Daily September 2013

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - Montag 16-09-2013
by Daily end-of-shift report 16 Sep '13

16 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 13-09-2013 18:00 − Montag 16-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Microsoft reissues September patches after user complaints *** --------------------------------------------- A fix to fix the fixes that didnt Problems with Microsofts last round of operating system and application patches have forced the company to reissue part of the update on Friday. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/09/13/microsoft_r… *** ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication *** --------------------------------------------- Topic: ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication Risk: High Text:ProFTPd installs with mod_sftp and mod_sftp_pam activated contain the vulnerability described in this post. The current stab... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090109 *** Lange Passwörter legen Djangos Webapps lahm *** --------------------------------------------- Das freie Web-Framework Django überprüft eingegebene Passwörter nicht auf Länge, bevor es sie hasht. Das können Angreifer für DoS-Angriffe nutzen. --------------------------------------------- http://www.heise.de/security/meldung/Lange-Passwoerter-legen-Djangos-Webapp… *** Tagungsband zur Fachkonferenz D.A.CH Security 2013 *** --------------------------------------------- Auf der zweitägigen Arbeitskonferenz D.A.CH Security 2013 soll in zahlreichen Vorträgen ein umfassendes Bild des aktuellen Stands rund um IT-Sicherheit gezeichnet werden. Die Referentenbeiträge sind in einem Begleitband zur Tagung zusammengefasst. --------------------------------------------- http://www.heise.de/newsticker/meldung/Tagungsband-zur-Fachkonferenz-D-A-CH… *** Masscan: the entire Internet in 3 minutes *** --------------------------------------------- Masscan is the fastest port scanner, more than 10 times faster than any other port scanner. As the screenshot shows, it can transmit 25 million packets/second, which is fast enough to scan the entire Internet in just under 3 minutes. The system doing this is just a typical quad-core desktop processor. The only unusual part of the system is the dual-port 10-gbps Ethernet card (most computers have only 1-gbps Ethernet). --------------------------------------------- http://blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html *** CSRF Vulnerability in eBay Allows Hackers to Hijack User Accounts *** --------------------------------------------- IT consultant and tech enthusiast Paul Moore has identified a few security issues on eBay, including a cross-site request forgery (CSRF or XSRF) vulnerability that can be exploited by hackers to compromise user accounts. The expert has found that the eBay page which lets users update their profile is vulnerable to XSRF. That's because the field which links it to the user's active cookie is missing. --------------------------------------------- http://news.softpedia.com/news/CSRF-Vulnerability-in-eBay-Allows-Hackers-to… *** Mac OS X Security Configuration Guides *** --------------------------------------------- The Security Configuration Guides provide an overview of features in Mac OS X that can be used to enhance security, known as hardening your computer. The guides are designed to give instructions and recommendations for securing Mac OS X and for maintaining a secure computer. --------------------------------------------- https://ssl.apple.com/support/security/guides/ *** Google knows nearly every Wi-Fi password in the world *** --------------------------------------------- If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. ... Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldnt change it. I suspect that many Android users have never even seen the configuration option controlling this. --------------------------------------------- http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-f…

1 0

Tageszusammenfassung - Freitag 13-09-2013
by Daily end-of-shift report 13 Sep '13

13 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 12-09-2013 18:00 − Freitag 13-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Symantec to start revoking customers SSL certificates by October 1 *** --------------------------------------------- ... Symantec will revoke SSL certificates that are using something other than 2048-bit keys. The security giant is making this move as a preemptive measure against the pending December 31 deadline imposed by the Certification Authority/Browser (CA/B) Forum and the National Institute of Standards and Technology (NIST) for Certificate Authorities to halt the issue of 1024-bit certificates. --------------------------------------------- http://www.csoonline.com/article/739590/symantec-to-start-revoking-customer… *** Verdacht auf Zero-Day-Lücke in OpenX und Revive *** --------------------------------------------- Wie heise berichtet, gibt es aktuell einen Verdacht auf eine Zero-Day-Lücke in der Ad-Server-Software OpenX (und dem Fork Revive). Diese wird angeblich auch bereits aktiv ausgenützt. Wir können das mangels Detailwissen nicht nachvollziehen, und haben bisher auch keine anderen Meldungen über aktive Ausnutzung dieser Lücke gehört. --------------------------------------------- http://www.cert.at/services/blog/20130912163815-950.html *** Debian update for mediawiki *** --------------------------------------------- Debian has issued an update for mediawiki. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information. --------------------------------------------- https://secunia.com/advisories/54787 *** Apple veröffentlicht OS X 10.8.5 *** --------------------------------------------- Die jüngste Mountain-Lion-Version soll unter anderem Probleme bei Apple Mail und Dateitransfers über 802.11ac lösen. Außerdem wurden Sicherheitsupdates für Lion und Snow Leopard veröffentlicht. --------------------------------------------- http://www.heise.de/security/meldung/Apple-veroeffentlicht-OS-X-10-8-5-1955… *** WordPress Multiple Vulnerabilities *** --------------------------------------------- A weakness, a security issue, and a vulnerability have been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system and by malicious people to conduct spoofing attacks. --------------------------------------------- https://secunia.com/advisories/54803 *** IBM WebSphere Message Broker Information Center Multiple Vulnerabilities *** --------------------------------------------- A security issue and a vulnerability have been reported in IBM WebSphere Message Broker, which can be exploited by malicious people to disclose certain sensitive information and conduct cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/54835 *** Stealthy Dopant-Level Hardware Trojans *** --------------------------------------------- DoctorBit writes "A team of researchers funded in part by the NSF has just published a paper in which they demonstrate a way to introduce hardware Trojans into a chip by altering only the dopant masks of a few of the chips transistors. From the paper: Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/wd-ZoysTfmA/story01.htm *** Cisco Unified MeetingPlace Cross-Site Request Forgery Vulnerability *** --------------------------------------------- A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site request forgery attacks. --------------------------------------------- https://secunia.com/advisories/54768 *** Security Bulletin: Vulnerability in IBM Analytical Decision Management (CVE-2013-4047, CVE-2013-4048, CVE-2013-4049 & CVE-2013-5369) *** --------------------------------------------- Vulnerabilities have been identified in IBM Analytical Decision Management which make the product vulnerable to attacks using script injection and remote code execution. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21648929 *** Rootkit Cafe *** --------------------------------------------- Have you ever wondered about the ads you might have seen being shown on the desktop or in the browser during web browsing sessions at Internet cafes? One of our Analysts, Wayne, certainly did.He recently analyzed a sample (SHA1: c8c643df81df5f60d5cd8cf46cb3902c5f630e96) that gave him an interesting answer. The sample was a rootkit named in its code as LanEx, though we detect it as Rootkit:W32/Sfuzuan.A:Wayne traced the sample back to an advertising company in China called 58wangwei that runs an --------------------------------------------- http://www.f-secure.com/weblog/archives/00002607.html *** D-Link DIR-505 Wireless Router Security Bypass Security Issue *** --------------------------------------------- Alessandro Di Pinto has reported a security issue in D-Link DIR-505 Wireless Router, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/54752 *** Server Security Scan for WordPress *** --------------------------------------------- Server Security Scan checks WordPress installations for unsafe PHP settings and functions, write permissions of directories, errors and error levels, and the presence of security modules. It's worth noting that the tool doesn't fix any of the found issues. --------------------------------------------- http://news.softpedia.com/news/Security-App-of-the-Week-Server-Security-Sca…

1 0

Tageszusammenfassung - Donnerstag 12-09-2013
by Daily end-of-shift report 12 Sep '13

12 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 11-09-2013 18:00 − Donnerstag 12-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** NIST advises against use of random bit generator algorithm apparently backdoored by NSA *** --------------------------------------------- "NIST strongly recommends that, pending the resolution of the security concerns and the re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A, no longer be used," NIST says in a bulletin. --------------------------------------------- http://www.fiercegovernmentit.com/story/nist-advises-against-use-random-bit… *** Bugtraq: OWASP Zed Attack Proxy 2.2.0 *** --------------------------------------------- This includes support for scripts embedded in ZAP components like the active and passive scanners as well as support for Zest - a new security focused scripting language from the Mozilla security team. It also supports Mozilla Plug-n-Hack, localization in 20 languages, various minor enhancements and lots of bug fixes. --------------------------------------------- http://www.securityfocus.com/archive/1/528553 *** Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 6.1.0.47 *** --------------------------------------------- Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 6.1.0.47 CVE ID(s): CVE-2012-3305 CVE-2012-4853 CVE-2013-0458 CVE-2013-0461 CVE-2013-0460 CVE-2013-0459 CVE-2013-0596 CVE-2013-0541 CVE-2013-0543 CVE-2013-0462 CVE-2013-2967 CVE-2013-2976 CVE-2013-0542 CVE-2013-0544 CVE-2013-0169 CVE-2013-1768 CVE-2013-1862 CVE-2013-4005 CVE-2013-3029 CVE-2013-1896 CVE-2012-2098 CVE-2013-4053 CVE-2013-4052 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pot… *** Technical Analysis of CVE-2013-3147 *** --------------------------------------------- In July, Microsoft released a patch for a memory-corruption vulnerability in the Internet Explorer (IE) Web browser. The vulnerability enabled remote attackers to execute arbitrary code or cause a denial of service through a crafted or compromised website — also known as … Continue reading → --------------------------------------------- http://www.fireeye.com/blog/technical/2013/09/technical-analysis-of-cve-201… *** TYPO3 CMS 6.1.5, 6.0.10, 4.7.15 and 4.5.30 released *** --------------------------------------------- We are announcing the release of the following TYPO3 CMS updates: TYPO3 CMS 6.1.5 TYPO3 CMS 6.0.10 TYPO3 CMS 4.7.15 TYPO3 CMS 4.5.30 All versions are maintenance releases and contain bug fixes. Note: The 6.1.5 and 6.0.10 releases contain important fixes to regression which were introduced in the latest security releases (6.1.4 and 6.0.9). Releases 4.7.15 and 4.5.30 are merely bug fix releases, and increased compatibility with browsers and MySQL 5.5. --------------------------------------------- http://typo3.org/news/article/typo3-cms-615-6010-4715-and-4530-released/ *** Wordpress-Update schließt Sicherheitslücken *** --------------------------------------------- Mit Version 3.6.1 hat das Wordpress-Team ein wichtiges Update für seine Open-Source-Blog-Software freigegeben. 13 Fehler und drei Sicherheitslücken der vor kurzem veröffentlichten Version 3.6 wurden behoben, die Entwickler raten zur Aktualisierung. --------------------------------------------- http://www.heise.de/security/meldung/Wordpress-Update-schliesst-Sicherheits… *** Analysis: Staying safe from virtual robbers *** --------------------------------------------- The more popular online banking becomes, the more determined cybercriminals are to steal users’ money. How is money stolen with the help of malicious programs? How can you protect yourself from virtual robbery? --------------------------------------------- http://www.securelist.com/en/analysis/204792304/Staying_safe_from_virtual_r… *** Office-Updates geraten in Installationsschleife *** --------------------------------------------- Einige der am September-Patchday herausgegebene Office-Patches sind offenbar fehlerhaft. Drei der Updates hängen in einer Installationsschleife fest, eines sorgt dafür, dass Outlook nur noch eingeschränkt nutzbar ist. --------------------------------------------- http://www.heise.de/newsticker/meldung/Office-Updates-geraten-in-Installati… *** Juniper Junos Pulse Secure Access Service / Junos Pulse Access Control Service OpenSSL Multiple Vulnerabilities *** --------------------------------------------- Juniper Junos Pulse Secure Access Service / Junos Pulse Access Control Service OpenSSL Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54777 *** Siemens SCALANCE X-200 Web Hijack Vulnerability *** --------------------------------------------- OVERVIEWSiemens has identified a Web hijack vulnerability in the SCALANCE X-200 switch product family. Researcher Eireann Leverett of IOActive coordinated disclosure of the vulnerability with Siemens. Siemens has produced a firmware update that mitigates this vulnerability.This vulnerability could be exploited remotely.AFFECTED PRODUCTSSiemens reports that the vulnerability affects the following versions: --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-254-01 *** Firefox OS Likely to Face HTML5, Boot-to-gecko Process Attacks *** --------------------------------------------- Excerpt: The Firefox OS, a new contender in mobile operating systems, will likely see HTML5-related attacks and assaults on a crucial operating system process, according to security vendor Trend Micro.Some mobile phone operators are already shipping devices with the Firefox OS, which comes from Mozilla, the nonprofit organization behind the Firefox desktop browser. --------------------------------------------- http://www.cio.com/article/739475/Firefox_OS_Likely_to_Face_HTML5_Boot_to_g…

1 0

Tageszusammenfassung - Mittwoch 11-09-2013
by Daily end-of-shift report 11 Sep '13

11 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 10-09-2013 18:00 − Mittwoch 11-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Juniper Junos J-Web Arbitrary Command Execution Vulnerability *** --------------------------------------------- Sense of Security has reported a vulnerability in Juniper Junos, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the application not properly restricting access to /jsdm/ajax/port.php and can be exploited to execute arbitrary OS commands with root privileges. --------------------------------------------- https://secunia.com/advisories/54731 *** Android Mobile: Following In the Windows Footsteps *** --------------------------------------------- FireEye discovered an email spam campaign, currently ongoing, which is dropping the well-known Android malware Android FakeDefender. Looking through our DTI platform, we believe that this campaign started on the 6th of September. Vector of Propagation FireEye Labs has identified … Continue reading → --------------------------------------------- http://www.fireeye.com/blog/technical/2013/09/android-malware.html *** BlackBerry Patches Flash, WebKit and Libexif Flaws on Mobile Devices *** --------------------------------------------- BlackBerry issued four security advisories, patching vulnerabilities in the Z10 and Q10 smartphones and the PlayBook tablet. --------------------------------------------- http://threatpost.com/blackberry-patches-flash-webkit-and-libexif-flaws-on-… *** Macs need to patch too!, (Tue, Sep 10th) *** --------------------------------------------- Our regular readers know this, but on Patch Tuesday aka Black Tuesday we get a bit wider audience and hence its worth repeating it even more: Do not forget to also patch your Macs! E.g. a Trojan was recently discoverd that targets Macs with unpatched java flaws. See the Intego writeup. Not only that. Microsoft Office, Adobe Flash, shockwave, reader or acrobat all need to get update too. -- Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons --------------------------------------------- http://isc.sans.edu/diary.html?storyid=16544&rss *** Investigating the Security of the Firefox OS *** --------------------------------------------- Firefox OS is Mozilla’s foray into the mobile operating system field and promises a more adaptive mobile OS. But as mobile threats, in particular in the Android platform, has gained momentum, the question in everyone’s mind is – how safe is it? About a month ago, Telefonica announced that it had launched the Firefox OS […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroInvestigating the Security of the Firefox OS --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/b6Lw53NWiz4/ *** FreeBSD Network ioctl(2) Lets Local Users Gain Elevated Privileges *** --------------------------------------------- A vulnerability was reported in the FreeBSD Kernel. A local user can cause denial of service conditions. A local user may be able to obtain elevated privileges on the target system. --------------------------------------------- http://www.securitytracker.com/id/1029014 *** Managed Malicious Java Applets Hosting Service Spotted in the Wild *** --------------------------------------------- In a series of blog posts, we’ve been profiling the tactics and DIY tools of novice cybercriminals, whose malicious campaigns tend to largely rely on social engineering techniques, on their way to trick users into thinking that they’ve been exposed to a legitimate Java applet window. These very same malicious Java applets, continue representing a popular infection vector among novice cybercriminals, who remain the primary customers of the DIY tools/attack platforms that we’ve --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/3tgS8jmgHQQ/ *** Summary for September 2013 - Version: 1.0 *** --------------------------------------------- Unter anderem: - Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution - Vulnerability in Microsoft Outlook Could Allow Remote Code Execution - Vulnerability in OLE Could Allow Remote Code Execution - Vulnerability in Windows Theme File Could Allow Remote Code Execution - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution - Vulnerabilities in Microsoft Access Could Allow Remote Code Execution --------------------------------------------- http://technet.microsoft.com/en-gb/security/bulletin/ms13-sep *** Bugtraq: Synology DSM multiple vulnerabilities *** --------------------------------------------- Synology DiskStation Manager (DSM) it's a Linux based operating system, used for the DiskStation and RackStation products. --------------------------------------------- http://www.securityfocus.com/archive/1/528543 *** Java 7u40 ist da – diesmal kein Critical Patch Update *** --------------------------------------------- Das als Funktions-Update angedachte neue Java-Release bringt etliche Sicherheits-Features und ein an die frührere JRockit Mission Control Suite erinnerndes Werkzeug zur Überwachung und zum Profiling der JVM. --------------------------------------------- http://www.heise.de/security/meldung/Java-7u40-ist-da-diesmal-kein-Critical… *** Xen - libxl partially sets up HVM passthrough even with disabled iommu *** --------------------------------------------- Impact: A HVM domain, given access to a device which bus mastering capable in the absence of a functioning IOMMU, can mount a privilege escalation or denial of service attack affecting the whole system. --------------------------------------------- http://seclists.org/oss-sec/2013/q3/578 *** Adobe Security Bulletins Posted *** --------------------------------------------- Today, we released the following Security Bulletins: APSB13-21 – Security updates available for Adobe Flash Player APSB13-22 – Security updates available for Adobe Acrobat and Reader APSB13-23 – Security updates available for Shockwave Player Customers of the affected products should … Continue reading → --------------------------------------------- http://blogs.adobe.com/psirt/2013/09/adobe-security-bulletins-posted-9.html *** RouterOS sshd Denial of Service Vulnerability *** --------------------------------------------- Kingcope has reported a vulnerability in RouterOS, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within sshd when processing requests and can be exploited to corrupt memory and subsequently cause a crash of the daemon. --------------------------------------------- https://secunia.com/advisories/54633

1 0

Tageszusammenfassung - Dienstag 10-09-2013
by Daily end-of-shift report 10 Sep '13

10 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 09-09-2013 18:00 − Dienstag 10-09-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Book Review: The Practice of Network Security Monitoring *** --------------------------------------------- benrothke writes "It has been about 8 years since my friend Richard Bejtlichs (note, that was a full disclosure my friend) last book Extrusion Detection: Security Monitoring for Internal Intrusions came out. That and his other 2 books were heavy on technical analysis and real-word solutions. Some titles only start to cover ground after about 80 pages of introduction. With this highly informative and actionable book, you are already reviewing tcpdump output at page 16. In The Practice of --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/GDJ5LDb-zAY/story01.htm *** Researchers Call for Ban on PHP SuperGlobal Variables *** --------------------------------------------- Researchers urge developers to ban PHP SuperGlobal variables in applications. These variables are wide open to remote code execution, remote file inclusion and security bypasses. --------------------------------------------- http://threatpost.com/researchers-call-for-ban-on-php-superglobal-variables… *** Keeping Data Secret, Even From Apps That Use It *** --------------------------------------------- Nervals Lobster writes "Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it may get some help from a new encryption technique that allows data to be stored, transported and even used by applications without giving away any secrets. In a paper to be presented at a major European security conference this week, researchers from Denmark and the U.K. collaborated on a practical way to implement a long-discussed encryption concept called --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/xYV9IJvP0OQ/story01.htm *** Online security: it’s in your interest! 1st European Cyber Security Month coming up in October *** --------------------------------------------- In October 2013, the first fully-fledged European Cyber Security Month (ECSM) will take place all over Europe. --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/online-security-it2019s-in-… *** MIPS-Router mit Entropieproblemen *** --------------------------------------------- Die MIPS-Ausgabe von Linux erzeugt Zufallszahlen mit Hilfe von fragwürdigen Entropiewerten, was die Angreifbarkeit von kryptografischen Schlüsseln erhöht. Dies betrifft eine ganze Reihe von Routern für den Endverbraucher-Markt. --------------------------------------------- http://www.heise.de *** iPhone 5S Phishing Mail Arrives In Time for Launch *** --------------------------------------------- While millions of mobile users are anticipating the launch of the new iPhone (5S and 5C), cybercriminals are already making their move to distribute spam that promise to give away the said devices for free, in the guise of a contest. We saw samples of spammed messages that attempted to spoof an Apple Store email […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroiPhone 5S Phishing Mail Arrives In Time for Launch --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/zf_EldxUPaU/ *** Windows Phone 7: a look at popular apps and their data storage practices *** --------------------------------------------- This paper looks at how popular Windows Phone 7 apps address data storage with a focus on the platforms initial lack of data protection APIs and how that influenced the type of and manner in which data was kept on a users device. --------------------------------------------- https://www.isecpartners.com/media/106503/wp7_app_survey_storage.pdf *** NSA-Affäre: Generatoren für Zufallszahlen unter der Lupe *** --------------------------------------------- Nachdem bekannt wurde, dass die NSA eine Backdoor in einen von NIST veröffentlichten Zufallszahlengenerator einbaute, werden nun viele Entropie-Quellen mit gesundem Misstrauen geprüft. So auch Intels Chip-basierte RDRAND-Funktion unter Linux. --------------------------------------------- http://www.heise.de/security/meldung/NSA-Affaere-Generatoren-fuer-Zufallsza… *** iPhone 5S: Fingerabdruckscanner können ausgetrickst werden *** --------------------------------------------- Einfache Systeme mit Fotokopien täuschbar - Experten orten Probleme auch in zentralen Datenbanken --------------------------------------------- http://derstandard.at/1378248579562 *** HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse *** --------------------------------------------- Potential security vulnerabilities have been identified with HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM). These vulnerabilities could be exploited remotely to allow SQL injection, remote code execution and session reuse. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-13:12.ifioctl *** --------------------------------------------- http://www.securityfocus.com/archive/1/528520 *** Bugtraq: Open-Xchange Security Advisory 2013-09-10 *** --------------------------------------------- http://www.securityfocus.com/archive/1/528519 *** Bugtraq: Multiple vulnerabilities on D-Link Dir-505 devices *** --------------------------------------------- http://www.securityfocus.com/archive/1/528516

1 0

Tageszusammenfassung - Montag 9-09-2013
by Daily end-of-shift report 09 Sep '13

09 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 06-09-2013 18:00 − Montag 09-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Zwei-Faktor-Authentifizierung bei GitHub *** --------------------------------------------- Bei dem Quellcode-Hoster können Nutzer ihren Account nun auch mit einer zusätzlichen Authentifizierungsschicht absichern. Das schützt GitHub-Projekte vor Manipulationen, wenn die Zugangsdaten mal in die falschen Hände fallen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Zwei-Faktor-Authentifizierung-bei-Gi… *** Citrix CloudPortal Services Manager Multiple Flaws Have Unspecified Impact *** --------------------------------------------- Citrix CloudPortal Services Manager Multiple Flaws Have Unspecified Impact --------------------------------------------- http://www.securitytracker.com/id/1028987 *** AirPort Extreme Base Station Frame Processing Bug Lets Remote Users Deny Service *** --------------------------------------------- AirPort Extreme Base Station Frame Processing Bug Lets Remote Users Deny Service --------------------------------------------- http://www.securitytracker.com/id/1028988 *** pyOpenSSL hostname check bypassing vulnerability *** --------------------------------------------- Topic: pyOpenSSL hostname check bypassing vulnerability Risk: Medium Text:The pyOpenSSL module implements hostname identity checks but it did not properly handle hostnames in the certificate that conta... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090061 *** John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC *** --------------------------------------------- New submitter anwyn writes " In a recent article postend on the cryptography mailing list, long time civil libertarian and free software entrepreneur, John Gilmore has analyzed possible NSA obstruction of cryptography in IPSEC. He suggest that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones:" Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KQm4nlge0-A/story01.htm *** Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-22) *** --------------------------------------------- A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, September 10, 2013. We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe … Continue reading → --------------------------------------------- http://blogs.adobe.com/psirt/2013/09/prenotification-upcoming-security-upda… *** Telekom: Router warnt bei Bot-Befall *** --------------------------------------------- Die Telekom sammelt mit eigenen Honeypots Daten über Angriffsszenarien und macht sich diese zum Beispiel in einer Router-Software zu Nutze, die den Anwender warnt, wenn seine IP-Adresse Teil eines Botnetzes ist. --------------------------------------------- http://www.heise.de/security/meldung/Telekom-Router-warnt-bei-Bot-Befall-19… *** Spy Service Exposes Nigerian ‘Yahoo Boys’ *** --------------------------------------------- A crude but effective online service that lets users deploy keystroke logging malware and then view the stolen data remotely was hacked recently. The information leaked from that service has revealed a network of several thousand Nigerian email scammers and offers a fascinating glimpse into an entire underground economy that is seldom explored. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/Bxu69w83Y0Q/ *** Scammers pop up in Android’s Calendar App *** --------------------------------------------- Over the last couple of days, we’ve intercepted a rather interesting fraudulent approach that’s not just successfully hitting the inboxes of users internationally, but is also popping up as an event on their Android Calendar apps. How is this possible? Fairly simple. Sample screenshot of the fraudulent Google Calendar invitation: Through automatic registration — thanks to the outsourcing of the CAPTCHA solving process — fraudsters are registering thousands of bogus --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/JEYS_MitQTU/ *** Kein großes Smartphone-Betriebssystem vor US-Geheimdienst sicher *** --------------------------------------------- Der amerikanische Geheimdienst NSA kann sich Zugang zu Nutzerdaten von iPhones, Android-Smartphones und BlackBerry-Geräten verschaffen. Dies meldet der Spiegel unter Bezug auf geheime Unterlagen. --------------------------------------------- http://www.heise.de *** No, the NSA cant spy on arbitrary smartphone data *** --------------------------------------------- The NSA has been exposed as evil and untrustworthy, but so has the press. The press distorts every new revelation, ignoring crucial technical details, and making it sound worse than it really is. An example is this Der Spiegel story claiming "NSA Can Spy On Smartphone Data", such as grabbing your contacts or SMS/email stored on the phone. Update: That was a teaser story, the actual story appearing tomorrow has more facts and fewer speculations than the teaser story. --------------------------------------------- http://blog.erratasec.com/2013/09/no-nsa-cant-spy-on-smartphone-data.html *** IBM OS/400 Java Multiple Vulnerabilities *** --------------------------------------------- IBM OS/400 Java Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/54631 *** ExecScent: Mining for New C&C Domains in Live Networks with Adaptive Control Protocol Templates *** --------------------------------------------- In this paper, we present ExecScent, a novel system that aims to mine new, previously unknown C&C domain names from live enterprise network traffic. ExecScent automatically learns control protocol templates (CPTs) from examples of known C&C communications. These CPTs are then adapted to the “background traffic” of the network where the templates are to be deployed. The goal is to generate hybrid templates that can self-tune to each specific deployment scenario, thus ... --------------------------------------------- https://www.damballa.com/downloads/a_pubs/Damballa_ExecScent.pdf *** 30-Second HTTPS Crypto Cracking Tool Released *** --------------------------------------------- Three researchers who discovered a crypto attack that can be used to grab sensitive information from HTTPS traffic in less than 30 seconds have released a tool to help website operators see if their systems are susceptible. Details of the BREACH -- short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext -- attack were first revealed last month at the Black Hat information security conference ... --------------------------------------------- http://www.informationweek.com/security/attacks/30-second-https-crypto-crac… *** Vuln: Cisco Adaptive Security Appliance (ASA) Software Denial of Service Vulnerability *** --------------------------------------------- Cisco Adaptive Security Appliance (ASA) Software Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/62251 *** [webapps] - Moodle 2.3.9, 2.4.6 - Multiple Vulnerabilities *** --------------------------------------------- Moodle 2.3.9, 2.4.6 - Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/28174 *** Exploring attacks against PHP applications *** --------------------------------------------- Imperva released its September Hacker Intelligence Initiative report which presents an in-depth view of recent attacks against PHP applications, including attacks that involve the PHP “SuperGlobal” parameters, and provides further insight into the nature of hacking activities in general and the implications for the overall integrity of the World Wide Web. --------------------------------------------- http://www.net-security.org/secworld.php?id=15535 *** Sophos pulls out spade, fills in holes in Web Appliance *** --------------------------------------------- Uproots root privilege route, covers it over Sophos has pulled out the weeds in its web-scanning software after Core Security identified multiple holes in its Web Protection Appliance versions 3.8.0, 3.8.13 and 3.7.9 and earlier.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/09/09/sophos_patc… *** Security experts question if Googles Chrome Apps is worth the risk *** --------------------------------------------- Worry based on security issues with cross-platform tech such as Flash and Java, which pioneered the write once, infect everywhere model --------------------------------------------- http://www.csoonline.com/article/739320/security-experts-question-if-google… *** Blackout - Feature-length What-If drama exploring the effects of a devastating cyber-attack on Britains national electricity grid *** --------------------------------------------- Based on expert advice and meticulous research, Blackout combines real user-generated footage, alongside fictional scenes, CCTV archive and news reports to build a terrifyingly realistic account of Britain being plunged into darkness. --------------------------------------------- http://www.channel4.com/programmes/blackout/episode-guide

1 0

Tageszusammenfassung - Freitag 6-09-2013
by Daily end-of-shift report 06 Sep '13

06 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 05-09-2013 18:00 − Freitag 06-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Advance Notification Service for September 2013 Security Bulletin Release *** --------------------------------------------- In celebration of kids heading back to school, today we're providing advance notification for the release of 14 bulletins, four Critical and 10 Important, for September 2013. The Critical updates address issues in Internet Explorer, Outlook, SharePoint and Windows. As always, we've scheduled the bulletin release for the second Tuesday of the month, Sept. 10, 2013, at approximately 10:00 a.m. PDT. Revisit this blog then for our analysis of the risk and impact, as well as our --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/09/05/advance-notification-ser… *** Windows 8s Picture Passwords Weaker Than Users Might Hope *** --------------------------------------------- colinneagle writes with word of work done by researchers at Arizona State University, Delaware State University and GFS Technology Inc., who find that the multiple-picture sequence security option of Windows 8 suffers from various flaws -- some of them specific to a password system based on gestures, and some analogous to weaknesses in conventional passwords entered by keyboard. "The research found that the strength of picture gesture password has a strong connection to how long a person --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/28mhP0YmW7c/story01.htm *** The NSA's work to make crypto worse and better *** --------------------------------------------- Leaked documents say that the NSA has compromised encryption specs. It wasnt always this way. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/b8hGFShwJ6E/story01… *** August 2013 Virus Activity Overview *** --------------------------------------------- September 2, 2013 In August, Doctor Web specialists analysed a myriad of new malware. At the beginning of the month, they discovered a malicious program that compromised sites making use of popular CMSs. In the second half of August, a Trojan-Spy was found that represents a serious risk to Linux machines. Viruses According to the statistical information collected on computers by Dr.Web CureIt!, Trojan.Loadmoney.1 became the leader among the threats identified Trojan.Hosts.6815, which in an --------------------------------------------- http://news.drweb.com/show/?i=3885&lng=en&c=9 *** IKEd AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL *** --------------------------------------------- Topic: IKEd AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL Risk: Medium Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090054 *** Vuln: Citrix CloudPortal Services Manager CVE-2013-2939 Unspecified Security Vulnerability *** --------------------------------------------- Citrix CloudPortal Services Manager CVE-2013-2939 Unspecified Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/62236 *** Patch-Dienstag: Microsoft flickt 14 Mal, Adobe einmal *** --------------------------------------------- Sowohl Microsoft als auch Adobe wollen am kommenden Dienstag wieder diverse Probleme in ihrer Software beheben. Microsoft plant, vier kritische Lücken zu schließen, wovon eine alle unterstützten Versionen des Internet Explorers betrifft. --------------------------------------------- http://www.heise.de/newsticker/meldung/Patch-Dienstag-Microsoft-flickt-14-M… *** Cisco Jabber for Windows SSL Certificate Verification Security Issue *** --------------------------------------------- Cisco Jabber for Windows SSL Certificate Verification Security Issue --------------------------------------------- https://secunia.com/advisories/54622

1 0

Tageszusammenfassung - Donnerstag 5-09-2013
by Daily end-of-shift report 05 Sep '13

05 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 04-09-2013 18:00 − Donnerstag 05-09-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Mit Typo 3 zum Server-Admin *** --------------------------------------------- Angemeldete Benutzer konnten unter Typo 3 Konfigurationsdateien auslesen und Dateien kopieren, löschen und ausführen. Nachdem die Experten der SySS GmbH diese Fehler schon vor Monaten an die Entwickler gemeldet hatten, wurden die Probleme nun behoben. --------------------------------------------- http://www.heise.de/newsticker/meldung/Mit-Typo-3-zum-Server-Admin-1949243.… *** AVG 2014: Das Interessanteste gibts umsonst *** --------------------------------------------- AVG stellt die Version 2014 seiner Virenschutzprodukte vor. Das darin enthaltene Modul PrivacyFix überprüft, welche Daten man auf sozialen Netzwerken über sich preisgibt. --------------------------------------------- http://www.heise.de/security/meldung/AVG-2014-Das-Interessanteste-gibts-ums… *** Whatever Happened to Facebook Likejacking? *** --------------------------------------------- Back in 2010, Facebook likejacking (a social engineering technique of tricking people into posting a Facebook status update) was a trending problem. So, whatever happened to likejacking scams and spam? Well, Facebook beefed-up its security - and the trend significantly declined, at least when compared to peak 2010 numbers.But you cant keep a good spammer down. Cant beat them? Join them.Today, some of the same junk which was spread via likejacking... is now spread via Facebook... --------------------------------------------- http://www.f-secure.com/weblog/archives/00002602.html *** Java's Losing Security Legacy *** --------------------------------------------- Javas code-signing requirements have proven to be a bust, security researchers say, and now even longtime developers are losing faith in the programming language. --------------------------------------------- http://threatpost.com/javas-losing-security-legacy/102176 *** Sham G20 Summit Email Carries "Split" Backdoor *** --------------------------------------------- The upcoming G20 Summit in St. Petersburg, Russia might have already spewed several messages aimed at both common users and specific groups. A recent email we saw is only the latest in these threats. The said message is purportedly from the event's planning team and refers to a "pre-summit meeting":... --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/sham-g20-summit-… *** Leicht zu enttarnen *** --------------------------------------------- Wissenschaftler haben die Möglichkeiten untersucht, die Anonymität von Tor-Nutzern aufzuheben - mit ziemlich erschreckenden Resultaten. --------------------------------------------- http://www.heise.de/newsticker/meldung/Tor-Benutzer-leicht-zu-enttarnen-194… *** Blog: Obad.a Trojan now being distributed via mobile botnets *** --------------------------------------------- In late May we reported on the details of Backdoor.AndroidOS.Obad.a, the most sophisticated mobile Trojan to date. At the time we had almost no information about how this piece of malware gets onto mobile devices. We have since been examining how the Trojan is distributed and discovered that the malware owners have... --------------------------------------------- http://www.securelist.com/en/blog/8131/Obad_a_Trojan_now_being_distributed_… *** Bugcrowd organisiert Schwachstellensuche für Unternehmen *** --------------------------------------------- Das australisch-amerikanische Startup will es Firmen ermöglichen, ihre eigenen Bug-Bounty-Programme einfach auf die Beine zu stellen. Firmen wie Google und Mozilla profitieren schon seit längerem von eigenen Programmen dieser Art. --------------------------------------------- http://www.heise.de/security/meldung/Bugcrowd-organisiert-Schwachstellensuc… *** Don't Install The Google Authenticator For iOS Update *** --------------------------------------------- Google today pushed an update out for Google Authenticator for iOS, the two-factor authentication companion app that makes your Google account and services where you use it to login more secure. But it's an update users will want to avoid for now, as it erases all your existing stored data and connected accounts,... --------------------------------------------- http://techcrunch.com/2013/09/04/dont-install-the-google-authenticator-for-… *** Samsungs Android-Geräte bekommen Verschlüsselungstechnik Knox *** --------------------------------------------- Samsung hat die ersten Android-Geräte mit der Sicherheitstechnik ausgerüstet und erste Hinweise geliefert, welche älteren Modelle ein Update bekommen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Samsungs-Android-Geraete-bekommen-Ve… *** Large botnet cause of recent Tor network overload *** --------------------------------------------- Recently, Roger Dingledine described a sudden increase in Tor users on the Tor Talk mailinglist. To date there has been a large amount of speculation as to why this may have happened. A large number of articles seem to suggest this to be the result of the recent global espionage events, the evasion of the Pirate Bay blockades using the PirateBrowser or the Syrian civil war. --------------------------------------------- http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-… *** Linux Kernel 3.10.10 scm_check_creds() PID spoofing Privileges Escalation *** --------------------------------------------- Topic: Linux Kernel 3.10.10 scm_check_creds() PID spoofing Privileges Escalation Risk: High Text:A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to gain escalated pri... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090044 *** Drupal Core CSS Selectors Allow Remote Users to Insert Hidden Text and Links to Obtain Potentially Sensitive Information *** --------------------------------------------- http://www.securitytracker.com/id/1028978 *** Bugtraq: Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players *** --------------------------------------------- Cisco Security Advisory: Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players --------------------------------------------- http://www.securityfocus.com/archive/1/528432 *** Symantec Endpoint Protection un-installation password bypass *** --------------------------------------------- Topic: Symantec Endpoint Protection un-installation password bypass Risk: High Text: Description: A weakness has been revealed on SEP installation that allows user to uninstall this product w... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013090045 *** IBM WebSphere MQ Multiple Java Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54721 *** Cisco GSS Global Site Selector Cross-Site Request Forgery Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54727

1 0

Tageszusammenfassung - Mittwoch 4-09-2013
by Daily end-of-shift report 04 Sep '13

04 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 03-09-2013 18:00 − Mittwoch 04-09-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Hintergrund: Browser-SSL entschlüsselt *** --------------------------------------------- Mit einem kleinen Trick speichern Firefox und Chrome die verwendeten Schlüssel so, dass Wireshark die damit verschlüsselten Daten gleich dekodieren kann. --------------------------------------------- http://www.heise.de/security/artikel/Browser-SSL-entschluesselt-1948431.html *** Software Developer Says Mega Master Keys Are Retrievable *** --------------------------------------------- hypnosec writes that software developer Michael Koziarski has released a bookmarklet "which he claims has the ability to reveal Mega users master key. Koziarski went on to claim that Mega has the ability to grab its users keys and use them to access their files. Dubbed MegaPWN, the tool not only reveals a users master key, but also gives away a users RSA private key exponent. MEGApwn is a bookmarklet that runs in your web browser and displays your supposedly secret MEGA master key, showing --------------------------------------------- http://yro.slashdot.org/story/13/09/03/1720223/software-developer-says-mega… *** Cidox Trojan Spoofs HTTP Host Header to Avoid Detection *** --------------------------------------------- Lately, we have seen a good number of samples generating some interesting network traffic through our automated framework. The HTTP network pattern generated contains a few interesting parameters, names like "&av" (for antivirus?) and "&vm="(VMware?), The response received looked to be encrypted, which drew my attention. Also, all the network traffic contained the same host Read more... --------------------------------------------- http://blogs.mcafee.com/mcafee-labs/cidox-trojan-spoofs-http-host-header-to… *** Styx-like Cool Exploit Kit: How It Works *** --------------------------------------------- While the Blackhole Exploit Kit is the most well-known of the exploit kits that affect users, other exploit kits are also well known in the Russian underground. In this post, we will look at how these other kits work, and its differences from other exploit kits. One well-known Blackhole alternative is the Styx Exploit Kit. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/styx-exploit-pac… *** Researchers: Oracle's Java Security Fails *** --------------------------------------------- Faced with an onslaught of malware attacks that leverage vulnerabilities and design weaknesses in Java, Oracle Corp. recently tweaked things so that Java now warns users about the security risks of running Java content. But new research shows that the integrity and accuracy of these warning messages can be subverted easily in any number of ways, and that Oracles new security scheme actually punishes Java application developers who adhere to it. --------------------------------------------- http://krebsonsecurity.com/2013/09/researchers-oracles-java-security-fails/ *** The Red Book - The SysSec Roadmap for Systems Security Research *** --------------------------------------------- The SysSec Red Book is a Roadmap in the area of Systems Security, as prepared by the SysSec consortium and its constituency. For preparing this roadmap a Task Force of young researchers with proven track of record in the area was assembled and collaborated with the senior researchers of SysSec. Additionally, the SysSec Community has been consulted to provide input on the contents of the roadmap. --------------------------------------------- http://www.red-book.eu/ *** [Video] ThreatVlog, Episode 3: NYT, Twitter, and HuffPost hacked by Syrian Electronic Army *** --------------------------------------------- In this episode of ThreatVlog, Grayson Milbourne covers the information behind the Syrian Electronic Army's hacking of New York Times, Twitter, and Huffington Post. Grayson includes a breakdown of the hack as well as information on how to keep your own websites protected form this malicious behavior.The post [Video] ThreatVlog, Episode 3: NYT, Twitter, and HuffPost hacked by Syrian Electronic Army appeared first on Webroot Threat Blog. --------------------------------------------- http://www.webroot.com/blog/2013/09/04/video-threatvlog-episode-3-nyt-twitt… *** Bugtraq: SEC Consult SA-20130904-0 :: GroupLink everything HelpDesk - undocumented password reset/admin takeover and XSS vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/528420 *** Samsung Galaxy S4 Polaris Viewer DOCX Buffer Overflow Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54701 *** MediaWiki Security Release *** --------------------------------------------- I would like to announce the release of MediaWiki 1.21.2, 1.20.7 and 1.19.8. These releases fix 3 security related bugs that could affect users of MediaWiki. --------------------------------------------- http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/0001… *** OpenVZ update for kernel *** --------------------------------------------- https://secunia.com/advisories/54311 *** Linux Kernel PID Spoofing Privilege Escalation Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54675 *** Sixnet Universal Protocol Undocumented Function Codes (Update A) *** --------------------------------------------- OVERVIEW: This updated advisory is a follow-up to the original advisory titled ICSA-13-231-01 Sixnet Universal Protocol Undocumented Function Codes that was published August 19, 2013, on the ICS-CERT Web page.Independent researcher Mehdi Sabraoui has identified undocumented function codes in Sixnet's universal protocol. Sixnet has produced a new version of the remote terminal unit (RTU) firmware that mitigates this vulnerability. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-231-01A *** Tridium Niagara Vulnerabilities (Update A) *** --------------------------------------------- OVERVIEW--------- Begin Update A Part 1 of 2 --------This updated advisory is a follow-up to the original advisory titled ICSA-12-228-01 Tridium Niagara Multiple Vulnerabilities that was published August 15, 2012, on the ICS-CERT Web page. It is also a follow-up to ICS-ALERT-12-195-01 Tridium Niagara Directory Traversal and Weak Credential Storage Vulnerability that was published July 13, 2012, on the ICS-CERT Web page. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-12-228-01A *** Cisco Mobility Services Engine Configuration Error Lets Remote Users Login Anonymously *** --------------------------------------------- http://www.securitytracker.com/id/1028972 *** Cisco Secure Access Control System (ACS) TACACS+ Socket Denial of Service Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54687 *** SAP NetWeaver "ABAD0_DELETE_DERIVATION_TABLE" SQL Injection Vulnerability *** --------------------------------------------- https://secunia.com/advisories/54702 *** Vuln: Supermicro IPMI Web Interface Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/62094 http://www.securityfocus.com/bid/62097 http://www.securityfocus.com/bid/62098 *** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-0585, CVE-2013-3034, CVE-2013-3040 and CVE-2013-0599) *** --------------------------------------------- Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-0585, CVE-2013-3034, CVE-2013-3040 and CVE-2013-0599) CVE(s): CVE-2013-0585, CVE-2013-3034, CVE-2013-3040, and CVE-2013-0599 Affected product(s) and affected version(s): IBM InfoSphere Information Server version 9.1 running on all platforms Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…

1 0

Tageszusammenfassung - Dienstag 3-09-2013
by Daily end-of-shift report 03 Sep '13

03 Sep '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 02-09-2013 18:00 − Dienstag 03-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a *** Blog: NetTraveler Is Back: The Red Star APT Returns With New Tricks *** --------------------------------------------- NetTraveler, which we described in depth in a previous post, is an APT that infected hundreds of high profile victims in more than 40 countries. Known targets of NetTraveler (also known as ‘Travnet’ or “Netfile”) include Tibetan/Uyghur activists, oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies and military contractors. --------------------------------------------- http://www.securelist.com/en/blog/208214039/NetTraveler_Is_Back_The_Red_Sta… *** 353,436 Exposed ZTE Devices Found In Net Census *** --------------------------------------------- mask.of.sanity writes "Hundreds of thousands of internet-accessible devices manufactured Chinese telco ZTE have been found with default or hardcoded usernames and passwords. The devices were discovered in analysis of the huge dataset from the Internet Census run this year. ZTE topped the charts, accounting for 28 percent of all affected devices worldwide. Only one manufacturer has responded to the researchers bid to supply the data in efforts to stop production of insecure devices." --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Ev4LKChpZbQ/story01.htm *** USB-Tastatur kapert Linux-Kern *** --------------------------------------------- Der Speicher eines Linux-Systems kann durch USB-Endgeräte fast beliebig manipuliert werden, wie ChromeOS-Entwickler Kees Cook entdeckte. Einen Patch für das Problem lieferte er gleich mit. --------------------------------------------- http://www.heise.de/newsticker/meldung/USB-Tastatur-kapert-Linux-Kern-19475… *** cPanel Multiple Vulnerabilities *** --------------------------------------------- A security issue and multiple vulnerabilities have been reported in cPanel, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, and gain escalated privileges and by malicious users to conduct script insertion attacks, bypass certain security restrictions, and compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/54601 *** Bugtraq: PayPals "invalid" aksession Padding Oracle Flaw *** --------------------------------------------- The main PayPal web site sets a cookie named "aksession" which contains a blob of base64-encoded ciphertext. This ciphertext is encrypted using a 64-bit block cipher in CBC mode and does not have any other integrity protection. Naturally, this means the aksession cookie is vulnerable to a padding oracle attack allowing full decryption and forgery. --------------------------------------------- http://www.securityfocus.com/archive/1/528403 *** [remote] - Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption *** --------------------------------------------- During an audit the Mikrotik RouterOS sshd (ROSSSH) has been identified to have a remote previous to authentication heap corruption in its sshd component. Exploitation of this vulnerability will allow full access to the router device. --------------------------------------------- http://www.exploit-db.com/exploits/28056 *** [webapps] - TP-Link TD-W8951ND - Multiple Vulnerabilities *** --------------------------------------------- Tested on TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Rel.30923 --------------------------------------------- http://www.exploit-db.com/exploits/28055

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily September 2013