Daily September 2013

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - Montag 30-09-2013
by Daily end-of-shift report 30 Sep '13

30 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 27-09-2013 18:00 − Montag 30-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** IBM WebSphere DataPower XC10 unauthorized access *** --------------------------------------------- An unspecified vulnerability in IBM WebSphere DataPower could allow unauthenticated access to administrative operations and data. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/87299 *** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-0585, CVE-2013-3034, CVE-2013-3040 and CVE-2013-0599) *** --------------------------------------------- Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-0585, CVE-2013-3034, CVE-2013-3040 and CVE-2013-0599) CVE(s): CVE-2013-0585 , CVE-2013-3034 , CVE-2013-3040 , CVE-2013-0599, CVE-2013-0585, CVE-2013-3034, CVE-2013-3040, and CVE-2013-0599 Affected product(s) and affected version(s): IBM InfoSphere Information Server versions 8.1, 8.5, 8.7, 9.1.0, and 9.1.2 running on all platforms --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for JSON Hijacking Attack (CVE-2013-3041) *** --------------------------------------------- A JSON Hijacking Attack vulnerability exists in IBM Rational ClearQuest Web Client. CVE(s): CVE-2013-3041 Affected product(s) and affected version(s): Upgrade to IBM Rational ClearQuest version: 7.1.2.12, 8.0.0.8, or 8.0.1.1 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21648086 X-Force Database: http://xforce.iss.net/xforce/xfdb/84724 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul… *** Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for Cross-Site Request Forgery (CVE-2013-0598) *** --------------------------------------------- A Cross-Site Request Forgery (CSRF) Attack vulnerability exists in IBM Rational ClearQuest Web Client CVE(s): CVE-2013-0598 Affected product(s) and affected version(s): Rational ClearQuest Web v7.1 through 7.1.2.10, v8.0 through 8.0.0.7, and v8.0.1 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21648665 X-Force Database: http://xforce.iss.net/xforce/xfdb/83611 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul… *** Security Bulletin: Multiple JRE vulnerabilities addressed in IBM Sterling Secure Proxy (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169) *** --------------------------------------------- The IBM JRE embedded in the IBM Sterling Secure Proxy Configuration Manager has security vulnerabilities that affect SSL connections to the configuration GUI. CVE(s): CVE-2013-0440, CVE-2013-0443, and CVE-2013-0169 Affected product(s) and affected version(s): Sterling Secure Proxy 3.4.1 Sterling Secure Proxy 3.4.0 Sterling Secure Proxy 3.3.01 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** As Hurricane Season Looms, Its Disaster-Preparedness Time *** --------------------------------------------- Nervals Lobster writes "In 2012, hurricane Sandy smacked the East Coast and did significant damage to New Jersey, New York City, and other areas. Flooding knocked many datacenters in Manhattan offline, temporarily taking down a whole lot of Websites in the process. Now that fall (and the tail end of hurricane season) is upon us again, any number of datacenters and IT companies are probably looking over their disaster-preparedness checklists in case another storm comes barreling through. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fMCJ586KPYE/story01.htm *** Internet-Ombudsmann warnt vor Onlineshop-Falle *** --------------------------------------------- Der österreichische Internet-Ombudsmann warnt vor der Firma Factory Store OHG, da sie angeblich Kunden mit günstigen Angeboten in eine Falle lockt. --------------------------------------------- http://www.heise.de/security/meldung/Internet-Ombudsmann-warnt-vor-Onlinesh… *** Gesicherte BlackBerrys in Deutschland zugelassen *** --------------------------------------------- Ein vom Düsseldorfer Anbieter Secusmart abgesichertes BlackBerry-Modell wurde in Deutschland die Zulassung für den Dienstgebrauch in Regierungsbehörden erteilt. --------------------------------------------- http://futurezone.at/digital-life/gesicherte-blackberrys-in-deutschland-zug… *** ReadMore CMS Multiple Vulnerability *** --------------------------------------------- Topic: ReadMore CMS Multiple Vulnerability Risk: Medium --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090190 *** Metasploit creator seeks crowds help for vuln scanning *** --------------------------------------------- Project Sonar combines tools, data and research Security outfit Rapid7 has decided that theres just too much security vulnerability information out there for any one group to handle, so its solution is to try and crowd-source the effort.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/09/30/hd_more_see… *** The Ghost in the (Portable) Machine: Securing Mobile Banking *** --------------------------------------------- Online banking is one of the many tasks that have been made more convenient by mobile technology. Now, users can purchase products and/or services, pay their bills and manage their finances from anywhere, and anytime. However, there are threats against mobile banking exist, which need to be addressed and secured against. Some of these threats […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroThe Ghost in the (Portable) Machine: Securing Mobile Banking --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ftep24zpfWE/ *** Wordpress 3.7 Beta 1 verspricht mehr Sicherheit *** --------------------------------------------- Das Wordpress-Projekt hat beschlossen, den Release-Zyklus für Version 3.7 zu verkürzen und bereits die erste Betaversion veröffentlicht. Wordpress 3.7 Beta 1 bringt vor allem einige neue Funktionen, die die Sicherheit der Blog-Software erhöhen sollen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Wordpress-3-7-Beta-1-verspricht-mehr… *** Bugtraq: [IBliss Security Advisory] Cross-site scripting ( XSS ) in PHP IDNA Convert *** --------------------------------------------- PHP Net_IDNA is a class to convert between the Punycode and Unicode formats. Punycode is a standard described in RFC 3492 and part of IDNA (Internationalizing Domain Names in Applications [RFC3490]) . This class allows PHP scripts to convert these domain names without having one of the PHP extensions installed. It supports both IDNA 2003 and IDNA 2008. --------------------------------------------- http://www.securityfocus.com/archive/1/528934 *** Sicherheit von SHA-3 angeblich verringert *** --------------------------------------------- Forscher werfen dem NIST vor, den SHA-3-Algorithmus Keccak für die Standardisierung durch Modifikationen unsicherer zu machen. Sichere Hashverfahren werden insbesondere für digitale Signaturen und Integritätschecks von Software benötigt. --------------------------------------------- http://www.heise.de/newsticker/meldung/Kryptographie-NIST-will-angeblich-Si… *** Emerson Multiple Products Security Issue and Arbitrary Code Execution Vulnerability *** --------------------------------------------- Emerson Multiple Products Security Issue and Arbitrary Code Execution Vulnerability --------------------------------------------- https://secunia.com/advisories/54936 *** Needle in a Haystack: Detecting Zero-Day Attacks *** --------------------------------------------- People often ask me what differentiates FireEye from its rivals. The real question is “What should I look for in a solution to advanced persistent threats, regardless of the provider?” (And while I can rattle off a long list of … Continue reading → --------------------------------------------- http://www.fireeye.com/blog/corporate/2013/09/needle-in-a-haystack-detectin… *** 7 Sneak Attacks Used By Todays Most Devious Hackers *** --------------------------------------------- Here are some of the latest techniques of note that have piqued my interest as a security researcher and the lessons learned. Some stand on the shoulders of past malicious innovators, but all are very much in vogue today as ways to rip off even the savviest users. --------------------------------------------- http://www.cio.com/article/740598/7_Sneak_Attacks_Used_By_Today_s_Most_Devi… *** Apache Camel Simple Language Expression Arbitrary Code Execution Vulnerability *** --------------------------------------------- A vulnerability has been reported in Apache Camel, which can be exploited by malicious users to compromise an application using the framework. --------------------------------------------- https://secunia.com/advisories/54888

1 0

Tageszusammenfassung - Freitag 27-09-2013
by Daily end-of-shift report 27 Sep '13

27 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 26-09-2013 18:00 − Freitag 27-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Time For a Change in Security Thinking, Experts Say *** --------------------------------------------- WASHINGTON Security, like a lot of other things, tends to go in phases. A new attack technique is developed, vendors respond with a new defensive technology and then attackers find a way to defeat it. It has always been that way. And right now, things seem to be in one of those periodic down cycles .. --------------------------------------------- http://threatpost.com/time-for-a-change-in-security-thinking-experts-say/10… *** Malware Now Hiding In Graphics Cards *** --------------------------------------------- mask.of.sanity writes "Researchers are closing in on a means to detect previously undetectable stealthy malware that resides in peripherals like graphics and network cards. The malware was developed by the same researchers and targeted host runtime memory using direct memory access provided to hardware devices. They said the malware was a highly critical threat to system security and integrity and could not be detected by any operating system." Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/OU6tbGV5rt4/story01.htm *** qemu host crash from within guest *** --------------------------------------------- Topic: qemu host crash from within guest Risk: Medium Text:A dangling pointer access flaw was found in the way qemu handled hot-unplugging virtio devices. This flaw was introduced by v... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090186 *** Ask Slashdot: Has Gmails SSL Certificate Changed, How Would We Know? *** --------------------------------------------- An anonymous reader writes "Recent reports from around the net suggest that SSL certificate chain for gmail has either changed this week, or has been widely compromised. Even less-than-obvious places to look for information, such as Googles Online Security Blog, are silent. The problem isnt specific to gmail, of course, which leads me to ask: What is the canonically-accepted out-of-band means by which a new SSL certificates fingerprint may be communicated and/or verified by end --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ElNnRuzfXzs/story01.htm *** iOS 7.0.2 behebt kritische Sicherheitslücke *** --------------------------------------------- Über einen Trick konnten Fotos und Kontakte ohne Eingabe des Codes zum Entsperren des Displays eingesehen weredn --------------------------------------------- http://derstandard.at/1379292252272 *** Cisco Unified Computing System Hardcoded FTP Account Lets Remote Users View and Modify Files *** --------------------------------------------- Cisco Unified Computing System Hardcoded FTP Account Lets Remote Users View and Modify Files --------------------------------------------- http://www.securitytracker.com/id/1029102 *** DIY commercial CAPTCHA-solving automatic email account registration tool available on the underground market since 2008 *** --------------------------------------------- With low-waged employees of unethical 'data entry' companies having already set the foundations for an efficient and systematic abuse of all the major Web properties, it shouldn't be surprising that new market segments quickly emerged to capitalize on the business opportunities offered by the (commercialized) demise of CAPTCHA as an additional human/bot differentiation technique. One of these market segments is supplying automatic (email) account registration services to --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/fT-TzsuZluo/ *** New TDL Dropper Variants Exploit CVE-2013-3660 *** --------------------------------------------- Recently, we been seeing a new breed of TDL variants going around. These variants look to be clones of the notorious TDL4 malware reported by Bitdefender Labs.The new TDL dropper variants we saw (SHA1: abf99c02caa7bba786aecb18b314eac04373dc97) were caught on the client machine by DeepGuard, our HIPS technology (click the image below to embiggen). From the detection name, we can see that the variants are distributed by some exploit kits.Last year, ESET mentioned a TDL4 variant (some AV vendors --------------------------------------------- http://www.f-secure.com/weblog/archives/00002612.html *** EMC VPLEX Lets Local Users Obtain the LDAP/AD Password *** --------------------------------------------- Impact: A local user can obtain the LDAP/AD bind password. Solution: The vendor has issued a fix (GeoSynchrony 5.2 SP1). --------------------------------------------- http://www.securitytracker.com/id/1029105 *** ARP Spoofing And Lateral Movement *** --------------------------------------------- In targeted attacks, during the lateral movement stage attacks try to gain access to other computers on the same local area network (LAN). One useful tool to achieve this is ARP spoofing, which can be used to carry out a variety of attacks to steal information as well as plant backdoors on other machines. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/v1ZdDzc-S68/ *** WordPress-Blogs für DDoS-Attacken missbraucht *** --------------------------------------------- Im April rüttelten Angreifer per Brute-Force-Attacke an Tausenden WordPress-Webseiten. Die Angreifer hatten wohl ein Langzeitziel im Auge. Jetzt wurden rund 550 WordPress-Blogs für eine DDoS-Attacke genutzt. --------------------------------------------- http://www.heise.de/newsticker/meldung/WordPress-Blogs-fuer-DDoS-Attacken-m… *** Zehn Internet-Fallen, die Sie kennen sollten! *** --------------------------------------------- Es gibt immer wieder neue Tricks, mit denen Internet-Nutzer von Cyber-Kriminellen in die Falle gelockt werden. Wir zeigen Ihnen, wovor Sie sich beim Surfen in Acht nehmen sollten. --------------------------------------------- http://web.de/magazine/digitale-welt/sicher-im-netz/17753226-internet-falle… *** BSI Sicherheitskompass: Zehn Regeln für mehr Sicherheit im Netz *** --------------------------------------------- Mit zehn Faustregeln wollen das BSI und die Polizeien der Länder für mehr Sicherheit im Netz sorgen. Anlass ist der europäische Cybersicherheitsmonat im Oktober. Das Konzept des National Cyber Security Awareness Month stammt aus den USA. --------------------------------------------- http://www.heise.de/newsticker/meldung/BSI-Sicherheitskompass-Zehn-Regeln-f… *** Security Bulletin: WebSphere DataPower XC10 Appliance vulnerability for administrative access to code and data (CVE-2013-5403) *** --------------------------------------------- A security vulnerability in the WebSphere DataPower XC10 Appliance might allow unauthenticated access to administrative operations and data. CVE(s): CVE-2013-1571 Affected product(s) and affected version(s): WebSphere DataPower XC10 Appliance version 2.0 WebSphere DataPower XC10 Appliance version 2.1 WebSphere DataPower XC10 Appliance version 2.5 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_web… *** Attackers can slip malicious code into many Android apps via open Wi-Fi *** --------------------------------------------- Connect hijacking could put users at risk of data theft, SMS abuse, and more. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/XKc0_9zgluU/story01… *** LinkedIn Patches Multiple XSS Vulnerabilities *** --------------------------------------------- LinkedIn was susceptible to four reflected cross site scripting (XSS) vulnerabilities before issuing a fix for those flaws over the summer. --------------------------------------------- http://threatpost.com/linkedin-patches-multiple-xss-vulnerabilities/102443

1 0

Tageszusammenfassung - Donnerstag 26-09-2013
by Daily end-of-shift report 26 Sep '13

26 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 25-09-2013 18:00 − Donnerstag 26-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** [papers] - Linux Classic Return-to-libc & Return-to-libc Chaining Tutorial *** --------------------------------------------- I decided to get a bit more into Linux exploitation, so I thought it would be nice if I document this as a good friend once said “ you think you understand something until you try to teach it“. --------------------------------------------- http://www.exploit-db.com/download_pdf/28553 *** [papers] - Understanding C Integer Boundaries (Overflows & Underflow) *** --------------------------------------------- This is my first try at writing papers. This paper is my understanding of the subject. I understand it might not be complete I am open for suggestions and modifications. I hope as this project helps others as it helped me. --------------------------------------------- http://www.exploit-db.com/download_pdf/28550 *** Blue Coat ProxySG / Security Gateway OS (SGOS) Two Denial of Service Vulnerabilities *** --------------------------------------------- Two vulnerabilities have been reported in Blue Coat ProxySG and Blue Coat Security Gateway OS (SGOS), which can be exploited by malicious people to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/54999 *** Research shows IT blocking applications based on popularity not risk *** --------------------------------------------- Tactic leads to less popular, but still risky cloud-based apps freely accessing networks --------------------------------------------- http://www.csoonline.com/article/740363/research-shows-it-blocking-applicat… *** Popular iOS e-mail app acquired by Dropbox has serious bug, researcher warns (Updated) *** --------------------------------------------- Code-execution vulnerability could open users to a series of serious attacks. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/hFtmTj9wjFg/story01… *** Security Issue in Ruby on Rails Could Expose Cookies *** --------------------------------------------- Versions 2.0 to 4.0 of the popular open source web framework Ruby on Rails are vulnerable to a web security issue involving cookies that could make it much easier for someone to login to an app as another user. --------------------------------------------- http://threatpost.com/security-issue-in-ruby-on-rails-could-expose-cookies/… *** Analysis: The Icefog APT: Frequently Asked Questions *** --------------------------------------------- Here are answers to the most frequently asked questions related to Icefog, an APT operation targeting entities in Japan and South Korea. --------------------------------------------- http://www.securelist.com/en/analysis/204792307/The_Icefog_APT_Frequently_A… *** Cisco IOS Multiple Flaws Let Remote Users Deny Service *** --------------------------------------------- Multiple vulnerabilities were reported in Cisco IOS. A remote user can cause denial of service conditions. --------------------------------------------- http://www.securitytracker.com/id/1029087 *** Security Bulletin: Tivoli Endpoint Manager Security Compliance Analytics (SCA) is affected by multiple Java vulnerabilities *** --------------------------------------------- Security Compliance Analytics version 1.3 and prior affected by multiple Java vulnerabilities CVE(s): CVE-2013-2463 CVE-2013-2465 CVE-2013-2471 Affected product(s) and affected version(s): Tivoli Endpoint Manager SCA 1.3 and earlier. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tiv… *** Java Security Vulnerabilitys addressed in IBM Tivoli Netcool OMNIbus *** --------------------------------------------- Multiple vulnerabilities related to the Java JRE shipped by Tivoli Netcool/OMNIbus have been resolved. CVE(s): CVE-2012-0502, CVE-2012-0503, CVE-2012-0506, CVE-2012-0507, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499, CVE-2012-0501, CVE-2012-0505, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-1541, CVE-2012-1543, CVE-2012-3213, CVE-2012-4301, CVE-2012-4305, CVE-2013-0351, CVE-2013-0409, --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/java_security_vulnera… *** Security Bulletin: GSKit Security Vulnerabilities addressed in IBM Tivoli Netcool OMNIbus *** --------------------------------------------- Several vulnerabilities related to the GSKit libraries used by Tivoli Netcool/OMNIbus have been resolved. CVE(s): CVE-2012-2190, CVE-2012-2191, CVE-2012-2333, CVE-2012-2203, CVE-2012-2131, CVE-2012-2110, CVE-2012-0884, CVE-2012-0050, CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-3210, CVE-2011-0014, CVE-2010-3864, CVE-2013-0169, CVE-2013-0166, and CVE-2012-2686 Affected product(s) and affected version(s): Tivoli Netcool/OMNIbus 7.2.1 Tivoli --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_gsk… *** Blue Coat ProxySG HTTP Request Processing Memory Leak Lets Remote Users Deny Service *** --------------------------------------------- A vulnerability was reported in Blue Coat ProxySG. A remote user can cause denial of service conditions. A remote server can return specially crafted data to trigger a memory leak and cause the target device to drop or bypass traffic. HTML with a large number of recursively embedded HREF tags can trigger this flaw. --------------------------------------------- http://www.securitytracker.com/id/1029088 *** Nodejs js-yaml load() Code Execution *** --------------------------------------------- Topic: Nodejs js-yaml load() Code Execution Risk: High --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090177 *** InstantCMS 1.10.2 Multiple vulnerabilities *** --------------------------------------------- Topic: InstantCMS 1.10.2 Multiple vulnerabilities Risk: Low Text:Hello 3APA3A! These are Login Enumeration, Cross-Site Scripting and Content Spoofing vulnerabilities in InstantCMS. ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090179 *** Boffins: Internet transit a vulnerability *** --------------------------------------------- Mirror, mirror on the port, is this something I can rort? If you think of an Internet exchange, you probably think of infrastructure thats well-protected, well-managed, and hard to compromise. The reality, however, might be different. According to research by Stanford Universitys Daniel Kharitonov, working with TraceVectors Oscar Ibatullin, there are enough vulnerabilities in routers and the like that the Internet exchange makes a target thats both attractive and exploitable.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/09/26/boffins_int… *** 1. Cybercrime-Konferenz von Europol und Interpol: Die Jagd den Privaten überlassen? *** --------------------------------------------- Cybercrime-Ermittlungen privaten Firmen zu überlassen, habe einige Vorteile, meinen Firmenvertreter. Strafverfolger wollen aber genau die Kompetenzen der Privatfirmen entwickeln und ihre Aktionspläne ebenso gut ausgebildeten Richtern vorlegen. --------------------------------------------- http://www.heise.de/newsticker/meldung/1-Cybercrime-Konferenz-von-Europol-u… *** XEN - Information leak on AVX and/or LWP capable CPUs *** --------------------------------------------- When a guest increases the set of extended state components for a vCPU saved/restored via XSAVE/XRSTOR (to date this can only be the upper halves of YMM registers, or AMDs LWP state) after already having touched other extended registers restored via XRSTOR (e.g. floating point or XMM ones) during its current scheduled CPU quantum, the hypervisor would make those registers accessible without discarding the values an earlier scheduled vCPU may have left in them. --------------------------------------------- http://lists.xenproject.org/archives/html/xen-announce/2013-09/msg00005.html *** VLC 2.1 "Rincewind" is a major new version of our popular media player *** --------------------------------------------- Rincewind fixes around a thousand bugs, in more than 7000 commits from 140 volunteers. --------------------------------------------- http://www.videolan.org/vlc/releases/2.1.0.html *** Google Hangouts schickt Nachrichten an falsche Personen *** --------------------------------------------- Zu ungewollt peinlichen Situationen könnte es derzeit mit Googles Chat-Tool Hangouts kommen. --------------------------------------------- http://futurezone.at/produkte/google-hangouts-schickt-nachrichten-an-falsch… *** IBM Rational ClearQuest JSON Hijacking and Cross-Site Request Forgery Vulnerabilities *** --------------------------------------------- IBM Rational ClearQuest JSON Hijacking and Cross-Site Request Forgery Vulnerabilities --------------------------------------------- https://secunia.com/advisories/55010 *** Microsoft veröffentlicht Ereignis- und Paketanalysator Message Analyzer *** --------------------------------------------- Der bislang nur als Beta-Version erhältliche Message Analyzer steht nun Version 1.0 zum Download bereit. --------------------------------------------- http://www.heise.de/newsticker/meldung/Microsoft-veroeffentlicht-Ereignis-u… *** How do you monitor DNS?, (Thu, Sep 26th) *** --------------------------------------------- Personally, my "DNS Monitoring System" is a bunch of croned shell scripts and nagios, in desperate need of an overhaul. While working on a nice (maybe soon published) script to do this, I was wondering: What is everybody else using? The script is supposed to detect DNS outages and unauthorized changes to my domains. Here are some of the parameters I am monitoring now: - changes to the zones serial number - changes to the NS records (using the TLDs name servers, not mine) - changes --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16661&rss *** Blog: Icefog OpenIOC Release *** --------------------------------------------- OpenIOC rules for the IceFog campaign --------------------------------------------- http://www.securelist.com/en/blog/208214070/Icefog_OpenIOC_Release *** Spear Phishing Poses Threat to Industrial Control Systems *** --------------------------------------------- While the energy industry may fear the appearance of another Stuxnet on the systems they use to keep oil and gas flowing and the electric grid powered, an equally devastating attack could come from a much more mundane source: phishing. Rather than worry about exotic cyber weapons like Stuxnet and its big brother, Flame, companies that have SCADA systems ... should make sure that their anti-phishing programs are in order, say security experts. --------------------------------------------- http://www.cio.com/article/740402/Spear_Phishing_Poses_Threat_to_Industrial… *** Barracuda CudaTel Communication Server Cross-Site Scripting and SQL Injection Vulnerabilities *** --------------------------------------------- Vulnerability Lab has reported multiple vulnerabilities in Barracuda CudaTel Communication Server, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/54258 *** Emerson ROC800 Multiple Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson Process Management’s ROC800 remote terminal units (RTUs) products (ROC800, ROC800L, and DL8000). --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01

1 0

Tageszusammenfassung - Mittwoch 25-09-2013
by Daily end-of-shift report 25 Sep '13

25 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 24-09-2013 18:00 − Mittwoch 25-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** IBM Rational ClearCase / ClearQuest GSKit Information Disclosure Weakness *** --------------------------------------------- IBM has acknowledged a weakness in IBM Rational ClearCase and Rational ClearQuest, which can be exploited by malicious people to disclose certain sensitive information. The weakness is caused due to a bundled vulnerable version of IBM Global Security ToolKit. --------------------------------------------- https://secunia.com/advisories/54928 *** 7 Characteristics of a Secure Mobile App *** --------------------------------------------- Keeping a mobile application secure is tough, but not impossible, and certain aspects of session management can go a long way in helping. --------------------------------------------- http://www.csoonline.com/article/740266/7-characteristics-of-a-secure-mobil… *** WordPress Custom Website Data Plugin Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability has been discovered in the Custom Website Data plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/54865 *** Linux Kernel "free_netdev()" Use-After-Free Vulnerability *** --------------------------------------------- A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a use-after-free error in the "tun_set_iff()" function (drivers/net/tun.c) and can be exploited to dereference already freed memory. --------------------------------------------- https://secunia.com/advisories/54753 *** FFmpeg Multiple Vulnerabilities *** --------------------------------------------- Multiple vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/54972 *** Vuln: Cisco MediaSense CVE-2013-5502 Information Disclosure Vulnerability *** --------------------------------------------- Cisco MediaSense is prone to an information-disclosure vulnerability. A man-in-the-middle attacker may be able to exploit this issue to obtain sensitive information. Information obtained may aid in further attacks. --------------------------------------------- http://www.securityfocus.com/bid/62601 *** Wordpress simple forum Cross site scripting Vulnerability *** --------------------------------------------- Exploit Title : Wordpress simple forum Cross site scripting Vulnerability Exploit Author : Ashiyane Digital Security Team Software Link : http://wordpress.org Tested on: Windows 7 , Linux Date: 2013/09/23 Exploit : Cross site scripting --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090168 *** Bugtraq: CVE-2013-5118 - XSS Good for Enterprise iOS *** --------------------------------------------- Last month I identified a XSS vulnerability in the Good for Enterprise iOS application. The vulnerable versions are v2.2.2.1611 and earlier --------------------------------------------- http://www.securityfocus.com/archive/1/528839 *** Now You See Me – H-worm by Houdini *** --------------------------------------------- H-worm is a VBS (Visual Basic Script) based RAT written by an individual going by the name Houdini. We believe the author is based in Algeria and has connections to njq8, the author of njw0rm and njRAT/LV --------------------------------------------- http://www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-… *** Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by vulnerabilities in IBM JRE (Multiple CVEs) *** --------------------------------------------- IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has its own JRE. Oracle has released an April 2013 Critical Patch Update (CPU) that contains security vulnerability fixes and IBM Java is affected. CVE(s): CVE-2013-0401 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Is mobile anti-virus necessary? *** --------------------------------------------- Experts disagree over whether or not there are any immediate threats --------------------------------------------- http://www.csoonline.com/article/740301/is-mobile-anti-virus-necessary-?sou… *** Social media spam on the rise, says study *** --------------------------------------------- Recent report from Nexgate points to 355 percent increase in social media spam in 2013 alone --------------------------------------------- http://www.csoonline.com/article/740292/social-media-spam-on-the-rise-says-… *** SurgeMail surgeweb interface security bypass *** --------------------------------------------- SurgeMail could allow a remote attacker to bypass security restrictions, caused by the failure to restrict access to other accounts by the surgeweb interface. An attacker could exploit this vulnerability to login to another user's accounts. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/87335 *** Google Chrome 31.0 Webkit Auditor Bypass *** --------------------------------------------- Topic: Google Chrome 31.0 Webkit Auditor Bypass Risk: Low Title: Chrome 31.0 Webkit XSS Auditor Bypass Author: Rafay Baloch @rafaybaloch And PEPE Vila --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090173 *** Newly launched E-shop offers access to hundreds of thousands of compromised accounts *** --------------------------------------------- In a series of blog posts, we’ve highlighted the ongoing commoditization of hacked/compromised/stolen account data (user names and passwords), the direct result of today’s efficiency-oriented cybercrime ecosystem, the increasing availability of sophisticated commercial/leaked DIY undetectable malware generating tools, malware-infected hosts as a service, log files on demand services, as well as basic data mining concepts applied on behalf of the operator of a particular botnet. What --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/iHbGGHj2f1o/ *** Details zum iPhone-5s-Hack *** --------------------------------------------- ct dokumentiert Schritt-für-Schritt, wie Starbug den Fingerabdruck-Sensor des iPhone 5S austrickst. --------------------------------------------- http://www.heise.de/newsticker/meldung/c-t-veroeffentlicht-Details-zu-iPhon… *** elproLOG MONITOR WebAccess Two Cross-Site Scripting Vulnerabilities *** --------------------------------------------- Vulnerability Lab has reported two vulnerabilities in elproLOG MONITOR WebAccess, which can be exploited by malicious people to conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/54955 *** IT-Sicherheitsbranche: it-sa 2013 wieder mit Kongress, aber ohne Extraentgelt *** --------------------------------------------- 2012 begleitete die it-sa erstmalig ein Kongressprogramm. Der Kongress ist nun wieder dabei, muss aber nicht mehr extra bezahlt werden. Für Studierende der Informatik gibt es spezielle Vorträge und Sonderschauen. --------------------------------------------- http://www.heise.de/newsticker/meldung/IT-Sicherheitsbranche-it-sa-2013-wie… *** Bugtraq: GreHack 2013 - 15 Nov. Grenoble, France - Conf. Registration OPEN *** --------------------------------------------- GREHACK 2013 - 2nd International Symposium in Grey-Hat Hacking 2nd Edition - p*wn me i'm famous! http://grehack.org https://twitter.com/grehack Grenoble, France November 15, 2013 --------------------------------------------- http://www.securityfocus.com/archive/1/528852 *** UKs Get Safe Online? No one cares - run the blockbuster ads instead *** --------------------------------------------- Something like Jack Bauers 24 ... whatever itll take to teach kids how to bat away hackers The UKs Get Safe Online campaign has failed to teach Brits how to secure their computers - so says the ex top cop who established the information security awareness effort in 2004.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/09/25/gets_safe_o… *** Splunk Alert Test Scripts Arbitrary Command Execution Vulnerabilities *** --------------------------------------------- Some vulnerabilities have been reported in Splunk, which can be exploited by malicious users to compromise a vulnerable system. The vulnerabilities are caused due to some errors related to alert testing and troubleshooting scripts and can be exploited to execute arbitrary shell scripts. The vulnerabilities are reported in versions prior to 5.0.5. --------------------------------------------- https://secunia.com/advisories/54934 *** Oracle Solaris Tomcat FormAuthenticator Session Hijacking Weakness *** --------------------------------------------- Oracle has acknowledged a weakness in Tomcat included in Solaris, which can be exploited by malicious people to hijack a user's session. --------------------------------------------- https://secunia.com/advisories/55033 *** Oracle Solaris Kerberos KDC Two Vulnerabilities *** --------------------------------------------- Oracle has acknowledged two vulnerabilities in Kerberos included in Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system and by malicious people to potentially compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/55036 *** IBM Sterling External Authentication Server JRE Multiple Vulnerabilities *** --------------------------------------------- The application bundles a vulnerable version of the Java Runtime Environment (JRE). --------------------------------------------- https://secunia.com/advisories/55004 *** Several vulnerabilities in extension Apache Solr for TYPO3 (solr) *** --------------------------------------------- It has been discovered that the extension "Apache Solr for TYPO3" (solr) is vulnerable to Cross-Site Scripting and Insecure Unserialize. Affected Versions: Version 2.8.2 and below --------------------------------------------- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… *** Security issues in several third party TYPO3 ectensions *** --------------------------------------------- Direct Mail (direct_mail) RealURL: speaking paths for TYPO3 (realurl) Formhandler (formhandler) AWStats (cc_awstats) booking (booking) ICS AWStats (ics_awstats) Simple Image Gallery (iflowgallery) Ratsinformationssystem (RIS) (cronmm_ratsinfo) Frontend User Registration (ke_userregister) AWStats with individual access (meta_beawstatsind) Powermail double opt-in (powermail_optin) smarty (smarty) Youtube Channel Videos (youtubevideos) --------------------------------------------- http://lists.typo3.org/pipermail/typo3-announce/2013/000285.html *** iPhone-Trojaner verdient mit Klickbetrug *** --------------------------------------------- Eine App für iPhones mit Jailbreak, die eigentlich im Browser WebGL-Funktionen freischalten soll, bringt dem Entwickler nebenbei noch Einnahmen aus versteckt angezeigter Werbung ein. --------------------------------------------- http://www.heise.de/newsticker/meldung/iPhone-Trojaner-verdient-mit-Klickbe… *** ClearSCADA Web Requests Handling Denial of Service Vulnerability *** --------------------------------------------- A vulnerability has been reported in ClearSCADA, which can be exploited by malicious people to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/54931 *** Oracle Solaris Kerberos kpasswd UDP Packet Processing Denial of Service Vulnerability *** --------------------------------------------- Oracle has acknowledged a vulnerability in Kerberos included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/55039 *** Cyber attacks will cause real world harm in next seven years *** --------------------------------------------- New technologies such as Google Glass and IPv6 will lead to new, deadly forms of cyber attack if current manufacturing security practices continue, according to experts from Europol, Trend Micro and The International Cyber Security Protection Alliance (ICSPA). The experts made the warning in a recently published Scenarios for the Future of Cyber Crime white paper. The paper explored what threats the experts expect to emerge in the next six and a half years ... --------------------------------------------- http://www.v3.co.uk/v3-uk/analysis/2296357/cyber-attacks-will-cause-real-wo… *** Secure Domain Name System (DNS) Deployment Guide *** --------------------------------------------- This document provides deployment guidelines for securing DNS within an enterprise. Because DNS data is meant to be public, preserving the confidentiality of DNS data. The primary security goals for DNS are data integrity and source authentication, which are needed to ensure the authenticity of domain name information and maintain the integrity of domain name information in transit. This document provides extensive guidance on maintaining data integrity and performing source authentication. --------------------------------------------- http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-81-2.pdf *** How to Protect Your Privacy on Social Media *** --------------------------------------------- How do you keep information private on social networking sites? ... Relying on a site’s privacy settings is just the start. While stricter account settings and tools can help you maintain privacy, there are other ways your personal information can leak out to the public. Knowing and addressing these potential privacy risks will help you protect your data. --------------------------------------------- http://about-threats.trendmicro.com/ebooks/how-to-protect-your-privacy-on-s… *** Oracle Solaris LibXSLT "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities *** --------------------------------------------- Oracle has acknowledged two vulnerabilities in LibXSLT included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/55030

1 0

Tageszusammenfassung - Dienstag 24-09-2013
by Daily end-of-shift report 24 Sep '13

24 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 23-09-2013 18:00 − Dienstag 24-09-2013 18:00 Handler: L. Aaron Kaplan Co-Handler: L. Aaron Kaplan *** ICS Vendor Fixes Hard-Coded Credential Bugs Nearly Two Years After Advisory *** --------------------------------------------- Nearly two years after a security researcher published details of the hard-coded credentials that ship with a slew of industrial control system products made by Schneider Electric, the company has released updated firmware that fix the problems. The vulnerabilities, which were discovered by researcher Ruben Santamarta and published in December 2011, affect dozens of products --------------------------------------------- http://threatpost.com/ics-vendor-fixes-hard-coded-credential-bugs-nearly-tw… *** Security Bulletin: Multiple vulnerabilities exist in IBM Data Studio Web Console, Optim Performance Manager, IBM InfoSphere Optim Configuration Manager, and DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2013-4025, CVE-2013-4024, CVE-2013-4022) *** --------------------------------------------- Multiple vulnerabilities exist in IBM Data Studio Web Console, Optim Performance Manager, IBM InfoSphere Optim Configuration Manager, and DB2 Recovery Expert for Linux, UNIX and Windows which could allow an attacker to view sensitive information or perform actions as a compromised user. CVE(s): CVE-2013-4025, CVE-2013-4024, CVE-2013-4022 Affected product(s) and affected version(s): IBM Data Studio Web Console versions v3.1.x Optim Performance Manager for DB2 on LUW v5.1.x IBM InfoSphere --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Vuln: Moodle CVE-2013-4313 SQL Injection Vulnerability *** --------------------------------------------- Moodle CVE-2013-4313 SQL Injection Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/62410 *** Citrix XenClient XT Multiple Vulnerabilities *** --------------------------------------------- Citrix XenClient XT Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54625 *** Cybercriminals experiment with Android compatible, Python-based SQL injecting releases *** --------------------------------------------- Throughout the years, cybercriminals have been perfecting the process of automatically abusing Web application vulnerabilities to achieve their fraudulent and malicious objectives. From the utilization of botnets and search engines to perform active reconnaissance, the general availability of DIY mass SQL injecting tools as well as proprietary malicious script injecting exploitation platforms, the results have been evident ever since in the form of tens of thousands of affected Web sites on a --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/uFxqe3lj6ak/ *** Joomla JVideoClip Blind SQL Injection *** --------------------------------------------- Topic: Joomla JVideoClip Blind SQL Injection Risk: Medium Text: == Joomla Component com_jvideoclip (cid|uid|id) Blind SQL Injection / SQL Injection ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090161 *** WordPress fGallery_Plus Cross Site Scripting *** --------------------------------------------- Topic: WordPress fGallery_Plus Cross Site Scripting Risk: Low Text: # Iranian Exploit DataBase Forum # http://iedb.ir/acc # http://iedb... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090160 *** AspxCommerce 2.0 Shell Upload *** --------------------------------------------- Topic: AspxCommerce 2.0 Shell Upload Risk: High Text:# Exploit Title: AspxCommerce v2.0 - Arbitrary File Upload Vulnerability # Exploit Author: SANTHO (@s4n7h0) # Vendor Homepage... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090159 *** H1 2013 Threat Report *** --------------------------------------------- Our H1 2013 Threat Report is now online:Youll find it as well as our previous reports available for download: here. On 24/09/13 At 06:57 AM --------------------------------------------- http://www.f-secure.com/weblog/archives/00002611.html *** Attacks Using Microsoft IE Exploit Tied to Hacking Crew Linked to Bit9 Breach *** --------------------------------------------- Security researchers at FireEye have observed a campaign targeting organizations in Japan that is leveraging the Internet Explorer zero-day Microsoft warned users about last week. The campaign has been dubbed Operation DeputyDog, and is believed to have begun as early as August 19. According to FireEye, the attackers behind the operation may be the same ones involved in last years attack on Bit9 a group researchers at Symantec recently identified as a hacking crew called Hidden Lynx --------------------------------------------- http://www.securityweek.com/attacks-using-microsoft-ie-exploit-tied-hacking… *** D-Link DSL-2740B Router Cross-Site Request Forgery Vulnerability *** --------------------------------------------- D-Link DSL-2740B Router Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/54795 *** Blog: Exposing the security weaknesses we tend to overlook *** --------------------------------------------- --------------------------------------------- http://www.securelist.com/en/blog/8132/Exposing_the_security_weaknesses_we_… *** Cyberwar gegen das Heidiland - Protokoll einer Attacke *** --------------------------------------------- Sie versuchen Beweise zu zerstören. Der IT-Forensiker ist seit Wochen auf der Fährte von Hackern, die eine der grössten Cyberattacken weltweit lanciert haben. Eine Offensive gegen militärische und zivile Ziele. Gegen einen Telekommunikationskonzern in Norwegen, gegen den Autohersteller Porsche, einen internationalen Flughafen in Indien und politische Gruppierungen in Pakistan. --------------------------------------------- http://www.sonntagszeitung.ch/wirtschaft/artikel-detailseite/?newsid=262774 *** "3": Schwere Sicherheitslücke ermöglichte Zugriff auf Kundendaten *** --------------------------------------------- Fehlerhafte Passwortröcksetzung erlaubte unter anderem Zugriff auf Kontaktdaten und Sprachnachrichten --------------------------------------------- http://derstandard.at/1379291849554 *** Inoffizielle iMessage-App für Android schürt Sicherheitsbedenken *** --------------------------------------------- App soll Kommunikation über Server in China leiten - User werden vor Nutzung gewarnt --------------------------------------------- http://derstandard.at/1379291880414 *** TRENDnet Multiple Products libupnp Buffer Overflow Vulnerabilities *** --------------------------------------------- TRENDnet Multiple Products libupnp Buffer Overflow Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54762 *** [remote] - Raidsonic NAS Devices Unauthenticated Remote Command Execution *** --------------------------------------------- Raidsonic NAS Devices Unauthenticated Remote Command Execution --------------------------------------------- http://www.exploit-db.com/exploits/28508 *** [local] - IBM AIX 6.1 / 7.1 - Local root Privilege Escalation *** --------------------------------------------- IBM AIX 6.1 / 7.1 - Local root Privilege Escalation --------------------------------------------- http://www.exploit-db.com/exploits/28507 *** Tenable SecurityCenter "message" Cross-Site Scripting Vulnerability *** --------------------------------------------- Tenable SecurityCenter "message" Cross-Site Scripting Vulnerability --------------------------------------------- https://secunia.com/advisories/54997 *** IBM Rational ClearCase / ClearQuest GSKit Information Disclosure Weakness *** --------------------------------------------- IBM Rational ClearCase / ClearQuest GSKit Information Disclosure Weakness --------------------------------------------- https://secunia.com/advisories/54928 *** 7 Characteristics of a Secure Mobile App *** --------------------------------------------- Keeping a mobile application secure is tough, but not impossible, and certain aspects of session management can go a long way in helping. --------------------------------------------- http://www.csoonline.com/article/740266/7-characteristics-of-a-secure-mobil…

1 0

Tageszusammenfassung - Montag 23-09-2013
by Daily end-of-shift report 23 Sep '13

23 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 20-09-2013 18:00 − Montag 23-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** PHP updates released 19 SEP 2013 *** --------------------------------------------- PHP 5.5.4 (Current Stable) PHP 5.4.20 (Old Stable) http://www.php.net/downloads.php --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16631&rss *** Cybercriminals experiment with Socks4/Socks5/HTTP malware-infected hosts based DIY DoS tool *** --------------------------------------------- Based on historical evidence gathered during some of the major 'opt-in botnet' type of crowdsourced DDoS (distributed denial of service) attack campaigns that took place over the last couple of years, the distribution of point'nclick DIY DoS (denial of service attack) tools continues representing a major driving force behind the success of these campaigns. A newly released DIY DoS tool aims to empower technically unsophisticated users with the necessary expertise to launch --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/QlgGvHwB40s/ *** Bugtraq: [security bulletin] HPSBST02919 rev.1 - HP XP P9000 Command View Advanced Edition Suite Software, Remote Cross Site Scripting (XSS) *** --------------------------------------------- VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite Software. The vulnerability could be remotely exploited resulting in Cross Site Scripting (XSS). References: CVE-2013-4814 (SSRT101302) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP XP P9000 Command View Advanced Edition Suite Software v 7.0.0-00 to earlier than 7.5.0-02 (Windows, Linux). --------------------------------------------- http://www.securityfocus.com/archive/1/528763 *** BLYPT: A New Backdoor Family Installed via Java Exploit *** --------------------------------------------- Recently, we have observed a new backdoor family which we've called BLYPT. This family is called BLYPT because of its used of binary large objects (blob) stored in the registry, as well as encryption. Currently, this backdoor is installed using Java exploits; either drive-by downloads or compromised web sites may be used to deliver these --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nVQjUHp2Xcc/ *** Weitere kritische Sicherheitslücke in iOS 7 aufgetaucht *** --------------------------------------------- Über einen Bug in der Notruf-Funktion kann trotz Sperrbildschirm jede beliebige Nummer angerufen werden. --------------------------------------------- http://futurezone.at/produkte/iphone-weitere-kritische-sicherheitsluecke-in… *** Linksys WRT110 Remote Command Execution *** --------------------------------------------- Topic: Linksys WRT110 Remote Command Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090147 *** Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets *** --------------------------------------------- FireEye has discovered a campaign leveraging the recently announced zero-day CVE-2013-3893. This campaign, which we have labeled 'Operation DeputyDog', began as early as August 19, 2013 and appears to have targeted organizations in Japan. --------------------------------------------- http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-depu… *** Operation DeputyDog Part 2: Zero-Day Exploit Analysis (CVE-2013-3893) *** --------------------------------------------- In our previous blog post my colleagues Ned and Nart provided a detailed analysis on the APT Campaign Operation DeputyDog. The campaign leveraged a zero day vulnerability of Microsoft Internet Explorer (CVE-2013-3893). Microsoft provided an advisory and 'Fix it' blog post. --------------------------------------------- http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-depu… *** Angriff der Router *** --------------------------------------------- Die ct analysiert ein sehr ungewöhnliches Botnet: Es besteht aus Routern, auch in Deutschland. --------------------------------------------- http://www.heise.de/newsticker/meldung/Angreifer-kapern-Router-1963578.html *** IDF Hackers Test Readiness In Israel For Cyberattacks *** --------------------------------------------- cold fjord points out a profile in Al-Monitor of Israels cyber-defense group, formed to test the countrys defenses to electronic warfare and information theft. Groups, really, since its run blue-vs-red style, with constant scenario preparation and intrusion attempts. The two (anonymized) leaders of the Blue and Red teams talk about the mind-set and skills that it takes to be in their unit, which they point out is not the place for soda and pizza hijinks. Says "Capt. A": "We are --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VvdZRjzDjUk/story01.htm *** [webapps] - Wordpress Lazy SEO plugin Shell Upload Vulnerability *** --------------------------------------------- Wordpress Lazy SEO plugin Shell Upload Vulnerability --------------------------------------------- http://www.exploit-db.com/exploits/28452 *** Cybercriminals sell access to tens of thousands of malware-infected Russian hosts *** --------------------------------------------- Today's modern cybercrime ecosystem offers everything a novice cybercriminal would need to quickly catch up with fellow/sophisticated cybercriminals. Segmented and geolocated lists of harvested emails, managed services performing the actual spamming service, as well as DIY undetectable malware generating tools, all result in a steady influx of new (underground) market entrants, whose activities directly contribute to the overall growth of the cybercrime ecosystem. Among the most popular --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/cRy7OE78zU0/ *** Bugtraq: [ANN] Struts 2.3.15.2 GA release available - security fix *** --------------------------------------------- The Apache Struts group is pleased to announce that Struts 2.3.15.2 is available as a "General Availability" release.The GA designation is our highest quality grade. ... This release includes important security fixes: - S2-018 - Broken Access Control Vulnerability in Apache Struts2 - S2-019 - Dynamic Method Invocation disabled by default --------------------------------------------- http://www.securityfocus.com/archive/1/528801 *** BlackBerry zieht Messenger-App für iOS und Android zurück *** --------------------------------------------- Die Apps, die den BlackBerry Messenger-Dienst auf iOS und Android bringen sollten, wurden nach einem Leak einer unfertigen Android-Version zurückgezogen. --------------------------------------------- http://futurezone.at/produkte/blackberry-zieht-messenger-app-fuer-ios-und-a… *** Apple zieht Apple-TV-Update 6.0 zurück *** --------------------------------------------- Nach Update-Problemen hat Apple die Aktualisierung offenbar zunächst zurückgezogen. Sie sollte unter anderem Unterstützung für iTunes Radio für US-Kunden liefern. --------------------------------------------- http://www.heise.de/newsticker/meldung/Apple-zieht-Apple-TV-Update-6-0-zuru… *** Chaos Computer Club hackt Apples Touch-ID *** --------------------------------------------- Fingerabdrucksensor des iPhone 5S lässt sich mit bekannten Mitteln austricksen - CCC: Touch-ID "dumme Idee" --------------------------------------------- http://derstandard.at/1379291683079 *** F5 BIG-IP APM Access Policy Logout Page Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability has been reported in F5 BIG-IP APM, which can be exploited by malicious people to conduct cross-site scripting attacks. ... The vulnerability is reported in versions 10.1.0 through 10.2.4 and versions 11.1.0 through 11.3.0. --------------------------------------------- https://secunia.com/advisories/54941 *** Apple TV Multiple Vulnerabilities *** --------------------------------------------- A weakness and some vulnerabilities have been reported in Apple TV, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable device. --------------------------------------------- https://secunia.com/advisories/54961 *** Data Exfiltration in Targeted Attacks *** --------------------------------------------- Data exfiltration is the unauthorized transfer of sensitive information from a target's network to a location which a threat actor controls. Because data routinely moves in and out of networked enterprises, data exfiltration can closely resemble normal network traffic, making detection of exfiltration attempts challenging for IT security groups. Figure 1. Targeted Attack Campaign Diagram --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bvRuzyNih3k/ *** Analysis: Spam in August 2013 *** --------------------------------------------- The percentage of spam in email traffic in August was down 3.6 percentage points and averaged 67.6%. --------------------------------------------- http://www.securelist.com/en/analysis/204792306/Spam_in_August_2013 *** Verschlüsselung im Web: TLS soll sicherer werden *** --------------------------------------------- Das für die Verschlüsselung im Web meistbenutzte Verschlüsselungsprotokoll krankt an einem Designfehler. Der ließe sich sich relativ leicht beheben, wenn das Normierungsgremium mitspielt. --------------------------------------------- http://www.heise.de/newsticker/meldung/Verschluesselung-im-Web-TLS-soll-sic… *** C3CM: Part 1 - Nfsight with Nfdump and Nfsen *** --------------------------------------------- Part one of our three-part series on C3CM will utilize Nfsight with Nfdump, Nfsen, and fprobe to conduct our identification phase. These NetFlow tools make much sense when attempting to identify the behavior of your opponent on high-volume networks that don't favor full-packet capture or inspection. --------------------------------------------- http://holisticinfosec.org/toolsmith/pdf/august2013.pdf *** C3CM: Part 2 - BroIDS with Logstash and Kibana *** --------------------------------------------- Where, in part one of this three-part series, we utilized Nfsight with Nfdump, Nfsen, and fprobe to conduct our identification phase, we'll use BroIDS (Bro), Logstash, and Kibana as part of our interrupt phase. --------------------------------------------- http://holisticinfosec.org/toolsmith/pdf/september2013.pdf *** Citrix CloudPortal Services Manager Multiple Vulnerabilities *** --------------------------------------------- Some vulnerabilities have been reported in Citrix CloudPortal Services Manager, where some have an unknown impact and another can be exploited by malicious users to bypass certain security restrictions. ... The vulnerabilities are reported in versions 10.0 Cumulative Update 2 and prior. --------------------------------------------- https://secunia.com/advisories/54664 *** OpenVZ update for kernel *** --------------------------------------------- OpenVZ has issued an update for kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and by malicious, local users to potentially gain escalated privileges. --------------------------------------------- https://secunia.com/advisories/54900 *** BitTorrent-Schluckauf bei Twitter löst Besorgnis aus *** --------------------------------------------- Ein technisches Problem bei Twitter hat dazu geführt, dass das soziale Netzwerk statt dem HTML-Code seiner Share-Buttons den Nutzern Torrent-Files ausliefert. Das hat zu einiger Aufregung bei besorgten Website-Besuchern geführt. --------------------------------------------- http://www.heise.de/newsticker/meldung/BitTorrent-Schluckauf-bei-Twitter-lo…

1 0

Tageszusammenfassung - Freitag 20-09-2013
by Daily end-of-shift report 20 Sep '13

20 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 19-09-2013 18:00 − Freitag 20-09-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Can Companies Fight Against Targeted Attacks? *** --------------------------------------------- There are various reasons why targeted attacks can happen to almost any company. One of the biggest reasons is theft of a company's proprietary information. There are many types of confidential data that could be valuable. Intellectual property is often the first thing that comes to mind. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/can-companies-fi… *** Apple's iOS 7 Update Fixes 80 Security Bugs *** --------------------------------------------- Yesterdays iOS 7 update brought a slew of bug fixes, 80 in total, to Apple devices. --------------------------------------------- http://threatpost.com/apples-ios-7-update-fixes-80-security-bugs/102356 *** Vertexnet Botnet Hides Behind AutoIt *** --------------------------------------------- Recently we found some new malware samples using AutoIt to hide themselves. On further analysis we found that those sample belong to the Vertexnet botnet. They use multiple layers of obfuscation; once decoded, they connect to a control server to accept commands and transfer stolen data. This sample is packed using a custom packer. --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/vertexnet-botnet-hides-behind-autoit *** Experts Worry About Long-Term Implications of NSA Revelations *** --------------------------------------------- With all of the disturbing revelations that have come to light in the last few weeks regarding the NSA's collection methods and its efforts to weaken cryptographic protocols and security products, experts say that perhaps the most worrisome result of all of this is that no one knows who or what they can trust anymore. --------------------------------------------- http://threatpost.com/experts-worry-about-long-term-implications-of-nsa-rev… *** Sophos UTM Unspecified WebAdmin Flaw Has Unspecified Impact *** --------------------------------------------- Sophos UTM Unspecified WebAdmin Flaw Has Unspecified Impact --------------------------------------------- http://www.securitytracker.com/id/1029039 *** Cisco Intrusion Prevention System Authentication Manager Process Flaw Lets Remote Users Deny Service *** --------------------------------------------- Cisco Intrusion Prevention System Authentication Manager Process Flaw Lets Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1029057 *** Massive Sicherheitslücke in iOS 7 entdeckt *** --------------------------------------------- Trotz Bildschirmsperre kann auf iPhones und iPads mit iOS 7 auf Fotos und dadurch auch auf Kontakte oder Twitter zugegriffen werden. Ausgangspunkt dafür ist das neue Control Center. --------------------------------------------- http://futurezone.at/produkte/apple-massive-sicherheitsluecke-in-ios-7-entd… *** Western Digital Arkeia Remote Code Execution *** --------------------------------------------- Western Digital Arkeia Remote Code Execution --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090143 *** HP ArcSight Enterprise Security Manager Input Validation Flaw Permits Cross-Site Scripting Attacks *** --------------------------------------------- HP ArcSight Enterprise Security Manager Input Validation Flaw Permits Cross-Site Scripting Attacks --------------------------------------------- http://www.securitytracker.com/id/1029069 *** Sicherheitsunternehmen warnt vor NSA-Algorithmus *** --------------------------------------------- Zufallsgenerator Dual EC DRBG in BSAFE und Data Protection Manager als Standard eingerichtet --------------------------------------------- http://derstandard.at/1379291450962 *** FTC-Beschwerde: TrendNets IP-Kameras sind nicht sicher *** --------------------------------------------- Die US-Handelskommission hat TrendNets zu umfangreichen Maßnahmen verpflichtet, um die Netzwerkkameras abzusichern. Auslöser war eine 2012 aufgedeckte Schwachstelle, durch die Unbefugte auf die Live-Streams hunderter TrendNet-Kunden zugreifen konnten. --------------------------------------------- http://www.heise.de/newsticker/meldung/FTC-Beschwerde-TrendNets-IP-Kameras-… *** The Small Biz 5 Step Plan to Security Breach Recovery *** --------------------------------------------- Why do Internet criminals favor small and medium sized businesses? One reason is because many are suppliers and partners of large corporate entities offering a convenient pathway to these partners' networks. Although most SMBs will not experience a security breach, many will. So, how can your business recover following a hacking incident? --------------------------------------------- http://www.business2community.com/small-business/small-biz-5-step-plan-secu… *** OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution *** --------------------------------------------- OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution --------------------------------------------- http://www.exploit-db.com/exploits/28408 *** Cisco AnyConnect Secure Mobility Client Directory Access Permissions Lets Local Users Gain Elevated Privileges *** --------------------------------------------- Cisco AnyConnect Secure Mobility Client Directory Access Permissions Lets Local Users Gain Elevated Privileges --------------------------------------------- http://www.securitytracker.com/id/1029063 *** HP IceWall Multiple Products Multiple Vulnerabilities *** --------------------------------------------- HP IceWall Multiple Products Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54930 *** Now Registering for Classes at Cybercrime U #INTH3WILD *** --------------------------------------------- As summer comes to a close, students all over the world are heading back to the classroom even in the cyber underground. Over the last few weeks, RSA has observed a spike in the availability of cybercrime courses, lessons, counseling and tutoring that are being offered to help fraudsters achieve their career goals. --------------------------------------------- https://blogs.rsa.com/now-registering-classes-cybercrime-u/ *** Yet another `malware-infected hosts as anonymization stepping stones` service offering access to hundreds of compromised hosts spotted in the wild *** --------------------------------------------- The general availability of DIY malware generating tools continues to contribute to the growth of the `malware-infected hosts as anonymization stepping stones` Socks4/Socks5/HTTP type of services, with new market entrants entering this largely commoditized market segment on a daily basis. Thanks to the virtually non-attributable campaigns that could be launched through the use of malware-infected hosts, ... --------------------------------------------- http://www.webroot.com/blog/2013/09/20/yet-another-malware-infected-hosts-a… *** Cisco AnyConnect VPN Client Secure Mobility Client Mac OS X Privilege Escalation Vulnerability *** --------------------------------------------- Cisco AnyConnect VPN Client Secure Mobility Client Mac OS X Privilege Escalation Vulnerability --------------------------------------------- https://secunia.com/advisories/54929

1 0

Tageszusammenfassung - Donnerstag 19-09-2013
by Daily end-of-shift report 19 Sep '13

19 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 18-09-2013 18:00 − Donnerstag 19-09-2013 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Security Bulletin: Buffer Overflow Vulnerability in IBM iNotes (CVE-2013-4068) *** --------------------------------------------- IBM iNotes 8.5.3 and 9.0 are at risk from a buffer overflow vulnerability. The fix for this issue is available in IBM Domino 8.5.3 Fix Pack 5 Interim Fix 1 and IBM Domino 9.0 Interim Fix 4. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_buf… *** Cisco DCNM Update Released, (Wed, Sep 18th) *** --------------------------------------------- We continue to see web applications deployed to manage datacenter functions. And Im sorry to say, we continue to see security issues in these applications - some of them so simple a quick run-through with Burp or ZAP would red-flag them. In that theme, today Cisco posts updates to DCNM (Cisco Prime Data Center Network Manager). --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16613&rss *** How to avoid unwanted software *** --------------------------------------------- We've all seen it; maybe it's on your own computer, or that of a friend, your spouse, child, or parent. Your home page has been changed to some search engine you've never heard of, there's a new, annoying toolbar in your browser. Maybe you're getting popup ads or have a rogue security product claiming you're infected and asking you to buy the program to remove the infection. Even worse, you don't know how it got there! --------------------------------------------- http://www.webroot.com/blog/2013/09/18/avoid-unwanted-software/ *** More Goodies in the Apple Security Update Basket!, (Wed, Sep 18th) *** --------------------------------------------- APPLE-SA-2013-09-18-3 An OSX update that fixes a situation where the hostname in a certificate is not checked against the actual hostname. This vulnerability means that anyone with a valid certificate can impersonate any host - lots of attack applications in this, when combined with MITM or DNS hijack attacks APPLE-SA-2013-09-18-2 An absolute TON of updates for IOS, which should be no surprise in a new version. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16619&rss *** Cisco NX-OS BGP Regex Processing Flaw Lets Remote Users Deny Service *** --------------------------------------------- Cisco NX-OS BGP Regex Processing Flaw Lets Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1029048 *** Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE *** --------------------------------------------- This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment (JRE) included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security vulnerabilities reported in Oracles Critical Patch Update releases of April and June 2013. --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Security Bulletin: IBM Tivoli Monitoring Basic Services Vulnerabilities (CVE-2013-2960, CVE-2013-2961 , CVE-2013-0548, CVE-2013-0551) *** --------------------------------------------- Several vulnerabilites have been resolved in the Basic Services component of IBM Tivoli Monitoring. These vulnerabilies could have potentially caused a denial of service or Cross Site Scripting (XSS) exposure. CVE(s): CVE-2013-2960, CVE-2013-2961, CVE-2013-0548, and CVE-2013-0551 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm… *** Bugtraq: Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability *** --------------------------------------------- Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/528721 *** New IE Zero Day is Actively Exploited In Targeted Attacks *** --------------------------------------------- Right after a week from September Patch Tuesday, Microsoft had to rush a "Fix It" workaround tool to address a new zero-day Internet Explorer vulnerability (CVE-2013-3893), which is reportedly being actively exploited in certain targeted attacks. As Microsoft advised, the said exploit is targeting a Use After Free Vulnerability in IE's HTML rendering engine (mshtml.dll). --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/new-ie-zero-day-… *** Drupal Google Site Search 6.x / 7.x Cross Site Scripting *** --------------------------------------------- Topic: Drupal Google Site Search 6.x / 7.x Cross Site Scripting Risk: Low Text:View online: https://drupal.org/node/2092395 * Advisory ID: DRUPAL-SA-CONTRIB-2013-077 * Project: Google Site Search [1... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090133 *** Hidden Lynx *** --------------------------------------------- Symantec hat eine Hackergruppe aufgespürt, die hunderte Organisationen angegriffen haben soll. --------------------------------------------- http://www.heise.de/newsticker/meldung/Hidden-Lynx-Raffinierte-Auftrags-Hac… *** EvilGrab Malware Family Used In Targeted Attacks In Asia *** --------------------------------------------- Recently, we spotted a new malware family that was being used in targeted attacks the EvilGrab malware family. It is called EvilGrab due to its behavior of grabbing audio, video, and screenshots from affected machines. The most common arrival vector for EvilGrab malware is spear phishing messages with malicious Microsoft Office Attachments. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/evilgrab-malware… *** ENISA Threat Landscape mid year 2013 *** --------------------------------------------- ENISA today presented its list of top cyber threats, as a first "taste" of its interim Threat Landscape 2013 report. The study analyses 50 reports, and identifies an increase in threats to: infrastructure through targeted attacks; mobile devices; and social media identity thefts carried out by cyber-criminals over Cloud services. --------------------------------------------- https://www.enisa.europa.eu/activities/risk-management/evolving-threat-envi… *** Apple schließt kritische iTunes-Lücke *** --------------------------------------------- Das Update auf iTunes-Version 11.1 bringt nicht nur den Streaming-Dienst "iTunes Radio" mit, es schließt auch Schwachstelle im ActiveX-Plug-in. --------------------------------------------- http://www.heise.de/newsticker/meldung/Apple-schliesst-kritische-iTunes-Lue… *** Apple Xcode GIT "git-imap-send" SSL Certificate Verification Security Issue *** --------------------------------------------- Apple Xcode GIT "git-imap-send" SSL Certificate Verification Security Issue --------------------------------------------- https://secunia.com/advisories/54887 *** iOS 7 Security Prompts *** --------------------------------------------- Apples iOS 7 was released yesterday. And it has some nice new security prompts... --------------------------------------------- http://www.f-secure.com/weblog/archives/00002610.html

1 0

Tageszusammenfassung - Mittwoch 18-09-2013
by Daily end-of-shift report 18 Sep '13

18 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 17-09-2013 18:00 − Mittwoch 18-09-2013 18:00 Handler: Christian Wojner Co-Handler: Matthias Fraidl *** WordPress Simple Dropbox Upload Plugin Arbitrary File Upload Vulnerability *** --------------------------------------------- WordPress Simple Dropbox Upload Plugin Arbitrary File Upload Vulnerability --------------------------------------------- https://secunia.com/advisories/54856 *** Microsoft Releases Security Advisory 2887505 *** --------------------------------------------- Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/09/17/microsoft-releases-secur… *** Securo-boffins link HIRED GUN hackers to Aurora, Bit9 megahacks *** --------------------------------------------- Researchers: It was resourceful Hidden Lynx crew wot done it Security researchers have linked the 'Hackers for hire' Hidden Lynx Group with a number of high-profile attacks, including an assault on net security firm Bit9, as well as the notorious Operation Aurora assault against Google and other hi-tech firms back in 2009. --------------------------------------------- http://www.theregister.co.uk/2013/09/17/chinese_hackers4hire_crew/ *** Secure on Social Networks *** --------------------------------------------- During the past few years, the popularity of social networks has grown tremendously. They have come to form an important part of our communication. Although social networks offer a useful and fun interactive platform for the exchange and provision of information, they also present various security and privacy risks. This factsheet offers you an overview of the risks involved in participation in social networks. --------------------------------------------- http://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/fact… *** Study finds fraudsters foist one-third of all Tor traffic *** --------------------------------------------- Anonymizing network disproportionately associated with online skullduggery People who access the internet through the anonymizing Tor network are much more likely to be up to no good than are typical internet users, according to a study by online reputation tracking firm Iovation. --------------------------------------------- http://www.theregister.co.uk/2013/09/18/study_finds_onethird_of_all_tor_tra… *** Look at risk before leaping into BYOD, report cautions *** --------------------------------------------- Risk management critical to skirting pitfalls of permitting personal devices in the office --------------------------------------------- http://www.csoonline.com/article/739937/look-at-risk-before-leaping-into-by… *** Connecting the Dots: Fake Apps, Russia, and the Mobile Web *** --------------------------------------------- The existence of fake mobile apps poses privacy and financial risks to users of the mobile web. As experts figure out the dangers of the consumerization and the lack of security of mobile devices, fake apps continue to grow. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/connecting-the-d… *** IBM Domino / iNotes Buffer Overflow Vulnerability *** --------------------------------------------- IBM Domino / iNotes Buffer Overflow Vulnerability --------------------------------------------- https://secunia.com/advisories/54895 *** Betrüger locken Smartphone-Nutzer mit angeblicher Werbung für G Data *** --------------------------------------------- Werbung in Android-Applikationen soll Nutzer dazu verleiten, teure Premium-SMS-Abos abzuschließen. G Data wehrt sich rechtlich gegen den Missbrauch des Markennames. --------------------------------------------- http://www.heise.de/security/meldung/Betrueger-locken-Smartphone-Nutzer-mit… *** Mozilla Firefox / Thunderbird Multiple Vulnerabilities *** --------------------------------------------- Some vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. --------------------------------------------- https://secunia.com/advisories/54892 *** Researchers can slip an undetectable trojan into Intel's Ivy Bridge CPUS *** --------------------------------------------- New technique bakes super stealthy hardware trojans into chip silicon. --------------------------------------------- http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectabl…

1 0

Tageszusammenfassung - Dienstag 17-09-2013
by Daily end-of-shift report 17 Sep '13

17 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 16-09-2013 18:00 − Dienstag 17-09-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** ZeuS/ZBOT: Most Distributed Malware by Spam in August *** --------------------------------------------- In our 2Q Security Roundup, we noted the resurgence of online banking malware, in particular the increase of ZeuS/ZBOT variants during the quarter. While ZeuS/ZBOT has been around for some times, its prevalence shows that it is still a big threat to end users today. For the month of August, 23% of spam with malicious... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/7c3B-kxDrTA/ *** Dropbox Installation Hinders ASLR *** --------------------------------------------- The popular cloud storage service Dropbox is reportedly undercutting the efficacy of access space layout randomization (ASLR) by failing to enable that feature within the dynamic link libraries (DLLs) it injects into other applications. --------------------------------------------- http://threatpost.com/dropbox-installation-hinders-aslr/102304 *** Not So Fast on BEAST Attack Mitigations *** --------------------------------------------- The BEAST attacks, once thought mitigated, may again be viable because of weaknesses in RC4 rendering server-side mitigation moot, and Apples reluctance to enable a 1/1-n split client-side mitigation by default. --------------------------------------------- http://threatpost.com/not-so-fast-on-beast-attack-mitigations/102308 *** Mac OS X Security Configuration Guides *** --------------------------------------------- The Security Configuration Guides provide an overview of features in Mac OS X that can be used to enhance security, known as hardening your computer. The guides are designed to give instructions and recommendations for securing Mac OS X and for maintaining a secure computer. --------------------------------------------- https://ssl.apple.com/support/security/guides/ *** Google knows nearly every Wi-Fi password in the world *** --------------------------------------------- If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. ... Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldnt change it. I suspect that many Android users have never even seen the configuration option controlling this. --------------------------------------------- http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-f… *** With XPs End of Life, Munich Will Distribute Ubuntu CDs *** --------------------------------------------- SmartAboutThings writes "Windows XP is going to officially die and stop receiving support from Microsoft in April, 2014. After that very moment, it is said to become a gold mine for hackers all over the world who will exploit zero-day vulnerabilities. The municipality of the German city of Munich wants to stop that from happening [and] has decided to distribute free CDs with Ubuntu 12.04 to users of the almost extinct XP. Munich, through its Gasteig Library, will prepare around 2000 CDs... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fH6x8koNgKU/story01.htm *** A Random Diary, (Tue, Sep 17th) *** --------------------------------------------- The current discussion about breaking encryption algorithm has one common thread: random number generators. No matter the encryption algorithm, if your encryption keys are not random, the algorithm can be brute forced much easier then theoretically predicted based on the strength of the algorithm. All encryption algorithms depend on good random keys and generating good random numbers has long been a problem. In Unix systems for example, you will have two random devices: /dev/random and... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16592&rss *** Mitsubishi MC-WorkX Suite Insecure ActiveX Control *** --------------------------------------------- ICS-CERT is aware of a public report of an insecure ActiveX Control vulnerability in the Mitsubishi MC-WorkX Suite - IcoLaunch.dll with proof-of-concept (PoC) exploit code affecting Mitsubishi MC-WorkX Suite, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the PoC allows crafting a Login Client button, which when clicked by the victim, can launch malicious code from a remote share... --------------------------------------------- http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-259-01 *** Moodle external.php cross-site scripting *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/87148 *** Moodle null byte SQL injection *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/87149 *** [remote] - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution *** --------------------------------------------- http://www.exploit-db.com/exploits/28334 *** [remote] - D-Link Devices UPnP SOAP Telnetd Command Execution *** --------------------------------------------- http://www.exploit-db.com/exploits/28333 *** IBM Tivoli Composite Application Manager for Transactions Java Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54849

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily September 2013