=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 02-07-2013 18:00 − Mittwoch 03-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Cybercriminals experiment with Tor-based C&C, ring-3-rootkit empowered, SPDY form grabbing malware bot ***
---------------------------------------------
By Dancho Danchev Keeping in pace with the latest and most widely integrated technologies, with the idea to abuse them in a fraudulent/malicious way, is an everyday reality in today’s cybercrime ecosystem that continues to be over-supplied with modified and commoditized malicious software. This is achieved primarily through either leaked source code or a slightly different set of 'common'...
---------------------------------------------
blog.webroot.com/2013/07/02/cybercriminals-experiment-with-tor-based-cc-rin…
*** DSA-2718 wordpress ***
---------------------------------------------
Several vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches.
This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade.
---------------------------------------------
http://www.debian.org/security/2013/dsa-2718
*** Apple Mac OS X Multiple Vulnerabilities ***
---------------------------------------------
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
The vulnerabilities are caused due to a bundled version of QuickTime.
---------------------------------------------
https://secunia.com/advisories/54049
*** Vulnerabilities in multiple WordPress Plugins ***
---------------------------------------------
https://secunia.com/advisories/52958https://secunia.com/advisories/54018https://secunia.com/advisories/54035https://secunia.com/advisories/54048
*** Vuln: Multiple Vendors Multiple EAS Devices Private SSH Key Information Disclosure Vulnerability ***
---------------------------------------------
Multiple Vendors Multiple EAS Devices are prone to an information-disclosure vulnerability.
Remote attackers can exploit this issue to gain access to the root SSH private key.
---------------------------------------------
http://www.securityfocus.com/bid/60810
*** Vuln: ansible paramiko_ssh.py Security Bypass Vulnerability ***
---------------------------------------------
ansible is prone to a security-bypass vulnerability.
An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions.
---------------------------------------------
http://www.securityfocus.com/bid/60869
*** Rampant Apache website attack hits visitors with highly malicious software ***
---------------------------------------------
Darkleech is back. Or maybe it never left. Either way, its a growing problem.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/e7uQIRcAY78/
*** Bugtraq: Multiple Vulnerabilities in OpenX ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting (XSS) attacks and compromise vulnerable system.
---------------------------------------------
http://www.securityfocus.com/archive/1/527051
*** Sony Multiple Network Cameras Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
A vulnerability has been reported in multiple Sony Network Cameras, which can be exploited by malicious people to conduct cross-site forgery attacks.
The device allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. create a user with administrative privileges when a logged-in administrative user visits a specially crafted web page.
---------------------------------------------
https://secunia.com/advisories/53758
*** MachForm Form Maker 2 view.php file upload ***
---------------------------------------------
MachForm Form Maker2 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the view.php script. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85386
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 01-07-2013 18:00 − Dienstag 02-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Bugtraq: [SECURITY] CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure ***
---------------------------------------------
A misconfigured RMI classloader in Apache Geronimo 3.0 may enable an attacker to send a serialized object via JMX that could compromise the system.
---------------------------------------------
http://www.securityfocus.com/archive/1/527022
*** Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities ***
---------------------------------------------
Topic: Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities Risk: Low Text:Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities Vendor: Barracuda Networks, Inc. Product web ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070014
*** Hackers Aggressively Scanning ICS, SCADA Default Credentials, Vulnerabilities ***
---------------------------------------------
Attacks against industrial control systems and SCADA equipment are progressing beyond automated scans for vulnerabilities or default credentials hitting honeypots, and are leading to service disruptions.
---------------------------------------------
http://threatpost.com/hackers-aggressively-scanning-ics-scada-default-crede…
*** Bugtraq: Linksys EA - 2700, 3500, 4200, 4500 w/ Lighttpd 1.4.28 Unauthenticated Remote Administration Access ***
---------------------------------------------
- Unauthenticated remote access to all pages of the router
administration GUI, bypassing any credential prompts under certain
common configurations (see below)
- Direct access to several other critical files, unauthenticated as well
---------------------------------------------
http://www.securityfocus.com/archive/1/527027
*** Symantec Security Information Manager Console Multiple Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities have been reported in Symantec Security Information Manager, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose sensitive information and conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/53990
*** IBM Rational Automation Framework Java JSSE Denial of Service Vulnerability ***
---------------------------------------------
IBM has acknowledged a vulnerability in IBM Rational Automation Framework, which can be exploited by malicious people to cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/54034
*** IBM Sterling B2B Integrator / IBM Sterling File Gateway Multiple Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities have been reported in IBM Sterling B2B Integrator and IBM Sterling File, where one has an unknown impact and others can be exploited by malicious users to conduct SQL injection attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/53850
*** HPSBHF02888 rev.1 - HP ProCurve, H3C, 3COM Routers and Switches, Remote Information Disclosure and Code Execution ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code.
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Cisco TC Software SIP Implementation Error May Affect Communications Integrity ***
---------------------------------------------
A vulnerability in the Session Initiation Protocol (SIP) implementation used in TC Software could allow an unauthenticated, remoteattacker to cause an endpoint to process unintended SIP NOTIFY messages.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
*** TRENDnet Multiple Products Security Bypass Security Issue ***
---------------------------------------------
A security issue has been reported in multiple TRENDnet products, which can be exploited by malicious users to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/53926
*** HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft ***
---------------------------------------------
Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds.
---------------------------------------------
http://www.darkreading.com/vulnerability/https-side-channel-attack-a-tool-f…
*** IBM Storwize V7000 Unified Multiple Vulnerabilities ***
---------------------------------------------
IBM has acknowledged multiple vulnerabilities in IBM Storwize V7000 Unified, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/54036
*** HP-UX update for Java ***
---------------------------------------------
HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/53999https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_…
*** Fortinet FortiOS (FortiGate) Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Fortinet FortiOS (FortiGate), which can be exploited by malicious people to conduct cross-site request forgery attacks.
---------------------------------------------
https://secunia.com/advisories/53996
*** Hacker Holes in Server Management System Allows ‘Almost-Physical’ Access ***
---------------------------------------------
Major vulnerabilities in a protocol for remotely monitoring and managing servers would allow attackers to hijack the computers to gain control of them, access or erase data, or lock others out. The vulnerabilities exist in more than 100,000 servers connected ...
---------------------------------------------
http://www.wired.com/threatlevel/2013/07/ipmi/
*** HP-UX update for Apache with Tomcat Servlet Engine ***
---------------------------------------------
HP has issued an update for Apache with Tomcat Servlet Engine. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/53989
*** Alcatel-Lucent OmniTouch Multiple Products Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability has been reported in multiple Alcatel-Lucent OmniTouch products, which can be exploited by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/54000
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 28-06-2013 18:00 − Montag 01-07-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** How cybercriminals create and operate Android-based botnets ***
---------------------------------------------
By Dancho Danchev On their way to acquire the latest and coolest Android game or application, end users with outdated situational awareness on the latest threats facing them often not only undermine the confidentiality and integrity of their devices, but also, can unknowingly expose critical business data to the cybercriminals who managed to infect their...
---------------------------------------------
http://blog.webroot.com/2013/06/28/how-cybercriminals-create-and-operate-an…
*** Fortigate Firewall Cross Site Request Forgery ***
---------------------------------------------
Topic: Fortigate Firewall Cross Site Request Forgery Risk: Low Text:Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF (Cross-Site Request Forgery) Product: All Fortigate Firewalls Vendo...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060241
*** Several Flaws Discovered in ZRTPCPP Library Used in Secure Phone Apps ***
---------------------------------------------
A security researcher has uncovered a number of serious vulnerabilities in one of the core security components of several secure telephony applications, including the Silent Circle system developed by PGP creator Phil Zimmermann.
---------------------------------------------
http://threatpost.com/several-flaws-discovered-in-zrtpcpp-library-used-in-s…
*** NIST Cybersecurity Framework, (Sun, Jun 30th) ***
---------------------------------------------
The NIST has published a voluntary framework to reduce cyber risk to critical infrastructure as a result of a directive inside the Presidents execute order for improving critical infrastructure cybersecurity. The core of this framework is composed of a function matrix and a framework implementation level matrix. The function matrix contains the five top-level cybersecurity functions, which are: Know: Gaining the institutional understanding to identify what systems need to be protected,...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16093
*** Backdoor Discovered In Atlassian Crowd ***
---------------------------------------------
An anonymous reader writes "Recently published on the Command Five website is a technically detailed threat advisory (PDF) in relation to a recurring vulnerability in Atlassian Crowd. Tucked away inconspicuously at the end of this document in a section entitled Unpatched Vulnerabilities is the real security bombshell: Atlassians turnkey solution for enterprise single sign-on and secure user authentication contains an unpatched backdoor. The backdoor allows anyone to remotely take full...
---------------------------------------------
http://it.slashdot.org/story/13/07/01/0011217/backdoor-discovered-in-atlass…
*** Xorbin Multiple Products "widgetUrl" Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability has been discovered in multiple Xorbin products, which can be exploited by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/53979
*** IBM Tivoli Composite Application Manager for Transactions OpenSSL Multiple Vulnerabilities ***
---------------------------------------------
IBM has acknowledged multiple vulnerabilities in IBM Tivoli Composite Application Manager for Transactions, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/54029