Daily July 2013

daily@lists.cert.at

1 participants
23 discussions

Tageszusammenfassung - Mittwoch 17-07-2013
by Daily end-of-shift report 17 Jul '13

17 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 16-07-2013 18:00 − Mittwoch 17-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Critical Patch Update - July 2013 *** --------------------------------------------- This Critical Patch Update contains 89 new security fixes across the product families listed below. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html *** Vulnerabilities in Drupal Modules/Themes *** --------------------------------------------- Drupal TinyBox Module Cross Site Scripting Vulnerability Drupal Hatch Theme Cross Site Scripting Vulnerability Drupal Stage File Proxy Module Denial Of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/61078 http://www.securityfocus.com/bid/61079 http://www.securityfocus.com/bid/61080 *** Android-Trojaner zum Selberbauen *** --------------------------------------------- Der Open-Source-Trojaner AndroRAT späht SMS-Nachrichten aus, kann Fotos mit der Smartphone-Kamera aufnehmen und das Handy sogar in eine Wanze verwandeln. Mit Hilfe eines zusätzlichen Tools können Cyber-Ganoven damit beliebige Apps trojanisieren. --------------------------------------------- http://www.heise.de/security/meldung/Android-Trojaner-zum-Selberbauen-19192… *** Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability has been reported in Cisco Identity Services Engine, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/54182 *** IBM Java Multiple Vulnerabilities *** --------------------------------------------- IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious, local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54154 *** Vuln: Linux Kernel CVE-2013-4125 Remote Denial of Service Vulnerability *** --------------------------------------------- The Linux kernel is prone to a remote denial-of-service vulnerability. --------------------------------------------- http://www.securityfocus.com/bid/61166 *** Atlassian Bamboo Web Interface OGNL Code Injection Vulnerabilities *** --------------------------------------------- Atlassian has acknowledged a vulnerability in Atlassian Bamboo, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54189 *** Oracle Solaris Two Vulnerabilities *** --------------------------------------------- Oracle has acknowledged two vulnerabilities in multiple packages included in Oracle Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise an application using the library. --------------------------------------------- https://secunia.com/advisories/54202 *** Bugtraq: ESA-2013-055: EMC Avamar Multiple Vulnerabilities *** --------------------------------------------- EMC Avamar Server 7.0 contains fixes for multiple security vulnerabilities that could be exploited by malicious users. --------------------------------------------- http://www.securityfocus.com/archive/1/527322 *** A look at Point of Sale RAM scraper malware and how it works *** --------------------------------------------- A special kind of malware has been hitting the headlines recently - that which attacks the RAM of Point of Sale (PoS) systems. --------------------------------------------- http://nakedsecurity.sophos.com/2013/07/16/a-look-at-point-of-sale-ram-scra… *** Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities *** --------------------------------------------- Two weaknesses and multiple vulnerabilities have been reported in Apache Struts, which can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54118

1 0

Tageszusammenfassung - Dienstag 16-07-2013
by Daily end-of-shift report 16 Jul '13

16 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 15-07-2013 18:00 − Dienstag 16-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Bugtraq: Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities *** --------------------------------------------- Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/527304 *** Bugtraq: Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities *** --------------------------------------------- Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/527305 *** Bugtraq: FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability *** --------------------------------------------- FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/527302 *** Cisco Secure Access Control System Multiple Vulnerabilities *** --------------------------------------------- Cisco Secure Access Control System Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54200 *** Schutz vor Ausnutzung der MasterKey-Lücke in Android *** --------------------------------------------- Zwei weitere Tools sollen Android-Nutzer vor Apps schützen, welche die kürzlich bekannt gewordenen Schwachstellen in der Signaturprüfung ausnutzen. Eines der beiden rüstet den Google-Patch nach, auf den man sonst lange warten muss. --------------------------------------------- http://www.heise.de/security/meldung/Schutz-vor-Ausnutzung-der-MasterKey-Lu… *** Open-source tool to ease security researchers quest for secrecy *** --------------------------------------------- To be presented and released at Black Hat, CrowdStrikes Tortilla delivers to researchers much-needed anonymity on Windows machines... --------------------------------------------- http://www.csoonline.com/article/736428/open-source-tool-to-ease-security-r… *** HPSBPV02891 rev.1 - HP ProCurve Switches, Remote Unauthorized Information Disclosure *** --------------------------------------------- A potential security vulnerability has been identified with HP ProCurve Switches. The vulnerability could be remotely exploited resulting in unauthorized information disclosure. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** sol14468: Client-side component flaw - CVE-2013-0150 *** --------------------------------------------- A flaw in a BIG-IP APM or FirePass client-side F5-signed component may allow a third party to install files on the client machine. --------------------------------------------- http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html *** Cisco Identity Services Engine Search Form Cross-Site Scripting Vulnerability *** --------------------------------------------- Cisco Identity Services Engine Search Form Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/53965 *** Multiple Vulnerabilities in ePO 4.6.6 and earlier *** --------------------------------------------- The NATO Information Assurance Technical Centre conducted a series of penetration tests on ePolicy Orchestrator (ePO) 4.6.6 and reported several vulnerabilities to McAfee... --------------------------------------------- https://kc.mcafee.com/corporate/index?page=content&id=KB78824 *** Datenleck im Browser-Plug-in des Windows Media Player *** --------------------------------------------- Datenschnüffler können das Plug-in nutzen, um im Namens des Opfers auf beliebige Webseiten zuzugreifen. Ein Angreifer könnte über eine speziell präparierte Webseite etwa fremde Mail-Accounts durchstöbern und sogar in das lokale Netz des Opfers vordringen. --------------------------------------------- http://www.heise.de/security/meldung/Datenleck-im-Browser-Plug-in-des-Windo… *** Moodle Multiple Vulnerabilities *** --------------------------------------------- Moodle Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54130 *** Signed Mac Malware Using Right-to-Left Override Trick *** --------------------------------------------- Right-to-left override (RLO) is a special character used in bi-directional text encoding system to mark the start of text that are to be displayed from right to left. It is commonly used by Windows malware such as Bredolab and the high-profile Mahdi trojan from last year to hide the real extension of executable files. Check out this Krebs on Security post for more details on the trick. --------------------------------------------- http://www.f-secure.com/weblog/archives/00002576.html

1 0

Tageszusammenfassung - Montag 15-07-2013
by Daily end-of-shift report 15 Jul '13

15 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 12-07-2013 18:00 − Montag 15-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Atlassian Confluence 4.3.5 XSS / Clickjacking *** --------------------------------------------- Topic: Atlassian Confluence 4.3.5 XSS / Clickjacking Risk: Low Text: == BAE Systems Detica Security Advisory: DS-2013-005 == Title: Atlassian Confluence Mu... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070102 *** Juniper JUNOS Bugs Let Remote Users Deny Service, Obtain Information, and Execute Arbitrary Code *** --------------------------------------------- Juniper JUNOS Bugs Let Remote Users Deny Service, Obtain Information, and Execute Arbitrary Code --------------------------------------------- http://www.securitytracker.com/id/1028775 *** OSZE-Studie warnt vor Cyberangriffen auf die Energieversorgung *** --------------------------------------------- Die Staatengemeinschaft hat Empfehlungen zum Schutz der Energieversorgung vor Schadsoftware veröffentlicht. --------------------------------------------- http://www.heise.de/security/meldung/OSZE-Studie-warnt-vor-Cyberangriffen-a… *** Pflege von Webserver Apache 2.0 eingestellt *** --------------------------------------------- Version 2.0.65 ist die letzte Aktulaisierung des Apache HTTP Server 2.0. Wer ihn noch einsetzt, muss reagieren: Ein Sicherheitsproblem bleibt ungelöst. --------------------------------------------- http://www.heise.de/newsticker/meldung/Pflege-von-Webserver-Apache-2-0-eing… *** Bugtraq: Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units *** --------------------------------------------- Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units --------------------------------------------- http://www.securityfocus.com/archive/1/527275 *** Google study finds users ignore Chrome security warnings *** --------------------------------------------- Research tracks 25m browser warning messages, says Chrome users reckless or clueless Youre surfing the net when Chrome decides not to bring you the web site of your choice, but instead a page warning that the site youd hoped to visit might be bogus or contain malware.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/07/15/google_stud… *** Squid HTTP Header Port Number Handling Denial of Service Vulnerability *** --------------------------------------------- Squid HTTP Header Port Number Handling Denial of Service Vulnerability --------------------------------------------- https://secunia.com/advisories/54142 *** Vuln: PHP CVE-2013-4113 Heap Memory Corruption Vulnerability *** --------------------------------------------- PHP CVE-2013-4113 Heap Memory Corruption Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/61128 *** Cyrus SASL Library "crypt()" NULL Pointer Dereference Vulnerability *** --------------------------------------------- Cyrus SASL Library "crypt()" NULL Pointer Dereference Vulnerability --------------------------------------------- https://secunia.com/advisories/54098 *** HPSBST02890 rev.3 - HP StoreOnce D2D Backup System, Remote Unauthorized Access, Modification, and Escalation of Privilege *** --------------------------------------------- A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access, modification, and escalation of privilege. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Cisco Unified MeetingPlace Web Conferencing XSS Vulnerability *** --------------------------------------------- A vulnerability in the web framework of Cisco Unified MeetingPlace could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against users of the web interface on the affected system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013… *** Weiterer Fehler in Androids Signaturprüfung *** --------------------------------------------- Chinesische Blogger wollen eine weitere Schwachstelle gefunden haben, mit der Androids Signaturüberprüfung ausgetrickst werden kann. Zumindest CyanogenMod-Nutzer können schon patchen. --------------------------------------------- http://www.heise.de/security/meldung/Weiterer-Fehler-in-Androids-Signaturpr… *** After PRISM, Europe has to move to its own clouds, says Estonias president *** --------------------------------------------- Summary: The EU needs to be more self-reliant after the recent revelations about the NSA, according to Toomas Hendrik Ilves - but that shouldnt mean European countries cutting themselves off. --------------------------------------------- http://www.zdnet.com/after-prism-europe-has-to-move-to-its-own-clouds-says-… *** F5 BIG-IP APM / FirePass Client Java Applet "filename" Directory Traversal Vulnerability *** --------------------------------------------- F5 BIG-IP APM / FirePass Client Java Applet "filename" Directory Traversal Vulnerability --------------------------------------------- https://secunia.com/advisories/53477 *** Targeted Attacks Hit Asian, European Government Agencies *** --------------------------------------------- Trend Micro researchers have uncovered a targeted attack launched against government agencies in various countries. The email claimed to be from the Chinese Ministry of National Defense, although it appears to have been sent from a Gmail account and did not use a Chinese name. Figure 1. Phishing message The document contains a malicious attachment, [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroTargeted Attacks Hit Asian, European Government Agencies --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/u3ICCpFkqt0/

1 0

Tageszusammenfassung - Freitag 12-07-2013
by Daily end-of-shift report 12 Jul '13

12 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 11-07-2013 18:00 − Freitag 12-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** SQUID 3.3.6 buffer overflow in HTTP request handling *** --------------------------------------------- This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid service. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070089 *** php 5.3.26 heap corruption in the XML parser *** --------------------------------------------- Badly formed XML might corrupt the heap. Warning: xml_parse_into_struct(): Maximum depth exceeded - Results truncated --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070090 *** Of TrueType Font Vulnerabilities and the Windows Kernel *** --------------------------------------------- This months Patch Tuesday security bulletins called attention to vulnerabilities in the Windows kernels font-processing engine, which had been exploited previously in Duqu and other targeted attacks. --------------------------------------------- http://threatpost.com/of-truetype-font-vulnerabilities-and-the-windows-kern… *** Critical Patch Update - July 2013 - Pre-Release Announcement *** --------------------------------------------- This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for July 2013, which will be released on Tuesday, July 16, 2013. --------------------------------------------- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html *** OpenSSH User Enumeration Time-Based Attack *** --------------------------------------------- Topic: OpenSSH User Enumeration Time-Based Attack Risk: Low Text:Hi List, today, we will show a bug concerning OpenSSH. OpenSSH is the most used remote control software nowadays on *nix li... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070092 *** HP: Neue Hintertüren in Server-Produkten *** --------------------------------------------- HP hat zugegeben, dass auch die StoreVirtual-Server des Herstellers undokumentierte Hintertüren besitzen. Ein in Kürze erscheinender Patch soll Abhilfe schaffen. --------------------------------------------- http://www.heise.de/security/meldung/HP-Neue-Hintertueren-in-Server-Produkt… *** Juniper Junos PIM Packet Handling Denial of Service Vulnerability *** --------------------------------------------- A vulnerability has been reported in Juniper Junos, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling Protocol-Independent Multicast (PIM) packets and can be exploited to crash the Flow Daemon (flowd) via specially crafted PIM packets that transit the device. --------------------------------------------- https://secunia.com/advisories/54157 *** How Microsoft handed the NSA access to encrypted messages *** --------------------------------------------- Secret files show scale of Silicon Valley co-operation on Prism Outlook.com encryption unlocked even before official launch Skype worked to enable Prism collection of video calls Company says it is legally compelled to comply --------------------------------------------- http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-use… *** Bugtraq: CVE-2013-3568 - Linksys CSRF + Root Command Injection *** --------------------------------------------- Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. --------------------------------------------- http://www.securityfocus.com/archive/1/527226 *** Amazons Einkaufshilfe spioniert Nutzer aus *** --------------------------------------------- Eine von Amazon angebotene Browser-Erweiterung meldet dem Elektronikhändler alle Webseiten, die man ansurft. Die Daten werden zudem an einen Statistikdienst geschickt, der sich besonders für die Google-Nutzung interessiert. --------------------------------------------- http://www.heise.de/security/meldung/Amazons-Einkaufshilfe-spioniert-Nutzer…

1 0

Tageszusammenfassung - Donnerstag 11-07-2013
by Daily end-of-shift report 11 Jul '13

11 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 10-07-2013 18:00 − Donnerstag 11-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Strange ransomware title pushes surveys, knows Close Encounters tune *** --------------------------------------------- If your PC's CD tray opens and you hear the iconic, five-note tune from the movie Close Encounters of the Third Kind, it's probably not a visit from aliens. Chances are it's a newly discovered piece of malware with some highly unusual characteristics. --------------------------------------------- http://arstechnica.com/security/2013/07/strange-ransomware-title-pushes-sur… *** Google Fixes 17 Flaws in Chrome 28 *** --------------------------------------------- Google has fixed more than 15 vulnerabilities in Chrome and paid out nearly $35,000 in rewards to security researchers for reporting the bugs. One researcher earned an unusually large reward of $21,500 for a series of vulnerabilities he reported in Chrome. --------------------------------------------- http://threatpost.com/google-fixes-17-flaws-in-chrome-28/101240 *** How elite security ninjas choose and safeguard their passwords *** --------------------------------------------- If you felt a twinge of angst after reading Ars' May feature that showed how password crackers ransack even long passwords such as "qeadzcwrsfxv1331", you weren't alone. The upshot was clear: If long passwords containing numbers, symbols, and upper- and lower-case letters are this easy to break, what are users to do? --------------------------------------------- http://arstechnica.com/security/2013/07/how-elite-security-ninjas-choose-an… *** Is it Time to Add Vulnerability Wednesday? *** --------------------------------------------- By now, you've likely seen Google's announcement that they now support a seven-day timeline for disclosure of critical vulnerabilities. Our CTO Raimund Genes believes that seven days is pretty aggressive and that rushing patches often leads to painful collateral damage. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Kakh3BWekwY/ *** Drupal TinyBox 7.x Cross Site Scripting *** --------------------------------------------- Topic: Drupal TinyBox 7.x Cross Site Scripting Risk: Low Text: View online: https://drupal.org/node/2038807 --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070081 *** nginx 1.3.9 / 1.4.0 x86 Brute Force Proof Of Concept *** --------------------------------------------- Topic: nginx 1.3.9 / 1.4.0 x86 Brute Force Proof Of Concept Risk: Medium Text: nginx 1.3.9/1.4.0 x86 brute force remote exploit --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070087 *** Adobe Reader 11.0.03 Insecure Third Party Components *** --------------------------------------------- Topic: Adobe Reader 11.0.03 Insecure Third Party Components Risk: High Text: Hi @ll, the current Adobe Reader 11.0.03 installs the following VULNERABLE (3rd party) --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070086 *** Avira-Update blockiert Browser und E-Mail-Clients *** --------------------------------------------- Ein Avira-Update der Avira Internet Security verursacht Probleme. Der Internet-Zugang wird blockiert; das Versions-Upgrade scheint mit den Problemen aber nichts zu tun zu haben. --------------------------------------------- http://www.heise.de/security/meldung/Avira-Update-blockiert-Browser-und-E-M… *** Debian Security Advisory DSA-2719 poppler *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2719 *** D-Link muss auch Netzwerkkameras absichern *** --------------------------------------------- Auch D-Links IP-Cams sind über UPnP angreifbar. Ein ganzer Schwung Firmware-Updates soll nun dafür sorgen, dass sich das ändert. --------------------------------------------- http://www.heise.de/security/meldung/D-Link-muss-auch-Netzwerkkameras-absic… *** Attackers Targeting MS13-055 IE Vulnerability *** --------------------------------------------- Attackers are using an Internet Explorer vulnerability, which Microsoft patched yesterday, in targeted attacks that also employ a malicious Flash file installed through a drive-by download launched by compromised Web pages. The exploit that's being used is capable of bypassing both ASLR and DEP. --------------------------------------------- http://threatpost.com/attackers-targeting-ms13-055-ie-vulnerability/101253 *** New commercially available mass FTP-based proxy-supporting doorway/malicious script uploading application spotted in the wild *** --------------------------------------------- For many years now, cybercriminals have been efficiency abusing both legitimate compromised and automatically registered FTP accounts (using CAPTCHA outsourcing) in an attempt to monetize the process by uploading cybercrime-friendly 'doorways' or plain simple malicious scripts to be used later on in their campaigns. --------------------------------------------- http://blog.webroot.com/2013/07/11/new-commercially-available-mass-ftp-base… *** Bugtraq: Facebook Url Redirection Vuln. *** --------------------------------------------- By obtaining user-specific hash value, an attacker redirect the user to a malicious website without asking for verification. The hash value can be found from the link that the user send to his/her wall. After clicking on user's link, by setting BurpSuite Proxy, the attacker intercept the parameters in the methods. --------------------------------------------- http://www.securityfocus.com/archive/1/527194

1 0

Tageszusammenfassung - Mittwoch 10-07-2013
by Daily end-of-shift report 10 Jul '13

10 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 09-07-2013 18:00 − Mittwoch 10-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Google patches critical Android threat as working exploit is unleashed *** --------------------------------------------- Bug allows hackers to surreptitiously turn some legit apps into malicious ones. --------------------------------------------- http://arstechnica.com/security/2013/07/google-patches-critical-android-thr… *** Summary for July 2013 - Version: 1.1 *** --------------------------------------------- This bulletin summary lists security bulletins released for July 2013. With the release of the security bulletins for July 2013, this bulletin summary replaces the bulletin advance notification originally issued July 4, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms13-jul *** Adobe Security Bulletins Posted *** --------------------------------------------- APSB13-17 Security updates available for Adobe Flash Player APSB13-18 Security update available for Adobe Shockwave APSB13-19 Security update: Security Hotfixes available for ColdFusion --------------------------------------------- http://blogs.adobe.com/psirt/2013/07/adobe-security-bulletins-posted-8.html *** Who's Behind The Styx-Crypt Exploit Pack? *** --------------------------------------------- Earlier this week I wrote about the Styx Pack, an extremely sophisticated and increasingly popular crimeware kit that is being sold to help miscreants booby-trap compromised Web sites with malware. Today, Ill be following a trail of breadcrumbs that leads back to central Ukraine and to a trio of friends who appear to be responsible for marketing (if not also making) this crimeware-as-a-service. --------------------------------------------- https://krebsonsecurity.com/2013/07/whos-behind-the-styx-crypt-exploit-pack *** Joomla Attachments Shell Upload *** --------------------------------------------- Topic: Joomla Attachments Shell Upload Risk: High Text: # Exploit Title: Joomla Com_Attachments Component Arbitrary File Upload Vulnerability # Google Dork: inurl:... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070068 *** Cybercriminals spamvertise tens of thousands of fake 'Your Booking Reservation at Westminster Hotel' themed emails, serve malware *** --------------------------------------------- By Dancho Danchev Cybercriminals are currently mass mailing tens of thousands of fake emails impersonating the Westminster Hotel, in an attempt to trick users into thinking that they've received a legitimate booking confirmation. In reality through, once the socially engineered users execute the malicious attachments, their PCs automatically join the botnet operated by the cybercriminals behind the .. --------------------------------------------- http://blog.webroot.com/2013/07/10/cybercriminals-spamvertise-tens-of-thous… *** Priyanka yanks your WhatsApp contact chain on Android mobes *** --------------------------------------------- If that really is your name, nobody wants to know you right now A worm spreading through the popular WhatsApp messenging platform across Android devices is likely to cause plenty of confusion, even though it doesnt cause much harm. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/07/10/priyanka_wh… *** Study: Bug bounty programs provide strong value for vendors *** --------------------------------------------- A study of Googles and Mozillas browser bug programs shows it is money well spent --------------------------------------------- http://www.csoonline.com/article/736127/study-bug-bounty-programs-provide-s… *** Datenklau am Automaten: Millionenschaden trotz Milliardeninvestition *** --------------------------------------------- Im Kampf gegen Datendiebe investieren Banken in bessere Technik. Ganz abhalten lassen sich Kriminelle dadurch nicht: Noch immer k�nnen sie in vielen Staaten mit Daten deutscher Bankkunden an Geld kommen. --------------------------------------------- http://www.heise.de/security/meldung/Datenklau-am-Automaten-Millionenschade… *** Scanner warnt vor Android-Lücke *** --------------------------------------------- Eine kostenlose App soll zeigen, ob ein Android-Gerät von der kürzlich entdeckten Lücke in der Code-Signierungstechnik des Betriebssystems betroffen ist. Die Software stammt von der Firma, die auch den Fehler entdeckt hat. --------------------------------------------- http://www.heise.de/security/meldung/Scanner-warnt-vor-Android-Luecke-19146… *** Blog: Security policies: misuse of resources *** --------------------------------------------- According to surveys conducted in Europe and the United States, company employees spend up to 30% of their working hours on private affairs. By multiplying the hours spent on non-business-related things by the average cost of the working hour, the analysts estimate the costs to companies amounting to millions of dollars a year. --------------------------------------------- http://www.securelist.com/en/blog/8109/Security_policies_misuse_of_resources *** Vuln: VLC Media Player CVE-2013-3245 Remote Integer Overflow Vulnerability *** --------------------------------------------- VLC Media Player CVE-2013-3245 Remote Integer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/61032 *** Advanced User Tagging vBulletin Stored XSS Vulnerability *** --------------------------------------------- Topic: Advanced User Tagging vBulletin Stored XSS Vulnerability Risk: Low Text: # # Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability # Google Dork: ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070077 *** Preparing For Possible Future Crypto Attacks *** --------------------------------------------- Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure Security researchers and hackers have always been good at borrowing ideas, refining them, and applying them to create practical attacks out of theoretical results. --------------------------------------------- http://www.darkreading.com/vulnerability/preparing-for-possible-crypto-atta…

1 0

Tageszusammenfassung - Dienstag 9-07-2013
by Daily end-of-shift report 09 Jul '13

09 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 08-07-2013 18:00 − Dienstag 09-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Root SSH Key Shipping with Emergency Alert System Devices Exposed *** --------------------------------------------- Firmware images for devices at the core of the Emergency Alert System are shipping with a compromised root SSH key, researchers at IOActive said. --------------------------------------------- http://threatpost.com/root-ssh-key-shipping-with-emergency-alert-system-dev… *** Novel ransomware tactic locks users PCs, demands that they participate in a survey to get the unlock code *** --------------------------------------------- >From managed ransomware as a service 'solutions' to DIY ransomware generating tools, this malicious market segment is as hot as ever with cybercriminals continuing to push new variants, and sometimes, literally introducing novel approaches to monetize locked PCs. ------------------- http://blog.webroot.com/2013/07/08/novel-ransomware-tactic-locks-users-pcs-… *** RSA Authentication Manager Lets Local Users View the Administrative Account Password *** --------------------------------------------- When the RSA Authentication Manager Software Development Kit (SDK) is used to develop a custom application that connects with RSA Authentication Manager and the trace logging is set to verbose, the administrative account password used by the custom application is written in clear text to trace log file. --------------------------------------------- http://www.securitytracker.com/id/1028742 *** WordPress Search N Save XSS & Path Disclosure *** --------------------------------------------- These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070060 *** Oracle Java Applet Preloader Click-2-Play Warning Bypass *** --------------------------------------------- The vulnerability is caused by a design error in the Java click-2-play security warning when the preloader is used, which can be exploited by remote attackers to load a malicious applet (e.g. taking advantage of a Java memory corruption vulnerability) without any user interaction --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070067 *** Doctor Web: June virus activity review *** --------------------------------------------- Despite summer being a holiday season, threats to IT security persisted in June. At the very beginning of the month, Doctor Webs virus analysts discovered a new version of a dangerous Trojan targeting Linux servers, while in the middle of June, another wave of Trojan encoders swept across desktops. Also found was a host of new threats to mobile devices. --------------------------------------------- http://news.drweb.com/show/?i=3708&lng=en&c=9 *** Spamvertised 'Export License/Invoice Copy' themed emails lead to malware *** --------------------------------------------- We've just intercepted a currently circulating malicious spam campaign consisting of tens of thousands of fake 'Export License/Invoice Copy' themed emails, enticing users into executing the malicious attachment. Once the socially engineered users do so, their PCs automatically become part of the botnet operated by the cybercriminals behind the campaign. --------------------------------------------- http://blog.webroot.com/2013/07/09/spamvertised-export-licenseinvoice-copy-… *** Exploit Code Released For Android Security Hole *** --------------------------------------------- Pau Oliva Fora, a security researcher for the firm Via Forensics, published a small, proof of concept module that exploits the flaw in the way Android verifies the authenticity of signed mobile applications. The flaw was first disclosed last week by Jeff Forristal, the Chief Technology Officer at Bluebox Security, ahead of a presentation at the Black Hat Briefings in August. --------------------------------------------- https://securityledger.com/2013/07/exploit-code-released-for-android-securi… *** [2013-07-09] Denial of service vulnerability in Apache CXF *** --------------------------------------------- It is possible to execute Denial of Service attacks on Apache CXF, exploiting the fact that the streaming XML parser does not put limits on things like the number of elements, number of attributes, the nested structure of the document received, etc. The effects of these attacks can vary from causing high CPU usage, to causing the JVM to run out of memory. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** HP storage: more possible backdoors *** --------------------------------------------- LeftHand, StoreVirtual remote reset suggests factory account Technion, the blogger who recently turned up an undocumented back door in HPs StoreOnce, has turned up similar issues in other HP products - publicised on support forums by the company, but unnoticed at the time. --------------------------------------------- http://www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/ *** Hard drive-wiping malware that hit South Korea tied to military espionage *** --------------------------------------------- The hackers responsible for a malware attack in March that simultaneously wiped data from tens of thousands of South Korean computers belong to the same espionage group that has targeted South Korean and US military secrets for four years, researchers said. --------------------------------------------- http://arstechnica.com/security/2013/07/hard-drive-wiping-malware-that-hit-… *** Vuln: MongoDB Remote Privilege Escalation Vulnerability *** --------------------------------------------- MongoDB is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the application and obtain unauthorized access to the sensitive information. MongoDB 2.4.0 through 2.4.4 and 2.5.0 are vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/61007 *** US-Behörde zerstört eigene Hardware aus Angst vor Viren *** --------------------------------------------- PCs, Bildschirme, Kameras, Mäuse und Tastaturen - eine US-Behörde wollte ihre gesamte IT-Ausstattung verschrotten, weil sie einen massiven Virenbefall befürchtete. Dabei waren wohl nur sechs Rechner betroffen. --------------------------------------------- http://www.heise.de/security/meldung/US-Behoerde-zerstoert-eigene-Hardware-… *** Mail-Adressen bei T-Online lassen sich kapern *** --------------------------------------------- Gelingt es einem Angreifer, sein Opfer in spe auf eine speziell präparierte Internetseite zu locken, kann er dessen Mailadresse bei T-Online dauerhaft übernehmen. --------------------------------------------- http://www.heise.de/security/meldung/Mail-Adressen-bei-T-Online-lassen-sich… *** OTRS / OTRS ITSM Unspecified Script Insertion and SQL Injection Vulnerabilities *** --------------------------------------------- Some vulnerabilities have been reported in OTRS and OTRS ITSM, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. --------------------------------------------- https://secunia.com/advisories/52623

1 0

Tageszusammenfassung - Montag 8-07-2013
by Daily end-of-shift report 08 Jul '13

08 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-07-2013 18:00 − Montag 08-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Citrix XenServer Memory Management Error Lets Local Administrative Users on the Guest Gain Access on the Host *** --------------------------------------------- A local administrative user on a PV guest can exploit a memory management page reference counting error to gain access on the target host server. Systems running only HVM guests are not affected. --------------------------------------------- http://www.securitytracker.com/id/1028740 *** WordPress post.php cross-site scripting *** --------------------------------------------- WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the post.php script. A remote attacker could exploit this vulnerability using the excerpt and content fields to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/85439 *** Debian Security Advisory DSA-2720 icedove *** --------------------------------------------- several vulnerabilities --------------------------------------------- http://www.debian.org/security/2013/dsa-2720 *** Multiple D-Link Devices - OS-Command Injection via UPnP Interface *** --------------------------------------------- The vulnerability is caused by missing input validation in different XML parameters. This vulnerability could be exploited to inject and execute arbitrary shell commands. WARNING: You do not need to be authenticated to the device to insert and execute malicious commands. --------------------------------------------- http://www.exploit-db.com/exploits/26664 *** OpenNetAdmin Remote Code Execution *** --------------------------------------------- This exploit works because adding modules can be done without any sort of authentication. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070055 *** Styx Exploit Pack: Domo Arigato, PC Roboto *** --------------------------------------------- Not long ago, miscreants who wanted to buy an exploit kit -- automated software that helps booby-trap hacked sites to deploy malicious code -- had to be fairly well-connected, or at least have access to semi-private underground forums. These days, some exploit kit makers are brazenly advertising and offering their services out in the open, marketing their wares as browser vulnerability "stress-test platforms." --------------------------------------------- https://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-robot… *** Debian Security Advisory DSA-2721 nginx *** --------------------------------------------- buffer overflow --------------------------------------------- http://www.debian.org/security/2013/dsa-2721 *** What Does Facebook Know About You - An Analysis *** --------------------------------------------- If you've read a news website, turned on the TV or not been under a rock over the past few weeks, then there is a good chance you've heard of a guy named Edward Snowden. He's the US analyst who is currently stuck in a Russian airport looking for asylum because he exposed that - surprise, surprise - the US government/NSA had been spying on pretty much everyone. --------------------------------------------- http://daylandoes.com/facebook-and-your-data/ *** 15 MILLION dodgy login attempts spaffed all over Nintendo loyalists *** --------------------------------------------- Thousands of players plundered for their hard-earned booty Hackers broke into 24,000 Club Nintendo accounts after pummelling the loyalty-reward website in a month-long assault. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/07/08/nintendo_br… *** Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability *** --------------------------------------------- Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/50218 *** DropBox account hacking bypassing two-factor authentication *** --------------------------------------------- Zouheir Abdallah revealed that a hacker already knows the victim's credentials for Dropbox account that has 2FA authentication enabled, is able to hack it. --------------------------------------------- http://securityaffairs.co/wordpress/15944/hacking/dropbox-account-hacking.h… *** Spam blizzards sometimes seed malware, AppRiver study warns *** --------------------------------------------- Digital desperadoes have begun hiding their larcenous activities behind blizzards of spam aimed at their victims inboxes, according to a report released last week by a cloud security provider. The technique, called Distributed Spam Distraction (DSD), began appearing early this year, AppRiver revealed in its Global Threat & Spamscape Report for the first half of 2013. --------------------------------------------- http://www.techhive.com/article/2043764/spam-blizzards-sometimes-seed-malwa… *** cPanel cpanellogd Two Privilege Escalation Vulnerabilities *** --------------------------------------------- cPanel cpanellogd Two Privilege Escalation Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53921 *** FFmpeg Multiple Vulnerabilities *** --------------------------------------------- FFmpeg Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54044 *** Several vulnerabilities in third party extensions *** --------------------------------------------- Several vulnerabilities have been found in the following third-party TYPO3 extensions: accessible_is_browse_results, maag_formcaptcha, meta_feedit, rzautocomplete, sb_folderdownload, sg_zfelib, sg_zlib, tq_seo --------------------------------------------- http://typo3.org/news/article/several-vulnerabilities-in-third-party-extens…

1 0

Tageszusammenfassung - Freitag 5-07-2013
by Daily end-of-shift report 05 Jul '13

05 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-07-2013 18:00 − Freitag 05-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Bugtraq: Paypal Bug Bounty #102 QR Dev Labs - Auth Bypass Vulnerability *** --------------------------------------------- An independent vulnerability laboratory researcher discovered an auth bypass web session vulnerability in the PayPal QR Labs Service Web Application. --------------------------------------------- http://www.securityfocus.com/archive/1/527069 *** phpMyAdmin 4.0.2 Cross Site Scripting *** --------------------------------------------- Topic: phpMyAdmin 4.0.2 Cross Site Scripting Risk: Low Text:PMASA-2013-6 Announcement-ID: PMASA-2013-6 Date: 2013-06-05 Summary XSS due to unescaped HTML output in Create View p... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070047 *** phpMyAdmin 4.0.4 change the configuration vulnerability *** --------------------------------------------- Topic: phpMyAdmin 4.0.4 change the configuration vulnerability Risk: Medium Text:PMASA-2013-7 Announcement-ID: PMASA-2013-7 Date: 2013-06-30 Updated: 2013-07-01 Summary Global variable scope inje... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013070048 *** EU-Parlament beschließt härtere Strafen für Cyber-Angriffe *** --------------------------------------------- Mit großer Mehrheit hat das Parlament den Richtlinienentwurf der EU-Kommission über Angriffe auf Informationssysteme verabschiedet. --------------------------------------------- http://www.heise.de/security/meldung/EU-Parlament-beschliesst-haertere-Stra… *** Advance Notification Service for July 2013 Security Bulletin Release *** --------------------------------------------- Today we're providing advance notification for the release of seven bulletins, six Critical and one Important, for July 2013. The Critical bulletins address vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer and GDI+. Also scheduled for inclusion among these Critical bulletins is an update to address CVE-2013-3660, which is a publicly known issue in the Kernel-Mode Drivers component of Windows. The Important-rated bulletin will address an issue in... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/07/04/advance-notification-ser…

1 0

Tageszusammenfassung - Donnerstag 4-07-2013
by Daily end-of-shift report 04 Jul '13

04 Jul '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-07-2013 18:00 − Donnerstag 04-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Alstom Grid S1 Agile Improper Authorization *** --------------------------------------------- This advisory provides mitigation details for a vulnerability affecting the Alstom Grid MiCOM S1 Agile and S1 Studio Software.Note: Alstom Grid MiCOM S1 Studio Software is its own software suite. A user could have MiCOM S1 Studio Software from a different vendor. This advisory only addresses the Alstom software product. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-184-01 *** Security Bulletin: IBM Business Process Manager (BPM) Vulnerable URLs (CVE-2013-0581) *** --------------------------------------------- When a dashboard is opened or a service is executed, a malicious attacker can intercept network requests from the client. Then, the attacker can modify the URL parameters of the request so that malicious code can be executed within the client browser. CVE(s): CVE-2013-0581 Affected product(s) and affected version(s): IBM Business Process Manager Standard Versions 7.5.1.x, 8.0.0.x, 8.0.1.x IBM Business Process Manager Express Versions 7.5.1.x,8.0.0.x, 8.0.1.x IBM Business Process Manager --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Deceptive ads targeting German users lead to the W32/SomotoBetterInstaller Potentially Unwanted Application (PUA) *** --------------------------------------------- By Dancho Danchev We've just intercepted yet another campaign serving deceptive ads, this time targeting German-speaking users into downloading and installing the privacy-invading "FLV Player" Potentially Unwanted Application (PUA), part of Somoto's pay-per-install network. More details: ... --------------------------------------------- http://blog.webroot.com/2013/07/03/deceptive-ads-targeting-german-users-lea… *** IBM AIX TFTP RBAC Bug Lets Remote Authenticated Users Read and Overwrite Root-Owned Files *** --------------------------------------------- A vulnerability was reported in IBM AIX. A remote authenticated user can read and overwrite files on the target system with root privileges. --------------------------------------------- http://www.securitytracker.com/id/1028728 *** Androids Code-Signatur lässt sich umgehen *** --------------------------------------------- Ein junges US-Sicherheitsunternehmen will einen Android-Fehler entdeckt haben, der das Einschleusen beliebigen Codes in signierte App-Pakete erlaubt, ohne die Signatur zu brechen. --------------------------------------------- http://www.heise.de/security/meldung/Androids-Code-Signatur-laesst-sich-umg…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily July 2013