[CERT-daily] Tageszusammenfassung - Donnerstag 31-10-2013

Thu Oct 31 18:02:42 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 30-10-2013 18:00 − Donnerstag 31-10-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** VU#326830: NAS4Free version 9.1.0.1 contains a remote command execution vulnerability ***
---------------------------------------------
NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution vulnerability. NAS4Free allows an authenticated user to post PHP code to an HTTP script and have the code executed remotely. By default, NAS4Free runs with root privileges. A remotely authenticated attacker can send an HTTP POST request that contains a malicious PHP file which can cause the script to run directly on the machine.
---------------------------------------------
http://www.kb.cert.org/vuls/id/326830


*** Mozilla Fixes 10 Vulnerabilities with Firefox 25 ***
---------------------------------------------
Mozilla released Firefox 25 yesterday, fixing 10 vulnerabilities, five of them critical.
---------------------------------------------
http://threatpost.com/mozilla-fixes-10-vulnerabilities-with-firefox-25/102753


*** A New Wave of WIN32/CAPHAW Attacks - A ThreatLabZ Analysis ***
---------------------------------------------
Introduction and setting the context Over the last month, the ThreatLabZ researchers have been actively monitoring a recent uptick in the numbers of Win32/Caphaw (henceforward known as Caphaw) infections that have been actively targeting users bank accounts since 2011. 
---------------------------------------------
http://research.zscaler.com/2013/09/a-new-wave-of-win32caphaw-attacks.html    


*** Silent Circle and Lavabit launch 'DarkMail Alliance' to thwart e-mail spying ***
---------------------------------------------
Silent Circle CTO: "What we're getting rid of is SMTP."
---------------------------------------------
http://arstechnica.com/business/2013/10/silent-circle-and-lavabit-launch-darkmail-alliance-to-thwart-e-mail-spying/


*** MS Security Intelligence Report Volume 15: January 2013 to June 2013 ***
---------------------------------------------
The Microsoft Security Intelligence Report (SIR) analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide. Threat awareness can help you protect your organization, software, and people.
---------------------------------------------
http://download.microsoft.com/download/5/0/3/50310CCE-8AF5-4FB4-83E2-03F1DA92F33C/Microsoft_Security_Intelligence_Report_Volume_15_English.pdf


*** Meet 'badBIOS', the mysterious Mac and PC malware that jumps airgaps ***
---------------------------------------------
Like a super strain of bacteria, the rookkit plaguing Dragos Ruiu is omnipotent.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/jeFXBU0x_Vc/story01.htm


*** Compliance Checklist: Cloud Encryption Best Practices for Banks and Insurance Companies ***
---------------------------------------------
For industries whose handling of sensitive consumer data renders them subject to strict regulations, the cloud is anything but a simple choice. Before you can commit to the cloud, you'll have to understand exactly what cloud information protection measures you must take to remain in regulatory compliance.
---------------------------------------------
http://blog.ciphercloud.com/compliance-checklist-cloud-encryption-practices-banks-insurance-companies/


*** Weekly Update: Exploiting (Kind of) Popular FOSS Apps ***
---------------------------------------------
- Moodle Remote Command Execution
- vTigerCRM v5.4.0/v5.3.0 Authenticated Remote Code Execution
- Zabbix Authenticated Remote Command Execution 
- Mac OS X Persistent Payload Installer
- Persistent Payload in Windows Volume Shadow Copy
- and many more
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/10/30/weekly-update


*** Cisco IOS XE Multiple Bugs Let Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1029277


*** Moodle Remote Command Execution ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100211


*** D-Link Backdoor Czechr Exploit ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100219


*** ISPConfig Authenticated Arbitrary PHP Code Execution ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100215