August 2013 - Daily

Tageszusammenfassung - Freitag 30-08-2013
by Daily end-of-shift report 30 Aug '13

30 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 29-08-2013 18:00 − Freitag 30-08-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** CoreText Font Rendering Bug Leads To iOS, OS X Exploit *** --------------------------------------------- redkemper writes with this news from BGR.com (based on a report at Hacker News), excerpting: "Android might be targeted by hackers and malware far more often than Apples iOS platform, but that doesnt mean devices like the iPhone and iPad are immune to threats. A post on a Russian website draws attention to a fairly serious vulnerability that allows nefarious users to remotely crash apps on iOS 6, or even render them unusable. The vulnerability is seemingly due to a bug in Apples CoreText... --------------------------------------------- http://apple.slashdot.org/story/13/08/29/155221/coretext-font-rendering-bug… *** Cloud-Dienst als Malware-Einfallstor *** --------------------------------------------- IT-Sicherheitsforscher haben eine Methode gezeigt, mit der über Dropbox und Co. Sicherheitsmechanismen von Firmen überwunden werden können. --------------------------------------------- http://www.heise.de/newsticker/meldung/Cloud-Dienst-als-Malware-Einfallstor… *** Sicherheitsforscher knacken Dropbox *** --------------------------------------------- Client entschlüsselt - Zwei-Weg-Authentifizierung kann umlaufen werden --------------------------------------------- http://derstandard.at/1376535110812 *** TeleGeographys Interactive Submarine Cable Map *** --------------------------------------------- ....Ever want to know where all the submarine cables are that provide part of the physical infrastructure of the Internet? Or which cities in the world have the most connectivity via submarine cables? (or which regions might be single points of failure?) In doing some research I stumbled across this excellent site from the folks at TeleGeography ... --------------------------------------------- http://www.submarinecablemap.com/ *** FinFisher range of attack tools *** --------------------------------------------- FinFisher is a range of attack tools developed and sold by a company called Gamma Group.Recently, some FinFisher sales brochures and presentations were leaked on the net. They contain many interesting details about these tools.In the background part of the FinFisher presentation, they go on to explain how Gamma hired the (at-the-time) main developer of Backtrack Linux to build attack tools for Gamma. This is a reference to Martin Johannes Münch. They also boast how their developers have... --------------------------------------------- http://www.f-secure.com/weblog/archives/00002601.html *** vBulletin users warned of potential exploit *** --------------------------------------------- The forum softwares developers advise users to delete the install folder --------------------------------------------- http://www.csoonline.com/article/738959/vbulletin-users-warned-of-potential… *** MatrikonOPC SCADA DNP3 Master Station Improper Input Validation *** --------------------------------------------- OVERVIEW: This updated advisory was originally posted to the US-CERT secure Portal library on August 02, 2013, and is now being released to the ICS-CERT Web page.Adam Crain of Automatak and independent researcher Chris Sistrunk have identified a buffer overflow vulnerability in MatrikonOPC’s SCADA DNP3 OPC Server application. MatrikonOPC has produced a patch that mitigates this vulnerability. The researchers tested the patch to validate that it resolves the vulnerability.This vulnerability... --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-213-04A *** Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users *** --------------------------------------------- http://www.securitytracker.com/id/1028965 *** IBM InfoSphere Information Server Web Console Cross-Site Scripting Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54698 *** Schneider Electric OFS XML External Entities Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54616 *** Cisco ASA Software TFTP Protocol Inspection Denial of Service Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54699 *** LibTIFF Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54628 *** VMSA-2013-0011 *** --------------------------------------------- VMware ESXi and ESX address an NFC Protocol Unhandled Exception --------------------------------------------- http://www.vmware.com/support/support-resources/advisories/VMSA-2013-0011.h…

1 0

Tageszusammenfassung - Donnerstag 29-08-2013
by Daily end-of-shift report 29 Aug '13

29 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 28-08-2013 18:00 − Donnerstag 29-08-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Bugtraq: Cisco Security Advisory: Cisco Secure Access Control Server Remote Command Execution Vulnerability *** --------------------------------------------- Cisco Security Advisory: Cisco Secure Access Control Server Remote Command Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/528295 *** Kelihos Relying on CBL Blacklists to Evaluate New Bots *** --------------------------------------------- The Kelihos botnet is leveraging legitimate security services such as composite blocking lists (CBLs) to test the reliability of victim IP addresses before using them to push spam and malware. --------------------------------------------- http://threatpost.com/kelihos-relying-on-cbl-blacklists-to-evalute-new-bots… *** Java Native Layer Exploits Going Up *** --------------------------------------------- Recently, security researchers disclosed two Java native layer exploits (CVE-2013-2465 and CVE-2013-2471). This caused us too look into native layer exploits more closely, as they have been becoming more common this year. At this year’s Pwn2Own competition at CanSecWest, Joshua Drake showed CVE-2013-1491, which was exploitable on Java 7 running on Windows 8. CVE-2013-1493 has […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroJava Native Layer Exploits Going Up --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/--YBZ1lrFxM/ *** Cisco Secure Access Control Server EAP-FAST Authentication Flaw Lets Remote Users Execute Arbitrary Commands *** --------------------------------------------- Cisco Secure Access Control Server EAP-FAST Authentication Flaw Lets Remote Users Execute Arbitrary Commands --------------------------------------------- http://www.securitytracker.com/id/1028958 *** Unpatched Mac bug gives attackers “super user” status by going back in time *** --------------------------------------------- Exploiting the five-month-old "sudo" flaw in OS X just got easier. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/r1T9FKbYWWY/story01… *** Triangle MicroWorks Improper Input Validation *** --------------------------------------------- OVERVIEWAdam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in multiple Triangle MicroWorks’ products and third‑party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. Adam Crain has tested the update to validate that it resolves the vulnerability.This vulnerability could be exploited remotely.AFFECTED PRODUCTSThe following Triangle MicroWorks products are affected: --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-240-01 *** Bugtraq: 30C3 Call for Participation *** --------------------------------------------- 30C3 Call for Participation --------------------------------------------- http://www.securityfocus.com/archive/1/528298 *** Suspect Sendori software, (Thu, Aug 29th) *** --------------------------------------------- Reader Kevin wrote in to alert us of an interesting discovery regarding Sendori. Kevin stated that two of his clients were treated to malware via the auto-update system for Sendori. In particular, they had grabbed Sendori-Client-Win32/2.0.15 from 54.230.5.180 which is truly an IP attributed to Sendori via lookup results. Sendoris reputation is already a bit sketchy; search results for Sendori give immediate pause but this download in particular goes beyond the pale. With claims that "As of --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16466&rss *** WordPress Wordfence 3.8.1 Cross Site Scripting *** --------------------------------------------- Topic: WordPress Wordfence 3.8.1 Cross Site Scripting Risk: Low Text:# Exploit Title: Wordpress Plugin Wordfence 3.8.1 - Cross Site Scripting # Date: 28 de Agosto del 2013 # Exploit Author: Dyla... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080221 *** Google Docs Information Disclosure *** --------------------------------------------- Topic: Google Docs Information Disclosure Risk: Medium Text:I reported this problem to Google in June but I did not get the usual reply saying they were working on it, so I guess it isn... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080224 *** Bugtraq: Drupal Node View Permissions module and Flag module Vulnerabilities *** --------------------------------------------- Drupal Node View Permissions module and Flag module Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/528310 *** Cybercrime-friendly underground traffic exchanges help facilitate fraudulent and malicious activity – part two *** --------------------------------------------- By Dancho Danchev The list of monetization tactics a cybercriminal can take advantage of, once they manage to hijack a huge portion of Web traffic, is virtually limitless and is entirely based on his experience within the cybercrime ecosystem. Through the utilization of blackhat SEO (search engine optimization), RFI (Remote File Inclusion), DNS cache poisoning, or […] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/zWNtszZsWRs/ *** IBM InfoSphere Information Server Multiple Vulnerabilities *** --------------------------------------------- IBM InfoSphere Information Server Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54666 *** Office 2003s burial will resurrect hacker activity *** --------------------------------------------- The end of Microsofts support for popular suite come April 2014 will usher in an era of infinite zero-day attacks, analyst predicts --------------------------------------------- http://www.csoonline.com/article/738914/office-2003-s-burial-will-resurrect… *** [papers] - Metasploit -The Exploit Learning Tree *** --------------------------------------------- Metasploit -The Exploit Learning Tree --------------------------------------------- http://www.exploit-db.com/download_pdf/27935 *** Outage Analyzer - Track Web Service Outages,in Real Time *** --------------------------------------------- ....Outage Analyzer lets you view internet service outages as they occur around the world. The application lists the outages that are occurring now or can provide a view of outages that have closed recently...... --------------------------------------------- http://www.compuware.com/en_us/application-performance-management/products/…

1 0

Tageszusammenfassung - Mittwoch 28-08-2013
by Daily end-of-shift report 28 Aug '13

28 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 27-08-2013 18:00 − Mittwoch 28-08-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Security Bulletin: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM JRE executed under a security manager. *** --------------------------------------------- IBM Tivoli Monitoring ships and uses a Java Runtime Environment (JRE). This alert addresses several vulnerabilities for the Tivoli Enterprise Portal browser JRE which might allow remote untrusted Java WebStart applications and untrusted Java applets to affect confidentiality, availability and integrity. CVE(s): CVE-2013-2467, CVE-2013-2448, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Firefox Extension HTTP Nowhere Allows Users to Browse in Encrypted-Only Mode *** --------------------------------------------- It’s no secret that the Web wasn’t really meant to be a secure platform, for communications or commerce or anything else. But it’s used for all of these functions every day, and for the most part they depend upon the sites they deal with using SSL and doing so correctly. That’s not always a sure [...] --------------------------------------------- http://threatpost.com/firefox-extension-http-nowhere-allows-users-to-browse… *** Microsoft Releases Revisions to 4 Existing Updates, (Tue, Aug 27th) *** --------------------------------------------- Four patches have undergone signficant revision according to Microsoft. The following patches were updated today by Microsoft, and are set to roll in the automatic updates: MS13-057 - Critical - https://technet.microsoft.com/security/bulletin/MS13-057 - Reason for Revision: V3.0 (August 27, 2013): Bulletin revised to rerelease security update 2803821 for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; security update 2834902 for Windows XP and Windows Server 2003; --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16448&rss *** Asterisk SIP Request Processing Flaw With Invalid SDP Lets Remote Users Deny Service *** --------------------------------------------- Asterisk SIP Request Processing Flaw With Invalid SDP Lets Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1028957 *** Linux-Trojaner analysiert *** --------------------------------------------- Avast hat den bislang wohl ersten Online-Banking-Trojaner, der es auf Linux-Nutzer abgesehen hat, in seinem Virenlabor untersucht: Der Entwickler hat sich große Mühe gegeben, damit sein Baby unentdeckt bleibt. --------------------------------------------- http://www.heise.de/newsticker/meldung/Erster-Banking-Trojaner-fuer-Linux-a… *** Exploit für ungepatchte Lücke in Java 6 aufgetaucht *** --------------------------------------------- Ein Werkzeug enthält Code, der eine seit Juni bekannte Lücke in Java 6 ausnutzt. Oracle hat die Wartung für diese Version eingestellt, die sich jedoch noch häufig im Einsatz befindet. --------------------------------------------- http://www.heise.de/newsticker/meldung/Exploit-fuer-ungepatchte-Luecke-in-J… *** Cybercriminals offer spam-ready SMTP servers for rent/direct managed purchase *** --------------------------------------------- By Dancho Danchev We continue to observe an increase in underground market propositions for spam-ready bulletproof SMTP servers, with the cybercriminals behind them trying to differentiate their unique value proposition (UVP) in an attempt to attract more customers. Let’s profile the underground market propositions of what appears to be a novice cybercriminal offering such spam-ready […] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/eWR3avR3M7k/ *** IBM FileNet Content Manager / Content Foundation XML Parser Denial of Service Vulnerability *** --------------------------------------------- IBM FileNet Content Manager / Content Foundation XML Parser Denial of Service Vulnerability --------------------------------------------- https://secunia.com/advisories/54632 *** IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities *** --------------------------------------------- IBM TRIRIGA Application Platform Multiple Cross-Site Scripting Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54641 *** Bugtraq: Two Instagram Android App Security Vulnerabilities *** --------------------------------------------- Two Instagram Android App Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/528292

1 0

Tageszusammenfassung - Dienstag 27-08-2013
by Daily end-of-shift report 27 Aug '13

27 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 26-08-2013 18:00 − Dienstag 27-08-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** [Video] ThreatVlog, Episode 1: Tor and Apple exploits revealed *** --------------------------------------------- What is Tor? Is it really secure? What about the Apple App Store approval process? Are all these applications really looked at? In today's episode, Grayson Milbourne covers the exploitation of the Tor network through Firefox and a proof of concept showing just how insecure Apple app testing can be. --------------------------------------------- http://blog.webroot.com/2013/08/20/tor-and-apple-exploits-revealed/ *** [Video] ThreatVlog, Episode 2: Keyloggers and your privacy *** --------------------------------------------- Commercial and black hat keyloggers can infect any device, from your PC at home to the phone in your hand. What exactly are these programs trying to steal? How can this data be used harmfully against you? And what can you do to protect all your data and devices from this malicious data gathering? In... --------------------------------------------- http://blog.webroot.com/2013/08/26/video-threatvlog-episode-2-keyloggers-an… *** "thereisnofatebutwhatwemake" - Turbo-charged cracking comes to long passwords *** --------------------------------------------- Cracking really long passwords just got a whole lot faster and easier. --------------------------------------------- http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-ch… *** Feature Phone Hack Can Block Calls, Texts On Some Networks *** --------------------------------------------- Trailrunner7 writes, quoting Threat Post "By tweaking the firmware on certain kinds of phones, a hacker could make it so other phones in the area are unable to receive incoming calls or SMS messages, according to research presented at the USENIX Security Symposium. The hack involves modifying the baseband processor on some Motorola phones and tricking some older 2G GSM networks into not delivering calls and messages. By watching the messages sent from phone towers and not delivering them --------------------------------------------- http://it.slashdot.org/story/13/08/26/2254224/feature-phone-hack-can-block-… *** Patch Management Guidance from NIST, (Tue, Aug 27th) *** --------------------------------------------- The National Institute of Standards and Technology (NIST) released a new version of guidance around Patch Management last week, NIST SP800-40. The latest release takes a broader look at etnerprise patch management than the previous version, so well worth the read. Patch Management is clearly called out as a "Quick Win" in Critical Control #3 "Secure Configurations for Hardware and Software". Additionally, Patch Management is something that is required by many of the cyber --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16445&rss *** NSA: Hardening Tips For Mac OS X *** --------------------------------------------- ....The National Security Agency (NSA) offers "Hardening Tips for Mac OS X" a tri-fold security brochure for the agencys Information Assurance Mission. Its packed with useful tips...... Siehe auch: http://www.nsa.gov/ia/_files/factsheets/macosx_10_6_hardeningtips.pdf --------------------------------------------- http://www.nsa.gov/ia/_files/factsheets/macosx_hardening_tips.pdf *** The SCADA That Cried Wolf: Who's Really Attacking Your ICS Devices- Part 2 *** --------------------------------------------- The concern on ICS/SCADA security gained prominence due to high-profile attacks targeting these devices, most notably Flame and Stuxnet. However, we noted recent findings, which prove that the interest in ICS/SCADA devices as attack platforms is far from waning. We've all read about how insecure ICS/SCADA devices are and how certain threat actors are targeting... --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/the-scada-that-c… *** Malware-Erkennung für Medizingeräte *** --------------------------------------------- US-Informatiker wollen über Veränderungen im Stromverbrauch von Medizingeräten Datenschädlinge im Gesundheitsbereich feststellen. --------------------------------------------- http://www.heise.de/security/meldung/Malware-Erkennung-fuer-Medizingeraete-… *** Security Bulletin: IBM Notes & Domino fixes for multiple vulnerabilities in IBM JRE *** --------------------------------------------- IBM Notes and Domino are vulnerable to multiple attacks listed in the Oracle Java SE Critical Patch Update Advisories (February, April and June 2013) as well as miscellaneous client-side attacks listed below. The repaired IBM JRE is available in Notes and Domino 8.5.3 Fix Pack 5 and is also planned for Notes and Domino 9.0.1. CVE(s): CVE-2013-0464, CVE-2012-3325, and CVE-2011-4858 Affected product(s) and affected version(s): IBM Notes and Domino 9.0 IBM Notes and Domino 8.5.x IBM Notes and... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Security Bulletin: IBM Notes & Domino fixes for multiple vulnerabilities in IBM JRE *** --------------------------------------------- IBM Notes and Domino are vulnerable to multiple attacks listed in the Oracle Java SE Critical Patch Update Advisories (February, April and June 2013) as well as miscellaneous client-side attacks listed below. The repaired IBM JRE is available in Notes and Domino 8.5.3 Fix Pack 5 and is also planned for Notes and Domino 9.0.1. CVE(s): CVE-2013-0809, CVE-2013-1493, CVE-2013-3012, CVE-2013-3011, CVE-2013-3010, CVE-2013-3009, CVE-2013-3008, CVE-2013-3007, CVE-2013-3006, CVE-2013-2455, and --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Security Bulletin: IBM Security SiteProtector System can be affected by a vulnerability in the IBM Eclipse Help System (IEHS) (CVE-2013-0467) *** --------------------------------------------- IBM Security SiteProtector System can be affected by a vulnerability in the IBM Eclipse Help System (IEHS). This vulnerability could allow a remote attacker to obtain the source code of the Help System. CVE(s): and CVE-2013-0467 Affected product(s) and affected version(s): IBM Security SiteProtector System: 2.8.1 and 2.9 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21647392 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Security Bulletin: IBM Content Collector - Eclipse Help System Cross Site Scripting Vulnerability (CVE-2013-0464) *** --------------------------------------------- Cross-Site Scripting vulnerability exists in IBM Eclipse Help System, a component bundled with IBM Content Collector, which is used to display the IBM Content Collector help content. CVE(s): and CVE-2013-0464 Affected product(s) and affected version(s): IBM Content Collector 3.0 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21646473 X-Force Database: --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** IBM Lotus iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1028954 *** Sixnet Universal Protocol Undocumented Function Codes *** --------------------------------------------- OVERVIEW: This updated advisory is a follow-up to the original advisory titled ICSA-13-231-01 Sixnet Universal Protocol Undocumented Function Codes that was published August 19, 2013, on the ICS-CERT Web page. Independent researcher Mehdi Sabraoui has identified undocumented function codes in Sixnet's universal protocol. Sixnet has produced a new version of the remote terminal unit (RTU) firmware that mitigates this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01A *** RoundCube Webmail Edit Email Script Insertion Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54536 *** IBM DB2 / DB2 Connect Unspecified Security Bypass Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54644 *** Atlassian 4.x Confluence Sensitive Information Leakage *** --------------------------------------------- Topic: Atlassian 4.x Confluence Sensitive Information Leakage Risk: Low Text:Since vendor does not seem to care about this issue more than a year after initial report (https://jira.atlassian.com/browse/C... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080213

1 0

Tageszusammenfassung - Montag 26-08-2013
by Daily end-of-shift report 26 Aug '13

26 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 23-08-2013 18:00 − Montag 26-08-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Mozilla und Chrome erhöhen Anforderungen an Zertifikate *** --------------------------------------------- In Zukunft wollen die beiden freien Browser SSL-Zertifikate mit einer besonders langen Laufzeit nicht mehr akzeptieren. Die Änderungen betreffen jedoch nur relativ wenige Server. --------------------------------------------- http://www.heise.de/newsticker/meldung/Mozilla-und-Chrome-erhoehen-Anforder… *** EU-Meldepflicht bei Datenklau tritt in Kraft *** --------------------------------------------- Ab sofort müssen Kommunikations-Unternehmen innerhalb von 24 Stunden melden, wenn ein Datenschutzverstoß von nicht oder nicht ausreichend gesicherten Personendaten vorliegt. Auch die Betroffenen müssen in einigen Fällen informiert werden. --------------------------------------------- http://futurezone.at/netzpolitik/17910-eu-meldepflicht-bei-datenklau-tritt-… *** RealPlayer Two Vulnerabilities *** --------------------------------------------- 1) An error when handling filenames in RMP can be exploited to cause a stack-based buffer overflow. 2) An error when parsing RealMedia files can be exploited to cause a memory corruption. Successful exploitation may allow execution of arbitrary code. --------------------------------------------- https://secunia.com/advisories/54621 *** OpenSSL erzeugt zu oft den gleichen Zufall *** --------------------------------------------- Der Zufallszahlengenerator der freien Krypto-Bibliothek liefert unter bestimmten Voraussetzungen relativ kurz hintereinander dieselben Zahlen. Noch ist nicht entschieden, ob die OpenSSL-Entwickler oder -Nutzer ihren Code ändern müssen. --------------------------------------------- http://www.heise.de/security/meldung/OpenSSL-erzeugt-zu-oft-den-gleichen-Zu… *** IBM WebSphere Commerce Tools Pages Cross-Site Scripting Vulnerabilities *** --------------------------------------------- IBM WebSphere Commerce Tools Pages Cross-Site Scripting Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54643 *** IBM Tivoli Workload Scheduler OpenSSL Multiple Vulnerabilities *** --------------------------------------------- IBM Tivoli Workload Scheduler OpenSSL Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54655 *** IBM Lotus iNotes Multiple Cross-Site Scripting Vulnerabilities *** --------------------------------------------- IBM Lotus iNotes Multiple Cross-Site Scripting Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54645 *** Cacti Script Insertion and SQL Injection Vulnerabilities *** --------------------------------------------- Cacti Script Insertion and SQL Injection Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54531 *** Bugtraq: Wordpress post-gallery Plugin Xss vulnerabilities *** --------------------------------------------- Wordpress post-gallery Plugin Xss vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/528243 *** [remote] - Belkin G Wireless Router Firmware 5.00.12 - RCE PoC *** --------------------------------------------- Belkin G Wireless Router Firmware 5.00.12 - RCE PoC --------------------------------------------- http://www.exploit-db.com/exploits/27873

1 0

Tageszusammenfassung - Freitag 23-08-2013
by Daily end-of-shift report 23 Aug '13

23 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 22-08-2013 18:00 − Freitag 23-08-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Top Server OPC Improper Input Validation Vulnerability *** --------------------------------------------- OVERVIEW: Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Software Toolbox TOP Server DNP Master OPC product. Software Toolbox has produced a new version that mitigates this vulnerability. The researchers have tested the new version to validate that it resolves the vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS: The following Software Toolbox products are affected:... --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02 *** Read of the Week: A Fuzzy Future in Malware Research, (Thu, Aug 22nd) *** --------------------------------------------- The August 2013 ISSA Journal includes an excellent read from Ken Dunham: A Fuzzy Future in Malware Research. Ken is a SANS veteran (GCFA Gold, GREM Gold, GCIH Gold, GSEC, GCIA) who spends a good bit of his time researching, writing and presenting on malware-related topics. From Kens abstract: "Traditional static analysis and identification measures for malware are changing, including the use of fuzzy hashes which offers a new way to find possible related malware samples on a computer or --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16427 *** How Exploit Kits Dodge Security Vendors and Researchers *** --------------------------------------------- Websites with exploit kits are one thing that security vendors and researchers frequently try to look into, so it shouldn't be a surprise that attackers have gone to some length to specifically dodge the good guys. How do they do it? The most basic method used by attackers is an IP blacklist. Just like security... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/qf9ZXjwNgn0/ *** How Can Social Engineering Training Work Effectively? *** --------------------------------------------- One particular aspect of DEF CON that always gets some media coverage is the Social Engineering Capture the Flag (SECTF) contest, where participants use nothing more than a phone call to get victims at various Fortune 500 to give up bits of information. These are the sort of social engineering attacks that give security professionals... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/D-0-ZRv5fSY/ *** Angeblicher Adobe-Reader-Exploit vermutlich ein Fake *** --------------------------------------------- Es verdichten sich die Indizien dafür, dass es das kritische Sicherheitsloch, dass in der aktuellen Reader-Version klaffen soll, gar nicht gibt. --------------------------------------------- http://www.heise.de/newsticker/meldung/Angeblicher-Adobe-Reader-Exploit-ver… *** Pixel Perfect Timing Attacks with HTML5 *** --------------------------------------------- "This paper describes a number of timing attack techniques that can be used by a malicious web page to steal sensitive data from a browser, breaking cross-origin restrictions. The new requestAnimationFrame API can be used to time browser rendering operations and infersensitive data based on timing data." --------------------------------------------- http://contextis.co.uk/files/Browser_Timing_Attacks.pdf *** BSI: Trotz "kritischer Aspekte" keine Warnung vor Windows 8 *** --------------------------------------------- In einer Stellungnahme stellt das Bundesamt klar, dass es keine grundsätzlichen Sicherheitsbedenken gegen den Einsatz von Windows 8 und Trusted Computing habe. Das BSI kritisiert allerdings bestimmte Aspekte des Betriebssystems. --------------------------------------------- http://www.heise.de/security/meldung/BSI-Trotz-kritischer-Aspekte-keine-War… *** Setuid-Probleme auf Debian-Abkömmlingen *** --------------------------------------------- Ein schlampig programmiertes Setuid-Tool aus dem VMware-Paket beschert Root-Rechte; doch die Ursachen reichen tiefer. --------------------------------------------- http://www.heise.de/newsticker/meldung/Setuid-Probleme-auf-Debian-Abkoemmli… https://secunia.com/advisories/54580

1 0

Tageszusammenfassung - Donnerstag 22-08-2013
by Daily end-of-shift report 22 Aug '13

22 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 21-08-2013 18:00 − Donnerstag 22-08-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** If you ever use text VTs, dont run XMir right now *** --------------------------------------------- Itd be easy to assume that in a Mir-based world, the Mir server receives input events and hands them over to Mir clients. In fact, as I described here, XMir uses standard Xorg input drivers and so receives all input events directly. This led to issues like the duplicate mouse pointer seen in earlier versions of XMir - as well as the pointer being drawn by XMir, Mir was drawing its own pointer.But theres also some more subtle issues. Mir recently gained a fairly simple implementation of VT... --------------------------------------------- http://mjg59.dreamwidth.org/27327.html *** Jumping Out of IE's Sandbox With One Click *** --------------------------------------------- Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft's August Patch Tuesday release earlier this month that fit that bill, MS13-059, Cumulative Security [...] --------------------------------------------- http://threatpost.com/jumping-out-of-ies-sandbox-with-one-click/102054 *** BSI: Trotz "kritischer Aspekte" keine Warnung vor Windows 8 *** --------------------------------------------- In einer Stellungnahme stellt das Bundesamt klar, dass es keine grundsätzlichen Sicherheitsbedenken gegen den Einsatz von Windows 8 und Trusted Computing habe. Das BSI kritisiert allerdings bestimmte Aspekte des Betriebssystems. --------------------------------------------- http://www.heise.de/security/meldung/BSI-Trotz-kritischer-Aspekte-keine-War… *** Siemens COMOS Privilege Escalation Vulnerability *** --------------------------------------------- OVERVIEW: Siemens has notified ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. Siemens has produced a patch that mitigates this vulnerability. AFFECTED PRODUCTS: The following Siemens COMOS versions are affected:... --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-233-01 *** Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** MySQL Debian/Ubuntu Installation Script Lets Local Users Obtain Potentially Sensitive Information *** --------------------------------------------- http://www.securitytracker.com/id/1028927 *** Hotel Software and Booking system 1.8 SQL Injection & Cross Site Scripting *** --------------------------------------------- Topic: Hotel Software and Booking system 1.8 SQL Injection & Cross Site Scripting Risk: Medium Text: # Exploit Title: Hotel Software and Booking system 1.8 - SQL Injection / Cross Site Scripting # Date: 21 de A... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080175 *** Drupal Zen 7.x Cross Site Scripting *** --------------------------------------------- Topic: Drupal Zen 7.x Cross Site Scripting Risk: Low Text:View online: https://drupal.org/node/2071157 * Advisory ID: DRUPAL-SA-CONTRIB-2013-070 * Project: Zen [1] (third-party ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080180 *** Debian update for cacti *** --------------------------------------------- https://secunia.com/advisories/54181 *** Multiple NetGear ProSafe Switches CVE-2013-4776 Remote Denial of Service Vulnerability *** --------------------------------------------- A range of ProSafe switches are affected by two different vulnerabilities. CVE-2013-4775: Unauthenticated startup-config disclosure. CVE-2013-4776: Denial of Service vulne... --------------------------------------------- http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2… *** [webapps] - Netgear ProSafe - Denial of Service Vulnerability *** --------------------------------------------- http://www.exploit-db.com/exploits/27775 *** [webapps] - Netgear ProSafe - Information Disclosure Vulnerability *** --------------------------------------------- http://www.exploit-db.com/exploits/27774

1 0

Tageszusammenfassung - Mittwoch 21-08-2013
by Daily end-of-shift report 21 Aug '13

21 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 20-08-2013 18:00 − Mittwoch 21-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Hacker greift offenbar Zugangsdaten für Twitter ab *** --------------------------------------------- Ein Hacker hat sich offenbar Zugang zu Anmeldedaten des Kurznachrichtendienstes Twitter verschafft. Der Angreifer, der sich Mauritania Hacker nennt, hat am Dienstag angebliche Detailinformationen zu mehr als 15.000 Twitter-Accounts veröffentlicht. --------------------------------------------- http://www.heise.de/security/meldung/Hacker-greift-offenbar-Zugangsdaten-fu… *** Poison Ivy: Assessing Damage and Extracting Intelligence *** --------------------------------------------- Today, our research team is publishing a report on the Poison Ivy family of remote access tools (RATs) along with a package of tools created... --------------------------------------------- http://www.fireeye.com/blog/technical/targeted-attack/2013/08/pivy-assessin… *** Measuring Entropy and its Applications to Encryption *** --------------------------------------------- There have been a bunch of articles about an information theory paper with vaguely sensational headlines like "Encryption is less secure than we thought" and "Research shakes crypto foundations." Its actually not that bad. Basically, the researchers arguethat the traditional measurement of Shannon entropy isnt the right model to use for cryptography, and that minimum entropy is. This difference may... --------------------------------------------- http://www.schneier.com/blog/archives/2013/08/measuring_entro.html *** Sicherheitsforscher: Zero-Day-Lücke im Adobe Reader *** --------------------------------------------- In der aktuellen Version des Adobe Reader soll eine kritische Schwachstelle klaffen, durch die Angreifer Schadcode in PDF-Dokumenten platzieren können. Der Code wird ausgeführt, sobald man das Dokument öffnet. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsforscher-Zero-Day-Luecke-im… *** Gpg4win 2.2 verschlüsselt E-Mails und Dateien *** --------------------------------------------- Die neue Version 2.2 der GnuPG-Version für Windows unterstützt Outlook 2010 und 2013. Das Verschlüsselungs-Plug-in für den Windows Explorer liegt jetzt auch in einer 64-Bit-Version bei. --------------------------------------------- http://www.heise.de/security/meldung/Gpg4win-2-2-verschluesselt-E-Mails-und… *** Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.7 *** --------------------------------------------- Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.0.0.7 CVE(s): CVE-2013-2967, CVE-2013-2976, CVE-2013-4004, CVE-2013-0169, CVE-2013-0597, CVE-2013-1768, CVE-2013-1862, CVE-2013-4005, CVE-2013-3029, CVE-2013-1896, and CVE-2012-2098 Affected product(s) and affected version(s): The following IBM WebSphere Application Server Versions are affected: Version 8.5 Version 8 Version 7 Version 6.1 OSGi Applications and JPA Feature Pack EJB 3.0 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pot… *** RSA Authentication Agent for PAM Allows Remote Users to Make Unlimited Login Attempts *** --------------------------------------------- http://www.securitytracker.com/id/1028930 *** IBM WebSphere Portal Unspecified Bug Lets Remote Users Access User Directories *** --------------------------------------------- http://www.securitytracker.com/id/1028933 *** McAfee Email Gateway Email Processing "ws_inv-smtp" Denial of Service Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54486 *** PHP OpenID XRDS Processing XML External Entities Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54542 *** Multiple Vulnerabilities in Cisco Unified Communications Manager *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…

1 0

Tageszusammenfassung - Dienstag 20-08-2013
by Daily end-of-shift report 20 Aug '13

20 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 19-08-2013 18:00 − Dienstag 20-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** The Sunshop Campaign Continues *** --------------------------------------------- We recently detected what we believe is a continuation of the Sunshop campaign that we first revealed on May 20, 2013. This follow-on to the Sunshop campaign started on July 17, 2013. In this latest wave the attackers inserted malicious... --------------------------------------------- http://www.fireeye.com/blog/technical/cyber-exploits/2013/08/the-sunshop-ca… *** FuzzDB hilft bei Sicherheitstests von Webapplikationen *** --------------------------------------------- FuzzDB umfasst Angriffsmuster, eine vorsortierte Sammlung bekannter Logdateien, Administrationsverzeichnisse sowie reguläre Ausdrücke zur Auswertung von Antworten angegriffener Server und Dokumentationsmaterialien. --------------------------------------------- http://www.heise.de/security/meldung/FuzzDB-hilft-bei-Sicherheitstests-von-… *** Netzwerkscanner nmap aufgefrischt *** --------------------------------------------- Die nmap-Version 6.4 bringt neben zahlreichen Erweiterungen auch eine Lua-Anbindung für ncat mit. --------------------------------------------- http://www.heise.de/security/meldung/Netzwerkscanner-nmap-aufgefrischt-1938… *** Can KINS Be The Next ZeuS? *** --------------------------------------------- Malware targeting online banking sites naturally cause alarm among users, as they are designed to steal not only information but also money from its users. Thus it is no surprise that the surfacing of KINS, peddled as 'professional-grade banking Trojan' in the underground market, raised concerns that it might become as successful as ZeuS/ZBOT... --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/can-kins-be-the-… *** Microsoft Reissues MS13-066 Windows Server Patch *** --------------------------------------------- Microsoft has re-released one of the August security patches for Windows Server 2008 in order to fix a regression issue that would cause some servers to stop working. The MS13-066 patch was released again Monday after Microsoft discovered the problem last week. The patch in the MS13-066 update fixes a vulnerability Active Directory Federation Services [...] --------------------------------------------- http://threatpost.com/microsoft-reissues-ms13-066-windows-server-patch/1020… *** Security Bulletin: Cross Site Scripting vulnerabilities in themes of WebSphere Portal (CVE-2013-0587) *** --------------------------------------------- Several spots in themes of WebSphere Portal have been identified to be vulnerable to Cross Site Scripting (XSS). CVE(s): CVE-2013-0587 Affected product(s) and affected version(s): WebSphere Portal Version 6.1.0.x WebSphere Portal Version 6.1.5.x WebSphere Portal Version 7.0.0.x WebSphere Portal Version 8.0.0.x Refer to the following... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_cro… *** Sixnet Universal Protocol Undocumented Function Codes *** --------------------------------------------- OVERVIEW: Independent researcher Mehdi Sabraoui has identified undocumented function codes in Sixnet's universal protocol. Sixnet has produced a new version of the remote terminal unit (RTU) firmware that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS:... --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01 *** HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities *** --------------------------------------------- Potential security vulnerabilities have been identified in Java5 Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. --------------------------------------------- http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_… *** HPSBMU02902 rev.2 - HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI, Cipher Suite 0 Authentication Bypass Vulnerability *** --------------------------------------------- A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI. The vulnerability could allow authentication bypass. --------------------------------------------- http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_… *** Bugtraq: Multiple vulnerabilities on Sitecom N300/N600 devices *** --------------------------------------------- http://www.securityfocus.com/archive/1/528093 *** IBM HTTP Server Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54560 *** FFmpeg Two Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54389

1 0

Tageszusammenfassung - Montag 19-08-2013
by Daily end-of-shift report 19 Aug '13

19 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 16-08-2013 18:00 − Montag 19-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Filtering Signal From Noise, (Fri, Aug 16th) *** --------------------------------------------- We have used the term "internet background radiation" more than once to describe things like SSH scans. Like cosmic background radiation, its easy to consider it noise, but one can find signals buried within it, with enough time and filtering. I wanted to take a look at our SSH scan data and see if we couldnt tease out anything useful or interesting. First Visualization I used the DShield API to pull this years port 22 data (https://isc.sans.edu/api/ for more details on our API.) --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16385&rss *** Schwachstelle im BIOS einiger Dell-Geräte *** --------------------------------------------- Dell hat für eine Reihe älterer Systeme der Latitude- und Precision-Reihe BIOS-Updates herausgegeben. Den Geräten lässt sich wegen eines potenziellen Buffer Overflows im BIOS eine unsignierte Firmware unterschieben. --------------------------------------------- http://www.heise.de/security/meldung/Schwachstelle-im-BIOS-einiger-Dell-Ger… *** A Closer Look: Perkele Android Malware Kit *** --------------------------------------------- In March 2013 I wrote about Perkele, a crimeware kit designed to create malware for Android phones that can help defeat multi-factor authentication used by many banks. In this post, well take a closer look at this threat, examining the malware as it is presented to the would-be victim as well as several back-end networks set up by cybercrooks who have been using Perkele to fleece banks and their customers. --------------------------------------------- http://krebsonsecurity.com/2013/08/a-closer-look-perkele-android-malware-ki… *** HP verabschiedet sich vom Java-Interface *** --------------------------------------------- Bei einer Routine-Überprüfung einer unserer HP-Procurve-Switches haben wir eine erfreuliche Entdeckung gemacht. HP hat schon vor einer Weile angefangen, seine Java-Konfigurationsoberflächen zu ersetzen und nutzt stattdessen HTML. Aber nicht alle Switches bekommen ein HTML-Update. --------------------------------------------- http://www.golem.de/news/procurve-hp-verabschiedet-sich-vom-java-interface-… *** DIY automatic cybercrime-friendly 'redirectors generating' service spotted in the wild *** --------------------------------------------- By Dancho Danchev Redirectors are a popular tactic used by cybercriminal on their way to trick Web filtering solutions. And just as we've seen in virtually ever segment of the underground marketplace, demand always meets supply. A newly launched, DIY 'redirectors' generating service, aims to make it easier for cybercriminals to hide the true intentions... --------------------------------------------- http://blog.webroot.com/2013/08/19/diy-automatic-cybercrime-friendly-redire… *** whistle.im: FaaS - Fuckup as a Service *** --------------------------------------------- Auf den ersten Blick mag das Projekt sinnvoll erscheinen: Ende-zu-Ende-Verschlüsselung "Unsere Kryptographie ist Open Source - Mitstreiter willkommen!" Verwendung von SSL, RSA, AES Doch schaut man etwas tiefer in das Projekt, so merkt man schnell, dass es sich mehr um hohle Phrasen handelt, als um Ansätze, die mit Sach- oder Fachverstand geprüft wurden. --------------------------------------------- http://hannover.ccc.de/~nexus/whistle.html *** Analysis: Anti-decompiling techniques in malicious Java Applets *** --------------------------------------------- Step 1: How this startedWhile I was investigating the Trojan.JS.Iframe.aeq case (see blogpost ) one of the files dropped by the Exploit Kit was an Applet exploiting a vulnerability:document.write(<applet ... --------------------------------------------- http://www.securelist.com/en/analysis/204792300/Anti_decompiling_techniques… *** The Cryptopocalypse *** --------------------------------------------- There was a presentation at Black Hat last month warning us of a "factoring cryptopocalypse": a moment when factoring numbers and solving the discrete log problem become easy, and both RSA and DH break. This presentation was provocative, and has generated a lot of commentary, but I dont see any reason to worry. Yes, breaking modern public-key cryptosystems has gotten... --------------------------------------------- http://www.schneier.com/blog/archives/2013/08/the_cryptopocal.html *** The Risk of Running Windows XP After Support Ends April 2014 *** --------------------------------------------- Back in April I published a post about the end of support for Windows XP called The Countdown Begins: Support for Windows XP Ends on April 8, 2014. Since then, many of the customers I have talked to have moved, or are in the process of moving, their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8. --------------------------------------------- http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-… *** Here's what you find when you scan the entire Internet in an hour *** --------------------------------------------- Until recently, scanning the entire Internet, with its billions of unique addresses, was a slow and labor-intensive process. For example, in 2010 the Electronic Frontier Foundation conducted a scan to gather data on the use of encryption online. The process took two to three months. --------------------------------------------- http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/18/heres-what-you… *** 2013-08 Security Bulletin: Network and Security Manager: DoS due to repeated SSL session renegotiations (CVE-2011-1473) *** --------------------------------------------- A vulnerability has been reported against virtually all versions of OpenSSL stating that client-initiated renegotiation is not properly restricted within the SSL and TLS protocols. This might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. Some network services in Network and Security Manager (NSM) utilizing SSL/TLS were found vulnerable to this issue. --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10584 *** IBM Notes / Domino Java Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54574 *** Django "is_safe_url()" Cross-Site Scripting and "URLField" Script Insertion Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54476 *** PHP SSL Client Certificate Verification and Session Fixation Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54562 *** Yafuoku! / Yahoo! Shopping Certificate Verification Security Issue *** --------------------------------------------- https://secunia.com/advisories/54551 *** [webapps] - Copy to WebDAV v1.1 iOS - Multiple Vulnerabilities *** --------------------------------------------- http://www.exploit-db.com/exploits/27655

1 0

Tageszusammenfassung - Freitag 16-08-2013
by Daily end-of-shift report 16 Aug '13

16 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 14-08-2013 18:00 − Freitag 16-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Microsoft Starts Countdown on Eliminating MD5 *** --------------------------------------------- Microsoft has given customers six months to find MD5 installations and prepare for a February 2014 patch that will block the broken algorithm. --------------------------------------------- http://threatpost.com/microsoft-starts-countdown-on-eliminating-md5/101994 *** Microsoft Pulls Back Critical Exchange Server 2013 Patch *** --------------------------------------------- Microsoft has pulled back MS13-061, a critical patch released yesterday for Exchange Server 2013 because it breaks indexing on the messaging server. --------------------------------------------- http://threatpost.com/microsoft-pulls-back-critical-exchange-server-2013-pa… *** Hackers targeting servers running Apache Struts applications, researchers say *** --------------------------------------------- A tool for exploiting known Struts vulnerabilities is available on Chinese hacker forums, Trend Micro researchers said --------------------------------------------- http://www.csoonline.com/article/738134/hackers-targeting-servers-running-a… *** Androids Verschlüsselung angreifbar *** --------------------------------------------- Eine Schwachstelle in Androids Crypto-Bibliotheken betrifft möglicherweise hunderttausende Android-Anwendungen. Der Fehler sorgt für schwache Zufallszahlen und wurde von Kriminellen bereits für den Diebstahl von Bitcoins genutzt. --------------------------------------------- http://www.heise.de/security/meldung/Androids-Verschluesselung-angreifbar-1… *** Personalized Exploit Kit Targets Researchers *** --------------------------------------------- As documented time and again on this blog, cybercrooks are often sloppy or lazy enough to leave behind important clues about who and where they are. But from time to time, cheeky crooks will dream up a trap designed to look like theyre being sloppy when in fact theyre trying to trick security researchers into being sloppy and infecting their computers with malware. --------------------------------------------- https://krebsonsecurity.com/2013/08/personalized-exploit-kit-targets-resear… *** Verbreitung von Android-Malware nimmt deutlich zu, aber ... *** --------------------------------------------- Die Antivirenfirma Kaspersky hat im zweiten Quartal dieses Jahren doppelt so viele neue Android-Schädlinge gesichtet wie im gleichen Quartal des Vorjahres. Anlass zur Panik ist das allerdings nicht. --------------------------------------------- http://www.heise.de/security/meldung/Verbreitung-von-Android-Malware-nimmt-… *** Targeted Attacks Delivering Fruit *** --------------------------------------------- Political news has always been one of the top topics used in targeted attacks. Last week we came across unique malicious emails targeting high-profile companies in Europe and Asia (in sectors such as finance, mining, telecom, and government). The payload is an updated version of a Java remote access tool (RAT) detected as Backdoor.Opsiness, also known as Frutas RAT. --------------------------------------------- http://www.symantec.com/connect/blogs/targeted-attacks-delivering-fruit *** Researchers figure out how to hack tens of thousands of servers *** --------------------------------------------- Security researchers at the University of Michigan have found a potentially devastating security vulnerability that afflicts at least 40,000 servers on the Internet. The researchers say the flaw could allow hackers to compromise certain servers manufactured by Supermicro from anywhere on the Internet. Tens of thousands of servers produced by other vendors could also be at risk. --------------------------------------------- http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/14/researchers-fi… *** Hintergrund: Remote-Shell für die SD-Karte *** --------------------------------------------- Kaum etwas ist zu klein, um gehackt zu werden: Einem Blogger ist es gelungen, Root-Zugriff auf das Embedded-System einer WLAN-fähigen Speicherkarte zu erlangen. --------------------------------------------- http://www.heise.de/security/artikel/Remote-Shell-fuer-die-SD-Karte-1933994… *** Drupal Entity API Module Two Security Bypass Security Issues *** --------------------------------------------- https://secunia.com/advisories/54481 *** Vuln: Dovecot LIST Command Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/61763 *** Drupal 7.22 / 6.28 Cross Site Scripting *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080126 *** Joomla Media Manager File Upload Vulnerability *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080120 *** TYPO3 File Upload Flaw Lets Remote Authenticated Users Execute Arbitrary PHP Code *** --------------------------------------------- http://www.securitytracker.com/id/1028919 *** Bugtraq: Open-Xchange Security Advisory 2013-08-16 *** --------------------------------------------- http://www.securityfocus.com/archive/1/528046 *** Bugtraq: Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified unauthenticated remote access *** --------------------------------------------- http://www.securityfocus.com/archive/1/528045 *** Puppet "resource_type" Service Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54564

1 0

Tageszusammenfassung - Mittwoch 14-08-2013
by Daily end-of-shift report 14 Aug '13

14 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 13-08-2013 18:00 − Mittwoch 14-08-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Start isolating critical XP systems now, experts warn *** --------------------------------------------- Lack of updates after April 8, 2014 adds security complications for companies, retailers running specialty software dependent on XP --------------------------------------------- http://www.csoonline.com/article/738085/start-isolating-critical-xp-systems… *** Security Bulletin: Tivoli Workload Scheduler Distributed and Tivoli Workload Scheduler for Applications Openssl Multiple Vulnerabilities *** --------------------------------------------- OpenSSL versions prior to 1.0.0 do not follow best security practices and need to upgrade. CVE(s): CVE-2013-0169 CVE-2013-0166 CVE-2012-2686 CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2011-3210 CVE-2011-0014 CVE-2010-3864 Affected product(s) and affected version(s): Tivoli --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tiv… *** Python SSL module NULL bytes spoofing *** --------------------------------------------- Python SSL module NULL bytes spoofing --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86383 *** BIND Vulnerablilty Enables DNS Cache Poisoning Attack *** --------------------------------------------- A vulnerability in the BIND domain name system (DNS) software could give an attacker the ability to easily and reliably control queried name servers chosen by the most widely deployed DNS software on the Internet, according to new research presented at the Woot Conference in Washington D.C. today. --------------------------------------------- http://threatpost.com/bind-vulnerablilty-enables-dns-cache-poisoning-attack… *** Apache Struts2 2.3.15 OGNL Injection *** --------------------------------------------- Topic: Apache Struts2 2.3.15 OGNL Injection Risk: Medium Text:CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Softw... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080115 *** DotNetNuke (DNN) Cross-Site Scripting Vulnerability *** --------------------------------------------- Topic: DotNetNuke (DNN) Cross-Site Scripting Vulnerability Risk: Low Text:Title: DotNetNuke (DNN) Cross-Site Scripting Vulnerability References: CVE-2013-4649 Discovered by: Sajjad Pourali , Nasser S... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080113 *** Vuln: TYPO3 Static Methods since 2007 Extension Unspecified Cross Site Scripting Vulnerability *** --------------------------------------------- TYPO3 Static Methods since 2007 Extension Unspecified Cross Site Scripting Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57288 *** Lücke gestopft *** --------------------------------------------- Endlich gibt es ein Sicherheitsupdate für die Steuerungsanlagen von Saia-Burgess und ihre Lücke. --------------------------------------------- http://www.heise.de/newsticker/meldung/Kritisches-Sicherheitsupdate-fuer-20… *** Summary for August 2013 - Version: 1.0 *** --------------------------------------------- This bulletin summary lists security bulletins released for August 2013. --------------------------------------------- http://technet.microsoft.com/en-gb/security/bulletin/ms13-aug *** Die August-Patches *** --------------------------------------------- Microsoft hat acht Patch-Pakete herausgegeben, die nun insgesamt 23 Lücken schließen sollen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Microsofts-August-Patches-und-die-Ru… *** Bugtraq: Subverting BINDs SRTT Algorithm: Derandomizing NS Selection *** --------------------------------------------- Subverting BINDs SRTT Algorithm: Derandomizing NS Selection --------------------------------------------- http://www.securityfocus.com/archive/1/528013 *** Chinese Underground Creates Tool Exploiting Apache Struts Vulnerability *** --------------------------------------------- About a month ago, the Apache Software Foundation released Struts 2.3.15.1, an update to the popular Java Web application development framework. The patch was released because vulnerabilities in older versions of Struts could allow attackers to run arbitrary code on vulnerable servers. Since then, we've found that hackers in the Chinese underground have created an [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroChinese Underground Creates Tool Exploiting Apache --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/LkrHQVJNU9U/ *** OSIsoft PI Interface for IEEE C37.118 Configuration Packets Processing Denial of Service Vulnerability *** --------------------------------------------- OSIsoft PI Interface for IEEE C37.118 Configuration Packets Processing Denial of Service Vulnerability --------------------------------------------- https://secunia.com/advisories/54498 *** .GOV zones may not resolve due to DNSSEC problems., (Wed, Aug 14th) *** --------------------------------------------- Currently, many users are reporting that .gov domain names (e.g. fbi.gov) will not resolve. The problem appears to be related to an error in the DNSSEC configuration of the .gov zone. According to a quick check with dnsviz.net, it appears that there is no DS record for the current .gov ZSK deposited with the root zone. (excerpt from: http://dnsviz.net/d/fbi.gov/dnssec/) DNSSEC relies on two types of keys each zone uses: - A "key signing key" (KSK) and - A "zone signing --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16367&rss *** cPanel Multiple Vulnerabilities *** --------------------------------------------- cPanel Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54455

1 0

Tageszusammenfassung - Dienstag 13-08-2013
by Daily end-of-shift report 13 Aug '13

13 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 12-08-2013 18:00 − Dienstag 13-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Blaster - 3654 Days Later *** --------------------------------------------- Yesterday was Blasters 10th anniversary. Do you remember where you were on August 11, 2003? Numerous organizations, including several banks and airlines, suffered serious disruptions because of Blaster which caused affected computers to reboot continuously. Can you imagine the difficulties that would cause today? --------------------------------------------- http://www.f-secure.com/weblog/archives/00002587.html *** Cybercrime-friendly underground traffic exchange helps facilitate fraudulent and malicious activity *** --------------------------------------------- By Dancho Danchev Throughout the last couple of years, the persistent demand for geolocated traffic coming from both legitimate traffic exchanges or purely malicious ones - think traffic acquisition through illegally embedded iFrames - has been contributing to the growing market segment where traffic is bought, sold and re-sold, ... --------------------------------------------- http://blog.webroot.com/2013/08/13/cybercrime-friendly-underground-traffic-… *** Attackers Toolbox Makes Malware Detection More Difficult *** --------------------------------------------- Sometimes the simplest techniques can foil the complex systems created by security firms and large enterprises to detect malicious programs and files. Putting malware to sleep, waiting for a user to click, or looking for the hallmarks of a virtual machine can set off warning bells and cause a malicious program to cease running, making analysis difficult at best. --------------------------------------------- http://www.darkreading.com/monitoring/attackers-toolbox-makes-malware-detec… *** Researchers demonstrate how IPv6 can easily be used to perform MitM attacks *** --------------------------------------------- Many devices simply waiting for router advertisements, good or evil. When early last year I was doing research for an article on IPv6 and security, I was surprised to learn how easy it was to set up an IPv6 tunnel into an IPv4-only environment. --------------------------------------------- http://www.virusbtn.com/blog/2013/08_12.xml *** Joomla Patches Zero Day Targeting EMEA Banks *** --------------------------------------------- Content management system Joomla patched a zero-day vulnerability that allowed attackers to upload malicious code that led victims to the Blackhole exploit kit. --------------------------------------------- http://threatpost.com/joomla-patches-zero-day-targeting-emea-banks/101976 *** WordPress All-in-One Event Calendar Plugin Script Insertion and SQL Injection Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54038 *** HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080109 *** IBM HTTP Server mod_rewrite Arbitrary Command Execution Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54497 *** Juniper Network and Security Manager Apache Axis2 Security Issue and Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54454 *** Dovecot POP3 "LIST" Command Handling Denial of Service Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54438 *** Debian Security Advisory DSA-2737 swift *** --------------------------------------------- http://www.debian.org/security/2013/dsa-2737 *** IBM Advanced Management Module Cross-Site Scripting (XSS) *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080103 *** Ajax PHP Penny Auction 1.x 2.x multiple Vulnerabilities *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080104 *** Python SSL Module "subjectAltNames" NULL Byte Handling Security Issue *** --------------------------------------------- https://secunia.com/advisories/54393

1 0

Tageszusammenfassung - Montag 12-08-2013
by Daily end-of-shift report 12 Aug '13

12 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 09-08-2013 18:00 − Montag 12-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** BYOD Gives Vulnerable Devices Corporate Network Access *** --------------------------------------------- A research report on mobile security reveals that while BYOD policies may increase employee productivity, they also increase the number of vulnerable devices connecting to corporate networks. --------------------------------------------- http://threatpost.com/byod-gives-vulnerable-devices-corporate-network-acces… *** HP Switches? You may want to look at patching them. , (Fri, Aug 9th) *** --------------------------------------------- A little over a week ago HP (Thanks for the link Ugo) put out a fix for an unspecified vulnerability on, as far as I can see, pretty much every switch device they produce. Both their Procurve as well as the 3COM ranges. CVE-2013-2341 CVSS Score of 7.1 and CVE-2013-2340 CVSS Score of 10 The first one requiring authentication, the second one none and both are remotely exploitable. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16340&rss *** Admins warned: Drill SSL knowledge into your Chrome users *** --------------------------------------------- Google research finds whopping SSL click-through rates Admins of Chrome shops unite your users are dabbling with dodgy SSL, and you must teach them how to be safer online until Google updates its browser. --------------------------------------------- http://www.theregister.co.uk/2013/08/10/chrome_ssl_clickthrough_report/ *** Android bug batters Bitcoin wallets *** --------------------------------------------- subhead Users of Android Bitcoin apps have woken to the unpleasant news that an old pseudo random number generation bug has been exploited to steal balances from users wallets. --------------------------------------------- http://www.theregister.co.uk/2013/08/12/android_bug_batters_bitcoin_wallets/ *** Maltego Tungsten as a collaborative attack platform *** --------------------------------------------- Maltego has always been a strong favorite for pre-attack intelligence gathering - be that for social engineering, doxing or for infrastructure mapping. Indeed its earned its rightful place in the Kali Linux top 10 tools. --------------------------------------------- https://media.blackhat.com/us-13/US-13-Temmingh-Maltego-Tungsten-as-a-Colla… *** Newly launched managed `malware dropping´ service spotted in the wild *** --------------------------------------------- By Dancho Danchev Among the most common misconceptions about the way a novice cybercriminal would approach his potential victims has to do with the practice of having him looking for a `seed´ population to infect, so that he can then use the initially infected users as platform to scale his campaign. --------------------------------------------- http://blog.webroot.com/2013/08/12/newly-launched-managed-malware-dropping-… *** Blog: Visit from an old friend: Counter.php *** --------------------------------------------- Around one year ago I posted about what were the most common web attacks in Spain and how the malware was spread. It is time for an update! --------------------------------------------- http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php *** New Attack Leverages Mobile Ad Network to Deliver Android Malware *** --------------------------------------------- Ad networks have been a key component of the malware and cybercrime ecosystem for a long time and their role is becoming more and more complicated, as researchers from WhiteHat Security showed at Black Hat recently. That problem is now moving to the mobile Web, ... --------------------------------------------- http://threatpost.com/new-attack-leverages-mobile-ad-network-to-deliver-and… *** Sicherheitsupdate für HP-Drucker der LaserJet-Pro-Reihe *** --------------------------------------------- Hewlett Packard hat in zahlreichen seiner Laserdrucker eine Lücke geschlossen, durch die man ohne Authentifizierung an das Admin-Passwort kommt. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-HP-Drucker-der-… *** Simple Hack Threatens Outdated Joomla Sites *** --------------------------------------------- If you run a site powered by the Joomla content management system and havent yet applied a critical update for this software released less than two weeks ago, please take a moment to do that: A trivial exploit could let users inject malicious content into your site, turning it into a phishing or malware trap for visitors. --------------------------------------------- https://krebsonsecurity.com/2013/08/simple-hack-threatens-oudated-joomla-si… *** AnchorCMS 0.9.1 Stored XSS exploit *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080092 *** ReviewBoard XSS Vulnerabilities *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080093 *** Cacti Input Validation Flaw Lets Remote Users Inject SQL Commands *** --------------------------------------------- http://www.securitytracker.com/id/1028893 *** Siemens COMOS CVE-2013-4943 privilege escalation *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86330 *** Ruby on Rails Known Secret Session Cookie Remote Code Execution *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080098 *** HTCSyncManagerUpdate DLL Hijacking *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080095 *** Sybase EAServer XXE Injection *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080099

1 0

Tageszusammenfassung - Freitag 9-08-2013
by Daily end-of-shift report 09 Aug '13

09 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 08-08-2013 18:00 − Freitag 09-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Advance Notification Service for August 2013 Security Bulletin Release *** --------------------------------------------- Today we're providing advance notification for the release of eight bulletins, three Critical and five Important, for August 2013. The Critical updates address vulnerabilities in Microsoft Windows, Internet Explorer and Exchange. As usual, we've scheduled the bulletin release for the second Tuesday of the month, August 13, 2013, at approximately 10:00 a.m. PDT. Revisit this blog then for our analysis of the risk and impact, as well as our deployment guidance and a brief video --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/08/08/advance-notification-ser… *** One-stop-shop for spammers offers DKIM-verified SMTP servers, harvested email databases and training to potential customers *** --------------------------------------------- By Dancho Danchev In a series of blog posts, we've been highlighting the ease, automation, and sophistication of today's customer-ized managed spam 'solutions', setting up the foundations for a successful fraudulent or purely malicious spam campaign, like the ones we intercept and protect against on a daily basis. From bulletproof spam-friendly SMTP servers, to segmented... --------------------------------------------- http://blog.webroot.com/2013/08/08/one-stop-shop-for-spammers-offers-dkim-v… *** Breaking Down the China Chopper Web Shell - Part II *** --------------------------------------------- Part II in a two-part series. Read Part I. Introduction In Part I of this series, I described China Chopper's easy-to-use interface and advanced features - all the more remarkable considering the Web shell's tiny size: 73 bytes for the aspx version,... --------------------------------------------- http://www.fireeye.com/blog/technical/botnet-activities-research/2013/08/br… *** July 2013 Virus Activity Overview *** --------------------------------------------- August 5, 2013 As in previous months, in July, Doctor Webs technical support received hundreds of requests from users whose systems were compromised by various encoder Trojans. Those whose computers were infected with Trojan.Winlock malware turned to Doctor Web for assistance too. Also, incidents took place involving Trojans for Android being spread via Google Play: according to Doctor Webs analysts, from 10,000-25,000 mobile devices could be affected by these malicious applications. Viruses... --------------------------------------------- http://news.drweb.com/show/?i=3805&lng=en&c=9 *** Blog: Securing your Email space *** --------------------------------------------- Lavabit closes and Silent Circle announces closing its Silent Mail service. Which secure e-mail providers can be considered as alternative? --------------------------------------------- http://www.securelist.com/en/blog/9149/Securing_your_Email_space *** Joomla! redSHOP Component "pid" SQL Injection Vulnerability *** --------------------------------------------- Matias Fontanini has reported a vulnerability in the redSHOP component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. --------------------------------------------- https://secunia.com/advisories/54428 *** Symfony HOST HTTP Header Spoofing and Validation Bypass Vulnerabilities *** --------------------------------------------- A security issue and a vulnerability have been reported in Symfony, which can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54329 *** VLC Media Player ABC File Parsing Vulnerabilities *** --------------------------------------------- SCRT Information Security has discovered two vulnerabilities in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to a bundled vulnerable version of libmodplug. --------------------------------------------- https://secunia.com/advisories/54451 *** MyBB member.php open redirect *** --------------------------------------------- MyBB could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the member.php script. A remote attacker could exploit this vulnerability using the url parameter in a... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86312 *** Security Bulletin: Informix Open Admin Tool (OAT) cross-site scripting vulnerability (CVE-2013-0492) *** --------------------------------------------- An attacker can trick a user into inserting a mal-formed URL address into a browser or clicking on a mal-formed URL link and exploit a cross-site scripting vulnerability that can be used to gain unauthorized access or collect sensitive information. CVE(s): CVE-2013-0492 Affected product(s) and affected version(s): Informix Open Admin Tool (OAT) 3.11 and prior releases Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_inf…

1 0

Tageszusammenfassung - Donnerstag 8-08-2013
by Daily end-of-shift report 08 Aug '13

08 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 07-08-2013 18:00 − Donnerstag 08-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** The Reality of Browser-Based Botnets *** --------------------------------------------- The research on browser-based botnets presented during the recent Blackhat conference in Las Vegas touches on our previous study on the abuse of HTML5. Most importantly, it shows how a simple fake online ad can lead to formidable threats like a distributed denial of service (DDoS) attack. In their briefing, Jeremiah Grossman and Matt Johansen... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/uhrzSyFOloo/ *** "Hand of Thief" banking trojan doesn't do Windows - but it does Linux *** --------------------------------------------- Priced at $2,000, bank fraud malware has its own sales and support agents. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/RoJzDIPdCXI/story01… *** [papers] - Adventures in Automotive Networks and Control Units *** --------------------------------------------- Previous research has shown that it is possible for an attacker to get remote code execution on the electronic control units (ECU) in automotive vehicles via various interfaces such as the Bluetooth interface and the telematics unit. This paper aims to expand on the ideas of what such an attacker could do to influence the behavior of the vehicle after that type of attack. In particular, we demonstrate how on two different vehicles that in some circumstances we are able to control the steering, braking,... --------------------------------------------- http://www.exploit-db.com/download_pdf/27404 *** Cisco TelePresence System Default Credentials Vulnerability *** --------------------------------------------- A vulnerability in Cisco TelePresence System could allow a remote attacker to access the web server via a user account that is created with default credentials. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Vulnerabilities in Drupal Third Party Modules *** --------------------------------------------- https://drupal.org/node/2059589 https://drupal.org/node/2059599 https://drupal.org/node/2059603 https://drupal.org/node/2059765 https://drupal.org/node/2059823 *** Security Bulletin: IBM Platform Application Center (CVE-2013-4002) *** --------------------------------------------- A variant of the Apache Xerces-J XML parser (XML4J) shipped with IBM Platform Application Center is vulnerable to a denial of service attack that can be triggered by malformed XML data. CVE(s): CVE-2013-4002 Affected product(s) and affected version(s): IBM Platform Application Center V8.3 and V9.1 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=isg3T1019751 X-Force Database: --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** IBM Content Analytics with Enterprise Search Multiple Vulnerabilities *** --------------------------------------------- IBM has acknowledged a weakness and multiple vulnerabilities in IBM Content Analytics with Enterprise Search, which can be exploited by malicious people to disclose certain sensitive information, conduct cross-site scripting attacks, manipulate certain data, and cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/54460 *** Bugtraq: [security bulletin] HPSBHF02912 rev.1 - HP Networking Products including H3C and 3COM Routers and Switches, OSPF Remote Information Disclosure and Denial of Service *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Networking Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and denial of service. --------------------------------------------- http://www.securityfocus.com/archive/1/527859

1 0

Tageszusammenfassung - Mittwoch 7-08-2013
by Daily end-of-shift report 07 Aug '13

07 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 06-08-2013 18:00 − Mittwoch 07-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Stop! Yammer time: Microsoft blats biz babble account hijacking bug *** --------------------------------------------- You cant touch this other users logins, Miss Hacker Microsoft has fixed a potentially nasty set of authentication vulnerabilities involving Yammer, the "Facebook for business" enterprise collaboration and social networking platform. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/08/06/yammer_auth… *** Fort Disco Brute-Force Attack Campaign Targets CMS Websites *** --------------------------------------------- The Fort Disco botnet targets systems built on content management systems such as WordPress, using a brute-force password attack to control systems and install additional malware. --------------------------------------------- http://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms-we… *** Breaking Down the China Chopper Web Shell - Part I *** --------------------------------------------- Part I in a two-part series. China Chopper: The Little Malware That Could China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth. Other than a good blog post from security researcher... --------------------------------------------- http://www.fireeye.com/blog/technical/botnet-activities-research/2013/08/br… *** Bugtraq: [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity *** --------------------------------------------- The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system. --------------------------------------------- http://www.securityfocus.com/archive/1/527803 *** McAfee Superscan 4.0 Cross Site Scripting *** --------------------------------------------- Topic: McAfee Superscan 4.0 Cross Site Scripting Risk: Low Text:Trustwave SpiderLabs Security Advisory TWSL2013-024: Cross Site Scripting (XSS) vulnerability in McAfee Superscan 4.0 Publi... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080058 *** MyBB 1.6.10 url Parameter Arbitrary Site Redirection Vulnerability *** --------------------------------------------- Topic: MyBB 1.6.10 url Parameter Arbitrary Site Redirection Vulnerability Risk: Low Text:MyBB 1.6.10 url Parameter Arbitrary Site Redirection Vulnerability Vendor: MyBB Group Product web page: http://www.mybb... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080057 *** Atlassian Confluence 5.3 Cross Site Scripting *** --------------------------------------------- Topic: Atlassian Confluence 5.3 Cross Site Scripting Risk: Low Text:Atlassian Confluence, the Enterprise Wiki Reflected XSS Details Product: Atlassian Confluence ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080066 *** Atlassian JIRA 6.0.3 Cross Site Scripting *** --------------------------------------------- Topic: Atlassian JIRA 6.0.3 Cross Site Scripting Risk: Low Text: Atlassian JIRA v6.0.3 Arbitrary HTML/Script Execution Vulnerability Vendor: Atlassian Corporation Pty Ltd. Produc... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080065 *** Bugtraq: Attacking Google Accounts with weblogin: Tokens *** --------------------------------------------- For those who missed it, I would like to spread awareness about how conveniences built into the Google eco-system can allow an application, a physical user, or a forensics expert to access almost everything in your Google account. --------------------------------------------- http://www.securityfocus.com/archive/1/527810 *** National Instruments LabVIEW Path Traversal Flaw Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A vulnerability was reported in National Instruments LabVIEW. A remote user can execute arbitrary code on the target system. --------------------------------------------- http://www.securitytracker.com/id/1028889 *** Cacti SQL and Command Injection Vulnerabilities *** --------------------------------------------- Some vulnerabilities have been reported in Cacti, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54386 *** IBM Integrated Management Module IPMI default accounts *** --------------------------------------------- The Integrated Management Module (IMM) and Integrated Management Module II (IMM2) used by multiple IBM servers are preconfigured with one IPMI user account, which has the same default login name and password on all affected systems. If a malicious user gains access to the IPMI interface using this... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86172

1 0

Tageszusammenfassung - Dienstag 6-08-2013
by Daily end-of-shift report 06 Aug '13

06 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 05-08-2013 18:00 − Dienstag 06-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL 1.0.1c *** --------------------------------------------- OpenSSL versions before 1.0.1d do not follow best security practices and need to upgrade. On Linux (Intel or z/OS) platform, the components of Tivoli Management Framework 4.1.1 may include the files in OpenSSL which version is 1.0.1c or lower. CVE(s): CVE-2013-0169 CVE-2013-0166 CVE-2012-2686 Affected product(s) and affected version(s): Tivoli Management Framework 4.1.1 (Note: Tivoli Management Framework 4.3.1 does not have this issue.) Refer to the following reference URLs for... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tiv… *** MOXA WEAK ENTROPY IN DSA KEYS VULNERABILITY *** --------------------------------------------- OverviewResearcher Nadia Heninger of the University of California, San Diego, and researchers Zakir Durumeric, Eric Wustrow, and J. Alex Halderman of the University of Michigan identified an insufficient entropy vulnerability in Moxa’s OnCell Gateways. Moxa produced and released a firmware upgrade on April 3, 2013, that mitigates this vulnerability.This vulnerability could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-217-01 *** Samba smbd CPU Processing Loop Lets Remote Users Deny Service *** --------------------------------------------- A vulnerability was reported in Samba. A remote user can cause denial of service conditions. --------------------------------------------- http://www.securitytracker.com/id/1028882 *** IBM iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks and Integer Overflow Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- Several vulnerabilities were reported in IBM iNotes. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028884 *** Achtung: Anzeigen-Server OpenX enthält eine Hintertür *** --------------------------------------------- In den offiziellen Downloads vom OpenX-Server hat heise Security eine Hintertür gefunden, die offenbar seit fast einem Jahr vorhanden ist und bereits aktiv für Angriffe auf Anzeigen-Server genutzt wird. --------------------------------------------- http://www.heise.de/security/meldung/Achtung-Anzeigen-Server-OpenX-enthaelt… *** Huawei B153 3G/UMTS Router WPS Weakness *** --------------------------------------------- Topic: Huawei B153 3G/UMTS Router WPS Weakness Risk: High Text:Huawei B153 3G/UMTS router WPS weakness [ADVISORY INFORMATION] Title: Huawei B153 3G/UMTS router WPS weakne... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080046 *** How to Check if Your Website is Part of the StealRat Botnet *** --------------------------------------------- For a few months now, we have been actively monitoring a spambot named StealRat, which primarily uses compromised websites and systems in its operations. We have continuously monitored its operations and identified about 195,000 thousand domains and IPs that have been compromised. The common denominator among these compromised sites is that they are running vulnerable [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bWOEp0_bDhw/ *** Java-Forum.org: Datenbank-Dump aufgetaucht *** --------------------------------------------- Nach den Vorfällen der letzten Woche sind nun Teile eines Datenbank-Dumps des Java-Forums aufgetaucht. Da Nutzerdaten eventuell in Gefahr sind, wird Usern geraten, Accounts mit gleichen Passwörtern entsprechend zu ändern. --------------------------------------------- http://www.heise.de/security/meldung/Java-Forum-org-Datenbank-Dump-aufgetau… *** Atlassian Confluence Xwork OGNL Double Evaluation Security Bypass Vulnerability *** --------------------------------------------- A vulnerability has been reported in Atlassian Confluence, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54416 *** WordPress Xhanch - My Twitter Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- Charlie Eriksen has discovered a vulnerability in the Xhanch - My Twitter plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/53133 *** ownCloud Cross-Site Scripting and Security Bypass Vulnerabilities *** --------------------------------------------- Two vulnerabilities have been reported in ownCloud, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54357 *** 2Q Security Roundup: Mobile Flaws Form Lasting Security Problems *** --------------------------------------------- Threats on mobile platforms, devices, and applications have been swelling up over the past years; but this quarter, they have finally gone full throttle. Cybercriminals have found more sophisticated ways to bypass mobile security, and it’s not just through malicious applications anymore. Android Updates Lag, Users Suffer Critical Flaws Proof of the Android “Master Key” [...]Post from: Trendlabs Security Intelligence Blog - by Trend Micro2Q Security Roundup: Mobile Flaws Form --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/G6B7m5C3Pas/ *** Schneider Electric Vijeo Citect, CitectSCADA, PowerLogic SCADA Vulnerability *** --------------------------------------------- OverviewSchneider Electric has identified an XML external entity vulnerability in Vijeo Citect, CitectSCADA, and PowerLogic SCADA applications. Timur Yunusov, Alexey Osipov, and Ilya Karpov of Positive Technologies reported the vulnerability directly to Schneider Electric. Schneider Electric has produced patches that mitigate this vulnerability.Affected ProductsSchneider Electric reports that the vulnerability affects the following products:· Vijeo Citect Version 7.20 and all previous... --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02

1 0

Tageszusammenfassung - Montag 5-08-2013
by Daily end-of-shift report 05 Aug '13

05 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 02-08-2013 18:00 − Montag 05-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** DMARC: another step forward in the fight against phishing?, (Mon, Aug 5th) *** --------------------------------------------- I’m always searching to find facts and figures on the effectiveness of security measures on phishing attacks, which is harder that it would first seem. This is all is in aid of framing a picture to the boss on why to spend money, energy and resources on this most insidious and highly successful type of attack. That makes it very important to understand what happens towards your company, then you’re industry sector and, finally, how other non-related sectors are doing to create an --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16297&rss *** Samsung Smart TV: Basically a Linux Box Running Vulnerable Web Apps *** --------------------------------------------- chicksdaddy writes "Two researchers at the Black Hat Briefings security conference Thursday said Smart TVs from electronics giant Samsung are rife with vulnerabilities in the underlying operating system and Java-based applications. Those vulnerabilities could be used to steal sensitive information on the device owner, or even spy on the televisions surroundings using an integrated webcam. Speaking in Las Vegas, Aaron Grattafiori and Josh Yavor, both security engineers at the firm ISEC --------------------------------------------- http://entertainment.slashdot.org/story/13/08/03/2250247/samsung-smart-tv-b… *** Firefox Zero-Day Used in Child Porn Hunt? *** --------------------------------------------- A claimed zero-day vulnerability in Firefox 17 has some users of the latest Mozilla Firefox browser (Firefox 22) shrugging their shoulders. Indeed, for now it appears that this flaw is not a concern for regular, up-to-date Firefox end users. But several experts say the vulnerability was instead exposed and used in tandem with a recent U.S. law enforcement effort to discover the true Internet addresses of people believed to be browsing child porn sites via the Tor Browser -- an online anonymity --------------------------------------------- https://krebsonsecurity.com/2013/08/firefox-zero-day-used-in-child-porn-hun… *** Bad timing: New HTML5 trickery lets hackers silently spy on browsers *** --------------------------------------------- Sub-millisecond precision in your rendering engine. What could possibly go wrong? New time-measuring features in HTML5 can be exploited by malicious websites to illicitly peek at pages open on a victims browser, it is claimed.… --------------------------------------------- http://www.theregister.co.uk/2013/08/05/html5_timing_attacks/ *** Microsoft Security Advisory (2876146): Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure - Version: 1.0 *** --------------------------------------------- Microsoft is aware of a public report that describes a known weakness in the Wi-Fi authentication protocol known as PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2), used by Windows Phones for WPA2 wireless authentication. In vulnerable scenarios, an attacker who successfully exploited this issue could achieve information disclosure against the targeted device. --------------------------------------------- http://technet.microsoft.com/en-us/security/advisory/2876146 *** [2013-08-05] Vodafone EasyBox default WPS PIN algorithm weakness *** --------------------------------------------- The algorithm that generates the default WPS-PIN is entirely based on the MAC address (=BSSID) and serial number of the device. The serial number can be derived from the MAC address. An unauthenticated attacker within the range of the access point can capture the BSSID (eg. from 802.11 Beacon Frames) and calculate the default WPS PIN for it. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** rgpg gem for Ruby command execution *** --------------------------------------------- rgpg gem for Ruby could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation of input by GpgHelper module (lib/rgpg/gpg_helper.rb). An attacker could exploit this vulnerability to inject and execute arbitrary commands on the system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86148 *** HP LaserJet Pro Printer Bug Lets Remote Users Access Data *** --------------------------------------------- A vulnerability was reported in HP Printer. A remote user can obtain potentially sensitive information. --------------------------------------------- http://www.securitytracker.com/id/1028869 *** Bugtraq: FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities *** --------------------------------------------- The Vulnerability Laboratory Research Team discovered a command/path inject vulnerability in the FTP OnConnect v1.4.11 application (Apple iOS - iPad & iPhone). --------------------------------------------- http://www.securityfocus.com/archive/1/527760 *** Bugtraq: PuTTY SSH handshake heap overflow *** --------------------------------------------- PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication,... --------------------------------------------- http://www.securityfocus.com/archive/1/527763 *** Bugtraq: Joomla core <= 3.1.5 reflected XSS vulnerability *** --------------------------------------------- Joomla core package <= 3.1.5 includes a PHP script that suffers from reflected XSS vulnerability that allows to inject HTML and malicious scripts that can access any cookies, session tokens, or other... --------------------------------------------- http://www.securityfocus.com/archive/1/527765 *** IBM InfoSphere BigInsights Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in IBM InfoSphere BigInsights, which can be exploited by malicious people to conduct spoofing, cross-site scripting, and request forgery attacks. --------------------------------------------- https://secunia.com/advisories/54447 *** HPSBUX02909 SSRT101289 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS) *** --------------------------------------------- Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** TYPO3: Several vulnerabilities in extensions *** --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… *** phpMyAdmin Clickjacking Vulnerabilies *** --------------------------------------------- https://secunia.com/advisories/54381 https://secunia.com/advisories/54409

1 0

Tageszusammenfassung - Freitag 2-08-2013
by Daily end-of-shift report 02 Aug '13

02 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 01-08-2013 18:00 − Freitag 02-08-2013 17:12 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages *** --------------------------------------------- Exploit called BREACH bypasses the SSL crypto scheme protecting millions of sites. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/40ZrPMXUh8I/story01… *** Siemens Scalance W-7xx Product Family Multiple Vulnerabilities *** --------------------------------------------- OVERVIEWSiemens has identified multiple vulnerabilities in the Siemens Scalance W-7xx product family and reported them to ICS-CERT. A software update has been produced by Siemens that mitigates these vulnerabilities. Siemens has tested the software update to validate that it resolves the vulnerabilities. Exploitation of these vulnerabilities could allow a man-in-the-middle attack or the ability to gain complete control of the system.These vulnerabilities could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-213-01 *** OSPF LSA Manipulation Vulnerability in Multiple Cisco Products *** --------------------------------------------- OSPF LSA Manipulation Vulnerability in Multiple Cisco Products --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Apple to Fix 'Fake USB Charger' Flaw in iOS 7 *** --------------------------------------------- Apple claims it will fix a previous disclosed flaw in its mobile operating system that can allow hackers complete access to an iPhone or iPad via a fake USB charger. --------------------------------------------- http://threatpost.com/apple-to-fix-fake-usb-charger-flaw-in-ios-7/101554 *** Hot Knives Through Butter: Bypassing File-based Sandboxes *** --------------------------------------------- Diamonds are a girl's best friend. Prime numbers are a mathematician's best friend. And file-based sandboxes are an IT security researcher's best friend. Unfortunately, malware authors know this. Aware that researchers are using sandboxes to monitor file behavior, attackers are ... --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2013/08/hot-knives-t… *** Vuln: Drupal Google Authenticator Login Module Access Bypass Vulnerability *** --------------------------------------------- Drupal Google Authenticator Login Module Access Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/59884 *** vtiger CRM 5.4.0 PHP Code Injection *** --------------------------------------------- Topic: vtiger CRM 5.4.0 PHP Code Injection Risk: High Text: -- vtiger CRM <= 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080015 *** Vuln: Symantec Backup Exec CVE-2013-4575 Remote Heap Buffer Overflow Vulnerability *** --------------------------------------------- Symantec Backup Exec CVE-2013-4575 Remote Heap Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/61485 *** "Malware-infected hosts as stepping stones" service offers acccess to hundreds of compromised U.S based hosts *** --------------------------------------------- By Dancho Danchev Malware-infected hosts with clean IP reputation have always been a desirable underground market item. On the majority of occasions, they will either be abused as distribution/infection vector, used as cash cows, or as 'stepping stones', risk-forwarding the responsibility, and distorting the attribution process, as well as adding an additional OPSEC (Operational Security) layer --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/xpbJBn1gMZA/ *** Java Back Door Acts as Bot *** --------------------------------------------- The current threat landscape is often driven by web-based malware and exploit kits that are regularly updated with newly found vulnerabilities. Recently, we received an interesting malware binary's JAR package that opens a back door for an attacker to execute commands and acts as a bot after infection. This archive does not exploit any Java Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/java-back-door-acts-as-bot *** Black Hat: EFI-Toolkit zur Suche nach Bootkits *** --------------------------------------------- Sicherheitsforscher haben für die Abhärtung von UEFI ein Rootkit Detection Framework (RDFU) entwickelt. Um dessen Nutzen zu demonstrieren, setzten sie vorher ein Angriffsszenario mit einem Mac-Bootkit um. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-EFI-Toolkit-zur-Suche-nach-B… *** Black Hat: Zehntausende offene Webcams im Netz *** --------------------------------------------- In der Firmware zahlreicher Webcams lauern außerordentlich viele Bugs. Sie erlauben die volle Kontrolle von Cams der Hersteller D-Link, Cisco, Trendnet, IQInvision und 3SVision. Updates stehen bereit, werden aber offensichtlich nicht installiert. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-Zehntausende-offene-Webcams-… *** ISPmanager Multiple Vulnerabilities *** --------------------------------------------- ISPmanager Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54330

1 0

Tageszusammenfassung - Donnerstag 1-08-2013
by Daily end-of-shift report 01 Aug '13

01 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 31-07-2013 18:00 − Donnerstag 01-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Inside the Security Model of BlackBerry 10 *** --------------------------------------------- The new BlackBerry 10 operating system contains a number of security improvements and upgrades over earlier versions, but there are still some features and functions that an attacker may be able to exploit. --------------------------------------------- http://threatpost.com/inside-the-security-model-of-blackberry-10/101542 *** Malicious JavaScript flips ad network into rentable botnet *** --------------------------------------------- Enslaved machines helplessly press Apaches buttons Black Hat 2013 Security researchers have shown how hackers can use ad networks to create ephemeral, hard-to-trace botnets that can perform distributed-denial-of-service attacks at the click of a button. --------------------------------------------- http://www.theregister.co.uk/2013/07/31/whitehat_security_ad_networks_botne… *** Got an account on a site like Github? Hackers may know your e-mail address *** --------------------------------------------- Researcher de-anonymizes forum people posting extremist views. --------------------------------------------- http://arstechnica.com/security/2013/07/got-an-account-on-a-site-like-githu… *** Black Hat: TLS-Erweiterung schwächt Sicherheit der Verschlüsselung *** --------------------------------------------- Sicherheitsforscher Florent Daignière hat sich bei der Black Hat mit TLS-Extensions befasst, die Session Tickets vorsehen. Kann ein Angreifer Daten des Webservers abgreifen, lassen sich mitgeschnittene Verbindungen im Nachhinein entschlüsseln. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-TLS-Erweiterung-schwaecht-Si… *** Researchers reveal how to hack an iPhone in 60 seconds *** --------------------------------------------- Three Georgia Tech hackers have revealed how to hack iPhones and iPads with malware imitating ordinary apps in under sixty seconds using a "malicious charger." --------------------------------------------- http://www.zdnet.com/researchers-reveal-how-to-hack-an-iphone-in-60-seconds… *** Angriffe auf mit mTAN geschützte Konten *** --------------------------------------------- Die Banken bezeichnen das mTAN-Verfahren als sicher. Trotzdem gelingt es Kriminiellen, den Sicherheitsmechanismus zu umgehen. Der Aufwand ist hoch, die Beute aber groß. --------------------------------------------- http://www.heise.de/security/meldung/Angriffe-auf-mit-mTAN-geschuetzte-Kont… *** Teaching Old Malware New Tricks *** --------------------------------------------- Why Carberp, ZeuS, and Other Vintage Malware Have a Bigger Bite Than You Think (First in a three-part series) As a sales engineer working at FireEye, I spend my days running production pilots with prospects, discussing advanced persistent threats (APTs) --------------------------------------------- http://www.fireeye.com/blog/corporate/2013/08/teaching-old-malware-new-tric… *** Cisco WAAS Central Manager Remote Code Execution Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** GnuPG / Libgcrypt RSA Secret Key Disclosure Weakness *** --------------------------------------------- https://secunia.com/advisories/54373 *** VMware ESXi Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54339 *** TYPO3 Cross-Site Scripting and Arbitrary File Upload Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53529 *** Subversion 1.7.9 remote DoS vulnerability. *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080004 *** Subversion 1.6.21 arbitrary code execution *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080003 *** Vuln: Drupal Flippy Module Access Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/61546 *** Bugtraq: Open-Xchange Security Advisory 2013-07-31 *** --------------------------------------------- http://www.securityfocus.com/archive/1/527662 *** GnuPG / Libgcrypt RSA Secret Key Disclosure Weakness --------------------------------------------- https://secunia.com/advisories/54373

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily August 2013