Daily December 2013

daily@lists.cert.at

1 participants
18 discussions

Tageszusammenfassung - Mittwoch 11-12-2013
by Daily end-of-shift report 11 Dec '13

11 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 10-12-2013 18:00 − Mittwoch 11-12-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Summary for December 2013 - Version: 1.0 *** --------------------------------------------- This bulletin summary lists security bulletins released for December 2013. With the release of the security bulletins for December 2013, this bulletin summary replaces the bulletin advance notification originally issued December 5, 2013. For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-dec *** Rotbrow: the Sefnit distributor *** --------------------------------------------- This months addition to the Microsoft Malicious Software Removal Tool is a family that is both old and new. Win32/Rotbrow existed as far back as 2011, but the first time we saw it used for malicious purposes was only in the past few months. In September, Geoff blogged about the dramatic resurgence of Win32/Sefnit (aka Mevade). At the time, we knew of several ways in which Sefnit was distributed, but we continued investigating how it was able to get on so many machines. When we concentrated on --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2013/12/10/rotbrow-the-sefnit-distr… *** Firefox 26 Makes Java Plugins Click-to-Play, Fixes 14 Security Flaws *** --------------------------------------------- Mozilla has released a major new version of Firefox, which includes fixes for more than a dozen security vulnerabilities as well as an important change that makes all Java plugins click-to-play be default. This feature prevents those plugins from running automatically on Web pages, which helps protect users against some Web-based attacks. The modification to […] --------------------------------------------- http://threatpost.com/firefox-26-makes-java-plugins-click-to-play-fixes-14-… *** DSA-2815 munin *** --------------------------------------------- Christoph Biedl discovered two denial of service vulnerabilities in munin, a network-wide graphing framework. --------------------------------------------- http://www.debian.org/security/2013/dsa-2815 *** Zero-Day Fixes From Adobe, Microsoft *** --------------------------------------------- Adobe and Microsoft today each separately released security updates to remedy zero-day bugs and other critical vulnerabilities in their software. Adobe issued fixes for its Flash and Shockwave players, while Microsoft pushed out 11 updates addressing addressing at least two dozen flaws in Windows and other software. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/gWnv_MqLeM4/ *** WordPress 3.7.1 Maintenance Release *** --------------------------------------------- WordPress 3.7.1 is now available! This maintenance release addresses 11 bugs in WordPress 3.7 --------------------------------------------- http://wordpress.org/news/2013/10/wordpress-3-7-1/ *** Adobe Shockwave Player Two Memory Corruption Vulnerabilities *** --------------------------------------------- Two vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error can be exploited to cause memory corruption. 2) Another unspecified error can be exploited to cause memory corruption. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. --------------------------------------------- https://secunia.com/advisories/55952 *** Thought your Android phone was locked? THINK AGAIN *** --------------------------------------------- Another day, another vulnerability Android has taken another step to cement its place behind Java in the world of repeatedly-vulnerable software, with German group Curesec discovering that an attacker can get past users PINs to unlock the phone.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/12/10/android_has… *** ENISA lists top cyber-threats in this year’s Threat Landscape Report. *** --------------------------------------------- The EU’s cyber security Agency ENISA has issued its annual Threat Landscape 2013 report, where over 200 publicly available reports and articles have been analysed. Questions addressed are: What are the top cyber-threats of 2013? Who are the adversaries? What are the important cyber-threat trends in the digital ecosystem? --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/enisa-lists-top-cyber-threa… *** HP Officejet Pro 8500 Printer Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- A vulnerability was reported in the HP Officejet Pro 8500 Printer. A remote user can conduct cross-site scripting attacks. The printer interface does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the HP Printer interface and will run in the security context of that site... --------------------------------------------- http://www.securitytracker.com/id/1029466 *** A New Vulnerability in the Android Framework: Fragment Injection *** --------------------------------------------- We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings (the one that is found on every Android device), Gmail, Google Now, DropBox and Evernote. To be more accurate, any App which extended the PreferenceActivity class using an exported activity was automatically vulnerable. --------------------------------------------- http://securityintelligence.com/new-vulnerability-android-framework-fragmen… *** TYPO3-FLOW-SA-2013-001: Cross-Site Scripting in TYPO3 Flow *** --------------------------------------------- Problem Description: The errorAction method in the ActionController base class of Flow returns error messages without properly encoding them. Because these error messages can contain user input, this could lead to a Cross-Site Scripting vulnerability in Flow driven applications. --------------------------------------------- http://typo3.org/teams/security/security-bulletins/typo3-flow/typo3-flow-sa… *** Creepware - Who’s Watching You? *** --------------------------------------------- Some people stick a piece of tape over the webcam on their laptop, maybe you even do it yourself. Are they over cautious, paranoid, a little strange? Are you? Or is there reason behind this madness? Many of us have heard the stories about people being spied on using their own computer or people being blackmailed using embarrassing or incriminating video footage unknowingly recorded from compromised webcams... --------------------------------------------- http://www.symantec.com/connect/blogs/creepware-who-s-watching-you *** Blog: The inevitable move - 64-bit ZeuS has come enhanced with Tor *** --------------------------------------------- The more people switch to 64-bit platforms, the more 64-bit malware appears. We have been following this process for several years now. The more people work on 64-bit platforms, the more 64-bit applications that are developed as well. Sometimes these include some very specific applications, for example, banking applications.... If someone wants to hack into an application like this and steal information, the best tool for that would also be a 64-bit agent. And what’s the most notorious --------------------------------------------- http://www.securelist.com/en/blog/208214171/The_inevitable_move_64_bit_ZeuS… *** TYPO3 Multiple Vulnerabilities *** --------------------------------------------- A weakness and multiple vulnerabilities have been reported in TYPO3, which can be exploited by malicious users to disclose sensitive information, conduct script insertion attacks, manipulate certain data, and bypass certain security restrictions and by malicious people to conduct cross-site scripting and spoofing attacks. --------------------------------------------- https://secunia.com/advisories/55958 *** SAProuter Authentication Bypass Security Bypass Vulnerability *** --------------------------------------------- ERPScan has reported a vulnerability in SAProuter, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the application not properly restricting access to certain functionalities, which can be exploited to e.g. manipulate the configuration. --------------------------------------------- https://secunia.com/advisories/56060

1 0

Tageszusammenfassung - Dienstag 10-12-2013
by Daily end-of-shift report 10 Dec '13

10 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 09-12-2013 18:00 − Dienstag 10-12-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** French Government Spoofs Google Certificate *** --------------------------------------------- Google revoked digital certificates for some of its domains that had been fraudulently signed by an intermediate certificate authority with links to ANSSI, Frances cyber-defense agency. --------------------------------------------- http://threatpost.com/french-government-spoofs-google-certificate/103128 *** How We Decoded Some Nasty Multi-Level Encoded Malware *** --------------------------------------------- >From time to time, we come up with interesting bits of malware that are just calling us to decode and learn more about them. This is one of those cases. Recently, I crossed pathes with this little gem: That snippet is encoded malicious content. --------------------------------------------- http://blog.sucuri.net/2013/12/how-we-decoded-some-nasty-multi-level-encode… *** Microsoft Security Advisory (2916652): Improperly Issued Digital Certificates Could Allow Spoofing - Version: 1.0 *** --------------------------------------------- Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue. --------------------------------------------- http://technet.microsoft.com/en-us/security/advisory/2916652 *** Untouched P2P Communication Infrastructure Keeps ZeroAccess Up and Running *** --------------------------------------------- Microsofts takedown of the ZeroAccess botnet wasnt a complete success. Experts point out that Microsoft targeted only the money-making aspects of the botnet, and that its communication protocol was untouched. --------------------------------------------- http://threatpost.com/untouched-p2p-communication-infrastructure-keeps-zero… *** The Curious Case of the Malicious IIS Module *** --------------------------------------------- Recently, we´ve seen a few instances of a malicious DLL that is installed as an IIS module making its rounds in forensic cases. This module is of particular concern as it is currently undetectable by almost all anti-virus products. The malware is used by attackers to target sensitive information in POST requests, and has mechanisms in place for data exfiltration. --------------------------------------------- http://blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-mo… *** CyanogenMod to have built in text message encryption system *** --------------------------------------------- People are now more concerned regarding their privacy after discovering about efforts made by governments to spy on their communications. The most practical solution to keep messages, emails and calls secure is to use a cryptographic encryption mechanism. However, just like the name of the method, the installation process is complex for most users. To solve this, CyanogenMod will come equipped with built in encryption system for text messages. --------------------------------------------- http://www.muktware.com/2013/12/cyanogenmod-built-text-message-encryption-s… *** Phantom menace? A guide to APTs - and why most of us have little to fear from these 'cyberweapons' *** --------------------------------------------- APTs - or Advanced Persistent Threats - are the most menacing cyber attack there is, some say. Orchestrated by teams of hundreds of experts, they penetrate systems so deeply that they can remain for years, stealing secrets by the terabyte. --------------------------------------------- http://www.welivesecurity.com/2013/12/09/phantom-menace-a-guide-to-apts-and… *** New security features added to Microsoft accounts *** --------------------------------------------- We´re excited to announce that over the next couple of days we´re rolling out a few new capabilities - based on your ongoing feedback - that give you more visibility and control of your Microsoft account. --------------------------------------------- http://blogs.technet.com/b/microsoft_blog/archive/2013/12/09/new-security-f… *** Analysis: Kaspersky Security Bulletin 2013. Overall statistics for 2013 *** --------------------------------------------- This section of the report forms part of the Kaspersky Security Bulletin 2013 and is based on data obtained and processed using Kaspersky Security Network. KSN integrates cloud-based technologies into personal and corporate products, and is one of Kaspersky Lab´s most important innovations. --------------------------------------------- http://www.securelist.com/en/analysis/204792318/Kaspersky_Security_Bulletin… *** November 2013 virus activity review from Doctor Web *** --------------------------------------------- December 2, 2013 Virus analysts at the Russian anti-virus company Doctor Web discovered and examined quite a variety of information security threats in November 2013. In particular, a Trojan targeting SAP business software and malware that generates fake search results on Windows machines were added to the Dr.Web virus database at the beginning of the month. --------------------------------------------- http://news.drweb.com/show/?i=4122&lng=en&c=9 *** DSA-2812 samba *** --------------------------------------------- http://www.debian.org/security/2013/dsa-2812 *** RSA Security Analytics Core Can Be Accessed By Remote Users *** --------------------------------------------- http://www.securitytracker.com/id/1029446 *** pam_userdb password hashes arent compared case-sensitive *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120069 *** TYPO3-CORE-SA-2013-004: Multiple Vulnerabilities in TYPO3 CMS *** --------------------------------------------- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa… *** McAfee Email Gateway 7.6 multiple vulnerabilities *** --------------------------------------------- http://seclists.org/fulldisclosure/2013/Dec/18

1 0

Tageszusammenfassung - Montag 9-12-2013
by Daily end-of-shift report 09 Dec '13

09 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 06-12-2013 18:00 − Montag 09-12-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** RuggedCom ROS Multiple Vulnerabilities *** --------------------------------------------- Siemens has reported to NCCIC/ICS-CERT multiple vulnerabilities in the RuggedCom Rugged OS (ROS). Siemens has produced a firmware update that mitigates these vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to hijack an active Web session and access administrative functions on the devices without proper authorization. These vulnerabilities could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01 *** The Biggest Security Stories of 2013 *** --------------------------------------------- As 2013 comes to a close, security experts are looking back at the major stories and developments of the year, including the Edward Snowden NSA leaks and major malware attacks. In this video, Vitaly Kamluk of Kaspersky Lab examines the biggest security news of 2013 and talks about the lasting effects they may have. --------------------------------------------- http://threatpost.com/the-biggest-security-stories-of-2013/103125 *** Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt *** --------------------------------------------- Just dont bork our crim-busting honeypots again Microsoft has teamed up with the FBI to launch a renewed attempt to disrupt the operations of the infamous ZeroAccess botnet. --------------------------------------------- http://www.theregister.co.uk/2013/12/06/zeroaccess_zombienet_takedown/ *** FAQ: Pony Malware Payload Discovery *** --------------------------------------------- Our team´s discovery of the spoils of yet another instance of Pony 1.9 has kept us busy the past couple of days. We´ve enjoyed explaining our discovery to journalists and trying our best to answer the questions that arise over social networks and email with each publication of a story. A lot of those questions tend to be similar. --------------------------------------------- http://blog.spiderlabs.com/2013/12/faq-pony-malware-payload-discovery.html *** 2014 Predictions: Blurring Boundaries *** --------------------------------------------- The past year has been an interesting one in the world of cyber security. Mobile malware has become a large-scale threat, government surveillance has users asking "does privacy still exist?", cybercrime continues to steal money from individuals and businesses, and new targets for hackers like AIS and SCADA have been identified. 2013 was many things, but boring was not one of them. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/2014-predictions… *** The state of targeted attacks *** --------------------------------------------- Trusteer announced the results of a recent study on the State of Targeted Attacks, which took into consideration the feedback from over 750 IT and IT security practitioners who have involvement in defensive efforts against APTs launched at their organisations. --------------------------------------------- http://www.net-security.org/secworld.php?id=16059 *** Android-Apps: Sicherheitslücke durch fehlerhafte SSL-Prüfung *** --------------------------------------------- Das Fraunhofer-Institut für Sichere Informationstechnologie hat mehrere Android-Apps ausfindig gemacht, bei denen die fehlerhafte Prüfung des SSL-Zertifikats den Zugriff auf Zugangsdaten möglich macht. Nur etwa die Hälfte aller kontaktierten Hersteller hat die Sicherheitslücke bisher geschlossen. --------------------------------------------- http://www.golem.de/news/android-apps-sicherheitsluecke-durch-fehlerhafte-s… *** The world´s most dangerous mobile phone spying app just moved into the tablet and iPad market *** --------------------------------------------- The evolution of GPS and the smart-phone market has spawned a macabre industry of surveillance apps designed to be covertly installed onto the cellphones of vulnerable employees, business associates, partners and children. --------------------------------------------- http://www.privacysurgeon.org/blog/incision/the-worlds-most-dangerous-mobil… *** Bypassing Windows AppLocker using a Time of Check Time of Use vulnerability *** --------------------------------------------- Windows AppLocker is Microsoft´s replacement to Software Restriction Policies in Windows 7, Windows 8, Server 2008 and Server 2012. Windows AppLocker has been promoted by several government agencies such as the National Security Agency and the New Zealand National Cyber Security Center as an effective mechanism to combat the execution of unauthorized code on modern Microsoft Windows based systems. --------------------------------------------- http://www.nccgroup.com/media/495634/2013-12-04_-_ncc_-_technical_paper_-_b… *** Automater - IP URL and MD5 OSINT Analysis *** --------------------------------------------- Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal. --------------------------------------------- http://www.tekdefense.com/automater/ *** Drei GIMP-Lücken auf einen Streich *** --------------------------------------------- Das Sicherheits-Team von Red Hat hat drei Speicherverwaltungsprobleme in der Bildverarbeitungssoftware GIMP gefunden und beseitigt, die dazu ausgenutzt werden könnten, dem Benutzer Schadcode unterzuschieben. --------------------------------------------- http://www.heise.de/security/meldung/Drei-GIMP-Luecken-auf-einen-Streich-20… *** Malicious multi-hop iframe campaign affects thousands of Web sites, leads to a cocktail of client-side exploits - part two *** --------------------------------------------- Ever since we exposed and profiled the evasive, multi-hop, mass iframe campaign that affected thousands of Web sites in November, we continued to monitor it, believing that the cybercriminal(s) behind it, would continue operating it, basically switching to new infrastructure once the one exposed in the post got logically blacklisted, thereby undermining the impact of the campaign internationally. --------------------------------------------- http://www.webroot.com/blog/2013/12/09/malicious-multi-hop-iframe-campaign-… *** Putting malware in the picture *** --------------------------------------------- Spammers actively spread malware using fake notifications on behalf of various financial and banking institutions, booking and delivery services and other companies. The arsenal of tricks used by cybercriminals is constantly being updated. In particular, in recent years we have registered a number of English- and German-language mass mailings in which the attackers try to hide malware under photos and pictures. --------------------------------------------- https://www.securelist.com/en/blog/8159/Putting_malware_in_the_picture *** [webapps] - Zimbra 0day exploit / Privilegie escalation via LFI *** --------------------------------------------- http://www.exploit-db.com/exploits/30085 *** D-Link DSR Router Remote Root Shell Exploit *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120055 *** WordPress DZS Video Gallery 3.1.3 Remote File Disclosure *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120050 *** cURL Certificate Validation Flaw Lets Remote Users Spoof SSL Servers *** --------------------------------------------- http://www.securitytracker.com/id/1029434 *** Security Bulletin: Multiple Security vulnerability fix for IBM Tivoli Storage Manager Administration Center (CVE-2012-5081, CVE-2013-0169, CVE-2013-0443). *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Steinberg MyMp3PRO SEH buffer overflow *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89468

1 0

Tageszusammenfassung - Freitag 6-12-2013
by Daily end-of-shift report 06 Dec '13

06 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 05-12-2013 18:00 − Freitag 06-12-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Advance Notification Service for December 2013 Security Bulletin Release *** --------------------------------------------- Today we're providing advance notification for the release of 11 bulletins, five Critical and six Important, for December 2013. The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Critical update for GDI+ fully addresses the publicly disclosed issue described in Security Advisory 2896666. This release won't include an update for the issue described in Security Advisory 2914486. We're still working to develop a security... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/12/05/advance-notification-ser… *** Google Docs Scam Stealing Passwords *** --------------------------------------------- Scammers are up to mischief again by tricking users into clicking false webmail widgets. The core goal of any phishing attempt is to compromise the victims access to a particular service. Usually this is done by posing as the service the attacker wants to hijack from the victim, and sending the username and password information back to the attacker. Ive seen plenty phishing schemes in the --------------------------------------------- http://research.zscaler.com/2013/12/google-docs-scam-stealing-passwords-in.… *** Study finds zero-day vulnerabilities abound in popular software *** --------------------------------------------- Organizations selling exploits for vulnerabilities in software from major companies including Microsoft, Apple, Oracle, and Adobe --------------------------------------------- http://www.csoonline.com/article/744307/study-finds-zero-day-vulnerabilitie… *** EU cyber security Agency ENISA argues that better protection of SCADA Systems is needed *** --------------------------------------------- How long can we afford having critical infrastructures that use unpatched SCADA systems, the EU's cyber security Agency ENISA asks? ENISA argues that the EU Member States could proactively deploy patch management to enhance the security of SCADA systems. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/eu-cyber-security-agency-en… *** Hacking a Reporter: Sleepless Nights Outside a Brooklyn Brownstone (Part 3 of 3) *** --------------------------------------------- This post is the conclusion of a three-part series that goes into more depth about our experience hacking journalist Adam Penenberg, which resulted in an article on PandoDaily in October. Parts one and two detail the malware aspects of our hack with contributions from Josh Grunzweig, Matt Jakubowski and Daniel Chechik. I, Garret Picchioni (voted to be the bald hacker with a heart tattoo in the original article artwork), will discuss the details of the... --------------------------------------------- http://blog.spiderlabs.com/2013/12/hacking-a-reporter-sleepless-nights-outs… *** Weekly Metasploit Update: SAP and Silverlight *** --------------------------------------------- We've been all SAP all the time here in the Independent Nations of Metasploit, and expect to be for the rest of the week. You might recall that Metasploit exploit dev, Juan Vazquez published his SAP survey paper a little while back; on Tuesday, we did a moderated twitter chat on the hashtag #pwnSAP with the major SAP-focused Metasploit contributors Bruno Morrison, Chris John Riley, and Dave Hartley; and today (Thursday, December 5), Juan and I will be hosting a webcast on the various and sundry SAP exposures that Metasploit covers, and There Will Be Demos and Q&A, so it should be fun. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/12/05/weekly-me… *** CVE-2013-3346/5065 Technical Analysis *** --------------------------------------------- In our last post, we warned of a new Windows local privilege escalation vulnerability being used in the wild. We noted that the Windows bug (CVE-2013-5065) was exploited in conjunction with a patched Adobe Reader bug (CVE-2013-3346) to evade the... --------------------------------------------- http://www.fireeye.com/blog/technical/cyber-exploits/2013/12/cve-2013-33465… *** Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Control Center *** --------------------------------------------- A number of security vulnerabilities have been discovered in the Java Runtime Environment and the Cognos Business Intelligence components included in IBM SCC.CVE(s): CVE-2013-1557, CVE-2013-1478, CVE-2013-1571, CVE-2013-1500, CVE-2013-2988, CVE-2013-2978 and CVE-2013-0586 Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms Refer to the following reference URLs for remediation and additional vulnerability... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) *** --------------------------------------------- Multiple security vulnerabilities exist in the IBM JRE that is shipped with the Rational Reporting for Development Intelligence (RRDI). The same security vulnerabilities also exist in the IBM Java SDK that is shipped with the IBM WebSphere Application Server (WAS). CVE(s): CVE-2013-4066 and CVE-2013-4067 Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms Refer to the following reference URLs for... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Sonicwall GMS 7.x Filter Bypass *** --------------------------------------------- Topic: Sonicwall GMS 7.x Filter Bypass Risk: Low Text:Document Title: Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability References (Source): == http... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120048 *** VMware ESX Server Service Console Two Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/55917 *** SSA-568732 (Last Update 2013-12-06): Privilege Escalation in COMOS *** --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** WordPress JS Hotel Plugin "roomid" Cross-Site Scripting Vulnerability *** --------------------------------------------- https://secunia.com/advisories/55919 *** NVIDIA Graphics Drivers GPU Access Privilege Escalation Vulnerability *** --------------------------------------------- https://secunia.com/advisories/55904 *** HP-UX update for Java *** --------------------------------------------- https://secunia.com/advisories/55978 *** IBM Forms Viewer XFDL buffer overflow *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/87911

1 0

Tageszusammenfassung - Donnerstag 5-12-2013
by Daily end-of-shift report 05 Dec '13

05 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 04-12-2013 18:00 − Donnerstag 05-12-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Phishing-Mail ködert WordPress-Admins *** --------------------------------------------- Mit einer kostenlosen Version eines beliebten SEO-Plugins für WordPress versuchen Spammer, Administratoren zu ködern. Das Plugin entpuppt sich als Malware, dass eine Hintertür im Server öffnet und Besucher der Seite infiziert. --------------------------------------------- http://www.heise.de/security/meldung/Phishing-Mail-koedert-WordPress-Admins… *** In new campaign, Dexter point-of-sale malware strikes U.S. and abroad *** --------------------------------------------- After recently impacting banks in South Africa, the malware is now infecting point-of-sale systems throughout the globe, including those in the U.S., a security firm found. --------------------------------------------- http://www.scmagazine.com/in-new-campaign-dexter-point-of-sale-malware-stri… *** Bugtraq: [PT-2013-63] Hash Length Extension in HTMLPurifier *** --------------------------------------------- http://www.securityfocus.com/archive/1/530142 *** SA-CONTRIB-2013-097 - OG Features - Access bypass *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2013-097 Project: OG Features (third-party module)Version: 6.x Date: 2013-December-04Security risk: Not Critical Exploitable from: Remote Vulnerability: Access bypass --------------------------------------------- https://drupal.org/node/2149791 *** Siemens SINAMICS S/G Authentication Bypass Vulnerability *** --------------------------------------------- Siemens has identified an authentication bypass vulnerability in the SINAMICS S/G product family. Siemens has produced a firmware update that mitigates this vulnerability and has tested the update to validate that it resolves the vulnerability. Exploitation of this vulnerability could allow an attacker to access administrative functions on the device without authentication. This vulnerability could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01 *** Security Bulletins: Rational Insight and Rational Reporting for Development Intelligence - Oracle CPU June 2013 (CVE-2013-2407, CVE-2013-2450) *** --------------------------------------------- Multiple security vulnerabilities exist in the IBM JRE that is shipped with Rational Insight and Rational Reporting for Development Intelligence. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_rat… https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_rat… *** IBM QRadar SIEM Cross-Site Scripting Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/55895 https://secunia.com/advisories/55891 *** Imagam iFiles 1.16.0 File Inclusion / Shell Upload / Command Injection *** --------------------------------------------- Topic: Imagam iFiles 1.16.0 File Inclusion / Shell Upload / Command Injection Risk: High Text:Document Title: Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities References (Source): == http://ww... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120038 *** bugs in IJG jpeg6b & libjpeg-turbo *** --------------------------------------------- jpeg6b and some of its optimized clones (e.g., libjpeg-turbo) will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb). --------------------------------------------- http://www.securityfocus.com/archive/1/530137 *** IQ3 Series Trend LAN Controllers "ovrideStart" Multiple Cross-Site Scripting Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/55827

1 0

Tageszusammenfassung - Mittwoch 4-12-2013
by Daily end-of-shift report 04 Dec '13

04 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 03-12-2013 18:00 − Mittwoch 04-12-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Mitigating attacks on Industrial Control Systems (ICS); the new Guide from EU Agency ENISA *** --------------------------------------------- The EU's cyber security agency ENISA has provided a new manual for better mitigating attacks on Industrial Control Systems (ICS), supporting vital industrial processes primarily in the area of critical information infrastructure (such as the energy and chemical transportation industries) where sufficient knowledge is often lacking. As ICS are now often connected to Internet platforms, extra security preparations have to be taken. This new guide provides the necessary key considerations... --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/mitigating-attacks-on-indus… *** Elecsys Director Gateway Improper Input Validation Vulnerability *** --------------------------------------------- Adam Crain of Automatak and independent researchers Chris Sistrunk and Adam Todorski have identified an improper input validation in the Elecsys Director Gateway application. Elecsys has produced a patch that mitigates this vulnerability. Adam Todorski has tested the patch to validate that it resolves the vulnerability.This vulnerability could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-337-01 *** Ruby on Rails Multiple Bugs Let Remote Users Deny Service, Conduct Cross-Site Scripting Attacks, and Generate Unsafe Queries *** --------------------------------------------- Ruby on Rails Multiple Bugs Let Remote Users Deny Service, Conduct Cross-Site Scripting Attacks, and Generate Unsafe Queries --------------------------------------------- http://www.securitytracker.com/id/1029420 *** Cisco ONS 15454 Controller Cards Can Be Reset By Remote Users *** --------------------------------------------- http://www.securitytracker.com/id/1029421 *** D-Link DIR Series Routers __show_info.php information disclosure *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89343

1 0

Tageszusammenfassung - Dienstag 3-12-2013
by Daily end-of-shift report 03 Dec '13

03 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 02-12-2013 18:00 − Dienstag 03-12-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** A Pentester's Introduction to SAP & ABAP *** --------------------------------------------- If you’re conducting security assessments on enterprise networks, chances are that you’ve run into SAP systems. In this blog post, I’d like to give you an introduction to SAP and ABAP to help you with your security audit. --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/12/02/a-pentest… *** Analysis: Kaspersky Security Bulletin 2013. Malware Evolution *** --------------------------------------------- Once again, it’s time for us to deliver our customary retrospective of the key events that have defined the threat landscape in 2013. Let’s start by looking back at the things we thought would shape the year ahead, based on the trends we observed in the previous year. --------------------------------------------- http://www.securelist.com/en/analysis/204792316/Kaspersky_Security_Bulletin… *** How does the NSA break SSL? *** --------------------------------------------- A few weeks ago I wrote a long post about the NSAs BULLRUN project to subvert modern encryption standards. I had intended to come back to this at some point, since I didnt have time to discuss the issues in detail. --------------------------------------------- http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html *** On Covert Acoustical Mesh Networks in Air *** --------------------------------------------- Fraunhofer FKIE, Wachtberg, Germany Abstract: Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system. We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. The underlying network stack is based on a... --------------------------------------------- http://www.jocm.us/index.php?m=content&c=index&a=show&catid=124&id=600 *** Cisco ASA Malformed DNS Reply Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause the reload of an affected system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** phpThumb 1.7.12 Server Side Request Forgery *** --------------------------------------------- Topic: phpThumb 1.7.12 Server Side Request Forgery Risk: Low Text:#phpThumb phpThumbDebug Server Side Request Forgery #Google Dork: inurl:phpThumb.php #Author: Rafay Baloch And Deepanker Ar... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120020 *** Folo theme for WordPress jplayer.swf cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89318 *** Orange Themes for WordPress upload-handler.php file upload *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89325 *** Zend Framework application.ini information disclosure *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89328 *** TP-Link TD-8840t change administrator password cross-site request forgery *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89329 *** JMultimedia component for Joomla! phpThumb.php file upload *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/89333 *** Bugtraq: Multiple issues in OpenSSL - BN (multiprecision integer arithmetics). *** --------------------------------------------- http://www.securityfocus.com/archive/1/530120 *** Bugtraq: D-Link DIR-XXX remote root access exploit. *** --------------------------------------------- http://www.securityfocus.com/archive/1/530119

1 0

Tageszusammenfassung - Montag 2-12-2013
by Daily end-of-shift report 02 Dec '13

02 Dec '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 29-11-2013 18:00 − Montag 02-12-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** SMS-Angriff zwingt Nexus-Smartphones in die Knie *** --------------------------------------------- Der Empfang vieler Flash-SMS-Nachrichten soll Google-Nexus-Geräte rebooten. Davon betroffen sind auch Nexus-Smartphones mit aktuellem Android 4.4 (Kitkat). --------------------------------------------- http://www.heise.de/security/meldung/SMS-Angriff-zwingt-Nexus-Smartphones-i… *** Windows TIFF-Lücke bereits seit Juli ausgenutzt - Patch Fehlanzeige *** --------------------------------------------- Bereits im Sommer wurden E-Mails verschickt, die mit TIFF-Bildern eine kürzlich bekannt gewordene Windows-Lücke ausnutzten. Und während die Zahl dieser Schädlinge weiter wächst, gibt es immer noch keinen Patch vom Microsoft. --------------------------------------------- http://www.heise.de/security/meldung/Windows-TIFF-Luecke-bereits-seit-Juli-… *** Nachholbedarf beim Schutz von industriellen Kontrollsystemen *** --------------------------------------------- Sicherheitsprobleme mit industriellen Kontrollsystemen machen immer wieder Schlagzeilen. Das BSI gibt Betreibern nun mit einem 124-seitigen Leitfaden bewährte Methoden an die Hand, um ihre Systeme abzusichern. --------------------------------------------- http://www.heise.de/security/meldung/Nachholbedarf-beim-Schutz-von-industri… *** Important Security Update for D-Link Routers *** --------------------------------------------- D-Link has released an important security update for some of its older Internet routers. The patch closes a backdoor in the devices that could let attackers seize remote control over vulnerable routers. --------------------------------------------- krebsonsecurity.com/2013/12/important-security-update-for-d-link-routers/ *** File Sharing Apps Expose iOS To Security Risks - Trustwave *** --------------------------------------------- File sharing apps for Apple iOS mobile devices can potentially represent a security risk to users, according to a Trustwave security researcher. --------------------------------------------- http://www.techweekeurope.co.uk/news/researcher-file-sharing-apps-expose-io… *** Manipulation of hard drive firmware to conceal entire partitions *** --------------------------------------------- Tools created by the computer hacking community to circumvent security protection on hard drives can have unintentional consequences for digital forensics. Tools originally developed to circumvent Microsoft's Xbox 360 hard drive protection can be used, independently of the Xbox 360 system, to change the reported size/model of a hard drive enabling criminals to hide data from digital forensic software and hardware. --------------------------------------------- https://www.comp.glam.ac.uk/staff/kxynos/papers/read13-DI-HDD-manipulation.… *** Description of Cumulative Update 3 for Exchange Server 2013 *** --------------------------------------------- This article describes Cumulative Update 3 for Microsoft Exchange Server 2013 that provides the latest fixes for Exchange Server 2013 and contains stability and performance improvements. --------------------------------------------- http://support.microsoft.com/kb/2892464 *** Uptime Agent 5.0.1 Stack Overflow Vulnerability *** --------------------------------------------- Topic: Uptime Agent 5.0.1 Stack Overflow Vulnerability Risk: Medium Text:# Exploit Title: Up.Time Agent 5.0.1 Stack Overflow # Date: 28/11/2013 # Exploit Author: Denis Andzakovic # Vendor Homepage:... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013120009 *** Vuln: ABB MicroSCADA wserver.exe Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/63901 *** Vuln: Jenkins Exclusion Plugin CVE-2013-6373 Unspecified Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/63876 *** Google Nexus SMS Processing Flaw Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1029414

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily December 2013