Daily July 2013

daily@lists.cert.at

1 participants
23 discussions

Tageszusammenfassung - Mittwoch 31-07-2013
by Daily end-of-shift report 31 Jul '13

31 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 30-07-2013 18:00 − Mittwoch 31-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** New Software Obfuscation Throws Wrench into Reverse Engineering *** --------------------------------------------- Researchers say their new software obfuscation scheme is the first time this technique has been successfully accomplished where the underlying piece of software, such as a patch, could not be reverse engineered in a matter of days. --------------------------------------------- http://threatpost.com/new-software-obfuscation-throws-wrench-into-reverse-e… *** Malware Hijacks Social Media Accounts Via Browser Add-ons *** --------------------------------------------- We spotted yet another threat lurking around social media sites targeting users of either Google Chrome or Mozilla Firefox. This threat uses fake extensions for both browsers to infiltrate user systems and hijack social media accounts specifically, Facebook, Google+, and Twitter accounts. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/malware-hijacks-… *** Pwned again: an exclusive look at Pwnie Express newest hack-in-a-box *** --------------------------------------------- The Pwn Plug R2 is a miniature NSA, ready to exploit networks for their own good. --------------------------------------------- http://arstechnica.com/security/2013/07/pwned-again-an-exclusive-look-at-pw… *** DIY commercially-available 'automatic Web site hacking as a service' spotted in the wild *** --------------------------------------------- By Dancho Danchev A newly launched underground market service, aims to automate the unethical penetration testing process, by empowering virtually all of its (paying) customers with what they claim is 'private exploitation techniques' capable of compromising any Web site. --------------------------------------------- http://blog.webroot.com/2013/07/31/diy-commercially-available-automatic-web… *** TYPO3-CORE-SA-2013-002: Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core *** --------------------------------------------- It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting and Remote Code Execution Component Type: TYPO3 Core Overall Severity: Critical --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-s… *** New Software Obfuscation Throws Wrench into Reverse Engineering *** --------------------------------------------- Researchers say their new software obfuscation scheme is the first time this technique has been successfully accomplished where the underlying piece of software, such as a patch, could not be reverse engineered in a matter of days. --------------------------------------------- https://threatpost.com/new-software-obfuscation-throws-wrench-into-reverse-… *** Mozilla Minion: Plattform für Sicherheitstests *** --------------------------------------------- Die Plattform zum Automatisieren von Sicherheitstests hat laut ihrer Entwickler mit Version 0.3 nun einen Stand erreicht, in dem sie sich erstmals im großen Stil einsetzen ließe. --------------------------------------------- http://www.heise.de/security/meldung/Mozilla-Minion-Plattform-fuer-Sicherhe… *** MalwareZ: visualizing malware activity on earth map *** --------------------------------------------- MalwareZ is a visualization project that is started as a YakindanEgitim (YE) project. YE is a startup that me and some collegues mentor young people on specific projects, remotely. It is announced as a local fork of Google Summer of Code, except neither mentors nor mentees are paid. --------------------------------------------- https://www.honeynet.org/node/1075 *** Licht an, Whirlpool aus: Smart-Home-Hacking *** --------------------------------------------- Bei der BlackHat-Konferenz widmen sich mehrere Vortragende dem Thema (un)sichere Heimautomation. Eine Journalistin von Forbes versuchte sich ebenfalls im Home-Hacking - und hatte bei acht "Smart-Homes" Erfolg. --------------------------------------------- http://www.heise.de/security/meldung/Licht-an-Whirlpool-aus-Smart-Home-Hack… *** Andromeda Botnet Gets an Update *** --------------------------------------------- The Andromeda botnet is still active in the wild and not yet dead. In fact, it's about to undergo a major update real soon. This botnet was first reported back in 2011 but has recently risen to prominence due to the latest modifications in the threat. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/andromeda-botnet… *** Siemens SIMATIC WinCC TIA Portal Two Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54051 *** Vuln: YUI CVE-2013-4939 Multiple Cross-Site Scripting Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/61177 *** Vuln: phpMyAdmin CVE-2013-4998 Multiple Unspecified Full Path Information Disclosure Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/61513 *** More heavily URL encoded PHP Exploits against Plesk "phppath" vulnerability, (Tue, Jul 30th) *** --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16255&rss *** IE9/10 information disclosure vulnerability *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070232

1 0

Tageszusammenfassung - Dienstag 30-07-2013
by Daily end-of-shift report 30 Jul '13

30 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-07-2013 18:00 − Dienstag 30-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Microsoft Expands MAPP Program to Incident Response Teams *** --------------------------------------------- Microsoft is expanding its MAPP program that shares attack and protection information with other security vendors and will now be sharing some data with incident responders, as well. The new system will enable organizations such as CERTs and internal IR teams to exchange information on specific attacks and general threats. --------------------------------------------- http://threatpost.com/microsoft-expands-mapp-program-to-incident-response-t… *** Texas students hijack superyacht with GPS-spoofing luggage *** --------------------------------------------- Dont panic, yet Students from the University of Texas successfully piloted an $80m superyacht sailing 30 miles offshore in the Mediterranean Sea by overriding the ships GPS signals without any alarms being raised... --------------------------------------------- http://www.theregister.co.uk/2013/07/29/texas_students_hijack_superyacht_wi… *** How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts? *** --------------------------------------------- By Dancho Danchev For years, many of the primary and market-share leading 'malware-infected hosts as a service' providers have become used to selling exclusive access to hosts from virtually the entire World, excluding the sale and actual infection of Russian and Eastern European based hosts. --------------------------------------------- http://blog.webroot.com/2013/07/29/how-much-does-it-cost-to-buy-one-thousan… *** BGP multiple banking addresses hijacked, (Mon, Jul 29th) *** --------------------------------------------- BGP multiple banking addresses hijacked On 24 July 2013 a significant number of Internet Protocol (IP) addresses that belong to banks suddenly were routed to somewhere else. An IP address is how packets are routed to their destination across the Internet. Why is this important you ask? Well, imagine the Internet suddenly decided that you were living in the middle of Asia and all traffic that should go to you ends up traveling through a number of other countries to get to you, but you arent --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16249&rss *** Mail from the (Velvet) Cybercrime Underground *** --------------------------------------------- Over the past six months, "fans" of this Web site and its author have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. --------------------------------------------- https://krebsonsecurity.com/2013/07/mail-from-the-velvet-cybercrime-undergr… *** Custom USB sticks bypassing Windows 7/8's AutoRun protection measure going mainstream *** --------------------------------------------- By Dancho Danchev When Microsoft disabled AutoRun on XP and Vista back in February, 2011, everyone thought this was game over for the bad guys who were abusing the removable media distribution/infection vector in particular. --------------------------------------------- http://blog.webroot.com/2013/07/30/custom-usb-sticks-bypassing-windows-78s-… *** NASA: In die Cloud geschubst *** --------------------------------------------- Von den Bundesbehörden in die Cloud gedrängt und ohne richtige Cloud-Strategie, schob die NASA Daten in die Wolke - nicht abgesichert und teils ohne Wissen des zuständigen Büros. Bei den Bundesbehörden setzt man aber weiterhin auf die Cloud. --------------------------------------------- http://www.heise.de/security/meldung/NASA-In-die-Cloud-geschubst-1926189.ht… *** CrowdSource Tool Aims to Improve Automated Malware Analysis *** --------------------------------------------- When a new piece of malware surfaces, it's typically analyzed eight ways from Sunday by a long list of antimalware and other security companies, government agencies, CERTs and other organizations who try to break it down and classify its capabilities. --------------------------------------------- http://threatpost.com/crowdsource-tool-aims-to-improve-automated-malware-an… *** Vuln: phpMyAdmin Multiple SQL Injection and Cross Site Scripting Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/61493 *** Debian Security Advisory DSA-2730 gnupg *** --------------------------------------------- http://www.debian.org/security/2013/dsa-2730 *** Bugtraq: MojoPortal XSS *** --------------------------------------------- http://www.securityfocus.com/archive/1/527629 *** OpenOffice.org OOXML code execution *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86002 *** FreeBSD NFS security bypass *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86003 *** FluxBB 1.5.3 Multiple Remote Vulnerabilities *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070223

1 0

Tageszusammenfassung - Montag 29-07-2013
by Daily end-of-shift report 29 Jul '13

29 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 26-07-2013 18:00 − Montag 29-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** ISC BIND RDATA Processing Bug Lets Remote Users Deny Service *** --------------------------------------------- ISC BIND RDATA Processing Bug Lets Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1028838 *** Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070206 *** Informatiker-Team darf Startcodes für Luxusautos nicht offenlegen *** --------------------------------------------- Flavio Garcia von der Universität Birmingham hat ein Sicherheitssystem ausgetrickst, das bei Fahrzeugen der Luxusklasse zum Einsatz kommt. Die geplante Veröffentlichung auf dem Washingtoner Usenix-Symposium wurde ihm jedoch gerichtlich verboten. --------------------------------------------- http://www.heise.de/security/meldung/Informatiker-Team-darf-Startcodes-fuer… *** ASUS RT-AC66U Remote Root Shell Exploit - acsd param command *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070209 *** Defending Against Web Server Denial of Service Attacks *** --------------------------------------------- Earlier this weekend, one of readers reported in an odd attack toward an Apache web server that he supports. The server was getting pounded with port 80 requests like the excerpt below. This attack had been ramping up since the 21st of July, but the "owners" of the server only detected problems with website accessibility today. They contacted the server support staff who attempted to block the attack by scripting a search for the particular user agent string and then dropping the IP --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16240&rss *** Windows: Dynamische Zertifikat-Updates gefährden SSL-Verschlüsselung *** --------------------------------------------- Windows lädt Stammzertifikate zum Prüfen von Verschlüsselungszertifikaten ohne Anwender-Interaktion aus dem Internet nach. Das weckt Zweifel an der Verlässlichkeit der Verschlüsselung von Windows. --------------------------------------------- http://www.heise.de/security/meldung/Windows-Dynamische-Zertifikat-Updates-… *** [shellcode] - Windows RT ARM Bind Shell (Port 4444) *** --------------------------------------------- Windows RT ARM Bind Shell (Port 4444) --------------------------------------------- http://www.exploit-db.com/exploits/27180 *** Dovecot / Exim Exploit Detects, (Mon, Jul 29th) *** --------------------------------------------- Sometimes it doesnt take an IDS to detect an attack, but just reading your e-mail will do. Our read Timo sent along these two e-mails he received, showing exploitation of a recent Dovecot/Exim configuration flaw --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16243&rss *** OpenOffice DOC Memory Corruption *** --------------------------------------------- The vulnerability is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070213 *** Header Spoofing Hides Malware Communication *** --------------------------------------------- Spoofing whether in the form of DNS, legitimate email notification, IP, address bar is a common part of Web threats. We've seen its several incarnations in the past, but we recently found a technique known as header spoofing, which puts a different spin on evading detection. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/header-spoofing-… *** TRENDnet TEW-812DRU CSRF Command Injection > Shell Exploit *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070216 *** Vuln: HP LoadRunner CVE-2013-4800 Remote Code Execution Vulnerability *** --------------------------------------------- HP LoadRunner CVE-2013-4800 Remote Code Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/61446 *** Verschlüsselung: GnuPG bremst neuen Seitenkanalangriff *** --------------------------------------------- Australische Forscher haben aufgezeigt, wie man prinzipiell von einer Virtuellen Maschine aus die Schlüssel einer anderen auf demselben PC ausspionieren kann. Ein GnuPG-Update erschwert das jetzt zumindest. --------------------------------------------- http://www.heise.de/security/meldung/Verschluesselung-GnuPG-bremst-neuen-Se… *** PineApp Mail-SeCure Series Multiple Arbitrary Commands Injection Vulnerabilities *** --------------------------------------------- PineApp Mail-SeCure Series Multiple Arbitrary Commands Injection Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54342 *** Symantec slams Web Gateway back door on would-be corporate spies *** --------------------------------------------- Critical remote code execution vuln fixed - only five months later Symantec has plugged a series of critical flaws in its Web Gateway appliances which included a backdoor permitting remote code execution on targeted systems. --------------------------------------------- http://www.theregister.co.uk/2013/07/29/symantec_web_gateway_vulns_fixed/ *** Hintergrund: Raubzug in Browser-Passwort-Safes *** --------------------------------------------- Ohne spezielles Passwort sind die im Passwort-Safe eines Browser gespeicherten Passwörter leichte Beute -- wenn man weiß wie. --------------------------------------------- http://www.heise.de/security/artikel/Raubzug-in-Browser-Passwort-Safes-1918… *** Tampering with a car's brakes and speed by hacking its computers: A new how-to *** --------------------------------------------- The "Internet of automobiles" may hold promise, but it comes with risks, too. --------------------------------------------- http://arstechnica.com/security/2013/07/disabling-a-cars-brakes-and-speed-b… *** Analysis: Spam in June 2013 *** --------------------------------------------- Contrary to our forecasts the number of phishing attacks on social networking sites fell in June. However these sites remain the most attractive target for phishers. --------------------------------------------- http://www.securelist.com/en/analysis/204792296/Spam_in_June_2013 *** Kaspersky: Angriffe auf Gamer nehmen zu *** --------------------------------------------- Die Zahl der Angriffe auf Online-Gamer steigt laut Kaspersky auch in diesem Jahr. Besonders mit gut gemachten Phishing-Mails werden Spieler um ihre Kontodaten betrogen. Geklaute virtuelle Gegenstände zu verticken, bringt zusätzlich Geld. --------------------------------------------- http://www.heise.de/security/meldung/Kaspersky-Angriffe-auf-Gamer-nehmen-zu…

1 0

Tageszusammenfassung - Freitag 26-07-2013
by Daily end-of-shift report 26 Jul '13

26 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 25-07-2013 18:00 − Freitag 26-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** WordPress Duplicator 0.4.4 Cross Site Scripting *** --------------------------------------------- Topic: WordPress Duplicator 0.4.4 Cross Site Scripting Risk: Low Text:Advisory ID: HTB23162 Product: Duplicator WordPress Plugin Vendor: LifeInTheGrid Vulnerable Version(s): 0.4.4 and probably ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070201 *** Haunted by the Ghosts of ZeuS & DNSChanger *** --------------------------------------------- One of the challenges in malware research is separating the truly novel innovations in malcoding from new nasties that merely include nominal or superficial tweaks. This dynamic holds true for both malware researchers and purveyors, albeit for different reasons. Researchers wish to avoid being labeled alarmist in calling special attention to what appears to be an emerging threat that turns out to be old news; the bad guys just want to avoid getting scammed into paying for an old malware kit --------------------------------------------- https://krebsonsecurity.com/2013/07/haunted-by-the-ghosts-of-zeus-dnschange… *** Versteckte Rechteverwaltung in Android 4.3 *** --------------------------------------------- Android 4.3 bringt eine Funktion mit, um Apps nachträglich ihre Rechte zu entziehen. Freigeschaltet ist sie noch nicht, doch das geht mit einem kleinen Trick. Die Apps sind darauf allerdings nicht vorbereitet und reagieren unterschiedlich. --------------------------------------------- http://www.heise.de/security/meldung/Versteckte-Rechteverwaltung-in-Android… *** Blog: Malicious news - birth, death, spy scandal *** --------------------------------------------- Anna Volodina and Ram Herkanaidu --------------------------------------------- http://www.securelist.com/en/blog/8110/Malicious_news_birth_death_spy_scand… *** Poker player who won $1.5 million charged with running Android malware ring *** --------------------------------------------- Contact-stealing Android malware allegedly used to fuel $3.9M spam operation. --------------------------------------------- http://arstechnica.com/information-technology/2013/07/poker-player-who-won-… *** The Dangers of a Royal Baby: Scams Abound *** --------------------------------------------- Big news stories are always an opportunity for scammers and spammers, who attempt to redirect users to malicious exploit kits or other unwanted services. Britain's royal baby is the latest news to offer cover for malware. We have already found a lot of spam messages regarding the birth and baby that lead users to the Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/the-dangers-of-a-royal-baby-scams-abound *** Hintergrund: Zukunftssicher Verschlüsseln mit Perfect Forward Secrecy *** --------------------------------------------- Mit einem exotischen Feature bestimmter Verschlüsselungseinstellungen, könnten Server-Betreiber der NSA in die Suppe spucken. Leider macht das bisher nur ein einziger der großen Diensteanbieter. --------------------------------------------- http://www.heise.de/security/artikel/Zukunftssicher-Verschluesseln-mit-Perf… *** Short-URL Services May Hide Threats *** --------------------------------------------- In a recent post, AppAppeal ranked the most popular URL shorteners. The top five includes TinyURL, Goo.gl, Bit.ly, Ow.ly and is.gd. Unfortunately, these helpful services are also used to hide a large number of malicious URLs. This result has made me want to learn more about malicious links that may be hidden behind these shortcuts. Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/short-url-services-may-hide-threats *** Microsoft: 88 Percent of Citadel Botnets Down *** --------------------------------------------- Nearly two months after the company was part of an operation to disrupt a large number of Citadel botnets, Microsoft said that 88 percent of the botnets spawned by that malware have been taken down. Citadel is a Trojan designed specifically to steal financial information from a variety of sources using a number of techniques. --------------------------------------------- http://threatpost.com/microsoft-88-percent-of-citadel-botnets-down/101503 *** Powershell Payload Web Delivery *** --------------------------------------------- Topic: Powershell Payload Web Delivery Risk: Medium Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070202 *** FileChucker filechucker.cgi file upload *** --------------------------------------------- FileChucker filechucker.cgi file upload --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85965 *** [2013-07-26] Critical vulnerabilities in Symantec Web Gateway *** --------------------------------------------- The identified vulnerabilities enable state-sponsored or criminal hackers to take full control of the Symantec Web Gateway Appliance. The surveillance of all internet web activities, which are supposed to be protected by the Symantec solution, can be performed by the attacker easily. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** Bugtraq: Xymon Systems and Network Monitor - remote file deletion vulnerability *** --------------------------------------------- Xymon Systems and Network Monitor - remote file deletion vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/527534 *** BMC Service Desk Express Cross-Site Scripting and SQL Injection Vulnerabilities *** --------------------------------------------- BMC Service Desk Express Cross-Site Scripting and SQL Injection Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54145 *** Aktueller Phishing-Angriff auf Apple-Nutzer *** --------------------------------------------- Einige Online-Ganoven scheinen den aktuellen Ausfall von Apples Entwicklerbereich zu nutzen, um an Apple-IDs zu gelangen. --------------------------------------------- http://www.heise.de/security/meldung/Aktueller-Phishing-Angriff-auf-Apple-N… *** Malware Evasion Techniques Dissected at Black Hat *** --------------------------------------------- Researchers use file-level sandboxes to analyze the behavior of malware samples as well as techniques malicious code uses to detect and evade analysis. --------------------------------------------- http://threatpost.com/malware-evasion-techniques-dissected-at-black-hat/101… *** So funktioniert der SIM-Karten-Hack *** --------------------------------------------- Vor rund einer Woche deckte der deutsche Kryptographieexperte Karsten Nohl auf, dass sich Millionen SIM-Kartendaten durch das Hacken der DES-Schlüssel ausnutzen lassen. Wie das genau geht, zeigt unser Video. --------------------------------------------- http://www.heise.de/security/meldung/So-funktioniert-der-SIM-Karten-Hack-19…

1 0

Tageszusammenfassung - Donnerstag 25-07-2013
by Daily end-of-shift report 25 Jul '13

25 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 24-07-2013 18:00 − Donnerstag 25-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Multiple Vulnerabilities in the Cisco Video Surveillance Manager *** --------------------------------------------- The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Google Wallet and Paypal Phishing by abusing WhatsApp *** --------------------------------------------- Google Wallet and Paypal Phishing by abusing WhatsApp --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070185 *** Vuln: PHP ext/soap/php_xml.c Multiple Arbitrary File Disclosure Vulnerabilities *** --------------------------------------------- PHP is prone to multiple arbitrary file-disclosure vulnerabilities because the application fails to sanitize user-supplied input. An authenticated attacker can exploit these vulnerabilities to view arbitrary files within the context of the affected application. Other attacks are also possible. --------------------------------------------- http://www.securityfocus.com/bid/58766 *** Google strengthens Android security muscle with NSA-developed protection *** --------------------------------------------- Addition of SELinux to version 4.3 one of several improvements to Android security. --------------------------------------------- http://arstechnica.com/security/2013/07/google-strengthens-android-security… *** Windu CMS 2.2 CSRF Add Admin Exploit *** --------------------------------------------- Topic: Windu CMS 2.2 CSRF Add Admin Exploit Risk: Low Text:<!-- Windu CMS 2.2 CSRF Add Admin Exploit Vendor: Adam Czajkowski Product web page: http://www.windu.org Affected ver... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070187 *** Toward A Greater Mobile Mal-Awareness *** --------------------------------------------- Several recent developments in mobile malware are conspiring to raise the threat level for Android users, making it easier for attackers to convert legitimate applications into malicious apps and to undermine the technology that security experts use to tell the difference. --------------------------------------------- https://krebsonsecurity.com/2013/07/toward-a-greater-mobile-mal-awareness/ *** Cisco ASA Input Validation Flaw in WebVPN Portal Login Page Permits Cross-Site Scripting Attacks *** --------------------------------------------- Cisco ASA Input Validation Flaw in WebVPN Portal Login Page Permits Cross-Site Scripting Attacks --------------------------------------------- http://www.securitytracker.com/id/1028831 *** nginx 1.3.9 / 1.4.0 x86 Brute Force Remote Exploit Description *** --------------------------------------------- nginx 1.3.9 / 1.4.0 x86 Brute Force Remote Exploit --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070192 *** OWASP AppSec Research 2013: Konferenz und Trainings in Hamburg *** --------------------------------------------- Vom 20. bis zum 23. August lädt die OWASP-Community zu Trainings, Workshops, Reden und Diskussionsrunden nach Hamburg ein. --------------------------------------------- http://www.heise.de/security/meldung/OWASP-AppSec-Research-2013-Konferenz-u… *** HP LoadRunner Denial of Service and Arbitrary Code Execution Vulnerabilities *** --------------------------------------------- HP LoadRunner Denial of Service and Arbitrary Code Execution Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54138 *** Raid millions of bank accounts. New easy-to-use tool. Yours for $5,000 *** --------------------------------------------- F... KINS hell! Cybercrooks have brewed a new professional-grade Trojan toolkit called KINS that will pose plenty of problems for banks and their customers in the months and years ahead. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/07/25/kins_bankin… *** Hacking the SIM card: Why it matters to the enterprise *** --------------------------------------------- It appears that the SIM card has finally been hacked, more than 20 years after it was first developed. More specifically, security researcher Karsten Nohl of Security Research Labs says he has found a serious vulnerability that allows mobile phones to be tricked into granting access to SMS functions and other capabilities--without the owner knowing. --------------------------------------------- http://www.fiercecio.com/techwatch/story/hacking-sim-card-why-it-matters-en… *** Dissecting a WordPress Brute Force Attack *** --------------------------------------------- Over the past few months there has been a lot of discussion about WordPress Brute Force attacks. With that discussion has come a lot of speculation as well. What are they doing? Is it a giant WordPress botnet? Is it going to destroy the internet? Well, as you would expect of any good geeks we set out to find a way to find out. --------------------------------------------- http://blog.sucuri.net/2013/07/dissecting-a-wordpress-brute-force-attack.ht… *** Warnung vor Orbit Downloader *** --------------------------------------------- Der Download-Manager beteiligt sich unmittelbar nach dem Start an einem Cyber-Angriff auf vietnamesische IP-Adressen und legt damit auch das lokale Netz lahm. --------------------------------------------- http://www.heise.de/security/meldung/Warnung-vor-Orbit-Downloader-1923667.h…

1 0

Tageszusammenfassung - Mittwoch 24-07-2013
by Daily end-of-shift report 24 Jul '13

24 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-07-2013 18:00 − Mittwoch 24-07-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Vuln: Django User Account Enumeration Information Disclosure Vulnerability *** --------------------------------------------- Django is prone to an information-disclosure vulnerability. --------------------------------------------- http://www.securityfocus.com/bid/61385 *** KINS Banking Trojan a Successor to Citadel? *** --------------------------------------------- A new strain of banking malware called KINS has been discovered for sale on a closed Russian underground forum. --------------------------------------------- http://threatpost.com/kins-banking-trojan-a-successor-to-citadel/101440 *** Sonderheft ct Security: Rundumschutz gegen den Abhörwahn *** --------------------------------------------- Die ct-Redaktion will es mit dem Sonderheft ct Security Angreifern so schwer wie möglich machen: 170 Seiten Praxis, Anleitungen und Know-how, die Live-DVD mit Desinfect, ct Bankix, ct Surfix und ein JonDonym-Gratispaket liefern das passende Rüstzeug. --------------------------------------------- http://www.heise.de/newsticker/meldung/Sonderheft-c-t-Security-Rundumschutz… *** One-Stop Bot Chop-Shops *** --------------------------------------------- New fraudster-friendly content management systems are making it more likely than ever that crooks who manage botnets and other large groupings of hacked PCs will extract and sell all credentials of value that can be harvested from the compromised machines. --------------------------------------------- https://krebsonsecurity.com/2013/07/one-stop-bot-chop-shops/ *** Long-Range RFID Hacking Tool to be Released at Black Hat *** --------------------------------------------- A tool that enables a hacker or penetration tester to capture RFID card data from up to three feet away will be released next week at Black Hat. --------------------------------------------- http://threatpost.com/long-range-rfid-hacking-tool-to-be-released-at-black-… *** Bugtraq: Orbit Downloader versions causing massive SYN flooding. Cyberoam cautions! *** --------------------------------------------- Cyberoam cautions all Orbit Downloader users, as the latest version of the Orbit Downloader is turning computers, devices into a SYN Flooder. It is found that as... --------------------------------------------- http://www.securityfocus.com/archive/1/527478 *** New Office 2010 and SharePoint 2010 Service Packs Roll Out *** --------------------------------------------- jones_supa writes "While service packs are out of style for the Windows operating system, Microsoft has pushed out another service pack (SP2) for both Office 2010 and SharePoint 2010 products. According to the company, they provide key updates and fixes across servers, services and applications including security, stability, and performance enhancements and better compatibility with Windows 8, Internet Explorer 10, Office 2013, and SharePoint 2013. The updates are available through Windows --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/cGtgDc_6QO4/story01.htm *** Ubuntu update for openjdk-6 *** --------------------------------------------- Ubuntu has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive information and manipulate certain data and by malicious people to conduct spoofing attacks,... --------------------------------------------- https://secunia.com/advisories/54254 *** HowTo: Detecting Persistence Mechanisms *** --------------------------------------------- This post is about actually detecting persistence mechanisms...not querying them, but detecting them. Theres a difference between querying known persistence mechanisms, and detecting previously unknown persistence mechanisms used by malware; the former we can do with tools such as AutoRuns and RegRipper, but the latter requires a bit more work. --------------------------------------------- http://windowsir.blogspot.co.uk/2013/07/howto-detecting-persistence-mechani… *** Linux kernel: panic while appending data to a corked IPv6 socket *** --------------------------------------------- Linux kernel built with the IPv6 networking support is vulnerable to a crash while appending data to an IPv6 socket with UDP_CORKED option set. UDP_CORK enables accumulating data and sending it as single datagram. An unprivileged user/program could use this flaw to crash the kernel, resulting in local DoS. --------------------------------------------- http://seclists.org/oss-sec/2013/q3/176 *** IBM WebSphere Multichannel Bank Transformation Toolkit Multiple Java Vulnerabilities *** --------------------------------------------- IBM has acknowledged multiple vulnerabilities in IBM WebSphere Multichannel Bank Transformation Toolkit, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct... --------------------------------------------- https://secunia.com/advisories/54288 *** TYPO3 CMS 4.5.28, 4.7.13, 6.0.7 and 6.1.2 released *** --------------------------------------------- The TYPO3 Community announces the versions 4.5.28, 4.7.13, 6.0.7 and 6.1.2 of the TYPO3 Enterprise Content Management System. --------------------------------------------- http://typo3.org/news/article/typo3-cms-4528-4713-607-and-612-released/ *** First malicious apps to exploit critical Android bug found in the wild *** --------------------------------------------- Flaw allows attackers to surreptitiously inject malicious code in legit apps. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/a9xoVMvQpUI/story01… *** Cisco Unified MeetingPlace Web Conferencing Security Bypass Security Issue *** --------------------------------------------- A security issue has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54281 *** Avaya Call Management System (CMS) Java Multiple Vulnerabilities *** --------------------------------------------- Avaya has acknowledged multiple vulnerabilities in Avaya Call Management System (CMS), which can be exploited by malicious, local users to gain escalated privileges and by malicious people to manipulate certain data and cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/54291 *** IBM Social Media Analytics Platform cross-site scripting *** --------------------------------------------- IBM Social Media Analytics Platform is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85253 *** Bugtraq: Cross-Site Scripting (XSS) in Duplicator WordPress Plugin *** --------------------------------------------- High-Tech Bridge Security Research Lab discovered XSS vulnerability in Duplicator WordPress plugin, which can be exploited to perform cross-site scripting attacks against vulnerable application. --------------------------------------------- http://www.securityfocus.com/archive/1/527489 *** Royal Baby Spam Campaign Leads to Black Hole-Infected Site *** --------------------------------------------- Everyone loves babies, especially magical royal ones who are destined to pull a sword from a stone. As it turns out, the baby admiring demographic also includes spammers, who are using the current frenzy over the birth of Prince William and Duchess Kate's baby boy to direct victims to a site serving the Black Hole... --------------------------------------------- http://threatpost.com/royal-baby-spam-campaign-leads-to-black-hole-infected…

1 0

Tageszusammenfassung - Dienstag 23-07-2013
by Daily end-of-shift report 23 Jul '13

23 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 22-07-2013 18:00 − Dienstag 23-07-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** QEMU Guest Agent Unquoted Search Path Lets Local Users Gain Elevated Privileges *** --------------------------------------------- A vulnerability was reported in QEMU. A local user on the guest operating system can obtain elevated privileges on the target system. --------------------------------------------- http://www.securitytracker.com/id/1028814 *** libvirt qemuAgentGetVCPUs() function privilege escalation *** --------------------------------------------- libvirt could allow a local attacker to gain elevated privileges on the system, caused by a double-free error within the qemuAgentGetVCPUs() function in qemu/qemu_agent.c file . An attacker could exploit this vulnerability to gain elevated privileges on the system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85890 *** Cisco Aironet Memory Corruption Error Lets Remote Users Deny Service *** --------------------------------------------- A vulnerability was reported in Cisco Aironet. A remote user can cause denial of service conditions. --------------------------------------------- http://www.securitytracker.com/id/1028818 *** Cisco Unified Operations Manager Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- A vulnerability was reported in Cisco Unified Operations Manager. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028819 *** Hoster OVH gehackt: "Wir waren nicht paranoid genug" *** --------------------------------------------- Die französische Hosting-Firma OVH hat einen Angriff auf ihre internen Systeme registriert. Kunden werden dazu aufgerufen ihre Passwörter zu ändern. Es könnten über 400.000 Personen betroffen sein. --------------------------------------------- http://www.heise.de/security/meldung/Hoster-OVH-gehackt-Wir-waren-nicht-par… *** Symantec Encryption Management Server Email Attachments Script Insertion Vulnerability *** --------------------------------------------- A vulnerability has been reported in Symantec Encryption Management Server, which can be exploited by malicious users to conduct script insertion attacks. --------------------------------------------- https://secunia.com/advisories/54214 *** [remote] - Foreman (Red Hat OpenStack/Satellite) bookmarks/create Code Injection *** --------------------------------------------- This module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier). --------------------------------------------- http://www.exploit-db.com/exploits/27045

1 0

Tageszusammenfassung - Montag 22-07-2013
by Daily end-of-shift report 22 Jul '13

22 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 19-07-2013 18:00 − Montag 22-07-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Hack exposes e-mail addresses, password data for 2 million Ubuntu Forum users *** --------------------------------------------- Ubuntu maintainer Canonical exhorts users to change passwords immediately. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/_k7Kb5g3abo/story01… *** Bugtraq: Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability *** --------------------------------------------- References: http://vulnerability-lab.com/get_content.php?id=775 --------------------------------------------- http://www.securityfocus.com/archive/1/527423 *** Bugtraq: Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities *** --------------------------------------------- References: http://www.vulnerability-lab.com/get_content.php?id=727 --------------------------------------------- http://www.securityfocus.com/archive/1/527422 *** Gefahr durch SIM-Karten-Hack *** --------------------------------------------- Die ITU will Mobilfunkprovider weltweit auf die Gefahr durch schwache Verschlüsselungstechnik von SIM-Karten aufmerksam machen. Angreifer können dadurch Handys mit manipulierten SMS-Nachrichten übernehmen. --------------------------------------------- http://www.heise.de/newsticker/meldung/ITU-warnt-vor-Gefahr-durch-SIM-Karte… *** GPG4Win bringt Verschlüsselung für Outlook 2010 *** --------------------------------------------- Mit neuer Version werden auch die 64-bit-Versionen von Windows XP und Vista unterstützt --------------------------------------------- http://derstandard.at/1373513307363 *** Compromised Sites Conceal StealRat Botnet Operations *** --------------------------------------------- Advances in spam detection meant that spam operators had to find ways to circumvent new technologies. For instance, Asprox made significant improvements in their spam and module architecture whereas Pushdo made use of decoy network traffic. Recently, we have discovered a new simple method used by a spam botnet we named StealRat. It consists of [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroCompromised Sites Conceal StealRat Botnet Operations... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/0Z3mrtbjVD4/ *** Apple Developer Site Breach, (Mon, Jul 22nd) *** --------------------------------------------- Apple closed access to its developer site after learning that it had been compromissed and developers personal information had been breached [1]. In the notice posted to the site, Apple explained that some developers personal information like name, e-mail address and mailing address may have been accessed. The note does not mention passwords, or if password hashes were accessed. One threat often forgotten in these breaches is phishing. If an attacker has access to some personal information... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16210&rss *** Apache HTTP Server mod_dav and mod_session_dbd Vulnerabilities *** --------------------------------------------- Two vulnerabilities have been reported in Apache HTTP Server, where one has an unknown impact and the other one can be exploited by malicious people to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/54241 *** IBM WebSphere Message Broker Java Multiple Vulnerabilities *** --------------------------------------------- IBM has acknowledged multiple vulnerabilities in IBM WebSphere Message Broker, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54261

1 0

Tageszusammenfassung - Freitag 19-07-2013
by Daily end-of-shift report 19 Jul '13

19 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 18-07-2013 18:00 − Freitag 19-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** NanoSSH Denial Of Service *** --------------------------------------------- Topic: NanoSSH Denial Of Service Risk: Medium Text:Hi, Various openssh 6.2p1 users including our administrators stumbled over this nice bug in the "nanossh server" during pre... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070142 *** Drupal MRBS 6.x / 7.x CSRF / SQL Injection *** --------------------------------------------- Topic: Drupal MRBS 6.x / 7.x CSRF / SQL Injection Risk: Medium Text:View online: https://drupal.org/node/2044173 * Advisory ID: DRUPAL-SA-CONTRIB-2013-058 * Project: MRBS [1] (third-party... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070143 *** Nginx 1.3.9 / 1.4.0 Buffer Overflow *** --------------------------------------------- Topic: Nginx 1.3.9 / 1.4.0 Buffer Overflow Risk: High Text:# encoding: ASCII abort("#{$0} host port") if ARGV.length < 2 require ronin $count = 0 # rop address taken from nginx... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070151 *** Erpressung: GVU-Trojaner sperrt wieder Windows-Rechner *** --------------------------------------------- Neue Varianten des Trojaners im Umlauf - Will Betroffene zur Überweisung von 100 Euro bringen --------------------------------------------- http://derstandard.at/1373513113284 *** IBM WebSphere Real Time Java Multiple Vulnerabilities *** --------------------------------------------- IBM has acknowledged multiple vulnerabilities in IBM WebSphere Real Time, which can be exploited by malicious, local users to disclose certain sensitive information and manipulate certain data and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54257 *** JBoss RichFaces Resource Deserialisation Security Bypass Vulnerability *** --------------------------------------------- A vulnerability has been reported in JBoss RichFaces, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54162 *** [2013-07-19] Multiple vulnerabilities in Sybase EAServer *** --------------------------------------------- Sybase EAServer is vulnerable to Path Traversal and XML External Entity Injection attacks. By exploiting these vulnerabilities an unauthenticated attacker can retrieve administrative credentials from configuration files and run arbitrary OS commands using the WSH service. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Cisco IOS GET VPN Encryption Policy Bypass Vulnerability *** --------------------------------------------- A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS could allow traffic to bypass the configured encryption policy. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** More Details on EXPIRO File Infectors *** --------------------------------------------- We recently reported on an unusual attack involving exploit kits and file infectors. What makes the attack even more notable is that the file infectors used also have information theft routines, a behavior uncommon among file infectors. These file infectors are part of the PE_EXPIRO family, which was first spotted in 2010. It’s possible that [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroMore Details on EXPIRO File Infectors --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/_wieFR4INGs/ *** [SE-2012-01] New Reflection API affected by a known 10+ years old attack *** --------------------------------------------- A new vulnerability (Issue 69) that was submitted to Oracle today makes it possible to implement a very classic attack against Java VM. Whats in particular interesting is that the attack itself has been in the public knowledge for at least 10+ years... --------------------------------------------- http://seclists.org/fulldisclosure/2013/Jul/172 *** Tiki Wiki CMS/Groupware Multiple Vulnerabilities *** --------------------------------------------- A weakness and two vulnerabilities have been discovered in Tiki Wiki CMS/Groupware, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose certain system information and conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/54149 *** Bugtraq: Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials *** --------------------------------------------- Due to a unspecified bug in the WD My Net N600, N750, N900 and N900C routers, administrative credentials are stored in plain text and are easily accessible from a remote location on the WAN side of the router. --------------------------------------------- http://www.securityfocus.com/archive/1/527370 *** DDoS attacks are getting bigger, stronger and longer *** --------------------------------------------- Prolexic Technologies announced that the average packet-per-second (pps) rate reached 47.4 Mpps and the average bandwidth reached 49.24 Gbps based on data collected in Q2 2013 from DDoS attacks launched against its global client base. These metrics, representing increases of 1,655 percent and 925 percent respectively compared to Q2 2012. --------------------------------------------- https://www.net-security.org/secworld.php?id=15243

1 0

Tageszusammenfassung - Donnerstag 18-07-2013
by Daily end-of-shift report 18 Jul '13

18 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 17-07-2013 18:00 − Donnerstag 18-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Multiple Vulnerabilities in Cisco Unified Communications Manager *** --------------------------------------------- Cisco Unified Communications Manager (Unified CM) contains multiple vulnerabilities that could be used together to allow an unauthenticated, remote attacker to gather user credentials, escalate privileges, and execute commands to gain full control of the vulnerable system. A successful attack could allow an unauthenticated attacker to access, create or modify information in Cisco Unified CM. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Multiple Vulnerabilities in Cisco Intrusion Prevention System Software *** --------------------------------------------- Cisco IPS Software Malformed IP Packets Denial of Service Vulnerability Cisco IPS Software Fragmented Traffic Denial of Service Vulnerability Cisco IPS NME Malformed IP Packets Denial of Service Vulnerability Cisco IDSM-2 Malformed TCP Packets Denial of Service Vulnerability --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** On "FBI" "Ransomware" and Macs *** --------------------------------------------- On Monday, Malwarebytes researcher Jerome Segura posted a nice write up (and video) about FBI themed ransom scams targeting users of Apple Mac OS X.The basics are as such: • Segura discovered the scam via a Bing Images search for Taylor Swift. • A compromised site hosting the image linked to a webpage mimicking police ransomware. • Only it isnt really "ware" in the normal sense of a ransomware trojan. • The scam uses clever persistent JavaScript in its attempt to... --------------------------------------------- http://www.f-secure.com/weblog/archives/00002577.html *** New commercially available Web-based WordPress/Joomla brute-forcing tool spotted in the wild *** --------------------------------------------- By Dancho Danchev Thanks to the fact that users not only continue to use weak passwords, but also, re-use them across multiple Web properties, brute-forcing continues to be an effective tactic in the arsenal of every cybercriminal. With more malicious underground market releases continuing to utilize this technique in an attempt to empower potential cybercriminals with […] --------------------------------------------- http://blog.webroot.com/2013/07/17/new-commercially-available-web-based-wor… *** ePhoto Transfer v1.2.1 iOS Multiple Web Vulnerabilities *** --------------------------------------------- Topic: ePhoto Transfer v1.2.1 iOS Multiple Web Vulnerabilities Risk: Medium Text:Title: ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities Date: == 2013-07-17 References: == http... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070132 *** Flux Player v3.1.0 iOS File Include & Arbitrary File Upload Vulnerability *** --------------------------------------------- Topic: Flux Player v3.1.0 iOS File Include & Arbitrary File Upload Vulnerability Risk: High Text:Title: Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability Date: == 2013-07-16 Refere... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070136 *** HPSBST02896 rev.2 - HP StoreVirtual Storage, Remote Unauthorized Access *** --------------------------------------------- A potential security vulnerability has been identified with the HP StoreVirtual Storage. This vulnerability could be remotely exploited to gain unauthorized access to the device. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** BlackBerry späht Mail-Login aus *** --------------------------------------------- Wer auf einem aktuellen BlackBerry seinen Mail-Account konfiguriert hat, sollte besser sein Passwort ändern. Die dort eingegebenen Zugangsdaten kennt nämlich auch der Hersteller. --------------------------------------------- http://www.heise.de/security/meldung/BlackBerry-spaeht-Mail-Login-aus-19197… *** Autodesk Multiple Products DWG Processing Code Execution Vulnerability *** --------------------------------------------- A vulnerability has been reported in multiple Autodesk products, which can be exploited by malicious people to compromise a user's system. --------------------------------------------- https://secunia.com/advisories/54198 *** Hackers crippled OVER HALF of worlds financial exchanges - report *** --------------------------------------------- Repeated assaults leave bankers in quivering heaps Half of all the worlds critical financial exchanges have suffered cyber attacks in the past year, a report has found... --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/07/18/half_of_all… *** IBM API Management Security Bulletin: security vulnerability in IBM API Management V2.0 *** --------------------------------------------- There is an unspecified security vulnerability in IBM API Management which may allow an unauthorized user to gain access to the system. --------------------------------------------- https://www-304.ibm.com/support/docview.wss?uid=swg21643847 *** RuggedCom Rugged Operating System Multiple Vulnerabilities *** --------------------------------------------- RuggedCom has acknowledged multiple vulnerabilities in Rugged Operating System, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54223 *** Joomla! Googlemaps Plugin "url" Cross-Site Scripting Vulnerability *** --------------------------------------------- MustLive has discovered a vulnerability in the Googlemaps plugin for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/54055 *** Drupal Hostmaster (Aegir) Module Security Bypass Security Issue *** --------------------------------------------- A security issue has been reported in the Hostmaster (Aegir) module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54136 *** Cisco 9900 Series Phone Arbitrary File Download Vulnerability *** --------------------------------------------- A vulnerability in the Serviceability servlet of fourth-generation Cisco IP phones could allow an unauthenticated, remote attacker to download arbitrary files from the phones file system. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=30110

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily July 2013