[CERT-daily] Tageszusammenfassung - Montag 11-02-2013

Mon Feb 11 18:03:29 CET 2013

=======================
= End-of-Shift report =
=======================
Timeframe:   Freitag 08-02-2013 18:00 − Montag 11-02-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Matthias Fraidl

*** ct Trojaner-Test: Die alten fangen sie alle ***
---------------------------------------------
Der Trojaner-Test der aktuellen ct attestiert den Viren-Wächtern eine hervorragende Leistung: Sie blockierten alle Trojaner, wenn diese über eine Woche alt waren. Wer seine Mail allerdings sofort öffnet, muss aufpassen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2863edd1/l/0L0Sheise0Bde0Cmeldung0Cc0Et0ETrojaner0ETest0EDie0Ealten0Efangen0Esie0Ealle0E180A0A4970Bhtml0Cfrom0Crss0A9/story01.htm


*** Security Firm Bit9 Hacked, Used to Spread Malware ***
---------------------------------------------
"Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known safe files from computer viruses and other malicious software. Waltham, Massachusetts-based Bit9 is a leading provider of application whitelisting services, a security technology that turns the traditional approach to fighting malware on its head.
---------------------------------------------
http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spread-malware/


*** Bots, Zeus, Web Exploits: the Most Potent Threats of 2012 ***
---------------------------------------------
"Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure claims that the second half of 2012 was really about things that rarely (if ever) come up in local and national news: botnets, ZeroAccess in particular, Java and other Web exploits, and the
---------------------------------------------
http://threatpost.com/en_us/blogs/bots-zeus-web-exploits-most-potent-threats-2012-020513


*** New Whitehole exploit toolkit emerges on the underground market ***
---------------------------------------------
"A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday. Exploit kits are malicious Web-based applications designed to install malware on computers by exploiting vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player. Attacks that use such toolkits are called drive-by downloads
---------------------------------------------
http://www.csoonline.com/article/728509/new-whitehole-exploit-toolkit-emerges-on-the-underground-market


*** Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection ***
---------------------------------------------
Topic: Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection Risk: Medium Text:# Exploit Title: wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection # Google Dork: inurl:/wp-content...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/hLRBxtv9_j0/WLB-2013020061


*** [dos] - Schneider Electric Accutech Manager Heap Overflow PoC ***
---------------------------------------------
Schneider Electric Accutech Manager Heap Overflow PoC
---------------------------------------------
http://www.exploit-db.com/exploits/24474


*** Wordpress post2pdf-converter v2 Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress post2pdf-converter v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress post2pdf-converter v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/post2pdf-convert...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ymNXfLXFu7A/WLB-2013020064


*** Wordpress smart-map v2 Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress smart-map v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress smart-map v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/smart-map inurl:show-smar...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/3bHfg6PXmFU/WLB-2013020063


*** "Intel Packet of Death" ist kein Intel-Problem ***
---------------------------------------------
Die vermeintlichen Todespakete, mit denen man bestimmte Intel-Netzwerkinterfaces abschießen können soll, betreffen offenbar nur einen einzigen Board-Hersteller. Laut Intel hat dieser beim Programmieren des EEPROMs gepatzt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/287185f4/l/0L0Sheise0Bde0Cmeldung0CIntel0EPacket0Eof0EDeath0Eist0Ekein0EIntel0EProblem0E17999640Bhtml0Cfrom0Crss0A9/story01.htm


*** Vuln: GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability ***
---------------------------------------------
GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/44154


*** [papers] - Manipulating Memory for Fun & Profit ***
---------------------------------------------
Manipulating Memory for Fun & Profit
---------------------------------------------
http://www.exploit-db.com/download_pdf/24482


*** [webapps] - Linksys WRT160N - Multiple Vulnerabilities ***
---------------------------------------------
Linksys WRT160N - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24478


*** Linksys WAG200G Multiple Vulns ***
---------------------------------------------
Topic: Linksys WAG200G Multiple Vulns Risk: Medium Text:Device Name: Linksys WAG200G Vendor: Linksys/Cisco Device Description: The WAG200G is a Linksys Wireless-G A...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/QVSmcx_37s8/WLB-2013020066


*** Apache CXF WSS4JInInterceptor always allows HTTP Get requests ***
---------------------------------------------
Topic: Apache CXF WSS4JInInterceptor always allows HTTP Get requests Risk: High Text:CVE-2012-5633: WSS4JInInterceptor always allows HTTP Get requests from browser Severity: Critical Vendor: The Apache Soft...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/mpI-hZhtnw0/WLB-2013020071


*** Nach dem Java-Update ist vor dem Java-Update ***
---------------------------------------------
Oracle hat mit seinem Notfall-Update am 1. Februar schnell reagiert. Eigentlich war ein Update für den 19. Februar geplant. Dieser Termin wird nun auch eingehalten: Mit einem Update für den Notfall-Patch.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2872904c/l/0L0Sheise0Bde0Cmeldung0CNach0Edem0EJava0EUpdate0Eist0Evor0Edem0EJava0EUpdate0E180A19860Bhtml0Cfrom0Crss0A9/story01.htm


*** Java Zero-Day Offered On Russian Dark Market For $100k ***
---------------------------------------------
"Java zero-day software flaws arent just worth tens of thousands, they can fetch hundreds of thousands, according to RSA security experts. When asked how much vulnerabilities were selling for, one cyber intelligence agent, tasked specifically with infiltrating Russian dark markets on the Web, told TechWeekEurope he had seen a Java vulnerability on sale for $100,000. The latest Java vulnerability, that went for $100,000, he said...."
---------------------------------------------
http://www.techweekeurope.co.uk/news/java-zero-day-russian-forum-sale-100000-106906


*** OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/, (Mon, Feb 11th) ***
---------------------------------------------
--  John Bambenek  bambenek \at\ gmail /dot/ com  Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15133&rss