[CERT-daily] Tageszusammenfassung - Dienstag 13-08-2013

Tue Aug 13 18:09:57 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 12-08-2013 18:00 − Dienstag 13-08-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** Blaster - 3654 Days Later ***
---------------------------------------------
Yesterday was Blasters 10th anniversary. Do you remember where you were on August 11, 2003? Numerous organizations, including several banks and airlines, suffered serious disruptions because of Blaster which caused affected computers to reboot continuously. Can you imagine the difficulties that would cause today? 
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002587.html


*** Cybercrime-friendly underground traffic exchange helps facilitate fraudulent and malicious activity ***
---------------------------------------------
By Dancho Danchev Throughout the last couple of years, the persistent demand for geolocated traffic coming from both legitimate traffic exchanges or purely malicious ones - think traffic acquisition through illegally embedded iFrames - has been contributing to the growing market segment where traffic is bought, sold and re-sold, ...
---------------------------------------------
http://blog.webroot.com/2013/08/13/cybercrime-friendly-underground-traffic-exchange-helps-facilitate-fraudulent-and-malicious-activity


*** Attackers Toolbox Makes Malware Detection More Difficult ***
---------------------------------------------
Sometimes the simplest techniques can foil the complex systems created by security firms and large enterprises to detect malicious programs and files. Putting malware to sleep, waiting for a user to click, or looking for the hallmarks of a virtual machine can set off warning bells and cause a malicious program to cease running, making analysis difficult at best.
---------------------------------------------
http://www.darkreading.com/monitoring/attackers-toolbox-makes-malware-detectio/240159800


*** Researchers demonstrate how IPv6 can easily be used to perform MitM attacks ***
---------------------------------------------
Many devices simply waiting for router advertisements, good or evil. When early last year I was doing research for an article on IPv6 and security, I was surprised to learn how easy it was to set up an IPv6 tunnel into an IPv4-only environment.
---------------------------------------------
http://www.virusbtn.com/blog/2013/08_12.xml


*** Joomla Patches Zero Day Targeting EMEA Banks ***
---------------------------------------------
Content management system Joomla patched a zero-day vulnerability that allowed attackers to upload malicious code that led victims to the Blackhole exploit kit.
---------------------------------------------
http://threatpost.com/joomla-patches-zero-day-targeting-emea-banks/101976


*** WordPress All-in-One Event Calendar Plugin Script Insertion and SQL Injection Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54038


*** HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080109


*** IBM HTTP Server mod_rewrite Arbitrary Command Execution Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54497


*** Juniper Network and Security Manager Apache Axis2 Security Issue and Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54454


*** Dovecot POP3 "LIST" Command Handling Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54438


*** Debian Security Advisory DSA-2737 swift ***
---------------------------------------------
http://www.debian.org/security/2013/dsa-2737


*** IBM Advanced Management Module Cross-Site Scripting (XSS) ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080103


*** Ajax PHP Penny Auction 1.x 2.x multiple Vulnerabilities ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080104


*** Python SSL Module "subjectAltNames" NULL Byte Handling Security Issue ***
---------------------------------------------
https://secunia.com/advisories/54393