Daily November 2013

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - Freitag 15-11-2013
by Daily end-of-shift report 15 Nov '13

15 Nov '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 14-11-2013 18:00 − Freitag 15-11-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Blog: The rush for CVE-2013-3906 - a hot commodity *** --------------------------------------------- Two days ago FireEye reported that the recent CVE-2013-3906 exploit has begun to be used by new threat actors other than the original ones. The new infected documents share similarities with previously detected exploits but carry a different payload. This time these exploits are being used to deliver Taidoor and PlugX backdoors, according to FireEye. --------------------------------------------- http://www.securelist.com/en/blog/208214158/The_rush_for_CVE_2013_3906_a_ho… *** CVE-2012-1889 is still alive! *** --------------------------------------------- In Zscaler´s daily scanning, we identified an instance where CVE-2012-1889 (MSXML Uninitialized Memory Corruption Vulnerability) is still alive. Lets take a look. --------------------------------------------- http://research.zscaler.com/2013/11/cve-2012-1889-is-still-alive.html *** Febipos for Internet Explorer *** --------------------------------------------- In a previous blog post we discussed Trojan:JS/Febipos.A, a malicious browser extension that targets the Facebook profiles of Google Chrome and Mozilla Firefox users. We recently came across a new Febipos sample that was specifically developed for Internet Explorer - we detect it as Trojan:Win32/Febipos.B!dll. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2013/11/14/febipos-for-internet-exp… *** Linux backdoor squirts code into SSH to keep its badness buried *** --------------------------------------------- Fokirtor! It LOOKED like legitimate traffic... Security researchers have discovered a Linux backdoor that uses a covert communication protocol to disguise its presence on compromised systems. --------------------------------------------- http://www.theregister.co.uk/2013/11/15/stealthy_linux_backdoor/ *** Mobile Pwn2Own: Internet Explorer 11 geknackt, Chrome schon geflickt *** --------------------------------------------- Die von Pinkie Pie benutzte Chrome-Lücke wurde von Google mittlerweile geschlossen. Forscher der Zero Day Initiative gelang es unterdessen, Internet Explorer 11 auf einem Surface Pro zu übernehmen. --------------------------------------------- http://www.heise.de/security/meldung/Mobile-Pwn2Own-Internet-Explorer-11-ge… *** Blog: AutoCAD - new platform for start page Trojans *** --------------------------------------------- In China, start page Trojans have become a popular type of malware because by changing users´ browser start pages to point to some navigation site, the owner of the site can get a large amount of web traffic which can then be converted into large sums of money. In order to spread such Trojans as broadly as possible, Trojan authors have even turned their sights to AutoCAD. --------------------------------------------- http://www.securelist.com/en/blog/8141/AutoCAD_new_platform_for_start_page_… *** Research Into BIOS Attacks Underscores Their Danger *** --------------------------------------------- For three years, Dragos Ruiu has attempted to track down a digital ghost in his network, whose presence is only felt in strange anomalies and odd system behavior. The anomalies ranged from system instability, to "bricked" USB sticks and data seemingly modified on the fly, according to online posts. --------------------------------------------- http://www.darkreading.com/advanced-threats/research-into-bios-attacks-unde… *** Eight Security Predictions for 2014 *** --------------------------------------------- 2013 was not an easy year in cybersecurity and we expect 2014 attacks will be even more complex. In a new report out today, Websense Security Labs researchers collectively outlined eight predictions and recommendations for 2014. --------------------------------------------- http://community.websense.com/blogs/securitylabs/archive/2013/11/14/eight-s… *** The Security Impact of HTTP Caching Headers, (Fri, Nov 15th) *** --------------------------------------------- Earlier this week, an update for Media-Wiki fixed a bug in how it used caching headers. The headers allowed authenticated content to be cached, which may lead to sessions being shared between users using the same proxy server. I think this is a good reason to talk a bit about caching in web applications and why it is important for security. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17033&rss *** Google Chrome for Android Multiple Memory Corruption Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/55744 *** Nagios XI "tfPassword" SQL Injection Vulnerability *** --------------------------------------------- https://secunia.com/advisories/55695 *** VMSA-2013-0013 *** --------------------------------------------- VMware Workstation host privilege escalation vulnerability --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2013-0013.html *** Cisco IOS CSG Parse Error Drop Function Flaw Lets Remote Users Bypass Access Controls *** --------------------------------------------- http://www.securitytracker.com/id/1029342 *** Cisco ASA IPv6 NAT Bug Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1029341 *** mod_nss FakeBasicAuth authentication bypass *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013110110 *** APPLE-SA-2013-11-14-1 iOS 7.0.4 *** --------------------------------------------- http://prod.lists.apple.com/archives/security-announce/2013/Nov/msg00000.ht… *** Security Bulletin: IBM Platform Cluster Manager Standard Edition (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 CVE-2013-4310) *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…

1 0

Tageszusammenfassung - Donnerstag 14-11-2013
by Daily end-of-shift report 14 Nov '13

14 Nov '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 13-11-2013 18:00 − Donnerstag 14-11-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Stanford Metaphone Project Aims to Show Dangers of Metadata Collection *** --------------------------------------------- When the first NSA surveillance story broke in June, about the agency´s collection of phone metadata from Verizon, most people likely had never heard the word metadata before. Even some security and privacy experts weren´t sure what the term encompassed, and now a group of security researchers at Stanford have started a new project to collect data from Android users to see exactly how much information can be drawn from the logs of phone calls and texts. --------------------------------------------- http://threatpost.com/stanford-metaphone-project-aims-to-show-dangers-of-me… *** Thunderbird gibt falschem Absender das Echtheits-Siegel *** --------------------------------------------- Eigentlich sollen digitale Signaturen sicherstellen, dass man sich auf den Absender einer E-Mail verlassen kann. Allerdings stellt sich Thunderbird im Umgang mit signierten E-Mails so ungeschickt an, dass man falsche Absender vortuschen kann. --------------------------------------------- http://www.heise.de/security/meldung/Thunderbird-gibt-falschem-Absender-das… *** Unusual BHEK-Like Spam With Attachment Found *** --------------------------------------------- Soon after Paunch was arrested, we found that the flow of spam campaigns going to sites with the Blackhole Exploit Kit (BHEK) had slowed down considerably. Instead, we saw an increase in messages with a malicious attachment. Recently, however, we came across rather unusual spam samples that combines characteristics of both attacks. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/unusual-bhek-lik… *** Mobile Pwn2Own: Galaxy S4 und iOS gehackt *** --------------------------------------------- Am ersten Tag des Wettbewerbs Mobile Pwn2Own in Tokio wurde auf Samsungs Galaxy S4 eine Sicherheitslücke gezeigt, die es ermöglicht, beliebige Apps zu installieren. Chinesische Hacker zeigten Schwachstellen in Safari unter iOS 6.1.4 und 7.0.3. --------------------------------------------- http://www.heise.de/security/meldung/Mobile-Pwn2Own-Galaxy-S4-und-iOS-gehac… *** Analysis: IT Threat Evolution: Q3 2013 *** --------------------------------------------- IT Threat Evolution: Q3 2013 Targeted Attacks / APT Malware Stories Web security and data breaches Mobile malware --------------------------------------------- http://www.securelist.com/en/analysis/204792312/IT_Threat_Evolution_Q3_2013 *** A-DOH!-BE hack: Facebook warns users whose logins were spilled *** --------------------------------------------- Facebook is using a list of hacked Adobe accounts posted by the miscreants themselves to warn its own customers about password reuse. --------------------------------------------- http://www.theregister.co.uk/2013/11/14/facebook_adobe_password_leak_warnin… *** New OSX/Crisis or Business Cards Gone Wild *** --------------------------------------------- In these days of computer conspiracies, the Mac is not left out. A new variant of Remote Control System, Hacking Team´s spyware, landed on VirusTotal with a detection rate of 0 out of 47 scanners. RCS, also known as OSX/Crisis, is an expensive rootkit used by governments during targeted attacks. --------------------------------------------- http://www.intego.com/mac-security-blog/new-osx-crisis-business-cards-gone-… *** Cracked.com Serving Malware in Drive-By Downloads *** --------------------------------------------- The popular humor website, Cracked[dot]com reportedly hosted malware that infected the machines of of its visitors over the weekend and may still be doing so, according to Barracuda Labs research. --------------------------------------------- http://threatpost.com/cracked-com-serving-malware-in-drive-by-downloads/102… *** eGroupware HTML File Uploads Script Insertion Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54368 *** LastPass Android Container PIN / Auto-Wipe Bypass *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013110101 *** IBM Multiple Storage Products Apache Struts Security Bypass Vulnerability *** --------------------------------------------- https://secunia.com/advisories/55706 *** SA-CONTRIB-2013-091 - Groups, Communities and Co (GCC) - Access Bypass *** --------------------------------------------- Remote Vulnerability: Access bypassDescriptionThis module enables you to manage groups and assign content and users to groups.The module doesnt sufficiently check permissions to some of the configuration pages allowing unprivileged users to access the roles and permissions pages of the GCC module.CVE --------------------------------------------- https://drupal.org/node/2135267 *** SA-CONTRIB-2013-090 - Revisioning - Access Bypass *** --------------------------------------------- Remote Vulnerability: Access bypassDescriptionThis module enables you to create content publication workflows whereby one version of the content is "live" (publicly visible), while another is being edited and moderated privately until found fit for publication.The module doesnt sufficiently apply node access permissions --------------------------------------------- https://drupal.org/node/2135257

1 0

Tageszusammenfassung - Mittwoch 13-11-2013
by Daily end-of-shift report 13 Nov '13

13 Nov '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 12-11-2013 18:00 − Mittwoch 13-11-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Summary for November 2013 - Version: 1.0 *** --------------------------------------------- This bulletin summary lists security bulletins released for November 2013. With the release of the security bulletins for November 2013, this bulletin summary replaces the bulletin advance notification originally issued November 7, 2013. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-nov *** Blog: Sinkholing the Hlux/Kelihos botnet - what happened? *** --------------------------------------------- Back in March 2012 we teamed up with Crowdstrike, the Honeynet Project and Dell SecureWorks in disabling the second version of the Hlux/Kelihos-Botnet. Now we thought it would be a good time for an update on what has happened to that sinkhole-server over the last 19 months. --------------------------------------------- http://www.securelist.com/en/blog/208214147/Sinkholing_the_Hlux_Kelihos_bot… *** Microsoft Warns Customers Away From SHA-1 and RC4 *** --------------------------------------------- The RC4 and SHA-1 algorithms have taken a lot of hits in recent years, with new attacks popping up on a regular basis. Many security experts and cryptographers have been recommending that vendors begin phasing the two out, and Microsoft on Tuesday said that is now recommending to developers that they deprecate RC4 and stop using the SHA-1 hash algorithm. --------------------------------------------- http://threatpost.com/microsoft-warns-customers-away-from-sha-1-and-rc4/102… *** Introducing Enhanced Mitigation Experience Toolkit (EMET) 4.1 *** --------------------------------------------- In June 2013, we released EMET 4.0 and customer response has been fantastic. Many customers across the world now include EMET as part of their defense-in-depth strategy and appreciate how EMET helps businesses prevent attackers from gaining access to computers systems. Today, we´re releasing a new version, EMET 4.1, with updates that simplify configuration and accelerate deployment. --------------------------------------------- http://blogs.technet.com/b/srd/archive/2013/11/12/introducing-enhanced-miti… *** Adobe Patches Flash, ColdFusion Flaws Unrelated to Breach *** --------------------------------------------- Adobe patched critical vulnerabilities in its Flash Player and ColdFusion Web application server; the company said the bugs are unrelated to the recent breach and source code theft. --------------------------------------------- http://threatpost.com/adobe-patches-flash-coldfusion-flaws-unrelated-to-bre… *** Simulated attacks give London banks a trial run in readiness *** --------------------------------------------- The planned event, called "Waking Shark II," marks the second year the city of London had participated in the security preparedness exercises. --------------------------------------------- http://www.scmagazine.com//simulated-attacks-give-london-banks-a-trial-run-… *** November Patch Tuesday Addresses New IE Zero-Day Exploit, But TIFF Vulnerability Still Unpatched *** --------------------------------------------- It´s worth noting that another recent TIFF-related zero-day that we discussed has not been patched as part of this month´s update, so the recommendations and work-arounds that were suggested at that time remain in effect. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/november-patch-t… *** Malicious multi-hop iframe campaign affects thousands of Web sites, leads to a cocktail of client-side exploits *** --------------------------------------------- Sharing is caring. In this post, I´ll put the spotlight on a currently circulating, massive - thousands of sites affected - malicious iframe campaign, that attempts to drop malicious software on the hosts of unaware Web site visitors through a cocktail of client-side exploits. The campaign, featuring a variety of evasive tactics making it harder to analyze, continues to efficiently pop up on thousands of legitimate Web sites. --------------------------------------------- http://www.webroot.com/blog/2013/11/13/malicious-multi-hop-iframe-campaign-… *** Cross-site scripting vulnerabilities in EMC Documentum eRoom *** --------------------------------------------- Due to improper input validation, Documentum eRoom suffers from multiple cross-site scripting vulnerabilities, which allow an attacker to steal other users sessions, to impersonate other users and to gain unauthorized access to documents hosted in eRooms. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** BlackBerry Patches Remote Access Feature Vulnerable to Exploit *** --------------------------------------------- BlackBerry patched two serious vulnerabilities in its BlackBerry Link product. --------------------------------------------- http://threatpost.com/blackberry-patches-remote-access-feature-vulnerable-t… *** cPanel Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/55478 *** Red Hat Network Satellite Server Grants Administrative Access to Remote Users *** --------------------------------------------- http://www.securitytracker.com/id/1029331 *** JunOS 11.4 Cross Site Scripting *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013110085 *** FortiAnalyzer 5.0.4 - CSRF Vulnerability *** --------------------------------------------- http://www.exploit-db.com/exploits/29550 *** Security Bulletin: Potential Security Vulnerability fixed in WebSphere Virtual Enterprise (CVE-2013-5425) *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pot…

1 0

Tageszusammenfassung - Dienstag 12-11-2013
by Daily end-of-shift report 12 Nov '13

12 Nov '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 11-11-2013 18:00 − Dienstag 12-11-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** ActiveX Control issue being addressed in Update Tuesday *** --------------------------------------------- Late last Friday, November 8, 2013, a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publically disclosed. We have confirmed that this vulnerability is an issue already scheduled to be addressed in 'Bulletin 3', which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS). --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-be… *** Samsung, Nokia say they don´t know how to track a powered-down phone *** --------------------------------------------- Back in July 2013, The Washington Post reported that nearly a decade ago, the National Security Agency developed a new technique that allowed spooks to find cellphones even when they were turned off. --------------------------------------------- http://arstechnica.com/security/2013/11/samsung-nokia-say-they-dont-know-ho… *** Chinese Bitcoin exchange shutters, taking £2.5 MEEELION *** --------------------------------------------- Another one Bits the dust... Chinese Bitcoin exchange GBL has shut down, taking with it over 25 million yuan ($US4.1m) of investors´ money, in another warning to those who don't look before they leap with the digital currency. --------------------------------------------- http://www.theregister.co.uk/2013/11/12/bitcoin_gbl_hong_kong_collapse/ MSRT November 2013 - Napolar --------------------------------------------- We first noticed the new family we named Win32/Napolar being distributed in the wild in early August this year. It quickly became a big problem on our customers´ machines. Napolar is one of two families targeted by the Malicious Software Removal Tool (MSRT) this month. The other is the bitcoin mining family Win32/Deminnix. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2013/11/12/msrt-november-2013-napol… *** GCHQ Used Fake LinkedIn Pages to Target Engineers *** --------------------------------------------- The Belgacom employees probably thought nothing was amiss when they pulled up their profiles on LinkedIn, the professional networking site. The pages looked the way they always did, and they didnt take any longer than usual to load. --------------------------------------------- http://www.spiegel.de/international/world/ghcq-targets-engineers-with-fake-… *** Smartphone PIN revealed by camera and microphone *** --------------------------------------------- The PIN for a smartphone can be revealed by its camera and microphone, researchers have warned. Using a programme called PIN Skimmer a team from the University of Cambridge found that codes entered on a number-only soft keypad could be identified. --------------------------------------------- http://www.bbc.co.uk/news/technology-24897581 *** A Peek Inside a Customer-ized API-enabled DIY Online Lab for Generating Multi-OS Mobile Malware *** --------------------------------------------- The exponential growth of mobile malware over the last couple of years, can be attributed to a variety of growth factors, the majority of which continue playing an inseparable role in the overall success and growth of the cybercrime ecosystem in general. --------------------------------------------- http://ddanchev.blogspot.co.uk/2013/11/a-peek-inside-customer-ized-api-enab… *** Cyber Attack on Finland is a Warning for the EU *** --------------------------------------------- A highly sophisticated multi-year cyber attack targeting Finland´s diplomatic communications is likely to have been replicated against other EU and Western countries. --------------------------------------------- http://www.chathamhouse.org/media/comment/view/195392? *** Selfish Miners Could Exploit P2P Nature of Bitcoin Network *** --------------------------------------------- While researchers and academics are just at the beginning of the process of trying to judge the value of a recent paper on a vulnerability in the Bitcoin protocol, some are arguing that there is a smaller point that´s being missed in all of the back and forth: There is a problem with the peer-to-peer set-up of the Bitcoin network that could be exploited for profit. --------------------------------------------- http://threatpost.com/selfish-miners-could-exploit-p2p-nature-of-bitcoin-ne… *** Vuln: strongSwan CVE-2013-6075 Authorization Security Bypass and Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/63489 *** FOSCAM IP-Cameras SSID cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/88629 *** Belkin NetCam Wifi Camera Hardcoded Credentials *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013110079 *** WordPress Curvo Themes - Arbitrary code execution *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013110081

1 0

Tageszusammenfassung - Montag 11-11-2013
by Daily end-of-shift report 11 Nov '13

11 Nov '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 08-11-2013 18:00 − Montag 11-11-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** New IE Zero-Day found in Watering Hole Attack *** --------------------------------------------- FireEye Labs has identified a new IE zero-day exploit hosted on a breached website based in the U.S. It´s a brand new IE zero-day that compromises anyone visiting a malicious website; classic drive-by download attack. The exploit leverages a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution. --------------------------------------------- http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-wate… FOLLOW-UP: *** Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method *** --------------------------------------------- Recently, we discovered a new IE zero-day exploit in the wild, which has been used in a strategic Web compromise. Specifically, the attackers inserted this zero-day exploit into a strategically important website, known to draw visitors that are likely interested in national and international security policy. --------------------------------------------- http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephe… *** No Patch Tuesday update for Microsoft zero-day vulnerability *** --------------------------------------------- Microsoft is preparing eight fixes for next weeks upcoming Nov. 12 Patch Tuesday, but an update to a recently discovered zero-day vulnerability is not one of them. --------------------------------------------- http://www.scmagazine.com/no-patch-tuesday-update-for-microsoft-zero-day-vu… *** Case Study: Analyzing a WordPress Attack - Dissecting the webr00t cgi shell - Part I *** --------------------------------------------- November 1st started like any other day on the web. Billions of requests were being shot virtually between servers in safe and not so safe attempts to access information. After months of waiting, finally one of those not so safe request hit one of our honeypots. --------------------------------------------- http://blog.sucuri.net/2013/11/case-study-analyzing-a-wordpress-attack-diss… *** CryptoLocker Emergence Connected to Blackhole Exploit Kit Arrest *** --------------------------------------------- The past few weeks have seen the ransomware CryptoLocker emerge as a significant threat for many users. Our monitoring of this threat has revealed details on how it spreads, specifically its connection to spam and ZeuS. However, it looks there is more to the emergence of this thread than initially discovered. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/cryptolocker-eme… *** October 2013 virus activity overview *** --------------------------------------------- November 5, 2013 Mid-autumn 2013 was marked by an upsurge in the number of encryption Trojans: hundreds of users whose systems were compromised by encoders contacted Doctor Webs support service in October. Also discovered were new malicious programs for Android, which has long been targeted by intruders. Viruses Statistics collected in October by Dr.Web CureIt! indicate that the downloader Trojan.LoadMoney.1 tops the list of detected threats. --------------------------------------------- http://news.drweb.com/show/?i=4052&lng=en&c=9 *** Supertrojaner BadBIOS: Unwahrscheinlich, aber möglich *** --------------------------------------------- Der Sicherheitsforscher Dragos Ruiu behauptet, auf seinen Rechnern wüte ein im BIOS verankerter Supertrojaner, der auch ohne Netzanschluss kommuniziert. Es mehren sich skeptische Stimmen - technisch unmöglich ist Malware wie BadBIOS jedoch nicht. --------------------------------------------- http://www.heise.de/security/meldung/Supertrojaner-BadBIOS-Unwahrscheinlich… *** Hintergrund: ENISA-Empfehlungen zu Krypto-Verfahren *** --------------------------------------------- Die oberste, europäische Sicherheitsbehörde, die ENISA gibt Empfehlungen zu Algorithmen und Schlüssellängen. --------------------------------------------- http://www.heise.de/security/artikel/ENISA-Empfehlungen-zu-Krypto-Verfahren… *** Learn to Pentest SAP with Metasploit As ERP Attacks Go Mainstream *** --------------------------------------------- This month, a security researcher disclosed that a version of the old banking Trojan 'Trojan.ibank' has been modified to look for SAP GUI installations, a concerning sign that SAP system hacking has gone into mainstream cybercrime. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/11/11/learn-to-… *** Erweiterungen für Googles Webbrowser Chrome nur noch aus offiziellem Store *** --------------------------------------------- Google will Windows-Anwender besser vor Malware schützen. Chrome-Versionen für andere Plattformen sind von der Maßnahme nicht betroffen. --------------------------------------------- http://www.heise.de/security/meldung/Erweiterungen-fuer-Googles-Webbrowser-… *** Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability *** --------------------------------------------- http://www.exploit-db.com/exploits/29519 *** Debian Security Advisory DSA-2793 libav *** --------------------------------------------- http://www.debian.org/security/2013/dsa-2793 *** Redaxo 4.5 CMS Vulnerabilities *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013110070 *** Bugtraq: Belkin WiFi NetCam video stream backdoor with unchangeable admin/admin credentials *** --------------------------------------------- http://www.securityfocus.com/archive/1/529722 *** D-Link Router 2760N Multiple XSS *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013110075 *** Security Bulletin: IBM WebSphere Portal vulnerable to URL Manipulation CVE-2013-5454 PM99205 *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Security Bulletin: Multiple vulnerabilities in Security AppScan Enterprise (CVE-2013-5453, CVE-2013-5450) *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…

1 0

Tageszusammenfassung - Freitag 8-11-2013
by Daily end-of-shift report 08 Nov '13

08 Nov '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 07-11-2013 18:00 − Freitag 08-11-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Advance Notification for November 2013 - Version: 1.0 *** --------------------------------------------- This is an advance notification of security bulletins that Microsoft is intending to release on November 12, 2013. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-nov *** Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release *** --------------------------------------------- Today, we're providing advance notification for the release of eight bulletins, three Critical and five Important, for November 2013. The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows, and the Important updates address issues in Windows and Office. While this release won't include an update for the issue first described in Security Advisory 2896666, we'd like to tell you a bit more about it. We're working to develop a security update... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/11/07/clarification-on-securit… *** Exploits of critical Microsoft zero day more widespread than thought *** --------------------------------------------- At least two hacker gangs exploit TIFF vulnerability to hijack users computers. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/6hCE3JS8yQI/story01… *** Despite patches, Supermicros IPMI firmware is far from secure, researchers say *** --------------------------------------------- The IPMI in Supermicro motherboards has vulnerabilities that can give attackers unuathorized access to servers, Rapid7 researchers said --------------------------------------------- http://www.csoonline.com/article/742836/despite-patches-supermicro-39-s-ipm… *** PCI council publishes updated payment security standards *** --------------------------------------------- Version 3.0 of the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS) became available today. --------------------------------------------- http://feedproxy.google.com/~r/SCMagazineHome/~3/Ktdq0wWA1L8/ *** VU#274923: Dual_EC_DRBG output using untrusted curve constants may be predictable *** --------------------------------------------- Vulnerability Note VU#274923 Dual_EC_DRBG output using untrusted curve constants may be predictable Original Release date: 07 Nov 2013 | Last revised: 07 Nov 2013 Overview Output of the Dual Elliptic Curve Deterministic Random Bit Generator (DUAL_EC_DRBG) algorithm may be predictable by an attacker who has chosen elliptic curve parameters in advance. Description NIST SP 800-90A defines three elliptic curves for use in Dual_EC_DBRG but does not describe the provenance of the parameters used --------------------------------------------- http://www.kb.cert.org/vuls/id/274923 *** Source code for proprietary spam bot offered for sale, acts as force multiplier for cybercrime-friendly activity *** --------------------------------------------- In a professional cybercrime ecosystem, largely resembling that of a legitimate economy, market participants constantly strive to optimize their campaigns, achieve stolen assets liquidity, and most importantly, aim to reach a degree of efficiency that would help them gain market share. Thus, help them secure multiple revenue streams. Despite the increased transparency on the Russian/Easter European underground market - largely thanks to improved social networking courtesy of the... --------------------------------------------- http://www.webroot.com/blog/2013/11/07/source-code-proprietary-spam-bot-off… *** Security Bulletin: Vulnerabilities in Sametime Enterprise Meeting Server (CVE-2013-3044, CVE-2013-3045, CVE-2013-0537, CVE-2013-3985) *** --------------------------------------------- The security bulletin addresses various vulnerabilities found in the Sametime Enterprise Meeting Server regarding spoofing and domain cookies. CVE(s): and CVE-2013-3044, CVE-2013-3045, CVE-2013-0537, CVE-2013-3985 Affected product(s) and affected version(s): IBM Lotus Sametime WebPlayer versions 8.5.2 and 8.5.2.1 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21654355 X-Force --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul… *** Security Bulletin: IBM Lotus Sametime WebPlayer Denial-of-Service (CVE-2013-3986) *** --------------------------------------------- An attacker participating in a Sametime Audio Visual (AV) session may be able to crash the IBM Sametime WebPlayer extension (Firefox extension) session of other users. CVE(s): and CVE-2013-3986 Affected product(s) and affected version(s): IBM Lotus Sametime WebPlayer versions 8.5.2 and 8.5.2.1 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21654041 X-Force Database: --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Security Bulletin: For safer administration of IBM Domino server, use Domino Administrator client instead of Domino Web Administrator *** --------------------------------------------- IBM Domino Web Administrator (webadmin.nsf) has two cross-site scripting vulnerabilities and one cross-site request forgery of low CVSS score. These vulnerabilities do not exist in the Domino Administrator client. To prevent the potential for these attacks, use the Domino Administrator client or mitigations listed below. Domino Web Administrator is deprecated. CVE(s): CVE-2013-4051, CVE-2013-4055, CVE-2013-4050.. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_for… *** IBM WebSphere Real Time Java Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/55618 *** CTF365: A New Capture The Flag Platform for Ongoing Competitions *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/11/08/ctf365--i… *** OpenSSH Security Advisory: gcmrekey.adv *** --------------------------------------------- A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm(a)openssh.com or aes256-gcm(a)openssh.com) is selected during kex exchange. --------------------------------------------- http://www.openssh.org/txt/gcmrekey.adv

1 0

Tageszusammenfassung - Donnerstag 7-11-2013
by Daily end-of-shift report 07 Nov '13

07 Nov '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 06-11-2013 18:00 − Donnerstag 07-11-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** The Dual Use Exploit: CVE-2013-3906 Used in Both Targeted Attacks and Crimeware Campaigns *** --------------------------------------------- A zero-day vulnerability was recently discovered that exploits a Microsoft graphics component using malicious Word documents as the initial infection vector. Microsoft has confirmed that this exploit has been used in "attacks observed are very limited and carefully carried out... --------------------------------------------- http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/the-dual-use-e… *** Analysis: Spam in Q3 2013 *** --------------------------------------------- The percentage of spam in total email traffic decreased by 2.4% from the second quarter of 2013 and came to 68.3%. --------------------------------------------- http://www.securelist.com/en/analysis/204792311/Spam_in_Q3_2013 *** Blackhat SEO and ASP Sites *** --------------------------------------------- It's all too easy to scream and holler at PHP based websites and the various malware variants associate with the technology, but perhaps we're a bit too biased. Here is a quick post on ASP variant. Thought we'd give you Microsoft types some love too. Today we found this nice BlackHat SEO attack: Finding it... --------------------------------------------- http://blog.sucuri.net/2013/11/blackhat-seo-and-asp-sites.html *** Bugtraq: CVE-2013-4425: Private key disclosure, Osirix (lite, 64bit and FDA cleader version) (Medical Application) *** --------------------------------------------- http://www.securityfocus.com/archive/1/529659 *** Vuln: Imperva SecureSphere Web Application Firewall Search Field SQL Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/62948 *** Security Bulletin: Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition *** --------------------------------------------- Issues disclosed in the Oracle October 2013 Java SE Critical Patch Update, plus 6 additional vulnerabilities --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21655201 *** [20131103] Joomla! Core XSS Vulnerability *** --------------------------------------------- Inadequate filtering leads to XSS vulnerability in com_contact. --------------------------------------------- http://developer.joomla.org/security/572-core-xss-20131103.html *** Vuln: Google Android Signature Verification Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/63547 *** SA-CONTRIB-2013-089 - Node Access Keys - Access Bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2013-089Project: Node Access Keys (third-party module)Version: 7.xDate: 2013-November-06Security risk: Moderately criticalExploitable from: RemoteVulnerability: Access bypassDescriptionNode Access Keys helps to grant users temporary view permissions to selected content types on a per user role basis. However, it only implements hook_node_access() and not hook_query_alter(), which means any listing of nodes does not respect the node view access.CVE identifier(s)... --------------------------------------------- https://drupal.org/node/2129379 *** SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2013-088Project: Secure Pages (third-party module)Version: 6.xDate: 2013-November-06Security risk: Less criticalExploitable from: RemoteVulnerability: Missing Encryption of Sensitive DataDescriptionThe Secure Pages module manages redirects between HTTP and HTTPS pages.A flaw in the URL path matching could lead some pages and forms to be transmitted via plain HTTP, even if the administrator intended those pages to use HTTPS. This flaw may surface either due to a... --------------------------------------------- https://drupal.org/node/2129381 *** SA-CONTRIB-2013-087 - Payment for Webform - Access Bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2013-087Project: Payment for Webform (third-party module)Version: 7.xDate: 2013-November-06Security risk: Not criticalExploitable from: RemoteVulnerability: Access bypassDescriptionThis module enables you to ask for or require payments before users can submit webforms. It previously allowed anonymous users to sometimes use other anonymous users payments when submitting a form. Payment for Webform never supported anonymous users, but there was also nothing that... --------------------------------------------- https://drupal.org/node/2129373

1 0

Tageszusammenfassung - Mittwoch 6-11-2013
by Daily end-of-shift report 06 Nov '13

06 Nov '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 05-11-2013 18:00 − Mittwoch 06-11-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Attacks on New Microsoft Zero Day Using Multi-Stage Malware *** --------------------------------------------- Attackers exploiting the Microsoft Windows and Office zero day revealed yesterday are using an exploit that includes a malicious RAR file as well as a fake Office document as the lure, and are installing a wide variety of malicious components on newly infected systems. The attacks seen thus far are mainly centered in Pakistan. The... --------------------------------------------- http://threatpost.com/attacks-on-new-microsoft-zero-day-using-multi-stage-m… *** Malicious PDF Analysis Evasion Techniques *** --------------------------------------------- In many exploit kits, malicious PDF files are some of the most common threats used to try to infect users with various malicious files. Naturally, security vendors invest in efforts to detect these files properly - and their creators invest in efforts to evade those vendors. Using feedback provided by the Smart Protection Network, we... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XOJob_q_Zag/ *** Asus fixt schwerwiegende Sicherheitslücke in WebStorage *** --------------------------------------------- Die Client-Software WebStorage gehört zu einer Reihe von Apps, die Asus auf seinen Android-Geräten ab Werk installiert. heise netze hatte bei Routine-Kontrollen einen Implementierungsfehler aufgedeckt. --------------------------------------------- http://www.heise.de/security/meldung/Asus-fixt-schwerwiegende-Sicherheitslu… *** Google Bots Doing SQL Injection Attacks *** --------------------------------------------- One of the things we have to be very sensitive about when writing rules for our CloudProxy Website Firewall is to never block any major search engine bot (ie., Google, Bing, Yahoo, etc..). To date, we've been pretty good about this, but every now and then you come across unique scenarios like the one in this post, that make you scratch your head and think, what if a legitimate search engine bot was being used to attack the site? Should we still allow the attack to go through? --------------------------------------------- http://blog.sucuri.net/2013/11/google-bots-doing-sql-injection-attacks.html *** Security Bulletin: IBM Sterling Certificate Wizard Shared Memory Permission Vulnerability (CVE-2013-1500) *** --------------------------------------------- The IBM Sterling Certificate Wizard is susceptible to a shared memory permission vulnerability. CVE(s): CVE-2013-1500 Affected product(s) and affected version(s): IBM Sterling Certificate Wizard: 1.3, 1.4 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Security Bulletin: Potential security vulnerability exist in the IBM Java SDKs TLS implementation that is shipped with Tivoli Netcool/OMNIbus Web GUI (CVE-2012-5081) *** --------------------------------------------- The JDKs TLS implementation does not strictly check the TLS vector length as set out in the latest RFC 5246. CVE(s): CVE-2012-5081 Affected product(s) and affected version(s): Tivoli Netcool/OMNIbus Web GUI: 7.3.0, 7.3.1, 7.4.0 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pot… *** Security Bulletin: IBM Sterling Connect:Enterprise Secure Client Shared Memory Permission Vulnerability (CVE-2013-1500) *** --------------------------------------------- The IBM Sterling Connect:Enterprise Secure Client is susceptible to a shared memory permission vulnerability. CVE(s): CVE-2013-1500 Affected product(s) and affected version(s): IBM Sterling Secure Client: 1.3, 1.4 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Vivotek IP Cameras RTSP Authentication Bypass *** --------------------------------------------- Topic: Vivotek IP Cameras RTSP Authentication Bypass Risk: High Text:Core Security - Corelabs Advisory http://corelabs.coresecurity.com Vivotek IP Cameras RTSP Authentication Bypass 1. *A... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013110038 *** Bugtraq: Open-Xchange Security Advisory 2013-11-06 *** --------------------------------------------- http://www.securityfocus.com/archive/1/529635 *** Kerberos Multi-realm KDC NULL Pointer Dereference Denial of Service Vulnerability *** --------------------------------------------- https://secunia.com/advisories/55588 *** Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco WAAS Mobile Remote Code Execution Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Tweetbot for Mac / for iOS Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/55462 *** Arbor Peakflow X Security Bypass and Cross-Site Scripting Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/55536

1 0

Tageszusammenfassung - Dienstag 5-11-2013
by Daily end-of-shift report 05 Nov '13

05 Nov '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 04-11-2013 18:00 − Dienstag 05-11-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Switzerland to set up Swiss cloud free of NSA, GCHQ snooping (it hopes) *** --------------------------------------------- Gnomes of Zurich want spook-immune system Swisscom, the Swiss telco thats majority owned by its government, will set up a "Swiss cloud" hosted entirely in the land of cuckoo clocks and fine chocolate - and try to make the service impervious to malware and uninvited spooks. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/11/04/switzerland… *** Is your vacuum cleaner sending spam?, (Tue, Nov 5th) *** --------------------------------------------- Past week, a story in a Saint Petersburg (the icy one, not the beach) newspaper caught quite some attention, and was picked up by The Register [1]. The story claimed that appliances like tea kettles, vacuum cleaners and iron(y|ing) irons shipped from China and sold in Russia were discovered to contain rogue, WiFi enabled chip sets. As soon as power was applied, the vacuum cleaner began trolling for open WiFi access points, and if it found one, it would hook up to a spam relay and start ... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16958 *** When attackers use your DNS to check for the sites you are visiting, (Mon, Nov 4th) *** --------------------------------------------- Nowadays, attackers are definitely interested in checking what sites you are visiting. Depending on that information, they can setup attacks like the following: Phising websites and e-mail scams targeted to specific people so they leave their private information. Network spoofing with tools like dsniff, where attackers can tell computers that the sites they want to visit are located somewhere else, therefore enabling them to interact with victims posing like the original site. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16955 *** Manifest: Bei XMPP/Jabber soll Verschlüsselung zur Pflicht werden *** --------------------------------------------- Entwickler und Betreiber von XMPP-/Jabber-Software und -Diensten, darunter auch der Jabber-Erfinder Jeremie Miller, wollen es zur Pflicht machen, die Kommunikation über XMPP in Zukunft zu verschlüsseln. --------------------------------------------- http://www.golem.de/news/manifest-bei-xmpp-jabber-soll-verschluesselung-zur… *** Biggest Risks in IPv6 Security Today *** --------------------------------------------- Although IPv6 packets have started to flow, network engineers still tread lightly because of lingering security concerns. Here are the top six security risks in IPv6 network security today as voted by gogoNET members, a community of 95,000 network professionals. --------------------------------------------- http://www.cio.com/article/742652/Biggest_Risks_in_IPv6_Security_Today *** WhatsApp-Backup speichert Klartext bei Apple *** --------------------------------------------- Die eingebaute Backup-Funktion des beliebten Messaging-Programms speichert auf dem iPhone alle Texte und Bilder bei Apples iCloud - und zwar völlig unverschlüsselt. --------------------------------------------- http://www.heise.de/security/meldung/WhatsApp-Backup-speichert-Klartext-bei… *** Cisco Security Notices *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Vuln: Cisco Prime Central for Hosted Collaboration Solution CVE-2013-5564 Denial of Service Vulnerability *** --------------------------------------------- Cisco Prime Central for Hosted Collaboration Solution CVE-2013-5564 Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/63490 *** Bugtraq: ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability. *** --------------------------------------------- http://www.securityfocus.com/archive/1/529620 *** Bugtraq: ESA-2013-073: EMC Documentum eRoom Multiple Cross Site Scripting Vulnerabilities. *** --------------------------------------------- http://www.securityfocus.com/archive/1/529621 *** VU#436214: Attachmate Verastream Host Integrator Vulnerable to Arbitrary File Uploads *** --------------------------------------------- Vulnerability Note VU#436214 Attachmate Verastream Host Integrator Vulnerable to Arbitrary File Uploads Original Release date: 04 Nov 2013 | Last revised: 04 Nov 2013 Overview The Attachmate Verastream Host Integrator (VHI) is vulnerable to arbitrary file uploads. --------------------------------------------- http://www.kb.cert.org/vuls/id/436214 *** GitLab Remote code execution vulnerability in the code search feature *** --------------------------------------------- Topic: GitLab Remote code execution vulnerability in the code search feature Risk: High Text:Remote code execution vulnerability in the code search feature of GitLab There is a remote code execution vulnerability in t... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013110026 *** GitLab Remote code execution vulnerability in the SSH key upload *** --------------------------------------------- Topic: GitLab Remote code execution vulnerability in the SSH key upload Risk: High Text:# Remote code execution vulnerability in the SSH key upload feature of GitLab There is a remote code execution vulnerability... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013110025

1 0

Tageszusammenfassung - Montag 4-11-2013
by Daily end-of-shift report 04 Nov '13

04 Nov '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 31-10-2013 18:00 − Montag 04-11-2013 18:00 Handler: Otmar Lendl Co-Handler: Stephan Richter *** Top three recommendations for securing your personal data using cryptography, by EU cyber security Agency ENISA in new report *** --------------------------------------------- ENISA, the European Union's "cyber security" Agency today launched a report that all authorities should better promote cryptographic measure to safeguard personal data. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/top-three-recommendations-f… *** Know Your Enemy: Tracking A Rapidly Evolving APT Actor *** --------------------------------------------- Between Oct. 24-25 FireEye detected two spear-phishing attacks attributed a threat actor we have previously dubbed admin(a)338.[1] The newly discovered attacks targeted a number of organizations and were apparently focused on gathering data related to international trade, finance and economic... --------------------------------------------- http://www.fireeye.com/blog/technical/2013/10/know-your-enemy-tracking-a-ra… *** How To Avoid CryptoLocker Ransomware *** --------------------------------------------- Over the past several weeks, a handful of frantic Microsoft Windows users have written in to ask what they might do to recover from PC infections from "CryptoLocker," the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts your files until you pay a ransom. Unfortunately, the answer for these folks is usually either to pay up or suck it up. This post offers a few pointers to help readers avoid becoming the next victim. --------------------------------------------- http://krebsonsecurity.com/2013/11/how-to-avoid-cryptolocker-ransomware/ *** Why Motivated Attackers Often Get What They Want *** --------------------------------------------- Do you work for a company possessing information which could be of financial value to people outside the organization? Or, perhaps even a foreign state would find it useful to gain access to the documents youre storing on that shared network drive? Yes? Then congratulations, you may already be the target of a persistent and motivated attacker (who sometimes, but rarely, is also advanced).According to this CERT-FI presentation, even Finland has seen nearly a decade of these attacks. Nowadays, --------------------------------------------- http://www.f-secure.com/weblog/archives/00002632.html *** Google-dorks based mass Web site hacking/SQL injecting tool helps facilitate malicious online activity *** --------------------------------------------- Among the most common misconceptions regarding the exploitation (hacking) of Web sites, is that no one would exclusively target *your* Web site, given that the there are so many high profile Web sites to hack into. In reality though, thanks to the public/commercial availability of tools relying on the exploitation of remote Web application vulnerabilities, the insecurely configured Web sites/forums/blogs, as well as the millions of malware-infected hosts internationally, virtually every Web --------------------------------------------- http://www.webroot.com/blog/2013/11/01/peek-inside-google-dorks-based-mass-… *** Secunias PSI Country Report - Q3 2013, (Fri, Nov 1st) *** --------------------------------------------- On the heels of discussing Microsofts Security Intelligence Report v15 wherein the obvious takeaway is "Windows XP be gone!", Secunias just-released PSI Country Report - Q3 2013 is an interesting supplemental read. Here are the summary details: Programs Installed: 75, from 25 different vendors 40% (30 of 75) of these programs are Microsoft programs 60% (45 of 75) of these programs are from third-party vendors Users with unpatched Operating Systems: 14.6% (WinXP, Win7, Win8, --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16943&rss *** July-September 2013 *** --------------------------------------------- NOTE 1: The "ICS-CERT Monitor" newsletter offers a means of promoting preparedness, information sharing, and collaboration with the 16 critical infrastructure sectors. ICS-CERT accomplishes this on a day-to-day basis through sector briefings, meetings, conferences, and information product releases. --------------------------------------------- http://ics-cert.us-cert.gov/monitors/ICS-MM201310 *** SOHO Router Horror Stories: German Webcast with Mike Messner *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/11/04/soho-rout… *** Nordex NC2 - Cross-Site Scripting Vulnerability *** --------------------------------------------- NCCIC/ICS-CERT is aware of a public report of a Cross-Site Scripting vulnerability affecting the Nordex Control 2 (NC2) application, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the vulnerability is exploitable by allowing a specially crafted request that could execute arbitrary script code. This report was released without coordination with either the vendor or NCCIC/ICS-CERT. NCCIC/ICS-CERT is attempting to... --------------------------------------------- http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-304-01 *** VU#450646: Tiki Wiki CMS Groupware version 11.0 contains a cross-site scripting (XSS) vulnerability *** --------------------------------------------- Vulnerability Note VU#450646 Tiki Wiki CMS Groupware version 11.0 contains a cross-site scripting (XSS) vulnerability Original Release date: 31 Oct 2013 | Last revised: 31 Oct 2013 Overview Tiki Wiki CMS Groupware version 11.0 and possibly earlier versions contain a cross-site scripting (XSS) vulnerability (CWE-79). Description CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)Tiki Wiki CMS Groupware version 11.0 and possibly earlier versions contain a --------------------------------------------- http://www.kb.cert.org/vuls/id/450646 *** VMSA-2013-0009.2 *** --------------------------------------------- VMware vSphere, ESX and ESXi updates to third party libraries --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2013-0009.html *** TP-Link Cross Site Request Forgery Vulnerability *** --------------------------------------------- Topic: TP-Link Cross Site Request Forgery Vulnerability Risk: Medium Text:I. Introduction Today the majority of wired Internet connections is used with an embedded NAT router, which allows using ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013100223 *** Zend Framework Proxied Request Processing IP Spoofing Weakness *** --------------------------------------------- https://secunia.com/advisories/55529 *** Novell ZENworks Configuration Management Directory Traversal Flaw Lets Remote Users Obtain Files *** --------------------------------------------- http://www.securitytracker.com/id/1029289 *** Security Bulletins for multiple HP Products *** --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Security Bulletins for multiple IBM Products *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_inf… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pot… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… http://www.securityfocus.com/bid/62018

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily November 2013