[CERT-daily] Tageszusammenfassung - Mittwoch 31-07-2013

Wed Jul 31 18:02:26 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 30-07-2013 18:00 − Mittwoch 31-07-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** New Software Obfuscation Throws Wrench into Reverse Engineering ***
---------------------------------------------
Researchers say their new software obfuscation scheme is the first time this technique has been successfully accomplished where the underlying piece of software, such as a patch, could not be reverse engineered in a matter of days.
---------------------------------------------
http://threatpost.com/new-software-obfuscation-throws-wrench-into-reverse-engineering/101531


*** Malware Hijacks Social Media Accounts Via Browser Add-ons ***
---------------------------------------------
We spotted yet another threat lurking around social media sites targeting users of either Google Chrome or Mozilla Firefox. This threat uses fake extensions for both browsers to infiltrate user systems and hijack social media accounts specifically, Facebook, Google+, and Twitter accounts. 
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-hijacks-social-media-accounts-via-browser-add-ons/


*** Pwned again: an exclusive look at Pwnie Express newest hack-in-a-box ***
---------------------------------------------
The Pwn Plug R2 is a miniature NSA, ready to exploit networks for their own good.
---------------------------------------------
http://arstechnica.com/security/2013/07/pwned-again-an-exclusive-look-at-pwnie-express-newest-hack-in-a-box/


*** DIY commercially-available 'automatic Web site hacking as a service' spotted in the wild ***
---------------------------------------------
By Dancho Danchev A newly launched underground market service, aims to automate the unethical penetration testing process, by empowering virtually all of its (paying) customers with what they claim is 'private exploitation techniques' capable of compromising any Web site.
---------------------------------------------
http://blog.webroot.com/2013/07/31/diy-commercially-available-automatic-web-site-hacking-as-a-service-spotted-in-the-wild/


*** TYPO3-CORE-SA-2013-002: Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core ***
---------------------------------------------
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting and Remote Code Execution 
Component Type: TYPO3 Core 
Overall Severity: Critical
---------------------------------------------
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/


*** New Software Obfuscation Throws Wrench into Reverse Engineering ***
---------------------------------------------
Researchers say their new software obfuscation scheme is the first time this technique has been successfully accomplished where the underlying piece of software, such as a patch, could not be reverse engineered in a matter of days.
---------------------------------------------
https://threatpost.com/new-software-obfuscation-throws-wrench-into-reverse-engineering/101531


*** Mozilla Minion: Plattform für Sicherheitstests ***
---------------------------------------------
Die Plattform zum Automatisieren von Sicherheitstests hat laut ihrer Entwickler mit Version 0.3 nun einen Stand erreicht, in dem sie sich erstmals im großen Stil einsetzen ließe.
---------------------------------------------
http://www.heise.de/security/meldung/Mozilla-Minion-Plattform-fuer-Sicherheitstests-1927091.html


*** MalwareZ: visualizing malware activity on earth map ***
---------------------------------------------
MalwareZ is a visualization project that is started as a YakindanEgitim (YE) project. YE is a startup that me and some collegues mentor young people on specific projects, remotely. It is announced as a local fork of Google Summer of Code, except neither mentors nor mentees are paid.
---------------------------------------------
https://www.honeynet.org/node/1075


*** Licht an, Whirlpool aus: Smart-Home-Hacking ***
---------------------------------------------
Bei der BlackHat-Konferenz widmen sich mehrere Vortragende dem Thema (un)sichere Heimautomation. Eine Journalistin von Forbes versuchte sich ebenfalls im Home-Hacking - und hatte bei acht "Smart-Homes" Erfolg.
---------------------------------------------
http://www.heise.de/security/meldung/Licht-an-Whirlpool-aus-Smart-Home-Hacking-1927124.html


*** Andromeda Botnet Gets an Update ***
---------------------------------------------
The Andromeda botnet is still active in the wild and not yet dead. In fact, it's about to undergo a major update real soon. This botnet was first reported back in 2011 but has recently risen to prominence due to the latest modifications in the threat.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/andromeda-botnet-gets-an-update/


*** Siemens SIMATIC WinCC TIA Portal Two Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54051


*** Vuln: YUI CVE-2013-4939 Multiple Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/61177


*** Vuln: phpMyAdmin CVE-2013-4998 Multiple Unspecified Full Path Information Disclosure Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/61513


*** More heavily URL encoded PHP Exploits against Plesk "phppath" vulnerability, (Tue, Jul 30th) ***
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16255&rss


*** IE9/10 information disclosure vulnerability ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070232