[CERT-daily] Tageszusammenfassung - Dienstag 9-07-2013

Daily end-of-shift report team at cert.at
Tue Jul 9 18:03:29 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 08-07-2013 18:00 − Dienstag 09-07-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** Root SSH Key Shipping with Emergency Alert System Devices Exposed ***
---------------------------------------------
Firmware images for devices at the core of the Emergency Alert System are shipping with a compromised root SSH key, researchers at IOActive said.
---------------------------------------------
http://threatpost.com/root-ssh-key-shipping-with-emergency-alert-system-devices-exposed/




*** Novel ransomware tactic locks users PCs, demands that they participate in a survey to get the unlock code ***
---------------------------------------------
>From managed ransomware as a service 'solutions' to DIY ransomware generating tools, this malicious market segment is as hot as ever with cybercriminals continuing to push new variants, and sometimes, literally introducing novel approaches to monetize locked PCs.
-------------------
http://blog.webroot.com/2013/07/08/novel-ransomware-tactic-locks-users-pcs-demands-that-they-participate-in-a-survey-to-get-the-unlock-code/




*** RSA Authentication Manager Lets Local Users View the Administrative Account Password ***
---------------------------------------------
When the RSA Authentication Manager Software Development Kit (SDK) is used to develop a custom application that connects with RSA Authentication Manager and the trace logging is set to verbose, the administrative account password used by the custom application is written in clear text to trace log file.
---------------------------------------------
http://www.securitytracker.com/id/1028742




*** WordPress Search N Save XSS & Path Disclosure ***
---------------------------------------------
These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. 
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070060




*** Oracle Java Applet Preloader Click-2-Play Warning Bypass ***
---------------------------------------------
The vulnerability is caused by a design error in the Java click-2-play
security warning when the preloader is used, which can be exploited by
remote attackers to load a malicious applet (e.g. taking advantage of
a Java memory corruption vulnerability) without any user interaction
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070067




*** Doctor Web: June virus activity review ***
---------------------------------------------
Despite summer being a holiday season, threats to IT security persisted in June. At the very beginning of the month, Doctor Webs virus analysts discovered a new version of a dangerous Trojan targeting Linux servers, while in the middle of June, another wave of Trojan encoders swept across desktops. Also found was a host of new threats to mobile devices.
---------------------------------------------
http://news.drweb.com/show/?i=3708&lng=en&c=9




*** Spamvertised 'Export License/Invoice Copy' themed emails lead to malware ***
---------------------------------------------
We've just intercepted a currently circulating malicious spam campaign consisting of tens of thousands of fake 'Export License/Invoice Copy' themed emails, enticing users into executing the malicious attachment. Once the socially engineered users do so, their PCs automatically become part of the botnet operated by the cybercriminals behind the campaign.
---------------------------------------------
http://blog.webroot.com/2013/07/09/spamvertised-export-licenseinvoice-copy-themed-emails-lead-to-malware/



*** Exploit Code Released For Android Security Hole ***
---------------------------------------------
Pau Oliva Fora, a security researcher for the firm Via Forensics, published a small, proof of concept module that exploits the flaw in the way Android verifies the authenticity of signed mobile applications. The flaw was first disclosed last week by Jeff Forristal, the Chief Technology Officer at Bluebox Security, ahead of a presentation at the Black Hat Briefings in August.
---------------------------------------------
https://securityledger.com/2013/07/exploit-code-released-for-android-security-hole/




*** [2013-07-09] Denial of service vulnerability in Apache CXF ***
---------------------------------------------
It is possible to execute Denial of Service attacks on Apache CXF, exploiting the fact that the streaming XML parser does not put limits on things like the number of elements, number of attributes, the nested structure of the document received, etc. The effects of these attacks can vary from causing high CPU usage, to causing the JVM to run out of memory.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130709-0_Apache_CXF_Denial_of_Service_v10.txt




*** HP storage: more possible backdoors ***
---------------------------------------------
LeftHand, StoreVirtual remote reset suggests factory account Technion, the blogger who recently turned up an undocumented back door in HPs StoreOnce, has turned up similar issues in other HP products - publicised on support forums by the company, but unnoticed at the time.
---------------------------------------------
http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/




*** Hard drive-wiping malware that hit South Korea tied to military espionage ***
---------------------------------------------
The hackers responsible for a malware attack in March that simultaneously wiped data from tens of thousands of South Korean computers belong to the same espionage group that has targeted South Korean and US military secrets for four years, researchers said.
---------------------------------------------
http://arstechnica.com/security/2013/07/hard-drive-wiping-malware-that-hit-s-korea-tied-to-military-espionage/




*** Vuln: MongoDB Remote Privilege Escalation Vulnerability ***
---------------------------------------------
MongoDB is prone to a remote privilege-escalation vulnerability. 
An attacker can exploit this issue to gain elevated privileges within the application and obtain unauthorized access to the sensitive information. 
MongoDB 2.4.0 through 2.4.4 and 2.5.0 are vulnerable; other versions may also be affected.
---------------------------------------------
http://www.securityfocus.com/bid/61007




*** US-Behörde zerstört eigene Hardware aus Angst vor Viren ***
---------------------------------------------
PCs, Bildschirme, Kameras, Mäuse und Tastaturen - eine US-Behörde wollte ihre gesamte IT-Ausstattung verschrotten, weil sie einen massiven Virenbefall befürchtete. Dabei waren wohl nur sechs Rechner betroffen.
---------------------------------------------
http://www.heise.de/security/meldung/US-Behoerde-zerstoert-eigene-Hardware-aus-Angst-vor-Viren-1913796.html




*** Mail-Adressen bei T-Online lassen sich kapern ***
---------------------------------------------
Gelingt es einem Angreifer, sein Opfer in spe auf eine speziell präparierte Internetseite zu locken, kann er dessen Mailadresse bei T-Online dauerhaft übernehmen.
---------------------------------------------
http://www.heise.de/security/meldung/Mail-Adressen-bei-T-Online-lassen-sich-kapern-1914004.html




*** OTRS / OTRS ITSM Unspecified Script Insertion and SQL Injection Vulnerabilities ***
---------------------------------------------
Some vulnerabilities have been reported in OTRS and OTRS ITSM, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.
---------------------------------------------
https://secunia.com/advisories/52623





More information about the Daily mailing list