- Daily - CERT.at

Tageszusammenfassung - Montag 13-05-2013
by Daily end-of-shift report 13 May '13

13 May '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 10-05-2013 18:00 − Montag 13-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Android.TechnoReaper Downloader Found on Google Play *** --------------------------------------------- By Nathan Collier We have found a new threat we are calling Android.TechnoReaper. This malware has two parts: a downloader available on the Google Play Market and the spyware app it downloads. The downloaders are disguised as font installing apps, as seen below: Once you install the app, it looks like a nice app used --------------------------------------------- http://blog.webroot.com/2013/05/10/android-technoreaper-downloader-found-on… *** Google Has Aggressive Plans for Strong Authentication *** --------------------------------------------- Google has a long-term plan for strong authentication that ties log-ins to the operating system and hardware, and puts up barriers against man in the middle attacks and weak passwords. --------------------------------------------- http://threatpost.com/google-has-aggressive-plans-for-strong-authentication/ *** Samsung Officeserv Read the users/passwords *** --------------------------------------------- Topic: Samsung Officeserv Read the users/passwords Risk: Medium Text:# Title:samsung officeserv Read the users/passwords # Author: MaDo Mokhtar # Contact: codezeroooo[at]yahoo[dot]com # Vendo... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050087 *** RSA Authentication Agent cross-site scripting *** --------------------------------------------- RSA Authentication Agent cross-site scripting --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84155 *** Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin *** --------------------------------------------- By Dancho Danchev In 2013, Liberty Reserve and Web Money remain the payment method of choice for the majority of Russian/Eastern European cybercriminals. Cybercrime-as-a-Service underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product/service is available for purchase through the use of these ubiquitous virtual currencies. What's the situation on the international underground --------------------------------------------- http://blog.webroot.com/2013/05/10/cybercriminals-offer-http-based-keylogge… *** WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability *** --------------------------------------------- Topic: WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Risk: Low Text:Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Vendor: Securimage PHP CAPTCHA Product web page: https:... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050098 *** WordPress Search and Share plugin vulnerabilities *** --------------------------------------------- Topic: WordPress Search and Share plugin vulnerabilities Risk: Low Text:I want to inform you about vulnerabilities in Search and Share plugin for WordPress. These are Cross-Site Scripting and Ful... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050103 *** DDoS Services Advertise Openly, Take PayPal *** --------------------------------------------- The past few years have brought a proliferation of online services that can be hired to knock Web sites and individual Internet users offline. Once only found advertised in shadowy underground forums, many of todays so-called "booter" or "stresser" services are operated by U.S. citizens who openly advertise their services while hiding behind legally dubious disclaimers. Oh, and they nearly all rely on Paypal to receive payments.Related Posts:Privacy 101: Skype Leaks Your --------------------------------------------- https://krebsonsecurity.com/2013/05/ddos-services-advertise-openly-take-pay… *** Dangerous Trojan substitutes web pages *** --------------------------------------------- May 7, 2013 Specialists from the Russian anti-virus company Doctor Web have studied one of the most widespread threats in April 2013, the Trojan Trojan.Mods.1, formerly known as Trojan.Redirect.140. According to statistics compiled by the curing utility Dr.Web CureIt!, the number of infections with this Trojan represent 3.07% of the total number of detected threats. A summary of the study can be found below. The Trojan has two components: the dropper and the dynamic link library which stores --------------------------------------------- http://news.drweb.com/show/?i=3511&lng=en&c=9 *** Newly launched E-shop for hacked PCs charges based on malware 'executions' *** --------------------------------------------- By Dancho Danchev On the majority of occasions, Cybercrime-as-a-Service vendors will sell access to malware-infected hosts to virtually anyone who pays for them, without bothering to know what happens once the transaction takes place. A newly launched E-shop for malware-infected hosts, however, has introduced a novel approach for calculating the going rate for the hacked PCs. --------------------------------------------- http://blog.webroot.com/2013/05/13/newly-launched-e-shop-for-hacked-pcs-cha… *** Blog: Telecom fraud - phishing and Trojans combined *** --------------------------------------------- In China telecom fraud has become an increasingly common crime. --------------------------------------------- http://www.securelist.com/en/blog/877/Telecom_fraud_phishing_and_Trojans_co… *** Trojaner kapert Facebook-Accounts *** --------------------------------------------- Eine bösartige Browsererweiterung befüllt Googles Chrome und Mozillas Firefox. Sie hat es auf Facebook-Konten abgesehen. --------------------------------------------- http://www.heise.de/security/meldung/Trojaner-kapert-Facebook-Accounts-1861… *** Researchers uncovered new malware used by Chinese cyber criminals *** --------------------------------------------- Trend Micro researchers have uncovered a new backdoor pieces of malware from the Winnti family, which are mainly used by a Chinese cyber criminal group to target South East Asian organizations from the video gaming sector. --------------------------------------------- http://thehackernews.com/2013/05/researchers-uncovered-new-malware-used.html *** AWS EC2 Security Vulnerability and Pinterest Hacked *** --------------------------------------------- Well, almost hacked. This is rather embarassing (for Pinterest, and maybe AWS?), in that I was able to access what seemed to be their admin page. Furthermore, I discovered through this interface that it seems they do not store passwords encrypted or salted. --------------------------------------------- http://www.jontsai.com/2013/05/11/aws-ec2-security-vulnerability-and-pinter… *** Introducing Conpot *** --------------------------------------------- We proudly announce the first release of our Industrial Control System honeypot named Conpot. Until now setting up an ICS honeypot required substantial manual work, real systems which are usually either inaccessible or expensive and lecture of quite tedious protocol specifications. --------------------------------------------- http://www.honeynet.org/node/1047 *** Attackers Target Older Java Bugs *** --------------------------------------------- It's no secret that Java has moved to the top of the target list for many attackers. It has all the ingredients they love: ubiquity, cross-platform support and, best of all, lots of vulnerabilities. Malware targeting Java flaws has become a major problem, and new statistics show that this epidemic is following much the same [...] --------------------------------------------- http://threatpost.com/attackers-target-older-java-bugs/

1 0

Tageszusammenfassung - Freitag 10-05-2013
by Daily end-of-shift report 10 May '13

10 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 09-05-2013 18:00 − Freitag 10-05-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Microsoft Fix It Available for IE 8 Zero Day Used Against Labor Website *** --------------------------------------------- Microsoft released a Fix It temporary mitigation for a zero-day vulnerability in Internet Explorer 8 that was used in a watering hole attack against the U.S. Department of Labors website. --------------------------------------------- http://threatpost.com/microsoft-fix-it-available-for-ie-8-zero-day-used-aga… *** Advance Notification Service for the May 2013 Security Bulletin Release *** --------------------------------------------- Today we’re providing Advance Notification of 10 bulletins for release on Tuesday, May 14, 2013. This release brings two Critical and eight Important-class bulletins, which address 34 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows and Internet Explorer. Of note, we are working to have the Internet Explorer Security Update address the issue described in Security Advisory 2847140, supplementing the currently available Fix it. The Important-rated... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/05/09/advance-notification-ser… *** Name.com Breached, Users Asked to Reset Passwords *** --------------------------------------------- Domain registrar Name.com is asking its customers to reset their passwords following a data breach. --------------------------------------------- http://threatpost.com/name-com-breached-users-asked-to-reset-passwords/ *** Microsoft EMET 4.0 Enables Certificate Pinning to Defeat MITM Attacks *** --------------------------------------------- Microsoft later this month will release a new version of its EMET protection tool, and this iteration will include a certificate pinning feature that will enable users to associate a specific certificate with a given certificate authority. The feature is designed a defense against man-in-the-middle attacks that use forged certificates to redirect users or intercept [...] --------------------------------------------- http://threatpost.com/microsoft-emet-4-0-enables-certificate-pinning-to-def… *** Bugtraq: [security bulletin] HPSBMU02786 SSRT100877 rev.2 - HP System Management Homepage (SMH) Running on Linux, Windows, and VMware ESX, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution *** --------------------------------------------- Potential Security Impact: Remote unauthorized access, disclosure of information, data modification, Denial of Service (DoS), execution of arbitrary code --------------------------------------------- http://www.securityfocus.com/archive/1/526566 *** Bugtraq: ESA-2013-021: EMC Documentum Multiple Vulnerabilities *** --------------------------------------------- Vulnerabilities exist in several EMC Documentum products that could potentially be exploited by a malicious user. --------------------------------------------- http://www.securityfocus.com/archive/1/526570 *** Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-15) *** --------------------------------------------- A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, May 14, 2013. We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe... --------------------------------------------- http://blogs.adobe.com/psirt/2013/05/prenotification-upcoming-security-upda… *** Security Advisory for ColdFusion (APSA13-03) *** --------------------------------------------- A Security Advisory (APSA13-03) has been posted in regards to a critical issue in ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX. Adobe is aware of reports that exploit code for the vulnerability is... --------------------------------------------- http://blogs.adobe.com/psirt/2013/05/security-advisory-for-coldfusion-apsa1… *** WordPress xili-language Plugin "lang" Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability has been discovered in the xili-language plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53364 *** CSRF-Lücke im OpenVPN Access Server geschlossen *** --------------------------------------------- Durch eine Schwachstelle können sich Angreifer potenziell VPN-Zugänge erschleichen. --------------------------------------------- http://www.heise.de/security/meldung/CSRF-Luecke-im-OpenVPN-Access-Server-g…

1 0

Tageszusammenfassung - Mittwoch 8-05-2013
by Daily end-of-shift report 08 May '13

08 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 07-05-2013 18:00 − Mittwoch 08-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** A short introduction to TPMs *** --------------------------------------------- Ive been working on TPMs lately. It turns out that theyre moderately awful, but whats significantly more awful is basically all the existing documentation. So heres some of what Ive learned, presented in the hope that it saves someone else some amount of misery.What is a TPM?TPMs are devices that adhere to the Trusted Computing Groups Trusted Platform Module specification. Theyre typically microcontrollers[1] with a small amount of flash, and attached via either i2c (on embedded devices) or... --------------------------------------------- http://mjg59.dreamwidth.org/24818.html *** IBM WebSphere DataPower XC10 security bypass *** --------------------------------------------- Description: IBM WebSphere DataPower XC10 could allow a remote attacker to send administrative operations without providing authentication credentials. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83617 *** Brother MFC-9970CDW Firmware 0D Cross Site Scripting *** --------------------------------------------- Topic: Brother MFC-9970CDW Firmware 0D Cross Site Scripting Risk: Low Text: == Brother MFC-9970CDW Firmware 0D Date: Jan. 13, 2013 URL: http://www.cloudscan.me/2013/05/xss-javascri... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/daraqfRQFuQ/WLB-20… *** Inside RDPxTerm (panel 5.1 - bot 4.4.2) aka Neshta C&C - Botnet control panel *** --------------------------------------------- http://malware.dontneedcoffee.com/2013/05/inside-rdpxterm-bot-442-panel-51-… *** mTAN-Trojaner via SMS und Google Play *** --------------------------------------------- Mehrere Leser berichten von SMS-Nachrichten, die zur Installation einer angeblichen Zertifikats-App auffordern. Der AV-Hersteller Lookout hat einen dieser mTAN-Trojaner unterdessen auch in Googles Play Store entdeckt. --------------------------------------------- http://www.heise.de/security/meldung/mTAN-Trojaner-via-SMS-und-Google-Play-… *** [webapps] - ColdFusion 9-10 - Remote Root Exploit *** --------------------------------------------- http://www.exploit-db.com/exploits/25305 *** [webapps] - MoinMoin - Arbitrary Command Execution *** --------------------------------------------- http://www.exploit-db.com/exploits/25304 *** WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53127 *** IBM OpenPages GRC Platform Multiple Java Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53357 *** WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability *** --------------------------------------------- https://secunia.com/advisories/53356 *** Webserver-Rootkit befällt auch lighttpd und nginx *** --------------------------------------------- Die Virenforscher von Eset haben Linux/Cdorked.A auf weiteren Servertypen entdeckt. Der Schädling leitet Webseitenbesucher auf gefährliche Seiten um, die versuchen, das System durch Sicherheitslücken mit Schadcode zu infizieren. --------------------------------------------- http://www.heise.de/security/meldung/Webserver-Rootkit-befaellt-auch-lightt… *** Hacked DNS Servers Used in Linux/Cdorked Malware Campaign *** --------------------------------------------- The attack that employed compromised Apache Web server binaries is turning out to be more complex than originally thought, as researchers now have found that the attackers also are using Trojaned Nginx and Lighttpd binaries as part of the campaign. More concerning, though, is the possibility that the attacks also have compromised a number of [...] --------------------------------------------- http://threatpost.com/hacked-dns-servers-used-in-linuxcdorked-malware-campa… *** Basic Use of Maltego for Network Intelligence Gathering *** --------------------------------------------- https://www.youtube.com/watch?&v=e33NSUkyEg0 --------------------------------------------- http://www.frontlinesentinel.com/2013/05/basic-use-of-maltego-for-network.h… Next End-of-Shift report on 2013-05-10

1 0

Tageszusammenfassung - Dienstag 7-05-2013
by Daily end-of-shift report 07 May '13

07 May '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 06-05-2013 18:00 − Dienstag 07-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Bugtraq: ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities *** --------------------------------------------- ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/526542 *** Is there an epidemic of typo squatting?, (Tue, May 7th) *** --------------------------------------------- One of our readers, Jim, wrote in earlier today to say he has noticed an increase in "working" typo squatting over the last 2 months or so. That is, hes seen users accidently surfing to them or being redirected there by some sort of malicious javascript trickery. His question for us (and the rest of you) is, is this a local phenomenon or are the bad guys making more use of this tactic? Im not currently setup to monitor this type of activity, so I figured Id ask our loyal readers. Do... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15740&rss *** Security Bulletin: IBM Content Collector affected by vulnerabilities in IBM Java SDK *** --------------------------------------------- Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with IBM Content Collector. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21634236 *** Security Bulletin: IBM Notes PNG integer overflow (CVE-2013-2977) *** --------------------------------------------- IBM Notes has an integer overflow vulnerability which may be triggered by viewing a malformed PNG image. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21635878 *** Security Bulletin: Multiple security vulnerabilities addressed in IBM Sterling Secure Proxy *** --------------------------------------------- IBM Sterling Secure Proxy is vulnerable to spoofing and information disclosure attacks. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21636369 *** MyBB Game Section Plugin "des" and "s" Cross-Site Scripting Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53296 *** Hacker verschafften sich Zugriff auf alle .edu-Domains *** --------------------------------------------- Die Hackergruppe "Hack The Planet" veröffentlicht Informationen zu Lücken in MoinMoin und ColdFusion, über die sie sich unter anderem Zugriff auf alle .edu-Domains, die Website des Sicherheitstools Nmap sowie andere prominente Websites verschaffte. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-verschafften-sich-Zugriff-auf-a… *** Wonderware Information Server Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for multiple vulnerabilities that impact the Invensys Wonderware Information Server (WIS) software. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-113-01 *** Bugtraq: SEC Consult SA-20130507-0 :: Multiple vulnerabilities in NetApp OnCommand System Manager *** --------------------------------------------- http://www.securityfocus.com/archive/1/526552 *** Honeywords sollen Passwortdiebe in die Falle locken *** --------------------------------------------- Zwei Krypto-Forscher schlagen vor, Datendiebe mit Köder-Passwörten zu überführen. Loggt sich jemand mit einem der sogenannten Honeywords ein, ist ziemlich sicher etwas faul. --------------------------------------------- http://www.heise.de/security/meldung/Honeywords-sollen-Passwortdiebe-in-die… *** nginx "ngx_http_parse_chunked()" Buffer Overflow Vulnerability *** --------------------------------------------- nginx "ngx_http_parse_chunked()" Buffer Overflow Vulnerability --------------------------------------------- https://secunia.com/advisories/53248 *** XSS, LFI in Cisco, Linksys E4200 Firmware *** --------------------------------------------- Reflected XSS + LFI Bugs in the Cisco, Linksys E4200 Wireless Router Firmware Version: 1.0.05 build 7 were discovered by our Researchers in January 2013 and finally acknowledged by Linksys in April 2013. The Vendor is unable to Patch the Vulnerability in a reasonable timeframe. --------------------------------------------- http://www.cloudscan.me/2013/05/xss-lfi-linksys-e4200-firmware-0d.html

1 0

Tageszusammenfassung - Montag 6-05-2013
by Daily end-of-shift report 06 May '13

06 May '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 03-05-2013 18:00 − Montag 06-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** What’s a known source of malware doing in an iOS app? Ars investigates *** --------------------------------------------- Trojans, false positives, and the case of accidental cross contamination. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/suyRCkbyIFE/ *** gpsd AIS driver packet parser denial of service *** --------------------------------------------- gpsd AIS driver packet parser denial of service --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83982 *** EMC Avamar Client Certificate Validation Flaw Lets Remote Users Spoof the System *** --------------------------------------------- http://www.securitytracker.com/id/1028511 *** EMC Avamar Authorization Flaw Lets Remote Authenticated Users Access Files *** --------------------------------------------- http://www.securitytracker.com/id/1028510 *** Microsoft Releases Security Advisory 2847140 *** --------------------------------------------- Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message. Internet Explorer 9 and 10 are not affected by this issue, so upgrading to these versions will help protect you... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-secur… *** Department of Labor IE 0-day Exploit (CVE-2013-1347) Now Available at Metasploit *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/05/05/departmen… *** New version of DIY Google Dorks based mass website hacking tool spotted in the wild *** --------------------------------------------- By Dancho Danchev Need a compelling reason to perform search engine reconnaissance on your website, for the purpose of securing it against eventual compromise? We’re about to give you a good one. A new version of a well known mass website hacking tool has been recently released, empowering virtually anyone who buys it with the capability to [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/8hoG6XIwk8s/ *** Vuln: WordPress Advanced XML Reader Plugin XML External Entity Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/59618 *** Cisco WebEx Cache Directory Read Vulnerability *** --------------------------------------------- A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read files from the cache directory. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Cisco WebEx Uninitialized Memory Read Vulnerability *** --------------------------------------------- A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read uninitialized memory. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Bugtraq: VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6 *** --------------------------------------------- http://www.securityfocus.com/archive/1/526541 *** Bugtraq: [SE-2012-01] New security vulnerabilities and broken fixes in IBM Java *** --------------------------------------------- http://www.securityfocus.com/archive/1/526540

1 0

Tageszusammenfassung - Freitag 3-05-2013
by Daily end-of-shift report 03 May '13

03 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 02-05-2013 18:00 − Freitag 03-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Weekly Update: WordPress Total Cache and Mimikatz *** --------------------------------------------- Someone once described PHP as a "web API for remote code execution," and it's true that PHP is definitely web programming without guardrails. This week's security news was dominated by a RCE vulnerability in a pair of wildly popular WordPress plugins, W3 Total Cache and WP Super Cache, which are written in (wait for it) PHP. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/05/02/weekly-up… *** A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool *** --------------------------------------------- On a regular basis we profile various DIY (do it yourself) releases offered for sale on the underground marketplace with the idea to highlight the re-emergence of this concept which allows virtually anyone obtaining the leaked tools, or purchasing them, to launch targeted malware attacks. Can DIY exploit generating tools be considered [...] --------------------------------------------- http://blog.webroot.com/2013/05/02/a-peek-inside-a-cve-2013-0422-exploiting… *** Android-Virenscanner sind leicht auszutricksen *** --------------------------------------------- Forscher haben versucht, bekannte Android-Schädlinge an zehn Virenschutzprogramme vorbei zu schleusen und hatten damit zehn Mal Erfolg. Oft genügten minimale Veränderungen an der Malware. --------------------------------------------- http://www.heise.de/security/meldung/Android-Virenscanner-sind-leicht-auszu… *** Oracle 11g TNS listener remote Null Pointer Dereference (pre-auth) *** --------------------------------------------- Topic: Oracle 11g TNS listener remote Null Pointer Dereference (pre-auth) Risk: High Text:High Risk Vulnerability in Oracle Database 11g 1 May 2013 Andy Davis of NCC Group has discovered a High risk vulnerability... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013050020 *** New IRC/HTTP based DDoS bot wipes out competing malware *** --------------------------------------------- Everyday, new vendors offering malicious software enter the underground marketplace. And although many will fail to differentiate their underground market proposition in market crowded with reputable, trusted and verified sellers, others will quickly build their reputation on the basis of their 'innovative' work, potentially stealing some market share and becoming rich by offering the [...] --------------------------------------------- http://blog.webroot.com/2013/05/03/new-irchttp-based-ddos-bot-wipes-out-com… *** Multi-Stage Exploit Attacks for More Effective Malware Delivery *** --------------------------------------------- Most drive-by exploit kits use a minimal exploit shellcode that downloads and runs the final payload. This is akin to a two-stage ICBM (InterContinental Ballistic Missile) where the first stage, the exploit, puts the rocket in its trajectory and the second stage, the payload, inflicts the damage. --------------------------------------------- http://www.trusteer.com/blog/multi-stage-exploit-attacks-for-more-effective… *** Fast digital forensics sniff out accomplices *** --------------------------------------------- Software that rapidly analyses digital devices and builds a list of a suspects known associates could be a powerful tool for solving crimes. --------------------------------------------- http://www.newscientist.com/article/mg21829156.200-fast-digital-forensics-s… *** Adobe to Patch Reader Information Leak Bug *** --------------------------------------------- Adobe is planning to patch a fairly low severity security vulnerability in all of the current versions of Reader and Acrobat that could enable an attacker to track which users have opened a certain PDF document. The vulnerability can't be used for code execution, but researchers say it could be used as part of a [...] --------------------------------------------- http://threatpost.com/adobe-to-patch-reader-information-leak-bug/

1 0

Tageszusammenfassung - Donnerstag 2-05-2013
by Daily end-of-shift report 02 May '13

02 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 30-04-2013 18:00 − Donnerstag 02-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Shamoon/DistTrack Malware (Update A) *** --------------------------------------------- OverviewW32.DistTrack, also known as "Shamoon," is an information-stealing malware that also includes a destructive module. Shamoon renders infected systems useless by overwriting the Master Boot Record (MBR), the partition tables, and most of the files with random data. Once overwritten, the data are not recoverable. Based on initial reporting and analysis of the malware, no evidence exists that Shamoon specifically targets industrial control systems (ICSs) components or U.S. --------------------------------------------- http://ics-cert.us-cert.gov/jsar/JSAR-12-241-01A *** More Malware Showing Up on Fake SourceForge Web Sites *** --------------------------------------------- Malware developers continue to clone SourceForge Web sites that appear to offer the source code for popular gaming software but are actually peddling malicious code tied to the ZeroAccess Trojan. Julien Sobrier, a security researcher for San Jose-based cloud security provider Zscaler, on Tuesday outlined several more malicious versions of the popular file-sharing sites, some [...] --------------------------------------------- http://threatpost.com/more-malware-showing-up-on-fake-sourceforge-web-sites/ *** [webapps] - D-Link IP Cameras Multiple Vulnerabilities *** --------------------------------------------- D-Link IP Cameras Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/25138 *** DSA-2665 strongswan *** --------------------------------------------- authentication bypass --------------------------------------------- http://www.debian.org/security/2013/dsa-2665 *** MediaWiki 1.20.5 and 1.19.6 Multiple Vulns *** --------------------------------------------- Topic: MediaWiki 1.20.5 and 1.19.6 Multiple Vulns Risk: Medium Text:I would like to announce the release of MediaWiki 1.20.5 and 1.19.6. These releases fix 2 security related issues that could a... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/-pvFzkoA-H4/WLB-20… *** FortiClient VPN Client Discloses Password to Remote Users in Certain Cases *** --------------------------------------------- FortiClient VPN Client Discloses Password to Remote Users in Certain Cases --------------------------------------------- http://www.securitytracker.com/id/1028501 *** Java applets run wild inside Notes *** --------------------------------------------- Full compromise possible Attackers with a desire to rummage around inside the PCs of Notes users can do so merely by sending HTML emails containing a Java applet or JavaScript, IBM has admitted in a security advisory.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/02/java_runs_i… *** Kritische Schwachstelle in hunderten Industrieanlagen *** --------------------------------------------- heise Security hat etliche deutsche Industrieanlagen entdeckt, die leichtsinnig mit dem Internet verbunden sind. Doch damit nicht genug: Durch eine Schwachstelle kann quasi jeder die Kontrolle über Heizkraftwerke, Rechenzentren oder Brauereien übernehmen. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Schwachstelle-in-hunderten-I… *** Niederlande: Gesetzentwurf über Entschlüsselungsbefehl *** --------------------------------------------- Verdächtige sollen gezwungen werden können, das Passwort für verschlüsselte Datenträger herauszugeben. Begründung: Die Festplattenverschlüsselung Truecrypt werde regelmäßig zur Verschleierung von Kinderporno-Besitz genutzt. --------------------------------------------- http://www.heise.de/security/meldung/Niederlande-Gesetzentwurf-ueber-Entsch… *** Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform *** --------------------------------------------- Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform --------------------------------------------- https://secunia.com/advisories/53208 *** Malicious PDFs On The Rise *** --------------------------------------------- Throughout 2012, we saw a wide variety of APT campaigns leverage an exploit in Microsoft Word (CVE-2012-0158). This represented a shift, as previously CVE-2010-3333 was the most commonly used Word vulnerability. While we continue to see CVE-2012-0158 in heavy use, we have noticed increasing use of an exploit for Adobe Reader (CVE-2013-0640) that was made infamous by the “MiniDuke” campaign. The malware dropped by these malicious PDFs is not associated with MiniDuke, but it is --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-pdfs-o…

1 0

Tageszusammenfassung - Dienstag 30-04-2013
by Daily end-of-shift report 30 Apr '13

30 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-04-2013 18:00 − Dienstag 30-04-2013 18:00 Handler: Stephan Richter *** Yahoo! Browser for Android Address Bar Spoofing Weakness *** --------------------------------------------- https://secunia.com/advisories/53214 *** Ruggedcom ROS Hard-Coded RSA SSL Private Key Update *** --------------------------------------------- OverviewThis Updated Advisory is a follow-up to the original advisory titled ICSA-12-354-01 RuggedCom ROS Hard-Coded RSA SSL Private Key that was published December 18, 2012, on the ICS-CERT Web page.Independent researcher Justin W. Clarke of Cylance Inc., has identified the use of hard-coded RSA SSL private key in RuggedCom's Rugged Operating System (ROS). RuggedCom, an independent subsidiary of Siemens, has produced a new version of the ROS that mitigates this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A *** Admin beware: Attack hitting Apache websites is invisible to the naked eye *** --------------------------------------------- Newly discovered Linux/Cdorked evades detection by running in shared memory. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/MpO11h_pn5M/ *** Apache attack drives traffic to malware *** --------------------------------------------- Blackhole redirect served by modified daemon binary A security researcher is warning that an attack on the Apache Web server is increasingly showing up in the wild, and has published a free Python tool to check their configurations. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/30/apache_dcor… *** TinyMCE Ajax File Manager Remote Code Execution *youtube *** --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040207 *** phpMyAdmin 3.5.8 Authenticated Remote Code Execution Exploit *** --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040203 *** WordPress Easy AdSense Lite Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/52953 *** FreeBSD NFS Server Input Validation Bug May Let Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1028491 *** HP Service Manager Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53260 *** [TYPO3-announce] [TYPO3-dev] Announcing TYPO3 CMS 6.1.0 Final Release *** --------------------------------------------- http://typo3.org/download/release-notes/typo3-61-release-notes/ Next End-of-Shift report on 2013-05-02

1 0

Tageszusammenfassung - Montag 29-04-2013
by Daily end-of-shift report 29 Apr '13

29 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 26-04-2013 18:00 − Montag 29-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Dutchman Arrested in Spamhaus DDoS *** --------------------------------------------- A 35-year-old Dutchman thought to be responsible for launching whats been called "the largest publicly announced online attack in the history of the Internet" was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as "SK," was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization ... --------------------------------------------- http://krebsonsecurity.com/2013/04/dutchman-arrested-in-spamhaus-ddos/ *** McAfee ePolicy Orchestrator Input Validation Flaw Lets Remote Users Inject SQL Commands, Execute Arbitrary Code, and Upload Files *** --------------------------------------------- McAfee ePolicy Orchestrator Input Validation Flaw Lets Remote Users Inject SQL Commands, Execute Arbitrary Code, and Upload Files --------------------------------------------- http://www.securitytracker.com/id/1028479 *** Tracking PDF Usage Poses a Security Problem *** --------------------------------------------- Looking back this year's RSA Conference, you might have the feeling that the current threat landscape is primarily a series of advanced attacks. This concept includes well-known advanced persistent threats (APTs) and zero-day vulnerability exploits. To respond to this trend in threats, McAfee Labs has launched several innovative projects, one of which we call the advanced exploit detection system (AEDS). --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/tracking-pdf-usage-poses-a-security-pro… *** VMware security updates for vCenter Server VMSA-2013-0006 *** --------------------------------------------- VMware security updates for vCenter Server --------------------------------------------- https://www.vmware.com/support/support-resources/advisories/VMSA-2013-0006.… *** Hacker klauen Daten von 50 Millionen LivingSocial-Kunden *** --------------------------------------------- Aller Voraussicht nach sind Hacker in Besitz der auf den LivingSocial-Servern hinterlegten persönlichen Kundendaten gelangt. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-klauen-Daten-von-50-Millionen-L… *** The Importance of Strong Passwords on Social Media *** --------------------------------------------- Last Tuesday, April 23, the Twitter account of the Associated Press news agency was hacked and sent out a hoax tweet reporting that President Barack Obama had been injured by an explosion in the White House. Within seconds, Wall Street was in panic mode and US stock plunged. Situations like this illustrate once again the ... --------------------------------------------- http://pandalabs.pandasecurity.com/the-importance-of-strong-passwords-on-so… *** Manipulierte Apache-Binaries laden Schadcode *** --------------------------------------------- Sicherheitsunternehmen haben nach eigenen Angaben Hunderte von manipulierten Apache-Servern gefunden, die sich von Angreifern steuern lassen. Sie leiten Requests auf Malware- und Porno-Seiten um. --------------------------------------------- http://www.heise.de/security/meldung/Manipulierte-Apache-Binaries-laden-Sch… *** BOINC Multiple vulnerabilities *** --------------------------------------------- Topic: BOINC Multiple vulnerabilities Risk: Medium Text:There have been various recent(-ish) vulnerabilities found in the BOINC software for desktop grid computing. The major project... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040196 *** D-Link DIR-635 change password security bypass *** --------------------------------------------- D-Link DIR-635 change password security bypass --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83832 *** Gegen selbst-aktualisierende Apps: Googles Play Store schafft eine "Lex Facebook" *** --------------------------------------------- Im März brachte Facebook erste Updates für seine Android-App heraus, die am Play Store vorbei geschleust wurden. Jetzt hat der Play Store seine Entwickler-Richtlinien geändert. Updates sind nur über den Play Store legitim. --------------------------------------------- http://www.heise.de/security/meldung/Gegen-selbst-aktualisierende-Apps-Goog… *** Library of Malware Traffic Patterns *** --------------------------------------------- Traffic analysis has been the primary method of malware identification and thousands of IDS signatures developed are the daily proof. Signatures definitely help but ability to visually recognize malware traffic patterns and see the trends when they change has been always an important skill for anyone tasked with network defense. --------------------------------------------- http://www.deependresearch.org/2013/04/library-of-malware-traffic-patterns.… *** C&C Servers Reconfigured to Make Them More Advanced *** --------------------------------------------- FireEye, which recently released a report The Advanced Cyber Attack Landscape describes cyber-criminals as doing better in bypassing identification by constantly changing the configurations of their central C&C structures so foremost malware is able to establish communication with localized C&C infrastructures, meaning the identical nation-based infrastructures where the newly-contaminated computers are situated, ... --------------------------------------------- http://www.spamfighter.com/News-18322-CC-Servers-Reconfigured-to-Make-Them-… *** The Security Risks of Unlocking Your Android Phone's Bootloader *** --------------------------------------------- ndroid geeks often unlock their bootloaders to root their devices and install custom ROMs. But there's a reason devices come with locked bootloaders unlocking your bootloader creates security risks. --------------------------------------------- http://www.howtogeek.com/142502/htg-explains-the-security-risks-of-unlockin… *** The Latest Java Exploit with Security Prompt/Warning Bypass (CVE-2013-2423) *** --------------------------------------------- >From Java SE 7 update 11 oracle has introduced a new security features called security warning that prompts a window every time an applet request for execution. --------------------------------------------- http://security-obscurity.blogspot.co.at/2013/04/the-latest-java-exploit-wi…

1 0

Tageszusammenfassung - Freitag 26-04-2013
by Daily end-of-shift report 26 Apr '13

26 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 25-04-2013 18:00 − Freitag 26-04-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Bugtraq: Nginx ngx_http_close_connection function integer overflow *** --------------------------------------------- http://www.securityfocus.com/archive/1/526439 *** Anti-Phishing Workgroup Publishes 2012 Global Phishing Report. Download here: http://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2012.pdf, (Thu, Apr 25th) *** --------------------------------------------- -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15683&rss *** Vulnerability in Citrix NetScaler Access Gateway Enterprise Edition Could Result in Unauthorized Access to Network Resources *** --------------------------------------------- A vulnerability has been identified in NetScaler Access Gateway Enterprise Edition that could allow a remote attacker to gain unauthorized access to internal network resources. --------------------------------------------- http://support.citrix.com/article/ctx137238 *** HPSBPI02868 SSRT101017 rev.1 - HP Managed Printing Administration (MPA), Remote Cross Site Scripting (XSS) *** --------------------------------------------- A potential security vulnerability has been identified with HP Managed Printing Administration (MPA). The vulnerability could be exploited remotely resulting in cross site scripting (XSS). --------------------------------------------- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c037… *** Multiple HP LaserJet products unauthorized access *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83817 *** VMSA-2013-0006 VMware security updates for vCenter Server *** --------------------------------------------- VMware has updated vCenter Server Appliance (vCSA) and vCenter Server running on Windows to address multiple security vulnerabilities. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2013-0006.html *** IBM Security Bulletin: Vulnerabilities in AppScan Standard *** --------------------------------------------- The IBM Security AppScan Standard 8.6 (previously known as IBM Rational AppScan Standard Edition) release includes fixes to two security vulnerabilities. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21609022 *** Security Bulletin: Vulnerability in Sametime Links (CVE-2013-0533) *** --------------------------------------------- Sametime Links can be exploited to create a DOM-based XSS vulnerability. A fix is provided. CVE(s): CVE-2013-0533 Affected product(s) and affected version(s): Sametime Links 8.0.2, 8.5, 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1 server on any platform. Refer to the following reference URLs for remediation and additional vulnerability details. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul… *** Possible Exploit Vector for DarkLeech Compromises *** --------------------------------------------- Often it is quite surprising how long old, well-known vulnerabilities continue to be exploited. Recently, a friend sent me an example of a malicious script used in an attempted attack against their server:... --------------------------------------------- http://blogs.cisco.com/security/possible-exploit-vector-for-darkleech-compr…

1 0

Tageszusammenfassung - Donnerstag 25-04-2013
by Daily end-of-shift report 25 Apr '13

25 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 24-04-2013 18:00 − Donnerstag 25-04-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Multiple Vulnerabilities in Cisco NX-OS-Based Products *** --------------------------------------------- Multiple Vulnerabilities in Cisco NX-OS-Based Products --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Device Manager Command Execution Vulnerability *** --------------------------------------------- Cisco Device Manager Command Execution Vulnerability --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Multiple Vulnerabilities in Cisco Unified Computing System *** --------------------------------------------- Multiple Vulnerabilities in Cisco Unified Computing System --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Apache CloudStack Multiple vulnerabilities *** --------------------------------------------- Topic: Apache CloudStack Multiple vulnerabilities Risk: High Text:Product: Apache CloudStack Vendor: The Apache Software Foundation CVE References: CVE-2013-2756, CVE-2013-2758 Vulnerability... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040178 *** phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution *** --------------------------------------------- Topic: phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution Risk: High Text:[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin = Author: Janek Vind "waraxe" Date... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040179 *** Travnet Botnet Steals Huge Amount of Sensitive Data *** --------------------------------------------- In a McAfee Labs blog by my colleague Vikas Taneja last month, he discussed high-level functioning in the malware Travnet. Since then we have continued to analyze different samples and now classify Travnet as a botnet rather than a Trojan because of the presence of control code, and the malware's ability to wait for further commands from the malicious control server. --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-se… *** Joomla! Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53202 *** ALFContact component for Joomla! unspecified cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83765 *** Citrix CloudPlatform Multiple Security Bypass Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53204

1 0

Tageszusammenfassung - Mittwoch 24-04-2013
by Daily end-of-shift report 24 Apr '13

24 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-04-2013 18:00 − Mittwoch 24-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Kenneth van Wyk: Making safer iOS apps *** --------------------------------------------- When it comes to developing secure apps for the iOS operating system, theres both good and bad news. Lets get the bad news out of the way first. There are a lot of apps out there, including ones developed by various businesses for their customers to use, that have egregious and easy-to-avoid security vulnerabilities. --------------------------------------------- https://www.computerworld.com/s/article/9238618/Kenneth_van_Wyk_Making_safe… *** Encrypted Disk Detector - Useful during incident response to quickly and non-intrusively check for encrypted volumes *** --------------------------------------------- Encrypted Disk Detector - Useful during incident response to quickly and non-intrusively check for encrypted volumes --------------------------------------------- http://info.magnetforensics.com/encrypted-disk-detector *** Serial Offenders: Widespread Flaws in Serial Port Servers *** --------------------------------------------- Serial Offenders: Widespread Flaws in Serial Port Servers --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/04/23/serial-of… *** CVE-2013-2423 Java Vulnerability Exploit ITW *** --------------------------------------------- A few days after Oracle released a critical patch, CVE-2013-2423 is found to already been exploited. Upon checking the history, the exploitation seems to have begun on April 21st and is still actively happening until a few hours ago:For a closer look, the image below contains a comparison of the classes found in the Metasploit module and that of the ITW sample:Interestingly, the Metasploit module was published on the 20th, and as mentioned earlier, the exploit was seen in the wild the day --------------------------------------------- http://www.f-secure.com/weblog/archives/00002544.html *** Malware Callbacks *** --------------------------------------------- Today we released our first-ever analysis of malware callbacks. Our report can be accessed here: http://www2.fireeye.com/WEB2013ATLReport.html. FireEye monitored more than 12 million malware communications seeking instructions—or callbacks—across hundreds of thousands of infected enterprise hosts, capturing details of advanced attacks as … Continue reading → --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2013/04/malware-call… *** Schneider Electric MiCOM S1 Studio Improper Authorization Vulnerability *** --------------------------------------------- OverviewThis advisory provides mitigation details for a vulnerability affecting the Schneider Electric MiCOM S1 Studio Software. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-100-01 *** 3S CODESYS Gateway-Server Multiple Vulnerabilities (Update A) *** --------------------------------------------- OverviewThis updated advisory is a follow-up to the original advisory titled ICSA-13-050-01, 3S CODESYS Gateway-Server Multiple Vulnerabilities that was published February 19, 2013, on the ICS-CERT Web page.This updated advisory provides mitigation details for multiple vulnerabilities in the 3S-Smart Software Solutions GmbH CODESYS Gateway-Server. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A *** OpenText/IXOS ECM for SAP NetWeaver Remote ABAP Code Injection *** --------------------------------------------- Topic: OpenText/IXOS ECM for SAP NetWeaver Remote ABAP Code Injection Risk: High Text:[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to http://www.esnc.de for the... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040165 *** ClamAV Unspecified Vulnerabilities *** --------------------------------------------- ClamAV Unspecified Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53150 *** FSC-2013-1: Remote code execution vulnerability in DLL component *** --------------------------------------------- A vulnerability in a legacy DLL component related to ActiveX control, in certain F-Secure’s server products, allows arbitrary connections to be made to the ODBC drivers when using the Internet Explorer (IE) web browser. If the local server is running using local authentication, an attacker may be able to execute arbitrary SQL statements. --------------------------------------------- http://www.f-secure.com/en/web/labs_global/fsc-2013-1 *** Joomla! ALFContact Component Unspecified Cross-Site Scripting Vulnerability *** --------------------------------------------- Joomla! ALFContact Component Unspecified Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/53147 *** Verizon 2013 Data Breach Investigations Report *** --------------------------------------------- This year’s DBIR combines the expertise of 19 organizations from around the globe. Download the report to discover stats that might surprise you—from the percentage of espionage-related attacks to the astonishing length of time it often takes to spot a security breach. By knowing today’s threats, you can better protect your organization tomorrow. --------------------------------------------- http://www.verizonenterprise.com/DBIR/2013/ *** Wordpress: Gefährliche Lücken in Cache-Plug-Ins *** --------------------------------------------- Zwei millionenfach genutzte Wordpress-Plug-Ins können für das Ausführen beliebigen Codes ausgenutzt werden. Die Lücken sind gestopft, jetzt muss gepatcht werden! --------------------------------------------- http://www.heise.de/security/meldung/Wordpress-Gefaehrliche-Luecken-in-Cach… *** CiviCRM Multiple Products Open Flash Chart Arbitrary File Creation Vulnerability *** --------------------------------------------- CiviCRM Multiple Products Open Flash Chart Arbitrary File Creation Vulnerability --------------------------------------------- https://secunia.com/advisories/53158 *** Interesting Credit Card transactions, are you seeing similar?, (Wed, Apr 24th) *** --------------------------------------------- In my day job we get involved in payment systems, credit card transactions etc. We are also asked to investigate and explain incidents as well as "unusual" activity. When looking at credit card payments there are always payments for people like lkjsdflkjs and "famous person name", usually small value transactions $2, $5, $10 although recently weve started seeing $60 transactions. These are easily identified and the motive is very clear, test the card. If the transaction --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15671&rss

1 0

Tageszusammenfassung - Dienstag 23-04-2013
by Daily end-of-shift report 23 Apr '13

23 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 22-04-2013 18:00 − Dienstag 23-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Cisco Firewall Services Module time-range Object Security Bypass Security Issue *** --------------------------------------------- Cisco Firewall Services Module time-range Object Security Bypass Security Issue --------------------------------------------- https://secunia.com/advisories/53140 *** Cisco ASA Software time-range Object Security Bypass Security Issue *** --------------------------------------------- Cisco ASA Software time-range Object Security Bypass Security Issue --------------------------------------------- https://secunia.com/advisories/53131 *** CAPTCHA-solving Russian email account registration tool helps facilitate cybercrime *** --------------------------------------------- By Dancho Danchev Just how challenged are cybercriminals when they’re being exposed to CAPTCHAs in 2013? Not even bothering to “solve the problem” by themselves anymore, thanks to the cost-efficient, effective, and fully working process of outsourcing the CAPTCHA solving process to humans thereby allowing the cybercriminals to abuse any given Web property, as if it were multiple [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/SpUsORYAF3o/ *** MyBB Multiple Vulnerabilities *** --------------------------------------------- MyBB Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52828 *** VirusTotal += PCAP Analyzer *** --------------------------------------------- VirusTotal is a greedy creature, one of its gluttonous wishes is to be able to understand and characterize all the races it encounters, it already understood the insurgent collective of Portable Executables, the greenish creatures known as Android APKs, the talkative PDF civilization, etc. as of today it also figures out PCAPs, a rare group of individuals obsessed with recording everything they see. --------------------------------------------- http://blog.virustotal.com/2013/04/virustotal-pcap-analyzer.html *** Crypto guru: Dont blame users, get coders security training instead *** --------------------------------------------- Murdochs infosec man adds arrogant techies also vulnerable Infosec 2013 Experts on both sides of the vendor-customer divide in the UK and a US cryptographer are at odds over whether or not security training is a waste of time.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/23/security_aw…

1 0

Tageszusammenfassung - Montag 22-04-2013
by Daily end-of-shift report 22 Apr '13

22 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 19-04-2013 18:00 − Montag 22-04-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** OpenStack keystone.conf insecure file permissions *** --------------------------------------------- Topic: OpenStack keystone.conf insecure file permissions Risk: Medium Text:As reported: https://bugs.launchpad.net/keystone/+bug/1168252 The password configuration of LDAP and admin_token in keystone... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Y9fS7PiNeIM/WLB-20… *** nginx Arbitrary Code Execution NullByte Injection *** --------------------------------------------- Topic: nginx Arbitrary Code Execution NullByte Injection Risk: Low Text:# Exploit Title: nginx Arbitrary Code Execution NullByte Injection # Date: 24/08/2011 # Exploit Author: Neal Poole # Vendor ... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040142 *** Vuln: Opera Web Browser Information Disclosure and Unspecified Vulnerabilities *** --------------------------------------------- Opera Web Browser Information Disclosure and Unspecified Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/58864 *** libxml2 Multiple Use-After-Free Vulnerabilities *** --------------------------------------------- Topic: libxml2 Multiple Use-After-Free Vulnerabilities Risk: Medium Text:1) An use-after-free error in "htmlParseChunk()" can be exploited to dereference already freed memory. 2) Two use-after-free... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/yn55M8Cmawk/WLB-20… *** Family of “BadNews” malware in Google Play downloaded up to 9 million times *** --------------------------------------------- Apps steal sensitive data, push SMS app that racks up charges to pricey service. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/hS0_oWvBHPU/ *** A Chargen-based DDoS? Chargen is still a thing?, (Sun, Apr 21st) *** --------------------------------------------- In the recent few days there was another denial of service attack launched at financial organizations. (Yeah, I know, DDoS on a bank, thats *totally* never happens). What is newsworthy isnt that it happened, it was the means used to execute the attack. Specifically, the organizations were flooded with UDP port 19 traffic which is the chargen protocol. I am not sure Ive ever seen a legitimate use of this protocol or encountered a machine that had it on intentionally before. For review, chargen... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15647&rss *** ownCloud Server 5.0.x/4.5.x XSS and Privilege escalation *** --------------------------------------------- Topic: ownCloud Server 5.0.x/4.5.x XSS and Privilege escalation Risk: Medium Text:This vulnerabilities only affect ownCloud Server 5.0.x and 4.5.x, the 4.0.x branch is not affected and still supported with se... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040156 *** Und täglich grüßt die Router-Lücke *** --------------------------------------------- Belkin, D-Link, Linksys, Netgear, Sitecom, TP-Link – es gibt kaum Hersteller, die bei der Firmware-Entwicklung nicht patzen. Es ist nach wie vor schockierend, was für mitunter haarsträubende Schwachstellen in verbreiteten Router-Modellen schlummern. --------------------------------------------- http://www.heise.de/security/meldung/Und-taeglich-gruesst-die-Router-Luecke… *** Avaya Communication Manager OpenSSL and glibc Vulnerabilities *** --------------------------------------------- Avaya Communication Manager OpenSSL and glibc Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53166 *** 8 tips for a security incident handling plan *** --------------------------------------------- Most of us know that there is no such thing as 100% security, and that - unfortunately - its only a matter of time until a security incident occurs. Despite this, its rare to see a good incident response process and plan in place. --------------------------------------------- http://nakedsecurity.sophos.com/2013/04/20/tips-incident-handling-plan/ *** McAfee Security Bulletin - ePO update fixes two vulnerabilities *** --------------------------------------------- Five separate CVE reports of potential ePO vulnerabilities were reported: CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487. Collectively, these vulnerabilities could allow unauthorized disclosure of information, unauthorized modification, or disruption of service. ePO is not vulnerable to any of these CVE vulnerabilities. --------------------------------------------- https://kc.mcafee.com/corporate/index?page=content&id=SB10041 *** Cisco Unified Contact Center Express Editor Information Disclosure Vulnerability *** --------------------------------------------- A vulnerability in the scripts editor software of the Cisco Unified Contact Center Express (Cisco Unified CCX) could allow an unauthenticated, remote attacker to have read access to scripts that are stored in the Cisco Unified CCX scripts repository. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=29050 *** Firefox FirePHP Extension Arbitrary Command Execution Weakness *** --------------------------------------------- Firefox FirePHP Extension Arbitrary Command Execution Weakness --------------------------------------------- https://secunia.com/advisories/53163 *** Global Mapper Insecure Library Loading Vulnerability *** --------------------------------------------- Global Mapper Insecure Library Loading Vulnerability --------------------------------------------- https://secunia.com/advisories/51510 *** DDoS Strikes Take EU Banks Offline *** --------------------------------------------- Experts Say Outages Not Linked to U.S. Attacks Distributed-denial-of-service attacks against banking institutions are becoming a global concern, and experts say many organizations outside the U.S. financial-services sector are ill-equipped to defend themselves. DDoS strikes have taken down online-banking sites in Northern Europe in recent days and weeks, several security experts say. Scott Hammack, CEO of DDoS-mitigation provider Prolexic, says... --------------------------------------------- http://www.bankinfosecurity.com/ddos-strikes-take-eu-banks-offline-a-5701/o… *** Bugtraq: [SE-2012-01] Yet another Reflection API flaw affecting Oracles Java SE *** --------------------------------------------- [SE-2012-01] Yet another Reflection API flaw affecting Oracles Java SE --------------------------------------------- http://www.securityfocus.com/archive/1/526415 *** Security Bulletin: IBM InfoSphere Data Replication Dashboard Username Enumeration (CVE-2013-0584) *** --------------------------------------------- A remote, unauthenticated user can enumerate a list of InfoSphere Data Replication Dashboard user accounts including which accounts do not require a password. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21634798 *** A Primer on IPv4, IPv6 and Transition *** --------------------------------------------- There is something badly broken in todays Internet. At first blush that may sound like a contradiction in terms, or perhaps a wild conjecture intended only to grab your attention to get you to read on. After all, the Internet is a modern day technical marvel. In just a couple of decades the Internet has not only... --------------------------------------------- http://www.circleid.com/posts/20130421_a_primer_on_ipv4_ipv6_and_transition/ *** Security Advisory-The AR Abnormally Resets When Receiving Special DHCP Packets *** --------------------------------------------- Apr 20, 2013 14:38 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** WordPress - Vulnerabilities in multiple Plugins *** --------------------------------------------- WordPress All in One Webmaster Plugin Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/52877 WordPress FourSquare Checkins Plugin Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/53151 WordPress Facebook Members Plugin Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/52962 WordPress W3 Total Cache Arbitrary Code Execution Vulnerability --------------------------------------------- https://secunia.com/advisories/53052

1 0

Tageszusammenfassung - Freitag 19-04-2013
by Daily end-of-shift report 19 Apr '13

19 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 18-04-2013 18:00 − Freitag 19-04-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Yes, “design flaw” in 1Password is a problem, just not for end users *** --------------------------------------------- It may very well be time for a new and improved hashing function. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/p6YJzwrXgpU/ *** SAP ConfigServlet command execution *** --------------------------------------------- SAP ConfigServlet command execution --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83637 *** IBM Lotus Connections reflected cross-site scripting *** --------------------------------------------- IBM Lotus Connections reflected cross-site scripting --------------------------------------------- http://xforce.iss.net/xforce/xfdb/82265 *** Microsoft releases 4 of Enhanced Mitigation Experience Toolkit (EMET), More here: http://www.microsoft.com/en-us/download/details.aspx?id=38761, (Thu, Apr 18th) *** --------------------------------------------- -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15635&rss *** ISC Handler Lenny Zeltsers REMnux v4 Reviewed on Hak5, (Thu, Apr 18th) *** --------------------------------------------- Earlier this money, Lenny released version 4 of REMnux, a lightweight Ubuntu Linux-based distro for analyzing malware. It was recently reviewed on Hak5. Take a look and if you havent already, download the image and send Lenny your feedback. -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15638&rss *** Novell GroupWise WebAccess Input Validation Flaw in OnError Attribute Permits Cross-Site Scripting Attacks *** --------------------------------------------- Novell GroupWise WebAccess Input Validation Flaw in OnError Attribute Permits Cross-Site Scripting Attacks --------------------------------------------- http://www.securitytracker.com/id/1028454 *** Xen denial of service *** --------------------------------------------- Xen denial of service --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83645 http://xforce.iss.net/xforce/xfdb/83646 *** SWFUpload v.ALL <= (Object Injection/CSRF) Vulnerabilities *** --------------------------------------------- Topic: SWFUpload v.ALL --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/jQYLW7Im9Hg/WLB-20… *** Vuln: Drupal MP3 Player Module Cross Site Scripting Vulnerability *** --------------------------------------------- Drupal MP3 Player Module Cross Site Scripting Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/59276 *** Vuln: Drupal elFinder Module Cross Site Request Forgery Vulnerability *** --------------------------------------------- Drupal elFinder Module Cross Site Request Forgery Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/59277 *** WordPress attack highlights 30 million targets *** --------------------------------------------- Summary: The recent botnet attack on websites running WordPress hasnt had much impact — yet. But with millions of vulnerable sites and a knowledge gap at the low end of the market, things could get much, much worse. --------------------------------------------- http://www.zdnet.com/wordpress-attack-highlights-30-million-targets-7000014… *** Using Nessus to Discover Malware and Botnet Hosts *** --------------------------------------------- ...Tenable has released several plugins to identify hosts in your environment that show signs of a compromise such as containing malware or participating in a botnet. The steps below outline which plugins to enable and how to create filters to easily find the relevant plugins... --------------------------------------------- http://www.tenable.com/blog/using-nessus-to-discover-malware-and-botnet-hos… *** OpenPGP Best Practices *** --------------------------------------------- Some thoughts on best practices for OpenPGP keys --------------------------------------------- https://we.riseup.net/debian/openpgp-best-practices *** Facebook closes cross-site scripting holes *** --------------------------------------------- Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Securitys CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its "Check in" and Messenger for Windows components. --------------------------------------------- http://www.h-online.com/security/news/item/Facebook-closes-cross-site-scrip… *** Microsoft Discovers Trojan That Erases Evidence Of Its Existence *** --------------------------------------------- Researchers at Microsoft have spotted a Trojan downloader that does something very savvy yet rare: It deletes its own components so researchers and forensics investigators cant analyze or identify it. --------------------------------------------- http://www.darkreading.com/vulnerability/microsoft-discovers-trojan-that-er… *** Hitachi Vulnerabilities in Multiple Products *** --------------------------------------------- Hitachi Multiple Products Apache HTTP Server Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52990 https://secunia.com/advisories/53136 https://secunia.com/advisories/53139 *** Bugtraq: TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation *** --------------------------------------------- TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation --------------------------------------------- http://www.securityfocus.com/archive/1/526403

1 0

Tageszusammenfassung - Donnerstag 18-04-2013
by Daily end-of-shift report 18 Apr '13

18 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 17-04-2013 18:00 − Donnerstag 18-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Cisco Network Admission Control Manager SQL Injection Vulnerability *** --------------------------------------------- Cisco Network Admission Control (NAC) Manager contains a vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code and take full control of the vulnerable system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Sitecom WLM-3500 Backdoor Accounts *** --------------------------------------------- Sitecom WLM-3500 routers contain an undocumented access backdoor that can be abused to bypass existing authentication mechanisms. These hard-coded accounts are persistently stored inside the device firmware image. --------------------------------------------- https://cxsecurity.com/wlb/WLB-2013040131 *** Open-Xchange 6 / OX AppSuite Cross Site Scripting *** --------------------------------------------- Open-Xchange Security Advisory (multiple vulnerabilities) Multiple security issues for Open-Xchange Server 6 and OX AppSui... --------------------------------------------- https://cxsecurity.com/wlb/WLB-2013040130 *** ZPanel Code Execution *** --------------------------------------------- Theres an arbitrary (PHP) code execution in ZPanel, a free and open-source shared hosting control panel. --------------------------------------------- https://cxsecurity.com/wlb/WLB-2013040127 *** DIY Russian mobile number harvesting tool spotted in the wild *** --------------------------------------------- By Dancho Danchev Earlier this year we profiled a newly released mobile/phone number harvesting application, a common tool in the arsenal of mobile spammers, as well as vendors of mobile spam services. Since the practice is an inseparable part of the mobile spamming process, cybercriminals continue periodically releasing new mobile number harvesting applications, update their features, but most interestingly.. --------------------------------------------- http://blog.webroot.com/2013/04/18/diy-russian-mobile-number-harvesting-too… *** Exploiting SOHO Routers *** --------------------------------------------- Researchers have discovered critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points. We define a critical security vulnerability in a router as one that allows a remote attacker to take full control of the routers configuration settings, or one that allows a local attacker to bypass authentication and take control. --------------------------------------------- http://securityevaluators.com//content/case-studies/routers/soho_router_hac… *** Oracle schließt 128 Lücken in Datenbankprodukten *** --------------------------------------------- Die Updates verteilen sich quer über das gesamte Produktspektrum des Herstellers; allein 25 betreffen die Open-Source-Datenbank MySQL. --------------------------------------------- http://www.heise.de/security/meldung/Oracle-schliesst-128-Luecken-in-Datenb… *** Microsoft Security Intelligence Report Vol. 14 *** --------------------------------------------- The Microsoft Security Intelligence Report (SIR) analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide. Threat awareness can help you protect your organization, software, and people. --------------------------------------------- https://www.microsoft.com/security/sir/default.aspx *** Bostoner Attentat wird für neue Spamwelle missbraucht *** --------------------------------------------- Zehn bis zwanzig Prozent des gesamten Spam-Aufkommens soll der "Boston Spam" schon ausmachen. Die Kriminellen starten falsche Twitter-Accounts zur "Spendenaquise" und lenken Nutzer auf verseuchte Webseiten. --------------------------------------------- http://www.heise.de/security/meldung/Bostoner-Attentat-wird-fuer-neue-Spamw… https://www.cert.at/services/blog/20130417110508-824.html *** Cyberthugs put YOUR PC to work as Bitcoin-mining SLAVE *** --------------------------------------------- E-currency just went mainstream The recent crash in the value of Bitcoins hasnt prevented cybercriminals from cooking up new ways to distribute malware engineered to mine the currency using compromised computers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/18/bitcoin_min… *** Magic mystery malware menaces many UK machines - new claim *** --------------------------------------------- Who exactly is spying on thousands of Brit biz PCs? Security researchers have found malware that communicates using an unknown protocol and is largely targeting UK businesses. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/18/magic_malwa… *** Plone Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability has been reported in Plone, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/52955

1 0

Tageszusammenfassung - Mittwoch 17-04-2013
by Daily end-of-shift report 17 Apr '13

17 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 16-04-2013 18:00 − Mittwoch 17-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** NQ Mobile: Android Malware Doubled in 2012 *** --------------------------------------------- Throw another log onto the proverbial Android malware fire: According to mobile security firm NQ Mobile, infections targeting devices running the Google-based operating system doubled in 2012. That translates to a 163 percent increase from 2011 and accounts for over 65,000 different types of malware discovered, up 30,000 from 25,000 the year before.read more --------------------------------------------- https://threatpost.com/en_us/blogs/nq-mobile-android-malware-doubled-2012-0… *** SAP BASIS Communication Services Command Execution *** --------------------------------------------- Topic: SAP BASIS Communication Services Command Execution Risk: High Text: [ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services Please refer to www.esnc.de for the origin... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/uQXsNLsq7cM/WLB-20… *** Fueled by super botnets, DDoS attacks grow meaner and ever-more powerful *** --------------------------------------------- Average amount of bandwidth used in DDoS attacks spiked eight-fold last quarter. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/QTLIjglO7vc/ *** MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data *** --------------------------------------------- MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data --------------------------------------------- http://www.securitytracker.com/id/1028449 *** A peek inside a (cracked) commercially available RAT (Remote Access Tool) *** --------------------------------------------- By Dancho Danchev In an attempt to add an additional layer of legitimacy to their malicious software, cybercriminals sometimes simply reposition them as Remote Access Tools, also known as R.A.Ts. What they seem to be forgetting is that, no legitimate Remote Access Tool would posses any spreading capabilities, plus, has the capacity to handle tens of [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/iV7a86XP2vA/ *** Apple aktualisiert Safari und Java-6-Unterstützung *** --------------------------------------------- Apple hat in der Nacht zum Mittwoch seinen Web-Browser mit einer neuen Sicherheitsfunktion ausgestattet, mit der Java-Applets Website-spezifisch freigegeben werden können. Außerdem wurde ein neuerliches Java-6-Update veröffentlicht. --------------------------------------------- http://www.heise.de/security/meldung/Apple-aktualisiert-Safari-und-Java-6-U… *** 90% of game hacks and cracks contain malware *** --------------------------------------------- Computer and online gaming is big business for companies creating the games, but a considerable drain on the finances of gamers, so it should not come as a surprise that many of the latter decide against buying games and add-ons, choosing instead to download cracked games, keygens, patches and more from torrent or file-sharing sites. --------------------------------------------- https://www.net-security.org/malware_news.php?id=2468 *** Oracle Java Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious, local users to manipulate certain data and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53008 *** Linksys WRT54GL Cross-Site Request Forgery Vulnerability *** --------------------------------------------- The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. upload a firmware image when a logged-in administrative user visits a specially crafted web page. --------------------------------------------- https://secunia.com/advisories/53068 *** The beginners guide to breaking website security with nothing more than a Pineapple *** --------------------------------------------- You know how security people get all uppity about SSL this and SSL that? Stuff like posting creds over HTTPS isn't enough, you have to load login forms over HTTPS as well and then you can't send auth cookies over HTTP because they'll get sniffed and sessions hijacked and so on and so forth. --------------------------------------------- http://www.troyhunt.com/2013/04/the-beginners-guide-to-breaking-website.html *** ACLU asks feds to probe wireless carriers over Android security updates *** --------------------------------------------- Civil liberties advocates have asked the US Federal Trade Commission to take action against the nations four major wireless carriers for selling millions of Android smartphones that never, or only rarely, receive updates to patch dangerous security vulnerabilities. --------------------------------------------- http://arstechnica.com/security/2013/04/wireless-carriers-deceptive-and-unf… *** Boston-Related Malware Campaigns Have Begun, (Wed, Apr 17th) *** --------------------------------------------- About mid-afternoon yesterday (Central time - US), Boston related spam campaigns have begun. The general "hook" is that it sends a URL with a subject about the video from the explosions. Similar to when Osama Bin Laden was killed and fake images were used as a hook, in this case, the video is relevant to the story and being used as a hook. Right now, very roughly 10-20% of all spam is related to this (some spamtraps reporting more, some less). Similar IPs have also been sending pump --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15629&rss

1 0

Tageszusammenfassung - Dienstag 16-04-2013
by Daily end-of-shift report 16 Apr '13

16 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 15-04-2013 18:00 − Dienstag 16-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** How mobile spammers verify the validity of harvested phone numbers *** --------------------------------------------- By Dancho Danchev Just as we anticipated earlier this year in our "How mobile spammers verify the validity of harvested phone number" post, mobile spammers and cybercriminals in general will continue ensuring that QA (Quality Assurance) is applied to their upcoming campaigns. This is done in an attempt to both successfully reach a wider audience and to.. --------------------------------------------- http://blog.webroot.com/2013/04/16/how-mobile-spammers-verify-the-validity-… *** Analyzing Malicious PDFs or: How I Learned to Stop Worrying and Love Adobe Reader *** --------------------------------------------- This blog post and the next blog post will focus on analyzing malicious PDF files and the changes we've made to jsunpack to facilitate this analysis. --------------------------------------------- http://visiblerisk.com/blog/2013/4/8/analyzing-malicious-pdfs-or-how-i-lear… *** Tricks neu aufgelegt: Vorsicht bei Copy&Paste *** --------------------------------------------- Mit einem nicht ganz neuen Trick, der derzeit verstärkt wieder kursiert, können Web-Seiten etwa arglosen Linux-Usern, die zu faul zum Tippen sind, Befehle unterjubeln und deren System kapern. --------------------------------------------- http://www.heise.de/security/meldung/Tricks-neu-aufgelegt-Vorsicht-bei-Copy… *** New security protection, fixes for 39 exploitable bugs coming to Java *** --------------------------------------------- Oracle plans to release an update for the widely exploited Java browser plugin. The update fixes 39 critical vulnerabilities and introduces changes designed to make it harder to carry out drive-by attacks on end-user computers. --------------------------------------------- http://arstechnica.com/security/2013/04/new-security-protection-fixes-for-3… *** Linode Hacked Through ColdFusion Zero Day *** --------------------------------------------- The attackers who compromised Web hosting provider Linode used a zero day vulnerability in Adobe ColdFusion and were able to access the companys database, source code and customers credit card numbers and passwords. The company said that the customer credit card numbers were encrypted, as were the passwords, but it forced a system-wide password reset after the attack was discovered.read more --------------------------------------------- https://threatpost.com/en_us/blogs/linode-hacked-through-coldfusion-zero-da… *** MediaWiki Two XML External Entities Vulnerabilities *** --------------------------------------------- Two vulnerabilities have been reported in MediaWiki, which can be exploited by malicious people to potentially disclose sensitive information and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53054 *** Nitro Pro Insecure Library Loading Vulnerability *** --------------------------------------------- SEC Consult has reported a vulnerability in Nitro Pro, which can be exploited by malicious people to compromise a user's system. --------------------------------------------- https://secunia.com/advisories/52907 *** EasyPHPCalendar Date Picker Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability has been reported in EasyPHPCalendar, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input related to the date picker is not properly sanitised before being returned to the user. --------------------------------------------- https://secunia.com/advisories/53025 *** NetGear WNR1000 ".jpg" Security Bypass Vulnerability *** --------------------------------------------- Roberto Paleari has reported a vulnerability in NetGear WNR1000, which can be exploited by malicious people to bypass certain security restrictions. The application does not properly restrict access to certain web pages with appended ".jpg" to the URL and can be exploited to e.g. gain knowledge the configuration file including admin credentials. --------------------------------------------- https://secunia.com/advisories/52856

1 0

Tageszusammenfassung - Montag 15-04-2013
by Daily end-of-shift report 15 Apr '13

15 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 12-04-2013 18:00 − Montag 15-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Brute Force Attacks Build WordPress Botnet *** --------------------------------------------- Security experts are warning that an escalating series of attacks designed to break into poorly-secured WordPress blogs is fueling the growth of a botnet made up of Web servers that could be the precursor to a broad-scale campaign to distribute malicious software and launch debilitating network attacks.Related Posts:Network Solutions Again Under SiegeAdobe, Microsoft, WordPress Issue Security FixesNew Tools Bypass Wireless Router SecurityPassword Do’s and Don’tsAttackers Hit Weak --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/EBD0wNNgwW0/ *** USA und China richten Arbeitsgruppen für Internet-Sicherheit ein *** --------------------------------------------- Bei seinem China-Besuch hat der US-Außenminister die Einsetzung von Arbeitsgruppen zu den Themen Cyber-Security und globaler Klimaschutz vereinbart. --------------------------------------------- http://www.heise.de/security/meldung/USA-und-China-richten-Arbeitsgruppen-f… *** Social Media Widget remote file inclusion *** --------------------------------------------- Topic: Social Media Widget remote file inclusion Risk: High Text:http://blog.sucuri.net/2013/04/wordpress-plugin-social-media-widget.ht… http://securityledger.com/hacked-wordpress-plug-in-pu... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/AgtWJoX3sg0/WLB-20… *** Under the microscope: The bug that caught PayPal with its pants down *** --------------------------------------------- Payment giant suffers textbook SQL injection flaw Security researchers have published a more complete rundown on a recently patched SQL injection flaw on PayPals website.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/15/paypal_sql_… *** 8 Steps To Secure Your WordPress Blog *** --------------------------------------------- Wordpress blogs are regular targets to brute force attacks, there is one large attack going on right now. These attacks are automated across all the hosting platforms and attempt to find bloggers that are using default usernames, weak passwords and outdated WordPress installations. --------------------------------------------- http://www.howtomakemyblog.com/wordpress/7-simple-steps-to-make-your-wordpr… *** Kippo 0.8 small SSH honeypot to keep track of brute force attacks *** --------------------------------------------- New release have been announced on Kippo one of the most widely used ssh honeypot. this tool is a python based and emulates a shell on the server end to detect brute force attack. Kippo is a low to medium interaction SSH honeypot and can be a good addition to your honeypot solution. --------------------------------------------- http://www.sectechno.com/2013/04/14/kippo-0-8-small-ssh-honeypot-to-keep-tr… *** Linksys EA2700 Multiple Vulnerabilities *** --------------------------------------------- Linksys EA2700 Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52985 *** AndroTotal *** --------------------------------------------- AndroTotal is a free service to scan suspicious APKs against multiple mobile antivirus apps. --------------------------------------------- http://beta.andrototal.org/ *** Parallels Plesk Panel Privilege Escalation Vulnerabilities *** --------------------------------------------- Parallels Plesk Panel Privilege Escalation Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52998 *** Vaillant-Heizungen mit Sicherheits-Leck *** --------------------------------------------- Die Heizungsanlage ecoPower 1.0 kann man über das Internet steuern – allerdings auch dann, wenn man dazu gar nicht berechtigt ist. Ein Angreifer könnte die Anlage dadurch potenziell dauerhaft beschädigen. Kunden sollen jetzt den Netzwerkstecker ziehen. --------------------------------------------- http://www.heise.de/security/meldung/Vaillant-Heizungen-mit-Sicherheits-Lec… *** Blog: Winnti returns with PlugX *** --------------------------------------------- Continuing our investigation into Winnti, in this post we describe how the group tried to re-infect a certain gaming company and what malware they used. After discovering that the company’s servers were infected, we began to clean them up in conjunction with the company’s system administrator, removing malicious files from the corporate network. This took a while because it was not clear at first exactly how the cybercriminals had penetrated the corporate network; we couldn’t --------------------------------------------- http://www.securelist.com/en/blog/208194224/Winnti_returns_with_PlugX

1 0

Tageszusammenfassung - Freitag 12-04-2013
by Daily end-of-shift report 12 Apr '13

12 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 11-04-2013 18:00 − Freitag 12-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Data-Stealing Spyware Redpill Back, Targeting India *** --------------------------------------------- A form of spyware first seen in 2008 and known for siphoning away users bank account credentials, emails, screenshots and various other bits of information has surfaced again this time targeting computer users in India.read more --------------------------------------------- https://threatpost.com/en_us/blogs/data-stealing-spyware-redpill-back-targe… *** Bugtraq: MacOSX 10.8.3 ftpd Remote Resource Exhaustion *** --------------------------------------------- MacOSX 10.8.3 ftpd Remote Resource Exhaustion --------------------------------------------- http://www.securityfocus.com/archive/1/526343 *** Study Shows Google Better than Bing at Filtering Malicious Web Sites *** --------------------------------------------- A German security company spent 18 months analyzing malware among millions of Web sites ranked by the worlds most popular search engines and concluded Google was safer than Bing.read more --------------------------------------------- https://threatpost.com/en_us/blogs/study-shows-google-better-bing-filtering… *** Check Point bakes anti-malware tech into firewall bricks *** --------------------------------------------- Software blades whisper from scabbards. En garde Check Point is baking in cyber-espionage defences to its enterprise firewall and gateway security products with the incorporation of sandbox-style technology. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/12/check_point… *** Spider Video Player plugin for WordPress settings.php SQL injection *** --------------------------------------------- Spider Video Player plugin for WordPress is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the settings.php script using the theme parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83374 *** American Airlines 'You can download your ticket' themed emails lead to malware *** --------------------------------------------- By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of emails impersonating American Airlines in an attempt to trick its customers into thinking that they've received a download link for their E-ticket. Once they download and execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals behind the campaign. More details: [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/Upf44191rw4/ *** Microsoft zieht Sicherheitsspatch für Windows und Windows Server zurück *** --------------------------------------------- Ein am vergangenen Dienstag veröffentlichtes Windows-Update kann dazu führen, das der Rechner nicht mehr hochfährt. Dann hilft nur noch die Wiederherstellungskonsole. Wer das Update bereits installiert hat, soll es wieder entfernen. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-zieht-Sicherheitsspatch-fuer… *** Bitcoin Botnet Ranked as Top Threat for Q1 2013 *** --------------------------------------------- Looking at the threats that targeted the Web in the first quarter of the year, Fortinet says that ZeroAccess, a botnet that mines the popular electronic currency Bitcoins, was the top problem. It wasn't alone however, as attacks on South Korea and Adware on Android made the list. --------------------------------------------- https://www.securityweek.com/bitcoin-botnet-ranked-top-threat-q1-2013 *** jPlayer "jQuery" Cross-Site Scripting Vulnerability *** --------------------------------------------- Input passed via the "jQuery" parameter to Jplayer.swf is not properly sanitised before being passed to the "ExternalInterface.call()" method. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. --------------------------------------------- https://secunia.com/advisories/52978 *** Social Engineering Skype Support team to hack any account instantly *** --------------------------------------------- You can install the industry's strongest and most expensive firewall. You can educate employees about basic security procedures and the importance of choosing strong passwords. You can even lock-down the server room, but how do you protect a company from the threat of social engineering attacks? --------------------------------------------- http://thehackernews.com/2013/04/social-engineering-skype-support-team.html *** Angriffswelle auf 1&1-Server *** --------------------------------------------- Cyber-Kriminelle haben anscheinend verstärkt versucht, 1&1-Server mit Schadsoftware zu infizieren. Dadurch sind einige Dienste unter Umständen nur eingeschränkt zu erreichen. --------------------------------------------- http://www.heise.de/security/meldung/Angriffswelle-auf-1-1-Server-1841085.h… *** Mehrere DoS-Lücken in Ciscos ASA *** --------------------------------------------- Im Betriebssystem für einige Netzwerkgeräte hat Cisco Lücken gefunden, die zu Denial-of-Service-Angriffen ausgenutzt werden könnten. Auch die Firewalls mancher Switches und Router sind betroffen. --------------------------------------------- http://www.heise.de/security/meldung/Mehrere-DoS-Luecken-in-Ciscos-ASA-1841… *** Cisco AnyConnect VPN Client Multiple Privilege Escalation Vulnerabilities *** --------------------------------------------- Cisco AnyConnect VPN Client Multiple Privilege Escalation Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53015

1 0

Tageszusammenfassung - Donnerstag 11-04-2013
by Daily end-of-shift report 11 Apr '13

11 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 10-04-2013 18:00 − Donnerstag 11-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Security Externalities and DDOS Attacks *** --------------------------------------------- Ed Felten has a really good blog post about the externalities that the recent Spamhaus DDOS attack exploited: The attackers goal was to flood Spamhaus or its network providers with Internet traffic, to overwhelm their capacity to handle incoming network packets. The main technical problem faced by a DoS attacker is how to amplify the attackers traffic-sending capacity, so that... --------------------------------------------- http://www.schneier.com/blog/archives/2013/04/security_extern.html *** Ransomware: The cybercrime money machine of 2013 *** --------------------------------------------- "Towards the end of last year, when the major security firms were compiling their customary run-downs of the biggest threats expected to emerge in 2013, ransomware figured prominently as an ominous one to watch. This breed of malicious software owes its name to the way in which it attacks a computer, quite literally holding it ransom by paralysing the device and demanding payment for it to be unlocked. By February this year, the experts prophecies began to be realised as a sophisticated... --------------------------------------------- http://www.itproportal.com/2013/04/10/ransomware-the-cybercrime-money-machi… *** Cisco ASA Multiple Bugs Let Remote Users Deny Service *** --------------------------------------------- Cisco ASA Multiple Bugs Let Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1028415 *** Summary for April 2013 - Version: 1.1 *** --------------------------------------------- This bulletin summary lists security bulletins released for April 2013. With the release of the security bulletins for April 2013, this bulletin summary replaces the bulletin advance notification originally issued April 4, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-apr *** Cisco Prime Network Control System Default Credentials Let Remote Users Modify the Configuration *** --------------------------------------------- Cisco Prime Network Control System Default Credentials Let Remote Users Modify the Configuration --------------------------------------------- http://www.securitytracker.com/id/1028419 *** Adobe Security Bulletins Posted *** --------------------------------------------- Today, we released the following Security Bulletins: APSB13-10 Security update: Security Hotfix available for ColdFusion APSB13-11 Security updates available for Adobe Flash Player APSB13-12 Security update available for Adobe Shockwave Player Customers of the affected products should... --------------------------------------------- http://blogs.adobe.com/psirt/2013/04/adobe-security-bulletins-posted-5.html *** Request Tracker 4.0.10 SQL Injection *** --------------------------------------------- Request Tracker 4.0.10 SQL Injection Risk: Medium RT: Request Tracker System --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/_dNhCwOTOjA/WLB-20… *** Industrial IT Security - Roadshow Frankfurt am Main | 18.06.2013 *** --------------------------------------------- Eine Arbeitsgruppe im Bayerischen IT-Sicherheitscluster beschäftigt sich seit dem spektakulären Stuxnet-Angriff auf eine Urananreicherungsanlage im Iran im Jahr 2010 mit der Entwicklung von Produkten, Lösungen und Prozessen für die Produktionsebene. In Zusammenarbeit mit der Kompetenzgruppe Sicherheit des eco werden die Ergebnisse nun erstmal ausserhalb von Bayern vorgestellt. --------------------------------------------- http://www.eco.de/2013/veranstaltungen/industrial-it-security.html *** Wordpress-Widget verbreitet Spam *** --------------------------------------------- Das Social-Media-Widget von Wordpress wurde als Spam-Schleuder genutzt. Im Januar wechselte der Entwickler, seitdem ist das Widget auffällig. Wordpress reagiert mit einem Bann. Das Plug-in sollte so schnell wie möglich deaktiviert werden. --------------------------------------------- http://www.heise.de/newsticker/meldung/Wordpress-Widget-verbreitet-Spam-183… *** Hijacking airplanes with an Android phone *** --------------------------------------------- An extremely well attended talk by Hugo Teso, a security consultant at n.runs AG in Germany, about the completely realistic scenario of plane hijacking via a simple Android app has galvanized the crowd attending the Hack In The Box Conference in Amsterdam today. --------------------------------------------- https://www.net-security.org/secworld.php?id=14733 *** Debian Security Advisory DSA-2659 libapache-mod-security *** --------------------------------------------- XML external entity processing vulnerability --------------------------------------------- http://www.debian.org/security/2013/dsa-2659 *** Podcast: Switch To IPV6 Demands A Security Re-Think *** --------------------------------------------- "Youre probably not aware of it, but a major transformation is taking place on the Internet. Weve exhausted the approximately 4. 3 billion available addresses for IPV4 Internet Protocol Version 4 the Internets lingua franca...." --------------------------------------------- http://securityledger.com/podcast-switch-to-ipv6-demands-a-security-re-thin… *** A dozen tools for removing almost any malware *** --------------------------------------------- Here's a typical scenario for a veteran computer user. Having established best-security practices on your PC, you've been free of malware infections for a long time. --------------------------------------------- https://windowssecrets.com/top-story/a-dozen-tools-for-removing-almost-any-… *** Blog: The Winnti honeypot - luring intruders *** --------------------------------------------- During our research on the Winnti group we discovered a considerable amount of Winnti samples targeting different gaming companies. Using this sophisticated malicious program cybercriminals gained remote access to infected workstations and then carried out further activity manually. --------------------------------------------- http://www.securelist.com/en/blog/851/The_Winnti_honeypot_luring_intruders

1 0

Tageszusammenfassung - Mittwoch 10-04-2013
by Daily end-of-shift report 10 Apr '13

10 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 09-04-2013 18:00 − Mittwoch 10-04-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Spiel mir das Lied vom Exploit: VirtualDJ führt Code in MP3s aus *** --------------------------------------------- Beim Abspielen von MP3s stolpert die DJ-Software über speziell präparierte ID3-Tags. Dabei droht aber nicht nur der Absturz: Es kursiert bereits ein Exploit, der den Buffer Overflow ausnutzt. --------------------------------------------- http://www.heise.de/security/meldung/Spiel-mir-das-Lied-vom-Exploit-Virtual… *** Out with the old, in with the April 2013 security updates *** --------------------------------------------- Windows XP was originally released on August 24, 2001. Since that time, high-speed Internet connections and wireless networking have gone from being a rarity to the norm, and Internet usage has grown from 360 million to almost two-and-a-half billion users. Thanks to programs like Skype, we now make video calls with regularity, and social media has grown from a curiosity to a part of our everyday lives. But through it all, Windows XP keeps chugging along. With its longevity and wide user base,... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/04/09/out-with-the-old-in-with… *** Bericht: Microsoft plant Zwei-Faktor-Authentifizierung mit App *** --------------------------------------------- Für Nutzerkonten will Microsoft offenbar bald eine Zwei-Faktor-Authentifizierung einführen. Zusätzlich zum Passwort müsste dann noch ein Code eingegeben werden, der von einer Smartphone-App generiert wird. --------------------------------------------- http://www.heise.de/security/meldung/Bericht-Microsoft-plant-Zwei-Faktor-Au… *** Sysax Multi Server SSH Component NULL Pointer Dereference Vulnerability *** --------------------------------------------- Sysax Multi Server SSH Component NULL Pointer Dereference Vulnerability --------------------------------------------- https://secunia.com/advisories/52934 *** Pwn2Own IE Vulnerabilities Missing from Microsoft Patch Tuesday Updates *** --------------------------------------------- In an unexpected turn, Microsoft’s monthly Patch Tuesday security updates released today did not include patches for Internet Explorer vulnerabilities used during the Pwn2Own contest one month ago.read more --------------------------------------------- https://threatpost.com/en_us/blogs/pwn2own-ie-vulnerabilities-missing-micro… *** 2nd Anuual Cyber Security UAE Summit 2013 *** --------------------------------------------- "Assess the nature of the latest threats being faced and the impact of these upon your organisationDiscuss the most promising cyber security technologies in the marketplaceAssess the trends to watch in global cyber securityInternational Case Studies: Discover the best practice in protecting your organisation from cyber-attackNetwork with your industry peers in the comfort of a 5 star venueThe only event of its kind to take place in the Middle East..." --------------------------------------------- http://www.cybersecurityuae.com/ *** Streaming Videos Vudu Issues Systemwide Password Reset After Theft *** --------------------------------------------- The streaming video service Vudu on Tuesday began resetting its customers passwords after theives broke into the companys Santa Clara, Calif. headquarters and stole a number of items, including hard drives holding customer data.read more --------------------------------------------- https://threatpost.com/en_us/blogs/streaming-videos-vudu-issues-systemwide-… *** Linksys WRT54GL apply.cgi Command Execution *** --------------------------------------------- Topic: Linksys WRT54GL apply.cgi Command Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hE7MhGTEKrY/WLB-20… *** Top Level Domains: ICANN erfüllt Wünsche der Strafverfolger *** --------------------------------------------- Die Dienstleister für Domainregistrierungen müssen künftig striktere Auflagen bei der Registrierung von Domains für ihre Kunden beachten, etwa bei der Überprüfung von Kundendaten und der Vorratsdatenspeicherung von Domain-Inhaberdaten. --------------------------------------------- http://www.heise.de/newsticker/meldung/Top-Level-Domains-ICANN-erfuellt-Wue… *** Vuln: phpMyAdmin tbl_gis_visualization.php Multiple Cross Site Scripting Vulnerabilities *** --------------------------------------------- phpMyAdmin tbl_gis_visualization.php Multiple Cross Site Scripting Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/58962 *** Trojaner-Mail-Kampagne setzt auf Trusted Shops *** --------------------------------------------- Trusted Shops genießen Vertrauen. Das will sich eine neue Trojaner-Mail-Kampagne zunutze machen und setzt auf die Angst vieler Kunden: Was, wenn die gekaufte Ware aus dem Internet nicht ankommt? Da greift doch der "Käuferschutz"? --------------------------------------------- http://www.heise.de/security/meldung/Trojaner-Mail-Kampagne-setzt-auf-Trust… *** WordPress GA Universal Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- WordPress GA Universal Plugin Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/52976 *** Adobe April Patches *** --------------------------------------------- Today, we released the following Security Bulletins: APSB13-10 – Security update: Security Hotfix available for ColdFusion APSB13-11 – Security updates available for Adobe Flash Player APSB13-12 – Security update available for Adobe Shockwave Player Customers of the affected products should consult the relevant Security Bulletin(s) for details. --------------------------------------------- http://blogs.adobe.com/psirt/2013/04/adobe-security-bulletins-posted-5.html *** Apple Mac OS X PDF Ink Annotations Processing Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-13-055/ *** Novell Identity Manager Unspecified Vulnerability *** --------------------------------------------- Novell Identity Manager Unspecified Vulnerability --------------------------------------------- https://secunia.com/advisories/52984

1 0

Tageszusammenfassung - Dienstag 9-04-2013
by Daily end-of-shift report 09 Apr '13

09 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 08-04-2013 18:00 − Dienstag 09-04-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Google AD Sync Tool Vulnerability (GADS) *** --------------------------------------------- Topic: Google AD Sync Tool Vulnerability (GADS) Risk: High Text:Due to a weakness in the way the Java encryption algorithm (PBEwithMD5andDES) has been implemented in the GADS tool all store... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/knSZ3WmkiLY/WLB-20… *** HP System Management Homepage Local Privilege Escalation *** --------------------------------------------- Topic: HP System Management Homepage Local Privilege Escalation Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Peuq5i06_sw/WLB-20… *** Security Bulletin: SONAS Fix Available for SONAS CIFS Attribute Vulnerability (CVE-2013-0454) *** --------------------------------------------- SONAS includes a version of Samba that is affected by a vulnerability that sets incorrect attributes to a SONAS CIFS export. CVE(s): CVE-2013-0454Affected product(s) & Affected version(s): Affected releases: SONAS 1.1 through 1.3.2.1-20. Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004287X-Force Database: http://xforce.iss.net/xforce/xfdb/80970 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_son… *** Security Vulnerability for ActiveX Control packaged with IBM Cognos Disclosure Management Client (CVE-2013-0501) *** --------------------------------------------- A third party ActiveX control (EdrawSoft) may have been registered in the Windows registry by the CDM client installation process. This ActiveX control contains a security vulnerability that could allow unauthorized file access to the user’s machine from malicious web sites.CVE(s): CVE-2013-0501Affected product(s) & Affected version(s): IBM Cognos Disclosure Management 10.2.0 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilit… *** ICS-CERT has released an Advisory "ICSA-13-098-01 Canary Labs Inc Trend Link Insecure ActiveX Control Method" (PDF) *** --------------------------------------------- This advisory provides mitigation details for a vulnerability in the Canary Labs, Inc. Trend Link software. --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-098-01.pdf *** TinyWebGallery image.php path disclosure *** --------------------------------------------- TinyWebGallery image.php path disclosure --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83286 *** International cyber exercise confirms the importance of international collaboration *** --------------------------------------------- On 20 and 21 March, the National Cyber Security Centre (NCSC) participated in an international cyber exercise by the International Watch and Warning Network (IWWN) entitled Cyberstorm IV. Cyberstorm IV is the last in a series of cyber exercises during which malware is investigated for 36 consecutive hours. Together with its partners at IWWN, the Department of Homeland Security (of the United States) has organized the international ingredient of Cyberstorm IV. --------------------------------------------- http://www.ncsc.nl/english/current-topics/news/international-cyber-exercise…

1 0

Tageszusammenfassung - Montag 8-04-2013
by Daily end-of-shift report 08 Apr '13

08 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-04-2013 18:00 − Montag 08-04-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Ein weiterer Schwung von Sicherheits-Updates für D-Link-Router *** --------------------------------------------- Eine Reihe neuer Firmware-Versionen schließen Sicherheitslücken in D-Link-Routern. Da bereits passende Exploit-Module veröffentlicht wurden, sollte man die möglichst bald einspielen. --------------------------------------------- http://www.heise.de/security/meldung/Ein-weiterer-Schwung-von-Sicherheits-U… *** German ransomware threatens with sick kiddie smut *** --------------------------------------------- IWF warns of scheme to shock victims into police payment Security technicians at Sophos are poring over a new piece of ransomware that uses images of purported child sexual abuse to extort money from internet users, a discovery that has prompted an alert from the Internet Watch Foundation (IWF). --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/05/iwf_warning… *** SANS Secure Europe 2013 - Amsterdam, Netherlands *** --------------------------------------------- "Join us at the Radisson Blu Hotel in the heart of Amsterdam between April 15th and 27th for another unique SANS learning and networking experience. The full line-up for mainland Europes largest IT Security training event is confirmed with Jason Fossens excellent new course, SEC505: Securing Windows and Resisting Malware completing the eight track roster. Course-author Ed Skoudis will be teaching SEC560: Network Pen Testing and Ethical Hacking for the first time in Europe...." --------------------------------------------- http://www.sans.org/event/secure-europe-2013 *** Joomla GPL Template Cross Site Scripting *** --------------------------------------------- Topic: Joomla GPL Template Cross Site Scripting Risk: Low Text:# Exploit Title: Joomla GPL Template Cross Site Scripting # # Exploit Author: Ashiyane Digital Security Team # # Home : www... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/0-oy9bDwQbE/WLB-20… *** Zimbra XSS in aspell.php *** --------------------------------------------- Topic: Zimbra XSS in aspell.php Risk: Low Text:While trying to see how hard a bug would be to fix in Zimbra during a discussion with a coworker, I stumbled across a XSS flaw... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Urwtnfh8RAs/WLB-20… *** Online-Bücherei Scribd wurde gehackt *** --------------------------------------------- Der Dokumentendienst und die weltgrößte Online-Bücherei Scribd räumte einen Angriff auf sein Netzwerk ein. Von den 100 Millionen Nutzern, die beim Dokumentendienst registriert sind, sollen "weniger als ein Prozent" betroffen sein, meint das Unternehmen. --------------------------------------------- http://futurezone.at/digitallife/15069-online-buecherei-scribd-wurde-gehack… *** Virenschutz für Windows 8 getestet *** --------------------------------------------- Das AV-Test Institut legt erste Ergebnisse eines Tests unter Windows 8 vor. Virenschutzprogramme der AV-Hersteller mussten darin zeigen, ob sie mehr Schutz bieten als der ins Betriebssystem integrierte Windows Defender. --------------------------------------------- http://www.heise.de/newsticker/meldung/Virenschutz-fuer-Windows-8-getestet-… *** Shylock Trojan Going Global with New Features, Resilient Infrastructure *** --------------------------------------------- The prolific, credential-stealing Shylock banking Trojan is growing increasingly sophisticated as its creators continue adding new modules and functionalities to the man-in-the-browser malware, according to a Symantec report.read more --------------------------------------------- https://threatpost.com/en_us/blogs/shylock-going-global-new-features-more-r… *** Vuln: Squid strHdrAcptLangGetItem() Function Remote Denial of Service Vulnerability *** --------------------------------------------- Squid strHdrAcptLangGetItem() Function Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58316 *** IBM Cognos Disclosure Management EdrawSoft ActiveX Control Insecure Method Vulnerability *** --------------------------------------------- IBM Cognos Disclosure Management EdrawSoft ActiveX Control Insecure Method Vulnerability --------------------------------------------- https://secunia.com/advisories/52957 *** Botnetz verteilt Android-Trojaner *** --------------------------------------------- Ein neuer Android-Trojaner wird über das Cutwail-Botnetz verteilt. Das Angriffsszenario beschränkt sich aber nicht nur auf Android-Geräte. Werden die gefährlichen Links auf Desktop-PCs geöffnet, werden Nutzer auf Seiten mit Blackhole-Exploit-Kit geleitet. --------------------------------------------- http://www.heise.de/security/meldung/Botnetz-verteilt-Android-Trojaner-1836… *** IBM Rational Products WebSphere Application Server Java SDK Vulnerabilities *** --------------------------------------------- IBM Rational Products WebSphere Application Server Java SDK Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52964 *** OTRS ITSM / FAQ Module Security Bypass and Script Insertion Vulnerabilities *** --------------------------------------------- OTRS ITSM / FAQ Module Security Bypass and Script Insertion Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52973 *** OTRS Help Desk Object Linking Mechanism Security Bypass Vulnerability *** --------------------------------------------- OTRS Help Desk Object Linking Mechanism Security Bypass Vulnerability --------------------------------------------- https://secunia.com/advisories/52969 *** Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities *** --------------------------------------------- Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52966 *** Cyber-security experts demonstrate Java attack *** --------------------------------------------- ....Earlier this month Context principal security consultant James Forshaw discovered a previously unknown exploit of Java, or zero-day exploit, at the 2013 Pwn2Own cyber-security competition at CanSecWest in Vancouver. Penetration testing experts from the firm demonstrated how an attacker could use such an exploit to steal sensitive data from a major organisation, based on real-world experience from an assignment carried out by the team... --------------------------------------------- http://eandt.theiet.org/news/2013/apr/context-cyber.cfm *** Update on leaked UEFI signing keys - probably no significant risk *** --------------------------------------------- According to the update here, the signing keys are supposed to be replaced by the hardware vendor. If vendors do that, this ends up being uninteresting from a security perspective - you could generate a signed image, but nothing would trust it. It should be easy enough to verify, though. Just download a firmware image from someone using AMI firmware, pull apart the capsule file, decompress everything and check whether the leaked public key is present in the binaries. --------------------------------------------- http://mjg59.dreamwidth.org/24463.html *** ICS-CERT Advisories *** --------------------------------------------- *** ICS-CERT has released an Advisory "ICSA-13-095-02 - Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf *** ICS-CERT has released an Advisory "ICSA-13-095-01 - Cogent Real-Time Systems Multiple Vulnerabilities" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-095-01.pdf *** ICS-CERT has released an Alert "ICS-ALERT-13-091-01 - Mitsubishi MX Overflow Vulnerability" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICS-ALERT-13-091-01.pdf *** ICS-CERT has released an Alert "ICS-ALERT-13-091-02 - Clorius Controls ICS SCADA Information Disclosure" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICS-ALERT-13-091-02.pdf *** ICS-CERT has released an Advisory "ICSA-13-091-01 - Wind River VXWorks SSH and Web Server Multiple Vulnerabilities" (PDF) *** --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-091-01.pdf --------------------------------------------- *** Vulnerabilities in various WordPress Plugins *** --------------------------------------------- *** WordPress Trafficanalyzer Plugin XSS Vulnerability *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/dFB_Cr0hxkU/WLB-20… *** WP-Print plugin for WordPress unspecified cross-site request forgery *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83267 *** Wordpress plugins kioskprox XSS Vulnerability *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/B2w18UOqjwA/WLB-20… *** WordPress WP125 Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/52876 *** WordPress WP-DownloadManager Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/52863 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 5-04-2013
by Daily end-of-shift report 05 Apr '13

05 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-04-2013 18:00 − Freitag 05-04-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Advance Notification Service for the April 2013 Security Bulletin Release *** --------------------------------------------- In celebration of spring’s onset, today we’re providing advance notification for the April 2013 release of nine bulletins; two Critical and seven Important. The Critical bulletins address vulnerabilities in Microsoft Windows and Internet Explorer, and the seven Important-rated bulletins will address issues in Microsoft Windows, Office, Antimalware Software, and Server Software. As always, we’ll publish the bulletins on the second Tuesday of the month, April 9, 2013 at... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/04/04/advance-notification-ser… *** Blog: Skypemageddon by bitcoining *** --------------------------------------------- Cybercriminals mine Bitcoins via abusing CPU of the victims by infecting users via Skype --------------------------------------------- http://www.securelist.com/en/blog/208194210/Skypemageddon_by_bitcoining *** Avaya Aura Application Enablement Services Multiple Vulnerabilities *** --------------------------------------------- Avaya Aura Application Enablement Services Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52893 *** Xerox FreeFlow Print Server Multiple Vulnerabilities *** --------------------------------------------- Xerox FreeFlow Print Server Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52848 *** Cisco Tivoli Business Service Manager Denial of Service Vulnerability *** --------------------------------------------- Cisco Tivoli Business Service Manager (TBSM), which is part of Cisco Hosted Collaboration Mediation (HCM), contains a vulnerability that could allow an unauthenticated remote attacker to cause a partial Denial of Service (DoS). --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** McAfee Email Gateway Denial of Service Vulnerability *** --------------------------------------------- McAfee Email Gateway Denial of Service Vulnerability --------------------------------------------- https://secunia.com/advisories/52838 *** BSI warnt vor erneuten Angriffen über Anzeigen *** --------------------------------------------- In den letzten Tagen wurden vermehrt OpenX-Anzeigen-Server mit Schadcode präpariert. Mittlerweile geraten über Anzeigennetze auch große Sites ins Visier und attackieren dann innerhalb kurzer Zeit tausende Besucher. --------------------------------------------- http://www.heise.de/security/meldung/BSI-warnt-vor-erneuten-Angriffen-ueber… *** Vuln: Apache Subversion svn_fs_file_length() Remote Denial of Service Vulnerability *** --------------------------------------------- Apache Subversion svn_fs_file_length() Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58323

1 0

Tageszusammenfassung - Donnerstag 4-04-2013
by Daily end-of-shift report 04 Apr '13

04 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-04-2013 18:00 − Donnerstag 04-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: ModSecurity XML External Entity Information Disclosure Vulnerability *** --------------------------------------------- ModSecurity XML External Entity Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58810 *** The HTTP "Range" Header, (Wed, Apr 3rd) *** --------------------------------------------- One of the topics we cover in our Defending Web Applications class is how to secure static files. For example, you are faced with multiple PDFs with confidential information, and you need to integrate authorization to read these PDFs into your web application. The standard solution involves two steps: - Move the file out of the document root - create a script that will perform the necessary authorization and then stream the file back to the user Typically, the process of streaming the file --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15541&rss *** ICS-CERT has released the Newsletter "ICS-CERT Monitor Jan-Mar 2013" (PDF) *** --------------------------------------------- The "ICS-CERT Monitor," January-March, 2013 is a summary of ICS-CERT activities for the previous quarter. --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICS-CERT_ Monitor_ Jan-Mar2013.pdf *** Madi/Mahdi/Flashback OS X connected malware spreading through Skype *** --------------------------------------------- By Dancho Danchev Over the past few days, we intercepted a malware campaign that spreads through Skype messages, exclusively coming from malware-infected friends or colleagues. Once users click on the shortened link, they’ll be exposed to a simple file download box, with the cybercriminals behind the campaign directly linking to the malicious executable. More details: [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/VHl-1pr7IJ8/ *** HP-UX update for Java *** --------------------------------------------- HP-UX update for Java --------------------------------------------- https://secunia.com/advisories/52866 *** HMC OpenSSL Upgrade to Address Cryptographic Vulnerabilities *** --------------------------------------------- HMC releases prior to V7R7.7.0 use OpenSSL versions that had errors in cryptographic libraries that could allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption). --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410… *** Cutwail Spam Botnet Targeting Android Users *** --------------------------------------------- Brett Stone-Gross of Dell SecureWorks has excellent analysis of Android malware being distributed via the Cutwail spam botnet.Heres the conclusion:"The distribution of the Stels trojan through a spam campaign is unusual for Android malware".Thats a bit of an understatement.Stone-Grosss analysis is significant evidence of Android malwares evolution into mass-market crimeware. On 04/04/13 At 01:00 PM --------------------------------------------- http://www.f-secure.com/weblog/archives/00002537.html *** Security Bulletin: Multiple vulnerabilities in Product IMS Enterprise Suite SOAP Gateway (CVE-2012-5785, CVE-2013-0483) *** --------------------------------------------- IMS™ Enterprise Suite SOAP Gateway versions 1.1, 2.1, and 2.2 contain security vulnerabilities related to SSL connections, login processes. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Security Advisory- Huawei VSM Default User Groups’ Privilege Escalation *** --------------------------------------------- VSM (Versatile Security Manager) is a unified security service management system launched by Huawei for carrier and enterprise customers. VSM contains a vulnerability that default user groups’ privilege could be escalated when one user logs in to the system to modify default user groups’ permission configurations. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Kritisches Sicherheitsupdate für PostgreSQL *** --------------------------------------------- Ein Ende März angekündigtes PostgreSQL-Update ist heute erschienen, die Entwickler des freien DBMS raten dringend zur Installation. --------------------------------------------- http://www.heise.de/security/meldung/Kritisches-Sicherheitsupdate-fuer-Post…

1 0

Tageszusammenfassung - Mittwoch 3-04-2013
by Daily end-of-shift report 03 Apr '13

03 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-04-2013 18:00 − Mittwoch 03-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Fool Me Once… *** --------------------------------------------- When youre lurking in the computer crime underground, it pays to watch your back and to keep your BS meter set to maximum. But when youve gained access to an elite black market section of a closely guarded crime forum to which very few have access, its easy to let your guard down. Thats what I did earlier this year, and it caused me to chase a false story. This blog post aims to set the record straight on that front, and to offer a cautionary (and possibly entertaining) tale to other would-be --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/KQ4_dgabCRA/ *** Vuln: Cisco Linksys E1500/E2500 Router Multiple Security Vulnerabilities *** --------------------------------------------- Cisco Linksys E1500/E2500 Router Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/57760 *** MongoDB nativeHelper.apply Remote Code Execution *** --------------------------------------------- Topic: MongoDB nativeHelper.apply Remote Code Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/9qv99GNyBx0/WLB-20… *** Virtual Access Monitor SQL Injection *** --------------------------------------------- Topic: Virtual Access Monitor SQL Injection Risk: Medium Text:High Risk Vulnerability in Virtual Access Monitor 2 April 2013 Ken Wolstencroft of NCC Group has discovered a High risk v... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/fgTY56cKvK8/WLB-20… *** Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Phishing and Cross-Site Scripting Attacks and Let Local Users Gain Elevated Privileges *** --------------------------------------------- Multiple vulnerabilities were reported in Mozilla Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A remote user can conduct phishing and cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028382 *** Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, and Conduct Phishing and Cross-Site Scripting Attacks and Let Local Users Gain Elevated Privileges *** --------------------------------------------- Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A remote user can conduct phishing and cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028379 *** WordPress Feedweb Plugin "wp_post_id" Cross-Site Scripting Vulnerability *** --------------------------------------------- WordPress Feedweb Plugin "wp_post_id" Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52855 *** Darkleech infiziert reihenweise Apache-Server *** --------------------------------------------- Darkleech ist "intelligent" und greift nicht jeden an. Opfer leitet es auf Seiten mit dem Blackhole Exploit Kit um. Für die Angriffe werden Apache-Webserver als Virenschleudern missbraucht. Eine Vielzahl von deutschen Webseiten soll infiziert sein. --------------------------------------------- http://www.heise.de/security/meldung/Darkleech-infiziert-reihenweise-Apache… *** Cisco Connected Grid Network Management System SQL Injection Vulnerabilities *** --------------------------------------------- A vulnerability in device management of the Cisco Connected Grid Network Management System (CG-NMS) could allow an unauthenticated, remote attacker to modify data in the CG-NMS database by using SQL injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including SQL statements in an entry field. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Cisco Connected Grid Network Management System Cross-Site Scripting Vulnerabilities *** --------------------------------------------- Cisco Connected Grid Network Management System (CG-NMS) is susceptible to cross-site scripting (XSS) vulnerabilities in the element list component. XSS attacks use obfuscation by encoding tags or malicious portions of the script using the Unicode method so that the link or HTML content is disguised to the end user browsing to the site. The origins of XSS attacks are difficult to identify using traceback methods... --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** ownCloud-Sicherheitsupdate zerschießt Installation *** --------------------------------------------- Nach einem Update auf die Versionen 5.0.1 und 5.0.2 stellt ownCloud die Funktion ein. Inzwischen haben die Entwickler nachgebessert. --------------------------------------------- http://www.heise.de/security/meldung/ownCloud-Sicherheitsupdate-zerschiesst… *** SEC Consult - Sophos Web Protection Appliance Multiple vulnerabilities *** --------------------------------------------- SEC Consult has identified several vulnerabilities within the components of the Sophos Web Protection Appliance in the course of a short crash test. Some components have been spot-checked, while others have not been tested at all. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** IBM Maximo Asset Management Products - Potential security vulnerabilities with JavaTM SDKs *** --------------------------------------------- Security Bulletin: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21633170

1 0

Tageszusammenfassung - Dienstag 2-04-2013
by Daily end-of-shift report 02 Apr '13

02 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 29-03-2013 18:00 − Dienstag 02-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** IPv6-Migrationsleitfaden für öffentliche Verwaltungen *** --------------------------------------------- Das Bundesinnenministerium hat zusammen mit einigen Partnern ein dickes "Kochbuch" für die IPv6-Einführung vorgelegt und wirbt darin für die Vorzüge des Protokolls im täglichen Einsatz. --------------------------------------------- http://heise.de.feedsportal.com/c/35207/f/653902/s/2a23a3bf/l/0L0Sheise0Bde… *** IBM Storwize V7000 Unified Samba Bug Lets Remote Authenticated Users Modify Files *** --------------------------------------------- A remote authenticated user can exploit a flaw in the Samba implementation to perform operations on the target Storwize V7000 Unified CIFS export that are not permitted by the CIFS share access control settings. This may include writing to read-only shares. --------------------------------------------- http://www.securitytracker.com/id/1028365 *** US-CERT Alert TA13-088A: DNS Amplification Attacks *** --------------------------------------------- A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible open recursive DNS servers to overwhelm a victim system with DNS response traffic. --------------------------------------------- http://www.us-cert.gov/ncas/alerts/TA13-088A *** IBM Lotus iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks *** --------------------------------------------- Two vulnerabilities were reported in IBM Lotus iNotes. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028363 *** Perl Bug in Rehash Mechanism Lets Remote Users Deny Service *** --------------------------------------------- A vulnerability was reported in Perl. A remote user can send specially crafted data to cause the target Perl application to consume excessive memory and crash. Applications that provide arbitrary user-supplied data as input to hash keys are affected. --------------------------------------------- http://www.securitytracker.com/id/1028346 *** Fortinet FortiMail IBE Appliance Application Filter Bypass *** --------------------------------------------- Topic: Fortinet FortiMail IBE Appliance Application Filter Bypass Risk: Medium Text:Title: Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities Date: == 2013-01-23 References: == http... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/UZi8QdV4Kiw/WLB-20… *** Foxit Reader <= 5.4.4.1128 npFoxitReaderPlugin.dll Stack Buffer Overflow *** --------------------------------------------- Topic: Foxit Reader --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/mNx5SSGJYF4/WLB-20… *** DIY Java-based RAT (Remote Access Tool) spotted in the wild *** --------------------------------------------- By Dancho Danchev While the authors/support teams of some of the market leading Web malware exploitation kits are competing on their way to be the first kit to introduce a new exploit on a mass scale, others, largely influenced by the re-emergence of the DIY (do-it-yourself) trend across the cybercrime ecosystem, continue relying on good [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/yE_PNzkr8w8/ *** Bugtraq: Authentication bypass on Netgear WNR1000 *** --------------------------------------------- Authentication bypass on Netgear WNR1000 --------------------------------------------- http://www.securityfocus.com/archive/1/526148 *** HPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass, unauthorized modification, and other vulnerabilities. --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** IBM InfoSphere Information Server Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- A vulnerability was reported in IBM InfoSphere Information Server. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028372 *** Splunk Web Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- A vulnerability was reported in Splunk Web. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028371 *** Cyber Security Bulletin (SB13-091) - Vulnerability Summary for the Week of March 25, 2013 *** --------------------------------------------- "The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains --------------------------------------------- http://www.us-cert.gov/ncas/bulletins/SB13-091 *** Vuln: Mitsubishi MX Component ActiveX Control ActUWzd.dll Remote Buffer Overflow Vulnerability *** --------------------------------------------- Mitsubishi MX Component ActiveX Control ActUWzd.dll Remote Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58692 *** Cisco Connected Grid Network Management System Multiple Vulnerabilities *** --------------------------------------------- Cisco Connected Grid Network Management System Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52834 *** VMSA-2013-0004 - VMware ESXi security update for third party library *** --------------------------------------------- The ESXi userworld libxml2 library has been updated to resolve a security issue. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2013-0004.html *** ICS-CERT Advisory ICSA-13-091-01 - Wind River VXWorks SSH and Web Server Multiple Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for six vulnerabilities in the Wind River VxWorks Remote Terminal Operating System (RTOS). --------------------------------------------- http://ics-cert.us-cert.gov/pdf/ICSA-13-091-01.pdf *** ModSecurity XML External Entity Processing Vulnerability *** --------------------------------------------- ModSecurity XML External Entity Processing Vulnerability --------------------------------------------- https://secunia.com/advisories/52847

1 0

Tageszusammenfassung - Freitag 29-03-2013
by Daily end-of-shift report 29 Mar '13

29 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 28-03-2013 18:00 − Freitag 29-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Sophos lädt ungefragt Datensammler nach *** --------------------------------------------- Der Antivirenhersteller will seinen Firmenkunden in Kürze ein "kleines Zusatztool" auf den Rechner laden, das Daten über das Nutzungsverhalten einsammelt uns Sophos schickt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2a1abd19/l/0L0Sheise0Bde0Csec… *** Cash Claws, Fake Fascias & Tampered Tickets *** --------------------------------------------- Credit and debit card skimmers arent just for ATMs anymore. According to European anti-fraud experts, innovative skimming devices are being found on everything from train ticket kiosks to parking meters and a host of other unattended payment terminals.Related Posts:Beware Card- and Cash-Trapping at the ATMFun with ATM Skimmers, Part IIIATM Skimmers Get Wafer ThinCrooks Rock Audio-based ATM SkimmersAll-in-One Skimmers --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/_aHaCD9zbGc/ *** Microsoft Releases 4 updates to sysinternals and a new tool. More here: http://blogs.technet.com/b/sysinternals/archive/2013/03/27/updates-autoruns…, (Thu, Mar 28th) *** --------------------------------------------- -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15502&rss *** PayPal Sellers CMS Cross Site Scripting *** --------------------------------------------- Topic: PayPal Sellers CMS Cross Site Scripting Risk: Low Text:Title: Paypal Bug Bounty #6 - Persistent Web Vulnerability Date: == 2013-03-27 References: == http://www... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/tJz8R2VxVKs/WLB-20… *** PayPal GP+ Cross Site Scripting *** --------------------------------------------- Topic: PayPal GP+ Cross Site Scripting Risk: Low Text:Title: Paypal Bug Bounty #46 - Persistent Web Vulnerability Date: == 2013-03-28 References: == http://ww... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/QJObrt3R7RI/WLB-20… *** A peek inside the EgyPack Web malware exploitation kit *** --------------------------------------------- By Dancho Danchev On a daily basis we process multiple malicious campaigns that, in 95%+ of cases, rely on the market leading Black Hole Exploit Kit. The fact that this Web malware exploitation kit is the kit of choice for the majority of cybercriminals, speaks for its key differentiation factors/infection rate success compared to the competing exploit [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/kcBH0DcDPWc/ *** McAfee Firewall Enterprise BIND Regular Expression Handling Denial of Service Vulnerability *** --------------------------------------------- McAfee Firewall Enterprise BIND Regular Expression Handling Denial of Service Vulnerability --------------------------------------------- https://secunia.com/advisories/52836 *** VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability *** --------------------------------------------- VMware ESX / ESXi libxml2 Buffer Underflow Vulnerability --------------------------------------------- https://secunia.com/advisories/52844 *** RoundCube Webmail generic_message_footer Arbitrary File Disclosure Vulnerability *** --------------------------------------------- RoundCube Webmail generic_message_footer Arbitrary File Disclosure Vulnerability --------------------------------------------- https://secunia.com/advisories/52806 *** [remote] - McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method *** --------------------------------------------- McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method --------------------------------------------- http://www.exploit-db.com/exploits/24907 *** HPSBUX02859 SSRT101144 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execute Arbitrary Code *** --------------------------------------------- A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. --------------------------------------------- http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDispl… *** Has Anyone Seen a Missing Scroll Bar? Phony Flash Update Redirects to Malware *** --------------------------------------------- Microsoft said it has received 70,000 reports this week of a new Trojan disguised as an Adobe Flash Player update that will change your browser’s home page and redirect a Web session to an attacker’s page.There are several clues something is amiss, namely part of the GUI for the supposed Flash 11 update is written in Turkish, and there is no scroll bar on the EULA.read more --------------------------------------------- https://threatpost.com/en_us/blogs/has-anyone-seen-missing-scroll-bar-phony… *** Security Fix Leads To PostgreSQL Lock Down *** --------------------------------------------- hypnosec writes "The developers of the PostgreSQL have announced that they are locking down access to the PostgreSQL repositories to only committers while a fix for a "sufficiently bad" security issue applied. The lock down is temporary and will be lifted once the next release is available. The core committee has announced that they apologize in advance for any disruption adding that It seems necessary in this instance, however." Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/3JUUb-3wFnQ/story01.htm Next End-of-Shift report on 2013-04-02

1 0

Tageszusammenfassung - Donnerstag 28-03-2013
by Daily end-of-shift report 28 Mar '13

28 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 27-03-2013 18:00 − Donnerstag 28-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Microsofts new security patching routine raises concerns *** --------------------------------------------- "For those of us accustomed to Windows Automatic Update kicking in on Black Tuesdays, Microsofts new method for applying security patches to Metro apps seems a bit awkward. Microsoft conveniently provided a real, live Metro (or should I say Windows Store?) security patch to look at yesterday, and there are a few changes in the patching routine that send a shiver down my spine...." --------------------------------------------- http://www.infoworld.com/t/microsoft-windows/microsofts-new-security-patchi… *** Sourcefire VRT Community ruleset is live, (Wed, Mar 27th) *** --------------------------------------------- Joel let us know about a new Community rulset for Snort, from Sourcefires VRT group (Vulnerability Research Team). For more details, and how it might affect your Snort build, find his article here: http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html =============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15490&rss *** Drupal Common Groups 7.x Access Bypass & Privilege Escalation *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Y_MNMfXrUTY/WLB-20… *** Drupal Zero Point 7.x Cross Site Scripting *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Nkxz5Ba6yYA/WLB-20… *** Drupal Rules 7.x Cross Site Scripting *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/yWPWLIvXGvg/WLB-20… *** New DIY RDP-based botnet generating tool leaks in the wild *** --------------------------------------------- By Dancho Danchev In times when we're witnessing the most prolific and systematic abuse of the Internet for fraudulent and purely malicious activities, there are still people who cannot fully grasp the essence of the cybercrime ecosystem in the context of the big picture - economic terrosm - and in fact often deny its existence, [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/5yiqMhAsw_c/ *** McAfee Virtual Technician ActiveX Control Save() Insecure Method Vulnerability *** --------------------------------------------- MVT 6.5 and earlier contain a vulnerability where the Save() function could be used to cause an escalation of privileges. This issue mainly affects Consumer users, but can also affects Enterprise users who use MVT or have deployed ePO-MVT to systems in their environments for diagnostic purposes. --------------------------------------------- https://kc.mcafee.com/corporate/index?page=content&id=SB10040 *** The Modern Malware Review *** --------------------------------------------- "The Modern Malware Review presents an analysis of 3 months of malware data derived from more than 1,000 live customer networks using WildFire (Palo Alto Networks feature for detecting and blocking new and unknown malware). The review focuses on malware samples that were initially undetected by industry-leading antivirus products. A FOCUS ON ACTIONABLE RESEARCHThe goal of focusing on unknown or undetected malware is not to point out deficiency in traditional antivirus solutionsbut rather... --------------------------------------------- http://media.paloaltonetworks.com/documents/The-Modern-Malware-Review-March… *** One in six Amazon S3 storage buckets are ripe for data-plundering *** --------------------------------------------- The root of the problem isnt a security hole in Amazons storage cloud, according to Vandevanter. Rather, he credited Amazon S3 account holders who have failed to set their buckets to private -- or to put it more bluntly, organizations that have embraced the cloud without fully understanding it. The fact that all S3 buckets have predictable, publically accessible URLs doesnt help, though. --------------------------------------------- https://www.infoworld.com/t/cloud-security/one-in-six-amazon-s3-storage-buc… *** Asterisk Products Denial of Service Vulnerability and User Enumeration Weakness *** --------------------------------------------- Asterisk Products Denial of Service Vulnerability and User Enumeration Weakness --------------------------------------------- https://secunia.com/advisories/52815 *** HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite products including HP P9000 Command View Advanced Edition Software (DevMgr), HP XP Provisioning Manager Software (ProvMgr), HP P9000 Replication Manager Software (RepMgr), and HP P9000 Tiered Storage Manager Software (TSMgr). The vulnerability could be remotely exploited resulting in a disclosure of information. --------------------------------------------- https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Amazon bringt neues Security-Tool für seine Cloud-Dienste *** --------------------------------------------- Mit dem Hardware-Modul AWS CloudHSM will Amazon die Sicherheit seiner Cloud-Dienste erhöhen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2a167246/l/0L0Sheise0Bde0Csec… *** Drupal Rules Module Script Insertion Vulnerability *** --------------------------------------------- Drupal Rules Module Script Insertion Vulnerability --------------------------------------------- https://secunia.com/advisories/52768 *** HP-UX update for XNTP *** --------------------------------------------- HP-UX update for XNTP --------------------------------------------- https://secunia.com/advisories/52790 *** Argentinisches Analysewerkzeug untersucht SAP- und Oracle-Produkte *** --------------------------------------------- Ein System-Ingenieur von der Universidad Tecnológica Nacional hat sich auf das Auffinden von Lücken in Warenwirtschafts- und Datenbanksystemen spezialisiert. --------------------------------------------- http://heise.de.feedsportal.com/c/35207/f/653902/s/2a176b17/l/0L0Sheise0Bde… *** Vuln: Moodle Multiple Remote Security Vulnerabilities *** --------------------------------------------- Moodle Multiple Remote Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/58660 *** Studie alarmiert: Java-Plugins sind meist stark veraltet *** --------------------------------------------- Laut einer Feldstudie von WebSense sind fast 94% der Browser mit aktivierten Java-Plugin gegen aktuelle Sicherheitslücken nicht gepatched. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2a1a921b/l/0L0Sheise0Bde0Csec…

1 0

Tageszusammenfassung - Mittwoch 27-03-2013
by Daily end-of-shift report 27 Mar '13

27 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 26-03-2013 18:00 − Mittwoch 27-03-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Microsoft Security Advisory (2819682): Security Updates for Microsoft Windows Store Applications - Version: 1.0 *** --------------------------------------------- Microsoft is announcing the availability of security updates for Windows Store applications running on Windows 8, Windows RT, and Windows Server 2012 (Windows Server 2012 Server Core installations are not affected). --------------------------------------------- http://technet.microsoft.com/en-us/security/advisory/2819682 *** IBM Lotus Domino Cross-Site Scripting *** --------------------------------------------- Topic: IBM Lotus Domino Cross-Site Scripting Risk: Low Text:I want to warn you about multiple Cross-Site Scripting vulnerabilities in IBM Lotus Domino. Last year Ive announced multip... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/4yG8wBlWdJY/WLB-20… *** Wordpress trafficanalyzer Plugin XSS *** --------------------------------------------- Topic: Wordpress trafficanalyzer Plugin XSS Risk: Low Text:# Exploit Title: Wordpress trafficanalyzer Plugin Xss ((|)) # Vulnerability ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/EPjJkeXhZCc/WLB-20… *** 6 Emerging Security Threats, and How to Fight Them *** --------------------------------------------- "The security threat landscape changes constantly, with malicious hackers developing new ways to compromise your systems as older vulnerabilities are discovered and patched. So its important to be aware of the threats to enterprise security that are coming over the horizon and heading this way. Its a question the Georgia Institute of Technology addresses in its Emerging Cyber Threat Report 2013, in which researchers identify at least six threats that all security professionals should know --------------------------------------------- http://www.esecurityplanet.com/network-security/6-emerging-security-threats… *** EAST Releases First 2013 European Fraud Update *** --------------------------------------------- "The first European Fraud Update of 2013 was recently released at the 29th European ATM Security Team (EAST) meeting, held in Brussels on February 6th of this year. This update represents the Single Euro Payments Area (SEPA) consisting of 21 countries, and two non-SEPA countries, EAST stated in a press release. Thieves have gone to new technical limits, using ATM skimming to make fraudulent transactions...." --------------------------------------------- http://www.pymnts.com/briefing-room/PYMNTS-International/2013/03/EAST-Relea… *** HPSBUX02857 SSRT101103 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** SCADA and ICS Security Patching: The Good, the Bad and the Ugly *** --------------------------------------------- "In my last blog, I discussed the reasons why critical industrial infrastructure control systems are so vulnerable to attacks from security researchers and hackers, and explained why patching for such systems is not a workable solution. But lets now examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, lets suppose patches could be installed without shutting down the process (for example, through the staged patching of --------------------------------------------- http://www.infosecisland.com/blogview/23039-SCADA-and-ICS-Security-Patching… *** WordPress plugin user-photo file upload arbitrary PHP code execution *** --------------------------------------------- Topic: WordPress plugin user-photo file upload arbitrary PHP code execution Risk: High Text:Can I get CVE identifier for WordPress plugin user-photo file upload arbitrary PHP code execution security vulnerability. Diff... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/boTyNVQ8PAs/WLB-20… *** EMC Smarts Network Configuration Manager Improper Authentication Vulnerability *** --------------------------------------------- Topic: EMC Smarts Network Configuration Manager Improper Authentication Vulnerability Risk: Medium Text:ESA-2013-016: EMC Smarts Network Configuration Manager Improper Authentication Vulnerability EMC Identifier: ESA-2013-016 ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/bpGpOtUKF0M/WLB-20… *** 2nd Annual Cyber Security for the Chemical & Petrochem Industries Europe *** --------------------------------------------- "Another very good security event this year, the Cyber Security for the Chemical & Petrochem Industries Europe. There has been a huge increase in the amount of press lately around new cyber-attacks in the chemical and oil and gas industries. The words DuQu, Gauss, Flame and Shamoon have filled board rooms with fear and angst over the last year as the trend for such cyber threats appears to be gaining momentum...." --------------------------------------------- http://www.felipemartins.info/2013/03/2nd-annual-cyber-security-for-the-che… *** Juniper NetScreen ScreenOS OpenSSL DER Format Data Processing Vulnerability *** --------------------------------------------- Juniper NetScreen ScreenOS OpenSSL DER Format Data Processing Vulnerability --------------------------------------------- https://secunia.com/advisories/52724 *** Multiple vulnerabilities in Cisco products *** --------------------------------------------- Cisco IOS Software IP Service Level Agreement Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Protocol Translation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Smart Install Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Internet Key Exchange Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Cisco IOS Software Network Address Translation Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 26-03-2013
by Daily end-of-shift report 26 Mar '13

26 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 25-03-2013 18:00 − Dienstag 26-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** libxslt XSL Parsing Flaws Let Remote Users Deny Service *** --------------------------------------------- A remote user can send an XSL template with an empty 'match' attribute to trigger a crash in the xsltDocumentFunction() function in 'libxslt/functions.c'. --------------------------------------------- http://www.securitytracker.com/id/1028338 *** Novell ZENworks Configuration Management File Upload Authentication Flaw Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A remote user can exploit a flaw in the ZENworks Configuration Management (ZCM) webserver to upload files to the filesystem of the underlying operating system. The files can then be executed. --------------------------------------------- http://www.securitytracker.com/id/1028337 *** Malware abuses Chromium Embedded Framework, developers fight back *** --------------------------------------------- "A new version of the TDL rootkit-type malware program downloads and abuses an open-source library called the Chromium Embedded Framework that allows developers to embed the Chromium Web rendering engine inside their own applications, according to security researchers from antivirus vendor Symantec. In an effort to temporarily block the abuse, CEF project administrators suspended the frameworks primary download location on Google Code. The TDL malware generates profit for its authors by... --------------------------------------------- http://www.computerworld.com.au/article/457251/malware_abuses_chromium_embe… *** Windows Trojan Found Targeting Mac OS X Users *** --------------------------------------------- "Researchers at ESET have discovered a Trojan that initially focused on Windows users, but appears to be changing direction. The Trojan now has its sights on Mac OS X users, and its actions have prompted Apple to update XProtect with signatures to detect it. The Yontoo Trojan spreads on Windows by pretending to be a video codec...." --------------------------------------------- http://www.securityweek.com/windows-trojan-found-targeting-mac-os-x-users?u… *** How much difference can an ISP make over an outbreak? *** --------------------------------------------- "F-Secure works extensively with ISPs and operators. We were assisting several large operators last year during the remediation of the DNSChanger malware. There was an interesting study recently done by researchers at Georgia Tech...." --------------------------------------------- http://www.f-secure.com/weblog/archives/00002532.html *** LinkedIn Cross Site Request Forgery *** --------------------------------------------- Topic: LinkedIn Cross Site Request Forgery Risk: Low Text: INTERNET SECURITY AUDITORS ALERT 2013-001 - Original release date: January 30th, 2013 - Last revised: March ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/IO--fDEMzSQ/WLB-20… *** HP ProCurve Switch Bug Permits Cross-Site Request Forgery Attacks *** --------------------------------------------- A remote user can take actions on the target device acting as the target user. The HP ProCurve 1700-8 Switch (Model J9079A) and HP ProCurve 1700-24 Switch (Model J9080A) is affected. --------------------------------------------- http://www.securitytracker.com/id/1028339 *** Grum Spam Botnet Is Slowly Recovering After Takedown, Experts Warn *** --------------------------------------------- "In July 2012, we learned that Spamhaus, FireEye and CERT-GIB managed to shut down the command and control (C&C) servers utilized by Grum, a spam botnet that was the worlds third largest at the time. A couple of months later, FireEye experts reported that the botnets masters started reinstating its C&C servers. At the time, since there were only a couple of new servers, no major spam-related activities were identified...." --------------------------------------------- http://news.softpedia.com/news/Grum-Spam-Botnet-is-Slowly-Recovering-After-… *** WordPress WP Banners Lite Plugin "cid" Cross-Site Scripting Vulnerability *** --------------------------------------------- WordPress WP Banners Lite Plugin "cid" Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52625 *** Blog: Android Trojan Found in Targeted Attack *** --------------------------------------------- In the past, weve seen targeted attacks against Tibetan and Uyghur activists on Windows and Mac OS X platforms. Weve documented several interesting attacks which used ZIP files as well as DOC, XLS and PDF documents rigged with exploits. Several days ago, the e-mail account of a high-profile Tibetan activist was hacked and used to send targeted attacks to other activists and human rights advocates. Perhaps the most interesting part is that the attack e-mails had an APK attachment - a malicious... --------------------------------------------- http://www.securelist.com/en/blog/208194186/Android_Trojan_Found_in_Targete… *** Splunk Unspecified Cross-Site Scripting Vulnerability *** --------------------------------------------- Splunk Unspecified Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52076 *** Honeyproxy *** --------------------------------------------- HoneyProxy is a lightweight tool that allows live HTTP(S) traffic inspection and analysis. It focuses on features that are useful for malware analysis and network forensics. --------------------------------------------- http://honeyproxy.org/ *** Fehlende Schnittstelle macht Smartphone-Passwortmanager unsicher *** --------------------------------------------- Studierende der Universität Hannover haben Passwortmanager für Android-Smartphones unter die Lupe genommen. Die Manager sind zwar benutzerfreundlich, aber sichern die Passwörter nicht ausreichend ab. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2a03600b/l/0L0Sheise0Bde0Csec…

1 0

Tageszusammenfassung - Montag 25-03-2013
by Daily end-of-shift report 25 Mar '13

25 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 22-03-2013 18:00 − Montag 25-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** SANS Pen Test Berlin 2013 *** --------------------------------------------- "SANS Pen Test Berlin 2013 takes place from June 3rd to June 8th in the Radisson Blu Hotel on the bank of Berlins River Spree. SANS once again presents a world class line up of pen test training courses led by SANS globally renowned, expert instructors. As well as the unique SANS training experience, we will also be offering a series of @Night talks and social functions, plus the opportunity to take place in NetWars...." --------------------------------------------- http://www.sans.org/event/pentest-berlin-2013 *** Apple: Sicherheitslücke in Account-Recovery-Tool *** --------------------------------------------- Laut US-Berichten genügte es bis zum Freitag, die Mail-Adresse und das Geburtsdatum von Apple-ID-Inhabern zu kennen, um deren Passwort zu ersetzen. --------------------------------------------- http://heise.de.feedsportal.com/c/35207/f/653902/s/29e6e636/l/0L0Sheise0Bde… *** Bundeskriminalamt warnt vor neuem Lösegeld-Trojaner *** --------------------------------------------- Erenut ist Schadsoftware im Umlauf, die Betroffenen unterstellt, jugendpornografisches Material zu verbreiten und zu einer Geldzahlung auffordert. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/29e7d088/l/0L0Sheise0Bde0Csec… *** Schwache Schlüssel bei NetBSD *** --------------------------------------------- Eine falsch gesetzte Klammer im Programmcode von NetBSD führt dazu, dass das System schwache kryptografische Schlüssel erzeugt. Besonders betroffen sind Schlüssel für OpenSSH-Server. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/29eea8f1/l/0L0Sheise0Bde0Csec… *** Wordpress wp-video-commando Plugin XSS *** --------------------------------------------- Topic: Wordpress wp-video-commando Plugin XSS Risk: Low Text:# Exploit Title: Wordpress wp-video-commando Plugin Xss ((|)) # Vulnerability ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/lkXYceohQoo/WLB-20… *** MongoDB: Exploit im Netz, Metasploit-Modul in der Mache *** --------------------------------------------- Administratoren von MongoDB mit der Version 2.2.3 sollten so schnell wie möglich auf die aktuelle Version 2.4.1 wechseln. Es ist ein Exploit aufgetaucht, der einen serverseitigen Buffer-Overflow und Crash verursachen kann. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/29f72124/l/0L0Sheise0Bde0Csec… *** [papers] - Hacking Trust Relationships Between SIP Gateways *** --------------------------------------------- Hacking Trust Relationships Between SIP Gateways --------------------------------------------- http://www.exploit-db.com/download_pdf/24878 *** Moodle Multiple Vulnerabilities *** --------------------------------------------- Two weaknesses and multiple vulnerabilities have been reported in Moodle, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, and conduct script insertion attacks and by malicious people to disclose potentially sensitive and system information. --------------------------------------------- https://secunia.com/advisories/52691 *** Novell ZENworks Configuration Management Control Center Arbitrary File Upload Vulnerability *** --------------------------------------------- A vulnerability has been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to compromise the vulnerable system. --------------------------------------------- https://secunia.com/advisories/52784

1 0

Tageszusammenfassung - Freitag 22-03-2013
by Daily end-of-shift report 22 Mar '13

22 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 21-03-2013 18:00 − Freitag 22-03-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Symantec Enterprise Vault privilege escalation *** --------------------------------------------- Symantec Enterprise Vault privilege escalation --------------------------------------------- http://xforce.iss.net/xforce/xfdb/82989 *** Symantec NetBackup Appliance Management Console Lets Remote Authenticated Users Download Files *** --------------------------------------------- A vulnerability was reported in Symantec NetBackup Appliance. A remote authenticated user can view files on the target system. --------------------------------------------- http://www.securitytracker.com/id/1028329 *** Symantec finds Linux wiper malware used in S. Korean attacks *** --------------------------------------------- "Security vendors analyzing the code used in the cyberattacks against South Korea are finding nasty components designed to wreck infected computers. Tucked inside a piece of Windows malware used in the attacks is a component that erases Linux machines, an analysis from Symantec has found. The malware, which it called Jokra, is unusual, Symantec said. --------------------------------------------- http://www.csoonline.com/article/730574/symantec-finds-linux-wiper-malware-… *** LibreOffice 4.0.1.2 Update Spoofing *** --------------------------------------------- Topic: LibreOffice 4.0.1.2 Update Spoofing Risk: Medium Text:[waraxe-2013-SA#099] - Update Spoofing Vulnerability in LibreOffice 4.0.1.2 = Author: Janek Vind "waraxe" Date... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/5kWhqQ69Ci0/WLB-20… *** Joomla Component com_wordpress XSS Vulnerability *** --------------------------------------------- Topic: Joomla Component com_wordpress XSS Vulnerability Risk: Low Text:# Title : joomla Component com_wordpress XSS Vulnerability # Date: 2013-03-15 --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/xJniCtV-cHo/WLB-20… *** Spotted: cybercriminals working on new Western Union based 'money mule management' script *** --------------------------------------------- By Dancho Danchev Risk-forwarding is an inseparable part of the cybercrime ecosystem. Whether it's the use of malware-infected hosts as stepping-stones, the issuing of License Agreements for your latest rootkit release stating that it's meant to be tested against the customer's own systems you wish or the selling of cheap access to verified PayPal accounts.... --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/lnqwrG1Fm4A/ *** EuroForensics 2013: 4th International Forensic Sciences Conference & Exhibition *** --------------------------------------------- "4th International Forensic Sciences, Cyber Security and Surveillance Technologies Conference & Exhibition takes place in Harbiye Military Museum Istanbul, Turkey 27-29 March 2013. The 4th Euroforensics has been designed as the primary international conference and exhibition for sourcing digital forensics products, equipment and services, and to provide a complete source of education, best practice, training and networking for the entire forensics and security sector and supply chain. --------------------------------------------- http://www.forensicfocus.com/News/article/sid=2018/ *** IBM Lotus Notes Multiple Vulnerabilities *** --------------------------------------------- IBM Lotus Notes Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52599 *** RealPlayer Heap Overflow in Processing MP4 Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A vulnerability was reported in RealPlayer. A remote user can cause arbitrary code to be executed on the target user's system. --------------------------------------------- http://www.securitytracker.com/id/1028332 *** CoreFTP "DELE" Buffer Overflow Vulnerability *** --------------------------------------------- CoreFTP "DELE" Buffer Overflow Vulnerability --------------------------------------------- https://secunia.com/advisories/52736 *** Links im Tarnkleid *** --------------------------------------------- Der Link soll zu Heise führen, aber dann landet der Nutzer woanders. Der "Mouse-Over"-Test enttarnt die Umleitung nicht. auch ein Blick in den Quellcode hilft nicht gleich weiter. Links lassen sich so manipulieren, dass es im Zweifel zu spät auffällt. --------------------------------------------- http://www.heise.de/security/meldung/Links-im-Tarnkleid-1828362.html *** Privacy 101: Skype Leaks Your Location *** --------------------------------------------- The events of the past week reminded me of a privacy topic Ive been meaning to revisit: That voice-over-IP telephony service Skype constantly exposes your Internet address to the entire world, and that there are now numerous free and commercial tools that can be used to link Skype user account names to numeric Internet addresses.Related Posts:Rogue Antivirus Via Skype Phone Call?Google Adds 1-Time Passwords to Gmail, AppsThe Scrap Value of a Hacked PC, RevisitedEarn a Diploma from Scam UThe --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/pOQV1cF-XH8/ *** Apple Adds Two-Factor Authentication to iTunes Accounts *** --------------------------------------------- Apple has introduced a new two-factor authentication system designed to help protect users iTunes and App Store accounts and prevent attackers or unauthorized users from taking over users accounts. The system is similar to the one that Google has implemented for Gmail, utilizing verification codes sent via SMS. The move by Apple comes years after Google made the change with Gmail two-factor authentication in response to a series of targeted attacks against Gmail users.... --------------------------------------------- http://threatpost.com/en_us/blogs/apple-adds-two-factor-authentication-itun… *** vbulletin 4.1.5 attachment SQLI *** --------------------------------------------- Topic: vbulletin 4.1.5 attachment SQLI Risk: Medium Text:vbulletin 4.1.5 attachment SQLI examine variables came across sq-injection, as later found to be inherent to all vbulletin ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/8PX5zvE7-bM/WLB-20… *** vBulletin x.x.x Customer Area 0day *** --------------------------------------------- Topic: vBulletin x.x.x Customer Area 0day Risk: Medium Text:vBulletin x.x.x Customer Area 0day - vBulletin x.x.x Customer Area 0day Perl script got leaked so decided ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/nLzgCibjUrQ/WLB-20… *** vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day *** --------------------------------------------- Topic: vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day Risk: Medium Text:vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day ************************************************** ************... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ovrdpW5le4o/WLB-20…

1 0

Tageszusammenfassung - Donnerstag 21-03-2013
by Daily end-of-shift report 21 Mar '13

21 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 20-03-2013 18:00 − Donnerstag 21-03-2013 18:00 Handler: Robert Waldner Co-Handler: Christian Wojner *** AMD Catalyst Control Center Update Spoofing Vulnerability *** --------------------------------------------- AMD Catalyst Control Center Update Spoofing Vulnerability --------------------------------------------- https://secunia.com/advisories/52696 *** tokend (Apple, Gemalto) privacy leak & arbitrary file creation *** --------------------------------------------- Topic: tokend (Apple, Gemalto) privacy leak & arbitrary file creation Risk: High Text:Tokend is a module for OS X CDSA/Keychain subsystem for accessing smart cards. It acts as a bridge between the apple KeyChain ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/EQ1oxqfYnQA/WLB-20… *** OpenSC.tokend privacy leak & arbitrary file creation *** --------------------------------------------- Topic: OpenSC.tokend privacy leak & arbitrary file creation Risk: High Text:OpenSC.tokend (1,2) is a Tokend module for OS X CDSA/Keychain subsystem for accessing smart cards. As is common in such bridge... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/QSRbtZTKohQ/WLB-20… *** Linux Kernel kvm Multiple Vulns *** --------------------------------------------- Topic: Linux Kernel kvm Multiple Vulns Risk: High Text:* CVE-2013-1796 Description of the problem: If the guest sets the GPA of the time_page so that the request to update the tim... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ajIh5W6bo-g/WLB-20… *** Resilient Cyber Systems Symposium (Resilience Week 2013) *** --------------------------------------------- "Announcement and call for papers for the 1st International Symposium on Resilient Cyber Systems, which will be held as part of the Resilience Week in San Francisco, in August 2013. Topics of Interest include:- Resilient Cyber Frameworks and Architectures: multi-agent systems for monitoring and control, supervisory control and data acquisition, distributed sense making and coordination- Moving Target Defense: Moving target defense technologies, evaluation metrics, visualization and command --------------------------------------------- http://cybersystems2013.inl.gov/ *** Another iPhone passcode bypass spell revealed *** --------------------------------------------- Turn off Siri, remove SIM, add unicorn blood, phone and contacts are yours Apples recent release of iOS 6.1.3, complete with fix for the weird keypress sequence that allowed access to and export of iPhone address books, seems to have been just a little bit futile after a new bug with the same effects emerged.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/03/21/another_mag… *** libvirt Group Privileges Error Lets Local Users Modify Certain Files on the Target System *** --------------------------------------------- A vulnerability was reported in libvirt. A local user can modify certain files on the target system. --------------------------------------------- http://www.securitytracker.com/id/1028323 *** Linux Kernel i915 driver in the Direct Rendering Manager Integer Overflow *** --------------------------------------------- Topic: Linux Kernel i915 driver in the Direct Rendering Manager Integer Overflow Risk: Medium Text:It is possible to wrap the counter used to allocate the buffer for relocation copies. This could lead to heap writing overflow... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/uuWQ-E59VLw/WLB-20… *** Drupal Views Module View Configuration Fields Script Insertion Vulnerabilities *** --------------------------------------------- Drupal Views Module View Configuration Fields Script Insertion Vulnerabilities --------------------------------------------- https://secunia.com/advisories/51540 *** IBM Rational ClearQuest reflected cross-site scripting *** --------------------------------------------- IBM Rational ClearQuest reflected cross-site scripting --------------------------------------------- http://xforce.iss.net/xforce/xfdb/80061

1 0

Tageszusammenfassung - Mittwoch 20-03-2013
by Daily end-of-shift report 20 Mar '13

20 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 19-03-2013 18:00 − Mittwoch 20-03-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Security firm publishes details about Java issue, asks for second opinion *** --------------------------------------------- "Making good on their promise, Security Exploration has published technical details about a Java issue that they consider to be a security vulnerability, but Oracle has categorized as demonstrating "allowed behavior"."As of Mar 18, 2013 no information was received from Oracle that would indicate that Issue 54 is treated by the company as a security vulnerability," they wrote on Monday. ..." --------------------------------------------- http://www.net-security.org/secworld.php?id=14617 *** Google fully implements security feature on DNS lookups *** --------------------------------------------- "Google has fully implemented a security feature that ensures a person looking up a website isnt inadvertently directed to a fake one. The Internet company has run its own free public Domain Name System (DNS) lookup service, called Public DNS, since 2009. DNS lookups are required to translate a domain name, such as www...." --------------------------------------------- http://www.computerworld.com.au/article/456804/google_fully_implements_secu… *** Samsung Android Remote Owning Devices *youtube *** --------------------------------------------- Topic: Samsung Android Remote Owning Devices *youtube Risk: High Text:I was planning to open a blog since some months, but I decided to do it only now, to summarize some of the findings of a quick ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/zRL6QVbdylE/WLB-20… *** Strategie zu Cyberkriminalität beschlossen *** --------------------------------------------- Regierung will sich künftig besser koordinieren --------------------------------------------- http://futurezone.at/netzpolitik/14759-strategie-zu-cyberkriminalitaet-besc… *** CVSS Security-Bug Rating System Gets A Makeover *** --------------------------------------------- "In 2005, three companies--Cisco, Qualys and Symantec--announced the Common Vulnerability Scoring System (CVSS) as a way to rank the security impact of software flaws and the potential risks they posed to companies. In theory, the flaw scoring system aims to give security professionals, researchers and software vendors a repeatable way to rank the severity of a vulnerability by measuring the issues base exploitability, how that evolves over time, and the impact the security bug has on the --------------------------------------------- http://www.darkreading.com/vulnerability-management/167901026/security/secu… *** MySQL yaSSL Two Buffer Overflow Vulnerabilities *** --------------------------------------------- MySQL yaSSL Two Buffer Overflow Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52445 *** Linux Kernel ext3 Message Logging Format String Vulnerabilities *** --------------------------------------------- Linux Kernel ext3 Message Logging Format String Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52661 *** IBM WebSphere Commerce password information disclosure *** --------------------------------------------- IBM WebSphere Commerce password information disclosure --------------------------------------------- http://xforce.iss.net/xforce/xfdb/80206 *** Google Picasa BMP and TIFF Images Processing Vulnerabilities *** --------------------------------------------- Google Picasa BMP and TIFF Images Processing Vulnerabilities --------------------------------------------- https://secunia.com/advisories/51652

1 0

Tageszusammenfassung - Dienstag 19-03-2013
by Daily end-of-shift report 19 Mar '13

19 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 18-03-2013 18:00 − Dienstag 19-03-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** EA Origin vuln puts players at risk *** --------------------------------------------- Game platform allows remote exploits, millions vulnerable A flaw in EAs Origin game store puts its 40 million or so users at risk of remote execution vulnerabilities… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/03/19/ea_origin_b… *** Vuln: Cisco IOS and IOS XE Insecure Password Hash Weakness *** --------------------------------------------- Cisco IOS and IOS XE Insecure Password Hash Weakness --------------------------------------------- http://www.securityfocus.com/bid/58557 *** Oracle Automated Service Manager Unsafe Temporary Files Let Local Users Modify Files on the Target System. *** --------------------------------------------- A vulnerability was reported in Oracle Automated Service Manager. A local user can modify files on the target system. --------------------------------------------- http://www.securitytracker.com/id/1028310 *** Siemens SIMATIC WinCC TIA Portal Multiple Vulnerabilities *** --------------------------------------------- Siemens SIMATIC WinCC TIA Portal Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52646 *** McAfee Vulnerability Manager Unspecified Cross-Site Scripting Vulnerability *** --------------------------------------------- McAfee Vulnerability Manager Unspecified Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52688 *** Joomla! RSFiles! Component "cid" SQL Injection Vulnerability *** --------------------------------------------- Joomla! RSFiles! Component "cid" SQL Injection Vulnerability --------------------------------------------- https://secunia.com/advisories/52668 *** Ruby on Rails Multiple Vulnerabilities *** --------------------------------------------- Ruby on Rails Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52656 *** IBM WebSphere Application Server Multiple Java Vulnerabilities *** --------------------------------------------- IBM WebSphere Application Server Multiple Java Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52703 *** Aruba Mobility Controller Administration WebUI SSID Script Insertion Vulnerability *** --------------------------------------------- Aruba Mobility Controller Administration WebUI SSID Script Insertion Vulnerability --------------------------------------------- https://secunia.com/advisories/52690 *** [webapps] - ViewGit 0.0.6 - Multiple XSS Vulnerabilities *** --------------------------------------------- ViewGit 0.0.6 - Multiple XSS Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24862 *** [webapps] - WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability *** --------------------------------------------- WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability --------------------------------------------- http://www.exploit-db.com/exploits/24859 *** Botnetz scannt das Internet mit Hilfe von gehackten Endgeräten *** --------------------------------------------- Ein Hacker hat einen eigenen "Internet Census 2012" mittels eines extra dafür eingerichteten Botnetzes erstellt. Ergebnis der Aktion: 420 Millionen aktive Geräte antworten auf Anfragen - und jede Menge Sicherheitslecks kommen ans Licht. --------------------------------------------- http://www.heise.de/newsticker/meldung/Botnetz-scannt-das-Internet-mit-Hilf… *** Bugtraq: VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) *** --------------------------------------------- VUPEN Security Research - Mozilla Firefox "nsHTMLEditRules" Use-After-Free (MFSA-2013-29 / CVE-2013-0787) --------------------------------------------- http://www.securityfocus.com/archive/1/526050

1 0

Tageszusammenfassung - Montag 18-03-2013
by Daily end-of-shift report 18 Mar '13

18 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 15-03-2013 18:00 − Montag 18-03-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Expert: Social Networks Targeted for Drive-By Exploits *** --------------------------------------------- "Malware was spread in unique ways in 2012, particularly through drive-by exploits. In 2013, organizations can expect more exploits targeting social networks, says Adam Kujawa of anti-malware vendor Malwarebytes."The method in which the links to drive-bys have been spread was pretty unique [in 2012]," says Kujawa, a malware intelligence analyst. "We can see that moving over into 2013."Kujawa says cybercriminals are increasingly targeting social networking sites and --------------------------------------------- http://www.govinfosecurity.com/malware-emerging-trends-a-5598 *** The World Has No Room For Cowards *** --------------------------------------------- Its not often that one has the opportunity to be the target of a kinetic and cyber attack at the same time. But that is exactly whats happened to me and my Web site over the past 24 hours. On Thursday afternoon, my site was the target of a fairly massive denial of service attack. That attack was punctuated by a visit from a heavily armed local police unit that was tricked into responding to a 911 call spoofed to look like it came from my home. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/uD9Evlztjaw/ *** Debian Security Advisory DSA-2649 lighttpd *** --------------------------------------------- fixed socket name in world-writable directory --------------------------------------------- http://www.debian.org/security/2013/dsa-2649 *** Sicherheitsunternehmen analysiert Angriffe auf Industriesteuerungen *** --------------------------------------------- Auf der Security-Konferenz Black Hat Europe stellte Trend Micro einen Forschungsbericht über einen einen Praxisversuch vor und zeigt, von wo aus und auf welche Art industrielle Systeme mit Malware angegriffen werden. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsunternehmen-analysiert-Angr… *** Analysis of the Booter.TW *** --------------------------------------------- "Earlier this week, famous InfoSec blogger Brian Krebs website suffered from a denial of service attack that knocked it offline. Following the attack Brian posted an article, "The World has No Room for Cowards", which detailed how he had been SWATed following the attacks against his site. In his article he talked about some of the indicators of who may be behind the attack...." --------------------------------------------- http://www.reversecurity.com/2013/03/analysis-of-bootertw.html *** Android malware analysis tool *** --------------------------------------------- "Bluebox Labs announced Dexter, a free tool to help researchers and enterprise security teams analyze applications for malware and vulnerabilities. The Dexter platform provides software architecture information presented through a web-based user interface...." --------------------------------------------- http://www.net-security.org/secworld.php?id=14605 *** You Only Click Twice: FinFisher's Global Proliferation *** --------------------------------------------- This post describes the results of a comprehensive global Internet scan for the command and control servers of FinFisher's surveillance software. It also details the discovery of a campaign using FinFisher in Ethiopia used to target individuals linked to an opposition group. --------------------------------------------- https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proli… *** Online Security Tools (Malware, Sandboxes, Hash Checking, Cracking, DNSBL, SSL, BGP) *** --------------------------------------------- Some readers and friends convinced me recently to start posting some articles in english as well - to reach a wider audience. Lets start with a quick post containing a list of very useful online security tools. The services are very useful for incident responders, forensicators and security information practitioners. --------------------------------------------- http://sseguranca.blogspot.fr/2012/03/online-security-tools-malware-sandbox… *** Bugtraq: [SECURITY] [DSA 2646-1] typo3-src security update *** --------------------------------------------- [SECURITY] [DSA 2646-1] typo3-src security update --------------------------------------------- http://www.securityfocus.com/archive/1/526030 *** From Russia With Bots: Finding The Source Of Cyber Attacks *** --------------------------------------------- While media and government source continue to allude to China as the biggest source of cyber attacks hitting innocent servers on the Internet, recent evidence instead suggests it's the Russian Federation that's king of the cyber attack mountain. --------------------------------------------- http://readwrite.com/2013/03/18/from-russia-with-bots-finding-the-source-of…

1 0

Tageszusammenfassung - Freitag 15-03-2013
by Daily end-of-shift report 15 Mar '13

15 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 14-03-2013 18:00 − Freitag 15-03-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Vulnerability Summary for the Week of March 4, 2013 *** --------------------------------------------- "The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains --------------------------------------------- http://www.us-cert.gov/ncas/bulletins/SB13-070 *** Debian Security Advisory DSA-2644 wireshark *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2644 *** Open-Xchange Server 6 - Multiple Vulnerabilities *** --------------------------------------------- Open-Xchange Server 6 - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24791 *** Mac OS X 10.8.3 steht bereit *** --------------------------------------------- Seit November testete Apple die nächste Version von Mountain Lion in Entwicklerkreisen schon, nun ist der Download für die Allgemeinheit verfügbar. Für Snow Leopard und Lion steht außerdem ein Sicherheitsupdate-Paket bereit. --------------------------------------------- http://www.heise.de/security/meldung/Mac-OS-X-10-8-3-steht-bereit-1823278.h… *** You've Been Hacked, But For How Long? *** --------------------------------------------- One of the big themes at the recent RSA Conference was awareness of threats already inside the network. The way you learn about these threats and lower your 'Mean Time To Know' (MTTW) about an intrusion is with profile-based network monitoring. --------------------------------------------- http://www.darkreading.com/blog/240150779/you-ve-been-hacked-but-for-how-lo… *** Security appliances are riddled with serious vulnerabilities, researcher says *** --------------------------------------------- The majority of email and Web gateways, firewalls, remote access servers, UTM (united threat management) systems and other security appliances have serious vulnerabilities, according to a security researcher who analyzed products from multiple vendors. --------------------------------------------- http://www.techworld.com.au/article/456433/security_appliances_riddled_seri… *** Trend Micro dupes wannabe hackers with honeypot scam *** --------------------------------------------- "Security firm Trend Micro has duped hackers into attacking fake industrial control systems (ICS), collecting invaluable data on their attack methods and goals and revealing surprising insights on the UKs hacking scene. The research was revealed at Blackhat Europe 2013 in Amsterdam on Friday and is the result of a collaborative project between Trend Micro and Scada security researcher Kyle Wilhoit. --------------------------------------------- http://www.v3.co.uk/v3-uk/news/2254867/trend-micro-dupes-wannabe-hackers-wi… *** UMTS-Sticks von Huawei gefährden Sicherheit der Nutzer *** --------------------------------------------- Ein russischer Hacker hat die Treiber-Software der UMTS-Sticks von Huawei untersucht. Ergebnis: zahlreiche Schwachstellen, die es Angreifern leicht machen, die Rechner der Stick-Nutzer zu infizieren. Auch eine massenhafte Infektion ist denkbar. --------------------------------------------- http://www.heise.de/security/meldung/UMTS-Sticks-von-Huawei-gefaehrden-Sich… *** Der Feind in meinem Dock *** --------------------------------------------- In Notebook-Docks von Dell ist noch viel Platz. Ein Sicherheitsforscher hat darin einen Mini-PC untergebracht, der Netzwerkverkehr, Audio- und Videosignale sowie USB-Datenverkehr des angedockten Notebooks ausspioniert. --------------------------------------------- http://www.heise.de/security/meldung/Der-Feind-in-meinem-Dock-1823723.html *** Highlights from BlackHat Europe 2013 in Amsterdam *** --------------------------------------------- Every year as Europe wakes up from the cold winter to the warm days of spring, BlackHat traditionally descends to Amsterdam. This year's conference is taking place on March 14-15 at the NH Grand Hotel Krasnapolsky, right Dam Square, the heart of Amsterdam. As spring doesn't necessarily equal warm days here in Europe right now, the 500 or so BlackHat participants hit the conference rooms to attend quite a few interesting talks. Here's a summary of the best talks at BlackHat Europe --------------------------------------------- http://www.securelist.com/en/blog/208194175/Highlights_from_BlackHat_Europe… *** TeamViewer authentication protocol *** --------------------------------------------- When a coworker recently gave me access to his system he recommended I use TeamViewer. TeamViewer is a free tool that is used to set up and use a VPN connection as well as allowing the user to remotely take control of another person's computer from their system. Given that it was my first time using this software, I decided to take a peek at the traffic. --------------------------------------------- http://blog.accuvantlabs.com/blog/bthomas/teamviewer-authentication-protocol *** Seagate blog compromised, leads to Blackhole and malware *** --------------------------------------------- A blog of well-known hard disk drive manufacturer Seagate has been compromised to contain malicious iFrame injections that redirect users to websites hosting the Blackhole exploit kit, warns Sophos. --------------------------------------------- http://www.net-security.org/malware_news.php?id=2440

1 0

Tageszusammenfassung - Donnerstag 14-03-2013
by Daily end-of-shift report 14 Mar '13

14 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 13-03-2013 18:00 − Donnerstag 14-03-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Heimtückische Hintertür in TP-Link-Routern *** --------------------------------------------- Quasi auf Zuruf laden einige WLAN-Router eine ausführbare Datei aus dem Netz und führen die dann auch gleich mit Root-Rechten aus. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/298834fb/l/0L0Sheise0Bde0Csec… *** Kaspersky fixt IPv6-Problem der Internet Security Suite *** --------------------------------------------- Ein einziges, etwas seltsames IPv6-Paket genügt, um einen Windows-PC mit Kasperskys Firewall zum Stillstand zu bringen. Nach der Veröffentlichung des Problems will es der Hersteller jetzt beseitigen. --------------------------------------------- http://www.heise.de/security/meldung/Kaspersky-fixt-IPv6-Problem-der-Intern… *** Mobile Drive-By Malware example *** --------------------------------------------- "Several days ago we received a complaint about javascrpt. ru. After a bit of research, we found that it tries to mimic ajax...." --------------------------------------------- http://blog.avast.com/2013/03/11/mobile-drive-by-malware-example/ *** US national vulnerability database hacked *** --------------------------------------------- Malware infection forces government vuln catalog offline The US governments online catalog of cyber-vulnerabilities has been taken offline ironically, due to a software vulnerability. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/03/14/us_malware_… *** Encryption Trojan attacks Spain and France *** --------------------------------------------- March 13, 2013 Russian anti-virus company Doctor Web has registered an ongoing massive spread of the encryption malware Trojan.ArchiveLock across PCs outside Russia. The program, dubbed Trojan.ArchiveLock.20, is infecting increasingly more computers in France and Spain. Last August, Doctor Web issued a warning about Trojan.ArchiveLock encryption malware. This program uses the archiver WinRAR to encrypt files. To spread the malware, criminals mount a brute force attack via the RDP protocol on --------------------------------------------- http://news.drweb.com/show/?i=3379&lng=en&c=9 *** Drupal Node Parameter Control 6.x Access Bypass *** --------------------------------------------- Topic: Drupal Node Parameter Control 6.x Access Bypass Risk: High Text:View online: http://drupal.org/node/1942330 * Advisory ID: DRUPAL-SA-CONTRIB-2013-034 * Project: Node Parameter Control... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/D5fwYJPc7EI/WLB-20… *** Expert Finds Way to Retrieve Facebook Authentication Token and Hack Any Account *** --------------------------------------------- "Security researcher Nir Goldshlager has identified yet another Facebook OAuth vulnerability that can be exploited to hack any account. In the attack method he presented back in February, the expert used the app_id of the Facebook Messenger to gain full access to accounts. The social media company has addressed the issue by using regex protection, but Goldshlager has discovered another method to exploit the Facebook Messenger app_id...." --------------------------------------------- http://news.softpedia.com/news/Expert-Finds-Way-to-Retrieve-Facebook-Authen… *** Cyber-attack in the Czech Republic - Thieves in the night *** --------------------------------------------- "A MYSTERIOUS wave of cyber-attacks in the Czech Republicthe most extensive in the countrys historyon March 11th briefly disabled the web site for Unicredit, a bank. Other targets have included media, banks, mobile phone operators, the stock exchange and even the Czech National Bank. All but the Unicredit attack were so-called DDoS (distributed denial of service) attacks...." --------------------------------------------- http://www.economist.com/blogs/easternapproaches/2013/03/cyber-attack-czech… *** Check Point 2013 Security Report Released *** --------------------------------------------- "The Check Point company has just released its already well known Check Point 2013 Security Report series report. The Check point 2013 Security Report examines top security threats, risky web applications that compromise network security, and loss of data caused by employees unintentionally. Based on research of 900 companies and 120,000 hours of monitored traffic, Check Points research reveals startling details of real risks faced by enterprises including:64% infected with bots91% used --------------------------------------------- http://www.felipemartins.info/2013/03/check-point-2013-security-report-rele… *** Antiviren-Software AVG hielt Systemdatei für Trojaner *** --------------------------------------------- Eine fälschlicherweise als Malware identifizierte Windows-DLL bescherte einigen AVG-Nutzern einen unruhigen Vormittag. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/299137b5/l/0L0Sheise0Bde0Csec… *** Erneuter Krypto-Angriff auf SSL/TLS-Verschlüsselung *** --------------------------------------------- Der vorgestellte Angriff auf das häufig eingesetzte Verschlüsselungsverfahren RC4 ist zwar noch nicht wirklich praktikabel, erschüttert aber das Fundament für sichere Internet-Verbindungen. --------------------------------------------- http://www.heise.de/security/meldung/Erneuter-Krypto-Angriff-auf-SSL-TLS-Ve… *** Blog: Reminder: be careful opening invoices on the 21st March *** --------------------------------------------- On March 4th we spotted a large number of unusual emails being blocked by our Linux Mail Security product. The emails all contained the same PDF attachment but were being sent from many different source addresses. --------------------------------------------- http://www.securelist.com/en/blog/837/Reminder_be_careful_opening_invoices_… *** Microsoft continues to focus on security in their products *** --------------------------------------------- "86% of vulnerabilities discovered in the most popular 50 programs in 2012 were in non-Microsoft (or third-party) programs. The result was published today in the Secunia Vulnerability Review 2013 that analyzes the evolution of software vulnerabilities from a global, industry, enterprise, and endpoint perspective. The identified 86% represent an increase from 2011, when non-Microsoft programs represented 78% of vulnerabilities discovered in the Top 50 most popular programs...." --------------------------------------------- http://www.net-security.org/secworld.php?id=14595

1 0

Tageszusammenfassung - Mittwoch 13-03-2013
by Daily end-of-shift report 13 Mar '13

13 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 12-03-2013 18:00 − Mittwoch 13-03-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** MS13-026 - Important : Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682) - Version: 1.0 *** --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-026 *** MS13-003 - Important : Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552) - Version: 2.0 *** --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-003 *** Flash: Unseren monatlichen Patch gib uns heute *** --------------------------------------------- Adobe veröffentlicht wieder Sicherheits-Updates für den Flash-Player, diesmal ausnahmsweise nicht außer der Reihe. Eine wesentliche Lücke bleibt dabei aber ungestopft. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/297e24e3/l/0L0Sheise0Bde0Csec… *** ASUS RT-N66U multiple vulns *** --------------------------------------------- Topic: ASUS RT-N66U multiple vulns Risk: Medium Text:Vulnerable product: ASUS RT-N66U Vulnerabilities: - Linux 2.6.22.19 - Old libraries and executables Interesting vulnerabili... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/o7EbpwGc_yk/WLB-20… *** Google rolls out initiative to help hacked sites *** --------------------------------------------- "With its new informational series, the Web giant aims to answer questions about why a site was hacked, what malware may have been used, and how to wipe the site clean of bugs. Its not pretty when a Web site gets a "this site may be compromised" or "this site may harm your computer" status note. Many webmasters and Web site owners can be at a loss of what to do in these situations...." --------------------------------------------- http://news.cnet.com/8301-1023_3-57573986-93/google-rolls-out-initiative-to… *** Security-Linux Kali tritt Nachfolge von BackTrack an *** --------------------------------------------- Mit einer neuen Tool-Auswahl und einem modernen Linux-Unterbau lässt Kali die Altlasten von BackTrack hinter sich. Die Distribution für Pentester, Admins und Forensiker steht ab sofort zum Download bereit. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2983f19a/l/0L0Sheise0Bde0Csec… *** Security agency tells Europe to find alternative to risky email *** --------------------------------------------- "European governments and businesses should investigate alternative communication channels to e-mail in the longer term after a string of alarming attacks, the EUs cyber security agency warned today (13 March) in a special alert. The European Network and Information Security Agency (ENISA) issued the so-called Flash Note in the wake of recent major cyber-attacks, calling for Europes businesses and governments to take urgent action to combat emerging cyber-attack trends. The report cites... --------------------------------------------- http://www.euractiv.com/infosociety/security-agency-tells-europe-fin-news-5… *** Exploit Kit Distribution in the Wild *** --------------------------------------------- Have you ever wondered which exploit kits are the most prevalent?We have been tracking several exploit kits that we have identified these past few months and its interesting to see which gets the biggest chunk of the pie:56% of the coverage is owned by only three exploit kits: Blackhole, Sweet Orange, and Cool.Blackhole, a kit that has been around for almost three years, is still keeping a strong presence at no. 1 with 27% of the exploit kit coverage. Followed by Sweet Orange with 18% and Cool... --------------------------------------------- http://www.f-secure.com/weblog/archives/00002522.html *** (IN)SECURE Magazine Issue 37 released *** --------------------------------------------- "IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. Issue #37 has just been released - download the magazine! The articles in this issue include:Becoming a malware analystReview: Nipper StudioFive questions for Microsofts Chief Privacy OfficerApplication security testing for AJAX and JSONPenetrating and achieving persistence in highly secured networksReport: RSA Conference 2013Social engineering: An underestimated... --------------------------------------------- http://www.net-security.org/insecuremag.php *** Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1, (Wed, Mar 13th) *** --------------------------------------------- At Shmoocon 2013 Jake Williams (@MalwareJake) and I gave a presentation entitled Wipe the Drive. The point of the presentation was that you should always wipe the drive and reinstall the OS after a confirmed malware infection. We all know wiping the drive is the safest move but there are business pressures to simply remove the known malware and move on. Also, because we are security professionals there is often an expectation that we are able to remove all the malware. But, in my and Jakes... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15394&rss *** Bugtraq: Open-Xchange Security Advisory 2013-03-13 *** --------------------------------------------- http://www.securityfocus.com/archive/1/525979 *** Bugtraq: SEC Consult SA-20130313-0 :: QlikView Desktop Client Integer Overflow *** --------------------------------------------- http://www.securityfocus.com/archive/1/525980 *** Issue with SWFUploader Could Lead to XSS Vulnerabilities, Content Spoofing *** --------------------------------------------- Many versions of SWFUpload – an applet that combines Flash and JavaScript that’s used in millions of websites, including WordPress sites– are vulnerable to content spoofing and a cross-site scripting vulnerability that could lead to the takeover of accounts, according to reports this week. --------------------------------------------- https://threatpost.com/en_us/blogs/issue-swfuploader-could-lead-xss-vulnera…

1 0

Tageszusammenfassung - Dienstag 12-03-2013
by Daily end-of-shift report 12 Mar '13

12 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 11-03-2013 18:00 − Dienstag 12-03-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Improving the security for Android embedded systems *** --------------------------------------------- "McAfee has delivered a whitelisting security solution for Android based embedded systems. McAfee Application Control for Android resides in the Android kernel, embedded in the operating system and provides protection from the installation or execution of a malicious application on an Android-based device. McAfee also provides protection at the application layer to Android devices...." --------------------------------------------- http://www.net-security.org/secworld.php?id=14574 *** Blacklist NJABL geht außer Betrieb *** --------------------------------------------- Die Anti-Spam-Blacklist NJABL hat ihre Datenbasis bereits ausgeblendet. Verantwortlichen von Mailservern, die sie dennoch weiterhin abfragen, droht Ungemach, sobald der Hoster auch die Namensdienst-Einträge abklemmt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2971dffa/l/0L0Sheise0Bde0Csec… *** Australien: Hackerangriffe auf die Zentralbank *** --------------------------------------------- Australische Medien berichten von Hackerangriffen auf die Zentralbank des Landes und sprechen dabei von Spuren nach China und kompromittierten Informationen. Die Zentralbank bestätigt, dass es Cyberattacken gab, sonst nichts. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2971ee42/l/0L0Sheise0Bde0Csec… *** Google Docs CSRF & Clickjacking *** --------------------------------------------- Topic: Google Docs CSRF & Clickjacking Risk: Medium Text:CSRF & Clickjacking : Google Document, Drawing, Forms, Spreadsheet, Presentation Attacker can create Google Document, Dra... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/K1SfuqKrTTM/WLB-20… *** Vuln: Piwik Unspecified Cross Site Scripting Vulnerability *** --------------------------------------------- Piwik Unspecified Cross Site Scripting Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58392 *** TinyMCE XSS Vulnerability *** --------------------------------------------- Topic: TinyMCE XSS Vulnerability Risk: Low Text:Vulnerability Report Author: Justin C. Klein Keane Date: 5 March, 2013 CVE-2012-4230 Descrip... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/vAEUomxc8S8/WLB-20… *** Windows 8: Flash als Standard *** --------------------------------------------- Der Internet Explorer unter Windows 8 und RT soll wesentlich mehr Flash-Inhalte per default zulassen. Damit rückt der Software-Hersteller noch weiter von seiner bisherigen Linie bei der Flash-Unterstützung ab. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2977bea5/l/0L0Sheise0Bde0Csec… *** Chess CAPTCHA - a serious defence against spammers? *** --------------------------------------------- "CAPTCHAs - the questions that a website asks you to answer to prove if youre a human being or not - come in many shapes and forms. Although they most commonly ask you to decipher some words hidden in a distorted graphic, there are more elaborate versions which can ask you to solve some complicated mathematical calculation or ask you to add toppings to a pizza in an attempt to stop automated bots leaving spammy messages...." --------------------------------------------- http://nakedsecurity.sophos.com/2013/03/12/chess-captcha/ *** Phishing emails sent in pairs to lend authenticity, says training company *** --------------------------------------------- "Phishing emails are now being deployed in pairs to create the illusion of authenticity, says security awareness training firm PhishMe. Phishing emails try to trick the recipient into doing something risky by disguising malicious attachments or links in seemingly genuine content. In this new type of phishing email campaign, attackers typically send out a benign email that contains nothing harmful and does not ask for any information or response from the recipient...." --------------------------------------------- http://www.computerweekly.com/news/2240179364/Phishing-emails-sent-in-pairs… *** Google Play: Potentially Unwanted *** --------------------------------------------- Google Play has a problem and it isnt malware.Depending on location, Potentially Unwanted Applications (PUA) can be rather difficult to avoid.Heres a screenshot of User Reviews from a "weather widget" application:In English (both U.S. and U.K.), there are eight user reviews. Just eight. Even if you click on a link to "Read All User Reviews".But if you use the Danish UI this is one additional review youll see:And its good that Danes can see it, because the --------------------------------------------- http://www.f-secure.com/weblog/archives/00002521.html

1 0

Tageszusammenfassung - Montag 11-03-2013
by Daily end-of-shift report 11 Mar '13

11 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 08-03-2013 18:00 − Montag 11-03-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Yahoo! webmail! hijacks! are! back!... *** --------------------------------------------- Didnt! they! fix! that?! Yahoo! has blamed cross-site scripting security bugs, which it claims to have squashed, for a recent upsurge in webmail account takeovers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/03/08/yahoo_webma… *** Pwn2Own ends with all attackers winning *** --------------------------------------------- "The Pwn2Own competition at CanSecWest has come to an end with the second day being like the first day. No web browser plugin survived being attacked and Adobe Flash, Adobe Reader XI and Java were all successfully hacked. Vupen security, who had demonstrated exploits of Internet Explorer 10, Firefox and Java on day one, returned with an exploit for Adobe Flash...." --------------------------------------------- http://www.h-online.com/open/news/item/Pwn2Own-ends-with-all-attackers-winn… *** DNS Hijack Leads To Bitcoin Heist *** --------------------------------------------- First time accepted submitter FearTheFez writes "Social Engineering and poor DNS Security lead to a Bitcoin heist worth about $12000. Bitcoin broker Bitinstant was robbed after thieves managed to take over ownership of their domains. While Bitinstant claims that no customers lost any money, without 2 factor authentication all it took was a place of birth and a mothers maiden name to gain access. This looks like poor security from everyone involved." --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/_Jp5n8Dt8jA/story01.htm *** Trend Micro Examines Asprox Botnet *** --------------------------------------------- "TrendLabs recently published a research paper providing a detailed look at the Asprox botnet, which delivers malware via spam e-mails that claim to come from package delivery companies like FedEx, DHL, and the U.S. Postal Service."While Asprox has only been mentioned sporadically in the past few years, other spam campaigns with similar tactics as well as fake ticket scams using well-known airlines like Delta and American Airlines have received significant attention," --------------------------------------------- http://www.esecurityplanet.com/malware/trend-micro-examines-asprox-botnet.h… *** Raspberry Pi Hit by Cyber Attack (DDoS) *** --------------------------------------------- It's sad to see the Raspberry Pi Foundation, a charity with a good cause at its heart, has been the focus of a vicious attack. This stunt goes to highlight the unfortunate fact that any organisation, of any size and nature, is vulnerable. --------------------------------------------- http://www.esecurityplanet.com/network-security/raspberry-pi-hit-by-cyber-a… *** ICS-CERT sums up 2012 cyber security response activities *** --------------------------------------------- "The Industrial Control System Cyber Emergency Response Team (ICS-CERT) issued on March 7 a report on its activities in 2012. ICS-CERT provides Cyber security evaluations to support the reliability and resiliency of the systems that comprise and interconnect critical infrastructures. It develops and implements coordinated security measures in collaboration with partners from across public, private and international communities...." --------------------------------------------- http://www.gsnmagazine.com/node/28699?c=cyber_security *** Zimmerspion SmartTV *** --------------------------------------------- Ein Sicherheitsforscher hat SmartTVs von Samsung so manipuliert, dass er ihre Webcam zur Raumüberwachung nutzen konnte während der Fernseher augenscheinlich ausgeschaltet war. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/296010ec/l/0L0Sheise0Bde0Csec… *** Think your internet password is safe? Think again... *** --------------------------------------------- "Are you one of those naive types who believes that choosing the name of your first pet as an internet password is going to protect you from hacking and fraud? Be very, very afraid, warns Memphis Barker, who has discovered some deeply unsettling facts about the increasing sophistication of data breaches...." --------------------------------------------- http://www.independent.co.uk/life-style/gadgets-and-tech/features/think-you… *** Debian Security Advisory DSA-2642 sudo *** --------------------------------------------- several issues --------------------------------------------- http://www.debian.org/security/2013/dsa-2642 *** Apple schließt kritische Lücke in App Store *** --------------------------------------------- Eine Sicherheitslücke, die Angriffe auf iOS-Geräte ermöglichte, wurde nun endlich geschlossen. Gemeldet worden war das Problem bereits vor mehr als einem halben Jahr von einem Google-Sicherheitsforscher. Bekannt gemacht wurde es aber erst jetzt. --------------------------------------------- http://futurezone.at/digitallife/14564-apple-schliesst-kritische-luecke-in-… *** WordPress plugins vulnerable to CVE-2013-1808 *** --------------------------------------------- Topic: WordPress plugins vulnerable to CVE-2013-1808 Risk: Low Text: I tested WordPress plugins to see which are vulnerable to CVE-2013-1808, because original founder of this vulnerability did not... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/qEk7pVSgvcw/WLB-20… *** Kundendaten des deutschen Avast-Distributors im Netz *** --------------------------------------------- Wer über Avast.de eine Virenschutzsoftware gekauft hat, hat ein Problem: Im Netz kursieren offenbar die Daten von über 16.000 Kunden; darunter auch Zahlungsinformationen und Passwort-Hashes. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/29698122/l/0L0Sheise0Bde0Csec… *** Vuln: Perl CVE-2013-1667 Input Rehashing Denial of Service Vulnerability *** --------------------------------------------- Perl CVE-2013-1667 Input Rehashing Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58311 *** Miniduke: web based infection vector *** --------------------------------------------- Together with our partner CrySyS Lab, weve discovered two new, previously-unknown infection mechanisms for Miniduke. These new infection vectors rely on Java and IE vulnerabilities to infect the victims PC. --------------------------------------------- http://www.securelist.com/en/blog/208194159/Miniduke_web_based_infection_ve… *** Help Keep Threats at Bay With 'Click-to-Play' *** --------------------------------------------- Muzzling buggy and insecure Web browser plugins like Java and Flash goes a long way toward blocking attacks from drive-by downloads and hacked or malicious Web sites. But leaving them entirely unplugged from the browser is not always practical, particularly with Flash, which is used on a majority of sites. Fortunately, there is a relatively simple and effective alternative: Click-to-Play.Related Posts:How to Unplug Java from the BrowserWhat You Need to Know About the Java ExploitBlocking --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/fXtHr18Ampk/ *** Bugtraq: Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503 *** --------------------------------------------- Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503 --------------------------------------------- http://www.securityfocus.com/archive/1/525958

1 0

Tageszusammenfassung - Freitag 8-03-2013
by Daily end-of-shift report 08 Mar '13

08 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 07-03-2013 18:00 − Freitag 08-03-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Advance Notification for March 2013 - Version: 1.0 *** --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-mar *** IPv6 Focus Month: Barriers to Implementing IPv6, (Thu, Mar 7th) *** --------------------------------------------- Ive been trying for a few months now to get my lab running IPv6 natively, with mixed success. Whats standing in my way you ask? A couple of things, which in turn have further implications:... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15361&rss *** IPv6 Focus Month: Filtering ICMPv6 at the Border, (Fri, Mar 8th) *** --------------------------------------------- Paulgear1 asked on twitter: help on interpreting RFC4890. I still havent turned on IPv6 because Im not confident in my firewall. First of all, what is RFC4890 all about [1]? The RFC is considered informational, not a standard. Usual guidance for IPv4 is to not block ICMP error messages, but one can get away with blocking all ICMP messages. The situation is a bit different when it comes to ICMPv6... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15367&rss *** Bugtraq: [security bulletin] HPSBGN02854 SSRT100881 rev.1 - HP Intelligent Management Center (iMC), iMC TACACS+ Authentication Manager (TAM), and iMC User Access Manager (UAM), Cross Site Scripting (XSS), Remote Code Execution, Remote Disclosure of *** --------------------------------------------- http://www.securityfocus.com/archive/1/525928 *** More Info on Recent ICS-CERT Advisories *** --------------------------------------------- "ICS-CERT has been busy this week. They updated an alert on Tuesday and issued two advisories yesterday. In two of those three actions there were some interesting questions raised about some of the information provided, or not provided in their documents...." --------------------------------------------- http://chemical-facility-security-news.blogspot.in/2013/03/more-info-on-rec… *** What ICS-CERT Is and Isnt *** --------------------------------------------- "When ICS-CERT was created I expected a lot more. I expected analysis and insight from skilled ICS security experts. The reality is ICS-CERT is merely a coordinator of communication between vulnerability finders and the vendor...." --------------------------------------------- http://www.digitalbond.com/blog/2013/03/07/what-ics-cert-is-and-isnt/ *** Android accounted for 79% of all mobile malware in 2012 *** --------------------------------------------- "A new study has found that Googles (GOOG) mobile operating system is targeted by hackers far more than any other mobile platform. Security firm F-Secure found that Android accounted for 79% of all mobile malware in 2012, an increase from 66. 7% in 2011 and 11...." --------------------------------------------- http://bgr.com/2013/03/07/android-malware-2012-362787/ *** Vuln: CoDeSys Gateway Server Multiple Security Vulnerabilities *** --------------------------------------------- CoDeSys Gateway Server Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/58032 *** Pwn2Own: IE10, Firefox, Chrome, Reader, Java hacks land $500k *** --------------------------------------------- Googles Chrome OS withstands attack in security contest Its back to the drawing board for coders at Microsoft, Google, Adobe, Mozilla, and Oracle after entrants in the annual Pwn2Own contest waltzed off with over half a million dollars in prizes for exploiting security holes in popular software... --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/03/08/pwn2own_con… *** Bugtraq: SEC Consult SA-20130308-0 :: Multiple critical vulnerabilities in GroundWork Monitor Enterprise (part 1) *** --------------------------------------------- http://www.securityfocus.com/archive/1/525938 *** Bugtraq: SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2) *** --------------------------------------------- http://www.securityfocus.com/archive/1/525941 *** Leaked: The secret OAuth app keys to Twitters VIP lounge *** --------------------------------------------- Rogue apps could pose as micro-blogging sites Very Important Programs Twitters private OAuth login keys, used by the websites official applications to get preferential treatment from the micro-blogging site, have apparently been leaked. The secret credentials could now allow any software to masquerade as an approved Twitter client... --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/03/08/twitter_oau… *** Heads-Up - Citadel Command and Control Domains *** --------------------------------------------- "We have detected new Citadel malware activity, again coming from within large, some Dutch, organizations. These Citadel Trojans are not part of the Pobelka botnet (Dutch) that we discovered last year on September 7, 2012. From the data we have gathered so far, we believe this new campaign is running since late November 2012...." --------------------------------------------- http://www.surfright.nl/en/citadel

1 0

Tageszusammenfassung - Donnerstag 7-03-2013
by Daily end-of-shift report 07 Mar '13

07 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 06-03-2013 18:00 − Donnerstag 07-03-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Programm-Aktualisierer für kleine Unternehmen *** --------------------------------------------- Den Patch-Stand von Microsoft- sowie Drittanbieter-Programmen überprüfen die Werkzeuge von Secunia. Nun gibt es eine Version für KmU. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2946529e/l/0L0Sheise0Bde0Csec… *** D-Link fixes router vulnerabilities very quietly *** --------------------------------------------- "In November last year D-Link fixed critical vulnerabilities in its cylinder-shaped DIR-645 wireless router, but neglected to let its customers in on the secret. Users looking for firmware updates on D-Links US customer site for the router will come across a version 1. 03, dated 21 November 2012...." --------------------------------------------- http://www.h-online.com/security/news/item/D-Link-fixes-router-vulnerabilit… *** Vuln: WordPress Events Manager Plugin Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/57477 http://www.securityfocus.com/archive/1/525914 *** Java pfuscht bei Zertifikatschecks *** --------------------------------------------- Auf den Seiten der TU Chemnitz platzierten Gauner ein Java-Applet, das Rechner infizierte. Allerdings hätte das trotz digitaler Signatur nicht so einfach funktionieren sollen, weil das Zertifikat bereits gesperrt war. Aber wir reden ja von Oracle. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/29482e3c/l/0L0Sheise0Bde0Csec… *** IPv6 Focus Month: Guest Diary: Stephen Groat - Geolocation Using IPv6 Addresses, (Wed, Mar 6th) *** --------------------------------------------- [Guest Diary: Stephen Groat] [Geolocation Using IPv6 Addresses] Today we bring you a guest diary from Stephen Groat where he speaks about validating that IPv6 address tracking and monitoring are possible. IPv6 designers developed a technique called stateless address autoconfiguration (SLAAC) to reduce the administrative burden of managing the immense IPv6 address space. To most operating systems current accepted definition of SLAAC, a nodes IPv6 addresss interface identifier (IID), or host... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15349&rss *** Bugtraq: Verax NMS (CVE-2013-1350) (CVE-2013-1631) (CVE-2013-1352 (CVE-2013-1351) *** --------------------------------------------- http://www.securityfocus.com/archive/1/525907 http://www.securityfocus.com/archive/1/525918 http://www.securityfocus.com/archive/1/525917 http://www.securityfocus.com/archive/1/525916 *** 99 percent of web apps vulnerable to attack *** --------------------------------------------- "A new Cenzic report demonstrates that the overwhelming presence of web application vulnerabilities remains a constant problem, with an astounding 99 percent of applications tested revealing security risks, while additionally shedding light on pressing vulnerabilities within mobile application security. The report reveals the massive number of vulnerabilities prevalent in web and mobile applications today. It highlights the type, frequency and severity of vulnerabilities found and predicts... --------------------------------------------- http://www.net-security.org/secworld.php?id=14556 *** Ruby Entity expansion DoS vulnerability in REXML (XML bomb) *** --------------------------------------------- Topic: Ruby Entity expansion DoS vulnerability in REXML (XML bomb) Risk: Medium Text:http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/ == Unrestricted entity expansion can lead to a DoS vul... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/R4X5eZcZsGY/WLB-20… *** Heads-Up - Cybersecurity directive faces uncertain fate in Parliament *** --------------------------------------------- "EU attempts to introduce comprehensive new cybersecurity rules risk failure in the European Parliament, where senior administrators doubt the package will pass before the legislatures mandate expires, EurActiv has learned. In addition to the launch of its new over-arching Cybersecurity Strategy, the European Commission last month proposed a Directive with measures to ensure harmonised network and information security across the EU. The proposed legislation will oblige companies to be... --------------------------------------------- http://www.euractiv.com/specialreport-cybersecurity/cybersecurity-directive… *** [TYPO3-announce] Announcing TYPO3 CMS 4.5.25, 4.6.18, 4.7.10 and 6.0.4 *** --------------------------------------------- The TYPO3 Community has just released TYPO3 CMS versions 4.5.25, 4.6.18, 4.7.10 and 6.0.4, which are now ready for you to download. These versions are maintenance releases and contain bug fixes only. All packages fix one regression that has been introduced with the security releases yesterday: --------------------------------------------- http://typo3.org/news/article/typo3-cms-4525-4618-4710-and-604-released/ http://typo3.org/download/packages/ *** Cybercriminals Predicted To Expand Use Of Browser Proxies *** --------------------------------------------- "A technique for controlling a compromised systems browser, widely used in Brazilian banking schemes, will likely become popular amongst global cybercriminals in the next few years, say security experts. The technique abuses a legitimate way to control where a browser sends its requests, known as proxy auto-configuration or PAC, to take over a victims browser and send traffic--say, requests to a bank--to an attacker-controlled server instead. While the attackers still have to find a way to... --------------------------------------------- http://www.darkreading.com/advanced-threats/167901091/security/attacks-brea… *** [security bulletin] HPSBMU02849 SSRT101124 rev.1 - HP ServiceCenter, Remote Denial of Service (DoS) *** --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03680085 *** [security bulletin] HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data *** --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03684249

1 0

Tageszusammenfassung - Mittwoch 6-03-2013
by Daily end-of-shift report 06 Mar '13

06 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 05-03-2013 18:00 − Mittwoch 06-03-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** [TYPO3-announce] TYPO3 CMS Core Security Advisory TYPO3-CORE-SA-2013-001 *** --------------------------------------------- It has been discovered that the TYPO3 Core is susceptible to SQL Injection and Open Redirection For more details on the issues please read the accordant advisory --------------------------------------------- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa… *** Bugtraq: [IA32] HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting *** --------------------------------------------- [IA32] HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting --------------------------------------------- http://www.securityfocus.com/archive/1/525888 *** Vuln: Schneider Electric Products Multiple Security Vulnerabilities *** --------------------------------------------- Schneider Electric Products Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/57435 *** Blackhole outfitted with exploit for recently patched Java flaw *** --------------------------------------------- "The exploit for the recently patched CVE-2013-0431 Java vulnerability has been added to the Blackhole exploit kit, Trend Micro researchers report. The fact was discovered through the analysis of the latest PayPal-themed spam run that leads to a page hosting the exploit kit. Users are presented with a "Receipt for your PayPal payment to" email, and are urged to verify the details of the payment order by clicking on a link included in the message...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2430 *** CSA: What are 2013s top cloud security threats? *** --------------------------------------------- "The Cloud Security Alliance (CSA) has released a new report designed to examine the most pervasive security threats still threatening cloud in 2013. Called The Notorious Nine presumably using the same nomenclature that Enid Blyton employed for the protagonists of her fabled childrens books the CSA enlisted the help of industry experts, and is designed to be used in conjunction with other CSA best practice guides; Security Guidance for Critical Areas in Cloud Computing V. 3 and Security as... --------------------------------------------- http://www.cloudcomputing-news.net/news/2013/mar/04/csa-what-are-2013s-top-… *** Pwn Pad Steals the Show at RSA Cyber Security Conference in San Francisco *** --------------------------------------------- "Pwnie Express, the Vermont-based firm known for the Pwn Plug and Power Pwn, released a new appliance at RSA: the Pwn Pad. This handheld tablet allows security-and-IT-focused personnel to safely test their own network for wireless and wired security issues. The product brings an unprecedented level of ease to security testing, and has been met with critical acclaim at RSA...." --------------------------------------------- http://www.sfgate.com/business/prweb/article/Pwn-Pad-Steals-the-Show-at-RSA…

1 0

Tageszusammenfassung - Dienstag 5-03-2013
by Daily end-of-shift report 05 Mar '13

05 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 04-03-2013 18:00 − Dienstag 05-03-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** D-Link DSL-2740B (ADSL Router) Authentication Bypass *** --------------------------------------------- Topic: D-Link DSL-2740B (ADSL Router) Authentication Bypass Risk: High Text:+ + # Exploit Title : D-Link DSL-2740B (ADSL Router) Authentication Bypass # Date : 10-02-2013 #... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/2Fn9pSNqklg/WLB-20… *** Cloudflare Briefly Drops Off Internet Deflecting DDOS Attack *** --------------------------------------------- "CloudFlares Juniper routers choked on a slight programming change designed to deflect a distributed denial-of-service attack, knocking the companys services off the Internet for about an hour early Sunday morning. The San Francisco-based company provides a service that speeds up the delivery of web pages and reduces bandwidth. It also provides a suite of security tools that helps website owners identify and filter malicious traffic...." --------------------------------------------- http://www.cio.com/article/729658/Cloudflare_Briefly_Drops_Off_Internet_Def… *** Cyber Security Bulletin (SB13-063) - Vulnerability Summary for the Week of February 25, 2013 *** --------------------------------------------- "The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability... --------------------------------------------- http://www.us-cert.gov/ncas/bulletins/SB13-063 *** Vuln: OpenStack Keystone CVE-2013-0282 Security Bypass Vulnerability *** --------------------------------------------- OpenStack Keystone CVE-2013-0282 Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58033 *** Heads-UP - EU, US go separate ways on cybersecurity *** --------------------------------------------- "Europe and the United States look set to implement different approaches to cybersecurity, with Washington adopting voluntary reporting mechanisms against Brussels compulsory measures. The difference approaches threaten to create problems for companies across the two major trade blocs. President Barack Obama on 12 February issued an executive order on cybersecurity that calls for voluntary sharing of information on cyberattacks between business and government...." --------------------------------------------- http://www.euractiv.com/specialreport-cybersecurity/eu-us-set-different-app… *** Java trotz Notfall-Patch verwundbar *** --------------------------------------------- Oracle hat aktualisierte Versionen von Java 5, 6 und 7 bereitgestellt. Sie schließen zwei kritische Lücken, von denen eine bereits von Cyber-Kriminellen ausgenutzt wird. Sicher ist Java allerdings trotzdem nicht. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2936e0b6/l/0L0Sheise0Bde0Csec… *** Open standards are key for security in the cloud *** --------------------------------------------- "The current divide between proprietary and open approaches to enterprise cloud computing has implications beyond the obvious. More than just issues of cloud interoperability and data portability, open standards have benefits for user identity, authentication and security intelligence that closed or proprietary clouds threaten to compromise. Our belief is that an open cloud is a more secure one and it begins with identity...." --------------------------------------------- http://www.net-security.org/article.php?id=1812

1 0

Tageszusammenfassung - Montag 4-03-2013
by Daily end-of-shift report 04 Mar '13

04 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 01-03-2013 18:00 − Montag 04-03-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Bit9 Breach Began in July 2012 *** --------------------------------------------- Cyber espionage hackers who broke into security firm Bit9 initially breached the companys defenses in July 2012, according to evidence being gathered by security experts investigating the incident. Bit9 remains reluctant to name customers that were impacted by the intrusion, but the custom-made malicious software used in the attack was deployed last year in highly targeted attacks against U.S. Defense contractors.Related Posts:New Java 0-Day Attack Echoes Bit9 BreachSecurity Firm Bit9 Hacked, --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/T12Pp-nAeFw/ *** Exploit Sat on LA Times Website for 6 Weeks *** --------------------------------------------- The Los Angeles Times has scrubbed its Web site of malicious code that served browser exploits and malware to potentially hundreds of thousands of readers over the past six weeks.Related Posts:Amnesty International Site Serving Java ExploitWhat You Need to Know About the Java ExploitAttackers Pounce on Zero-Day Java ExploitNasty Twitter Worm OutbreakNew Java 0-Day Attack Echoes Bit9 Breach --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/6Ws9-MtXu3w/ *** Flame Windows Update Attack Could Have Been Repeated in 3 Days, Says Microsoft *** --------------------------------------------- "When the sophisticated state-sponsored espionage tool known as Flame was exposed last year, there was probably no one more concerned about the discovery than Microsoft, after realizing that the tool was signed with an unauthorized Microsoft certificate to verify its trustworthiness to victim machines. The attackers also hijacked a part of Windows Update to deliver it to targeted machines. After examining the nature of the certificate attack and everything the malicious actors needed to --------------------------------------------- http://www.wired.com/threatlevel/2013/03/flame-windows-update-copycat/ *** Apple blockiert veraltete Flash-Plug-ins in Safari *** --------------------------------------------- Apples hauseigener Browser lässt den Start alter Versionen des Flash-Plug-in nicht mehr zu. Das soll offenbar kürzlich bekanntgewordene Angriffsmöglichkeiten unterbinden. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2921880b/l/0L0Sheise0Bde0Csec… *** Notiz-Dienst Evernote wurde gehackt *** --------------------------------------------- Die Betreiber des Online-Notizbuchs haben alle Anwender aufgefordert, ihre Passwörter zu ändern, nachdem sich Kriminelle Zugang zur Benutzerdatenbank verschafft hatten. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2925520f/l/0L0Sheise0Bde0Csec… *** More Java-based malware plagues the cross-platform runtime *** --------------------------------------------- "Java cannot seem to get a break. Only a few days after patching the last zero-day vulnerability, two more exploits are being found that make use of the runtime. One, as noted by Kaspersky, is a recent exploit of the latest runtimes attempts to install a McRAT executable by overwriting memory in the JVM that will trigger the executable to run...." --------------------------------------------- http://reviews.cnet.com/8301-13727_7-57572168-263/more-java-based-malware-p… *** Kaspersky Internet Security 2013 Remote system freeze *** --------------------------------------------- Topic: Kaspersky Internet Security 2013 Remote system freeze Risk: Medium Text:I usually do not write security advisories unless absolutely necessary. This time I should, however I have neither the time,... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/MKm3MtRa-Q0/WLB-20… *** Need an army of killer zombies? Yours for just $25 per 1,000 PCs *** --------------------------------------------- Bring out your dead - theres a price per botnet head As little as $25 will buy you access to a thousand malware-infected PCs, neatly packaged as a botnet army to control or spy on. Thats according to a security researcher studying underground souks of zombie computers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/03/04/botnet_pric… *** Prices fall, services rise in malware-as-a-service market *** --------------------------------------------- "Prices are falling and the number of services is increasing as developers in the online underground compete fiercely for criminals looking to purchase botnets and other tools to mount cyber attacks. The trends in the so-called malware-as-a-service market reflect a maturing business in which any non-professional can buy or rent all the tools needed to build the malware, distribute it, and then siphon credit card and banking data and other personal information from compromised PCs. --------------------------------------------- http://www.infoworld.com/d/security/prices-fall-services-rise-in-malware-se…

1 0

Tageszusammenfassung - Freitag 1-03-2013
by Daily end-of-shift report 01 Mar '13

01 Mar '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 28-02-2013 18:00 − Freitag 01-03-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Fake Flash Player download pages pushing malware *** --------------------------------------------- "As you may already heard, Adobe has pushed out an update for Flash Player that fixes vulnerabilities discovered to be currently exploited in the wild in targeted attacks. If you havent set up automatic updating for Flash, you will have to find and download the update yourself, and the best place from which to pick it up is Adobes official Flash page. Im reiterating this because there are web pages out there that spoof Adobes legitimate one, and they are pretty well crafted (click on the... --------------------------------------------- http://www.net-security.org/malware_news.php?id=2429 *** Browser makers open local storage hole in HTML5 *** --------------------------------------------- Bad implementation of disk space limits A slip-up in the implementation of HTML5 on Chrome, Opera and Internet Explorer can be exploited to fill users’ hard drives, according to a 22-year-old Web developer from Stanford... --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/28/html_5_impl… *** Bank of America Spy Team leaked emails by Anonymous *** --------------------------------------------- "Many Bank of America spy emails available to the public. Lot of fun stuff including stuff on Sopa, Money trails, Wikileakes, Sony, Stratfor, etc... these emails have been orgnised for the public by Par:AnoIA (Potentially Alarming Research: Anonymous Intelligence Agency)..." --------------------------------------------- http://www.cyberwarzone.com/bank-america-spy-team-leaked-emails-anonymous *** PHP-Fusion 7.02.05 XSS & LFI & SQL Injection *** --------------------------------------------- Topic: PHP-Fusion 7.02.05 XSS & LFI & SQL Injection Risk: High Text:[waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05 = Author: Janek Vind "warax... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/JWjlGvtaj28/WLB-20… *** Spearphishing in your office *** --------------------------------------------- "Spear Phishing is on the rise, and many of you dont even realize its happening to you. It used to be youd get a random email from a bank you dont do business with, claiming an account security issue. Its pretty easy to figure out, But what if you get an email from your companys HR department with a policy change notification, or vacation policy update...." --------------------------------------------- http://ktar.com/153/1613505/Spearphishing-in-your-office *** Sinkholes reveal more Chinese-hacked biz - and piggybacking crims *** --------------------------------------------- Its not just state-backed spies using snoop-ware armies Researchers have identified yet more high-profile organisations attacked by spying Chinese hackers after seizing hold of the miscreants command-and-control servers... --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/03/01/sinkhole_re… *** Stuxnet, The Prequel: Earlier Version Of Cyberweapon Discovered *** --------------------------------------------- "Researchers at Symantec have identified an earlier version of the Stuxnet malware that shows that the cyberattacks on Irans Natanz nuclear plant date back as early as 2005 and targeted another piece of uranium-enrichment equipment. Symantec found what it calls Stuxnet version 0. 5 of the sophisticated cyberweapon among the samples it had collected from the version of the malware that was first discovered in the wild back in July 2010 and was created in 2009...." --------------------------------------------- http://www.darkreading.com/advanced-threats/167901091/security/news/2401495… *** How Much Does A Botnet Cost? *** --------------------------------------------- "The cost of a botnet is contingent largely upon the physical location of the malware-infected computers inside of it. Therefore, a botnet containing only American or European machines is worth more than one with machines from less prosperous nations. Security researcher Dancho Danchev recently profiled an underground botnet service and found that the market for botnets fueled by American machines is more lucrative than botnets consisting of an international hodgepodge of IP... --------------------------------------------- http://threatpost.com/en_us/blogs/how-much-does-botnet-cost-022813 *** Malwares Future Looks A Lot Like Its Present *** --------------------------------------------- "What does the future of malicious software look like? Depressingly like the present, according to a panel of leading experts. Phishing attacks, spam and even self-propagating worms will continue to plague technology users in the years ahead, just as they have for much of the last two decades, according to experts at the RSA Security Conference in San Francisco on Wednesday...." --------------------------------------------- http://securityledger.com/what-will-malware-look-like-in-a-few-years/ *** sudo authentication bypass when clock is reset *** --------------------------------------------- Topic: sudo authentication bypass when clock is reset Risk: High Text:Sudo 1.8.6p7 and 1.7.10p7 are now available which include a fix for the following bug: Sudo authentication bypass when clock... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Cg957nnlc_A/WLB-20… *** Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities *** --------------------------------------------- Topic: Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities Risk: Medium Text:Product: Piwigo Vendor: Piwigo project Vulnerable Version(s): 2.4.6 and probably prior Tested Version: 2.4.6 Vendor Notific... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/4-cD4XbHTA0/WLB-20… *** [papers] - Post XSS Exploitation: Advanced Attacks and Remedies *** --------------------------------------------- http://www.exploit-db.com/download_pdf/24559 *** And the Java 0-days just keep on coming, (Fri, Mar 1st) *** --------------------------------------------- The bad guys certainly seem to be picking on Oracle in the last month or two. The folks over at Fireeye have posted some info about another 0-day affecting Java that is being exploited in the wild. This one hits even the latest versions of Java 6u41 and 7u15. From the writeup the it seems the exploit is currently not always successful, but when it is drops a remote access trojan on the systme and connects back to an HTTP command and control server. I havent had a chance to actually look at the... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15310&rss

1 0

Tageszusammenfassung - Donnerstag 28-02-2013
by Daily end-of-shift report 28 Feb '13

28 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 27-02-2013 18:00 − Donnerstag 28-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Kelihos-Botnet ausgeknipst - Live on stage *** --------------------------------------------- Während einer Präsentation hat ein Sicherheitsforscher live die Kommunikationskanäle des Viagra-Spam-Botnets Kelihos vergiftet und das Zombie-Netzwerk damit de facto abgeschaltet. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/29084f8e/l/0L0Sheise0Bde0Csec… *** Hacking Victim Bit9 Blames SQL Injection Flaw *** --------------------------------------------- "Bit9 said a common Web application vulnerability was responsible for allowing hackers to ironically use the security vendors systems as a launch pad for attacks on other organizations. Based in Waltham, Massachusetts, the company sells a security platform that is designed in part to stop hackers from installing their own malicious software. In an embarrassing admission, Bit9 said earlier this month that it neglected to install its own software on a part of its network, which lead to the --------------------------------------------- http://www.cio.com/article/729401/Hacking_Victim_Bit9_Blames_SQL_Injection_… *** cPanel: Reset your root passwords! Hackers broke into our system *** --------------------------------------------- "Website administration firm cPanel has told The Reg that one of its proxy servers was hacked, potentially exposing customers administrator-level passwords. cPanel discovered that one of its systems, used to handle technical support tickets, was infiltrated nearly a week ago. The biz, which provides tools for managing Unix-powered websites, has urged anyone who contacted its help-desk within the last six months to change their root passwords - a credential requested in new support --------------------------------------------- http://www.theregister.co.uk/2013/02/27/cpanel_support_server_hacked/ *** Joomla! 3.0.2 PHP Object Injection *** --------------------------------------------- Topic: Joomla! 3.0.2 PHP Object Injection Risk: Medium Text: - Joomla! --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/q-jzkZbxx84/WLB-20… *** Drupal Creative Theme 7.x Cross Site Scripting *** --------------------------------------------- Topic: Drupal Creative Theme 7.x Cross Site Scripting Risk: Low Text:View online: https://drupal.org/node/1929474 * Advisory ID: DRUPAL-SA-CONTRIB-2013-024 * Project: Creative Theme [1] (t... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/SebLduXdSsE/WLB-20… *** 'MiniDuke' malware takes aim at Euro governments via Adobe *** --------------------------------------------- A new attack is targeting European governments through flaws exploited in Adobe's Reader software, according to security researchers. --------------------------------------------- http://news.cnet.com/8301-1009_3-57571571-83/miniduke-malware-takes-aim-at-… *** German Customers of PayPal, ING-DiBa Asked by Scammers to Update Accounts *** --------------------------------------------- In a brand new phishing campaign targeting Germans, scammers set their eyes on identification data of PayPal and ING customers in Germany. --------------------------------------------- http://www.hotforsecurity.com/blog/german-customers-of-paypal-ing-diba-aske… *** Moscows speed cameras knackered by MYSTERY malware *** --------------------------------------------- Infection spread from cops to traffic gear - report Malware has infected a Russian police computer network, knackering speed cameras in and around Moscow, according to reports. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/28/malware_hob… *** Vuln: Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability *** --------------------------------------------- Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58203 *** Vuln: Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability *** --------------------------------------------- Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/58207

1 0

Tageszusammenfassung - Mittwoch 27-02-2013
by Daily end-of-shift report 27 Feb '13

27 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 26-02-2013 18:00 − Mittwoch 27-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Ichitaro zero-day Vulnerability exploited in the wild, targets Japan users *** --------------------------------------------- "JustSystems Corporation, the developer of one of the top Japanese word processor Ichitaro, announced that Arbitrary code execution vulnerbility in Ichitaro is being exploited in the wild. When an user open a malicious document that exploits this vulnerability, the malware will be dropped in the victims machine. The malware can delete your data , warns JustSystems...." --------------------------------------------- http://www.ehackingnews.com/2013/02/ichitaro-zero-day-vulnerability.html *** Certified online banking trojan in the wild *** --------------------------------------------- "Jean-Ian Boutin, who works for AV firm Eset, has discovered trojans that carry a valid digital signature. This potentially allows online banking spyware to pass superficial tests as harmless. Apparently, the certificate in question was issued by the DigiCert Certificate Authority to a company that ceased to exist a long time ago...." --------------------------------------------- http://www.h-online.com/security/news/item/Certified-online-banking-trojan-… *** DSA-2632 linux-2.6 *** --------------------------------------------- privilege escalation/denial of service --------------------------------------------- http://www.debian.org/security/2013/dsa-2632 *** The email gaffe - how to control the damage *** --------------------------------------------- ""It sended!" says a distraught Gloria on TV comedy Modern Family. "Please come back."Its a familiar phrase said all too often in the tech era, where email gaffes happen every day. Take for example the story of the British bride-to-be who was humiliated after the hotel where she planned to hold her wedding described her and her fiance in an email as not "the right type of people" to stay there...." --------------------------------------------- http://www.smh.com.au/digital-life/hometech/the-email-gaffe--how-to-control… *** Schon wieder Notfall-Update für Flash-Player *** --------------------------------------------- Das Flash-Plugin wird in diesem Monat schon zum dritten Mal aktualisiert. Revision 11.6.602.171 soll zwei Lücken stopfen, die Adobe zufolge bereits aktiv ausgenutzt werden. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28ffb58c/l/0L0Sheise0Bde0Csec… *** Microsoft delivers final version of IE 10 for Windows 7 *** --------------------------------------------- "Microsoft released to the Web the final (non-test) build of Internet Explorer 10 for Windows 7 on February 26. As of today, Microsoft is making the final bits available for download from its IE site in 95 languages. (If that link doesnt work, try this one from the Microsoft Download Center.)Microsoft plans to begin auto-updating customers with Windows 7 Service Pack 1 and/or Windows Server 2008 R2 and higher with the IE10 "in the weeks ahead," officials said...." --------------------------------------------- http://www.zdnet.com/microsoft-delivers-final-version-of-ie-10-for-windows-… *** Encryption no longer seen as just an IT issue *** --------------------------------------------- "There has been a steady increase in the deployment of encryption solutions used by organizations over the past eight years. The percentage of overall IT security spending dedicated to encryption has also increased, almost doubling from 10% to 18%, demonstrating that organizations are prioritizing encryption over other security technologies, say the result of Thales Global Encryption Trends Study, released at RSA Conference 2013 in San Francisco. More than 4,000 business and IT managers --------------------------------------------- http://www.net-security.org/secworld.php?id=14493 *** The Real Story of Stuxnet *** --------------------------------------------- How Kaspersky Lab tracked down the malware that stymied Iran's nuclear-fuel enrichment program --------------------------------------------- http://beta.spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet *** Google sperrt hackende Spammer aus *** --------------------------------------------- Zusätzliche Sicherheitsmaßnahmen sollen den Missbrauch von legitimen Google-Accounts deutlich eingeschränkt haben. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/290553b0/l/0L0Sheise0Bde0Csec… *** Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of these vulnerabilities could cause an interruption of voice services.Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities&vs_ *** Helping ISPs defend customers against bot infections *** --------------------------------------------- "At RSA Conference 2013 Kindsight announced the Kindsight Botnet Security service to help Internet service providers detect botnet activity in the network and protect subscribers against bot infections (click on the screenshot to enlarge it):The solution is embedded within the service providers networks to analyze Internet traffic for communications between infected devices and the bot masters command-and-control (C&C) servers...." --------------------------------------------- http://www.net-security.org/secworld.php?id=14506

1 0

Tageszusammenfassung - Dienstag 26-02-2013
by Daily end-of-shift report 26 Feb '13

26 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 25-02-2013 18:00 − Dienstag 26-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Lücke im Linux-Kern ermöglicht Root-Rechte *** --------------------------------------------- Ein Fehler bei der Behandlung von Netlink-Nachrichten im Linux-Kernel kann dazu führen, dass ein Anwender sich Root-Rechte erschleicht. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28f137a9/l/0L0Sheise0Bde0Csec… *** Skyhigh Networks lets bosses snoop on employee cloud use *** --------------------------------------------- Big Brother for the (secure) common good RSA 2013 People have a tendency to skirt corporate IT policy and use their own applications on the network, and Skyhigh Networks thinks it has a way for IT admins to stop this from happening. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/25/skyhigh_sno… *** McAfee dumps signatures and proclaims an (almost) end to botnets *** --------------------------------------------- Claims first truly integrated security package RSA 2012 Signature-based malware identification has been around since the dawn of the computer security industry, but McAfee has said its dumping the system or rather, adapting it in an upgraded security suite which will (it claims) virtually eliminate susceptibility to botnets. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/26/mcafee_secu… *** Several Oil rigs computers infected by malware after employees downloaded P*** *** --------------------------------------------- ""Human is one of the worst vulnerable system". The recent report from Houston Chronicle is an example for this quote, several offshore oil rigs computers infected by malwares after employees downloaded P*** and Pirated contents. According to the report, the malware attacks have occurred at several offshore rigs and platforms and knocked some offline...." --------------------------------------------- http://www.ehackingnews.com/2013/02/oil-rigs-infected-by-malware.html *** Japanese gov builds APT database to study targeted attack info *** --------------------------------------------- Hopes to understand attackers MO, share info with US The Japanese government will respond to the increasing threats from targeted cyber attacks by building a centralised advanced persistent threat (APT) database designed to aggregate threat intelligence so it can be shared with domestic security organisations and foreign governments. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/26/japan_apt_d… *** Sicherheitslücke in neuester Java-Version entdeckt *** --------------------------------------------- Oracles Mitarbeiter dürften unter Dauerstress stehen. Auch die neueste Version soll eine Sicherheitslücke enthalten, gleichzeitig kursieren Exploits für die ältere Version 7u11. Nutzer sollten schleunigst updaten oder deinstallieren. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28f6819d/l/0L0Sheise0Bde0Csec… *** Google 2-step login verification flaw allows account hijacking *** --------------------------------------------- Duo Security researchers have found an easy way to bypass Google's two-step login verification by capturing a users application-specific password. --------------------------------------------- https://www.net-security.org/secworld.php?id485 *** DDoS Attacks on Banks Resume - Experts Warn Botnet Getting Stronger *** --------------------------------------------- "Izz ad-Din al-Qassam Cyber Fighters has launched a new wave of distributed-denial-of-service attacks against U.S. banks and credit unions, and experts say institutions can expect more incidents in the coming days. Just after 10 a.m. ET on Feb. 25, the opening day of RSA Conference 2013, a handful of U.S. banking institutions were reportedly targeted as part of the latest attacks...." --------------------------------------------- http://www.bankinfosecurity.com/ddos-attacks-on-banks-resume-a-5541

1 0

Tageszusammenfassung - Montag 25-02-2013
by Daily end-of-shift report 25 Feb '13

25 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 22-02-2013 18:00 − Montag 25-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** SCADA & Security of Critical Infrastructures *** --------------------------------------------- "In the last few years there has been an increase within the worldwide security community consciousness of the risks related to cyber-attacks against critical infrastructures of a countries; an event considered by principal security experts extremely likely. Probably the strongest jolt has been caused by events such as the spread of the cyber weapon Stuxnet. This represented a historic change in the conception of military conflict: by using a malicious code, an actor in cyberspace could --------------------------------------------- http://resources.infosecinstitute.com/scada-security-of-critical-infrastruc… *** How researcher Hacked Facebook OAuth To Get Full Permission On Any Facebook Account *** --------------------------------------------- "A Security Researcher Nir Goldshlager, has discovered a security flaw in Facebook that allowed him to take a full control over any Facebook account. OAuth is used by Facebook to communicate between Applications and Facebook users, Usally users must allow/accept the application request to access their account before the communication can start. Facebook application might ask for different permissions...." --------------------------------------------- http://www.ehackingnews.com/2013/02/how-researcher-hacked-facebook-oauth-to… *** Auch Rechner bei Microsoft gehackt *** --------------------------------------------- Nach Facebook, Twitter und Apple ist auch Microsoft Opfer eines Hacker-Angriffs geworden. Das gab der Konzern in einem Blog bekannt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28df5094/l/0L0Sheise0Bde0Csec… *** When web sites go bad: bible . org compromise *** --------------------------------------------- "This is more of an "awareness" item to show to coworkers and relatives that you cant be careful enough. "bible . org" is a site that offers as the name implies access to the bible and related commentary as well as translations. Sadly, earlier this week the site go appearantly compromissed...." --------------------------------------------- http://www.cyberwarzone.com/when-web-sites-go-bad-bible-org-compromise *** SQL Injection vulnerability in extension CoolURI (cooluri) *** --------------------------------------------- It has been discovered that the extension "CoolURI" (cooluri) is vulnerable to SQL Injection. --------------------------------------------- http://typo3.org/news/article/sql-injection-vulnerability-in-extension-basi… *** Several vulnerabilities in third party extensions *** --------------------------------------------- Several vulnerabilities have been found in the following third-party TYPO3 extensions: attacalendar, attacpetition, eu_subscribe, exinit_job_offer, fefilebrowser, js_css_optimizer, kk_csv2table, lonewsseo, mn_mysql2json, news_search, tipafriend_plus, twitter_auth, sofortueberweisung2commerce, sys_messages --------------------------------------------- http://typo3.org/news/article/several-vulnerabilities-in-third-party-extens… *** Oracle Enterprise Manager dBClone SQL Injection *** --------------------------------------------- Topic: Oracle Enterprise Manager dBClone SQL Injection Risk: Medium Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager (dBCl... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hJWisPeyKXY/WLB-20… *** Samsung Galaxy S3 Screen-Lock Bypass *** --------------------------------------------- Topic: Samsung Galaxy S3 Screen-Lock Bypass Risk: Medium Text:MTI Technology Vulnerability Research Team www.mti.com ukpentestinfo"at"mti.com Samsung Galaxy S3 partial screen-lock... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Ao6gcgJr_qc/WLB-20… *** Berichte: Hacker griffen Firmen und Behörden an *** --------------------------------------------- Hacker aus China haben 2012 deutsche Behörden und die Unternehmen EADS und ThyssenKrupp angegriffen, berichten Focus und Spiegel. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28e67749/l/0L0Sheise0Bde0Csec… *** Firefox to spit out third-party cookies *** --------------------------------------------- Mozilla says Apples got it more or less right The Mozilla Foundation has set up camp alongside Apple in the 'cookies are bad' section of the Internet, decreeing that three versions hence its flagship Firefox browser wont accept cookies from anyone other than the publisher of websites it visits. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/25/firefox_coo… *** Schwachstellen auf dem Silbertablett *** --------------------------------------------- Eine neue Suchmaschine namens Punkspider präsentiert die Scan-Ergebnisse der Sicherheitstests von Millionen von Web-Sites offen für jedermann. Ärger ist damit programmiert. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28eebfbc/l/0L0Sheise0Bde0Csec…

1 0

Tageszusammenfassung - Freitag 22-02-2013
by Daily end-of-shift report 22 Feb '13

22 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 21-02-2013 18:00 − Freitag 22-02-2013 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** Bugtraq: [security bulletin] HPSBMU02836 SSRT101056 rev.1 - HP ArcSight Connector Appliance and ArcSight Logger, Remote Disclosure of Information, Command Injection, Cross-Site Scripting (XSS) *** --------------------------------------------- http://www.securityfocus.com/archive/1/525764 *** Vuln: Multiple OpenStack Products Information Disclosure and Denial of Service Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/58022 *** Why You Shouldnt Use the OWASP Top 10 as a List of Software Security Requirements *** --------------------------------------------- On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. This list is available here and open for public comment - the final Top 10 list will come out in April or May. If its anything like previous years, OWASP Top 10 2013 will become the de facto yardstick that organizations use to test if their applications are secure. This is at least partially because the Payment Card Industry Data... --------------------------------------------- http://www.infosecisland.com/blogview/22951-Why-You-Shouldnt-Use-the-OWASP-… *** libxml2 and expat internal and external XML entity expansion *** --------------------------------------------- Topic: libxml2 and expat internal and external XML entity expansion Risk: High Text: So here are the CVEs for the two big ones, libxml2 and expat. Both are affected by the expansion of internal entities (which ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/v1lpK84nIpw/WLB-20… *** VMware releases new and updated security advisories, (Fri, Feb 22nd) *** --------------------------------------------- VMware has released the following new and updated security advisories: New: VMSA-2013-0003 http://www.vmware.com/security/advisories/VMSA-2013-0003.html Updated: VMSA-2012-0018 http://www.vmware.com/security/advisories/VMSA-2012-0018.html VMSA-2013-0001 http://www.vmware.com/security/advisories/VMSA-2013-0001.html Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15244&rss *** SSHD rootkit in the wild, (Thu, Feb 21st) *** --------------------------------------------- There are a lot of discussions at the moment about a SSHD rootkit hitting mainly RPM based Linux distributions. Thanks to our reader unSpawn, we received a bunch of samples of the rootkit. The rootkit is actually a trojanized library that links with SSHD and does *a lot* of nasty things to the system. At this point in time we still do not know what the initial attack vector is it is unknown how the attackers get root access on the compromised servers that is needed to change the legitimate... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15229&rss *** Risk Factory: Lets Get Physical *** --------------------------------------------- "Security issues associated with the Internet of hings (IoT)..." --------------------------------------------- http://www.slideshare.net/RichardHollis/risk-factory-lets-get-physical *** Employees May Be a Companys Greatest Cybersecurity Vulnerability *** --------------------------------------------- Apple Inc, disclosed a cyber attack Tuesday, which started when employees visited a website for software developers and inadvertently picked up malicious software that infected their computers. Similarly, Facebook announced last week that malware got onto employee laptops after some employees visited a compromised developer website. And in a recent report about hackers infiltrating systems at The New York Times, investigators came to suspect that employees opened malicious links or... --------------------------------------------- http://www.law.com/corporatecounsel/PubArticleCC.jsp?id=1202588933863&Emplo… *** Hidden security threats on enterprise networks *** --------------------------------------------- Check Point uncovered the major security risks and threats that impact organizations worldwide. Their new report examines the leading security threats, the risky web applications that compromise network security, and incidences of unintentional loss of data caused by employees. The report is based on research from 888 companies worldwide, and gives insight into the network security events that actually occurred within organizations during 2012, and the security risks that companies are... --------------------------------------------- http://www.net-security.org/secworld.php?id=14465 *** EU cyber laws should target IT suppliers security negligence *** --------------------------------------------- "Cyber security has made its ultimate mainstream breakthrough. This week, a relatively minor hack targeted at Apple not only made the BBC 10 Oclock News, but warranted a lengthy studio discussion between presenter Sophie Raworth and a BBC security correspondent. Attacks of varying sophistication and impact are becoming a near daily occurrence - and they are only the ones we hear about...." --------------------------------------------- http://www.computerweekly.com/blogs/editors-blog/2013/02/eu-cyber-laws-shou… *** Zertifizierter Online-Banking-Trojaner *** --------------------------------------------- Der AV-Hersteller Eset hat eine Reihe von Trojanern entdeckt, die mit einem gültigen Zertifikat signiert waren. Das hat der Zertifikatsherausgeber DigiCert ausgestellt – und zwar einer Firma, die es schon lang nicht mehr gibt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28d8d768/l/0L0Sheise0Bde0Csec… *** Protect your computer from hackers & viruses(Infographic) *** --------------------------------------------- http://blog.botrevolt.com/

1 0

Tageszusammenfassung - Donnerstag 21-02-2013
by Daily end-of-shift report 21 Feb '13

21 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 20-02-2013 18:00 − Donnerstag 21-02-2013 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** SANS SCADA Summit at Orlando - Bigger problems and so far from getting them solved, (Wed, Feb 20th) *** --------------------------------------------- 7 days ago finished the eight version of the SANS SCADA Summit at Orlando. Conferences were really great and it was a great opportunity to see that I am not the only CISO that is having trouble developing and implementing an information security program to the ICS world of the company. The most important conclusions obtained back there are: Operators and professionals from the industrial world does only care about the process: they want it efficient, reliable, available all the time and... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15160&rss *** Vuln: Jenkins Cross-Site Scripting, Security Bypass, and Denial of Service Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/57994 *** Vuln: Drupal Core Image Derivatives Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/58069 *** Vuln: Drupal Ubercart Views and Ubercart Modules full name field HTML Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/58065 *** Vuln: Drupal Menu Reference Module HTML Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/58067 *** Vuln: Drupal Banckle Chat Module Access Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/57942 *** Bugtraq: [CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF‏ *** --------------------------------------------- http://www.securityfocus.com/archive/1/525758

1 0

Tageszusammenfassung - Mittwoch 20-02-2013
by Daily end-of-shift report 20 Feb '13

20 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 19-02-2013 18:00 − Mittwoch 20-02-2013 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-13:01.bind *** --------------------------------------------- FreeBSD Security Advisory FreeBSD-SA-13:01.bind --------------------------------------------- http://www.securityfocus.com/archive/1/525732 *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-13:02.libc *** --------------------------------------------- FreeBSD Security Advisory FreeBSD-SA-13:02.libc --------------------------------------------- http://www.securityfocus.com/archive/1/525735 *** Oracle stopft Sicherheitslecks: Updates für Java 1.4 bis 7 *** --------------------------------------------- Oracle hat erneut ein Update für die Java-Laufzeitumgebung veröffentlicht. Es schliesst fünf Sicherheitslücken, drei davon mit der höchsten Gefährdungsstufe. Auch die Schwachstelle "Lucky 13" soll beseitigt sein. Weitere Patches sollen im April folgen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28c21278/l/0L0Sheise0Bde0Csec… *** Apple FINALLY fills gaping Java hole that pwned its own devs *** --------------------------------------------- Zero-day vuln also downed Facebook staff and other Mac users Apple has belatedly patched a security hole in the Java engine it ships with Mac OS X - the very hole exploited by hackers to infect Apples own developers, their counterparts at Facebook and scores of other Mac-using companies. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/20/apple_java_… *** CloudFlare vs Incapsula vs ModSecurity - A Comparative Penetration Testing Analysis Report *** --------------------------------------------- This document contains the results of a comparative penetration test conducted by a team of security specialists at Zero Science Lab against three 'leading' web application firewall solutions. Our goal was to bypass security controls in place, in any way we can, circumventing whatever filters they have. This report also outlines the setup and configuration process, as well as a detailed security assessment. --------------------------------------------- http://zeroscience.mk/files/wafreport2013.pdf

1 0

Tageszusammenfassung - Dienstag 19-02-2013
by Daily end-of-shift report 19 Feb '13

19 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 18-02-2013 18:00 − Dienstag 19-02-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Bugtraq: Reflective/Stored XSS in Responsive Logo Slideshow Plugin Cross-Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/525726 *** Bugtraq: Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/525724 *** Cyber Security Bulletin (SB13-049) - Vulnerability Summary for the Week of February 11, 2013 *** --------------------------------------------- "The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability --------------------------------------------- http://www.us-cert.gov/cas/bulletins/SB13-049.html *** Trust but verify: when CAs fall short *** --------------------------------------------- "Weve recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it. This whole mess stems, once again, from both a governance and a technical problem...." --------------------------------------------- http://www.securelist.com/en/blog/208194124/Trust_but_verify_when_CAs_fall_… *** [TYPO3-announce] [Ticket#2013021910000016] Security issues in several third party TYPO3 extensions including cooluri and static_info_tables *** --------------------------------------------- Several vulnerabilities have been found in the following third party TYPO3 extensions: CoolURI (cooluri) Static Info Tables (static_info_tables) Fluid Extbase Development Framework (fed) My quiz and poll (myquizpoll) RSS feed from records (push2rss_3ds) Slideshare (slideshare) WEC Discussion Forum (wec_discussion) For further information on the issue in the extension "CoolURI"... --------------------------------------------- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… *** Netzpolitik - Hackerangriff auf sparkasse.de *** --------------------------------------------- Unbekannte haben Website manipuliert --------------------------------------------- http://derstandard.at/1361240471623/Hackerangriff-auf-sparkassede

1 0

Tageszusammenfassung - Montag 18-02-2013
by Daily end-of-shift report 18 Feb '13

18 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 15-02-2013 18:00 − Montag 18-02-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Most Malware-Laden Links Came From Legitimate Sites in 2012 *** --------------------------------------------- "More malicious Websites were spotted in 2012, and most of them werent found in the seedier parts of the Internet, according to a recently released report from Websense. Nearly 85 percent of malicious Web links last year were found on legitimate hosts that had been compromised, compared to 82 percent in 2011, Websense said Tuesday in its 2013 Threat Report. Websense also found a 600 percent increase malicious websites in 2012 over 2011 levels...." --------------------------------------------- http://www.securityweek.com/most-malware-laden-links-came-legitimate-sites-… *** Vuln: IBM Lotus Domino HTTP Response Splitting and Cross Site Scripting Vulnerabilities *** --------------------------------------------- IBM Lotus Domino HTTP Response Splitting and Cross Site Scripting Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55095 *** 1st International Symposium for ICS & SCADA Cyber Security 2013 *** --------------------------------------------- "The 1st International Symposium for ICS & SCADA Cyber Security brings together researchers with an interest in the security of industrial control systems in the light of their increasing exposure to cyber-space. The topics of interests are broad, ranging from security for hardware/firmware used in industrial control systems, to system aspects of ICS such as secure architectures and vulnerability screening to the human aspects of cyber security such as behaviour modelling and training. --------------------------------------------- http://www.ics-csr.com/ *** ATM Fraud & Security Digest - January 2013 *** --------------------------------------------- "January 2013 commenced with a significant number of cash trapping events detected in Europe. In response to this type of ATM fraud, the ATMIA have published Best Practices for Preventing Cash Trapping at ATMs. Card trapping was also at a significant level in January prompting warnings to the public...." --------------------------------------------- http://www.atmsecurity.com/atm-security-monthly-digest/atm-fraud-security-d… *** Webmail and Online Banks Targeted By Phishing Proxies *** --------------------------------------------- An anonymous reader writes "Netcraft confirms a recent increase in the number of malicious proxy auto-config (PAC) scripts being used to sneakily route webmail and online banking traffic through rogue proxy servers. The scripts are designed to only proxy traffic destined for certain websites, while all other traffic is allowed to go direct. If the proxy can force the user to keep using HTTP instead of HTTPS, the fraudsters running these attacks can steal usernames, passwords, session... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VOI-9HX5F-k/story01.htm *** Examining How Facebook Got Hacked *** --------------------------------------------- "Even the most savvy information technologists arent immune from cyber-attacks. Just ask Facebook. The social-media titan says it fell victim to a sophisticated attack discovered in January in which an exploit allowed malware to be installed on employees laptops...." --------------------------------------------- http://www.databreachtoday.com/examining-how-facebook-got-hacked-a-5518 *** They Sent A Guy A Coffin With His Name On It Why Russian Cyber Crooks Are So Scary *** --------------------------------------------- "Russian cyber crooks hanging around the darkweb are the most advanced fraudsters on the planet. And, worryingly for the rest of the world, they are some of the most patriotic too. Thats what TechWeekEurope heard during a trip to RSAs Anti-Fraud Command Center (pictured) in Tel Aviv, Israel, where sleuths, who spend their days interacting with cyber crooks on the darkweb to learn about the latest trends amongst Russias Internet thieves, told one particularly Godfather-esque story...." --------------------------------------------- http://www.techweekeurope.co.uk/news/russian-cyber-crooks-scary-rsa-fraud-c… *** Schedule update to Security Advisory for Adobe Reader and Acrobat (APSA13-02) *** --------------------------------------------- We just updated the Security Advisory (APSA13-02) posted on Wednesday, February 13, 2013 to include the planned schedule for a patch to resolve CVE-2013-0640 and CVE-2013-0641. Adobe plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and [...] --------------------------------------------- http://blogs.adobe.com/psirt/2013/02/schedule-update-to-security-advisory-f… *** IT-Sicherheit: Nur wenige handeln vernünftig *** --------------------------------------------- Eine neue Studie der TU und der Universität Wien beschreibt das Sicherheitsverhalten österreichischer Unternehmen und Privatpersonen. Das Sicherheitsbewusstsein im IT-Bereich bei Behörden und Großunternehmen ist hoch, doch doch selbst gut Informierte wappnen sich oft unzureichend. --------------------------------------------- http://futurezone.at/digitallife/14151-it-sicherheit-nur-wenige-handeln-ver… *** Tech Insight: Attribution is Much More Than a Source IP *** --------------------------------------------- "Recent attacks are shining more light on the need for attribution, but companies seem too quick to jump to the Chinese / APT bandwagon."The Chinese hacked us" is becoming an all too common phrase in recent corporate hacks. While it is no doubt true in some of the situations, its hard not to wonder how many of these attack victims are crying Red Army... er, uhm... wolf. Or, how many are simply basing their accusations on incomplete, faulty evidence...." --------------------------------------------- http://www.darkreading.com/threat-intelligence/167901121/security/attacks-b… *** [BSI] TW-T13/0016 - Mehrere Schwachstellen in Pidgin geschlossen *** --------------------------------------------- BETROFFENE SYSTEME - Pidgin vor Version 2.10.7 EMPFEHLUNG Das BürgerCERT empfiehlt die zeitnahe Installation der vom Hersteller bereitgestellten Sicherheitsupdates [4], um die Schwachstellen zu schlieÃŸen. BESCHREIBUNG Pidgin ist ein Instant Messaging Client, der mehrere Instant Messaging... --------------------------------------------- https://www.buerger-cert.de/archive?type=widtechnicalwarning&nr=TW-T13-0016 *** [webapps] - Netgear DGN2200B - Multiple Vulnerabilities *** --------------------------------------------- Netgear DGN2200B - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24513 *** Bugtraq: SI6 Networks IPv6 Toolkit v1.3 released! *** --------------------------------------------- SI6 Networks IPv6 Toolkit v1.3 released! --------------------------------------------- http://www.securityfocus.com/archive/1/525711 *** Bugtraq: CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities *** --------------------------------------------- CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/525708

1 0

Tageszusammenfassung - Freitag 15-02-2013
by Daily end-of-shift report 15 Feb '13

15 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 14-02-2013 18:00 − Freitag 15-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** CFP: 8th International Workshop on Critical Information Infrastructures Security *** --------------------------------------------- "(CRITIS 2013) Amsterdam, The Netherlands September 16-18, 2013Deadline for submission of papers: May 10, 2013Notification to authors: June 30, 2013Camera-ready papers: August 16, 2013The eighth CRITIS Conference on Critical Information Infrastructures Security is set to continue a tradition of presenting innovative research and exploring new challenges for the protection of critical information-based infrastructures. This conference focus is on the challenges regarding resilience of smart --------------------------------------------- http://www.critis2013.nl/ *** Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges.This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace. An attacker could exploit this issue by gaining local access to --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability& *** Adobe adds anti-spearphishing feature for Word embedded Flash *** --------------------------------------------- "Scheduled update fixes 17 critical flaws in Flash, two in Shockwave and adds Click to Play auto-launch check for embedded Flash in Office documents. Hot of the heels of Adobes Flash zero-day fixes last Friday, the company has released a new update which integrates a security feature that could have helped prevent recent spearphishing attacks using embedded Flash in older versions of Microsoft Office documents. The Flash Player updates fix 17 critical vulnerabilities affecting it on --------------------------------------------- http://www.cso.com.au/article/453621/adobe_adds_anti-spearphishing_feature_… *** Edimax EW-7206APg & EW-7209APg Redirection / XSS / Header Injection *** --------------------------------------------- Topic: Edimax EW-7206APg & EW-7209APg Redirection / XSS / Header Injection Risk: Low Text:Device Name: EW-7206APg / EW-7209APg Vendor: Edimax Vulnerable Firmware Releases: Device: EW-7206APg Hardw... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hKlz2mqtt70/WLB-20… *** TP-Link TL-WA701N / TL-WA701ND Directory Traversal & XSS *** --------------------------------------------- Topic: TP-Link TL-WA701N / TL-WA701ND Directory Traversal & XSS Risk: Medium Text:Device Name: TL-WA701N / TL-WA701ND Vendor: TP-Link Vulnerable Firmware Releases: Firmware Version: 3.12.6 Bui... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/KnenNycHmss/WLB-20… *** Raidsonic IB-NAS5220 / IB-NAS4220-B XSS / Authentication Bypass *** --------------------------------------------- Topic: Raidsonic IB-NAS5220 / IB-NAS4220-B XSS / Authentication Bypass Risk: High Text:Device Name: IB-NAS5220 / IB-NAS4220-B Vendor: Raidsonic Vulnerable Firmware Releases: Product Name IB-NAS5220... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/wLNEwqEuBik/WLB-20… *** Websense Security Labs Releases 2013 Threat Report *** --------------------------------------------- "Websense Security Labs has released its 2013 Threat Report. The study details the most prevalent mobile, social, email and web-based threats from last year. As far as the web is concerned, experts say it has become significantly more malicious in 2012...." --------------------------------------------- http://news.softpedia.com/news/Websense-Security-Labs-Releases-2013-Threat-… *** Wachsender Markt für Zero-Day-Exploits *** --------------------------------------------- Mit ihrer offensiven Cyberwar-Strategie fördert die US-Regierung einen globalen Markt für IT-Sicherheitslücken, beklagen Experten. Das könnte das Web noch unsicherer machen, als es heute schon ist. --------------------------------------------- http://www.heise.de/newsticker/meldung/Wachsender-Markt-fuer-Zero-Day-Explo… *** Apple kündigt Fix für Passcode-Problem in iOS 6.1 und 6.1.1 an *** --------------------------------------------- Das Unternehmen zeigt sich über den Fehler informiert, mit dem sich auf Kontakte, Fotoalbum sowie Telefonfunktion zugreifen lässt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28978a85/l/0L0Sheise0Bde0Csec… *** Mobile network infections increase by 67% *** --------------------------------------------- "Kindsight released a new report that reveals security threats to home and mobile networks, including a small decline in home network infections and an increase in mobile network infections. Highlights include:The rate of home network infections decreased from 13 to 11 percent in Q4; 6 percent exhibited high-level threats, such as bots, rootkits and banking Trojans. The ZeroAccess botnet continued to be the most common malware threat, infecting 0...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2415

1 0

Tageszusammenfassung - Donnerstag 14-02-2013
by Daily end-of-shift report 14 Feb '13

14 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 13-02-2013 18:00 − Donnerstag 14-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Drupal Manager Change For Organic Groups 7.x Cross Site Scripting *** --------------------------------------------- Topic: Drupal Manager Change For Organic Groups 7.x Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1916312 * Advisory ID: DRUPAL-SA-CONTRIB-2013-015 * Project: Manager Change for Org... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/_gQ6taUHG30/WLB-20… *** OpenPLI OS Command Execution / Cross Site Scripting *** --------------------------------------------- Topic: OpenPLI OS Command Execution / Cross Site Scripting Risk: High Text:Device Name: OpenPLI - Dream Multimedia Box with OpenPLI software Vendor of device: Dream Multimedia Vendor of Software: Open... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Xw2JT_kHdgI/WLB-20… *** Drupal Banckle Chat 7.x Access Bypass *** --------------------------------------------- Topic: Drupal Banckle Chat 7.x Access Bypass Risk: High Text:View online: http://drupal.org/node/1916370 * Advisory ID: DRUPAL-SA-CONTRIB-2013-016 * Project: Banckle Chat [1] (thir... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/rLZXZc-YDas/WLB-20… *** Foxit Reader Plugin URL Processing Buffer Overflow *** --------------------------------------------- Topic: Foxit Reader Plugin URL Processing Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/_YZtyNAPpCI/WLB-20… *** Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash *** --------------------------------------------- Topic: Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash Risk: Medium Text:Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash found by: devilteam.pl contact: info(a)devilteam.pl ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/-0kYjNur224/WLB-20… *** DirectAdmin On-Line Demo SQL Injection *** --------------------------------------------- Topic: DirectAdmin On-Line Demo SQL Injection Risk: Medium Text:++++++++++++++++++++++++++++++++++++++ # Exploit Title :DirectAdmin On-Line Demo SQLInjection # *Vendor*:http://www.directadm... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/OL1UqRx5FGI/WLB-20… *** Datenschutzbedenken bei Google Play Store *** --------------------------------------------- Bei jedem Kauf in Googles App-Store werden automatisch Name, E-Mail-Adresse und Standortinformationen zum App-Entwickler übertragen, ohne, dass der Käufer dem explizit zustimmt. --------------------------------------------- http://futurezone.at/digitallife/14096-datenschutzbedenken-bei-google-play-… *** [webapps] - Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities *** --------------------------------------------- Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24500 *** [papers] - A Short Guide on ARM Exploitation *** --------------------------------------------- A Short Guide on ARM Exploitation --------------------------------------------- http://www.exploit-db.com/download_pdf/24493 *** Unscrambling an Android Telephone With FROST *** --------------------------------------------- Noryungi writes "Researchers at the University of Erlangen demonstrate how to recover an Android phone confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag." Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RFQuYaJ5DZU/story01.htm *** iPhone-Lücke erlaubt Zugriff ohne Passcode *** --------------------------------------------- Durch eine Schwachstelle kann man bei gesperrten iOS-Geräten auf Kontakte und Fotos zugreifen, ohne den Passcode einzugeben. Auch Telefonate sind dadurch möglich. Wir konnten das Problem mit einem iPhone 4 und einem iPhone 5 nachvollziehen, auf denen jeweils die aktuelle iOS-Version 6.1 installiert ist --------------------------------------------- http://www.heise.de/newsticker/meldung/iPhone-Luecke-erlaubt-Zugriff-ohne-P…

1 0

Tageszusammenfassung - Mittwoch 13-02-2013
by Daily end-of-shift report 13 Feb '13

13 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 12-02-2013 18:00 − Mittwoch 13-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Data protection practices in EU and Asia *** --------------------------------------------- "Research undertaken by Field Fisher Waterhouse into the existing legal framework mandating encryption of personal data in the EU and Asia. The study details legal requirements in the EU and Asia and reveals a trajectory of data protection regulation towards encryption as a compliance imperative. The litany of highly visible data breach incidents in 2012, further compounded by the steep penalties being delivered by data protection watchdogs, means that the pressure to protect the integrity --------------------------------------------- http://www.net-security.org/secworld.php?id=14395 *** Neues Sicherheits-Update für Ruby on Rails *** --------------------------------------------- Mit den Rails-Versionen 3.2.12 und 3.1.11 und 2.3.17 werden kritische Sicherheitslücken geschlossen. Zusätzlich sollen Nutzer das Gem für JSON auf die neuste Version aktualisieren. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287dc9e1/l/0L0Sheise0Bde0Csec… *** Summary for February 2013 - Version: 1.1 *** --------------------------------------------- This bulletin summary lists security bulletins released for February 2013. With the release of the security bulletins for February 2013, this bulletin summary replaces the bulletin advance notification originally issued February 7, 2013. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-feb *** RADIUS Authentication Bypass *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Remote Authentication Dial In User Service (RADIUS) authentication on adevice that is running certain versions of Cisco Internetworking OperatingSystem (IOS) and configured with a fallback method to none canbe bypassed.Systems that are configured for other authentication methods or thatare not configured with a fallback method tonone are not affected.Only the systems that are running certain versions of Cisco IOS --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=RADIUS Authentication Bypass&vs_k=1 *** How Lockheed Martins Kill Chain Stopped SecurID Attack *** --------------------------------------------- "A few months after RSA had rocked the security world with news that it had been breached and its SecurID database exposed in a sophisticated attack, defense contractor Lockheed Martin discovered an intruder in its network using legitimate credentials."We almost missed it," says Steve Adegbite, director of cybersecurity for Lockheed Martin, of the intrusion sometime around May or early June 2011. "We thought at first it was a new person in the department ... but then it --------------------------------------------- http://www.darkreading.com/authentication/167901072/security/attacks-breach… *** SonicWALL Scrutinizer 9.5.2 SQL Injection *** --------------------------------------------- Topic: SonicWALL Scrutinizer 9.5.2 SQL Injection Risk: Medium Text:Title: Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: == 2013-02-13 References: == htt... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/2p4Vvj_j1ng/WLB-20… *** Vuln: EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability *** --------------------------------------------- EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57182 *** Zero-Day-Lücke im Adobe Reader *** --------------------------------------------- Sicherheitsforscher haben ein speziell präpariertes PDF-Dokument entdeckt, das offenbar eine bislang unbekannte Schwachstelle im Reader ausnutzt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/288471e5/l/0L0Sheise0Bde0Csec… *** OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability *** --------------------------------------------- Topic: OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability Risk: High Text: --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Q1XBAdgibv4/WLB-20…

1 0

Tageszusammenfassung - Dienstag 12-02-2013
by Daily end-of-shift report 12 Feb '13

12 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 11-02-2013 18:00 − Dienstag 12-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Microsoft Report Examines Socio-Economic Relationships to Malware Infections *** --------------------------------------------- "Tired of all those malware and vulnerability reports that count how many of each have been reported to security companies? Well, Microsoft has taken a different tack in its latest Security Intelligence Report (SIR) by globally comparing regions relative security against socio-economic factors including the maturity of a national or regional cybersecurity policy. The results arent so surprising; areas such as Europe with well-defined, long-standing and enforceable policies rate much better --------------------------------------------- http://threatpost.com/en_us/blogs/microsoft-report-examines-socio-economic-… *** Bugtraq: Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack *** --------------------------------------------- Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack --------------------------------------------- http://www.securityfocus.com/archive/1/525643 *** Feds Offer $20M For Critical Open Source Energy Network Cybersecurity Tools *** --------------------------------------------- coondoggie writes "The US Department of Energy today said it would spend $20 million on the development of advanced cybersecurity tools to help protect the nations vulnerable energy supply. The DOE technologies developed under this program should be interoperable, scalable, cost-effective advanced tools that do not impede critical energy delivery functions, that are innovative and can easily be commercialized or made available through open source for no cost." Read more of this --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9TMHc5f0eM4/story01.htm *** Dorkbot worm lurks on Skype and MSN Messenger again *** --------------------------------------------- "The Dorkbot/Rodpicom worm, which spreads via messaging applications and leads to additional malware infections, is currently doing rounds on Skype and MSN Messenger, warns Fortinet. The vicious circle starts with potential victims receiving a direct message from a contact, asking "LOL is this your new profile pic? http://goo...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2408 *** Brother HL5370 Command Execution & Password Guessing *** --------------------------------------------- Topic: Brother HL5370 Command Execution & Password Guessing Risk: High Text:Tested on Brother HL5370 latest firmware so far, confirmed working against many others by Brother documentation >From Brothe... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/x_kg5EVaYGc/WLB-20… *** Huawei Mobile Partner Poor Permissions *** --------------------------------------------- Topic: Huawei Mobile Partner Poor Permissions Risk: High Text:1. DESCRIPTION Huawei Mobile Partner application contains a flaw that may allow an attacker to gain access to unauthorized ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/LXaaPcg1qMI/WLB-20… *** Windows Manage Persistent Payload Installer *** --------------------------------------------- Topic: Windows Manage Persistent Payload Installer Risk: Low Text:## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Ple... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/vb4FCkPCJRg/WLB-20… *** Wordpress newscast Theme SQL Injection *** --------------------------------------------- Topic: Wordpress newscast Theme SQL Injection Risk: Medium Text: # # Exploit Title: wordpress newscast Theme SQL Injection # Google Dork: inurl:/wp-content/themes/newscast & inurl:"s... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Stvaf5d_Ze4/WLB-20… *** Wordpress image news slider v3 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress image news slider v3 Plugin SQL Injection Risk: Medium Text: # # Exploit Title: wordpress image news slider v3 Plugin SQL Injection # Google Dork: inurl:/wp-content/plugins/wp-... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/KzGKRl1pfrw/WLB-20… *** cURL auf Abwegen *** --------------------------------------------- Ein Server kann cURL über Umwege dazu bringen, beim Abruf einer Webseite beliebigen Code auf dem System auszuführen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd2/l/0L0Sheise0Bde0Csec… *** Microsoft will am Februar-Patchday 57 Lücken schließen *** --------------------------------------------- Der nächste Patchday bringt zwölf Bulletins, von denen fünf kritische Lücken schließen. Abgesichert werden unter anderem sämtliche Windows-Versionen, der Internet Explorer und Exchange. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd1/l/0L0Sheise0Bde0Csec…

1 0

Tageszusammenfassung - Montag 11-02-2013
by Daily end-of-shift report 11 Feb '13

11 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 08-02-2013 18:00 − Montag 11-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** ct Trojaner-Test: Die alten fangen sie alle *** --------------------------------------------- Der Trojaner-Test der aktuellen ct attestiert den Viren-Wächtern eine hervorragende Leistung: Sie blockierten alle Trojaner, wenn diese über eine Woche alt waren. Wer seine Mail allerdings sofort öffnet, muss aufpassen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2863edd1/l/0L0Sheise0Bde0Cmel… *** Security Firm Bit9 Hacked, Used to Spread Malware *** --------------------------------------------- "Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known safe files from computer viruses and other malicious software. Waltham, Massachusetts-based Bit9 is a leading provider of application whitelisting services, a security technology that turns the traditional approach to fighting malware on its head. --------------------------------------------- http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spread… *** Bots, Zeus, Web Exploits: the Most Potent Threats of 2012 *** --------------------------------------------- "Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure claims that the second half of 2012 was really about things that rarely (if ever) come up in local and national news: botnets, ZeroAccess in particular, Java and other Web exploits, and the --------------------------------------------- http://threatpost.com/en_us/blogs/bots-zeus-web-exploits-most-potent-threat… *** New Whitehole exploit toolkit emerges on the underground market *** --------------------------------------------- "A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday. Exploit kits are malicious Web-based applications designed to install malware on computers by exploiting vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player. Attacks that use such toolkits are called drive-by downloads --------------------------------------------- http://www.csoonline.com/article/728509/new-whitehole-exploit-toolkit-emerg… *** Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection *** --------------------------------------------- Topic: Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection Risk: Medium Text:# Exploit Title: wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection # Google Dork: inurl:/wp-content... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hLRBxtv9_j0/WLB-20… *** [dos] - Schneider Electric Accutech Manager Heap Overflow PoC *** --------------------------------------------- Schneider Electric Accutech Manager Heap Overflow PoC --------------------------------------------- http://www.exploit-db.com/exploits/24474 *** Wordpress post2pdf-converter v2 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress post2pdf-converter v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress post2pdf-converter v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/post2pdf-convert... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ymNXfLXFu7A/WLB-20… *** Wordpress smart-map v2 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress smart-map v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress smart-map v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/smart-map inurl:show-smar... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/3bHfg6PXmFU/WLB-20… *** "Intel Packet of Death" ist kein Intel-Problem *** --------------------------------------------- Die vermeintlichen Todespakete, mit denen man bestimmte Intel-Netzwerkinterfaces abschießen können soll, betreffen offenbar nur einen einzigen Board-Hersteller. Laut Intel hat dieser beim Programmieren des EEPROMs gepatzt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/287185f4/l/0L0Sheise0Bde0Cmel… *** Vuln: GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability *** --------------------------------------------- GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/44154 *** [papers] - Manipulating Memory for Fun & Profit *** --------------------------------------------- Manipulating Memory for Fun & Profit --------------------------------------------- http://www.exploit-db.com/download_pdf/24482 *** [webapps] - Linksys WRT160N - Multiple Vulnerabilities *** --------------------------------------------- Linksys WRT160N - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24478 *** Linksys WAG200G Multiple Vulns *** --------------------------------------------- Topic: Linksys WAG200G Multiple Vulns Risk: Medium Text:Device Name: Linksys WAG200G Vendor: Linksys/Cisco Device Description: The WAG200G is a Linksys Wireless-G A... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/QVSmcx_37s8/WLB-20… *** Apache CXF WSS4JInInterceptor always allows HTTP Get requests *** --------------------------------------------- Topic: Apache CXF WSS4JInInterceptor always allows HTTP Get requests Risk: High Text:CVE-2012-5633: WSS4JInInterceptor always allows HTTP Get requests from browser Severity: Critical Vendor: The Apache Soft... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/mpI-hZhtnw0/WLB-20… *** Nach dem Java-Update ist vor dem Java-Update *** --------------------------------------------- Oracle hat mit seinem Notfall-Update am 1. Februar schnell reagiert. Eigentlich war ein Update für den 19. Februar geplant. Dieser Termin wird nun auch eingehalten: Mit einem Update für den Notfall-Patch. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2872904c/l/0L0Sheise0Bde0Cmel… *** Java Zero-Day Offered On Russian Dark Market For $100k *** --------------------------------------------- "Java zero-day software flaws arent just worth tens of thousands, they can fetch hundreds of thousands, according to RSA security experts. When asked how much vulnerabilities were selling for, one cyber intelligence agent, tasked specifically with infiltrating Russian dark markets on the Web, told TechWeekEurope he had seen a Java vulnerability on sale for $100,000. The latest Java vulnerability, that went for $100,000, he said...." --------------------------------------------- http://www.techweekeurope.co.uk/news/java-zero-day-russian-forum-sale-10000… *** OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/, (Mon, Feb 11th) *** --------------------------------------------- -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15133&rss

1 0

Tageszusammenfassung - Freitag 8-02-2013
by Daily end-of-shift report 08 Feb '13

08 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 07-02-2013 18:00 − Freitag 08-02-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Viele Router-Lücken, wenig Patches *** --------------------------------------------- Michael Messner hat nachgelegt: In seinem Blog veröffentlichte er weitere Schwachstellen in Routern von Linksys, Netgear und erneut D-Link. Die Hersteller sind seit Monaten informiert, trotzdem sind die meisten Lücken noch sperrangelweit offen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2856de6a/l/0L0Sheise0Bde0Cmel… *** Advance Notification Service for the February 2013 Security Bulletin Release *** --------------------------------------------- We're kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Internet Explorer and Exchange Software. The Important-rated bulletins address issues in Microsoft Windows, Office, .NET Framework, and Microsoft Server Software. Per our... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/02/07/advance-notification-ser… *** Vuln: PostgreSQL enum_recv() Function Denial of Service Vulnerability *** --------------------------------------------- PostgreSQL enum_recv() Function Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57844 *** Vuln: Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability *** --------------------------------------------- Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57788 *** Vuln: Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability *** --------------------------------------------- Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57787 *** Vuln: cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability *** --------------------------------------------- cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57842 *** Is it Spam or Is it Malware?, (Fri, Feb 8th) *** --------------------------------------------- Does anyone have a friend that regularly still sends you crap via email that usually includes a link or some pics. We are all IT security professionals here and know the preachers drill on this topic. Really, we do not like wasting our time on the junk that is sent to us. Delete, Delete, Delete. BUT, we are also human. We are the weakest link! So, today that one friend sends something over to us. This friend has a great knack for sending water cooler stuff that can warrant a look --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15121&rss *** Vuln: Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability *** --------------------------------------------- Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57778 *** VMWare Advisories (ESX, Workstation, Fusion...) http://www.vmware.com/security/advisories/VMSA-2013-0002.html, (Fri, Feb 8th) *** --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15124&rss

1 0

Tageszusammenfassung - Donnerstag 7-02-2013
by Daily end-of-shift report 07 Feb '13

07 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 06-02-2013 18:00 − Donnerstag 07-02-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Bugtraq: Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability *** --------------------------------------------- Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/525591 *** WordPress CommentLuv 2.92.3 Cross Site Scripting *** --------------------------------------------- Topic: WordPress CommentLuv 2.92.3 Cross Site Scripting Risk: Low Text:Advisory ID: HTB23138 Product: CommentLuv WordPress plugin Vendor: Andy Bailey Vulnerable Version(s): 2.92.3 and probably pr... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/hGxikOAUsIU/WLB-20… *** WordPress Wysija Newsletters 2.2 SQL Injection *** --------------------------------------------- Topic: WordPress Wysija Newsletters 2.2 SQL Injection Risk: Medium Text:Advisory ID: HTB23140 Product: Wysija Newsletters WordPress plugin Vendor: Wysija Vulnerable Version(s): 2.2 and probably pr... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/XJ6UhJjgxu4/WLB-20… *** [webapps] - Netgear DGN1000B - Multiple Vulnerabilities *** --------------------------------------------- Netgear DGN1000B - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24464 *** [dos] - Cool PDF Reader 3.0.2.256 Buffer Overflow *** --------------------------------------------- Cool PDF Reader 3.0.2.256 Buffer Overflow --------------------------------------------- http://www.exploit-db.com/exploits/24463 *** Vuln: Google Chrome 24.0.1312.57 HTTP Authentication Security Bypass Weakness *** --------------------------------------------- Google Chrome 24.0.1312.57 HTTP Authentication Security Bypass Weakness --------------------------------------------- http://www.securityfocus.com/bid/57790 *** Intel Network Card (82574L) Packet of Death, (Wed, Feb 6th) *** --------------------------------------------- An interesting blog post by Kristian Kielhofer describes how a specific SPI packet can kill an Intel Gigabit ethernet card [1]. If a card is exposed to this traffic, the system has to be physically power cycled. A reboot will not recover the system. The network card crashed whenever the value 0x32 or 0x33 was found at offset 0x47f. Kristian first noticed this happening for specific SIP packets, but in the end, it turned out that any packet with 0x32 at 0x47f caused the crash. Intel traced the --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15109&rss *** Microsoft, Symantec Hijack 'Bamital' Botnet *** --------------------------------------------- Microsoft and Symantec said Wednesday that have teamed up to seize control over the "Bamital" botnet, a multi-million dollar crime machine that used malicious software to hijack search results. The two companies are now using that control to alert hundreds of thousands of users whose PCs remain infected with the malware.Related Posts:Microsoft Issues Fix for Zero-Day IE FlawAdobe, Microsoft Ship Critical Security UpdatesPolish Takedown Targets 'Virut' BotnetMicrosoft --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/ZnTidLd2mjU/

1 0

Tageszusammenfassung - Mittwoch 6-02-2013
by Daily end-of-shift report 06 Feb '13

06 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 05-02-2013 18:00 − Mittwoch 06-02-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Sicherheitsalarm für D-Link-Router *** --------------------------------------------- In den Modellen DIR-300 und DIR-600 klafft eine kritische Sicherheitslücke, durch die Angreifer beliebige Befehle mit Root-Rechten ausführen können -- bei vielen Systemen sogar aus dem Internet. Und der Hersteller will das Problem nicht beseitigen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/284304da/l/0L0Sheise0Bde0Cmel… *** Wordpress wp-forum plugin SQL Injection *** --------------------------------------------- Topic: Wordpress wp-forum plugin SQL Injection Risk: Medium Text: ## # Exploit Title : Wordpress wp-forum plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Team # # s... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Il59FzJa50U/WLB-20… *** Maximal 9999 Bugs: CVE-Projekt stellt Zählweise um *** --------------------------------------------- Da in den nächsten Jahren mehr als rund 10.000 offiziell gezählte Bugs beim Common-Vulnerabilities-and-Exposures-Projekt zu erwarten sind, soll die mögliche Zahl auf 999.999 pro Jahr erhöht werden. Drei neue Zählweisen sind im Gespräch. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2848af79/l/0L0Sheise0Bde0Cmel… *** Scheinfirma signiert Malware *** --------------------------------------------- Trojaner sind schon an sich ein Ärgernis - ausgestattet mit gültigen Zertifikaten, können sie sich einfacher bei ihren Opfern einschleichen. Nun soll ein Fall aufgetreten sein, bei der über die Anmeldung einer Scheinfirma Zertifikate erworben wurden. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/284aaf95/l/0L0Sheise0Bde0Cmel… *** Bugtraq: SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin *** --------------------------------------------- SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/525585 *** Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device.Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.This advisory is available at the following link: --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability&vs_k=1 *** Bugtraq: Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin *** --------------------------------------------- Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/525587 *** Kaspersky-Update legt XP-Rechner lahm *** --------------------------------------------- In der Nacht von Montag auf Dienstag lieferte Kaspersky ein fehlerhaftes Signatur-Update aus, das zahlreiche XP-Rechner weitgehend lahmlegte. Der Fehler stellte den Web-Schutz offenbar so scharf, dass die Kaspersky-Produkte fast alle Versuche zum Aufbau interner und externer Netzverbindungen schweigend blockierten. Zudem produzierte der Virenscanner maximale Systemlast, sobald Anwender ein Browser-Fenster öffneten. --------------------------------------------- http://www.heise.de/meldung/Kaspersky-Update-legt-XP-Rechner-lahm-1799114.h…

1 0

Tageszusammenfassung - Dienstag 5-02-2013
by Daily end-of-shift report 05 Feb '13

05 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 04-02-2013 18:00 − Dienstag 05-02-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Unlucky for you: UK crypto-duo crack HTTPS in Lucky 13 attack *** --------------------------------------------- OpenSSL patch to protect against TLS decryption boffinry Two scientists say they have identified a new weakness in TLS, the encryption system used to safeguard online shopping, banking and privacy. The design flaw, revealed today, could be exploited to snoop on passwords and other sensitive information sent by users to HTTPS websites.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/04/unlucky_13_… *** Bugtraq: ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities *** --------------------------------------------- ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/525541 *** Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF *** --------------------------------------------- Topic: Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF Risk: Medium Text:Reflected XSS: Alert Cloud Component: Example URL: http://nagiosxiserver/nagiosxi/includes/components/alertcloud/index.php?w... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/4q2noPJRt1M/WLB-20… *** [webapps] - Cisco Unity Express Multiple Vulnerabilities *** --------------------------------------------- Cisco Unity Express Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/24449 *** Vuln: Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability *** --------------------------------------------- Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57419 *** Bugtraq: APPLE-SA-2013-02-04-1 OS X Server v2.2.1 *** --------------------------------------------- APPLE-SA-2013-02-04-1 OS X Server v2.2.1 --------------------------------------------- http://www.securityfocus.com/archive/1/525572 *** Crooks, think your Trojan looks legit? This one has a DIGITAL CERTIFICATE *** --------------------------------------------- CA defends issuing digital seal to Brazilian swindlers Security researchers have discovered a banking Trojan that comes with its own built-in digital certificate.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/05/digitally_s…

1 0

Tageszusammenfassung - Montag 4-02-2013
by Daily end-of-shift report 04 Feb '13

04 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 01-02-2013 18:00 − Montag 04-02-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** VMware vSphere security updates for the authentication service and third party libraries (see http://www.vmware.com/security/advisories/VMSA-2013-0001.html), (Fri, Feb 1st) *** --------------------------------------------- Jim Clausing, GIAC GSE #26 jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15058&rss *** Twitter hacked, at least 250,000 users affected: what you can do to protect yourself *** --------------------------------------------- "Ouch. Hyperpopular microblog-type-thing Twitter is the latest web property to admit that intruders seem to have been wandering around its network for some time. Earlier this week, both the New York Times and the Wall Street Journal came out with similar revelations...." --------------------------------------------- http://nakedsecurity.sophos.com/2013/02/02/twitter-hacked-at-least-250000-u… *** EU: Meldepflicht für Banken bei Cyberattacken *** --------------------------------------------- Die EU-Kommission will wichtige Infrastruktur-Netze in der Union besser gegen Cyberattacken schützen. Mehrere Branchen sollen zur Meldung von Angriffen verpflichtet werden. Betroffen sind unter anderem Banken, Energieversorger, die Verkehrsbranche und Internetanbieter. Insgesamt sollen die Auflagen für 44.000 Unternehmen gelten. --------------------------------------------- http://futurezone.at/netzpolitik/13850-eu-meldepflicht-fuer-banken-bei-cybe… *** EU-Sicherheitsagentur ENISA erhält mehr Befugnisse *** --------------------------------------------- Vertreter des EU-Rats und des Parlaments haben sich auf ein neues Mandat für die Europäische Agentur für Netz- und Informationssicherheit (ENISA) geeinigt. Die auf Kreta angesiedelte Behörde soll künftig unter anderem Computer-Notfallteams (CERTs, Computer Emergency Response Teams) bereithalten, wie aus einer Mitteilung (PDF-Datei) des Ministerrats hervorgeht. Zudem können Mitgliedsstaaten demnächst gezielt Hilfe im Fall von Sicherheitsverletzungen oder beim Verdacht auf kompromittierte Systeme anfordern. --------------------------------------------- http://www.heise.de/meldung/EU-Sicherheitsagentur-ENISA-erhaelt-mehr-Befugn… http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/trans/1351… *** Typing These 8 Characters Will Crash Almost Any App On Your Mountain Lion Mac *** --------------------------------------------- An anonymous reader writes "All software has bugs, but this one is a particularly odd one. If you type "File:///" (no quotes) into almost any app on your Mac, it will crash. The discovery was made recently and a bug report was posted to Open Radar. First off, it's worth noting that the bug only appears to be present in OS X Mountain Lion and is not reproducible in Lion or Snow Leopard. That's not exactly good news given that this is the latest release of Apple's... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/T12UqX_DPZo/story01.htm *** Critical Java Update Fixes 50 Security Holes *** --------------------------------------------- Oracle Corp. has issued an update for its Java SE software that plugs at least 50 security holes in the software, including one the company said was actively being exploited in the wild.Related Posts:Correction to Java Update StoryJava Security Update Scrubs 14 FlawsOracle Ships Critical Security Update for JavaJava Patch Plugs 17 Security HolesJava 6 Update 24 Plugs 21 Security Holes... --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/B737Gp7Fig8/ *** Doctor Web: 2012 Virus Activity Overview *** --------------------------------------------- January 14, 2013 The company Doctor Web is pleased to present its 2012 virus activity overview. Above all, the past year was marked by the largest-ever epidemic of the Trojan Backdoor.Flashback.39 for Mac OS. This event shook the world community and greatly undermined consumer faith in the "invulnerability" of the Apple operating system. In addition, the number of Trojan-encoder modifications and infections increased significantly over the past twelve months. One of the largest... --------------------------------------------- http://news.drweb.com/show/?i=3215&lng=en&c=9

1 0

Tageszusammenfassung - Freitag 1-02-2013
by Daily end-of-shift report 01 Feb '13

01 Feb '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 31-01-2013 18:00 − Freitag 01-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Yahoo! Hack Demonstrates the Risks Posed by Third-Party Code in Cloud Computing *** --------------------------------------------- "Security firm Imperva has published its January Hacker Intelligence Initiative Report. The study, entitled Lessons Learned from the Yahoo! Hack, underscores the dangers of third-party code in cloud computing...." --------------------------------------------- http://news.softpedia.com/news/Yahoo-Hack-Demonstrates-the-Risks-Posed-by-T… *** Apple blockiert Java-Plugin erneut *** --------------------------------------------- Die jüngste Java-Version steht nun auf der Plugin-Blockierliste von OS X. Apple verweist auf eine neuere Version von Oracle, die derzeit noch nicht erhältlich ist. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2819d5fb/l/0L0Sheise0Bde0Cmel… *** BSI warnt vor virenverseuchten ELSTER-Steuerbescheiden *** --------------------------------------------- Cyber-Kriminelle haben eine neue Masche entdeckt, um Malware unter das Volk zu bringen.Sie behaupten, der schädliche Anhang sei vom Finanzamt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2819d5f9/l/0L0Sheise0Bde0Cmel… *** Largest cyber security exercise "Cyber Europe 2012" report published in 23 languages *** --------------------------------------------- "ENISA has published the new report of the largest ever pan-Europe cyber security exercise, Cyber Europe 2012, which is available in 23 languages. Almost 600 individual players participated, including actors from the private sector (financial, telecom and Internet), for the first time. The conclusion: for fast and effective response to cyber incidents, knowledge of procedures and information flows is crucial...." --------------------------------------------- https://www.enisa.europa.eu/media/press-releases/largest-cyber-security-exe… *** Wordpress simple-shout-box Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress simple-shout-box Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress-simple-shout-box Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/wordpress-simple-shou... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/zqhX_F2Yo-Y/WLB-20… *** Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection *** --------------------------------------------- Topic: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection Risk: Medium Text:# Exploit Title: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/portfolio-... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/d9I9Cwtp2QI/WLB-20… *** Vuln: Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability *** --------------------------------------------- Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57646 *** FreeBSD 9.1 ftpd Remote Denial of Service *** --------------------------------------------- Topic: FreeBSD 9.1 ftpd Remote Denial of Service Risk: Medium Text:FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/ http://cxsec.org/ Public Date: 0... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/gHoxPhhFEEc/WLB-20… *** Wordpress wp-table-reloaded plugin cross-site scripting in SWF *** --------------------------------------------- Topic: Wordpress wp-table-reloaded plugin cross-site scripting in SWF Risk: Low Text:# Exploit Title: Wordpress wp-table-reloaded plugin cross-site scripting in SWF # Release Date: 24/01/13 # Author: hip [Insig... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Y1QTuWd0xI0/WLB-20… *** FreeBSD/GNU ftpd remote denial of service exploit *** --------------------------------------------- Topic: FreeBSD/GNU ftpd remote denial of service exploit Risk: Medium Text: --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/eYD2LcbgKzE/WLB-20… *** Facebook spam leads to Exploit Kit *** --------------------------------------------- To no wonders, the Blackhole Exploit Kit is still trying to infect users. One of the techniques commonly used is to send the victim an email from for example Facebook, Linkedin, Twitter, ... . Asking to click on a link. We'll take a small peek at those tactics. We received the following email: Hi , You [...] --------------------------------------------- http://pandalabs.pandasecurity.com/facebook-spam-leads-to-exploit-kit/ *** Heisec-Netzwerkcheck spürt offene UPnP-Dienste auf *** --------------------------------------------- Millionen Netzwerkgeräte wie Router antworten auf UPnP-Anfragen aus dem Internet und sind damit potenziell angreifbar. Mit dem Netzwerkcheck von heise Security überprüfen Sie, ob Ihr Equipment auch dazugehört. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2821dff3/l/0L0Sheise0Bde0Cmel… *** Filthy! old! blog! bug! blamed! for! Yahoo! webmail! hijacks! *** --------------------------------------------- Unpatched WordPress flaw clears way for inbox takeovers Yahoo! webmail accounts are being hijacked by hackers exploiting an eight-month-old bug in the web giants blog, security biz Bitdefender warns. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/02/01/yahoo_webma…

1 0

Tageszusammenfassung - Donnerstag 31-01-2013
by Daily end-of-shift report 31 Jan '13

31 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 30-01-2013 18:00 − Donnerstag 31-01-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Vuln: Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability *** --------------------------------------------- Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57641 *** Drupal 6.x email2image Access bypass *** --------------------------------------------- Topic: Drupal 6.x email2image Access bypass Risk: High Text:View online: http://drupal.org/node/1903264 * Advisory ID: DRUPAL-SA-CONTRIB-2013-011 * Project: email2image [1] (third... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/wQ-ZcM2RY0k/WLB-20… *** Drupal 7.x Boxes Cross Site Scripting *** --------------------------------------------- Topic: Drupal 7.x Boxes Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1903300 * Advisory ID: DRUPAL-SA-CONTRIB-2013-013 * Project: Boxes [1] (third-party... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/v1GnLRQwdfQ/WLB-20… *** Wordpress RLSWordPressSearch plugin SQL Injection *** --------------------------------------------- Topic: Wordpress RLSWordPressSearch plugin SQL Injection Risk: Medium Text: ## # Exploit Title : Wordpress RLSWordPressSearch plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Te... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/uIaAqifvqpM/WLB-20… *** Vuln: Wireshark PER Dissector Denial of Service Vulnerability *** --------------------------------------------- Wireshark PER Dissector Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57622 *** Vuln: Wireshark MS-MMC Dissector Denial of Service Vulnerability *** --------------------------------------------- Wireshark MS-MMC Dissector Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57620 *** Vuln: Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability *** --------------------------------------------- Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57618 *** Vuln: Wireshark DTLS Dissector Denial of Service Vulnerability *** --------------------------------------------- Wireshark DTLS Dissector Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57621 *** Schadcode in Rubys Software-Archiv *** --------------------------------------------- Gems stellen Ruby-Programmierern fertig konfektionierte Software-Pakete bereit und werden unter anderem in dem zentralen Web-Repository rubygems.org verwaltet. Vor kurzem wurde dort ein bösartiges Gem eingeschleust, das vier Konfigurationsdateien des Systems auf einen öffentlich zugänglichen Server kopiert. Betroffen ist unter anderem das Messwerkzeug Librato. Der Schadcode könne durch einen kürzlich behobenen Fehler im YAML-Parser eingeschleust werden, für den des mehrere Exploits gibt, schreiben die Betreiber des Gem-Repositorys New Relic. --------------------------------------------- http://www.heise.de/meldung/Schadcode-in-Rubys-Software-Archiv-1794663.html…

1 0

Tageszusammenfassung - Mittwoch 30-01-2013
by Daily end-of-shift report 30 Jan '13

30 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 29-01-2013 18:00 − Mittwoch 30-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Warnung - Erpresser-Virus fordert wieder 100 Euro von Nutzern *** --------------------------------------------- Schädling gibt vor, dass Rechner zur Verbreitung illegaler Inhalte genutzt wurde --------------------------------------------- http://text.derstandard.at/1358305035077/Erpresser-Virus-fordert-wieder-100… *** Millionen Geräte über UPnP angreifbar *** --------------------------------------------- Die Sicherheitsfirma Rapid7 hat bei einem IP-Scan unzählige netzwerkfähige Geräte gefunden, die über UPnP antworten und durch kritische Lücken angreifbar sein sollen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/28067031/l/0L0Sheise0Bde0Cmel… *** Internet-facing printers remain a huge risk *** --------------------------------------------- "Despite repeated warnings about office and home devices being accessible from the Internet when there is no good reason for them to be, every now and then someone gets the idea of using Google Search to sniff out just how many of them are there. The latest in this line is Adam Howard, a UK-based software engineer who searched for publicly accessible HP printers by using a sequence that matches with an often-used pattern for printing documents on an office or home network:He found --------------------------------------------- http://www.net-security.org/secworld.php?id=14322 *** Hintergrund: Passwort-Schutz für jeden *** --------------------------------------------- Wer den wohl gemeinten Tipps folgt und für jeden Dienst ein eigenes Passwort verwendet, braucht entweder ein fotografisches Gedächtnis oder die richtigen Tricks, um das scheinbare Chaos in den Griff zu bekommen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/280ca451/l/0L0Sheise0Bde0Csec… *** Opera-Update schließt Sicherheitslücken *** --------------------------------------------- Version 12.13 des Desktop-Browsers beseitigt einige SIcherheitsrisiken. Benutzer berichten jedoch von Abstürzen beim Update. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/280df642/l/0L0Sheise0Bde0Cmel… *** Aktuelle VLC-Version mit kritischer Lücke *** --------------------------------------------- Durch einen Fehler im ASF-Muxer kann Schadcode auf den Rechner gelangen. Nicht nur durch das öffnen verseuchter Mediendateien, sondern auch beim Surfen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/280eb6db/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Dienstag 29-01-2013
by Daily end-of-shift report 29 Jan '13

29 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 28-01-2013 18:00 − Dienstag 29-01-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** After silence on Java flaws, Oracle now says it cares *** --------------------------------------------- "Oracle wants to you to know it is on the job when it comes to Java security. Two weeks after the U.S. government told users to disable Java in their browsers (and Apple did so automatically for Mac users) because of serious security flaws, the company is now reaching out to developers and users about this embarrassing problem. In recent blog posts and during a conference with JUG (Java User Group) leaders on Friday, Oracle has tried to convey the message that it cares about Java --------------------------------------------- http://www.infoworld.com/t/java-programming/after-silence-java-flaws-oracle… *** iOS 6.1 Released, (Mon, Jan 28th) *** --------------------------------------------- Apple today released iOS 6.1 as well as an update for Apple TV (5.2). No details about the security content have been posted yet, but we expect it to show up in a day or so at the usual location [1]. There appears to be however one interesting security related change: As in other upgrades, after upgrading to iOS 6.1, you will be asked to activate your device again by logging into your Apple iCloud account. This time around however, you will be asked to setup password recovery questions unless --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15022&rss *** Browser-hijacking malware talks to attackers using SPF email validation protocol *** --------------------------------------------- "A new Trojan program that displays rogue advertisements during browsing sessions uses a DNS-based email validation protocol called the Sender Policy Framework (SPF) in order to receive instructions from attackers without being detected, according to security researchers from Symantec. The new malware is called Trojan. Spachanel and its purpose is to inject malicious JavaScript code into every Web page opened on infected computers, Symantec researcher Takashi Katsuki said Friday in a blog --------------------------------------------- http://www.computerworld.com.au/article/452057/browser-hijacking_malware_ta… *** Vuln: ZoneMinder Remote Multiple Arbitrary Command Execution Vulnerabilities *** --------------------------------------------- ZoneMinder Remote Multiple Arbitrary Command Execution Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/57544 *** Fortinet FortiMail IBE Appliance Application Filter Bypass *** --------------------------------------------- Topic: Fortinet FortiMail IBE Appliance Application Filter Bypass Risk: Medium Text:Title: Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities Date: == 2013-01-23 References: == http... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/UZi8QdV4Kiw/WLB-20… *** Weitere kritische Lücke in Ruby on Rails geschlossen *** --------------------------------------------- Das Ruby-Entwicklerteam hat eine sehr kritische Lücke in dem Web-Framework Ruby on Rails (RoR) geschlossen, durch die ein Angreifer Code in den Server einschleusen kann. Wer einen Server mit RoR betreibt, sollte umgehend handeln, da bereits passende Exploits kursieren. Betroffen sind die RoR-Versionen 2.3 und 3.0; Abhilfe schafft ein Update auf 3.0.20 und 2.3.16. Außerdem gibt es Patches. --------------------------------------------- http://www.heise.de/meldung/Weitere-kritische-Luecke-in-Ruby-on-Rails-gesch… *** Bugtraq: [SE-2012-01] An issue with new Java SE 7 security features *** --------------------------------------------- [SE-2012-01] An issue with new Java SE 7 security features --------------------------------------------- http://www.securityfocus.com/archive/1/525469 *** [dos] - Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read *** --------------------------------------------- Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read --------------------------------------------- http://www.exploit-db.com/exploits/24437

1 0

Tageszusammenfassung - Montag 28-01-2013
by Daily end-of-shift report 28 Jan '13

28 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 25-01-2013 18:00 − Montag 28-01-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Trojanized SSH Daemon In the Wild, Sending Passwords To Iceland *** --------------------------------------------- An anonymous reader writes "It is no secret that SSH binaries can be backdoored. It is nonetheless interesting to see analysis of real cases where a trojanized version of the daemon are found in the wild. In this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland." Read --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/FyP3h7-iIkU/story01.htm *** GitHubs new search reveals passwords and private keys *** --------------------------------------------- "GitHub, the popular online source code repository, has unveiled on Wednesday a new search infrastructure that should help coders find specific code within the millions of the individual repositories GitHub hosts. But, as helpful as this tool promises to be, it can still be misused. And unfortunately, it didnt take long to prove that, as only hours later a number of individuals realized that quite a few careless coders inadvertently published their private encryption keys or their --------------------------------------------- http://www.net-security.org/secworld.php?id=14305 *** WordPress SolveMedia 1.1.0 Cross Site Request Forgery *** --------------------------------------------- Topic: WordPress SolveMedia 1.1.0 Cross Site Request Forgery Risk: Low Text:# Exploit Title: WordPress SolveMedia 1.1.0 CSRF Vulnerability # Release Date: 24/01/13 # Author: Junaid Hussain - [ illSecur... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ofsYN2kHetM/WLB-20… *** Common Sense Guide to Mitigating Insider Threats - Best Practice 11 (of 19) *** --------------------------------------------- "Hello, this is Todd Lewellen, Cybersecurity Threat and Incident Analyst for the CERT Program, with the eleventh of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the --------------------------------------------- http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_miti… *** 34th IEEE Symposium on Security & Privacy *** --------------------------------------------- "The 2013 Symposium will mark the 34th annual meeting of this flagship conference. Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. The Symposium will be held on May 19-22 2013 in San Francisco, California...." --------------------------------------------- http://www.ieee-security.org/TC/SP2013/ *** HP JetDirect Vulnerabilities Discussed, (Sun, Jan 27th) *** --------------------------------------------- On a slow day in the cyber security world here at ISC I wanted to open a discussion of the recent review of vulnerabilities in the HP JetDirect software by researcher Sebastin Guerrero (English translation is available here). I have performed audits in highly monitored environments, where change control and secure baselines were the law of the land, and still find known and documented vulnerabilities in the printer environment. Even in highly developed enterprise security groups the printer --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15016&rss *** Vuln: JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability *** --------------------------------------------- JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54915 *** Vuln: JBoss twiddle.sh Local Information Disclosure Vulnerability *** --------------------------------------------- JBoss twiddle.sh Local Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54631 *** Vuln: JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability *** --------------------------------------------- JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54183 *** [TYPO3-announce] Security issues in several third party TYPO3 extensions *** --------------------------------------------- Several vulnerabilities have been found in the following third party TYPO3 extensions: Attac Calendar (attacalendar) Attac Petition (attacpetition) Subscription (eu_subscribe) Exinit job offer (exinit_joboffer) Frontend File Browser (fefilebrowser) Javascript and Css Optimizer (js_css_optimizer) >From a csv-file to a html-table (kk_csv2table) SEO Pack for tt_news (lonewsseo) MySQL to JSON (mn_mysql2json) --------------------------------------------- http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins… *** Awareness is not enough, says EU Commissioner Kroes days before introducing EU Cybersecurity Strategy *** --------------------------------------------- "The WEF affirmed that in the next 10 years there is a 10% likelihood of a major Critical Information Infrastructure breakdown with possible economic damages of over $250 billion. Incidents and attacks are on the rise. The big message was that cybersecurity is a matter that cannot be left to the technical people...." --------------------------------------------- http://www.diplonews.com/feeds/free/27_January_2013_62.php *** PC-Welt.de als Virenschleuder missbraucht *** --------------------------------------------- Mindestens am Freitag und Samstag vergangener Woche haben Unbekannte Malware über die Website des Magazins PC-Welt verbreitet. Nach Angaben der Betreiber ist die Site inzwischen wieder sauber. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27fb5a7e/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Freitag 25-01-2013
by Daily end-of-shift report 25 Jan '13

25 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 24-01-2013 18:00 − Freitag 25-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Web server hackers install rogue Apache modules and SSH backdoors, researchers say *** --------------------------------------------- "A group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their Secure Shell (SSH) services in order to steal login credentials from administrators and users. The hackers are replacing all of the SSH binary files on the compromised servers with backdoored versions that are designed to send the hostname, username and password for incoming and outgoing SSH connections to attacker-controlled servers, security researchers from Web security firm Sucuri --------------------------------------------- http://www.computerworld.com.au/article/451689/web_server_hackers_install_r… *** Playing chess with APTs *** --------------------------------------------- During a briefing from the top security analyst at one of the Washington-area cyber centers, I got the idea that resisting targeted attacks from sophisticated adversaries (so-called advanced persistent threats, or APTs) is a bit like playing chess at the grand master level. --------------------------------------------- http://blogs.gartner.com/dan-blum/2012/12/28/playing-chess-with-apts-2/ *** Silly gits upload private crypto keys to public GitHub projects *** --------------------------------------------- Amazing what you can find searching for BEGIN RSA PRIVATE KEY Scores of programmers uploaded their private cryptographic keys to public source-code repositories on GitHub, exposing their login credentials to world+dog. The discovery was made just before the website hit the kill switch on its search engine or, more likely, the service collapsed under the weight of curious users trawling for the sensitive data. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/25/github_ssh_… *** Are Cyber Criminals Using Plus-Sized Malware To Fool AV? *** --------------------------------------------- "Obesity is an epidemic in the United States. And it looks as if it may soon be a problem in malware circles, as well. After years watching malware authors pack their poison into smaller and smaller packages, one forum frequented by those seeking help with virus infections says that theyre seeing just the opposite: simple malware wrapped within obscenely large executables in one case, over 200 megabytes...." --------------------------------------------- http://securityledger.com/are-cyber-criminals-using-plus-sized-malware-to-f… *** Identifying People from their Writing Style *** --------------------------------------------- "Its called stylometry, and its based on the analysis of things like word choice, sentence structure, syntax and punctuation. In one experiment, researchers were able to identify 80% of users with a 5,000-word writing sample. More Information: -http://www...." --------------------------------------------- http://www.schneier.com/blog/archives/2013/01/identifying_peo_3.html *** Vulnerability Scans via Search Engines (Request for Logs) *** --------------------------------------------- We had a reader this week submit the following web log to us: GET /geography/slide.php?image_name=Free+gay+black+moviesslide_file= script%E2%84%91_id=0+union+select+0x3f736372aca074200372 HTTP/1.1 The request, as you can probably tell, is an attempt to detect SQL Injection and likely XSS vulnerabilities. As such, it isnt really all that special. What makes this more interesting is the fact that it came from Microsoft +http://www.bing.com/bingbot.html) Client IP Address: 157.55.52.58 This --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15010&rss *** Inside the Gozi Bulletproof Hosting Facility *** --------------------------------------------- Nate Anderson at Ars Technica has a good story about how investigators tracked down "Virus," the nickname allegedly used by a Romanian man accused by the U.S. Justice Department of running the Web hosting operations for a group that created and marketed the Gozi banking Trojan. Turns out, Ive been sitting on some fascinating details about this hosting provider for many months without fully realizing what I had.Related Posts:Three Charged in Connection with Gozi --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/u48Al_9RZnE/ *** China Accused Of Java, IE Zero Day Attacks *** --------------------------------------------- "Recently disclosed vulnerabilities in Java and Internet Explorer have been used in targeted attacks that appear to be aimed at critics of the Chinese government. Tuesday, Jindrich Kubec, director of threat intelligence for Prague-based antivirus software developer Avast, reported that multiple websites had been compromised by attackers and used to infect visitors via JavaScript drive-by attacks. If successful, the attacks infected PCs with a remote access Trojan (RAT), thus giving --------------------------------------------- http://www.informationweek.com/security/attacks/china-accused-of-java-ie-ze…

1 0

Tageszusammenfassung - Donnerstag 24-01-2013
by Daily end-of-shift report 24 Jan '13

24 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 23-01-2013 18:00 − Donnerstag 24-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Cisco Prime LAN Management Solution Command Execution Vulnerability *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Prime LAN Management Solution (LMS) Virtual Appliancecontains a vulnerability that could allow an unauthenticated, remoteattacker to execute arbitrary commands with the privileges of the root user. Thevulnerability is due to improper validation of authentication andauthorization commands sent to certain TCP ports. An attackercould exploit this vulnerability by connecting to the affected systemand sending --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Prime LAN Management Solution Command Execution Vulnerability&vs_k=1 *** Phisher missbrauchen URL-Weiterleitung der Arbeitsagentur *** --------------------------------------------- PayPal-Phishing ist ein alter Hut. Neu ist, dass die Phishing-Links auf Arbeitsagentur.de zeigen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27d32215/l/0L0Sheise0Bde0Cmel… *** Megas erster Krypto-Fauxpas *** --------------------------------------------- Ein eigentlich cleveres Konzept zum Nachladen von Code entpuppt sich als potentielle Hintertür, weil dabei ungeeignete Krypto-Funktionen zum Einsatz kommen. So könnten Dritte Teile des Mega-Codes manipulieren. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27d24431/l/0L0Sheise0Bde0Cmel… *** DNS attacks increase by 170% *** --------------------------------------------- "Radware identified a number of new attack methods representative of todays increasingly sophisticated and severe DDoS threat. Their latest report highlights server-based botnets and encrypted layer attacks as just two of the new attack tools challenging organizations during DDoS attacks. While security organizations have focused their efforts and attention on the pre and post-phases of defense, attackers now launch prolonged attacks that last days or weeks...." --------------------------------------------- http://www.net-security.org/secworld.php?id=14285 *** Most exploit kits originated in Russia, say researchers *** --------------------------------------------- "58 percent of the vulnerabilities targeted by the most popular exploit kits in Q4 were more than two years old and 70 percent of exploit kits reviewed were released or developed in Russia, reveals Solutionary SERTs Q4 2012 Quarterly Research Report. In reviewing 26 commonly used exploit kits, SERT identified exploit code dating as far back as 2004, serving as evidence that old vulnerabilities continue to prove fruitful for cyber criminals. The fact that 58 percent of the vulnerabilities --------------------------------------------- http://www.net-security.org/secworld.php?id=14286 *** Most US banks were DDoSed last year - survey *** --------------------------------------------- One in 10 banking IT bods say budget constraints an issue Nearly two-thirds of retail banks experienced at least one distributed denial of service (DDoS) attack in the past year, according to a new survey. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/24/ddos_survey… *** Malware - USA sind Botnet-Standort Nummer Eins *** --------------------------------------------- Mehr Zombie-Rechner-Netzwerke als in China und Russland zusammen. --------------------------------------------- http://derstandard.at/1358304537265/USA-sind-Botnet-Standort-Nummer-Eins *** Spammer entdecken WhatsApp *** --------------------------------------------- Spammer missbrauchen den beliebten Messaging-Dienst WhatsApp derzeit offenbar verstärkt als Transportmittel für ihre dubiosen Werbebotschaften. --------------------------------------------- http://www.heise.de/meldung/Spammer-entdecken-WhatsApp-1790526.html/from/at… *** New Trojan fakes search results *** --------------------------------------------- January 15, 2013 Russian anti-virus company Doctor Web is warning users about a malicious program dubbed BackDoor.Finder which fakes search result pages and redirects browsers to bogus websites. When launched in an infected system, BackDoor.Finder creates a copy of itself in the current users % APPDATA% folder and makes corresponding changes in the branch of the Windows registry responsible for application startup. After that this malware injects its code into all running processes. If it --------------------------------------------- http://news.drweb.com/show/?i=3218&lng=en&c=9 *** Backdoors Found in Barracuda Networks Gear *** --------------------------------------------- A broad variety of the latest firewall, spam filter and VPN appliances sold by Campbell, Calif. based Barracuda Networks Inc. contain undocumented backdoor accounts, the company disclosed today. Worse still, while the backdoor accounts are apparently set up so that they would only be accessible from Internet addresses assigned to Barracuda, they are in fact accessible to potentially hundreds of other companies and network owners.Related Posts:Amnesty International Site Serving Java ExploitNew --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/OyYLL3kGjlo/ *** Update-Probleme mit Microsofts Gratis-Virenscanner *** --------------------------------------------- Auf einigen Systemen aktualisieren die Microsoft Security Essentials seit einigen Tagen ihre Signatur nicht mehr selbstständig. Abhilfe schafft das manuelle Einspielen eines Signaturpakets. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27dc0058/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Mittwoch 23-01-2013
by Daily end-of-shift report 23 Jan '13

23 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 22-01-2013 18:00 − Mittwoch 23-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Have a Wi-Fi-Enabled Phone? Stores Are Tracking You *** --------------------------------------------- jfruh writes "Call it Google Analytics for physical storefronts: if youve got a phone with wi-fi, stores can detect your MAC address and track your comings and goings, determining which aisles you go to and whether youre a repeat customer. The creator of one of the most popular tracking software packages says that the addresses are hashed and not personally identifiable, but it might make you think twice about leaving your phone on when you head to the mall." Read more of this --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RGkVUafw2-M/story01.htm *** Skype becomes a malware minefield *** --------------------------------------------- "Skype users should be careful when using the service these days. First CSIS researchers unearthed a campaign misusing Skype to replicate and spread the Shylock banking Trojan with a plugin called msg. gsm that, when it was first spotted five days ago, was detected by none of the AV solutions used by VirusTotal...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2383 *** Red October spy ring also used "Rhino" Java exploit *** --------------------------------------------- "A cyber espionage campaign that was recently unearthed by researchersused a now-patched vulnerability in Java software as another tool to exploit victims machines. Security firm Seculert published a blog post Tuesday saying that the "Red October" spy campaign, in addition to leveraging weaknesses in Microsoft Office, also spread malware by taking advantage of a Java flaw in the Rhino Script Engine, CVE-2011- 3544, fixed in October 2011. After investigating the --------------------------------------------- http://cyberwarzone.com/red-october-spy-ring-also-used-rhino-java-exploit *** Paypal.com Blind SQL Injection *** --------------------------------------------- Topic: Paypal.com Blind SQL Injection Risk: Medium Text:Title: Paypal Bug Bounty #18 - Blind SQL Injection Vulnerability Date: == 2013-01-22 References: == http... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/7mPYfOLfMHQ/WLB-20… *** DDoS Attacks as Constitutional Problem: Germanys Experience *** --------------------------------------------- "A distributed denial of service (DDoS) attack targets a computer systems resources by flooding it with requests beyond its capacity in hopes of negatively impacting its functionality. Does society consider DDoS attacks a legitimate form of protest? When an anonymously posted petition appeared on the White Houses We the People page and advocated the legalization of DDoS attacks most commentators didnt look to kindly at the idea...." --------------------------------------------- http://blog.cyveillance.com/general-cyberintel/right-to-bear-low-orbit-ion-… *** SCADA Password-Cracking Tool For Siemens S7 PLCs Released *** --------------------------------------------- FROM: Matthias Fraidl <fraidl(a)cert.at> http://www.darkreading.com/vulnerability-management/167901026/security/vuln… --------------------------------------------- /taranis/mod_assess/show_mail.pl?id=2361 *** Beware of fake Java updates *** --------------------------------------------- "Following recent security vulnerabilities in Java, malware developers are taking a new approach to exploit the Java platform by issuing false updates that pose as legitimate updates for the runtime. The latest version of the Java runtime that fixes recent vulnerabilities is update 11, and Kaspersky labs is reporting that a new malware is out that poses as "Java Update 11." The malware is packaged in a Java archive file called "javaupdate11. jar" that contains two --------------------------------------------- http://reviews.cnet.com/8301-13727_7-57565035-263/beware-of-fake-java-updat… *** Twitter flaw gave private message access to third-party apps, researcher says *** --------------------------------------------- "Users who signed into third-party Web or mobile applications using their Twitter accounts might have given those applications access to their Twitter private "direct" messages without knowing it, according to Cesar Cerrudo, the chief technology officer of security consultancy firm IOActive. The issue is the result of a flaw in Twitters API (application programming interface) that led to users not being properly informed about what permissions an application will have on their --------------------------------------------- http://www.computerworld.com/s/article/9236024/Twitter_flaw_gave_private_me… *** Multiple Vulnerabilities in Cisco Wireless LAN Controllers *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! The Cisco Wireless LAN Controller (Cisco WLC) product family is affected by the following four vulnerabilities: Cisco Wireless LAN Controllers Wireless Intrusion Prevention System (wIPS) Denial of Service Vulnerability Cisco Wireless LAN Controllers Session Initiation Protocol Denial of Service Vulnerability Cisco Wireless LAN Controllers HTTP Profiling Remote Code Execution Vulnerability Cisco Wireless LAN --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Multiple Vulnerabilities in Cisco Wireless LAN Controllers&vs_k=1 *** Three Men Charged in Connection with Gozi Trojan *** --------------------------------------------- Federal investigators are expected to announce today criminal charges against three men alleged to be responsible for creating and distributing the Gozi Trojan, an extremely sophisticated strain of malicious software that was sold to cyber crooks and was tailor-made to attack specific financial institutions targeted by each buyer. According to charging documents filed in the U.S. [...]Related Posts:New Findings Lend Credence to Project BlitzkriegU.S. Charges 37 Alleged Money Mules19 Arrested in --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/2TTqn06NSJo/ *** Summary for January 2013 - Version: 3.0 *** --------------------------------------------- With the release of the security bulletins for January 2013, this bulletin summary replaces the bulletin advance notification originally issued January 3, 2013 and the out-of-band advance notification issued January 13, 2013. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-jan *** Vuln: Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability *** --------------------------------------------- Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57416

1 0

Tageszusammenfassung - Dienstag 22-01-2013
by Daily end-of-shift report 22 Jan '13

22 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 21-01-2013 23:28 − Dienstag 22-01-2013 23:28 Handler: L. Aaron Kaplan Co-Handler: Christian Wojner *** Vuln: libTIFF TIFF Image CVE-2012-2088 Buffer Overflow Vulnerability *** --------------------------------------------- libTIFF TIFF Image CVE-2012-2088 Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54270 *** First Google wants to know all about you, now it wants a RING on your finger *** --------------------------------------------- For those whove always wanted to give the web giant the finger Top Google bods are mulling over using cryptographic finger-ring gadgets and other ways for users to securely log into websites and other services. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/21/google_pass… *** Linksys WRT54GL CSRF Attacke *** --------------------------------------------- Linksys WRT54GL CSRF Attacke21. Jänner 2013Wir bitten um Beachtung folgender CSRF Attacke gegen den allseits beliebten und weit verbreiteten Linksys WRT54GL:http://www.securityfocus.com/archive/1/525368/30/0/threadedWir haben in Oesterreich derzeit laut Shodan mindestens 1065 betroffene Linksysen, die direkt via Internet ansprechbar sind (also mit Admin Interface auf einer public IP). Der WRT54GL ist ein Dauerrenner bei WLAN Routern und durchaus weit verbreitet. (quelle: --------------------------------------------- http://www.cert.at/services/blog/20130121222847-705.html *** The LulzSec Press Twitter Account Hacked And Exposed By Indonesian Hacker Hmei7 *** --------------------------------------------- "Indonesian hacker going by the name of Hmei7 published a document on pastebin,exposing @TheLulzSecPress, by stating they they have been stealing others hack. The document has been well organised,giving an introduction section followed by Hacking Incidents analysis,where comparison was made between original hacks of some genuine hackers and the stolen hacks by thelulzsecpress. A total of 5 issues were compared which hmei7 has been naming as FAIL NO...." --------------------------------------------- http://riduan-anonymous.blogspot.in/2013/01/the-lulzsec-press-twitter-accou… *** [SECURITY] [DSA 2611-1] movabletype-opensource security update *** Debian Security Advisory DSA-2611-1 security(a)debian.org http://www.debian.org/security/ Yves-Alexis Perez January 22, 2013 http://www.debian.org/security/faq *** Operation Red October Attackers Wielded Spear Phishing *** --------------------------------------------- "The Red October malware network is one of the most advanced online espionage operations thats ever been discovered. Thats the conclusion of Moscow-based security firm Kaspersky Lab, which first discovered Operation Red October--"Rocra" for short--in October 2012."The primary focus of this campaign targets countries in Eastern Europe, former USSR republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North --------------------------------------------- http://www.informationweek.com/security/attacks/operation-red-october-attac… *** DHS: Industrial control systems subject to 200 attacks in 2012 *** --------------------------------------------- "A DHS report released last week revealed that industrial control systems, which are used to monitor and control critical infrastructure facilities, were hit with 198 documented cyberattacks in 2012, and that many of these attacks were serious. Forty percent of those attacks were on energy firms, according to the Industrial Control Systems (ICS) and Cyber Emergency Response Team (CERT), which reviewed every incident. Water utilities came in second, with 15 percent of the attacks focused on --------------------------------------------- http://www.homelandsecuritynewswire.com/dr20130114-dhs-industrial-control-s… *** Google bezahlt für Daten-Traffic an Orange *** --------------------------------------------- Der französische Mobilfunkbetreiber Orange hat mit Google einen Vertrag darüber geschlossen, wonach Google für den Transport der Daten des Video-Portals YouTube zahlt. Das französische Regierung will mit Google zudem über eine "Internet-Steuer" für die Sammlung persönlicher Daten verhandeln. --------------------------------------------- http://futurezone.at/b2b/13616-google-bezahlt-fuer-daten-traffic-an-orange.… *** Vuln: Cisco VPN Client for Windows CVE-2012-5429 Local Denial of Service Vulnerability *** --------------------------------------------- Cisco VPN Client for Windows CVE-2012-5429 Local Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57483 *** Spent Fuel Pool *** --------------------------------------------- Spent Fuel Pool What if I took a swim in a typical spent nuclear fuel pool? Would I need to dive to actually experience a fatal amount of radiation? How long could I stay safely at the surface? Assuming you're a reasonably good swimmer, you could probably survive treading water anywhere from 10 to 40 hours. At that point, you would black out from fatigue and drown. This is also true for a pool without nuclear fuel in the bottom.Spent fuel from nuclear --------------------------------------------- http://what-if.xkcd.com/29/ *** iOS 6 jailbreak nearly there, say iPhone hackers *** --------------------------------------------- "Two iPhone hackers hinted theyre making progress towards developing a new jailbreak for the latest version of Apples mobile operating system. One of the hackers, who goes by "@pod2g" on Twitter, said yesterday that they found two "new vulnerabilities in a day," but whats missing is an "initial code execution" for a public jailbreak. Pod2g is working with David Wang, known as "@planetbeing" on Twitter, to develop a way to remotely exploit iOS 6, --------------------------------------------- http://news.techworld.com/security/3421528/ios-6-jailbreak-nearly-there-say… *** Security researchers cripple Virut botnet *** --------------------------------------------- "Many of the domain names used by a cybercriminal gang to control computers infected with the Virut malware were disabled last week in a coordinated takedown effort, Spamhaus, an organization dedicated to fighting spam, announced Saturday. The Virut malware spreads by inserting malicious code into clean executable files and by copying itself to fixed, attached and shared network drives. Some variants also infects HTML, ASP and PHP files with rogue code that distributes the threat...." --------------------------------------------- http://www.computerworld.com/s/article/9235991/Security_researchers_cripple… *** SOL14138: XML External Entity Injection (XXE) from authenticated source CVE-2012-2997 *** --------------------------------------------- http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html --------------------------------------------- *** Netzpolitik - Deutschland plant Firmen-Meldepflicht für Cyber-Angriffe *** --------------------------------------------- Neuer Gesetzentwurf sieht Prüfung der Sicherheitsstandards vor --------------------------------------------- http://derstandard.at/1358304341673/Deutschland-plant-Firmen-Meldepflicht-f… *** Bugtraq: [SECURITY] [DSA 2611-1] movabletype-opensource security update *** --------------------------------------------- [SECURITY] [DSA 2611-1] movabletype-opensource security update --------------------------------------------- http://www.securityfocus.com/archive/1/525380 *** Red October closes as Kaspersky publishes more details *** --------------------------------------------- "Almost as soon as Kaspersky began publishing details about the Red October cyberespionage network, the command and control systems behind the apparently five-year-old digital spying ring began closing down. According to a posting on Kasperskys threatpost, the researchers who exposed the network on Monday say that "not only [are] the registrars killing the domains and the hosting providers killing the command-and-control servers but perhaps the attackers shutting down the whole --------------------------------------------- http://www.h-online.com/security/news/item/Red-October-closes-as-Kaspersky-… *** Vuln: Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability *** --------------------------------------------- Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57416

1 0

Tageszusammenfassung - Montag 21-01-2013
by Daily end-of-shift report 21 Jan '13

21 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Samstag 19-01-2013 18:18 − Montag 21-01-2013 18:18 Handler: L. Aaron Kaplan Co-Handler: Christian Wojner *** Android Botnet Infects 1 Million Plus Phones *** --------------------------------------------- Trailrunner7 writes "Up to a million Android users in China could be part of a large mobile botnet, according to research unveiled by Kingsoft Security, a Hong Kong-based security company, this week. The botnet has spread across phones running the Android operating system via Android.Troj.mdk, a Trojan that researchers said exists in upwards of 7,000 applications available from non-Google app marketplaces, including the popular Temple Run and Fishing Joy games." Update: 01/19 12:54 --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QL1JqKgnwOU/story01.htm *** In Syria, the Cyberwar Intensifies *** --------------------------------------------- "The front pages have been dominated for more than a year by photos of young Syrian rebel fighters, armed and proud, battling an increasingly isolated Syrian military. But amid the shooting, the atrocities and the bombings, there is a parallel war a sophisticated cyber insurgency battling a shadowy team working on behalf of the Assad regime. The Syrians online conflict may be the most active cyberwar in recent memory, with extraordinary efforts by both sides to sabotage, disrupt and --------------------------------------------- http://www.defensenews.com/article/20130118/C4ISR01/301180018/In-Syria-Cybe… *** Malware shuts down US power company *** --------------------------------------------- "A computer virus attacked a turbine control system at a US power company last fall when a technician unknowingly inserted an infected USB computer drive into the network, keeping a plant off line for three weeks, according to a report posted on a US government website. The Department of Homeland Security report did not identify the plant but said criminal software, which is used to conduct financial crimes such as identity theft, was behind the incident...." --------------------------------------------- http://articles.timesofindia.indiatimes.com/2013-01-17/security/36393196_1_… *** Vuln: Oracle MySQL Server Heap Overflow Vulnerability *** --------------------------------------------- Oracle MySQL Server Heap Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56768 *** Beware: malware masquerading as Java patch *** --------------------------------------------- "Opportunist hackers are capitalising on fears over Java vulnerabilities by spreading malware posing as patches for the under fire computer platform. Oracle has endured a torrid week over Javas security, having already issued Update 11 to fix critical flaw CVE-2013-0422 a threat deemed serious enough for the US Department of Homeland Security to recommend that users completely disable Java from their computers...." --------------------------------------------- http://www.itproportal.com/2013/01/18/beware-malware-masquerading-java-patc… *** Hackers Leak 1.7 GB of Data from Azerbaijans Special State Protection Service *** --------------------------------------------- "The information leaked by the hacktivists doesnt belong only to the Special State Protection Service, but also to other organizations linked to it, including ING Geneva, Sumato Energy, BNP Paribas, Taurus Petroleum and even security solutions provider Prolexic. The hackers say the files contain passport scans, reports, confidential shareholder documents, account statements, letters of credit, and details of oil drilling technologies. At the beginning of January, the hackers leaked --------------------------------------------- http://news.softpedia.com/news/Hackers-Leak-1-7-GB-of-Data-from-Azerbaijan-… *** Google zahlt Durchleitungsentgelte an Orange *** --------------------------------------------- http://www.heise.de/meldung/Google-zahlt-Durchleitungsentgelte-an-Orange-17… *** Google will Passwörter durch Ring ersetzen *** --------------------------------------------- Google testet derzeit Möglichkeiten die klassische Passworteingabe durch Hardware abzulösen. So könnte man sich zukünftig per USB-Stick in sein Google-Konto anmelden. Auch eine NFC-Lösung mittels Ring am Finger wäre für Google denkbar. --------------------------------------------- http://futurezone.at/future/13609-google-will-passwoerter-durch-ring-ersetz… *** Netzpolitik - Webadresse von Kärntner Jugendreferat führte zu Pornoseite *** --------------------------------------------- Hackerangriff vermutet - Problem mittlerweile behoben --------------------------------------------- http://derstandard.at/1358304202191/Webadresse-von-Kaerntner-Jugendreferat-… *** Shylock banking malware spreads via Skype *** --------------------------------------------- "The banking Trojan known as Shylock has been updated with new functionality, including the ability to spread over Skype. The program was discovered in 2011 that steals online banking credentials and other financial information from infected computers. Shylock, named after a character from Shakespeares "The Merchant of Venice"...." --------------------------------------------- http://thehackernews.com/2013/01/shylock-banking-malware-spreads-via.html?u… *** Arguing Against Voluntary Standards - CEOs See Provisions over Infosec Standards as Distraction *** --------------------------------------------- "The idea of the U.S. federal government and industry jointly developing IT security best practices will do little to help critical infrastructure operators defend against cyber-risk, says Business Roundtable Vice President Liz Gasster. "It makes an underlying assumption that the point of best practices will, in fact, be effective in addressing cybersecurity risk," Gasster says in an interview with Information Security Media Group. "And that while best practices are a useful --------------------------------------------- http://www.healthcareinfosecurity.com/interviews/arguing-against-voluntary-…

1 0

Tageszusammenfassung - Freitag 18-01-2013
by Daily end-of-shift report 18 Jan '13

18 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 17-01-2013 18:00 − Freitag 18-01-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Linksys vuln: Cisco responds *** --------------------------------------------- Working on fix for WRT54GL router Cisco has identified the Linksys router affected by the vulnerability published by DefenseCode on January 14... --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/17/cisco_respo… *** Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting *** --------------------------------------------- Topic: Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting Risk: Low Text:: + Vendor info Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting (CWE-79) http://sourceforge.net/projects/assp/ ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/l6FeQIUUAbY/WLB-20… *** Vuln: Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability *** --------------------------------------------- Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57445 *** Outbank 2 mit Passwort-Leck *** --------------------------------------------- Die Mac-Version der neuen Banking-Software legt das Programmkennwort in einer Standard-Logdatei ab – unverschlüsselt. Ein Update steht noch aus. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27a7a138/l/0L0Sheise0Bde0Cmel… *** Why the Java threat rang every alarm *** --------------------------------------------- "If the IT industry had a color-coded threat-level advisory system, the alerts would have spiked to red this week -- and in a way they did when the Department of Homeland Security, no less, urged users to disable or uninstall Java because of a serious security vulnerability. Judging by the ensuing avalanche of ink (mea culpa for adding to the pileup), you might think this attack took the industry by surprise. Far from it -- as Twitter engineer and security expert Charlie Miller told... --------------------------------------------- http://www.infoworld.com/t/security/why-the-java-threat-rang-every-alarm-21… *** Bugtraq: CVE-2012-6452 Axway Secure Messenger Username Disclosure *** --------------------------------------------- CVE-2012-6452 Axway Secure Messenger Username Disclosure --------------------------------------------- http://www.securityfocus.com/archive/1/525346

1 0

Tageszusammenfassung - Donnerstag 17-01-2013
by Daily end-of-shift report 17 Jan '13

17 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 16-01-2013 18:00 − Donnerstag 17-01-2013 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** Vuln: HP PKI ActiveX Control Denial of Service Vulnerability *** --------------------------------------------- HP PKI ActiveX Control Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/51341 *** Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass *** --------------------------------------------- Topic: Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass Risk: High Text:View online: http://drupal.org/SA-CORE-2013-001 * Advisory ID: DRUPAL-SA-CORE-2013-001 * Project: Drupal core [1] * ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Vol8aq1w-iY/WLB-20… *** Yet ANOTHER Java zero-day claimed - but this time youre laughing, right? *** --------------------------------------------- "Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit. This one, it seems, targets an exploitable vulnerability even in Oracles most recent release, Version 7 Update 11, also known as 7u11. Details of the exploit are sketchy, because the underworld is playing this one very close to its chest...." --------------------------------------------- http://nakedsecurity.sophos.com/2013/01/17/yet-another-java-zero-day-claime… *** Heads-Up - Security Researchers Expose X-ray Machine Bug *** --------------------------------------------- "A pair of researchers best known for poking holes in industrial control systems (ICS) products found that medical devices suffer similar security woes after they were able to easily hack into a Philips x-ray machine. Terry McCorkle and Billy Rios, both of Cylance, here today demonstrated how a rudimentary fuzzer they wrote basically gave them privileged user status on the XPER x-ray machine. The machine has inherently weak remote authentication...." --------------------------------------------- http://www.darkreading.com/vulnerability-management/167901026/security/atta… *** Novell schließt gefährliche Lücke in eDirectory-Server *** --------------------------------------------- Novell hat einen Patch für seinen eDirectory-Server bereitgestellt, der einen möglichen Pufferüberlauf beseitigt. Angreifern hätte die Lücke das Erlangen von Administrator-Rechten auf dem Zielrechner ermöglicht... --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/279f3d9d/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Mittwoch 16-01-2013
by Daily end-of-shift report 16 Jan '13

16 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 15-01-2013 18:00 − Mittwoch 16-01-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** When Disabling IE6 (or Java, or whatever) is not an Option..., (Tue, Jan 15th) *** --------------------------------------------- Were getting a whole lot of bad advice regarding the latest crop of vulnerabilities. Folks are saying things like disable Java, or Migrate away from IE6/7/8, or even Migrate to IE10 or Firefox. While these will certainly mitigate the current vulnerability, its often not a practical way to go. If you pick the right week, almost anything could be your target disable that component - everyone has a zero day at one time or another. Specific to this weeks issues, there are lots of business... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14947&rss *** January 2013 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck *** --------------------------------------------- Today we’re publishing the January 2013 Out-of-Band Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 17 questions focusing on Security Update MS13-088, and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are included in the transcript. We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/01/15/january-2013-out-of-band… *** Bugtraq: Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability *** --------------------------------------------- Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/525317 *** Oracles Januar-Patches schließen 86 Lücken *** --------------------------------------------- Mit dem jetzt veröffentlichten regulären Critical Patch Update behebt Oracle unter anderem 24 Sicherheitslücken in seinen Datenbankprodukten, davon 18 in MySQL. Einige davon ließen sich übers Netz ohne Anmeldung ausnutzen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27929ccc/l/0L0Sheise0Bde0Cmel… *** Security hotfix released for ColdFusion (APSB13-03) *** --------------------------------------------- Today, a Security Bulletin (APSB13-03) has been posted in regards to a security hotfix for Adobe ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the security bulletin. This posting is provided “AS IS” with no warranties and confers no rights. --------------------------------------------- http://blogs.adobe.com/psirt/2013/01/security-hotfix-released-for-coldfusio… *** Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability *** --------------------------------------------- Please give us your feedback on Cisco Security Intelligence Operations. Thanks! A vulnerability in Cisco Adaptive Security Appliance (ASA) Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled.Cisco has released free software updates that address this vulnerability.This advisory is posted at the following... --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability

1 0

Tageszusammenfassung - Dienstag 15-01-2013
by Daily end-of-shift report 15 Jan '13

15 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 14-01-2013 18:00 − Dienstag 15-01-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Bugtraq: Updated - CA20121018-01: Security Notice for CA ARCserve Backup *** --------------------------------------------- Updated - CA20121018-01: Security Notice for CA ARCserve Backup --------------------------------------------- http://www.securityfocus.com/archive/1/525303 *** Cyber Security Bulletin (SB13-014) - Vulnerability Summary for the Week of January 7, 2013 *** --------------------------------------------- "The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability --------------------------------------------- http://www.us-cert.gov/cas/bulletins/SB13-014.html *** DefenseCode turns up Linksys zero-day *** --------------------------------------------- World awaits patch With more than 70 million home networking devices in service, a zero-day for Linksys has a very wide reach. According to DefenseCode, an information security consultancy that’s just what turned up in a recent product evaluation for a client.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/14/cisco_links… *** Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow *** --------------------------------------------- Topic: Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow Risk: High Text: Title: Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow. Author: David Klein (davi... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013010133

1 0

Tageszusammenfassung - Montag 14-01-2013
by Daily end-of-shift report 14 Jan '13

14 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 11-01-2013 18:00 − Montag 14-01-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Microsoft Lync Server 2010 Remote Code Execution/XSS User Agent Header *** --------------------------------------------- Topic: Microsoft Lync Server 2010 Remote Code Execution/XSS User Agent Header Risk: High Text:Summary = Microsoft Lync 2010 fails to properly sanitize user-supplied input, which can lead to remote code execution. ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013010107 *** Java SE 5/6/7 critical security issue *** --------------------------------------------- Topic: Java SE 5/6/7 critical security issue Risk: High Text:Weve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The im... --------------------------------------------- http://cxsecurity.com/issue/WLB-2012090223 *** Sysinternals Updates, (Sun, Jan 13th) *** --------------------------------------------- A handlers shift usually doesnt go by without Roseman writing in telling us that Microsoft have released another Sysinternals update and today is one of those days. A couple of days has passed since Microsoft announced: Autoruns v11.4: Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug. Procdump v5.12: This Procdump update fixes a bug introduced in v5.11... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14926&rss *** ICS-CERT berichtet von Viren-Infektionen bei US-Stromversorgern *** --------------------------------------------- Über USB-Sticks werden die industriellen Steuerungssysteme eines US-Stromversorgers und eines Elektrizitätswerks mit Schadsoftware infiziert. Das ICS-CERT begrenzt den Schaden. Das "Project Shine" kann auf Schwachstellen aufmerksam machen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/277bb6fc/l/0L0Sheise0Bde0Cmel… *** Microsoft to release emergency Internet Explorer patch on Monday *** --------------------------------------------- "Microsoft will release a patch on Monday for older versions of its Internet Explorer browser, deviating from its normal repair schedule due to the seriousness of the problem. The vulnerability, which is present in IE 6, 7 and 8, is a memory corruption issue. It can be exploited by an attacker via a drive-by download, a term for loading a website with attack code that delivers malware to a victims computer if the person merely visits the website...." --------------------------------------------- http://www.computerworld.com.au/article/446389/microsoft_release_emergency_… *** Vuln: Qt QSslSocket::sslErrors() Certificate Validation Security Weakness *** --------------------------------------------- Qt QSslSocket::sslErrors() Certificate Validation Security Weakness --------------------------------------------- http://www.securityfocus.com/bid/57162 *** Heads-Up - Oracle Critical Patch Update Pre-Release Announcement - January 2013 *** --------------------------------------------- "DescriptionThis Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2013, which will be released on Tuesday, January 15, 2013. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. A Critical Patch Update is a collection of patches for multiple security vulnerabilities...." --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html *** Emergency patch for Java fails to fix cybercrime holes, warn experts *** --------------------------------------------- ORACLE released an emergency update to its Java software for surfing the Web last night, but security experts said the update fails to protect PCs from attack by hackers intent on committing cyber crimes. --------------------------------------------- http://www.independent.ie/business/technology/emergency-patch-for-java-fail…

1 0

Tageszusammenfassung - Freitag 11-01-2013
by Daily end-of-shift report 11 Jan '13

11 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 10-01-2013 18:00 − Freitag 11-01-2013 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** European Cybercrime Centre opens for business *** --------------------------------------------- "The European Cybercrime Centre (EC3) will officially start operating on 11 January with a mission to protect European citizens and businesses from cybercrime. "Cybercriminals are smart and quick in using new technologies for criminal purposes; the EC3 will help us become even smarter and quicker to help prevent and fight their crimes" said European Commissioner for Home Affairs Cecilia Malmstrm at the launch of the EC3 project ahead of the official opening of the centre at... --------------------------------------------- http://www.h-online.com/security/news/item/European-Cybercrime-Centre-opens… *** Bugtraq: DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit *** --------------------------------------------- DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit --------------------------------------------- http://www.securityfocus.com/archive/1/525269 *** Bugtraq: Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee) *** --------------------------------------------- Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee) --------------------------------------------- http://www.securityfocus.com/archive/1/525268 *** What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!, (Thu, Jan 10th) *** --------------------------------------------- As a side note to todays iSeries / Mainframe story, and a follow-up to one I wrote last year (https://isc.sans.edu/diary/12103), another thing Im seeing is more and more on telnets (tcp port 992 - https://isc.sans.edu/port.html?port=992) is voice gateway and videoconferencing unit problems. Specifically, when scanning for port tcp/992, you will likely run across more videoconferencing systems than mainframes. Theyll often show up with less fingerprinting than the SNA platforms we discussed,... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14902&rss *** HPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of Service (DoS) *** --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03621178 *** TYPO3-EXT-SA-2013-001: Several vulnerabilities in third party extensions *** --------------------------------------------- Several vulnerabilities have been found in the following third-party TYPO3 extensions: news, onetimeaccount, phpunit, div2007, t3mootools, t3jquery, oneclicklogin --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… *** .NET-Update beeinträchtigt Windows Server 2012 *** --------------------------------------------- Ein seit Dienstag ausgeliefertes Update für die .NET-Laufzeitumgebung 4.5 führt unter Windows Server 2012 zu Problemen mit dem Failover Cluster Manager. Microsoft hat das Problem bereits bestätigt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/276e67d9/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Donnerstag 10-01-2013
by Daily end-of-shift report 10 Jan '13

10 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 09-01-2013 18:00 − Donnerstag 10-01-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability *** --------------------------------------------- GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57188 *** Police Arrest Alleged ZeuS Botmaster “bx1″ *** --------------------------------------------- A man arrested in Thailand this week on charges of stealing millions from online bank accounts fits the profile of a miscreant nicknamed "bx1," a hacker fingered by Microsoft as a major operator of botnets powered by the ZeuS banking trojan. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/D_NUNHSTfy8/ *** Zero-Day Java Exploit Debuts in Crimeware *** --------------------------------------------- The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/x8J2sRZ5128/ *** Vuln: Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability *** --------------------------------------------- Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57113 *** Web Application Vulnerability Statistics of 2012 *** --------------------------------------------- "With years of experience and valuable insights from our cloud based application security testing, we thought of conducting a study to discover the prevailing website vulnerability trends. The study is based on our original research on more than 5000 tests covering 300+ customers distributed globally. How was the study conducted?..." --------------------------------------------- http://www.ivizsecurity.com/blog/penetration-testing/web-application-vulner… *** Exploit für Ruby on Rails im Umlauf *** --------------------------------------------- Die Sicherheitslücke in Ruby-On-Rails erweist sich als akut gefährlich; erste Exploits sind im Umlauf und Berichte über gekaperte Web-Server laufen ein. Administratoren sollten dringend handeln. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2763d32a/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Mittwoch 9-01-2013
by Daily end-of-shift report 09 Jan '13

09 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 08-01-2013 18:00 − Mittwoch 09-01-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Serious Password Reset Hole In Accellion Secure FTP *** --------------------------------------------- chicksdaddy writes "A security researcher who was looking for vulnerabilities in Facebooks platform instead stumbled on a much larger hole that could affect scores of firms who rely on a secure file transfer platform from Accellion. Writing on his blog on Monday, Israeli researcher Nir Goldshlager said he discovered the password reset vulnerability while analyzing a Accellion deployment that is used, internally, by Facebook employees. Goldshlager used public knowledge of the Accellion... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/BpSzZxCpN3k/story01.htm *** Microsoft Updates for Multiple Vulnerabilities *** --------------------------------------------- The Microsoft Security Bulletin Summary for January 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-jan *** Adobe Security Bulletins Posted *** --------------------------------------------- Today, we released the following Security Bulletins: APSB13-01 Security updates available for Adobe Flash Player APSB13-02 Security updates available for Adobe Reader and Acrobat Customers of the affected products should consult the relevant Security Bulletin(s) for details. This posting is provided "AS IS" with no warranties and confers no rights. --------------------------------------------- http://blogs.adobe.com/psirt/2013/01/adobe-security-bulletins-posted-4.html *** Experts Identify, Analyze Botnet Used to Launch DDOS Attacks Against US Banks *** --------------------------------------------- "Researchers have been constantly analyzing the distributed denial-of-service (DDOS) attacks launched by Izz ad-Din al-Qassam Cyber Fighters against United States financial institutions but, up until now, little was known about the resources used by the hacktivists. Incapsula, a cloud-based security and acceleration service provider, has uncovered some interesting details about the cyberattacks and the botnet that powers them after noticing that the website of a new customer was... --------------------------------------------- http://news.softpedia.com/news/Experts-Identify-Analyze-Botnet-Used-to-Laun… *** Mobile Browser Security: Problem Exists Between Device and Chair *** --------------------------------------------- "Last month, a Georgia Tech study found that mobile browsers frequently left even expert users insufficient information to judge if a site was potentially dangerous, because of user interface limitations. The item that is most problematic is how SSL information is displayed. Compared to desktops, mobile browsers have far more limited ways to show if a site is using SSL...." --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-browser-s… *** Kritische Lücken in Firefox, Thunderbird und SeaMonkey geschlossen *** --------------------------------------------- Mit den jüngsten Updates haben die Entwickler zahlreiche Schwachstellen in den Mozilla-Programmen beseitigt. Man sollte daher sicherstellen, dass man jeweils die aktuelle Version nutzt. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2758df0f/l/0L0Sheise0Bde0Cmel… *** First confirmed hard victim of Ruby on Rails Zero-Day Dutch DigiD Government Service. All services *** --------------------------------------------- "After having alerted on a new SQL Injection Vulnerability in Ruby on rails on 3 january, Bricade alerted on a second, even more serious, Zero Day on 8 January. The Dutch Government DigiD Service reported today 9th of January on their website that the DigiD service was not available today. See https://www...." --------------------------------------------- http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-1… *** Aktuelle Foxit-Reader-Version führt Schadcode aus *** --------------------------------------------- In Browser-Plug-in des PDF-Anzeigeprogramms klafft eine hochkritische Sicherheitslücke, weshalb man es umgehend abschalten sollte. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/275a0b01/l/0L0Sheise0Bde0Cmel… *** Cisco Security Advisory: Cisco Prime LAN Management Solution Command Execution Vulnerability *** --------------------------------------------- Advisory ID: cisco-sa-20130109-lms --------------------------------------------- Cisco Prime LAN Management Solution (LMS) Virtual Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands with the privileges of the root user. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…

1 0

Tageszusammenfassung - Dienstag 8-01-2013
by Daily end-of-shift report 08 Jan '13

08 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 07-01-2013 18:00 − Dienstag 08-01-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Bugtraq: Chrome for Android - Cookie theft from Chrome by malicious Android app *** --------------------------------------------- Chrome for Android - Cookie theft from Chrome by malicious Android app --------------------------------------------- http://www.securityfocus.com/archive/1/525222 *** Bugtraq: Chrome for Android - Android APIs exposed to JavaScript *** --------------------------------------------- Chrome for Android - Android APIs exposed to JavaScript --------------------------------------------- http://www.securityfocus.com/archive/1/525220 *** Foxit Reader <= 5.4.4.1128 npFoxitReaderPlugin.dll Stack Buffer Overflow *** --------------------------------------------- Topic: Foxit Reader --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/mNx5SSGJYF4/WLB-20… *** Drupal 6.x->7.18 getimagesize() <= Multiple Vulnerabilities *** --------------------------------------------- Topic: Drupal 6.x->7.18 getimagesize() --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/2AwbWS10dFQ/WLB-20… *** Bugtraq: Facebook for Android - Information Diclosure Vulnerability *** --------------------------------------------- Facebook for Android - Information Diclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/525223 *** Symantec plays down PGP hole *** --------------------------------------------- "Symantec has quenched fears about a vulnerability in its PGP technology. According to a Pastebin statement, the pgpwded. sys kernel driver distributed with Symantec PGP Desktop contains an arbitrary memory overwrite vulnerability in the handling of IOCTL 0x80022058...." --------------------------------------------- http://news.hitb.org/content/symantec-plays-down-pgp-hole *** ‘Value of a Hacked PC’ Graphic Goes Global *** --------------------------------------------- The Value of a Hacked PC graphic, which I published on this blog a few months ago to explain bad guy uses for your PC, is getting a makeover. I’m honored to say that the SANS Institute, a security training group, has taken the idea and run with it as an educational tool, and is in [...] --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/ehmnqBEd8q0/ *** Abgeschottetes Android für Unternehmen *** --------------------------------------------- Eine speziell angepasste Version des Mobilbetriebssystems überwacht, was der User mit seinem Gerät tun kann – basierend auf der jeweiligen Nutzungssituation. --------------------------------------------- http://www.heise.de/meldung/Abgeschottetes-Android-fuer-Unternehmen-1767696… *** Vuln: OpenIPMI ipmievd Daemon PID Files Insecure File Permissions Vulnerability *** --------------------------------------------- OpenIPMI ipmievd Daemon PID Files Insecure File Permissions Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/51036 *** Vuln: PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities *** --------------------------------------------- PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/27163 *** ENISA Names Drive-By Exploits as Biggest Emerging Threat of 2012 *** --------------------------------------------- "The European Network and Information Security Agency (ENISA) has released its Cyber Threat Landscape analysis of 2012. The study, based on over 120 threat reports, highlights the top threats and their trends. According to the report, drive-by exploits malicious code injects used to exploit web browser vulnerabilities are the number one threat...." --------------------------------------------- http://news.softpedia.com/news/ENISA-Names-Drive-By-Exploits-as-Biggest-Eme… *** [webapps] - Advantech WebAccess HMI/SCADA Software Persistence XSS Vulnerability *** --------------------------------------------- Advantech WebAccess HMI/SCADA Software Persistence XSS Vulnerability --------------------------------------------- http://www.exploit-db.com/exploits/23968 *** Wichtiges Sicherheitsupdate für MoinMoin-Wiki *** --------------------------------------------- Das Update auf Version 1.9.6 behebt unter anderem eine kritische Schwachstelle, die bereit aktiv von Cyber-Kriminellen ausgenutzt wird. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/274e0d0f/l/0L0Sheise0Bde0Cmel… *** Payment Card Fraud in the European Union *** --------------------------------------------- "The criminal market of payment card fraud (PCF) within the European Union (EU) is dominated by well structured and globally active organised crime groups (OCGs). Criminal networks have managed to affect non-cash payments in the EU to the extent that protection measures are very expensive and need to be implemented on a global level. Consequently, the use of payment cards can be inconvenient and no longer fully secure for EU cardholders...." --------------------------------------------- https://www.europol.europa.eu/sites/default/files/publications/1public_full… *** Angriffe auf ungepatchte ColdFusion-Lücken *** --------------------------------------------- Adobe warnt davor, dass Cyber-Kriminelle durch bislang nicht geschlossene Sicherheitslöcher in ColdFusion-Server einsteigen. Ein passender Patch ist frühestens in einer Woche fertig. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/274f87d4/l/0L0Sheise0Bde0Cmel… *** Bugtraq: ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability *** --------------------------------------------- ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/525229 *** [webapps] - WordPress Plugin Google Document Embedder Arbitrary File Disclosure *** --------------------------------------------- WordPress Plugin Google Document Embedder Arbitrary File Disclosure --------------------------------------------- http://www.exploit-db.com/exploits/23970 *** Kritische Schwachstellen in Asterisk *** --------------------------------------------- Digium hat einige kritische Schwachstellen in der quelloffenen Telefonanlagen-Software Asterisk geschlossen, durch die ein Angreifer Code in den Server einschleusen kann. Bei den Lücken handelt es sich um Pufferüberläufe auf dem Stack, die über die Protokolle HTTP, SIP und XMPP ausgenutzt werden können. Nur bei XMPP ist hierzu eine aktive Sitzung nötig. --------------------------------------------- http://www.heise.de/meldung/Kritische-Schwachstellen-in-Asterisk-1779526.ht…

1 0

Tageszusammenfassung - Montag 7-01-2013
by Daily end-of-shift report 07 Jan '13

07 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 04-01-2013 18:00 − Montag 07-01-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Patch for IE Zero Day Wont Be Among Microsoft Security Updates Next Week *** --------------------------------------------- "Microsoft plans to release a pair of critical bulletins on Tuesday for its first round of 2013 monthly security updates, but still has no announcement regarding a patch for the zero day vulnerability and exploit in Internet Explorer reported over the Christmas holiday. Users are urged to apply a Fix It released Dec. 31 for the vulnerability in IE 6, 7 and 8 that was at the heart of an attack on the Council on Foreign Relations website as well as that of energy manufacturer Capstone... --------------------------------------------- http://threatpost.com/en_us/blogs/patch-ie-zero-day-wont-be-among-microsoft… *** Dutch Government Aims to Shape Ethical Hackers Disclosure Practices *** --------------------------------------------- "The Dutch governments cyber security center has published guidelines that it hopes will encourage ethical hackers to disclose security vulnerabilities in a responsible way."Persons who report an IT vulnerability have an important social responsibility," the Dutch ministry of Security and Justice said on Thursday, announcing guidelines for ethical hacking that were published by the countrys National Cyber Security Center (NCSC). White-hat hackers and security researchers play an... --------------------------------------------- http://www.cio.com/article/725400/Dutch_Government_Aims_to_Shape_Ethical_Ha… *** FreePBX 2.7.0.3 & Elastix 2.3.0 SQL injection *** --------------------------------------------- Topic: FreePBX 2.7.0.3 & Elastix 2.3.0 SQL injection Risk: Medium Text:# Exploit Title: SQL injection in FreePBX 2.7.0.3 / Elastix 2.3.0 # Google Dork: N/A # Date: 05/01/2013 # Exploit Author: S... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/DfqeYKHkuXM/WLB-20… *** pfSense 2.0.1 XSS & CSRF & Command Execution *** --------------------------------------------- Topic: pfSense 2.0.1 XSS & CSRF & Command Execution Risk: High Text: # # Exploit Title: pfSense 2.0.1 XSS & CSRF Remote root Access # Date: 04/01/2013 # Author: Yann CAM ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/1o3q8BIwTZs/WLB-20… *** MyBB Profile Wii Friend Code 1.0 Cross Site Scripting and SQL Injection *** --------------------------------------------- Topic: MyBB Profile Wii Friend Code 1.0 Cross Site Scripting and SQL Injection Risk: Medium Text:# Exploit Title: MyBB Profile Wii Friend Code SQLi/Persistent XSS # Dork: intitle:"Profile of" intext:"Wii Friend Code" inurl:... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/lZtyzTcL-Tc/WLB-20… *** BSI release Draft Cyber Security standard - PAS 555\ *** --------------------------------------------- "This PAS specifies a framework for the governance and management of cyber security risk. The requirements of this PAS define the overall outcomes of effective cyber security, and include technical, physical, cultural and behavioural measures alongside effective leadership and governance. While there are many standards and guidelines available that can help tackle cyber security risk, they tend to define good practice as to how elements of effective cyber security might be... --------------------------------------------- http://drafts.bsigroup.com/Home/Details/49890 *** Adobe ColdFusion Security Advisory, (Sat, Jan 5th) *** --------------------------------------------- Adobe released a security advisory which identifies three vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631) affecting ColdFusion for Windows, Macintosh and Unix. They have received reports that these vulnerabilities are actively being exploited. Adobe is currently planning to release a fix for January 15, 2013. Additional information and mitigations options available here. [1] http://www.adobe.com/support/security/advisories/apsa13-01.html ----------- Guy Bruneau IPSS Inc. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14827&rss *** Neuer Exploit für Lücke im Internet Explorer *** --------------------------------------------- Einer Sicherheitsfirma gelang es nach eigenen Angaben, Microsofts provisorischen Patch für die kritische IE-Lücke auszutricksen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2738e1e8/l/0L0Sheise0Bde0Cmel… *** Malware targets Java HTTP servers *** --------------------------------------------- "A malware that strikes at Java HTTP servers and allows attackers to gain control on underlying systems has been spotted by security researchers of anti-virus vendor Trend Micro Inc. Using a password cracking tool, cybercriminals are able to login and gain manager/administrative rights allowing the deployment of Web application archive (WAR) file packages with the backdoor to the server, according to a post last Thursday on the Trend Labs. & Once done, the backdoor can now browse, --------------------------------------------- http://www.itworldcanada.com/news/malware-targets-java-http-servers/146535 *** Symantec links latest Microsoft zero-day with skilled hacker gang *** --------------------------------------------- "Symantec is crediting a hacker group with an impressive track record as responsible for finding the latest as yet unpatched vulnerability in older versions of Microsofts Internet Explorer browser. A gang Symantec calls the Elderwood group appears to have found the latest zero-day vulnerability in IE, which can allow a malicious website to automatically infect a persons computer.[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to... --------------------------------------------- http://www.infoworld.com/d/security/symantec-links-latest-microsoft-zero-da… *** Crimeware Author Funds Exploit Buying Spree *** --------------------------------------------- "The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes. An... --------------------------------------------- http://krebsonsecurity.com/2013/01/crimeware-author-funds-exploit-buying-sp… *** Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability *** --------------------------------------------- Topic: Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability Risk: Low Text: ## # # Exploit Title : Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability # # Author : IrI... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ESFCnSJbmkU/WLB-20… *** Wordpress wilderness SQL injection *** --------------------------------------------- Topic: Wordpress wilderness SQL injection Risk: Medium Text:# Exploit Title: Wordpress wilderness SQL injection # Google Dork: inurl:/wp-content/themes/wilderness/gallery.php # Date: 20... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/6WtYRSMSzoI/WLB-20… *** Vuln: CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability *** --------------------------------------------- CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56494 *** Sicherheit - Ubisofts Spieleplattform Uplay gehackt *** --------------------------------------------- Spielehersteller arbeitet bereits an Lösung und ruft zu besseren Passwörtern auf --------------------------------------------- http://derstandard.at/1356426935498/Ubisofts-Spieleplattform-Uplay-gehackt *** Google, Yahoo, Microsoft und Amazon anfällig für Clickjacking *** --------------------------------------------- Ein Sicherheitsforscher demonstriert an populären Webseiten wie Amazon, Google, Yahoo und Microsoft Live, dass viele Webseiten immer noch schlecht gegen Clickjacking geschützt sind. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/274546ad/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Freitag 4-01-2013
by Daily end-of-shift report 04 Jan '13

04 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 03-01-2013 18:00 − Freitag 04-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Apache Malware Installs Zeus *** --------------------------------------------- "The worlds most widely used web server, Apache, is a conduit to inject malicious content into web pages served by an infected Linux server, without the knowledge of the website owner. Those are the results of an analysis of a malicious Apache module, detected by ESET. They called the malware Linux/Chapro.A. Although the malware can serve practically any type of content, in this specific case it installs a variant of Win32/Zbot, malware designed to steal information from online banking --------------------------------------------- http://www.isssource.com/apache-malware-installs-zeus/ *** Bugtraq: Aastra IP Telephone encrypted .tuz configuration file leakage *** --------------------------------------------- Aastra IP Telephone encrypted .tuz configuration file leakage --------------------------------------------- http://www.securityfocus.com/archive/1/525190 *** Browser vendors rush to block fake google.com site cert *** --------------------------------------------- Turkish authoritys goof could compromise data Google and other browser vendors have taken steps to block an unauthorized digital certificate for the " *.google.com" domain that fraudsters could have used to impersonate the search giants online services. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/04/turkish_fak… *** Holey code, Batman! Microsoft to patch 12 vulns on Tuesday *** --------------------------------------------- Christmas zero-day flaw not included Microsoft has issued its pre Patch Tuesday report, saying it will issue seven patches fixing 12 code flaws next week but it wont provide a permanent fix for the exploit discovered during the recent holidays that is already being used in the wild. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/04/microsoft_p… *** Canadian Government Acknowledges Security Breach *** --------------------------------------------- "An employee of Human Resources and Skills Development Canada (HRSDC) recently misplaced an unencrypted USB drive containing sensitive data on approximately 5,000 Canadian citizens."The lost data, which was reported to the HRSDC on Nov. 17, included names, Social Insurance Numbers (similar to Social Security numbers) and other information criminals could use to defraud victims," writes TechNewsDailys Ben Weitzenkorn."The department, which handles a variety of files including --------------------------------------------- http://www.esecurityplanet.com/network-security/canadian-government-acknowl… *** Nicht zimperlich - DDoS-Attacken, gestohlene Daten: Harte Bandagen bei Lieferservices *** --------------------------------------------- Strafbefehle gegen sieben Führungskräfte von Lieferheld wegen entwendeter Datenbank eines Konkurrenten --------------------------------------------- http://derstandard.at/1356426716898/DDoS-Attacken-gestohlene-Daten-Harte-Ba… *** Over 18,000 PayPal Phishing Websites Identified in December 2012 *** --------------------------------------------- "Phishing websites, ones created by cybercriminals to harvest sensitive information from unsuspecting users, have become highly problematic lately. Because theyre so effective, crooks have launched a considerable number of sites that replicate popular companies. For instance, according to a study performed by Trend Micro for December 2012, a total of 18,947 phishing websites have been found to replicate PayPal...." --------------------------------------------- http://news.softpedia.com/news/Over-18-000-PayPal-Phishing-Websites-Identif… *** Major global Facebook Botnet taken down *** --------------------------------------------- "A fraud ring worth around 525 million has been taken out of action by the joint efforts of Facebooks own security team and local police forces in the UK, Peru, the US and a number of other countries. The gang managed to steal the massive sum from Facebook users by secretly planting spyware on victims computers that would steal credit and bank card details. Along with financial details, personal information with worth on the black market was also lifted...." --------------------------------------------- http://www.journalism.co.uk/press-releases/major-global-facebook-botnet-tak…

1 0

Tageszusammenfassung - Donnerstag 3-01-2013
by Daily end-of-shift report 03 Jan '13

03 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 02-01-2013 18:00 − Donnerstag 03-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** BSI warnt vor Sicherheitslücke im VLC Media Player *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik rät Nutzern der populären quelloffenen Videoabspielsoftware, auf die aktuelle Version 2.0.5 umzusteigen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27218c1d/l/0L0Sheise0Bde0Cmel… *** Energy Manufacturer Also Victimized by IE Zero Day in Watering Hole Attack *** --------------------------------------------- "This weeks watering hole attack exploiting a zero-day vulnerability in Internet Explorer was not limited to the influential Council on Foreign Relations site. A Metasploit contributor said an energy manufacturers website has been serving malware related to the attack since September. Researcher Eric Romang said that Capstone Turbine Corp., which builds power generation equipment for utilities, has been infected with malware exploiting CVE 2012-4969 for four months and the latest IE --------------------------------------------- http://threatpost.com/en_us/blogs/energy-manufacturer-also-victimized-ie-ze… *** 6 Big cyber security predictions for 2013 *** --------------------------------------------- "If there is any weakness in security, you can guarantee the criminals will try to exploit it. And if a cyber criminal discovers a weakness in one community, it wont be long before that isolated crime turns into a trend. The commercialization of malware is rapidly becoming a well-organized and highly lucrative business...." --------------------------------------------- http://venturebeat.com/2013/01/02/6-big-cyber-security-predictions-for-2013/ *** Malware SNEAK dons cunning disguise, opens creaky back door to servers *** --------------------------------------------- Java-based exploit targets web-hosting servers A malicious backdoor designed to infect web servers poses a severe threat, Trend Micro warns. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/03/web_server_… *** A New Way of Detecting Cybersecurity Attacks *** --------------------------------------------- "Rajeev Bhargava is an acknowledged pioneer in the networking and software industry, and CEO of Toronto-based Decision Zone Inc. His career spans more than 30 years within the engineering and IT industry, and he has been closely associated with many of its major developments. Rajeev has advised many of North Americas largest organizations within the telecom, financial, high tech, military, retail, aerospace and government industries. He is the inventor of an anomaly detection solution used --------------------------------------------- http://www.digitalcommunities.com/articles/A-New-Way-of-Detecting-Cyber-Sec… *** Lücke in Ruby on Rails erlaubt SQL-Injections *** --------------------------------------------- Alle aktuellen Versionen des Fameworks Ruby on Rails sind von einer Sicherheitslücke betroffen, die das Einschleusen von beliebigem SQL-Code ermöglicht. Nutzer sollten ihre Software möglichst schnell aktualisieren. --------------------------------------------- http://www.heise.de/meldung/Luecke-in-Ruby-on-Rails-erlaubt-SQL-Injections-… *** Virenverseuchte Dia-Scanner bei Tchibo verkauft *** --------------------------------------------- Der Kaffeeröster Tchibo hat in der Vorweihnachtszeit des vergangenen Jahres einen virenverseuchten Dia-Scanner verkauft. Das Gerät wurde ab dem 11. Dezember 2012 für 60 Euro über die Filialen und den Tchibo-Onlineshop angeboten. --------------------------------------------- http://www.heise.de/meldung/Virenverseuchte-Dia-Scanner-bei-Tchibo-verkauft… *** Invasion of the Botnets *** --------------------------------------------- "Millions and millions of PCs have been silently infiltrated with bot malware, creating massive bot armies, poised to steal and inflict maximum damage when triggered by their Bot Commander. There are several botnets each comprising millions of compromised PCs, such as Zeus, Conficker, Mariposa, ZeroAccess and BredoLab, waiting for the next command from their Bot Commander, so that they can spring into action and obediently carry out their strike orders like a well-disciplined and --------------------------------------------- http://dwaterson.com/2013/01/02/invasion-of-the-botnets/ *** Cloud security to be most disruptive technology of 2013 *** --------------------------------------------- "The Security for Business Innovation Council, comprised of IT security professionals from 19 companies worldwide, called cloud computing the main disruptive force for 2013. In its report, "Information Security Shake-Up," the group said it was evident many organizations are preparing to move more business processes to the cloud. This year, it will even be "mission-critical apps and regulated data" consigned to the cloud...." --------------------------------------------- http://www.networkworld.com/news/2013/010313-cloud-security-265437.html *** Facebook-Lücke erlaubte unbemerkte Webcam-Aufnahmen *** --------------------------------------------- Rund vier Monate nachdem zwei Sicherheitsforscher eine Schwachstelle in Facebooks Video-Upload-Funktion meldeten, soll de Lücke geschlossen worden sein. Die Entdecker sind überrascht über die Höhe der von Facebook gezahlten Belohnung. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2729d37e/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Mittwoch 2-01-2013
by Daily end-of-shift report 02 Jan '13

02 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 28-12-2012 18:00 − Mittwoch 02-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Microsoft Warns of New Gaming Malware *** --------------------------------------------- "According to a recent report by Marianne Mallen of the Microsoft Malware Protection Center (MMPC), Microsoft researchers recently came across three new Trojans that specifically target Korean gamers."According to the ... MMPC, whoever is responsible for these pieces of malware is attempting to pilfer user login credentials, credit card information that is used to pay for in-game money and assorted upgrades, Korean ID numbers (a sort of Korean-variety Social Security number often --------------------------------------------- http://www.esecurityplanet.com/malware/microsoft-warns-of-new-gaming-malwar… *** Microsoft - Windows XP wird zum Sicherheitsrisiko *** --------------------------------------------- Die Zeitschrift ct warnt: "Ab 2014 kann man einen XP-Rechner nur noch in völliger Isolation betreiben" --------------------------------------------- http://text.derstandard.at/1356426331198/Windows-XP-wird-zum-Sicherheitsris… *** 29C3 - erfolgreicher Angriff auf verschlüsselnde Festplatten *** --------------------------------------------- Auch bei automatisch verschlüsselnden Festplatten (Self-Encrypting Drives, SED) können Angreifer die Daten mit wenigen Handgriffen auslesen: Der Informatiker Tilo Müller demonstrierte am Freitag auf dem 29. Hacker-Kongress des Chaos Computer Clubs (29C3) in Hamburg, wie sich die Hardware-Verschlüsselung von Desktop-Computern oder Laptops angreifen lässt. --------------------------------------------- http://www.heise.de/meldung/29C3-erfolgreicher-Angriff-auf-verschluesselnde… *** Windows 8 Will Be Harder to Hack - Security Expert *** --------------------------------------------- "Windows 8 has already been attacked by hackers who wanted to activate the operating system at no cost, but theres no doubt its one of the most secure Windows iterations released so far. And Microsoft uses this argument to promote Windows 8 with every single occasion, while security companies across the globe confirm that its harder to attack the new OS. McAfee said in its 2013 predictions report that Windows 8 may become hackers next big target, but Rapid7 CISO and Metasploit founder HD... --------------------------------------------- http://news.softpedia.com/news/Windows-8-Will-Be-Harder-to-Hack-Security-Ex… *** Bugtraq: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption *** --------------------------------------------- GnuPG 1.4.12 and lower - memory access errors and keyring database corruption --------------------------------------------- http://www.securityfocus.com/archive/1/525167 *** Worst email scams of 2012 *** --------------------------------------------- "The scammers have continued to flood us with dodgy emails this year. Here are some of the worst ones weve spotted. Identity fraud and theft continues to be a big issue in the UK...." --------------------------------------------- http://www.lovemoney.com/news/scams-and-rip-offs/scams/18904/worst-email-sc… *** Provisorischer Fix für kritische Lücke im Internet Explorer *** --------------------------------------------- Im Internet Explorer bis einschließlich Version 8 klafft eine kritische Sicherheitslücke. Microsoft hat nun ein Fix-It-Tool herausgegeben, mit dem sich Nutzer der betroffenen IE-Versionen schützen können, bis ein Patch fertig ist. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27194e91/l/0L0Sheise0Bde0Cmel… *** Piraterie - Gecrackte Apps: Neue Dienste kapern iOS auch ohne Jailbreak *** --------------------------------------------- Nachfolger von Installous könnten wesentlich mehr User erreichen --------------------------------------------- http://derstandard.at/1356426557392/Gecrackte-Apps-Neue-Dienste-kapern-iOS-…

1 0

Tageszusammenfassung - Freitag 28-12-2012
by Daily end-of-shift report 28 Dec '12

28 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-12-2012 18:00 − Freitag 28-12-2012 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** ICS-CERT Closes-out Two Alerts *** --------------------------------------------- "Today the folks at DHS ICS-CERT published two advisories for different systems that were based upon uncoordinated disclosures reported earlier by ICS-CERT. Actually ICS-CERT only notes that one is based upon an earlier alert, but records show that both were. The affected systems are from RuggecCom and Carlo Gavazzi Automation...." --------------------------------------------- http://chemical-facility-security-news.blogspot.nl/2012/12/ics-cert-closes-… *** RealPlayer RealMedia File Handling Buffer Overflow *** --------------------------------------------- Topic: RealPlayer RealMedia File Handling Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/bi_N1sR5TgU/WLB-20… *** Joomla bch and Content Shell Upload *** --------------------------------------------- Topic: Joomla bch and Content Shell Upload Risk: High Text: [ Joomla com_content Shell Upload Vulnerability] [x] Author : Agd_Scorp [x] Home : www.turkguvenligi.info ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/vUggqlfFDmw/WLB-20… *** Vuln: Real Networks RealPlayer Multiple Security Vulnerabilities *** --------------------------------------------- Real Networks RealPlayer Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56956 Next End-of-Shift report on 2013-01-02

1 0

Tageszusammenfassung - Donnerstag 27-12-2012
by Daily end-of-shift report 27 Dec '12

27 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-12-2012 18:00 − Donnerstag 27-12-2012 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Vuln: Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability *** --------------------------------------------- Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55465 *** Java 7 update offers more security options *** --------------------------------------------- "A recent Java 7 update (Update 10) has added more security options that will appeal to security conscious users and businesses. A new option under the Java control panel, for example, allows users to disable Java applications from running inside their browsers by clearing the "enable Java content in the browser" checkbox. The plethora of security attacks that exploit flaws in the Java platform means that disallowing Java from browsers has long been recommended by security... --------------------------------------------- http://www.fiercecio.com/techwatch/story/java-7-update-offers-more-security… *** India Developing Its Own Secure Operating System *** --------------------------------------------- "According to The Times of India, 150 engineers from all across the country have already been working on the project for over one year and a half, but it will take another three before the operating systems can be rolled out. The director general of the DRDO has explained that India needs its own operating system to strengthen cyber security. He has emphasized that the current operating systems used in India, regardless whether theyre Windows or Linux-based, contain numerous security... --------------------------------------------- http://news.softpedia.com/news/India-Developing-Its-Own-Secure-Operating-Sy… *** Vuln: WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability *** --------------------------------------------- WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56988 *** Hook Analyser Malware Tool 2.2 *** --------------------------------------------- "Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. Changes: The UI and modules of the project have been re-written...." --------------------------------------------- http://packetstormsecurity.org/files/119087 *** PHP-CGI Argument Injection Remote Code Execution *** --------------------------------------------- Topic: PHP-CGI Argument Injection Remote Code Execution Risk: High Text:#!/usr/bin/python import requests import sys print """ CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution T... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/HMIGwX9uCpo/WLB-20… *** [remote] - IBM Lotus Notes Client URL Handler Command Injection *** --------------------------------------------- IBM Lotus Notes Client URL Handler Command Injection --------------------------------------------- http://www.exploit-db.com/exploits/23650 *** [remote] - Microsoft SQL Server Database Link Crawling Command Execution *** --------------------------------------------- Microsoft SQL Server Database Link Crawling Command Execution --------------------------------------------- http://www.exploit-db.com/exploits/23649 *** NVidia Display Driver Service (nvvsvc.exe) Exploit *** --------------------------------------------- Topic: NVidia Display Driver Service (nvvsvc.exe) Exploit Risk: High Text:/* NVidia Display Driver Service (Nsvr) Exploit - Christmas 2012 - Bypass DEP + ASLR + /GS + CoE = (@... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/RWnidJO9giU/WLB-20…

1 0

Tageszusammenfassung - Freitag 21-12-2012
by Daily end-of-shift report 21 Dec '12

21 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-12-2012 18:00 − Freitag 21-12-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout *** --------------------------------------------- Topic: WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout Risk: Low Text:*Summary = WordPress 3.4.2 fails to invalidate a user's sessions upon logout. WordPress was originally notified of... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/m7FLRoPAp58/WLB-20… *** HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Revalidation *** --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03577598 *** Vuln: Squid cachemgr.cgi Remote Denial of Service Vulnerability *** --------------------------------------------- Squid cachemgr.cgi Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56957 *** QNAP-NAS anfällig für cross-site-scripting (XSS) *** --------------------------------------------- Twitter-User @rootdial ist aufgefallen, dass in manchen Web-Anwendungen des QNAP-NAS nicht richtig geprüft wird, was übergeben wird. So ist z.B. die Photostation und die TVStation anfällig für XSS. --------------------------------------------- http://sdcybercom.wordpress.com/ *** CA20121220-01: Security Notice for CA IdentityMinder *** --------------------------------------------- CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands, manipulate data, or gain elevated access. CA Technologies has issued patches to address the vulnerability. --------------------------------------------- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FBA53B… *** VMWare posts some updates, (Fri, Dec 21st) *** --------------------------------------------- Just in the case the world doesnt come to a grinding halt today (end of Mayan calendar and all that).... .... VMWare has posted some updates that you might want to pay attention to over at:http://www.vmware.com/security/advisories/VMSA-2012-0018.html There are as many as 13 different CVEs covered in this update, so make sure, if you are affected, to patch! -- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.edu Creative --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14740&rss Next End-of-Shift report on 2012-12-27

1 0

Tageszusammenfassung - Donnerstag 20-12-2012
by Daily end-of-shift report 20 Dec '12

20 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 19-12-2012 18:00 − Donnerstag 20-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Sweet Orange Exploit Kit Offers Customers Higher Infection Rates *** --------------------------------------------- "The newly emerging Sweet Orange Exploit Kit boasts a 10 to 25 percent infection rate and is promising to drive 150,000 unique visitors per day to the websites of its customers, according to Jeff Doty and Chris Larsen of Blue Coat Security. If the claims of Sweet Oranges authors reflect reality, it means that users of the kit can expect to add anywhere between 15,000 and 37,500 machines to their botnet per day. Sweet Orange has 45 dedicated IP addresses and 267 unique domains, which Doty... --------------------------------------------- http://threatpost.com/en_us/blogs/sweet-orange-exploit-kit-offers-customers… *** MyBB MyYoutube Cross Site Scripting *** --------------------------------------------- Topic: MyBB MyYoutube Cross Site Scripting Risk: Low Text:# Exploit Title: MyYoutube MyBB Stored XSS # Date: 17.12.2012 # Exploit Author: limb0 # Vendor Homepage: http://www.mybb-es.... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/C8aZDfreDmo/WLB-20… *** MyBB Xbox Live ID Cross Site Scripting *** --------------------------------------------- Topic: MyBB Xbox Live ID Cross Site Scripting Risk: Low Text:# Exploit Title: Xbox Live ID MyBB Plugin Stored XSS # Date: 13/12/2012 # Exploit Author: limb0 # Vendor Homepage: http://ww... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/qUghUFk2MwE/WLB-20… *** Vuln: Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities *** --------------------------------------------- Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56906 *** Bugtraq: EMC Avamar: World writable cache files *** --------------------------------------------- EMC Avamar: World writable cache files --------------------------------------------- http://www.securityfocus.com/archive/1/525095 *** Apache plug-in doles out Zeus attack *** --------------------------------------------- Points victims to Sweet Orange exploit server, slurps banking credentials Anti-virus outfit Eset has discovered a malicious Apache module in the wild that serves up malware designed to steal banking credentials. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/20/apache_dang… *** SurgeFTP Remote Command Execution *** --------------------------------------------- Topic: SurgeFTP Remote Command Execution Risk: High Text:require msf/core class Metasploit3 --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/iwcAssIZcxo/WLB-20… *** Drupal Core 6.x & 7.x Access Bypass & Code Execution *** --------------------------------------------- Topic: Drupal Core 6.x & 7.x Access Bypass & Code Execution Risk: High Text:View online: http://drupal.org/SA-CORE-2012-004 * Advisory ID: DRUPAL-SA-CORE-2012-004 * Project: Drupal core [1] * ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/bLFpBaVeTdc/WLB-20… *** ENISA on Smart Grids: a Risk-Based Approach Is Key to Secure Implementation *** --------------------------------------------- "The European Network and Information Security Agency (ENISA) has released a new report to help smart grid providers properly secure their infrastructures against cyberattacks. The European Union hopes to achieve a 20% increase in renewable energy, a 20% reduction in CO2 emissions, and a 20% increase in energy efficiency by 2020. Smart grids can help a lot in achieving these goals, but they must be rolled out in a secure way...." --------------------------------------------- http://news.softpedia.com/news/ENISA-on-Smart-Grids-a-Risk-Based-Approach-I… *** Vuln: Zend Framework Zend_Feed Component Information Disclosure Vulnerabilities *** --------------------------------------------- Zend Framework Zend_Feed Component Information Disclosure Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56982 *** PGP, TrueCrypt-encrypted files CRACKED by £300 tool *** --------------------------------------------- Plod at the door? Better yank out that power cable ElcomSoft has built a utility that forages for encryption keys in snapshots of a PCs memory to decrypt PGP and TrueCrypt-protected data. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/20/elcomsoft_t… *** Sicherheitslücke in AMDs Catalyst-Control-Center *** --------------------------------------------- Eigentlich soll das Catalyst-Control-Center von AMD helfen die Treiber für Grafikkarten so aktuell wie möglich zu halten - über ein Ausnutzen der Update-Benachrichtigung kann vermutlich ein manipulierter Treiber untergejubelt werden. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/26cbb061/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Mittwoch 19-12-2012
by Daily end-of-shift report 19 Dec '12

19 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-12-2012 18:00 − Mittwoch 19-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** The Only 2013 Cybersecurity Predictions List You Need to Read *** --------------------------------------------- "Please, allow me to save you some time reading all of those Top 10 Cybersecurity Threats of 2013 lists from journalists, bloggers, analysts, vendors and other crackpots. Nearly all of them will include the 10 following threats, in varying orders:The Cloud Lots of vulnerabilities out there. BYOD/Mobile malware Its a problem dealing with all these devices...." --------------------------------------------- http://blogs.cio.com/security/17647/only-2013-cybersecurity-predictions-lis… *** 1-15 December 2012 Cyber Attacks Timeline *** --------------------------------------------- "Christmas is coming quickly, we have just passed the first half of December, and hence its time for the first update of the Cyber Attacks Timeline for December. The Team GhostShell has decided to close the year with a clamorous Cyber Attack, and hence,as part of the project ProjectWhiteFox, has leaked 1. 6 million of accounts from several organizations all over the world...." --------------------------------------------- http://hackmageddon.com/2012/12/17/1-15-december-2012-cyber-attack-timeline/ *** Enterpriser16 LB 7.1 Cross Site Scripting *** --------------------------------------------- Topic: Enterpriser16 LB 7.1 Cross Site Scripting Risk: Low Text:Title: Enterpriser16 LB v7.1 - Multiple Web Vulnerabilities Date: == 2012-12-12 References: == http://ww... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Pv935OaGGFY/WLB-20… *** [webapps] - SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability *** --------------------------------------------- SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability --------------------------------------------- http://www.exploit-db.com/exploits/23498

1 0

Tageszusammenfassung - Dienstag 18-12-2012
by Daily end-of-shift report 18 Dec '12

18 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 17-12-2012 18:00 − Dienstag 18-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/56846 *** Vuln: Symantec Network Access Control CVE-2012-4349 Local Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/56847 *** Vuln: TWiki Multiple Security Vulnerabilities *** --------------------------------------------- TWiki Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56950 *** Reminder: Java 6 end-of-live February 2013 , (Mon, Dec 17th) *** --------------------------------------------- Reader Josh reports that while downloading the latest version of Java 6 (version 37) from Oracles website he received a reminder from Oracle that Java 6 will reach end of life in February 2013. After February 2013 security updates will only be available to customer who purchase extended support contracts. If you havent already done so, now is a good time to mark your calendars for this upgrade. More details are available here: http://www.oracle.com/technetwork/java/javase/eol-135779.html --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14719&rss *** Bugtraq: IPv6 Neighbor Discovery security (new documents) *** --------------------------------------------- IPv6 Neighbor Discovery security (new documents) --------------------------------------------- http://www.securityfocus.com/archive/1/525063 *** Cyber Security Bulletin (SB12-352) - Vulnerability Summary for the Week of December 10, 2012 *** --------------------------------------------- "The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability... --------------------------------------------- http://www.us-cert.gov/cas/bulletins/SB12-352.html *** Carberp-in-the-Mobile found on Google Play *** --------------------------------------------- "Everybody knows (or should know) that downloading apps from third party online markets is dangerous, but even official markets such as Google Play cant be considered completely safe, as time and time again malware peddlers succeed at fooling its defenses and upload malware for download, masquerading as games and other popular apps. Kaspersky Lab researchers have recently discovered a slew of apps carrying the Carberp-in-the-Mobile (CitMo) component that allows criminals to steal mobile... --------------------------------------------- http://www.net-security.org/malware_news.php?id=2362 *** Lookout Predicts 18 Million Android Malware Infections by End of 2013 *** --------------------------------------------- "Lookout Mobile Security recently published its mobile threat predictions for 2013, anticipating that 18 million Android users will encounter mobile malware between the beginning of 2012 and the end of 2013."The likelihood that new Lookout users will encounter malware or spyware is heavily dependent on their geography and behavior, varying from 0. 20 percent in Japan to 0. 40 percent in the US and as high as 34...." --------------------------------------------- http://www.esecurityplanet.com/mobile-security/lookout-predicts-18-million-… *** Trojan Upclicker malware infecting PCs via mouse input *** --------------------------------------------- "Windows PC owners be warned theres a new strain of malware out there that befuddles users into helping it accomplish its dirty deeds via mouse clicks. Dubbed "Trojan Upclicker" by the FireEye Malware Intelligence Lab researchers who identified it, this elusive bit of malicious code is purpose-built to evade identification by the automated analysis systems used by many anti-virus vendors. FireEye researchers Abhishek Singh and Yasir Khalid noted that Trojan Upclicker is a variant... --------------------------------------------- http://www.itproportal.com/2012/12/17/trojan-upclicker-malware-infecting-pc… *** EU to propose mandatory reporting of cyber incidents *** --------------------------------------------- "The European Union may force companies operating critical infrastructure in areas such as banking, energy and stock exchanges to report major online attacks and reveal security breaches, according to draft report by the European Commission. The European Commission is due to present a proposal on cybersecurity in February once it has received feedback from the European Parliament and EU countries. The proposal was initially announced in May for the third quarter this year but has been... --------------------------------------------- http://www.euractiv.com/infosociety/eu-propose-mandatory-reporting-c-news-5…

1 0

Tageszusammenfassung - Montag 17-12-2012
by Daily end-of-shift report 17 Dec '12

17 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-12-2012 18:00 − Montag 17-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: MyBB DyMy User Agent Plugin SQL Injection Vulnerability *** --------------------------------------------- MyBB DyMy User Agent Plugin SQL Injection Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56931 *** Bugtraq: Wordpress Pingback Port Scanner *** --------------------------------------------- Wordpress Pingback Port Scanner --------------------------------------------- http://www.securityfocus.com/archive/1/525045 *** Bugtraq: DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) *** --------------------------------------------- DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) --------------------------------------------- http://www.securityfocus.com/archive/1/525044 *** ENISA - Introduction to Return on Security Investment *** --------------------------------------------- "As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention...." --------------------------------------------- http://www.enisa.europa.eu/activities/cert/other-work/introduction-to-retur… *** Foswiki Remote code execution and other vulnerabilities in MAKETEXT *** --------------------------------------------- Topic: Foswiki Remote code execution and other vulnerabilities in MAKETEXT Risk: High Text: + Security Alert: Code injection vulnerability in MAKETEXT macro, Denial of Service vulnerability in MAKETEXT macro. This ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/8WkKh9Nz_ZM/WLB-20… *** Eurograbber: A Smart Trojan Attack - Hackers Methods Reveal Banking Know-How *** --------------------------------------------- "The Eurograbber banking Trojan is an all-in-one hit, researchers say. It successfully compromises desktops and mobile devices, and has gotten around commonly used two-factor authentication practices in Europe. How can banking institutions defend themselves and their customers against this super-Trojan attack?..." --------------------------------------------- http://www.bankinfosecurity.com/eurograbber-smart-trojan-attack-a-5359?rf=2…

1 0

Tageszusammenfassung - Freitag 14-12-2012
by Daily end-of-shift report 14 Dec '12

14 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 13-12-2012 18:00 − Freitag 14-12-2012 18:00 Handler: Christian Wojner Co-Handler: n/a *** Internet Explorer rats out the mouse - Update *** --------------------------------------------- "Company Spider. io warns that Internet Explorer allows a users mouse position to be determined even if the mouse cursor is located outside of the browser window or the browser window isnt being displayed at all either because it is minimised or the user has switched to view another tab or window. This is potentially dangerous because it enables web pages to intercept sensitive data that is being entered via virtual keyboards and virtual keypads, say the researchers...." --------------------------------------------- http://www.h-online.com/security/news/item/Internet-Explorer-rats-out-the-m… *** Bugtraq: Addressbook v8.1.24.1 Group Name XSS *** --------------------------------------------- Addressbook v8.1.24.1 Group Name XSS --------------------------------------------- http://www.securityfocus.com/archive/1/525027 *** New Trojan attempts SMS fraud on OS X users *** --------------------------------------------- "The Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud. The new malware is a Trojan horse, dubbed "Trojan. SMSSend...." --------------------------------------------- http://news.cnet.com/8301-1009_3-57558780-83/new-trojan-attempts-sms-fraud-… *** Apple updates OS X malware definitions for new fake-installer/SMS trojan *** --------------------------------------------- "MacRumors noted today that Apple is utilizing the automatic daily checks for malware definitions it implemented last year to block an OS X trojan horse discovered earlier this week. The trojan was originally detailed in a blog post on Dr. Web. Known as TrojanSMSSend...." --------------------------------------------- http://9to5mac.com/2012/12/13/apple-updates-os-x-malware-definitions-for-ne… *** Backdoor Found at NDIS Level *** --------------------------------------------- "It is one thing to have a piece of malware that can focus on targeted attacks, but it is quite another to have it also be nearly invisible. That is just what a variant of the Exforel backdoor malware, VirTool:WinNT/Exforel. A, is able to do, said researchers at Microsofts Malware Protection Center...." --------------------------------------------- http://www.isssource.com/backdoor-found-at-ndis-level/ *** New Attacks from Gameover Gang *** --------------------------------------------- "Millions of emails, which pose as coming from major U.S. banks, are spamming out, according to Dell SecureWorks Counter Threat Unit. The fake but convincing-looking emails appeal to a more security-minded banking customer: You have received a new encrypted message or a secure message from [XYZ] Bank, one of the email campaigns said, noting the bank has set up a secure email exchange for its customers as a way to allay privacy and security concerns. The message includes an infected --------------------------------------------- http://www.isssource.com/new-attacks-from-gameover-gang/ *** Yet another eavesdrop vulnerability in Cisco phones *** --------------------------------------------- Security groundhog day A university student presenting at the Amphion Forum has demonstrated turning a Cisco VoIP phone into a listening device, even when it's on the hook. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/13/cisco_voip_… *** Dexter malware targets point of sale systems worldwide *** --------------------------------------------- "You could be getting more than you bargained for when you swipe your credit card this holiday shopping season, thanks to new malware that can skim credit card info from compromised point-of-sale (POS) systems. First spotted by security firm Seculert, the malware dubbed "Dexter" is believed to have infected hundreds of POS systems in 40 countries worldwide in recent months. Companies targeted include retailers, hotel chains, restaurants, and private parking providers...." --------------------------------------------- http://www.theregister.co.uk/2012/12/14/dexter_malware_targets_pos_systems/ *** Top 7 security predictions for 2013 *** --------------------------------------------- "A seismic shift in who controls the Internet? Another Mac malware outbreak? Your smart TV being highjacked for a DDoS attack?..." --------------------------------------------- http://www.net-security.org/secworld.php?id=14120 *** [DNB] Joomla, WordPress Sites Hit by IFrame Injection Attacks *** --------------------------------------------- '....Users of the popular Joomla content management system are being urged by security experts to upgrade to the latest version after reports of exploits being used to compromise websites built on the platform......' --------------------------------------------- https://threatpost.com/en_us/blogs/joomla-wordpress-sites-hit-iframe-inject…

1 0

Tageszusammenfassung - Donnerstag 13-12-2012
by Daily end-of-shift report 13 Dec '12

13 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 12-12-2012 18:00 − Donnerstag 13-12-2012 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Researchers uncover Tor-powered Skynet botnet *** --------------------------------------------- "Rapid7 researchers have recently unearthed an unusual piece of malware that turned out to be crucial to the formation of an elusive botnet - dubbed Skynet by the researchers - whose existence has been documented in a very popular Reddit "I Am A" thread. The Trojan in question has DDoS and Bitcoin-mining capabilities, but its main function is to steal banking credentials. The botnet operator spreads the malware via the Usenet discussion forum, which is also a popular platform for... --------------------------------------------- http://www.net-security.org/malware_news.php?id=2357 *** "Dexter" malware steals credit card data from point-of-sale terminals *** --------------------------------------------- "A researcher has uncovered new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and other businesses. Dexter, as the malware is called, has infected hundreds of point-of-sale computers at big-name retailers, hotels, restaurants, and other businesses, according to a report issued by Aviv Raff, chief technology officer of Israel-based security firm Seculert. Businesses infected in the past three months are located in 40 different countries, with 30... --------------------------------------------- http://arstechnica.com/security/2012/12/dexter-malware-steals-credit-card-d… *** New Findings Lend Credence to Project Blitzkrieg *** --------------------------------------------- "Project Blitzkrieg," a brazen Underweb plan for hiring 100 botmasters to fuel a blaze of ebanking heists against 30 U.S. financial institutions in the Spring of 2013, was met with skepticism from some in the security community after news of the scheme came to light in October. Many assumed it was a law enforcement sting, or merely the ramblings of a wannabe criminal mastermind. But new research suggests the crooks who hatched the plan were serious and have painstakingly built up a... --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/RgJgMJ51mKo/ *** Cybersecurity company using hackers own devices against them *** --------------------------------------------- "A California cybersecurity start-up, marketing itself as a private cyber intelligence agency, works to identify foreign attackers who are attempting to steal corporate secrets; it does so by using the attackers own techniques and vulnerabilities against them; the company also collects data on hackers and tricks intruders into stealing false information Shawn Henry, the head of the FBI cyber crimes division, this year left agency after twenty-four years to become the president CrowdStrike,... --------------------------------------------- http://www.homelandsecuritynewswire.com/dr20121213-cybersecurity-company-us… *** Facebook Security, FBI Take Down Butterfly Botnet, Arrest 10 *** --------------------------------------------- "Facebooks security team is being lauded by the FBI for its role the arrest of 10 individuals accused of spreading banking malware on the social networking site and collecting more than $850 million from fraudulent transactions. The arrests were carried out yesterday in the U.S., U.K., the Balkans, South America and New Zealand in connection with spreading the Yahos malware on Facebook from 2010 to this October. Yahos compromised more than 11 million computers, the FBI said...." --------------------------------------------- http://threatpost.com/en_us/blogs/facebook-security-fbi-take-down-butterfly…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily