[CERT-daily] Tageszusammenfassung - Montag 24-06-2013

Mon Jun 24 18:10:23 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 21-06-2013 18:00 − Montag 24-06-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Otmar Lendl

*** Tausende Domains ***
---------------------------------------------
Die Adressen verschiedener Dienste wie LinkedIn, Yelp oder Fidelity wurden durch einen menschlichen Fehler für mehrere Stunden auf andere Webseiten umgeleitet. Cisco geht von 5000 betroffenen Domains aus.
---------------------------------------------
http://www.heise.de/security/meldung/Tausende-Domains-1894195.html


*** Dirt Jumper DDoS Variant Drive 'Much More Powerful' Than Predecessors ***
---------------------------------------------
A variant of the Dirt Jumper DDoS engine called Drive has been detected. Drive includes new capabilities and has already targeted a number popular destinations on the Internet.
---------------------------------------------
http://threatpost.com/dirt-jumper-ddos-variant-drive-much-more-powerful-than-predecessors/


*** Security Bulletin: WebSphere Commerce Java API Documentation Frame Injection Vulnerability (CVE-2013-1571) ***
---------------------------------------------
Java API Documentation contains a frame injection vulnerability.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_websphere_commerce_java_api_documentation_frame_injection_vulnerability_cve_2013_1571?lang=en_us


*** WordPress Maintenance Mode Plugin Cross-site request forgery vulnerability ***
---------------------------------------------
WordPress Maintenance Mode Plugin Cross-site request forgery vulnerability
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85146


*** Adobe Flash spoof leads to infectious audio ads ***
---------------------------------------------
We've seen quite a few audio ads infecting users recently. We think it's a good idea to go over an in-depth look at how they infect your computer and how to remediation them. As you can see in this first picture, this is another Adobe Flash spoof that launches its signature update window.
---------------------------------------------
http://blog.webroot.com/2013/06/21/adobe-flash-spoof-leads-to-infectious-audio-ads


*** Device-disabling Fake AV migrates to Android phones, demands ransom ***
---------------------------------------------
Long the bane of computer users, Fake antivirus may extort Android owners, too.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/esDZHzGloyI/


*** Google Translate Cross Site Request Forgery ***
---------------------------------------------
1)Vulnerability Description 
I discovered a new CSRF vulnerability on translate.google.com web site which could allow an attacker to insert items (Words/Phrases/Urls and related translations) into the user's Phrasebook. Furthermore an attacker could also inserta potentially malicious Urls - into the 
above mentioned Phrasebook - towards which the victim could be redirected simply clicking on the "Go to <website>" right-click option on translate.google.com.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060181


*** McAfee ePolicy Orchestrator 4.6.5 SQL injection & directory traversal ***
---------------------------------------------
Main Features:
Remote command execution on the ePo server.
Remote command execution on the Managed stations (one ring to rule them all).
File upload on the ePo server.
Active Directory credentials stealing.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060183


*** Datenpanne bei Facebook ***
---------------------------------------------
Nicht-öffentliche Telefonnummern und E-Mai-Adressen von ungefähr sechs Millionen Facebook-Usern wurden fälschlich an andere Facebook-Nutzer weitergegeben.
---------------------------------------------
http://www.heise.de/security/meldung/Datenpanne-bei-Facebook-1894855.html


*** Vuln: HAProxy CVE-2013-2175 Multiple Denial of Service Vulnerabilities ***
---------------------------------------------
HAProxy is prone to multiple denial-of-service vulnerabilities. 
Exploiting these issues allow remote attackers to trigger denial-of-service conditions.
---------------------------------------------
http://www.securityfocus.com/bid/60588


*** Is SSH no more secure than telnet?, (Sun, Jun 23rd) ***
---------------------------------------------
In SSHs default (and most common) deployment: Yes. It is no more secure than telnet, but it can be better. Apologies to Ian Betteridge  If you ask any sysadmin, they say that SSH is more secure than telnet, and theyll likely comment that opening telnet up to the Internet is reckless. One can simulate asking general opinion with a little googling: "ssh is more secure than telnet": 11,500  "telnet is more secure than ssh": 81   So, the Conventional Wisdom is that
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16049&rss


*** ZPanel 10.0.0.2 htpasswd Module Username Command Execution ***
---------------------------------------------
This module exploits a vulnerability found in ZPanel's htpasswd module. When creating .htaccess using the htpasswd module, the username field can be used to inject system commands, which is passed on to a system() function for executing the system's htpasswd's command.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060193


*** Bugtraq: Linksys X3000 - Multiple Vulnerabilities ***
---------------------------------------------
The vulnerability is caused by missing input validation in the ping_ip parameter and can be exploited to inject and execute arbitrary shell commands.
You need to be authenticated to the device or you have to find other methods for inserting the malicious commands.
---------------------------------------------
http://www.securityfocus.com/archive/1/526945


*** Wordpress: Update schließt zwölf Sicherheitslücken ***
---------------------------------------------
Mit dem Update auf Version 5.3.2 schließt Wordpress Schwachstellen, die mit Cross-Site-Scripting, Server-Side-Request-Forgery- und Denial-of-Service-Attacken ausgenutzt werden können.
---------------------------------------------
http://www.heise.de/security/meldung/Wordpress-Update-schliesst-zwoelf-Sicherheitsluecken-1895011.html


*** Beware Of HTML5 Development Risks ***
---------------------------------------------
Local storage is a big change from HTML of the past, where browsers could only use cookies to store small bits of information, such as session tokens, for managing identity. HTML5 changes this with sessionStorage, localStorage, and client-side databases to allow developers to store vast amounts of data in the browser that is all accessible from JavaScript.
---------------------------------------------
http://www.darkreading.com/applications/beware-of-html5-development-risks/240156891


*** Apple Phishing Scams on the Rise ***
---------------------------------------------
Apple has one of the more gilded consumer brands and the company spends a lot of time and money to keep it that way. Consumers love Apple. Scammers and attackers do too, though, and security researchers in recent months have seen a major spike in the volume of phishing emails abusing Apple's brand, most of which are focused on stealing users' Apple IDs and payment information.
---------------------------------------------
https://threatpost.com/apple-phishing-scams-on-the-rise/