacker may be able to execute arbitrary SQL statements.
---------------------------------------------
http://www.f-secure.com/en/web/labs_global/fsc-2013-1


*** Joomla! ALFContact Component Unspecified Cross-Site Scripting Vulnerability ***
---------------------------------------------
Joomla! ALFContact Component Unspecified Cross-Site Scripting Vulnerability
---------------------------------------------
https://secunia.com/advisories/53147


*** Verizon 2013 Data Breach Investigations Report ***
---------------------------------------------
This year’s DBIR combines the expertise of 19 organizations from around the globe. Download the report to discover stats that might surprise you—from the percentage of espionage-related attacks to the astonishing length of time it often takes to spot a security breach. By knowing today’s threats, you can better protect your organization tomorrow.
---------------------------------------------
http://www.verizonenterprise.com/DBIR/2013/


*** Wordpress: Gefährliche Lücken in Cache-Plug-Ins ***
---------------------------------------------
Zwei millionenfach genutzte Wordpress-Plug-Ins können für das Ausführen beliebigen Codes ausgenutzt werden. Die Lücken sind gestopft, jetzt muss gepatcht werden!
---------------------------------------------
http://www.heise.de/security/meldung/Wordpress-Gefaehrliche-Luecken-in-Cache-Plug-Ins-1848684.html


*** CiviCRM Multiple Products Open Flash Chart Arbitrary File Creation Vulnerability ***
---------------------------------------------
CiviCRM Multiple Products Open Flash Chart Arbitrary File Creation Vulnerability
---------------------------------------------
https://secunia.com/advisories/53158


*** Interesting Credit Card transactions, are you seeing similar?, (Wed, Apr 24th) ***
---------------------------------------------
In my day job we get involved in payment systems, credit card transactions etc. We are also asked to investigate and explain incidents as well as "unusual" activity.  When looking at credit card payments there are always payments for people like lkjsdflkjs and "famous person name", usually small value transactions $2, $5, $10 although recently weve started seeing $60 transactions. These are easily identified and the motive is very clear, test the card. If the transaction
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15671&rss