Daily August 2013

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - Freitag 16-08-2013
by Daily end-of-shift report 16 Aug '13

16 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 14-08-2013 18:00 − Freitag 16-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Microsoft Starts Countdown on Eliminating MD5 *** --------------------------------------------- Microsoft has given customers six months to find MD5 installations and prepare for a February 2014 patch that will block the broken algorithm. --------------------------------------------- http://threatpost.com/microsoft-starts-countdown-on-eliminating-md5/101994 *** Microsoft Pulls Back Critical Exchange Server 2013 Patch *** --------------------------------------------- Microsoft has pulled back MS13-061, a critical patch released yesterday for Exchange Server 2013 because it breaks indexing on the messaging server. --------------------------------------------- http://threatpost.com/microsoft-pulls-back-critical-exchange-server-2013-pa… *** Hackers targeting servers running Apache Struts applications, researchers say *** --------------------------------------------- A tool for exploiting known Struts vulnerabilities is available on Chinese hacker forums, Trend Micro researchers said --------------------------------------------- http://www.csoonline.com/article/738134/hackers-targeting-servers-running-a… *** Androids Verschlüsselung angreifbar *** --------------------------------------------- Eine Schwachstelle in Androids Crypto-Bibliotheken betrifft möglicherweise hunderttausende Android-Anwendungen. Der Fehler sorgt für schwache Zufallszahlen und wurde von Kriminellen bereits für den Diebstahl von Bitcoins genutzt. --------------------------------------------- http://www.heise.de/security/meldung/Androids-Verschluesselung-angreifbar-1… *** Personalized Exploit Kit Targets Researchers *** --------------------------------------------- As documented time and again on this blog, cybercrooks are often sloppy or lazy enough to leave behind important clues about who and where they are. But from time to time, cheeky crooks will dream up a trap designed to look like theyre being sloppy when in fact theyre trying to trick security researchers into being sloppy and infecting their computers with malware. --------------------------------------------- https://krebsonsecurity.com/2013/08/personalized-exploit-kit-targets-resear… *** Verbreitung von Android-Malware nimmt deutlich zu, aber ... *** --------------------------------------------- Die Antivirenfirma Kaspersky hat im zweiten Quartal dieses Jahren doppelt so viele neue Android-Schädlinge gesichtet wie im gleichen Quartal des Vorjahres. Anlass zur Panik ist das allerdings nicht. --------------------------------------------- http://www.heise.de/security/meldung/Verbreitung-von-Android-Malware-nimmt-… *** Targeted Attacks Delivering Fruit *** --------------------------------------------- Political news has always been one of the top topics used in targeted attacks. Last week we came across unique malicious emails targeting high-profile companies in Europe and Asia (in sectors such as finance, mining, telecom, and government). The payload is an updated version of a Java remote access tool (RAT) detected as Backdoor.Opsiness, also known as Frutas RAT. --------------------------------------------- http://www.symantec.com/connect/blogs/targeted-attacks-delivering-fruit *** Researchers figure out how to hack tens of thousands of servers *** --------------------------------------------- Security researchers at the University of Michigan have found a potentially devastating security vulnerability that afflicts at least 40,000 servers on the Internet. The researchers say the flaw could allow hackers to compromise certain servers manufactured by Supermicro from anywhere on the Internet. Tens of thousands of servers produced by other vendors could also be at risk. --------------------------------------------- http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/14/researchers-fi… *** Hintergrund: Remote-Shell für die SD-Karte *** --------------------------------------------- Kaum etwas ist zu klein, um gehackt zu werden: Einem Blogger ist es gelungen, Root-Zugriff auf das Embedded-System einer WLAN-fähigen Speicherkarte zu erlangen. --------------------------------------------- http://www.heise.de/security/artikel/Remote-Shell-fuer-die-SD-Karte-1933994… *** Drupal Entity API Module Two Security Bypass Security Issues *** --------------------------------------------- https://secunia.com/advisories/54481 *** Vuln: Dovecot LIST Command Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/61763 *** Drupal 7.22 / 6.28 Cross Site Scripting *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080126 *** Joomla Media Manager File Upload Vulnerability *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080120 *** TYPO3 File Upload Flaw Lets Remote Authenticated Users Execute Arbitrary PHP Code *** --------------------------------------------- http://www.securitytracker.com/id/1028919 *** Bugtraq: Open-Xchange Security Advisory 2013-08-16 *** --------------------------------------------- http://www.securityfocus.com/archive/1/528046 *** Bugtraq: Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified unauthenticated remote access *** --------------------------------------------- http://www.securityfocus.com/archive/1/528045 *** Puppet "resource_type" Service Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54564

1 0

Tageszusammenfassung - Mittwoch 14-08-2013
by Daily end-of-shift report 14 Aug '13

14 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 13-08-2013 18:00 − Mittwoch 14-08-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Start isolating critical XP systems now, experts warn *** --------------------------------------------- Lack of updates after April 8, 2014 adds security complications for companies, retailers running specialty software dependent on XP --------------------------------------------- http://www.csoonline.com/article/738085/start-isolating-critical-xp-systems… *** Security Bulletin: Tivoli Workload Scheduler Distributed and Tivoli Workload Scheduler for Applications Openssl Multiple Vulnerabilities *** --------------------------------------------- OpenSSL versions prior to 1.0.0 do not follow best security practices and need to upgrade. CVE(s): CVE-2013-0169 CVE-2013-0166 CVE-2012-2686 CVE-2012-2131 CVE-2012-2110 CVE-2012-0884 CVE-2012-0050 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2011-3210 CVE-2011-0014 CVE-2010-3864 Affected product(s) and affected version(s): Tivoli --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tiv… *** Python SSL module NULL bytes spoofing *** --------------------------------------------- Python SSL module NULL bytes spoofing --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86383 *** BIND Vulnerablilty Enables DNS Cache Poisoning Attack *** --------------------------------------------- A vulnerability in the BIND domain name system (DNS) software could give an attacker the ability to easily and reliably control queried name servers chosen by the most widely deployed DNS software on the Internet, according to new research presented at the Woot Conference in Washington D.C. today. --------------------------------------------- http://threatpost.com/bind-vulnerablilty-enables-dns-cache-poisoning-attack… *** Apache Struts2 2.3.15 OGNL Injection *** --------------------------------------------- Topic: Apache Struts2 2.3.15 OGNL Injection Risk: Medium Text:CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Softw... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080115 *** DotNetNuke (DNN) Cross-Site Scripting Vulnerability *** --------------------------------------------- Topic: DotNetNuke (DNN) Cross-Site Scripting Vulnerability Risk: Low Text:Title: DotNetNuke (DNN) Cross-Site Scripting Vulnerability References: CVE-2013-4649 Discovered by: Sajjad Pourali , Nasser S... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080113 *** Vuln: TYPO3 Static Methods since 2007 Extension Unspecified Cross Site Scripting Vulnerability *** --------------------------------------------- TYPO3 Static Methods since 2007 Extension Unspecified Cross Site Scripting Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/57288 *** Lücke gestopft *** --------------------------------------------- Endlich gibt es ein Sicherheitsupdate für die Steuerungsanlagen von Saia-Burgess und ihre Lücke. --------------------------------------------- http://www.heise.de/newsticker/meldung/Kritisches-Sicherheitsupdate-fuer-20… *** Summary for August 2013 - Version: 1.0 *** --------------------------------------------- This bulletin summary lists security bulletins released for August 2013. --------------------------------------------- http://technet.microsoft.com/en-gb/security/bulletin/ms13-aug *** Die August-Patches *** --------------------------------------------- Microsoft hat acht Patch-Pakete herausgegeben, die nun insgesamt 23 Lücken schließen sollen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Microsofts-August-Patches-und-die-Ru… *** Bugtraq: Subverting BINDs SRTT Algorithm: Derandomizing NS Selection *** --------------------------------------------- Subverting BINDs SRTT Algorithm: Derandomizing NS Selection --------------------------------------------- http://www.securityfocus.com/archive/1/528013 *** Chinese Underground Creates Tool Exploiting Apache Struts Vulnerability *** --------------------------------------------- About a month ago, the Apache Software Foundation released Struts 2.3.15.1, an update to the popular Java Web application development framework. The patch was released because vulnerabilities in older versions of Struts could allow attackers to run arbitrary code on vulnerable servers. Since then, we've found that hackers in the Chinese underground have created an [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroChinese Underground Creates Tool Exploiting Apache --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/LkrHQVJNU9U/ *** OSIsoft PI Interface for IEEE C37.118 Configuration Packets Processing Denial of Service Vulnerability *** --------------------------------------------- OSIsoft PI Interface for IEEE C37.118 Configuration Packets Processing Denial of Service Vulnerability --------------------------------------------- https://secunia.com/advisories/54498 *** .GOV zones may not resolve due to DNSSEC problems., (Wed, Aug 14th) *** --------------------------------------------- Currently, many users are reporting that .gov domain names (e.g. fbi.gov) will not resolve. The problem appears to be related to an error in the DNSSEC configuration of the .gov zone. According to a quick check with dnsviz.net, it appears that there is no DS record for the current .gov ZSK deposited with the root zone. (excerpt from: http://dnsviz.net/d/fbi.gov/dnssec/) DNSSEC relies on two types of keys each zone uses: - A "key signing key" (KSK) and - A "zone signing --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16367&rss *** cPanel Multiple Vulnerabilities *** --------------------------------------------- cPanel Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54455

1 0

Tageszusammenfassung - Dienstag 13-08-2013
by Daily end-of-shift report 13 Aug '13

13 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 12-08-2013 18:00 − Dienstag 13-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** Blaster - 3654 Days Later *** --------------------------------------------- Yesterday was Blasters 10th anniversary. Do you remember where you were on August 11, 2003? Numerous organizations, including several banks and airlines, suffered serious disruptions because of Blaster which caused affected computers to reboot continuously. Can you imagine the difficulties that would cause today? --------------------------------------------- http://www.f-secure.com/weblog/archives/00002587.html *** Cybercrime-friendly underground traffic exchange helps facilitate fraudulent and malicious activity *** --------------------------------------------- By Dancho Danchev Throughout the last couple of years, the persistent demand for geolocated traffic coming from both legitimate traffic exchanges or purely malicious ones - think traffic acquisition through illegally embedded iFrames - has been contributing to the growing market segment where traffic is bought, sold and re-sold, ... --------------------------------------------- http://blog.webroot.com/2013/08/13/cybercrime-friendly-underground-traffic-… *** Attackers Toolbox Makes Malware Detection More Difficult *** --------------------------------------------- Sometimes the simplest techniques can foil the complex systems created by security firms and large enterprises to detect malicious programs and files. Putting malware to sleep, waiting for a user to click, or looking for the hallmarks of a virtual machine can set off warning bells and cause a malicious program to cease running, making analysis difficult at best. --------------------------------------------- http://www.darkreading.com/monitoring/attackers-toolbox-makes-malware-detec… *** Researchers demonstrate how IPv6 can easily be used to perform MitM attacks *** --------------------------------------------- Many devices simply waiting for router advertisements, good or evil. When early last year I was doing research for an article on IPv6 and security, I was surprised to learn how easy it was to set up an IPv6 tunnel into an IPv4-only environment. --------------------------------------------- http://www.virusbtn.com/blog/2013/08_12.xml *** Joomla Patches Zero Day Targeting EMEA Banks *** --------------------------------------------- Content management system Joomla patched a zero-day vulnerability that allowed attackers to upload malicious code that led victims to the Blackhole exploit kit. --------------------------------------------- http://threatpost.com/joomla-patches-zero-day-targeting-emea-banks/101976 *** WordPress All-in-One Event Calendar Plugin Script Insertion and SQL Injection Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54038 *** HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080109 *** IBM HTTP Server mod_rewrite Arbitrary Command Execution Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54497 *** Juniper Network and Security Manager Apache Axis2 Security Issue and Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54454 *** Dovecot POP3 "LIST" Command Handling Denial of Service Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54438 *** Debian Security Advisory DSA-2737 swift *** --------------------------------------------- http://www.debian.org/security/2013/dsa-2737 *** IBM Advanced Management Module Cross-Site Scripting (XSS) *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080103 *** Ajax PHP Penny Auction 1.x 2.x multiple Vulnerabilities *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080104 *** Python SSL Module "subjectAltNames" NULL Byte Handling Security Issue *** --------------------------------------------- https://secunia.com/advisories/54393

1 0

Tageszusammenfassung - Montag 12-08-2013
by Daily end-of-shift report 12 Aug '13

12 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 09-08-2013 18:00 − Montag 12-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a *** BYOD Gives Vulnerable Devices Corporate Network Access *** --------------------------------------------- A research report on mobile security reveals that while BYOD policies may increase employee productivity, they also increase the number of vulnerable devices connecting to corporate networks. --------------------------------------------- http://threatpost.com/byod-gives-vulnerable-devices-corporate-network-acces… *** HP Switches? You may want to look at patching them. , (Fri, Aug 9th) *** --------------------------------------------- A little over a week ago HP (Thanks for the link Ugo) put out a fix for an unspecified vulnerability on, as far as I can see, pretty much every switch device they produce. Both their Procurve as well as the 3COM ranges. CVE-2013-2341 CVSS Score of 7.1 and CVE-2013-2340 CVSS Score of 10 The first one requiring authentication, the second one none and both are remotely exploitable. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16340&rss *** Admins warned: Drill SSL knowledge into your Chrome users *** --------------------------------------------- Google research finds whopping SSL click-through rates Admins of Chrome shops unite your users are dabbling with dodgy SSL, and you must teach them how to be safer online until Google updates its browser. --------------------------------------------- http://www.theregister.co.uk/2013/08/10/chrome_ssl_clickthrough_report/ *** Android bug batters Bitcoin wallets *** --------------------------------------------- subhead Users of Android Bitcoin apps have woken to the unpleasant news that an old pseudo random number generation bug has been exploited to steal balances from users wallets. --------------------------------------------- http://www.theregister.co.uk/2013/08/12/android_bug_batters_bitcoin_wallets/ *** Maltego Tungsten as a collaborative attack platform *** --------------------------------------------- Maltego has always been a strong favorite for pre-attack intelligence gathering - be that for social engineering, doxing or for infrastructure mapping. Indeed its earned its rightful place in the Kali Linux top 10 tools. --------------------------------------------- https://media.blackhat.com/us-13/US-13-Temmingh-Maltego-Tungsten-as-a-Colla… *** Newly launched managed `malware dropping´ service spotted in the wild *** --------------------------------------------- By Dancho Danchev Among the most common misconceptions about the way a novice cybercriminal would approach his potential victims has to do with the practice of having him looking for a `seed´ population to infect, so that he can then use the initially infected users as platform to scale his campaign. --------------------------------------------- http://blog.webroot.com/2013/08/12/newly-launched-managed-malware-dropping-… *** Blog: Visit from an old friend: Counter.php *** --------------------------------------------- Around one year ago I posted about what were the most common web attacks in Spain and how the malware was spread. It is time for an update! --------------------------------------------- http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php *** New Attack Leverages Mobile Ad Network to Deliver Android Malware *** --------------------------------------------- Ad networks have been a key component of the malware and cybercrime ecosystem for a long time and their role is becoming more and more complicated, as researchers from WhiteHat Security showed at Black Hat recently. That problem is now moving to the mobile Web, ... --------------------------------------------- http://threatpost.com/new-attack-leverages-mobile-ad-network-to-deliver-and… *** Sicherheitsupdate für HP-Drucker der LaserJet-Pro-Reihe *** --------------------------------------------- Hewlett Packard hat in zahlreichen seiner Laserdrucker eine Lücke geschlossen, durch die man ohne Authentifizierung an das Admin-Passwort kommt. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-HP-Drucker-der-… *** Simple Hack Threatens Outdated Joomla Sites *** --------------------------------------------- If you run a site powered by the Joomla content management system and havent yet applied a critical update for this software released less than two weeks ago, please take a moment to do that: A trivial exploit could let users inject malicious content into your site, turning it into a phishing or malware trap for visitors. --------------------------------------------- https://krebsonsecurity.com/2013/08/simple-hack-threatens-oudated-joomla-si… *** AnchorCMS 0.9.1 Stored XSS exploit *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080092 *** ReviewBoard XSS Vulnerabilities *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080093 *** Cacti Input Validation Flaw Lets Remote Users Inject SQL Commands *** --------------------------------------------- http://www.securitytracker.com/id/1028893 *** Siemens COMOS CVE-2013-4943 privilege escalation *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86330 *** Ruby on Rails Known Secret Session Cookie Remote Code Execution *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080098 *** HTCSyncManagerUpdate DLL Hijacking *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080095 *** Sybase EAServer XXE Injection *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080099

1 0

Tageszusammenfassung - Freitag 9-08-2013
by Daily end-of-shift report 09 Aug '13

09 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 08-08-2013 18:00 − Freitag 09-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Advance Notification Service for August 2013 Security Bulletin Release *** --------------------------------------------- Today we're providing advance notification for the release of eight bulletins, three Critical and five Important, for August 2013. The Critical updates address vulnerabilities in Microsoft Windows, Internet Explorer and Exchange. As usual, we've scheduled the bulletin release for the second Tuesday of the month, August 13, 2013, at approximately 10:00 a.m. PDT. Revisit this blog then for our analysis of the risk and impact, as well as our deployment guidance and a brief video --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/08/08/advance-notification-ser… *** One-stop-shop for spammers offers DKIM-verified SMTP servers, harvested email databases and training to potential customers *** --------------------------------------------- By Dancho Danchev In a series of blog posts, we've been highlighting the ease, automation, and sophistication of today's customer-ized managed spam 'solutions', setting up the foundations for a successful fraudulent or purely malicious spam campaign, like the ones we intercept and protect against on a daily basis. From bulletproof spam-friendly SMTP servers, to segmented... --------------------------------------------- http://blog.webroot.com/2013/08/08/one-stop-shop-for-spammers-offers-dkim-v… *** Breaking Down the China Chopper Web Shell - Part II *** --------------------------------------------- Part II in a two-part series. Read Part I. Introduction In Part I of this series, I described China Chopper's easy-to-use interface and advanced features - all the more remarkable considering the Web shell's tiny size: 73 bytes for the aspx version,... --------------------------------------------- http://www.fireeye.com/blog/technical/botnet-activities-research/2013/08/br… *** July 2013 Virus Activity Overview *** --------------------------------------------- August 5, 2013 As in previous months, in July, Doctor Webs technical support received hundreds of requests from users whose systems were compromised by various encoder Trojans. Those whose computers were infected with Trojan.Winlock malware turned to Doctor Web for assistance too. Also, incidents took place involving Trojans for Android being spread via Google Play: according to Doctor Webs analysts, from 10,000-25,000 mobile devices could be affected by these malicious applications. Viruses... --------------------------------------------- http://news.drweb.com/show/?i=3805&lng=en&c=9 *** Blog: Securing your Email space *** --------------------------------------------- Lavabit closes and Silent Circle announces closing its Silent Mail service. Which secure e-mail providers can be considered as alternative? --------------------------------------------- http://www.securelist.com/en/blog/9149/Securing_your_Email_space *** Joomla! redSHOP Component "pid" SQL Injection Vulnerability *** --------------------------------------------- Matias Fontanini has reported a vulnerability in the redSHOP component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. --------------------------------------------- https://secunia.com/advisories/54428 *** Symfony HOST HTTP Header Spoofing and Validation Bypass Vulnerabilities *** --------------------------------------------- A security issue and a vulnerability have been reported in Symfony, which can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54329 *** VLC Media Player ABC File Parsing Vulnerabilities *** --------------------------------------------- SCRT Information Security has discovered two vulnerabilities in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to a bundled vulnerable version of libmodplug. --------------------------------------------- https://secunia.com/advisories/54451 *** MyBB member.php open redirect *** --------------------------------------------- MyBB could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the member.php script. A remote attacker could exploit this vulnerability using the url parameter in a... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86312 *** Security Bulletin: Informix Open Admin Tool (OAT) cross-site scripting vulnerability (CVE-2013-0492) *** --------------------------------------------- An attacker can trick a user into inserting a mal-formed URL address into a browser or clicking on a mal-formed URL link and exploit a cross-site scripting vulnerability that can be used to gain unauthorized access or collect sensitive information. CVE(s): CVE-2013-0492 Affected product(s) and affected version(s): Informix Open Admin Tool (OAT) 3.11 and prior releases Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_inf…

1 0

Tageszusammenfassung - Donnerstag 8-08-2013
by Daily end-of-shift report 08 Aug '13

08 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 07-08-2013 18:00 − Donnerstag 08-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** The Reality of Browser-Based Botnets *** --------------------------------------------- The research on browser-based botnets presented during the recent Blackhat conference in Las Vegas touches on our previous study on the abuse of HTML5. Most importantly, it shows how a simple fake online ad can lead to formidable threats like a distributed denial of service (DDoS) attack. In their briefing, Jeremiah Grossman and Matt Johansen... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/uhrzSyFOloo/ *** "Hand of Thief" banking trojan doesn't do Windows - but it does Linux *** --------------------------------------------- Priced at $2,000, bank fraud malware has its own sales and support agents. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/RoJzDIPdCXI/story01… *** [papers] - Adventures in Automotive Networks and Control Units *** --------------------------------------------- Previous research has shown that it is possible for an attacker to get remote code execution on the electronic control units (ECU) in automotive vehicles via various interfaces such as the Bluetooth interface and the telematics unit. This paper aims to expand on the ideas of what such an attacker could do to influence the behavior of the vehicle after that type of attack. In particular, we demonstrate how on two different vehicles that in some circumstances we are able to control the steering, braking,... --------------------------------------------- http://www.exploit-db.com/download_pdf/27404 *** Cisco TelePresence System Default Credentials Vulnerability *** --------------------------------------------- A vulnerability in Cisco TelePresence System could allow a remote attacker to access the web server via a user account that is created with default credentials. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Vulnerabilities in Drupal Third Party Modules *** --------------------------------------------- https://drupal.org/node/2059589 https://drupal.org/node/2059599 https://drupal.org/node/2059603 https://drupal.org/node/2059765 https://drupal.org/node/2059823 *** Security Bulletin: IBM Platform Application Center (CVE-2013-4002) *** --------------------------------------------- A variant of the Apache Xerces-J XML parser (XML4J) shipped with IBM Platform Application Center is vulnerable to a denial of service attack that can be triggered by malformed XML data. CVE(s): CVE-2013-4002 Affected product(s) and affected version(s): IBM Platform Application Center V8.3 and V9.1 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=isg3T1019751 X-Force Database: --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** IBM Content Analytics with Enterprise Search Multiple Vulnerabilities *** --------------------------------------------- IBM has acknowledged a weakness and multiple vulnerabilities in IBM Content Analytics with Enterprise Search, which can be exploited by malicious people to disclose certain sensitive information, conduct cross-site scripting attacks, manipulate certain data, and cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/54460 *** Bugtraq: [security bulletin] HPSBHF02912 rev.1 - HP Networking Products including H3C and 3COM Routers and Switches, OSPF Remote Information Disclosure and Denial of Service *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Networking Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and denial of service. --------------------------------------------- http://www.securityfocus.com/archive/1/527859

1 0

Tageszusammenfassung - Mittwoch 7-08-2013
by Daily end-of-shift report 07 Aug '13

07 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 06-08-2013 18:00 − Mittwoch 07-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Stop! Yammer time: Microsoft blats biz babble account hijacking bug *** --------------------------------------------- You cant touch this other users logins, Miss Hacker Microsoft has fixed a potentially nasty set of authentication vulnerabilities involving Yammer, the "Facebook for business" enterprise collaboration and social networking platform. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/08/06/yammer_auth… *** Fort Disco Brute-Force Attack Campaign Targets CMS Websites *** --------------------------------------------- The Fort Disco botnet targets systems built on content management systems such as WordPress, using a brute-force password attack to control systems and install additional malware. --------------------------------------------- http://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms-we… *** Breaking Down the China Chopper Web Shell - Part I *** --------------------------------------------- Part I in a two-part series. China Chopper: The Little Malware That Could China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth. Other than a good blog post from security researcher... --------------------------------------------- http://www.fireeye.com/blog/technical/botnet-activities-research/2013/08/br… *** Bugtraq: [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity *** --------------------------------------------- The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system. --------------------------------------------- http://www.securityfocus.com/archive/1/527803 *** McAfee Superscan 4.0 Cross Site Scripting *** --------------------------------------------- Topic: McAfee Superscan 4.0 Cross Site Scripting Risk: Low Text:Trustwave SpiderLabs Security Advisory TWSL2013-024: Cross Site Scripting (XSS) vulnerability in McAfee Superscan 4.0 Publi... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080058 *** MyBB 1.6.10 url Parameter Arbitrary Site Redirection Vulnerability *** --------------------------------------------- Topic: MyBB 1.6.10 url Parameter Arbitrary Site Redirection Vulnerability Risk: Low Text:MyBB 1.6.10 url Parameter Arbitrary Site Redirection Vulnerability Vendor: MyBB Group Product web page: http://www.mybb... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080057 *** Atlassian Confluence 5.3 Cross Site Scripting *** --------------------------------------------- Topic: Atlassian Confluence 5.3 Cross Site Scripting Risk: Low Text:Atlassian Confluence, the Enterprise Wiki Reflected XSS Details Product: Atlassian Confluence ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080066 *** Atlassian JIRA 6.0.3 Cross Site Scripting *** --------------------------------------------- Topic: Atlassian JIRA 6.0.3 Cross Site Scripting Risk: Low Text: Atlassian JIRA v6.0.3 Arbitrary HTML/Script Execution Vulnerability Vendor: Atlassian Corporation Pty Ltd. Produc... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080065 *** Bugtraq: Attacking Google Accounts with weblogin: Tokens *** --------------------------------------------- For those who missed it, I would like to spread awareness about how conveniences built into the Google eco-system can allow an application, a physical user, or a forensics expert to access almost everything in your Google account. --------------------------------------------- http://www.securityfocus.com/archive/1/527810 *** National Instruments LabVIEW Path Traversal Flaw Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- A vulnerability was reported in National Instruments LabVIEW. A remote user can execute arbitrary code on the target system. --------------------------------------------- http://www.securitytracker.com/id/1028889 *** Cacti SQL and Command Injection Vulnerabilities *** --------------------------------------------- Some vulnerabilities have been reported in Cacti, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54386 *** IBM Integrated Management Module IPMI default accounts *** --------------------------------------------- The Integrated Management Module (IMM) and Integrated Management Module II (IMM2) used by multiple IBM servers are preconfigured with one IPMI user account, which has the same default login name and password on all affected systems. If a malicious user gains access to the IPMI interface using this... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86172

1 0

Tageszusammenfassung - Dienstag 6-08-2013
by Daily end-of-shift report 06 Aug '13

06 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 05-08-2013 18:00 − Dienstag 06-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL 1.0.1c *** --------------------------------------------- OpenSSL versions before 1.0.1d do not follow best security practices and need to upgrade. On Linux (Intel or z/OS) platform, the components of Tivoli Management Framework 4.1.1 may include the files in OpenSSL which version is 1.0.1c or lower. CVE(s): CVE-2013-0169 CVE-2013-0166 CVE-2012-2686 Affected product(s) and affected version(s): Tivoli Management Framework 4.1.1 (Note: Tivoli Management Framework 4.3.1 does not have this issue.) Refer to the following reference URLs for... --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tiv… *** MOXA WEAK ENTROPY IN DSA KEYS VULNERABILITY *** --------------------------------------------- OverviewResearcher Nadia Heninger of the University of California, San Diego, and researchers Zakir Durumeric, Eric Wustrow, and J. Alex Halderman of the University of Michigan identified an insufficient entropy vulnerability in Moxa’s OnCell Gateways. Moxa produced and released a firmware upgrade on April 3, 2013, that mitigates this vulnerability.This vulnerability could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-217-01 *** Samba smbd CPU Processing Loop Lets Remote Users Deny Service *** --------------------------------------------- A vulnerability was reported in Samba. A remote user can cause denial of service conditions. --------------------------------------------- http://www.securitytracker.com/id/1028882 *** IBM iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks and Integer Overflow Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- Several vulnerabilities were reported in IBM iNotes. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. --------------------------------------------- http://www.securitytracker.com/id/1028884 *** Achtung: Anzeigen-Server OpenX enthält eine Hintertür *** --------------------------------------------- In den offiziellen Downloads vom OpenX-Server hat heise Security eine Hintertür gefunden, die offenbar seit fast einem Jahr vorhanden ist und bereits aktiv für Angriffe auf Anzeigen-Server genutzt wird. --------------------------------------------- http://www.heise.de/security/meldung/Achtung-Anzeigen-Server-OpenX-enthaelt… *** Huawei B153 3G/UMTS Router WPS Weakness *** --------------------------------------------- Topic: Huawei B153 3G/UMTS Router WPS Weakness Risk: High Text:Huawei B153 3G/UMTS router WPS weakness [ADVISORY INFORMATION] Title: Huawei B153 3G/UMTS router WPS weakne... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080046 *** How to Check if Your Website is Part of the StealRat Botnet *** --------------------------------------------- For a few months now, we have been actively monitoring a spambot named StealRat, which primarily uses compromised websites and systems in its operations. We have continuously monitored its operations and identified about 195,000 thousand domains and IPs that have been compromised. The common denominator among these compromised sites is that they are running vulnerable [...] --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bWOEp0_bDhw/ *** Java-Forum.org: Datenbank-Dump aufgetaucht *** --------------------------------------------- Nach den Vorfällen der letzten Woche sind nun Teile eines Datenbank-Dumps des Java-Forums aufgetaucht. Da Nutzerdaten eventuell in Gefahr sind, wird Usern geraten, Accounts mit gleichen Passwörtern entsprechend zu ändern. --------------------------------------------- http://www.heise.de/security/meldung/Java-Forum-org-Datenbank-Dump-aufgetau… *** Atlassian Confluence Xwork OGNL Double Evaluation Security Bypass Vulnerability *** --------------------------------------------- A vulnerability has been reported in Atlassian Confluence, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54416 *** WordPress Xhanch - My Twitter Plugin Cross-Site Request Forgery Vulnerability *** --------------------------------------------- Charlie Eriksen has discovered a vulnerability in the Xhanch - My Twitter plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/53133 *** ownCloud Cross-Site Scripting and Security Bypass Vulnerabilities *** --------------------------------------------- Two vulnerabilities have been reported in ownCloud, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54357 *** 2Q Security Roundup: Mobile Flaws Form Lasting Security Problems *** --------------------------------------------- Threats on mobile platforms, devices, and applications have been swelling up over the past years; but this quarter, they have finally gone full throttle. Cybercriminals have found more sophisticated ways to bypass mobile security, and it’s not just through malicious applications anymore. Android Updates Lag, Users Suffer Critical Flaws Proof of the Android “Master Key” [...]Post from: Trendlabs Security Intelligence Blog - by Trend Micro2Q Security Roundup: Mobile Flaws Form --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/G6B7m5C3Pas/ *** Schneider Electric Vijeo Citect, CitectSCADA, PowerLogic SCADA Vulnerability *** --------------------------------------------- OverviewSchneider Electric has identified an XML external entity vulnerability in Vijeo Citect, CitectSCADA, and PowerLogic SCADA applications. Timur Yunusov, Alexey Osipov, and Ilya Karpov of Positive Technologies reported the vulnerability directly to Schneider Electric. Schneider Electric has produced patches that mitigate this vulnerability.Affected ProductsSchneider Electric reports that the vulnerability affects the following products:· Vijeo Citect Version 7.20 and all previous... --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02

1 0

Tageszusammenfassung - Montag 5-08-2013
by Daily end-of-shift report 05 Aug '13

05 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 02-08-2013 18:00 − Montag 05-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** DMARC: another step forward in the fight against phishing?, (Mon, Aug 5th) *** --------------------------------------------- I’m always searching to find facts and figures on the effectiveness of security measures on phishing attacks, which is harder that it would first seem. This is all is in aid of framing a picture to the boss on why to spend money, energy and resources on this most insidious and highly successful type of attack. That makes it very important to understand what happens towards your company, then you’re industry sector and, finally, how other non-related sectors are doing to create an --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16297&rss *** Samsung Smart TV: Basically a Linux Box Running Vulnerable Web Apps *** --------------------------------------------- chicksdaddy writes "Two researchers at the Black Hat Briefings security conference Thursday said Smart TVs from electronics giant Samsung are rife with vulnerabilities in the underlying operating system and Java-based applications. Those vulnerabilities could be used to steal sensitive information on the device owner, or even spy on the televisions surroundings using an integrated webcam. Speaking in Las Vegas, Aaron Grattafiori and Josh Yavor, both security engineers at the firm ISEC --------------------------------------------- http://entertainment.slashdot.org/story/13/08/03/2250247/samsung-smart-tv-b… *** Firefox Zero-Day Used in Child Porn Hunt? *** --------------------------------------------- A claimed zero-day vulnerability in Firefox 17 has some users of the latest Mozilla Firefox browser (Firefox 22) shrugging their shoulders. Indeed, for now it appears that this flaw is not a concern for regular, up-to-date Firefox end users. But several experts say the vulnerability was instead exposed and used in tandem with a recent U.S. law enforcement effort to discover the true Internet addresses of people believed to be browsing child porn sites via the Tor Browser -- an online anonymity --------------------------------------------- https://krebsonsecurity.com/2013/08/firefox-zero-day-used-in-child-porn-hun… *** Bad timing: New HTML5 trickery lets hackers silently spy on browsers *** --------------------------------------------- Sub-millisecond precision in your rendering engine. What could possibly go wrong? New time-measuring features in HTML5 can be exploited by malicious websites to illicitly peek at pages open on a victims browser, it is claimed.… --------------------------------------------- http://www.theregister.co.uk/2013/08/05/html5_timing_attacks/ *** Microsoft Security Advisory (2876146): Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure - Version: 1.0 *** --------------------------------------------- Microsoft is aware of a public report that describes a known weakness in the Wi-Fi authentication protocol known as PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2), used by Windows Phones for WPA2 wireless authentication. In vulnerable scenarios, an attacker who successfully exploited this issue could achieve information disclosure against the targeted device. --------------------------------------------- http://technet.microsoft.com/en-us/security/advisory/2876146 *** [2013-08-05] Vodafone EasyBox default WPS PIN algorithm weakness *** --------------------------------------------- The algorithm that generates the default WPS-PIN is entirely based on the MAC address (=BSSID) and serial number of the device. The serial number can be derived from the MAC address. An unauthenticated attacker within the range of the access point can capture the BSSID (eg. from 802.11 Beacon Frames) and calculate the default WPS PIN for it. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** rgpg gem for Ruby command execution *** --------------------------------------------- rgpg gem for Ruby could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation of input by GpgHelper module (lib/rgpg/gpg_helper.rb). An attacker could exploit this vulnerability to inject and execute arbitrary commands on the system. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/86148 *** HP LaserJet Pro Printer Bug Lets Remote Users Access Data *** --------------------------------------------- A vulnerability was reported in HP Printer. A remote user can obtain potentially sensitive information. --------------------------------------------- http://www.securitytracker.com/id/1028869 *** Bugtraq: FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities *** --------------------------------------------- The Vulnerability Laboratory Research Team discovered a command/path inject vulnerability in the FTP OnConnect v1.4.11 application (Apple iOS - iPad & iPhone). --------------------------------------------- http://www.securityfocus.com/archive/1/527760 *** Bugtraq: PuTTY SSH handshake heap overflow *** --------------------------------------------- PuTTY versions 0.62 and earlier - as well as all software that integrates these versions of PuTTY - are vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication,... --------------------------------------------- http://www.securityfocus.com/archive/1/527763 *** Bugtraq: Joomla core <= 3.1.5 reflected XSS vulnerability *** --------------------------------------------- Joomla core package <= 3.1.5 includes a PHP script that suffers from reflected XSS vulnerability that allows to inject HTML and malicious scripts that can access any cookies, session tokens, or other... --------------------------------------------- http://www.securityfocus.com/archive/1/527765 *** IBM InfoSphere BigInsights Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in IBM InfoSphere BigInsights, which can be exploited by malicious people to conduct spoofing, cross-site scripting, and request forgery attacks. --------------------------------------------- https://secunia.com/advisories/54447 *** HPSBUX02909 SSRT101289 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS) *** --------------------------------------------- Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** TYPO3: Several vulnerabilities in extensions *** --------------------------------------------- https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-… *** phpMyAdmin Clickjacking Vulnerabilies *** --------------------------------------------- https://secunia.com/advisories/54381 https://secunia.com/advisories/54409

1 0

Tageszusammenfassung - Freitag 2-08-2013
by Daily end-of-shift report 02 Aug '13

02 Aug '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 01-08-2013 18:00 − Freitag 02-08-2013 17:12 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages *** --------------------------------------------- Exploit called BREACH bypasses the SSL crypto scheme protecting millions of sites. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/40ZrPMXUh8I/story01… *** Siemens Scalance W-7xx Product Family Multiple Vulnerabilities *** --------------------------------------------- OVERVIEWSiemens has identified multiple vulnerabilities in the Siemens Scalance W-7xx product family and reported them to ICS-CERT. A software update has been produced by Siemens that mitigates these vulnerabilities. Siemens has tested the software update to validate that it resolves the vulnerabilities. Exploitation of these vulnerabilities could allow a man-in-the-middle attack or the ability to gain complete control of the system.These vulnerabilities could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-213-01 *** OSPF LSA Manipulation Vulnerability in Multiple Cisco Products *** --------------------------------------------- OSPF LSA Manipulation Vulnerability in Multiple Cisco Products --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… *** Apple to Fix 'Fake USB Charger' Flaw in iOS 7 *** --------------------------------------------- Apple claims it will fix a previous disclosed flaw in its mobile operating system that can allow hackers complete access to an iPhone or iPad via a fake USB charger. --------------------------------------------- http://threatpost.com/apple-to-fix-fake-usb-charger-flaw-in-ios-7/101554 *** Hot Knives Through Butter: Bypassing File-based Sandboxes *** --------------------------------------------- Diamonds are a girl's best friend. Prime numbers are a mathematician's best friend. And file-based sandboxes are an IT security researcher's best friend. Unfortunately, malware authors know this. Aware that researchers are using sandboxes to monitor file behavior, attackers are ... --------------------------------------------- http://www.fireeye.com/blog/technical/malware-research/2013/08/hot-knives-t… *** Vuln: Drupal Google Authenticator Login Module Access Bypass Vulnerability *** --------------------------------------------- Drupal Google Authenticator Login Module Access Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/59884 *** vtiger CRM 5.4.0 PHP Code Injection *** --------------------------------------------- Topic: vtiger CRM 5.4.0 PHP Code Injection Risk: High Text: -- vtiger CRM <= 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080015 *** Vuln: Symantec Backup Exec CVE-2013-4575 Remote Heap Buffer Overflow Vulnerability *** --------------------------------------------- Symantec Backup Exec CVE-2013-4575 Remote Heap Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/61485 *** "Malware-infected hosts as stepping stones" service offers acccess to hundreds of compromised U.S based hosts *** --------------------------------------------- By Dancho Danchev Malware-infected hosts with clean IP reputation have always been a desirable underground market item. On the majority of occasions, they will either be abused as distribution/infection vector, used as cash cows, or as 'stepping stones', risk-forwarding the responsibility, and distorting the attribution process, as well as adding an additional OPSEC (Operational Security) layer --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/xpbJBn1gMZA/ *** Java Back Door Acts as Bot *** --------------------------------------------- The current threat landscape is often driven by web-based malware and exploit kits that are regularly updated with newly found vulnerabilities. Recently, we received an interesting malware binary's JAR package that opens a back door for an attacker to execute commands and acts as a bot after infection. This archive does not exploit any Java Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/java-back-door-acts-as-bot *** Black Hat: EFI-Toolkit zur Suche nach Bootkits *** --------------------------------------------- Sicherheitsforscher haben für die Abhärtung von UEFI ein Rootkit Detection Framework (RDFU) entwickelt. Um dessen Nutzen zu demonstrieren, setzten sie vorher ein Angriffsszenario mit einem Mac-Bootkit um. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-EFI-Toolkit-zur-Suche-nach-B… *** Black Hat: Zehntausende offene Webcams im Netz *** --------------------------------------------- In der Firmware zahlreicher Webcams lauern außerordentlich viele Bugs. Sie erlauben die volle Kontrolle von Cams der Hersteller D-Link, Cisco, Trendnet, IQInvision und 3SVision. Updates stehen bereit, werden aber offensichtlich nicht installiert. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-Zehntausende-offene-Webcams-… *** ISPmanager Multiple Vulnerabilities *** --------------------------------------------- ISPmanager Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54330

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily August 2013