Daily June 2013

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - Freitag 28-06-2013
by Daily end-of-shift report 28 Jun '13

28 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-06-2013 18:00 − Freitag 28-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Apache XML Security XPointer Expressions Processing Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability has been reported in Apache XML Security, which can be exploited by malicious people to compromise an application using the library. --------------------------------------------- https://secunia.com/advisories/53959 *** April-June 2013 *** --------------------------------------------- The “ICS-CERT Monitor” newsletter offers a means of promoting preparedness, information sharing, and collaboration with the 16 critical infrastructure sectors. ICS‑CERT accomplishes this on a day-to-day basis through sector briefings, meetings, conferences, and information product releases. --------------------------------------------- http://ics-cert.us-cert.gov/monitors/ICS-MM201306 *** Citadel Trojan Variant Delivers Localized Content, Targets Amazon Customers *** --------------------------------------------- A new variant of the Citadel banking malware was discovered, this one delivering localized content for European targets that include not only banks but major ecommerce sites such as Amazon. --------------------------------------------- http://threatpost.com/citadel-trojan-variant-delivers-localized-content-tar… *** One-click/key attack forces IE and Chrome to execute malicious code *** --------------------------------------------- Minimal user interaction increases chances that social engineering will succeed. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/siZrFBsO_0E/ *** Ruby Certificate Hostname Validation Flaw Lets Remote Users Spoof SSL Servers *** --------------------------------------------- A vulnerability was reported in Ruby. A remote user can spoof SSL servers. --------------------------------------------- http://www.securitytracker.com/id/1028714 *** Bugtraq: Mobile USB Drive HD 1.2 - Arbitrary File Upload Vulnerability *** --------------------------------------------- The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the Mobile USB Drive HD v1.2 apple iOS application. --------------------------------------------- http://www.securityfocus.com/archive/1/526997 *** Bugtraq: eFile Wifi Transfer Manager 1.0 iOS - Multiple Vulnerabilities *** --------------------------------------------- The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the eFile Wifi Manager v1.0 iOS mobile application. --------------------------------------------- http://www.securityfocus.com/archive/1/526995 *** Bugtraq: Re: Re: EMC Avamar: World writable cache files *** --------------------------------------------- Due to a vulnerability, described in detail below, the Avamar client leaves certain directories and files as world writable. The presence of world writable directories and files may inadvertently result in elevation of privileges by a user who has access to the local file system. --------------------------------------------- http://www.securityfocus.com/archive/1/526996 *** Bugtraq: Barracuda CudaTel 2.6.02.04 - Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/526999 http://www.securityfocus.com/archive/1/527000 *** Xerox WorkCube / Xerox ColorQube Unspecified Vulnerabilities *** --------------------------------------------- Some vulnerabilities with an unknown impact have been reported in Xerox WorkCube and Xerox ColorQube. --------------------------------------------- https://secunia.com/advisories/54005 *** Criminals sell access to rooted servers via online shop *** --------------------------------------------- Researchers have discovered an online store where criminals sell access to hacked servers, another cautionary example of miscreants commercialization of stolen data. --------------------------------------------- http://www.scmagazine.com//criminals-sell-access-to-rooted-servers-via-onli… *** Cisco ASA Next-Generation Firewall Services Fragmented Traffic Denial of Service Vulnerability *** --------------------------------------------- A vulnerability has been reported in Cisco ASA Next-Generation Firewall Services, which can be exploited by malicious people to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/53971

1 0

Tageszusammenfassung - Donnerstag 27-06-2013
by Daily end-of-shift report 27 Jun '13

27 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 26-06-2013 18:00 − Donnerstag 27-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Windows 8.1: Defender mit Verhaltenserkennung *** --------------------------------------------- Mit dem kommenden Windows-Upgrade rüstet Microsoft zahlreiche Security-Features nach. Einige sind längst überfällig, andere innovativ. Auf der TechEd Europe ging das Unternehmen ins Detail. --------------------------------------------- http://www.heise.de/security/meldung/Windows-8-1-Defender-mit-Verhaltenserk… *** Styx Exploit Kit Takes Advantage of Vulnerabilities *** --------------------------------------------- Web-based malware has increased over the last few years due to an abrupt spike in new exploit kits. These kits target vulnerabilities in popular applications and provide an effective way for cybercriminals to distribute malware. We have already discussed Red Kit, a common exploit kit. Recently McAfee Labs has observed an increase in the prevalence Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/styx-exploit-kit-takes-advantage-of-vul… *** Attackers sign malware using crypto certificate stolen from Opera Software *** --------------------------------------------- A "few thousand" users may have automatically installed malware signed by expired cert. --------------------------------------------- http://arstechnica.com/security/2013/06/attackers-sign-malware-using-crypto… *** Gezielter Phishing-Angriff auf Eset-Kunden *** --------------------------------------------- Kunden des Antiviren-Software-Herstellers Eset erhalten momentan sehr gut gemachte Phishing-Mails, mit denen Kreditkartendaten geklaut werden sollen. --------------------------------------------- http://www.heise.de/security/meldung/Gezielter-Phishing-Angriff-auf-Eset-Ku… *** Analysis: Redirects in Spam *** --------------------------------------------- We will look at the most popular spammer tricks that use redirects and the most widely used types of redirect. --------------------------------------------- http://www.securelist.com/en/analysis/204792295/Redirects_in_Spam *** Top 5 Fake Security Rogues of 2013 *** --------------------------------------------- By Tyler Moffitt We see users on the internet getting infected with Rogue Security Malware all the time. In fact, it's one of the most common and obvious type of infections we see. The Rogues lock-down your computer and prevent you from opening any applications so you're forced to read their scam. --------------------------------------------- http://blog.webroot.com/2013/06/27/top-5-fake-security-rogues-of-2013/ *** Magnolia CMS multiple security bypass *** --------------------------------------------- Magnolia CMS could allow a remote attacker to bypass security restrictions, caused by improper verification of access permissions. An attacker could exploit this vulnerability by accessing and executing multiple administrative functionalities to bypass security and gain unauthorized access to the vulnerable application. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85252 *** Drupal 7.x Fast Permissions Administration Access bypass *** --------------------------------------------- The Fast Permissions Administration module enables you to use inline filters on the permissions page, as well as loading the permissions form through a modal dialog. The module doesn't sufficiently check user access for the modal content callback, allowing unauthorized access to the permissions edit form. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060226 *** Bugtraq: HP-UX Running HP Secure Shell, Remote Denial of Service (DoS) *** --------------------------------------------- Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team --------------------------------------------- http://www.securityfocus.com/archive/1/526986 *** Multiple Vulnerabilities in Cisco Web Security Appliance *** --------------------------------------------- Cisco IronPort AsyncOS Software for Cisco Web Security Appliance is affected by the following vulnerabilities: - Two authenticated command injection vulnerabilities - Management GUI Denial of Service Vulnerability --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…

1 0

Tageszusammenfassung - Mittwoch 26-06-2013
by Daily end-of-shift report 26 Jun '13

26 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 25-06-2013 18:00 − Mittwoch 26-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Cisco Linksys X3000 Router apply.cgi cross-site scripting *** --------------------------------------------- Cisco Linksys X3000 Router is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the apply.cgi script. A remote attacker could exploit this vulnerability using the... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85186 *** Vast majority of malware attacks spawned from legit sites *** --------------------------------------------- Drive-by attacks not just from porn and warez sites, new Google data shows. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/_ndPPR-K7Z4/ *** Google adds malware, phishing to transparency report to make the Web safer *** --------------------------------------------- The data come from the companys Safe Browsing technology, which flags up to 10,000 sites daily --------------------------------------------- http://www.csoonline.com/article/735463/google-adds-malware-phishing-to-tra… *** Forticlient VPN client credential interception vulnerability *** --------------------------------------------- Topic: Forticlient VPN client credential interception vulnerability Risk: Medium Text:FORTICLIENT VPN CLIENT CREDENTIAL INTERCEPTION VULNERABILITY == Description -- The Fortinet FortiClient ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060220 *** aSc TimeTables Add Subject buffer overflow *** --------------------------------------------- aSc TimeTables is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Add Subject functionality. A remote authenticated attacker could exploit this vulnerability using a... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85199 *** IBM OpenPages GRC Platform Multiple Java Vulnerabilities *** --------------------------------------------- Where: From remote Impact: Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access Solution Status: Unpatched --------------------------------------------- https://secunia.com/advisories/53962 *** Bugtraq: [SECURITY] [DSA 2716-1] iceweasel security update *** --------------------------------------------- Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors,... The iceweasel version in the oldstable distribution (squeeze) is no longer supported with security updates. --------------------------------------------- http://www.securityfocus.com/archive/1/526973 *** Apache Qpid Python Client SSL Certificate Verification Security Issue *** --------------------------------------------- A security issue has been reported in Apache Qpid, which can be exploited by malicious people to conduct spoofing attacks. --------------------------------------------- https://secunia.com/advisories/53968

1 0

Tageszusammenfassung - Dienstag 25-06-2013
by Daily end-of-shift report 25 Jun '13

25 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 24-06-2013 18:00 − Dienstag 25-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Latest Pushdo Variants Challenge Antimalware Solution *** --------------------------------------------- Command-and-control (C&C) server communication is essential for botnet creators to control zombie computers (or bots). To hide this from security researchers, they often use rootkits and other tricks. However, hiding the network traffic specifically from monitoring outside an infected computer is not an easy task, but is something that the botnet creators have improved through the years. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/latest-pushdo-va… *** Backdoor in Backup-Servern von HP *** --------------------------------------------- Einem Hacker zufolge besitzt die Software auf den Backup-Systemen der Serie "StoreOnce" von HP eine Hintertür. Zur Ausnutzung der Lücke soll ein SSH-Zugang ausreichen. --------------------------------------------- http://www.heise.de/security/meldung/Backdoor-in-Backup-Servern-von-HP-1895… *** Raspberry Pi bot tracks hacker posts to vacuum up passwords and more *** --------------------------------------------- Dumpmon scours Twitter for sensitive data hiding in plain site. --------------------------------------------- http://arstechnica.com/security/2013/06/raspberry-pi-bot-tracks-hacker-post… *** Trend Micro turns RAT catcher as Taiwan cops cuff hacker *** --------------------------------------------- Ghost RAT attacks hit thousands on the island... Security vendor Trend Micro has embiggened its industry collaboration credentials this week after helping Taiwanese police arrest one man in connection with a widespread targeted attack, and teaming up with Interpol on a new cyber crime prevention centre. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/06/25/trend_micro… *** SIP-based API-supporting fake caller ID/SMS number supporting DIY Russian service spotted in the wild *** --------------------------------------------- By Dancho Danchev One of the most common myths regarding the emerging TDoS (Telephony Denial of Service) market segment, portrays a RBN (Russian Business Network) type of bulletproof infrastructure used to launch these attacks. The infrastructure's speculated resilience is supposed to be acting as a foundation for the increase of TDoS services and products. --------------------------------------------- http://blog.webroot.com/2013/06/25/sip-based-api-supporting-fake-caller-ids… *** Scam Sites Now Selling Instagram Followers *** --------------------------------------------- Another scam site is offering to increase a user's Instagram followers. Unlike previous attacks, however, these sites require payment with the amount depending on the number of followers you prefer. Figure 1. Pricelist for Instagram followers Despite the sitess liberal use of the Instagram logo, it has nothing to do with the service. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/scam-sites-now-s… *** Download me - Saying "yes" to the Web's most dangerous search terms *** --------------------------------------------- Seeking "free games" and getting burned by illicit downloads is so 2008, right? --------------------------------------------- http://arstechnica.com/information-technology/2013/06/download-me-saying-ye… *** LG-Smartphones: Root-Zugriff durch Backup-Programm *** --------------------------------------------- Android-Smartphones der Firma LG können durch Sicherheitslücken in ihrer vorinstallierten Backup-Software manipuliert werden. --------------------------------------------- http://www.heise.de/security/meldung/LG-Smartphones-Root-Zugriff-durch-Back… *** Carberp Source Code Leaked *** --------------------------------------------- The source code for the Carberp Trojan, which typically sells for $40,000 on the underground, has been leaked and is now available to anyone who wants it. The leak has echoes of the release of the Zeus crimeware source code a couple of years ago and has security researchers concerned that it may lead to [...] --------------------------------------------- http://threatpost.com/carberp-source-code-leaked/ *** Drupal Login Security Module Security Bypass and Denial of Service Vulnerability *** --------------------------------------------- A security issue and a vulnerability have been reported in the Login Security module for Drupal, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/53717 *** cURL/libcURL curl_easy_unescape() function buffer overflow *** --------------------------------------------- cURL/libcURL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the curl_easy_unescape() function in lib/escape.c. While decoding URL encoded strings to raw binary data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85180 *** MoinMoin twikidraw Action Traversal File Upload *** --------------------------------------------- This module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. --------------------------------------------- http://www.exploit-db.com/exploits/26422 *** [2013-06-25] Multiple vulnerabilities in IceWarp Mail Server *** --------------------------------------------- IceWarp Mail Server is vulnerable to reflected Cross-Site Scripting and XXE Injection attacks. By exploiting the XXE vulnerability, an unauthenticated attacker can get read access to the filesystem of the IceWarp Mail Server host and thus obtain sensitive information such as the configuration files. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** Stream Video Player plugin for WordPress cross site request forgery *** --------------------------------------------- Stream Video Player plugin for WordPress is vulnerable to an unspecified cross-site request forgery. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to modify plugin settings and perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85155

1 0

Tageszusammenfassung - Montag 24-06-2013
by Daily end-of-shift report 24 Jun '13

24 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-06-2013 18:00 − Montag 24-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Tausende Domains *** --------------------------------------------- Die Adressen verschiedener Dienste wie LinkedIn, Yelp oder Fidelity wurden durch einen menschlichen Fehler für mehrere Stunden auf andere Webseiten umgeleitet. Cisco geht von 5000 betroffenen Domains aus. --------------------------------------------- http://www.heise.de/security/meldung/Tausende-Domains-1894195.html *** Dirt Jumper DDoS Variant Drive 'Much More Powerful' Than Predecessors *** --------------------------------------------- A variant of the Dirt Jumper DDoS engine called Drive has been detected. Drive includes new capabilities and has already targeted a number popular destinations on the Internet. --------------------------------------------- http://threatpost.com/dirt-jumper-ddos-variant-drive-much-more-powerful-tha… *** Security Bulletin: WebSphere Commerce Java API Documentation Frame Injection Vulnerability (CVE-2013-1571) *** --------------------------------------------- Java API Documentation contains a frame injection vulnerability. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_web… *** WordPress Maintenance Mode Plugin Cross-site request forgery vulnerability *** --------------------------------------------- WordPress Maintenance Mode Plugin Cross-site request forgery vulnerability --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85146 *** Adobe Flash spoof leads to infectious audio ads *** --------------------------------------------- We've seen quite a few audio ads infecting users recently. We think it's a good idea to go over an in-depth look at how they infect your computer and how to remediation them. As you can see in this first picture, this is another Adobe Flash spoof that launches its signature update window. --------------------------------------------- http://blog.webroot.com/2013/06/21/adobe-flash-spoof-leads-to-infectious-au… *** Device-disabling Fake AV migrates to Android phones, demands ransom *** --------------------------------------------- Long the bane of computer users, Fake antivirus may extort Android owners, too. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/esDZHzGloyI/ *** Google Translate Cross Site Request Forgery *** --------------------------------------------- 1)Vulnerability Description I discovered a new CSRF vulnerability on translate.google.com web site which could allow an attacker to insert items (Words/Phrases/Urls and related translations) into the user's Phrasebook. Furthermore an attacker could also inserta potentially malicious Urls - into the above mentioned Phrasebook - towards which the victim could be redirected simply clicking on the "Go to <website>" right-click option on translate.google.com. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060181 *** McAfee ePolicy Orchestrator 4.6.5 SQL injection & directory traversal *** --------------------------------------------- Main Features: Remote command execution on the ePo server. Remote command execution on the Managed stations (one ring to rule them all). File upload on the ePo server. Active Directory credentials stealing. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060183 *** Datenpanne bei Facebook *** --------------------------------------------- Nicht-öffentliche Telefonnummern und E-Mai-Adressen von ungefähr sechs Millionen Facebook-Usern wurden fälschlich an andere Facebook-Nutzer weitergegeben. --------------------------------------------- http://www.heise.de/security/meldung/Datenpanne-bei-Facebook-1894855.html *** Vuln: HAProxy CVE-2013-2175 Multiple Denial of Service Vulnerabilities *** --------------------------------------------- HAProxy is prone to multiple denial-of-service vulnerabilities. Exploiting these issues allow remote attackers to trigger denial-of-service conditions. --------------------------------------------- http://www.securityfocus.com/bid/60588 *** Is SSH no more secure than telnet?, (Sun, Jun 23rd) *** --------------------------------------------- In SSHs default (and most common) deployment: Yes. It is no more secure than telnet, but it can be better. Apologies to Ian Betteridge If you ask any sysadmin, they say that SSH is more secure than telnet, and theyll likely comment that opening telnet up to the Internet is reckless. One can simulate asking general opinion with a little googling: "ssh is more secure than telnet": 11,500 "telnet is more secure than ssh": 81 So, the Conventional Wisdom is that --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16049&rss *** ZPanel 10.0.0.2 htpasswd Module Username Command Execution *** --------------------------------------------- This module exploits a vulnerability found in ZPanel's htpasswd module. When creating .htaccess using the htpasswd module, the username field can be used to inject system commands, which is passed on to a system() function for executing the system's htpasswd's command. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060193 *** Bugtraq: Linksys X3000 - Multiple Vulnerabilities *** --------------------------------------------- The vulnerability is caused by missing input validation in the ping_ip parameter and can be exploited to inject and execute arbitrary shell commands. You need to be authenticated to the device or you have to find other methods for inserting the malicious commands. --------------------------------------------- http://www.securityfocus.com/archive/1/526945 *** Wordpress: Update schließt zwölf Sicherheitslücken *** --------------------------------------------- Mit dem Update auf Version 5.3.2 schließt Wordpress Schwachstellen, die mit Cross-Site-Scripting, Server-Side-Request-Forgery- und Denial-of-Service-Attacken ausgenutzt werden können. --------------------------------------------- http://www.heise.de/security/meldung/Wordpress-Update-schliesst-zwoelf-Sich… *** Beware Of HTML5 Development Risks *** --------------------------------------------- Local storage is a big change from HTML of the past, where browsers could only use cookies to store small bits of information, such as session tokens, for managing identity. HTML5 changes this with sessionStorage, localStorage, and client-side databases to allow developers to store vast amounts of data in the browser that is all accessible from JavaScript. --------------------------------------------- http://www.darkreading.com/applications/beware-of-html5-development-risks/2… *** Apple Phishing Scams on the Rise *** --------------------------------------------- Apple has one of the more gilded consumer brands and the company spends a lot of time and money to keep it that way. Consumers love Apple. Scammers and attackers do too, though, and security researchers in recent months have seen a major spike in the volume of phishing emails abusing Apple's brand, most of which are focused on stealing users' Apple IDs and payment information. --------------------------------------------- https://threatpost.com/apple-phishing-scams-on-the-rise/

1 0

Tageszusammenfassung - Freitag 21-06-2013
by Daily end-of-shift report 21 Jun '13

21 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-06-2013 18:00 − Freitag 21-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Common Web Vulnerabilities Plague Top WordPress Plug-Ins *** --------------------------------------------- Top WordPress plug-ins and themes remain vulnerable to common Web-based attacks such as cross-site scripting and SQL injection. --------------------------------------------- http://threatpost.com/common-web-vulnerabilities-plague-top-wordpress-plug-… *** New E-Shop sells access to thousands of malware-infected hosts, accepts Bitcoin *** --------------------------------------------- By Dancho Danchev Thanks to the buzz generated over the widespread adoption of the decentralized P2P based E-currency, Bitcoin, we continue to observe an overall increase in international underground market propositions that accept it as means for fellow cybercriminals to pay for the goods/services that they want to acquire. --------------------------------------------- http://blog.webroot.com/2013/06/20/new-e-shop-sells-access-to-thousands-of-… *** Trojan.APT.Seinup Hitting ASEAN *** --------------------------------------------- The FireEye research team has recently identified a number of spear phishing activities targeting Asia and ASEAN. Of these, one of the spear phishing documents was suspected to have used a potentially stolen document as a decoy. --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-s… *** PoisonIvy Uses Legitimate Application as Loader *** --------------------------------------------- I recently obtained a PoisonIvy sample which uses a legitimate application in an effort to stay under the radar. In this case, the PoisonIvy variant detected as BKDR_POISON.BTA (named as newdev.dll) took advantage of a technique known as a DLL preloading attack (aka binary planting) instead of exploiting previously known techniques. The malware was located [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/C9_ZJyLJ1YA/ *** WordPress Slash WP theme XSS and Content Spoofing vulnerabilities *** --------------------------------------------- Topic: WordPress Slash WP theme XSS and Content Spoofing vulnerabilities Risk: Low Text:I want to warn you about multiple vulnerabilities in Slash WP theme for WordPress. This is commercial theme for WP. These ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060173 *** BSI nimmt WordPress, Typo3 & Co. unter die Security-Lupe *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnologie hat im Rahmen einer Studie das Sicherheitsniveau der gängigen Content Management Systeme analysiert. Die Gefahr geht demnach zu bis zu 95 Prozent von Add-Ons aus. --------------------------------------------- http://www.heise.de/security/meldung/BSI-nimmt-WordPress-Typo3-Co-unter-die… *** Login Security module for Drupal soft blocking security bypass *** --------------------------------------------- Login Security module for Drupal could allow a remote attacker to bypass security restrictions, caused by incorrect use of string filtering. When the soft blocking option is disabled, an attacker could exploit this vulnerability to gain unauthorized access to the vulnerable application. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85135 *** OpenStack python-keystoneclient memcache signing/encryption security bypass *** --------------------------------------------- OpenStack python-keystoneclient could allow a remote attacker to bypass security restrictions, caused by an error in the memcache signing/encryption feature. An attacker could exploit this vulnerability by inserting malicious data to the memcache backend to bypass security and gain unauthorized access to the vulnerable application. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85139 *** Is Hotel WiFi Secure? *** --------------------------------------------- When you check in to a hotel, you assume that the company will keep you and your valuables safe by not sharing your room keys and providing a safe for your belongings. But a much greater threat could be lurking in your rented room - the free WiFi connection that most lodging providers offer. --------------------------------------------- http://blog.hotspotshield.com/2013/06/17/hotel-wifi-security/ *** Avaya Aura Session Manager ISC BIND Record Handling Lockup Vulnerability *** --------------------------------------------- Avaya has acknowledged a vulnerability in Avaya Aura Session Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/53906 *** Hitachi Cosminexus Products Oracle Java Multiple Vulnerabilities *** --------------------------------------------- Hitachi has acknowledged multiple vulnerabilities in multiple Cosminexus products, which can be exploited by malicious, local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53759 *** How to backdoor an encryption app *** --------------------------------------------- Over the past week or so theres been a huge burst of interest in encryption software. Applications like Silent Circle and RedPhone have seen a major uptick in new installs. CryptoCat alone has seen a zillion new installs, prompting several infosec researchers to nearly die of irritation. --------------------------------------------- http://blog.cryptographyengineering.com/2013/06/how-to-backdoor-encryption-… *** Hackers and viruses now stalking smart phones *** --------------------------------------------- Computer viruses have plagued consumers for many years now, causing companies to spend heavily on installing every kind of firewall known to mankind to keep their security software updated. --------------------------------------------- http://www.nation.co.ke/oped/Opinion/Hackers-and-viruses-now-stalking-smart… *** Buffalo WZR-HP-G300NH2 Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability has been reported in Buffalo WZR-HP-G300NH2, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/53750 *** Oracle Solaris Multiple Vulnerabilities *** --------------------------------------------- Oracle has acknowledged multiple vulnerabilities in multiple packages included in Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise an application using the library. --------------------------------------------- https://secunia.com/advisories/53843

1 0

Tageszusammenfassung - Donnerstag 20-06-2013
by Daily end-of-shift report 20 Jun '13

20 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 19-06-2013 18:00 − Donnerstag 20-06-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Multiple Vulnerabilities in Cisco TelePresence TC and TE Software *** --------------------------------------------- Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Vuln: OTRS CVE-2013-4088 Remote Security Bypass Vulnerability *** --------------------------------------------- OTRS is prone to a remote security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and obtain sensitive information; other attacks may also be possible. --------------------------------------------- http://www.securityfocus.com/bid/60688 *** Anonymous' #OpPetrol: What is it, What to Expect, Why Care? *** --------------------------------------------- Last month, the hacker collective Anonymous announced their intention to launch cyber attacks against the petroleum industry (under the code name #OpPetrol) that is expected to last up to June 20. Their claimed reason for this attack is primarily due to petroleum being sold with the US dollar instead of currency of the country where... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/wIkmxr0Tz_A/ *** LinkedIn auf indische Webseite umgeleitet *** --------------------------------------------- Das Karriereportal LinkedIn war in den letzten Stunden nur hin und wieder zu erreichen. Das Karriereportal wurde auf fremde Seiten umgeleitet. Die Einen sprechen von "menschlichen Fehlern", die anderen von einem Angriff. --------------------------------------------- http://www.heise.de/security/meldung/LinkedIn-auf-indische-Webseite-umgelei… *** VLC Media Player Unspecified Vulnerabilities *** --------------------------------------------- Some vulnerabilities with an unknown impact have been reported in VLC Media Player. The vulnerabilities are caused due to unspecified errors. No further information is currently available. --------------------------------------------- https://secunia.com/advisories/53656 *** Blog: Apple of discord *** --------------------------------------------- As Apple's popularity grows, so does the desire among fraudsters to make money from the people who own the company's devices. The cybercriminals are aiming to steal Apple ID data which provides access to users' personal information stored in iCloud (e.g., photographs, contacts, documents, email, etc.) as well as to the purchases made in the company's iTunes Store. Many malicious users go further and try to the steal bank card details used to pay for those purchases. --------------------------------------------- http://www.securelist.com/en/blog/8108/Apple_of_discord

1 0

Tageszusammenfassung - Mittwoch 19-06-2013
by Daily end-of-shift report 19 Jun '13

19 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-06-2013 18:00 − Mittwoch 19-06-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Sybase EAServer Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in Sybase EAServer, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53733 *** Java SE Critical Patch Update - June 2013 *** --------------------------------------------- Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 40 new security fixes across Java SE products of which 4 are applicable to server deployments of Java. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.ht… *** Java 7 update 25 released (Tue, Jun 18th) *** --------------------------------------------- http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.ht… (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16025 *** Critical Update Plugs 40 Security Holes in Java *** --------------------------------------------- Oracle today released a critical patch update for its Java software that fixes at least 40 security vulnerabilities in this widely deployed program and browser plugin. Updates are available for Java 7 on both Mac and Windows. --------------------------------------------- https://krebsonsecurity.com/2013/06/critical-update-plugs-40-security-holes… *** Siemens WinCC 7.2 Multiple Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for vulnerabilities that impact the Siemens WinCC Web Navigator 7.2. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-169-02 *** Remote code execution vuln appears in Puppet *** --------------------------------------------- Big trouble in automated clouds - Puppet Labs has blasted out a security advisory about a vulnerability in the popular infrastructure management tool Puppet. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/06/18/puppet_secu… *** Solaris 10 patch cluster File clobbering vulnerability *** --------------------------------------------- Topic: Solaris 10 patch cluster File clobbering vulnerability Risk: Medium Text:File clobbering vulnerability in Solaris 10 patch cluster 3/27/2013 Larry W. Cashdollar @_larry0 Hello, The 147147-2... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060154 *** Joomla 1.5.26, 2.5.11, 3.1.1 crypto vulnerability *** --------------------------------------------- Topic: Joomla 1.5.26, 2.5.11, 3.1.1 crypto vulnerability Risk: Medium Text:# Vulnerable Application All current and past versions of Joomla (http://www.joomla.org) up to 1.5.26, 2.5.11, 3.1.1. Also th... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060146 *** Symantec Endpoint Protection Manager Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability has been reported in Symantec Endpoint Protection Manager, which can be exploited by malicious people to compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53864 *** Angestellte wollen Hilfe bei IT-Sicherheit *** --------------------------------------------- Der Umgang mit Informationstechnik gehört auch für Angestellte in kleinen und mittelständischen Unternehmen zum täglichen Alltag. Einer Studie zufolge fühlten sie sich bei dieser Aufgabe jedoch vielfach alleingelassen. --------------------------------------------- http://futurezone.at/b2b/16584-angestellte-wollen-hilfe-bei-it-sicherheit.p…

1 0

Tageszusammenfassung - Dienstag 18-06-2013
by Daily end-of-shift report 18 Jun '13

18 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 17-06-2013 18:00 − Dienstag 18-06-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Siemens SIMATIC WinCC Web Navigator Bugs Let Remote Users Inject SQL Commands and Login to the System *** --------------------------------------------- Siemens SIMATIC WinCC Web Navigator Bugs Let Remote Users Inject SQL Commands and Login to the System --------------------------------------------- http://www.securitytracker.com/id/1028672 *** New Regulation for EU cybersecurity agency ENISA, with new duties *** --------------------------------------------- European Union (EU) cybersecurity agency, ENISA has today (18th June) received a new Regulation, granting it a seven year mandate with an expanded set of duties. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/new-regulation-for-eu-cyber… *** Tools - ProcDOT 1.0 released *** --------------------------------------------- I am happy to announce that the first release (1.0) of my visual malware analysis tool ProcDOT (I already mentioned the beta in a recent blog post) is now available. This tool processes Sysinternals Process Monitor (Procmon) logfiles and PCAP-logs (Windump, Tcpdump) to generate a graph via the GraphViz suite. This graph visualizes any relevant activities (customizable) and can be interactively analyzed. --------------------------------------------- https://www.cert.at/services/blog/20130618112047-852_en.html *** Wall Street sets example for testing security defenses *** --------------------------------------------- Quantum Dawn 2 will test institutions playbooks while also finding more efficient ways to share real-time information --------------------------------------------- http://www.csoonline.com/article/735068/wall-street-sets-example-for-testin… *** iOS: Sicherheitsmängel im "Persönlichen Hotspot" *** --------------------------------------------- iOS wählt die Passwörter für mobiles Tethering nicht wirklich zufällig. Mobile Hotspots können in wenigen Sekunden geknackt werden. --------------------------------------------- http://www.heise.de/security/meldung/iOS-Sicherheitsmaengel-im-Persoenliche… *** Windows-Härter überführt SSL-Spione *** --------------------------------------------- Microsofts Gratis-Schutzprogramm EMET soll in Version 4.0 nicht nur besser vor Cyber-Angriffen schützen, es ist auch deutlich benutzerfreundlicher geworden. Die empfohlenen Schutzeinstellungen aktiviert man mit wenigen Klicks. --------------------------------------------- http://www.heise.de/newsticker/meldung/Windows-Haerter-ueberfuehrt-SSL-Spio… *** Apache XML Security Multiple Vulnerabilities *** --------------------------------------------- Apache XML Security Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53590 *** Graphical Tools Help Security Experts Track Cyber-Attacks in Real Time *** --------------------------------------------- "... it looks like a fantastic image from something in the world of science fiction. Streams of data flow from the globe representing the Internet. Attack vectors are highlighted in red. You can watch the changes as the attacks progress." --------------------------------------------- http://www.eweek.com/security/graphical-tools-help-security-experts-track-c… *** Security Vulnerability in Siemens COMOS 9.2/10.0 *** --------------------------------------------- Siemens has discovered a vulnerability in the client library of the database system COMOS which might allow attackers to escalate their privileges for database access. The attacker would need local access as authenticated user to exploit the vulnerability. --------------------------------------------- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemen…

1 0

Tageszusammenfassung - Montag 17-06-2013
by Daily end-of-shift report 17 Jun '13

17 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-06-2013 18:00 − Montag 17-06-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** [webapps] - LibrettoCMS 2.2.2 - Arbitrary File Upload *** --------------------------------------------- LibrettoCMS is provided a file upload function to unauthenticated users. Allows for write/read/edit/delete download arbitrary file uploaded , which results attacker might arbitrary write/read/edit/delete files and folders. --------------------------------------------- http://www.exploit-db.com/exploits/26213 *** Adobe Flash exploit grabs video and audio, long after “fix” *** --------------------------------------------- Demonstration code shows a new trick defeats Flash privacy fix. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/72PWd3AAReE/ *** Microsoft Sharepoint (Cloud) Persistent Script Insertion *** --------------------------------------------- Topic: Microsoft Sharepoint (Cloud) Persistent Script Insertion Risk: Low Text:Title: Microsoft SharePoint (Cloud) - Persistent Exception-Handling Web Vulnerability Date: == 2013-06-14 Re... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060124 *** Avira AntiVir Engine Denial Of Service / Filter Evasion *** --------------------------------------------- Topic: Avira AntiVir Engine Denial Of Service / Filter Evasion Risk: Medium Text: LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 Avira AntiVir Engine -- Denial of Service / Filtering E... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060123 *** Siemens OpenScape Branch / Session Border Controller XSS / Disclosure / Injection *** --------------------------------------------- Topic: Siemens OpenScape Branch / Session Border Controller XSS / Disclosure / Injection Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory == title: Multiple vulner... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060121 *** Firefox und Twitter schützen vor eingeschleusten Skripten *** --------------------------------------------- "Du kommst hier nicht rein" heißt es für Schadcode, wenn man als Webseiten-Betreiber den HTTP-Header "Content Security Policy" benutzt. Google, Mozilla und Twitter gehen mit gutem Beispiel voran. --------------------------------------------- http://www.heise.de/newsticker/meldung/Firefox-und-Twitter-schuetzen-vor-ei… *** Security Bulletin: WebSphere Commerce vulnerability could allow disclosure of user personal data (CVE-2013-0523) *** --------------------------------------------- Some WebSphere Commerce data may be encrypted using an encryption algorithm that is susceptible to a padding oracle attack which may allow for the disclosure of user personal data. CVE(s): ... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_web… *** Joomla com_extplorer Components shell upload Vulnerability *** --------------------------------------------- Topic: Joomla com_extplorer Components shell upload Vulnerability Risk: Medium Text: # ISlamic Republic Of Iran Security Team # Www.IrIsT.Ir ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060127 *** Microsoft Outlook Vulnerability S/MIME Loss of Integrity *** --------------------------------------------- Topic: Microsoft Outlook Vulnerability S/MIME Loss of Integrity Risk: Medium Text:** Attention script bunnies: This is not an RCE, XSS, etc. Please move along :) ** Microsoft Outlook (all versions) suffers ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060129 *** Mozilla Firefox and Microsoft Internet Explorer DoS vulnerability *** --------------------------------------------- Topic: Mozilla Firefox and Microsoft Internet Explorer DoS vulnerability Risk: Medium Text:I want to warn you about Denial of Service vulnerability in Mozilla Firefox and Microsoft Internet Explorer. Earlier Jean ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060128 *** Vulnerability Disclosure – Open or Private? *** --------------------------------------------- At the end of May, two Google security engineers announced Mountain View’s new policy regarding zero-day bugs and disclosure. They strongly suggested that information about zero-day exploits currently in the wild should be released no more than seven days after the vendor has been notified. Ideally, the notification or patch should come from the vendor, [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroVulnerability Disclosure – Open or Private? --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/1qT_zYH1FxU/ *** Oracle Java pre-announcement: Upcoming JRE patch will plug 37 remotely exploitable holes. --------------------------------------------- See http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.ht…, (Mon, Jun 17th) --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16013&rss *** Fortinet FortiOS (FortiGate) Guest User Permission Security Bypass Security Issue *** --------------------------------------------- Fortinet FortiOS (FortiGate) Guest User Permission Security Bypass Security Issue --------------------------------------------- https://secunia.com/advisories/53875 *** Debian Security Advisory for fail2ban *** --------------------------------------------- When using Fail2ban to monitor Apache logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, thus causing a denial of service. --------------------------------------------- http://www.debian.org/security/2013/dsa-2708

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily June 2013