Daily April 2013

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - Dienstag 30-04-2013
by Daily end-of-shift report 30 Apr '13

30 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-04-2013 18:00 − Dienstag 30-04-2013 18:00 Handler: Stephan Richter *** Yahoo! Browser for Android Address Bar Spoofing Weakness *** --------------------------------------------- https://secunia.com/advisories/53214 *** Ruggedcom ROS Hard-Coded RSA SSL Private Key Update *** --------------------------------------------- OverviewThis Updated Advisory is a follow-up to the original advisory titled ICSA-12-354-01 RuggedCom ROS Hard-Coded RSA SSL Private Key that was published December 18, 2012, on the ICS-CERT Web page.Independent researcher Justin W. Clarke of Cylance Inc., has identified the use of hard-coded RSA SSL private key in RuggedCom's Rugged Operating System (ROS). RuggedCom, an independent subsidiary of Siemens, has produced a new version of the ROS that mitigates this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A *** Admin beware: Attack hitting Apache websites is invisible to the naked eye *** --------------------------------------------- Newly discovered Linux/Cdorked evades detection by running in shared memory. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/MpO11h_pn5M/ *** Apache attack drives traffic to malware *** --------------------------------------------- Blackhole redirect served by modified daemon binary A security researcher is warning that an attack on the Apache Web server is increasingly showing up in the wild, and has published a free Python tool to check their configurations. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/30/apache_dcor… *** TinyMCE Ajax File Manager Remote Code Execution *youtube *** --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040207 *** phpMyAdmin 3.5.8 Authenticated Remote Code Execution Exploit *** --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040203 *** WordPress Easy AdSense Lite Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/52953 *** FreeBSD NFS Server Input Validation Bug May Let Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1028491 *** HP Service Manager Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53260 *** [TYPO3-announce] [TYPO3-dev] Announcing TYPO3 CMS 6.1.0 Final Release *** --------------------------------------------- http://typo3.org/download/release-notes/typo3-61-release-notes/ Next End-of-Shift report on 2013-05-02

1 0

Tageszusammenfassung - Montag 29-04-2013
by Daily end-of-shift report 29 Apr '13

29 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 26-04-2013 18:00 − Montag 29-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Dutchman Arrested in Spamhaus DDoS *** --------------------------------------------- A 35-year-old Dutchman thought to be responsible for launching whats been called "the largest publicly announced online attack in the history of the Internet" was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as "SK," was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization ... --------------------------------------------- http://krebsonsecurity.com/2013/04/dutchman-arrested-in-spamhaus-ddos/ *** McAfee ePolicy Orchestrator Input Validation Flaw Lets Remote Users Inject SQL Commands, Execute Arbitrary Code, and Upload Files *** --------------------------------------------- McAfee ePolicy Orchestrator Input Validation Flaw Lets Remote Users Inject SQL Commands, Execute Arbitrary Code, and Upload Files --------------------------------------------- http://www.securitytracker.com/id/1028479 *** Tracking PDF Usage Poses a Security Problem *** --------------------------------------------- Looking back this year's RSA Conference, you might have the feeling that the current threat landscape is primarily a series of advanced attacks. This concept includes well-known advanced persistent threats (APTs) and zero-day vulnerability exploits. To respond to this trend in threats, McAfee Labs has launched several innovative projects, one of which we call the advanced exploit detection system (AEDS). --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/tracking-pdf-usage-poses-a-security-pro… *** VMware security updates for vCenter Server VMSA-2013-0006 *** --------------------------------------------- VMware security updates for vCenter Server --------------------------------------------- https://www.vmware.com/support/support-resources/advisories/VMSA-2013-0006.… *** Hacker klauen Daten von 50 Millionen LivingSocial-Kunden *** --------------------------------------------- Aller Voraussicht nach sind Hacker in Besitz der auf den LivingSocial-Servern hinterlegten persönlichen Kundendaten gelangt. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-klauen-Daten-von-50-Millionen-L… *** The Importance of Strong Passwords on Social Media *** --------------------------------------------- Last Tuesday, April 23, the Twitter account of the Associated Press news agency was hacked and sent out a hoax tweet reporting that President Barack Obama had been injured by an explosion in the White House. Within seconds, Wall Street was in panic mode and US stock plunged. Situations like this illustrate once again the ... --------------------------------------------- http://pandalabs.pandasecurity.com/the-importance-of-strong-passwords-on-so… *** Manipulierte Apache-Binaries laden Schadcode *** --------------------------------------------- Sicherheitsunternehmen haben nach eigenen Angaben Hunderte von manipulierten Apache-Servern gefunden, die sich von Angreifern steuern lassen. Sie leiten Requests auf Malware- und Porno-Seiten um. --------------------------------------------- http://www.heise.de/security/meldung/Manipulierte-Apache-Binaries-laden-Sch… *** BOINC Multiple vulnerabilities *** --------------------------------------------- Topic: BOINC Multiple vulnerabilities Risk: Medium Text:There have been various recent(-ish) vulnerabilities found in the BOINC software for desktop grid computing. The major project... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040196 *** D-Link DIR-635 change password security bypass *** --------------------------------------------- D-Link DIR-635 change password security bypass --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83832 *** Gegen selbst-aktualisierende Apps: Googles Play Store schafft eine "Lex Facebook" *** --------------------------------------------- Im März brachte Facebook erste Updates für seine Android-App heraus, die am Play Store vorbei geschleust wurden. Jetzt hat der Play Store seine Entwickler-Richtlinien geändert. Updates sind nur über den Play Store legitim. --------------------------------------------- http://www.heise.de/security/meldung/Gegen-selbst-aktualisierende-Apps-Goog… *** Library of Malware Traffic Patterns *** --------------------------------------------- Traffic analysis has been the primary method of malware identification and thousands of IDS signatures developed are the daily proof. Signatures definitely help but ability to visually recognize malware traffic patterns and see the trends when they change has been always an important skill for anyone tasked with network defense. --------------------------------------------- http://www.deependresearch.org/2013/04/library-of-malware-traffic-patterns.… *** C&C Servers Reconfigured to Make Them More Advanced *** --------------------------------------------- FireEye, which recently released a report The Advanced Cyber Attack Landscape describes cyber-criminals as doing better in bypassing identification by constantly changing the configurations of their central C&C structures so foremost malware is able to establish communication with localized C&C infrastructures, meaning the identical nation-based infrastructures where the newly-contaminated computers are situated, ... --------------------------------------------- http://www.spamfighter.com/News-18322-CC-Servers-Reconfigured-to-Make-Them-… *** The Security Risks of Unlocking Your Android Phone's Bootloader *** --------------------------------------------- ndroid geeks often unlock their bootloaders to root their devices and install custom ROMs. But there's a reason devices come with locked bootloaders unlocking your bootloader creates security risks. --------------------------------------------- http://www.howtogeek.com/142502/htg-explains-the-security-risks-of-unlockin… *** The Latest Java Exploit with Security Prompt/Warning Bypass (CVE-2013-2423) *** --------------------------------------------- >From Java SE 7 update 11 oracle has introduced a new security features called security warning that prompts a window every time an applet request for execution. --------------------------------------------- http://security-obscurity.blogspot.co.at/2013/04/the-latest-java-exploit-wi…

1 0

Tageszusammenfassung - Freitag 26-04-2013
by Daily end-of-shift report 26 Apr '13

26 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 25-04-2013 18:00 − Freitag 26-04-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Bugtraq: Nginx ngx_http_close_connection function integer overflow *** --------------------------------------------- http://www.securityfocus.com/archive/1/526439 *** Anti-Phishing Workgroup Publishes 2012 Global Phishing Report. Download here: http://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2012.pdf, (Thu, Apr 25th) *** --------------------------------------------- -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15683&rss *** Vulnerability in Citrix NetScaler Access Gateway Enterprise Edition Could Result in Unauthorized Access to Network Resources *** --------------------------------------------- A vulnerability has been identified in NetScaler Access Gateway Enterprise Edition that could allow a remote attacker to gain unauthorized access to internal network resources. --------------------------------------------- http://support.citrix.com/article/ctx137238 *** HPSBPI02868 SSRT101017 rev.1 - HP Managed Printing Administration (MPA), Remote Cross Site Scripting (XSS) *** --------------------------------------------- A potential security vulnerability has been identified with HP Managed Printing Administration (MPA). The vulnerability could be exploited remotely resulting in cross site scripting (XSS). --------------------------------------------- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c037… *** Multiple HP LaserJet products unauthorized access *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83817 *** VMSA-2013-0006 VMware security updates for vCenter Server *** --------------------------------------------- VMware has updated vCenter Server Appliance (vCSA) and vCenter Server running on Windows to address multiple security vulnerabilities. --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2013-0006.html *** IBM Security Bulletin: Vulnerabilities in AppScan Standard *** --------------------------------------------- The IBM Security AppScan Standard 8.6 (previously known as IBM Rational AppScan Standard Edition) release includes fixes to two security vulnerabilities. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21609022 *** Security Bulletin: Vulnerability in Sametime Links (CVE-2013-0533) *** --------------------------------------------- Sametime Links can be exploited to create a DOM-based XSS vulnerability. A fix is provided. CVE(s): CVE-2013-0533 Affected product(s) and affected version(s): Sametime Links 8.0.2, 8.5, 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1 server on any platform. Refer to the following reference URLs for remediation and additional vulnerability details. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul… *** Possible Exploit Vector for DarkLeech Compromises *** --------------------------------------------- Often it is quite surprising how long old, well-known vulnerabilities continue to be exploited. Recently, a friend sent me an example of a malicious script used in an attempted attack against their server:... --------------------------------------------- http://blogs.cisco.com/security/possible-exploit-vector-for-darkleech-compr…

1 0

Tageszusammenfassung - Donnerstag 25-04-2013
by Daily end-of-shift report 25 Apr '13

25 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 24-04-2013 18:00 − Donnerstag 25-04-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Multiple Vulnerabilities in Cisco NX-OS-Based Products *** --------------------------------------------- Multiple Vulnerabilities in Cisco NX-OS-Based Products --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Cisco Device Manager Command Execution Vulnerability *** --------------------------------------------- Cisco Device Manager Command Execution Vulnerability --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Multiple Vulnerabilities in Cisco Unified Computing System *** --------------------------------------------- Multiple Vulnerabilities in Cisco Unified Computing System --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Apache CloudStack Multiple vulnerabilities *** --------------------------------------------- Topic: Apache CloudStack Multiple vulnerabilities Risk: High Text:Product: Apache CloudStack Vendor: The Apache Software Foundation CVE References: CVE-2013-2756, CVE-2013-2758 Vulnerability... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040178 *** phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution *** --------------------------------------------- Topic: phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution Risk: High Text:[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin = Author: Janek Vind "waraxe" Date... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040179 *** Travnet Botnet Steals Huge Amount of Sensitive Data *** --------------------------------------------- In a McAfee Labs blog by my colleague Vikas Taneja last month, he discussed high-level functioning in the malware Travnet. Since then we have continued to analyze different samples and now classify Travnet as a botnet rather than a Trojan because of the presence of control code, and the malware's ability to wait for further commands from the malicious control server. --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-se… *** Joomla! Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53202 *** ALFContact component for Joomla! unspecified cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83765 *** Citrix CloudPlatform Multiple Security Bypass Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53204

1 0

Tageszusammenfassung - Mittwoch 24-04-2013
by Daily end-of-shift report 24 Apr '13

24 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-04-2013 18:00 − Mittwoch 24-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Kenneth van Wyk: Making safer iOS apps *** --------------------------------------------- When it comes to developing secure apps for the iOS operating system, theres both good and bad news. Lets get the bad news out of the way first. There are a lot of apps out there, including ones developed by various businesses for their customers to use, that have egregious and easy-to-avoid security vulnerabilities. --------------------------------------------- https://www.computerworld.com/s/article/9238618/Kenneth_van_Wyk_Making_safe… *** Encrypted Disk Detector - Useful during incident response to quickly and non-intrusively check for encrypted volumes *** --------------------------------------------- Encrypted Disk Detector - Useful during incident response to quickly and non-intrusively check for encrypted volumes --------------------------------------------- http://info.magnetforensics.com/encrypted-disk-detector *** Serial Offenders: Widespread Flaws in Serial Port Servers *** --------------------------------------------- Serial Offenders: Widespread Flaws in Serial Port Servers --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/04/23/serial-of… *** CVE-2013-2423 Java Vulnerability Exploit ITW *** --------------------------------------------- A few days after Oracle released a critical patch, CVE-2013-2423 is found to already been exploited. Upon checking the history, the exploitation seems to have begun on April 21st and is still actively happening until a few hours ago:For a closer look, the image below contains a comparison of the classes found in the Metasploit module and that of the ITW sample:Interestingly, the Metasploit module was published on the 20th, and as mentioned earlier, the exploit was seen in the wild the day --------------------------------------------- http://www.f-secure.com/weblog/archives/00002544.html *** Malware Callbacks *** --------------------------------------------- Today we released our first-ever analysis of malware callbacks. Our report can be accessed here: http://www2.fireeye.com/WEB2013ATLReport.html. FireEye monitored more than 12 million malware communications seeking instructions—or callbacks—across hundreds of thousands of infected enterprise hosts, capturing details of advanced attacks as … Continue reading → --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2013/04/malware-call… *** Schneider Electric MiCOM S1 Studio Improper Authorization Vulnerability *** --------------------------------------------- OverviewThis advisory provides mitigation details for a vulnerability affecting the Schneider Electric MiCOM S1 Studio Software. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-100-01 *** 3S CODESYS Gateway-Server Multiple Vulnerabilities (Update A) *** --------------------------------------------- OverviewThis updated advisory is a follow-up to the original advisory titled ICSA-13-050-01, 3S CODESYS Gateway-Server Multiple Vulnerabilities that was published February 19, 2013, on the ICS-CERT Web page.This updated advisory provides mitigation details for multiple vulnerabilities in the 3S-Smart Software Solutions GmbH CODESYS Gateway-Server. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A *** OpenText/IXOS ECM for SAP NetWeaver Remote ABAP Code Injection *** --------------------------------------------- Topic: OpenText/IXOS ECM for SAP NetWeaver Remote ABAP Code Injection Risk: High Text:[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to http://www.esnc.de for the... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040165 *** ClamAV Unspecified Vulnerabilities *** --------------------------------------------- ClamAV Unspecified Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53150 *** FSC-2013-1: Remote code execution vulnerability in DLL component *** --------------------------------------------- A vulnerability in a legacy DLL component related to ActiveX control, in certain F-Secure’s server products, allows arbitrary connections to be made to the ODBC drivers when using the Internet Explorer (IE) web browser. If the local server is running using local authentication, an attacker may be able to execute arbitrary SQL statements. --------------------------------------------- http://www.f-secure.com/en/web/labs_global/fsc-2013-1 *** Joomla! ALFContact Component Unspecified Cross-Site Scripting Vulnerability *** --------------------------------------------- Joomla! ALFContact Component Unspecified Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/53147 *** Verizon 2013 Data Breach Investigations Report *** --------------------------------------------- This year’s DBIR combines the expertise of 19 organizations from around the globe. Download the report to discover stats that might surprise you—from the percentage of espionage-related attacks to the astonishing length of time it often takes to spot a security breach. By knowing today’s threats, you can better protect your organization tomorrow. --------------------------------------------- http://www.verizonenterprise.com/DBIR/2013/ *** Wordpress: Gefährliche Lücken in Cache-Plug-Ins *** --------------------------------------------- Zwei millionenfach genutzte Wordpress-Plug-Ins können für das Ausführen beliebigen Codes ausgenutzt werden. Die Lücken sind gestopft, jetzt muss gepatcht werden! --------------------------------------------- http://www.heise.de/security/meldung/Wordpress-Gefaehrliche-Luecken-in-Cach… *** CiviCRM Multiple Products Open Flash Chart Arbitrary File Creation Vulnerability *** --------------------------------------------- CiviCRM Multiple Products Open Flash Chart Arbitrary File Creation Vulnerability --------------------------------------------- https://secunia.com/advisories/53158 *** Interesting Credit Card transactions, are you seeing similar?, (Wed, Apr 24th) *** --------------------------------------------- In my day job we get involved in payment systems, credit card transactions etc. We are also asked to investigate and explain incidents as well as "unusual" activity. When looking at credit card payments there are always payments for people like lkjsdflkjs and "famous person name", usually small value transactions $2, $5, $10 although recently weve started seeing $60 transactions. These are easily identified and the motive is very clear, test the card. If the transaction --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15671&rss

1 0

Tageszusammenfassung - Dienstag 23-04-2013
by Daily end-of-shift report 23 Apr '13

23 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 22-04-2013 18:00 − Dienstag 23-04-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Cisco Firewall Services Module time-range Object Security Bypass Security Issue *** --------------------------------------------- Cisco Firewall Services Module time-range Object Security Bypass Security Issue --------------------------------------------- https://secunia.com/advisories/53140 *** Cisco ASA Software time-range Object Security Bypass Security Issue *** --------------------------------------------- Cisco ASA Software time-range Object Security Bypass Security Issue --------------------------------------------- https://secunia.com/advisories/53131 *** CAPTCHA-solving Russian email account registration tool helps facilitate cybercrime *** --------------------------------------------- By Dancho Danchev Just how challenged are cybercriminals when they’re being exposed to CAPTCHAs in 2013? Not even bothering to “solve the problem” by themselves anymore, thanks to the cost-efficient, effective, and fully working process of outsourcing the CAPTCHA solving process to humans thereby allowing the cybercriminals to abuse any given Web property, as if it were multiple [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/SpUsORYAF3o/ *** MyBB Multiple Vulnerabilities *** --------------------------------------------- MyBB Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/52828 *** VirusTotal += PCAP Analyzer *** --------------------------------------------- VirusTotal is a greedy creature, one of its gluttonous wishes is to be able to understand and characterize all the races it encounters, it already understood the insurgent collective of Portable Executables, the greenish creatures known as Android APKs, the talkative PDF civilization, etc. as of today it also figures out PCAPs, a rare group of individuals obsessed with recording everything they see. --------------------------------------------- http://blog.virustotal.com/2013/04/virustotal-pcap-analyzer.html *** Crypto guru: Dont blame users, get coders security training instead *** --------------------------------------------- Murdochs infosec man adds arrogant techies also vulnerable Infosec 2013 Experts on both sides of the vendor-customer divide in the UK and a US cryptographer are at odds over whether or not security training is a waste of time.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/23/security_aw…

1 0

Tageszusammenfassung - Montag 22-04-2013
by Daily end-of-shift report 22 Apr '13

22 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 19-04-2013 18:00 − Montag 22-04-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** OpenStack keystone.conf insecure file permissions *** --------------------------------------------- Topic: OpenStack keystone.conf insecure file permissions Risk: Medium Text:As reported: https://bugs.launchpad.net/keystone/+bug/1168252 The password configuration of LDAP and admin_token in keystone... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Y9fS7PiNeIM/WLB-20… *** nginx Arbitrary Code Execution NullByte Injection *** --------------------------------------------- Topic: nginx Arbitrary Code Execution NullByte Injection Risk: Low Text:# Exploit Title: nginx Arbitrary Code Execution NullByte Injection # Date: 24/08/2011 # Exploit Author: Neal Poole # Vendor ... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040142 *** Vuln: Opera Web Browser Information Disclosure and Unspecified Vulnerabilities *** --------------------------------------------- Opera Web Browser Information Disclosure and Unspecified Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/58864 *** libxml2 Multiple Use-After-Free Vulnerabilities *** --------------------------------------------- Topic: libxml2 Multiple Use-After-Free Vulnerabilities Risk: Medium Text:1) An use-after-free error in "htmlParseChunk()" can be exploited to dereference already freed memory. 2) Two use-after-free... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/yn55M8Cmawk/WLB-20… *** Family of “BadNews” malware in Google Play downloaded up to 9 million times *** --------------------------------------------- Apps steal sensitive data, push SMS app that racks up charges to pricey service. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/hS0_oWvBHPU/ *** A Chargen-based DDoS? Chargen is still a thing?, (Sun, Apr 21st) *** --------------------------------------------- In the recent few days there was another denial of service attack launched at financial organizations. (Yeah, I know, DDoS on a bank, thats *totally* never happens). What is newsworthy isnt that it happened, it was the means used to execute the attack. Specifically, the organizations were flooded with UDP port 19 traffic which is the chargen protocol. I am not sure Ive ever seen a legitimate use of this protocol or encountered a machine that had it on intentionally before. For review, chargen... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15647&rss *** ownCloud Server 5.0.x/4.5.x XSS and Privilege escalation *** --------------------------------------------- Topic: ownCloud Server 5.0.x/4.5.x XSS and Privilege escalation Risk: Medium Text:This vulnerabilities only affect ownCloud Server 5.0.x and 4.5.x, the 4.0.x branch is not affected and still supported with se... --------------------------------------------- http://cxsecurity.com/wlb/WLB-2013040156 *** Und täglich grüßt die Router-Lücke *** --------------------------------------------- Belkin, D-Link, Linksys, Netgear, Sitecom, TP-Link – es gibt kaum Hersteller, die bei der Firmware-Entwicklung nicht patzen. Es ist nach wie vor schockierend, was für mitunter haarsträubende Schwachstellen in verbreiteten Router-Modellen schlummern. --------------------------------------------- http://www.heise.de/security/meldung/Und-taeglich-gruesst-die-Router-Luecke… *** Avaya Communication Manager OpenSSL and glibc Vulnerabilities *** --------------------------------------------- Avaya Communication Manager OpenSSL and glibc Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53166 *** 8 tips for a security incident handling plan *** --------------------------------------------- Most of us know that there is no such thing as 100% security, and that - unfortunately - its only a matter of time until a security incident occurs. Despite this, its rare to see a good incident response process and plan in place. --------------------------------------------- http://nakedsecurity.sophos.com/2013/04/20/tips-incident-handling-plan/ *** McAfee Security Bulletin - ePO update fixes two vulnerabilities *** --------------------------------------------- Five separate CVE reports of potential ePO vulnerabilities were reported: CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487. Collectively, these vulnerabilities could allow unauthorized disclosure of information, unauthorized modification, or disruption of service. ePO is not vulnerable to any of these CVE vulnerabilities. --------------------------------------------- https://kc.mcafee.com/corporate/index?page=content&id=SB10041 *** Cisco Unified Contact Center Express Editor Information Disclosure Vulnerability *** --------------------------------------------- A vulnerability in the scripts editor software of the Cisco Unified Contact Center Express (Cisco Unified CCX) could allow an unauthenticated, remote attacker to have read access to scripts that are stored in the Cisco Unified CCX scripts repository. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=29050 *** Firefox FirePHP Extension Arbitrary Command Execution Weakness *** --------------------------------------------- Firefox FirePHP Extension Arbitrary Command Execution Weakness --------------------------------------------- https://secunia.com/advisories/53163 *** Global Mapper Insecure Library Loading Vulnerability *** --------------------------------------------- Global Mapper Insecure Library Loading Vulnerability --------------------------------------------- https://secunia.com/advisories/51510 *** DDoS Strikes Take EU Banks Offline *** --------------------------------------------- Experts Say Outages Not Linked to U.S. Attacks Distributed-denial-of-service attacks against banking institutions are becoming a global concern, and experts say many organizations outside the U.S. financial-services sector are ill-equipped to defend themselves. DDoS strikes have taken down online-banking sites in Northern Europe in recent days and weeks, several security experts say. Scott Hammack, CEO of DDoS-mitigation provider Prolexic, says... --------------------------------------------- http://www.bankinfosecurity.com/ddos-strikes-take-eu-banks-offline-a-5701/o… *** Bugtraq: [SE-2012-01] Yet another Reflection API flaw affecting Oracles Java SE *** --------------------------------------------- [SE-2012-01] Yet another Reflection API flaw affecting Oracles Java SE --------------------------------------------- http://www.securityfocus.com/archive/1/526415 *** Security Bulletin: IBM InfoSphere Data Replication Dashboard Username Enumeration (CVE-2013-0584) *** --------------------------------------------- A remote, unauthenticated user can enumerate a list of InfoSphere Data Replication Dashboard user accounts including which accounts do not require a password. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21634798 *** A Primer on IPv4, IPv6 and Transition *** --------------------------------------------- There is something badly broken in todays Internet. At first blush that may sound like a contradiction in terms, or perhaps a wild conjecture intended only to grab your attention to get you to read on. After all, the Internet is a modern day technical marvel. In just a couple of decades the Internet has not only... --------------------------------------------- http://www.circleid.com/posts/20130421_a_primer_on_ipv4_ipv6_and_transition/ *** Security Advisory-The AR Abnormally Resets When Receiving Special DHCP Packets *** --------------------------------------------- Apr 20, 2013 14:38 --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** WordPress - Vulnerabilities in multiple Plugins *** --------------------------------------------- WordPress All in One Webmaster Plugin Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/52877 WordPress FourSquare Checkins Plugin Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/53151 WordPress Facebook Members Plugin Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/52962 WordPress W3 Total Cache Arbitrary Code Execution Vulnerability --------------------------------------------- https://secunia.com/advisories/53052

1 0

Tageszusammenfassung - Freitag 19-04-2013
by Daily end-of-shift report 19 Apr '13

19 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 18-04-2013 18:00 − Freitag 19-04-2013 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Yes, “design flaw” in 1Password is a problem, just not for end users *** --------------------------------------------- It may very well be time for a new and improved hashing function. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/p6YJzwrXgpU/ *** SAP ConfigServlet command execution *** --------------------------------------------- SAP ConfigServlet command execution --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83637 *** IBM Lotus Connections reflected cross-site scripting *** --------------------------------------------- IBM Lotus Connections reflected cross-site scripting --------------------------------------------- http://xforce.iss.net/xforce/xfdb/82265 *** Microsoft releases 4 of Enhanced Mitigation Experience Toolkit (EMET), More here: http://www.microsoft.com/en-us/download/details.aspx?id=38761, (Thu, Apr 18th) *** --------------------------------------------- -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15635&rss *** ISC Handler Lenny Zeltsers REMnux v4 Reviewed on Hak5, (Thu, Apr 18th) *** --------------------------------------------- Earlier this money, Lenny released version 4 of REMnux, a lightweight Ubuntu Linux-based distro for analyzing malware. It was recently reviewed on Hak5. Take a look and if you havent already, download the image and send Lenny your feedback. -- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15638&rss *** Novell GroupWise WebAccess Input Validation Flaw in OnError Attribute Permits Cross-Site Scripting Attacks *** --------------------------------------------- Novell GroupWise WebAccess Input Validation Flaw in OnError Attribute Permits Cross-Site Scripting Attacks --------------------------------------------- http://www.securitytracker.com/id/1028454 *** Xen denial of service *** --------------------------------------------- Xen denial of service --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83645 http://xforce.iss.net/xforce/xfdb/83646 *** SWFUpload v.ALL <= (Object Injection/CSRF) Vulnerabilities *** --------------------------------------------- Topic: SWFUpload v.ALL --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/jQYLW7Im9Hg/WLB-20… *** Vuln: Drupal MP3 Player Module Cross Site Scripting Vulnerability *** --------------------------------------------- Drupal MP3 Player Module Cross Site Scripting Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/59276 *** Vuln: Drupal elFinder Module Cross Site Request Forgery Vulnerability *** --------------------------------------------- Drupal elFinder Module Cross Site Request Forgery Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/59277 *** WordPress attack highlights 30 million targets *** --------------------------------------------- Summary: The recent botnet attack on websites running WordPress hasnt had much impact — yet. But with millions of vulnerable sites and a knowledge gap at the low end of the market, things could get much, much worse. --------------------------------------------- http://www.zdnet.com/wordpress-attack-highlights-30-million-targets-7000014… *** Using Nessus to Discover Malware and Botnet Hosts *** --------------------------------------------- ...Tenable has released several plugins to identify hosts in your environment that show signs of a compromise such as containing malware or participating in a botnet. The steps below outline which plugins to enable and how to create filters to easily find the relevant plugins... --------------------------------------------- http://www.tenable.com/blog/using-nessus-to-discover-malware-and-botnet-hos… *** OpenPGP Best Practices *** --------------------------------------------- Some thoughts on best practices for OpenPGP keys --------------------------------------------- https://we.riseup.net/debian/openpgp-best-practices *** Facebook closes cross-site scripting holes *** --------------------------------------------- Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Securitys CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its "Check in" and Messenger for Windows components. --------------------------------------------- http://www.h-online.com/security/news/item/Facebook-closes-cross-site-scrip… *** Microsoft Discovers Trojan That Erases Evidence Of Its Existence *** --------------------------------------------- Researchers at Microsoft have spotted a Trojan downloader that does something very savvy yet rare: It deletes its own components so researchers and forensics investigators cant analyze or identify it. --------------------------------------------- http://www.darkreading.com/vulnerability/microsoft-discovers-trojan-that-er… *** Hitachi Vulnerabilities in Multiple Products *** --------------------------------------------- Hitachi Multiple Products Apache HTTP Server Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/52990 https://secunia.com/advisories/53136 https://secunia.com/advisories/53139 *** Bugtraq: TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation *** --------------------------------------------- TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation --------------------------------------------- http://www.securityfocus.com/archive/1/526403

1 0

Tageszusammenfassung - Donnerstag 18-04-2013
by Daily end-of-shift report 18 Apr '13

18 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 17-04-2013 18:00 − Donnerstag 18-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Cisco Network Admission Control Manager SQL Injection Vulnerability *** --------------------------------------------- Cisco Network Admission Control (NAC) Manager contains a vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code and take full control of the vulnerable system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Sitecom WLM-3500 Backdoor Accounts *** --------------------------------------------- Sitecom WLM-3500 routers contain an undocumented access backdoor that can be abused to bypass existing authentication mechanisms. These hard-coded accounts are persistently stored inside the device firmware image. --------------------------------------------- https://cxsecurity.com/wlb/WLB-2013040131 *** Open-Xchange 6 / OX AppSuite Cross Site Scripting *** --------------------------------------------- Open-Xchange Security Advisory (multiple vulnerabilities) Multiple security issues for Open-Xchange Server 6 and OX AppSui... --------------------------------------------- https://cxsecurity.com/wlb/WLB-2013040130 *** ZPanel Code Execution *** --------------------------------------------- Theres an arbitrary (PHP) code execution in ZPanel, a free and open-source shared hosting control panel. --------------------------------------------- https://cxsecurity.com/wlb/WLB-2013040127 *** DIY Russian mobile number harvesting tool spotted in the wild *** --------------------------------------------- By Dancho Danchev Earlier this year we profiled a newly released mobile/phone number harvesting application, a common tool in the arsenal of mobile spammers, as well as vendors of mobile spam services. Since the practice is an inseparable part of the mobile spamming process, cybercriminals continue periodically releasing new mobile number harvesting applications, update their features, but most interestingly.. --------------------------------------------- http://blog.webroot.com/2013/04/18/diy-russian-mobile-number-harvesting-too… *** Exploiting SOHO Routers *** --------------------------------------------- Researchers have discovered critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points. We define a critical security vulnerability in a router as one that allows a remote attacker to take full control of the routers configuration settings, or one that allows a local attacker to bypass authentication and take control. --------------------------------------------- http://securityevaluators.com//content/case-studies/routers/soho_router_hac… *** Oracle schließt 128 Lücken in Datenbankprodukten *** --------------------------------------------- Die Updates verteilen sich quer über das gesamte Produktspektrum des Herstellers; allein 25 betreffen die Open-Source-Datenbank MySQL. --------------------------------------------- http://www.heise.de/security/meldung/Oracle-schliesst-128-Luecken-in-Datenb… *** Microsoft Security Intelligence Report Vol. 14 *** --------------------------------------------- The Microsoft Security Intelligence Report (SIR) analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide. Threat awareness can help you protect your organization, software, and people. --------------------------------------------- https://www.microsoft.com/security/sir/default.aspx *** Bostoner Attentat wird für neue Spamwelle missbraucht *** --------------------------------------------- Zehn bis zwanzig Prozent des gesamten Spam-Aufkommens soll der "Boston Spam" schon ausmachen. Die Kriminellen starten falsche Twitter-Accounts zur "Spendenaquise" und lenken Nutzer auf verseuchte Webseiten. --------------------------------------------- http://www.heise.de/security/meldung/Bostoner-Attentat-wird-fuer-neue-Spamw… https://www.cert.at/services/blog/20130417110508-824.html *** Cyberthugs put YOUR PC to work as Bitcoin-mining SLAVE *** --------------------------------------------- E-currency just went mainstream The recent crash in the value of Bitcoins hasnt prevented cybercriminals from cooking up new ways to distribute malware engineered to mine the currency using compromised computers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/18/bitcoin_min… *** Magic mystery malware menaces many UK machines - new claim *** --------------------------------------------- Who exactly is spying on thousands of Brit biz PCs? Security researchers have found malware that communicates using an unknown protocol and is largely targeting UK businesses. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/04/18/magic_malwa… *** Plone Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability has been reported in Plone, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/52955

1 0

Tageszusammenfassung - Mittwoch 17-04-2013
by Daily end-of-shift report 17 Apr '13

17 Apr '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 16-04-2013 18:00 − Mittwoch 17-04-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** NQ Mobile: Android Malware Doubled in 2012 *** --------------------------------------------- Throw another log onto the proverbial Android malware fire: According to mobile security firm NQ Mobile, infections targeting devices running the Google-based operating system doubled in 2012. That translates to a 163 percent increase from 2011 and accounts for over 65,000 different types of malware discovered, up 30,000 from 25,000 the year before.read more --------------------------------------------- https://threatpost.com/en_us/blogs/nq-mobile-android-malware-doubled-2012-0… *** SAP BASIS Communication Services Command Execution *** --------------------------------------------- Topic: SAP BASIS Communication Services Command Execution Risk: High Text: [ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services Please refer to www.esnc.de for the origin... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/uQXsNLsq7cM/WLB-20… *** Fueled by super botnets, DDoS attacks grow meaner and ever-more powerful *** --------------------------------------------- Average amount of bandwidth used in DDoS attacks spiked eight-fold last quarter. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/QTLIjglO7vc/ *** MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data *** --------------------------------------------- MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data --------------------------------------------- http://www.securitytracker.com/id/1028449 *** A peek inside a (cracked) commercially available RAT (Remote Access Tool) *** --------------------------------------------- By Dancho Danchev In an attempt to add an additional layer of legitimacy to their malicious software, cybercriminals sometimes simply reposition them as Remote Access Tools, also known as R.A.Ts. What they seem to be forgetting is that, no legitimate Remote Access Tool would posses any spreading capabilities, plus, has the capacity to handle tens of [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/iV7a86XP2vA/ *** Apple aktualisiert Safari und Java-6-Unterstützung *** --------------------------------------------- Apple hat in der Nacht zum Mittwoch seinen Web-Browser mit einer neuen Sicherheitsfunktion ausgestattet, mit der Java-Applets Website-spezifisch freigegeben werden können. Außerdem wurde ein neuerliches Java-6-Update veröffentlicht. --------------------------------------------- http://www.heise.de/security/meldung/Apple-aktualisiert-Safari-und-Java-6-U… *** 90% of game hacks and cracks contain malware *** --------------------------------------------- Computer and online gaming is big business for companies creating the games, but a considerable drain on the finances of gamers, so it should not come as a surprise that many of the latter decide against buying games and add-ons, choosing instead to download cracked games, keygens, patches and more from torrent or file-sharing sites. --------------------------------------------- https://www.net-security.org/malware_news.php?id=2468 *** Oracle Java Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious, local users to manipulate certain data and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53008 *** Linksys WRT54GL Cross-Site Request Forgery Vulnerability *** --------------------------------------------- The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. upload a firmware image when a logged-in administrative user visits a specially crafted web page. --------------------------------------------- https://secunia.com/advisories/53068 *** The beginners guide to breaking website security with nothing more than a Pineapple *** --------------------------------------------- You know how security people get all uppity about SSL this and SSL that? Stuff like posting creds over HTTPS isn't enough, you have to load login forms over HTTPS as well and then you can't send auth cookies over HTTP because they'll get sniffed and sessions hijacked and so on and so forth. --------------------------------------------- http://www.troyhunt.com/2013/04/the-beginners-guide-to-breaking-website.html *** ACLU asks feds to probe wireless carriers over Android security updates *** --------------------------------------------- Civil liberties advocates have asked the US Federal Trade Commission to take action against the nations four major wireless carriers for selling millions of Android smartphones that never, or only rarely, receive updates to patch dangerous security vulnerabilities. --------------------------------------------- http://arstechnica.com/security/2013/04/wireless-carriers-deceptive-and-unf… *** Boston-Related Malware Campaigns Have Begun, (Wed, Apr 17th) *** --------------------------------------------- About mid-afternoon yesterday (Central time - US), Boston related spam campaigns have begun. The general "hook" is that it sends a URL with a subject about the video from the explosions. Similar to when Osama Bin Laden was killed and fake images were used as a hook, in this case, the video is relevant to the story and being used as a hook. Right now, very roughly 10-20% of all spam is related to this (some spamtraps reporting more, some less). Similar IPs have also been sending pump --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15629&rss

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily April 2013