[CERT-daily] Tageszusammenfassung - Dienstag 26-03-2013

Daily end-of-shift report team at cert.at
Tue Mar 26 18:20:11 CET 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 25-03-2013 18:00 − Dienstag 26-03-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** libxslt XSL Parsing Flaws Let Remote Users Deny Service ***
---------------------------------------------
A remote user can send an XSL template with an empty 'match' attribute to trigger a crash in the xsltDocumentFunction() function in 'libxslt/functions.c'.
---------------------------------------------
http://www.securitytracker.com/id/1028338




*** Novell ZENworks Configuration Management File Upload Authentication Flaw Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
A remote user can exploit a flaw in the ZENworks Configuration Management (ZCM) webserver to upload files to the filesystem of the underlying operating system. The files can then be executed.
---------------------------------------------
http://www.securitytracker.com/id/1028337




*** Malware abuses Chromium Embedded Framework, developers fight back ***
---------------------------------------------
"A new version of the TDL rootkit-type malware program downloads and abuses an open-source library called the Chromium Embedded Framework that allows developers to embed the Chromium Web rendering engine inside their own applications, according to security researchers from antivirus vendor Symantec. In an effort to temporarily block the abuse, CEF project administrators suspended the frameworks primary download location on Google Code. The TDL malware generates profit for its authors by...
---------------------------------------------
http://www.computerworld.com.au/article/457251/malware_abuses_chromium_embedded_framework_developers_fight_back/




*** Windows Trojan Found Targeting Mac OS X Users ***
---------------------------------------------
"Researchers at ESET have discovered a Trojan that initially focused on Windows users, but appears to be changing direction. The Trojan now has its sights on Mac OS X users, and its actions have prompted Apple to update XProtect with signatures to detect it. The Yontoo Trojan spreads on Windows by pretending to be a video codec...."
---------------------------------------------
http://www.securityweek.com/windows-trojan-found-targeting-mac-os-x-users?utm_source=dlvr.it&utm_medium=twitter




*** How much difference can an ISP make over an outbreak? ***
---------------------------------------------
"F-Secure works extensively with ISPs and operators. We were assisting several large operators last year during the remediation of the DNSChanger malware. There was an interesting study recently done by researchers at Georgia Tech...."
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002532.html




*** LinkedIn Cross Site Request Forgery ***
---------------------------------------------
Topic: LinkedIn Cross Site Request Forgery Risk: Low Text: INTERNET SECURITY AUDITORS ALERT 2013-001 - Original release date: January 30th, 2013 - Last revised: March ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/IO--fDEMzSQ/WLB-2013030223




*** HP ProCurve Switch Bug Permits Cross-Site Request Forgery Attacks ***
---------------------------------------------
A remote user can take actions on the target device acting as the target user.
The HP ProCurve 1700-8 Switch (Model J9079A) and HP ProCurve 1700-24 Switch (Model J9080A) is affected.
---------------------------------------------
http://www.securitytracker.com/id/1028339





*** Grum Spam Botnet Is Slowly Recovering After Takedown, Experts Warn ***
---------------------------------------------
"In July 2012, we learned that Spamhaus, FireEye and CERT-GIB managed to shut down the command and control (C&C) servers utilized by Grum, a spam botnet that was the worlds third largest at the time. A couple of months later, FireEye experts reported that the botnets masters started reinstating its C&C servers. At the time, since there were only a couple of new servers, no major spam-related activities were identified...."
---------------------------------------------
http://news.softpedia.com/news/Grum-Spam-Botnet-is-Slowly-Recovering-After-Takedown-Experts-Warn-340125.shtml





*** WordPress WP Banners Lite Plugin "cid" Cross-Site Scripting Vulnerability ***
---------------------------------------------
WordPress WP Banners Lite Plugin "cid" Cross-Site Scripting Vulnerability
---------------------------------------------
https://secunia.com/advisories/52625




*** Blog: Android Trojan Found in Targeted Attack ***
---------------------------------------------
In the past, weve seen targeted attacks against Tibetan and Uyghur activists on Windows and Mac OS X platforms. Weve documented several interesting attacks which used ZIP files as well as DOC, XLS and PDF documents rigged with exploits. Several days ago, the e-mail account of a high-profile Tibetan activist was hacked and used to send targeted attacks to other activists and human rights advocates. Perhaps the most interesting part is that the attack e-mails had an APK attachment - a malicious...
---------------------------------------------
http://www.securelist.com/en/blog/208194186/Android_Trojan_Found_in_Targeted_Attack





*** Splunk Unspecified Cross-Site Scripting Vulnerability ***
---------------------------------------------
Splunk Unspecified Cross-Site Scripting Vulnerability
---------------------------------------------
https://secunia.com/advisories/52076




*** Honeyproxy ***
---------------------------------------------
HoneyProxy is a lightweight tool that allows live HTTP(S) traffic inspection and analysis. It focuses on features that are useful for malware analysis and network forensics.
---------------------------------------------
http://honeyproxy.org/




*** Fehlende Schnittstelle macht Smartphone-Passwortmanager unsicher ***
---------------------------------------------
Studierende der Universität Hannover haben Passwortmanager für Android-Smartphones unter die Lupe genommen. Die Manager sind zwar benutzerfreundlich, aber sichern die Passwörter nicht ausreichend ab.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2a03600b/l/0L0Sheise0Bde0Csecurity0Cmeldung0CFehlende0ESchnittstelle0Emacht0ESmartphone0EPasswortmanager0Eunsicher0E1830A1880Bhtml0Cfrom0Crss0A9/story01.htm


More information about the Daily mailing list