[CERT-daily] Tageszusammenfassung - Donnerstag 29-08-2013

Thu Aug 29 18:01:50 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 28-08-2013 18:00 − Donnerstag 29-08-2013 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Bugtraq: Cisco Security Advisory: Cisco Secure Access Control Server Remote Command Execution Vulnerability ***
---------------------------------------------
Cisco Security Advisory: Cisco Secure Access Control Server Remote Command Execution Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/528295


*** Kelihos Relying on CBL Blacklists to Evaluate New Bots ***
---------------------------------------------
The Kelihos botnet is leveraging legitimate security services such as composite blocking lists (CBLs) to test the reliability of victim IP addresses before using them to push spam and malware.
---------------------------------------------
http://threatpost.com/kelihos-relying-on-cbl-blacklists-to-evalute-new-bots/102127


*** Java Native Layer Exploits Going Up ***
---------------------------------------------
Recently, security researchers disclosed two Java native layer exploits (CVE-2013-2465 and CVE-2013-2471). This caused us too look into native layer exploits more closely, as they have been becoming more common this year. At this year’s Pwn2Own competition at CanSecWest, Joshua Drake showed CVE-2013-1491, which was exploitable on Java 7 running on Windows 8. CVE-2013-1493 has […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroJava Native Layer Exploits Going Up
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/--YBZ1lrFxM/


*** Cisco Secure Access Control Server EAP-FAST Authentication Flaw Lets Remote Users Execute Arbitrary Commands ***
---------------------------------------------
Cisco Secure Access Control Server EAP-FAST Authentication Flaw Lets Remote Users Execute Arbitrary Commands
---------------------------------------------
http://www.securitytracker.com/id/1028958


*** Unpatched Mac bug gives attackers “super user” status by going back in time ***
---------------------------------------------
Exploiting the five-month-old "sudo" flaw in OS X just got easier.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/r1T9FKbYWWY/story01.htm


*** Triangle MicroWorks Improper Input Validation ***
---------------------------------------------
OVERVIEWAdam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in multiple Triangle MicroWorks’ products and third‑party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. Adam Crain has tested the update to validate that it resolves the vulnerability.This vulnerability could be exploited remotely.AFFECTED PRODUCTSThe following Triangle MicroWorks products are affected:
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01


*** Bugtraq: 30C3 Call for Participation ***
---------------------------------------------
30C3 Call for Participation
---------------------------------------------
http://www.securityfocus.com/archive/1/528298


*** Suspect Sendori software, (Thu, Aug 29th) ***
---------------------------------------------
Reader Kevin wrote in to alert us of an interesting discovery regarding Sendori. Kevin stated that two of his clients were treated to malware via the auto-update system for Sendori. In particular, they had grabbed Sendori-Client-Win32/2.0.15 from 54.230.5.180 which is truly an IP attributed to Sendori via lookup results. Sendoris reputation is already a bit sketchy; search results for Sendori give immediate pause but this download in particular goes beyond the pale. With claims that "As of
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16466&rss


*** WordPress Wordfence 3.8.1 Cross Site Scripting ***
---------------------------------------------
Topic: WordPress Wordfence 3.8.1 Cross Site Scripting Risk: Low Text:# Exploit Title: Wordpress Plugin Wordfence 3.8.1 - Cross Site Scripting # Date: 28 de Agosto del 2013 # Exploit Author: Dyla...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080221


*** Google Docs Information Disclosure ***
---------------------------------------------
Topic: Google Docs Information Disclosure Risk: Medium Text:I reported this problem to Google in June but I did not get the usual reply saying they were working on it, so I guess it isn...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080224


*** Bugtraq: Drupal Node View Permissions module and Flag module Vulnerabilities ***
---------------------------------------------
Drupal Node View Permissions module and Flag module Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/528310


*** Cybercrime-friendly underground traffic exchanges help facilitate fraudulent and malicious activity – part two ***
---------------------------------------------
By Dancho Danchev The list of monetization tactics a cybercriminal can take advantage of, once they manage to hijack a huge portion of Web traffic, is virtually limitless and is entirely based on his experience within the cybercrime ecosystem. Through the utilization of blackhat SEO (search engine optimization), RFI (Remote File Inclusion), DNS cache poisoning, or […]
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/zWNtszZsWRs/


*** IBM InfoSphere Information Server Multiple Vulnerabilities ***
---------------------------------------------
IBM InfoSphere Information Server Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54666


*** Office 2003s burial will resurrect hacker activity ***
---------------------------------------------
The end of Microsofts support for popular suite come April 2014 will usher in an era of infinite zero-day attacks, analyst predicts
---------------------------------------------
http://www.csoonline.com/article/738914/office-2003-s-burial-will-resurrect-hacker-activity?source=rss_application_security


*** [papers] - Metasploit -The Exploit Learning Tree ***
---------------------------------------------
Metasploit -The Exploit Learning Tree
---------------------------------------------
http://www.exploit-db.com/download_pdf/27935


*** Outage Analyzer - Track Web Service Outages,in Real Time ***
---------------------------------------------
....Outage Analyzer lets you view internet service outages as they occur around the world. The application lists the outages that are occurring now or can provide a view of outages that have closed recently......
---------------------------------------------
http://www.compuware.com/en_us/application-performance-management/products/outage-analyzer/overview.html