=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 13-06-2013 18:00 − Freitag 14-06-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Java SE Critical Patch Update - June 2013 - Pre-Release Announcement ***
---------------------------------------------
This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Java SE Critical Patch Update for June 2013, which will be released on Tuesday, June 18, 2013. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.ht…
*** MtGox Phishing Campaign Hits Bing, Yahoo! ***
---------------------------------------------
An active phishing campaign targeting account holders at popular Bitcoin exchange MtGox.com has hijacked the top search results at Bing and Yahoo.com, redirecting unwary clickers to mtpox.com, a look-alike domain and Web site that was registered on June 12, 2013, less than 24 hours ago.
---------------------------------------------
https://krebsonsecurity.com/2013/06/mtgox-phishing-campaign-hits-bing-yahoo
*** How cybercriminals apply Quality Assurance (QA) to their malware campaigns before launching them ***
---------------------------------------------
By Dancho Danchev In 2013, the use of basic Quality Assurance (QA) practices has become standard practice for cybercrininals when launching a new campaign. In an attempt to increase the probability of a successful outcome for their campaigns � think malware infection, increased visitor-to-malware infected conversion, improved conversion of blackhat SEO acquired traffic leading to the purchase of counterfeit pharmaceutical items etc.
---------------------------------------------
http://blog.webroot.com/2013/06/14/how-cybercriminals-apply-quality-assuran…
*** Critical vulnerabilities in Siemens OpenScape Branch & SBC ***
---------------------------------------------
Siemens OpenScape Branch & SBC are vulnerable to critical vulnerabilities such as unauthenticated execution of OS commands or file disclosure. Attackers are able to take over the operating system and potentially intercept VoIP traffic or phone calls.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013…
*** AirLive IP cameras plain text information disclosure ***
---------------------------------------------
AirLive IP cameras could allow a remote attacker to obtain sensitive information, caused by retrieving users details and passwords stored as plain text in a backup file. An attacker could exploit this vulnerability to obtain sensitive information.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/84933
*** OWASP Top 10 2013 released ***
---------------------------------------------
The Open Web Application Security Project's top 10 most critical web application security risks, has been updated and a new list has been published. Last updated back in 2010, the organization has published the new list wherein the importance of cross-site scripting (XSS) and cross-site request forgery (CRSF) has been diluted a little while risks related to broken session management and authentication has moved up a notch.
---------------------------------------------
https://www.owasp.org/index.php/Top10
*** Linux-Kernel-Exploit wurde auf Android portiert ***
---------------------------------------------
Eine gefährliche Sicherheitslücke, die unter Linux längst gepatcht wurde, wird nun unter Android ausgenutzt. Laut Symantec ist es Entwicklern von Schadsoftware gelungen, den Exploit zu portieren. Abhilfe durch eine neue Android-Version gibt es zunächst nicht.
---------------------------------------------
http://www.golem.de/news/privilege-escalation-linux-kernel-exploit-wurde-au…
*** Big browser builders scramble to fix cross-platform zero-day flaw ***
---------------------------------------------
Browser manufacturers will release an update in the next few weeks to block a new type of malware that exploits a cross-platform flaw that allows attackers access to Mac, PC, mobile, and even games console internet users.
---------------------------------------------
http://www.theregister.co.uk/2013/06/13/cross_platform_browser_flaw_in_wild/
*** Hintergrund: XSS-Bremse Content Security Policy ***
---------------------------------------------
Cross-Site-Scripting (XSS) ist eine der größten Plagen, mit denen Webmaster zu kämpfen haben. Selbst Banken und Bezahldienstleistern wie PayPal gelingt es nicht, das gefährliche Einschleusen von Fremdcode zu verhindern. Der neue Standard "Content Security Policy" soll endlich Abhilfe schaffen.
---------------------------------------------
http://www.heise.de/security/artikel/XSS-Bremse-Content-Security-Policy-188…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 12-06-2013 18:00 − Donnerstag 13-06-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** BlackBerry Issues Z10, PlayBook Security Advisories ***
---------------------------------------------
BlackBerry has issued security advisories warning of vulnerabilities in the Z10 smartphone and PlayBook tablet.
---------------------------------------------
http://threatpost.com/blackberry-issues-z10-playbook-security-advisories/
*** NanoBB 0.7 - Multiple Vulnerabilities ***
---------------------------------------------
An attacker might execute arbitrary SQL commands on the database server with this vulnerability. User tainted data is used when creating the database query that will be executed on the database management system (DBMS).
---------------------------------------------
http://www.exploit-db.com/exploits/26126
*** Vuln: WordPress crypt_private() Method Remote Denial of Service Vulnerability ***
---------------------------------------------
WordPress is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to consume CPU and memory resources, denying service to legitimate users.
WordPress 3.5.1 is vulnerable; other versions may also be affected.
---------------------------------------------
http://www.securityfocus.com/bid/60477
*** Rogue ads lead to SafeMonitorApp Potentially Unwanted Application (PUA) ***
---------------------------------------------
By Dancho Danchev Our sensors just picked up yet another rogue ad enticing users into installing the SafeMonitorApp, a potentially unwanted application (PUA) that socially engineers users into giving away their privacy through deceptive advertising of the rogue application's 'features'.
---------------------------------------------
http://blog.webroot.com/2013/06/13/rogue-ads-lead-to-safemonitorapp-potenti…
*** Swedens data protection Authority bans Google cloud services over privacy concerns ***
---------------------------------------------
In a landmark ruling, Swedens data protection authority (the Swedish Data Inspection Board) this week issued a decision that prohibits the nations public sector bodies from using the cloud service Google Apps......
---------------------------------------------
http://www.privacysurgeon.org/blog/incision/swedens-data-protection-authori…
*** Enterprises spend too much time on attack prevention, not enough on mitigating a breach ***
---------------------------------------------
The biggest security mistake enterprises make is focusing too much time and too many resources on preventing cyberattacks and not enough time and money on mitigation once a breach occurs, said Dave Monnier, security evangelist and fellow at non-profit Internet security research firm Team Cymru."
---------------------------------------------
http://www.fierceenterprisecommunications.com/story/enterprises-spend-too-m…
*** Blog: AutoRun. Reloaded ***
---------------------------------------------
Recent months have produced little of interest among worms written in Java and script languages such as JavaScript and VBScript. The main reason behind this was the limited proficiency of the virus writers, whose creations were anything but remarkable. However, a couple of malware samples grabbed our attention; their complexity is testimony to the fact that professionals sometimes get involved as well.
---------------------------------------------
http://www.securelist.com/en/blog/8107/AutoRun_Reloaded
*** Microsoft botnet smackdown caused collateral damage, failed to kill target ***
---------------------------------------------
Zombies just wont stay underground Microsoft is attracting fresh criticism for its handling of the Citadel botnet takedown, with some security researchers pointing to signs that the zombie network is already rising from the grave again.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/06/13/ms_citadel_…
*** Medical Devices Hard-Coded Passwords ***
---------------------------------------------
ALERTSUMMARYResearchers Billy Rios and Terry McCorkle of Cylance have reported a hard-coded password vulnerability affecting a wide variety of medical devices. According to the report, the vulnerability could be exploited to potentially change critical settings and/or modify device firmware. ICS-CERT has been working closely with the Food and Drug Administration (FDA) on these issues. ICS-CERT and the FDA have notified the affected vendors of the report and have asked the vendors to confirm the
---------------------------------------------
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-164-01
*** Researchers Claim Wi-Fi Threat Is A Serious Danger To iPhone Users ***
---------------------------------------------
The way certain iOS devices, like iPhones or iPads, automatically connect to Wi-Fi networks could place users at serious risk. Security firm SkyCure said it had discovered a feature in iPhone devices running on certain networks, including Vodafone, that would connect automatically to a Wi-Fi network with a specified SSID, such as 'BTWiFi'.
---------------------------------------------
http://www.techweekeurope.co.uk/news/researchers-claim-wi-fi-threat-is-a-se…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 11-06-2013 18:00 − Mittwoch 12-06-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Microsoft Security Bulletin Summary for June 2013
---------------------------------------------
- Cumulative Security Update for Internet Explorer
- Vulnerability in Windows Kernel Could Allow Information Disclosure
- Vulnerability in Kernel-Mode Driver Could Allow Denial of Service
- Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege
- Vulnerability in Microsoft Office Could Allow Remote Code Execution
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-jun
*** Microsoft schließt sie nicht alle ***
---------------------------------------------
Am Juni-Patchday hat Microsoft zahlreihe Lücken in Windows, Internet Explorer und Office geschlossen. Eine Rechteausweitungslücke, für die bereits ein Exploit im Netz kursiert, hat die Redmonder Softwareschmiede dabei jedoch offenbar ausgelassen.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-schliesst-sie-nicht-alle-188…
*** Juni-Updates für Flash-Player und Co. ***
---------------------------------------------
Eine Lücke, viele Updates: Adobe hat ein kritisches Sicherheitsloch gestopft und neue Flash- und Air-Versionen für sämtliche Plattformen veröffentlicht.
---------------------------------------------
http://www.heise.de/security/meldung/Juni-Updates-fuer-Flash-Player-und-Co-…
*** HP integrated Lights Out (iLO) Unspecified Bug Lets Remote Users Gain Access ***
---------------------------------------------
HP integrated Lights Out (iLO) Unspecified Bug Lets Remote Users Gain Access
---------------------------------------------
http://www.securitytracker.com/id/1028661
*** glibc 2.17+ XDM crypto() NULL pointer deref ***
---------------------------------------------
Topic: glibc 2.17+ XDM crypto() NULL pointer deref Risk: Medium Text:Its been suggested we get a CVE id assigned for this recent fix to the xdm display/login manager from X.Org: http://cgit.f...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060101
*** Weitere XSS-Lücke bei ClickandBuy geschlossen ***
---------------------------------------------
Nachdem heise Security über eine XSS-Lücke beim Zahlungsabwickler berichtete, erreichte uns vor kurzem schon der nächste Hinweis auf eine weitere Lücke.
---------------------------------------------
http://www.heise.de/security/meldung/Weitere-XSS-Luecke-bei-ClickandBuy-ges…
*** Vuln: HP Data Protector CVE-2013-2333 Remote Code Execution Vulnerability ***
---------------------------------------------
HP Data Protector CVE-2013-2333 Remote Code Execution Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/60309
*** WordPress Mail Subscribe List Plugin Script Insertion Vulnerability ***
---------------------------------------------
WordPress Mail Subscribe List Plugin Script Insertion Vulnerability
---------------------------------------------
https://secunia.com/advisories/53732
*** Hewlett Packards Weboberfläche "System Management Homepage" angreifbar ***
---------------------------------------------
Die Weboberfläche zur Verwaltung von ProLiant- und Integrity-Servern enthält eine kritische Sicherheitslücke.
---------------------------------------------
http://www.heise.de/security/meldung/Hewlett-Packards-Weboberflaeche-System…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 10-06-2013 18:00 − Dienstag 11-06-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** CERT Warns of Vulnerabilities in HP Insight Diagnostics ***
---------------------------------------------
CERT warns of an unpatched vulnerability in HPs Insight Diagnostics server management software that could lead to remote code execution attacks.
---------------------------------------------
http://threatpost.com/cert-warns-of-vulnerabilities-in-hp-insight-diagnosti…
*** Apple iOS and Mac OS X security bypass ***
---------------------------------------------
Apple iOS and Mac OS X security bypass
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/84809
*** The Value of a Hacked Email Account ***
---------------------------------------------
One of the most-viewed stories on this site is a blog post+graphic that I put together last year to illustrate the ways that bad guys can monetize hacked computers. But just as folks who dont bank online or store sensitive data on their PCs often have trouble understanding why someone would want to hack into their systems, many people do not fully realize how much they have invested in their email accounts until those accounts are in the hands of cyber thieves.
---------------------------------------------
https://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account
*** NSA Whistleblower Article Redirects to Malware ***
---------------------------------------------
The Washington Free Beacons website has been attacked and malware is redirecting visitors to a site hosting the ZeroAccess rootkit and scareware.
---------------------------------------------
http://threatpost.com/nsa-whistleblower-article-redirects-to-malware/
*** Debian Security Advisory DSA-2706 chromium-browser ***
---------------------------------------------
Several vulnerabilities have been discovered in the Chromium web browser.
---------------------------------------------
http://www.debian.org/security/2013/dsa-2706
*** Cisco ASA Ethernet Information Leak ***
---------------------------------------------
Exploit for hosts which use a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory allocated to the device driver, or a hardware buffer on its network interface card.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060088
*** MobileIron Virtual Smartphone Platform Privilege Escalation Exploit 0day ***
---------------------------------------------
The MobileIron VSP appliance provides a restricted "clish" java application that can be used for performing a minimal amount of configuration and requires an "enable" password for elevated privileges.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060085
*** Going Solo: Self-Propagating ZBOT Malware Spotted ***
---------------------------------------------
Who says you can't teach old malware new tricks? Recently, we reported on how ZBOT had made a comeback of sorts in 2013; this was followed by media reports that it was now spreading via Facebook. Now, we have spotted a new ZBOT variant that can spread on its own.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/9Agp1TYzr9c/
*** Microsoft FixIt Tool Blocks Java Attacks in IE ***
---------------------------------------------
Java is a security headache, not just for users and Oracle, its provider, but also for other software companies that have to deal with it, as well. Microsoft has taken steps to address this problem by releasing a FixIt tool that is designed to block all of the Web-based Java attack vectors in Internet Explorer, ...
---------------------------------------------
http://threatpost.com/microsoft-fixit-tool-blocks-java-attacks-in-ie/
*** Store passwords the right way in your application ***
---------------------------------------------
I suspect most of our readers know this, but it cant hurt to repeat this every so often as there is a lot of confusion on the issue. One thing that gets to me is seeing reports of website compromises that claim "the passwords were hashed with SHA-256". Well at face value that means 90% of the passwords were decoded before the news hit.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15974
*** [remote] - Java Web Start Double Quote Injection Remote Code Execution ***
---------------------------------------------
Java Web Start Double Quote Injection Remote Code Execution
---------------------------------------------
http://www.exploit-db.com/exploits/26123
*** WordPress 3.5.1 Denial of Service ***
---------------------------------------------
Version 3.5.1 (latest) of popular blogging engine WordPress suffers from remote denial of service vulnerability. The bug exists in encryption module (class-phpass.php).
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060091
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 07-06-2013 18:00 − Montag 10-06-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Zpanel 10.0.0.2 Remote Execution Exploit ***
---------------------------------------------
Topic: Zpanel 10.0.0.2 Remote Execution Exploit Risk: High Text:One of our expert team members (shachibista () gmail com) who is assigned to do the security audit of ZPanel code has found th...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060057
*** Asus RT56U 3.0.0.4.360 Remote Command Injection ***
---------------------------------------------
Topic: Asus RT56U 3.0.0.4.360 Remote Command Injection Risk: High Text:Insufficient (or rather, a complete lack thereof) input sanitization leads to the injection of shell commands. Its possible t...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060058
*** Sneaky new Android Trojan is WORST yet discovered ***
---------------------------------------------
Sophisticated code stays hidden but can wreak havoc Security researchers at Kaspersky Lab report that a recently discovered Android Trojan is the most sophisticated such mobile malware yet to be identified.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/06/07/android_oba…
*** Abhilfe für Zero-Day-Lücke in Plesk ***
---------------------------------------------
Parallels bezieht Stellung zu einem angeblichen Exploit in seiner Server-Verwaltungssoftware und stellt einen Workaround für nicht mehr offiziell unterstützte Versionen bereit.
---------------------------------------------
http://www.heise.de/security/meldung/Abhilfe-fuer-Zero-Day-Luecke-in-Plesk-…
*** May 2013 virus activity review from Doctor Web ***
---------------------------------------------
June 3, 2013 In early May, a dangerous Trojan was discovered that can replace pages loaded in the browser. Another malicious program, also added to the virus database in May, attacked users on Facebook, Google Plus and Twitter. At the end of the month, Doctor Web analysts hijacked another command-and-control (C&C) server of the botnet Rmnet and discovered that two mew malicious components of the file infector were being distributed in the zombie network. Also found were new malicious...
---------------------------------------------
http://news.drweb.com/show/?i=3576&lng=en&c=9
*** Qnap patcht häppchenweise ***
---------------------------------------------
Mittlerweile stehen Updates des Herstellers für die verwundbaren NAS- und Videoüberwachungssysteme bereit.
---------------------------------------------
http://www.heise.de/security/meldung/Qnap-patcht-haeppchenweise-1885664.html
*** Twitter Spammers abuses Google search ***
---------------------------------------------
We reported few days ago about a new spam campaign that abuses open-redirect vulnerability in popular websites including CNN, Yahoo and Ask.com. Today, Security researcher Janne Ahlberg discovered another spam campaign that abuses the google search to spread the scam websites.
---------------------------------------------
http://www.ehackingnews.com/2013/06/twitter-spammers-abuses-google-search.h…
*** Microsoft announces five Bulletins for Patch Tuesday, including Office for Mac ***
---------------------------------------------
Midsummer Patch Tuesday (or midwinter, depending on your latitude) takes place on Tuesday 11 June 2013. As you probably already know, Microsoft publishes an official Advance Notification each month to give you early warning of whats coming.
---------------------------------------------
http://nakedsecurity.sophos.com/2013/06/09/microsoft-announces-five-bulleti…
*** ZeuS-P2P internals - understanding the mechanics: a technical report ***
---------------------------------------------
At the beginning of 2012, we wrote about the emergence of a new version of ZeuS called ZeuS-P2P or Gameover. It utilizes a P2P (Peer-to-Peer) network topology to communicate with a hidden C&C center. This malware is still active and it has been monitored and investigated by CERT Polska for more than a year.
---------------------------------------------
https://www.cert.pl/news/7386/langswitch_lang/en
*** Comparing Antivirus Threat Detection to Online Sandboxes ***
---------------------------------------------
Metascan uses multiple virus and malware detection engines and aggregates their findings to identify potential threats. There are other ways to detect potential threats, and one approach is to create a virtual environment, or 'sandbox', for the file where it can be observed to see if it exhibits any threatening behavior.
---------------------------------------------
http://www.opswat.com/blog/comparing-antivirus-threat-detection-online-sand…
*** Microsoft borks botnet takedown in Citadel snafu ***
---------------------------------------------
Stupid Redmond kicked over our honeypots, wail white hats Security researchers are complaining about collateral damage from the latest botnet take-down efforts by Microsoft and its partners.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/06/10/citadel_bot…
*** Apple Store Vulnerable to XSS ***
---------------------------------------------
There is a cross-site scripting vulnerability in the Apple Store Web site that is exposing visitors to potential attack. The vulnerability was discovered by a German security researcher who says he informed Apple about the problem in mid-May, but the vulnerability still exists.
---------------------------------------------
http://threatpost.com/apple-store-vulnerable-to-xss/
*** RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files ***
---------------------------------------------
RSA Authentication Manager Writes Operating System, SNMP, and HTTP Plug-in Proxy Passwords in Clear Text to Log Files
---------------------------------------------
http://www.securitytracker.com/id/1028638
*** Cisco IOS XR SNMP Memory Leak Lets Remote Users Deny Service ***
---------------------------------------------
Cisco IOS XR SNMP Memory Leak Lets Remote Users Deny Service
---------------------------------------------
http://www.securitytracker.com/id/1028636
*** DSA-2703 subversion ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2013/dsa-2703
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 06-06-2013 18:00 − Freitag 07-06-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Advanced Notification Service for the June 2013 Security Bulletin Release ***
---------------------------------------------
Today we're providing Advance Notification of five bulletins for release on Tuesday, June 11, 2013. This release brings one Critical- and four Important-class bulletins. The Critical-rated bulletin addresses issues in Internet Explorer, and the Important-rated bulletins address issues in Microsoft Windows and Office. We will publish the bulletins on the second Tuesday of the month, at approximately 10 a.m. PT. Please revisit this blog at that time for our official risk and impact...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/06/06/advanced-notification-se…
*** Plesk 0-day: Real or not?, (Fri, Jun 7th) ***
---------------------------------------------
Yesterday, a poster to the full disclosure mailing list described a possible new 0-day vulnerability against Plesk. Contributing to the vulnerability is a very odd configuration choice to expose "/usr/bin" via a ScriptAlias, making executables inside the directory reachable via URLs. The big question that hasnt been answered so far is how common this configuration choice is. Appaerently, some versions of Plesk on CentOS 5 are configured this way, but not necessarily exploitable. The...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15950&rss
*** 100% Compliant (for 65% of the systems), (Fri, Jun 7th) ***
---------------------------------------------
At a community college where Im helping out whenever they panic on security issues, I recently was confronted with the odd reality of a lingering malware infection on their network, even though they had deployed a custom anti-virus (AV) pattern ("extra.dat") to eradicate the problem. Of course, these days, reliance on anti-virus is somewhat moot to begin with, our recent tally of fresh samples submitted to VirusTotal had AV lagging behind about 8 days or so. If you caught a keylogger...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15959&rss
*** PHP "php_quot_print_encode()" Buffer Overflow Vulnerability ***
---------------------------------------------
A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/53736
*** Vuln: Drupal Services Module Cross Site Request Forgery Vulnerability ***
---------------------------------------------
The Services module for Drupal is prone to a cross-site request-forgery vulnerability.
---------------------------------------------
http://www.securityfocus.com/bid/60356
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 05-06-2013 18:00 − Donnerstag 06-06-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Security Bulletin: Vulnerability in IBM InfoSphere Information Server due to issues in IBM Java SDK (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169, CVE-2012-1717, CVE-2012-1718, CVE-2012-5081) ***
---------------------------------------------
Multiple IBM Java SDK security vulnerabilities exist in the IBM InfoSphere Information Server. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21639487
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul…
*** Frei zugängliche Schwachstellen-Datenbank ***
---------------------------------------------
Das Potsdamer Hasso-Plattner-Institut hat für jedermann den Zugang für eine Schwachstellendatenbank freigegeben. Darin kann der Nutzer unter anderem nach Produkten, CVE-Kennungen und Gefährdungsstufen suchen.
---------------------------------------------
http://www.heise.de/security/meldung/Frei-zugaengliche-Schwachstellen-Daten…
*** Cisco WebEx Meetings Server Information Disclosure Vulnerability ***
---------------------------------------------
Cisco WebEx Meetings Server Information Disclosure Vulnerability
---------------------------------------------
https://secunia.com/advisories/53731
*** QNAP VioStor NVR Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
QNAP VioStor NVR Cross-Site Request Forgery Vulnerability
---------------------------------------------
https://secunia.com/advisories/53583
*** QNAP VioStor NVR and QNAP NAS Products Security Bypass Security Issue and Arbitrary Command Injection Vulnerability ***
---------------------------------------------
QNAP VioStor NVR and QNAP NAS Products Security Bypass Security Issue and Arbitrary Command Injection Vulnerability
---------------------------------------------
https://secunia.com/advisories/53721
*** Operation b54: Microsoft, FBI und Finanzunternehmen schalten 1462 Botnetze ab ***
---------------------------------------------
Microsoft ist in seinen siebten Feldzug gegen Botnetze gezogen. Fünf Millionen infizierte Rechner und ein Schaden von einer halben Milliarde US-Dollar sollen die Citadel-Botnetze verursacht haben. FBI und Finanzsektor standen dem Unternehmen zur Seite.
---------------------------------------------
http://www.heise.de/security/meldung/Operation-b54-Microsoft-FBI-und-Finanz…
*** Parallels Plesk Panel Arbitrary PHP Code Execution Vulnerability ***
---------------------------------------------
Parallels Plesk Panel Arbitrary PHP Code Execution Vulnerability
---------------------------------------------
https://secunia.com/advisories/53596
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 04-06-2013 18:00 − Mittwoch 05-06-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Get Set Null Java Security ***
---------------------------------------------
Java, being widely used by the applications, has also been actively targeted by malware authors. One of the most common techniques to exploit Java applications, is to disable the security manager. This blog provides widely used logic used by malware authors...
---------------------------------------------
http://www.fireeye.com/blog/technical/2013/06/get-set-null-java-security.ht…
*** Schneider Electric Quantum Ethernet Module Hard-Coded Credentials ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-12-018-01 Schneider Electric Quantum Ethernet Module Hard-Coded Credentials that was published on January 17, 2012, on the ICS-CERT Web page
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-12-018-01A
*** Schneider Electric PLCs Multiple Vulnerabilities ***
---------------------------------------------
This updated advisory is a follow-up to the updated advisory titled ICSA-13-077-01A Schneider Electric PLCS Multiple Vulnerabilities (Update A) that was published March 20, 2013, on the ICS-CERT Web page.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-077-01B
*** Windows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx, (Wed, Jun 5th) ***
---------------------------------------------
Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15932&rss
*** IBM AIX inet IPv6 Bug Lets Remote Users Deny Service ***
---------------------------------------------
On systems configured with IPv6, a remote user can send a specially crafted IPv6 packet to cause the target system to hang.
---------------------------------------------
http://www.securitytracker.com/id/1028626
*** Mac OSX Server DirectoryService Buffer Overflow ***
---------------------------------------------
Topic: Mac OSX Server DirectoryService Buffer Overflow Risk: High Text:Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1....
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060040
*** NetGear DGN1000 and NetGear DGN2200 security bypass ***
---------------------------------------------
NetGear DGN1000 and NetGear DGN2200 could allow a remote attacker to bypass security restrictions, caused by an error in the interface when handling requests containing the currentsetting.htm substring. An attacker could exploit this vulnerability to gain unauthorized access to restricted functionality.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/84662
*** [2013-06-05] Critical vulnerabilities in CTERA portal ***
---------------------------------------------
CTERA portal contains multiple and partly critical security issues such as XML External Entity injection that allows unauthenticated attackers to fully take over the affected server.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013…
*** Apple Mac OS X Multiple Vulnerabilities ***
---------------------------------------------
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
---------------------------------------------
https://secunia.com/advisories/53684
*** PRTG Network Monitor login.htm cross-site scripting ***
---------------------------------------------
PRTG Network Monitor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the login.htm script. A remote attacker could exploit this vulnerability using the errormsg...
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/84686
*** Apache Struts OGNL Expression Injection Vulnerabilities ***
---------------------------------------------
Security Research Laboratory has reported some vulnerabilities in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/53693
*** Monkey HTTP Daemon "mk_request_header_process()" Signedness Error Buffer Overflow Vulnerability ***
---------------------------------------------
A vulnerability has been discovered in Monkey HTTP Daemon, which can be exploited by malicious people to compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/53697
*** CVE-2013-3919: A recursive resolver can be crashed by a query for a malformed zone ***
---------------------------------------------
A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c
---------------------------------------------
https://kb.isc.org/article/AA-00967
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 03-06-2013 18:00 − Dienstag 04-06-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Microsoft VC++ 2005 RTM runtime libraries installed with MSE ***
---------------------------------------------
Topic: Microsoft VC++ 2005 RTM runtime libraries installed with MSE Risk: High Text:this is part 2 of "Defense in depth -- the Microsoft way", see On Windo...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060020
*** Bugtraq: Open-Xchange Security Advisory 2013-06-03 ***
---------------------------------------------
Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed.
---------------------------------------------
http://www.securityfocus.com/archive/1/526785
*** Imperva SecureSphere Operations Manager Command Execution ***
---------------------------------------------
Topic: Imperva SecureSphere Operations Manager Command Execution Risk: High Text:Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt = ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060023
*** DS3 Authentication Server Command Execution ***
---------------------------------------------
Topic: DS3 Authentication Server Command Execution Risk: High Text:Original: http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt = - Advi...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060022
*** Vuln: MongoDB CVE-2013-2132 NULL Pointer Dereference Remote Denial of Service Vulnerability ***
---------------------------------------------
MongoDB is prone to a denial-of-service vulnerability.
Successfully exploiting this issue will allow an attacker to crash the affected application, denying service to legitimate users.
---------------------------------------------
http://www.securityfocus.com/bid/60252
*** Google-Forscher ver�ffentlicht Zero-Day-Exploit f�r Windows ***
---------------------------------------------
Durch eine Schwachstelle in s�mtlichen Windows-Versionen kommt ein gew�hnlicher Nutzer an Systemrechte. Entdeckt hat die L�cke Tavis Ormandy von Google, der seinen Fund ohne Microsoft zu informieren ins Netz stellte.
---------------------------------------------
http://www.heise.de/security/meldung/Google-Forscher-veroeffentlicht-Zero-D…
*** HPSBMU02883 SSRT101227 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code.
---------------------------------------------
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c037…
*** Blog: "NetTraveler is Running!" � Red Star APT Attacks Compromise High-Profile Victims ***
---------------------------------------------
Over the last few years, we have been monitoring a cyber-espionage campaign that has successfully compromised more than 350 high profile victims in 40 countries. The main tool used by the threat actors during these attacks is NetTraveler, a malicious program used for covert computer surveillance...
---------------------------------------------
http://www.securelist.com/en/blog/8105/NetTraveler_is_Running_Red_Star_APT_…
*** Novell ZENworks Configuration Management Control Center Multiple Vulnerabilities ***
---------------------------------------------
A weakness and some vulnerabilities have been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/53648
*** 3COM NBX V3000 Networked Telephony Solution Information Disclosure ***
---------------------------------------------
Topic: 3COM NBX V3000 Networked Telephony Solution Information Disclosure Risk: Medium Text:*Known Affected Versions: *R5_0_31 (Created March 1st, 2007) *Date Discovered: *November 13, 2012 Obviously not anything ne...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060027
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 31-05-2013 18:00 − Montag 03-06-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** WordPress Plugin Feedweb 1.8.8 Cross-site Scripting vulnerability ***
---------------------------------------------
Topic: WordPress Plugin Feedweb 1.8.8 Cross-site Scripting vulnerability Risk: Low Text:Advisory: WordPress Plugin Feedweb 1.8.8 Cross-site Scripting vulnerability Advisory ID: SSCHADV2013-004 Author: Stefan...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060001
*** ModSecurity 2.7.3 NULL pointer dereference PoC ***
---------------------------------------------
Topic: ModSecurity 2.7.3 NULL pointer dereference PoC Risk: High Text:#!/usr/bin/env python3 #-*- coding: utf-8 -*- # # Created on Mar 29, 2013 # # @author: Younes JAAIDI <yjaaidi(a)shookalabs.c...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060006
*** Security Bulletin: Multiple security vulnerabilities in IBM Sales Center for WebSphere Commerce (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-0191, CVE-2012-2159, CVE-2012-2161) ***
---------------------------------------------
Multiple security vulnerabilities have been identified in IBM Sales Center for WebSphere Commerce V6.0 and V7.0 CVEID: CVE-2008-7271 CVE-2010-4647 CVE-2012-0186 CVE-2012-0191 CVE-2012-2159 CVE-2012-2161 Affected product(s) and affected version(s): IBM Sales Center for WebSphere Commerce V6.0 (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-2159, CVE-2012-2161) IBM Sales Center for WebSphere Commerce V7.0 (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-2159,
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…
*** Besonders tückisches PayPal-Phishing ***
---------------------------------------------
Aufgepasst: Mit persönlicher Anrede und einer eigens registrierten .de-Domain greifen Cyber-Kriminelle derzeit nach den Kreditkartendaten von PayPal-Kunden. Der Schwindel fällt bestenfalls auf den zweiten Blick auf.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Besonders-tueckisches-PayPal-Phishin…
*** Security Bulletin: Potential Security Exposure in IBM HTTP Server CVE-2013-0169 ***
---------------------------------------------
Potential Security Exposure with IBM HTTP Server for WebSphere Application Server. CVEID: CVE-2013-0169 AFFECTED VERSIONS: This problem affects the IBM HTTP Server component in all editions of WebSphere Application Server and bundling products: · Version 8.5 · Version 8 · Version 7 · Version 6.1 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21635988
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pot…
*** WordPress AntiVirus FPD and Security bypass vulnerabilities ***
---------------------------------------------
Topic: WordPress AntiVirus FPD and Security bypass vulnerabilities Risk: Low Text:These are Full path disclosure and Security bypass vulnerabilities in AntiVirus for WordPress. This is security plugin for dete...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060010
*** Compromised FTP/SSH account privilege-escalating mass iFrame embedding platform released on the underground marketplace ***
---------------------------------------------
By Dancho Danchev Utilizing the very best in ‘malicious economies of scale’ concepts, cybercriminals have recently released a privilege-escalating Web-controlled mass iFrame embedding platform that’s not just relying on compromised FTP/SSH accounts, but also automatically gains root access on the affected servers in an attempt to target each and every site hosted there. Similar to […]
---------------------------------------------
http://blog.webroot.com/2013/06/03/compromised-ftpssh-account-privilege-esc…
*** IBM Tivoli Netcool/System Service Monitor Multiple OpenSSL Vulnerabilities ***
---------------------------------------------
IBM Tivoli Netcool/System Service Monitor Multiple OpenSSL Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/53720
*** Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability ***
---------------------------------------------
Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability
---------------------------------------------
https://secunia.com/advisories/53727
*** Apache Subversion svnserve and FSFS Repositories Denial of Service Vulnerabilities ***
---------------------------------------------
Apache Subversion svnserve and FSFS Repositories Denial of Service Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/53692
*** Researchers Infect iOS Devices With Malware Via Malicious Charger ***
---------------------------------------------
Sparrowvsrevolution writes "At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apples iOS. A description of their talk posted to the conference website describes how they were able to install whatever malware they wished on an Apple device within a minute of the user plugging it into...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/3xY6_Bverd0/story01.htm
*** Multiple vulnerabilities in Typo3 extensions ***
---------------------------------------------
SQL Injection vulnerability in extension Multishop: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… Several vulnerabilities in third party extensions: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… Security Bypass Vulnerability in extension powermail: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e…
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/
*** Erneut Sicherheitslücke bei ClickandBuy ***
---------------------------------------------
Die neue Schwachstelle lauerte auf der Hilfe-Seite für Kunden. Schon einmal hatte der Online-Bezahldienstleister ClickandBuy mit einer XSS-Lücke zu kämpfen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Erneut-Sicherheitsluecke-bei-Clickan…
*** IBM DB2 / DB2 Connect Global Security Toolkit SSL Information Disclosure Weakness ***
---------------------------------------------
IBM DB2 / DB2 Connect Global Security Toolkit SSL Information Disclosure Weakness
---------------------------------------------
https://secunia.com/advisories/53696
*** IBM DB2 / DB2 Connect db2aud Privilege Escalation Vulnerability ***
---------------------------------------------
IBM DB2 / DB2 Connect db2aud Privilege Escalation Vulnerability
---------------------------------------------
https://secunia.com/advisories/52663
*** TYPO3 jQuery Autocomplete for indexed_search Extension SQL Injection Vulnerability ***
---------------------------------------------
TYPO3 jQuery Autocomplete for indexed_search Extension SQL Injection Vulnerability
---------------------------------------------
https://secunia.com/advisories/53633