Daily February 2014

daily@lists.cert.at

1 participants
20 discussions

Tageszusammenfassung - Freitag 28-02-2014
by Daily end-of-shift report 28 Feb '14

28 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-02-2014 18:00 − Freitag 28-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Are Automated Update Services the Next Surveillance Frontier? *** --------------------------------------------- Automated update services that provide users with security patches and feature enhancements are also a potential hunting ground for intelligence agencies and law enforcement surveillance activity. --------------------------------------------- http://threatpost.com/are-automated-update-services-the-next-surveillance-f… *** DDoS and BCP 38, (Thu, Feb 27th) *** --------------------------------------------- Quite often on many lists we will hear the term Best Current Practice (BCP) 38 bandied about and further recommendations to implement [1] [2][3][4] (See NANOG Mailing list archive) . Some will say "it will aid in DDoS mitigation" and even others will even state "All Internet Service Providers (ISP) should implement this." Now before the philosophical discussions ensue in the comments, it might be a good idea to discuss, technically, what it is? And perhaps what it can do? --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17735&rss *** Oversharing, (Fri, Feb 28th) *** --------------------------------------------- When ISC reader Michael contacted us about "odd UDP traffic from all over" that he was suddenly seeing in his firewall log, we at first assumed that his Internet connection had "inherited" a dynamic IP address that had before been used by a rampant file sharing user, and that Michael was now seeing the "after glow". We still asked for a PCAP (tcpdump) file though, and when we looked at what Michael sent back, we saw to our surprise... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17737&rss *** Highly Effective Joomla Backdoor with Small Profile *** --------------------------------------------- It feels like every day we're finding gems, or what appear to be gems to us. We try to balance the use of the term, but I can't lie, these are truly gems. The things they are doing, and by they I mean the attackers, are in some instance ingenious. I think you'll agree that... --------------------------------------------- http://blog.sucuri.net/2014/02/highly-effective-joomla-backdoor-with-small-… *** Tilon/SpyEye2 intelligence report *** --------------------------------------------- Tilon, son of Silon, or... SpyEye2 evolution of SpyEye? The malware family commonly known as Tilon has been around for several years now. While several public analysis reports have described the malware; no one has thus far linked it with the well-known SpyEye malware family. In light of the recent news of the guilty plea... --------------------------------------------- http://blog.fox-it.com/2014/02/25/tilonspyeye2-intelligence-report/ *** Malicious Proxy Auto-Config redirection *** --------------------------------------------- Internet banking credentials are a desired target for cybercriminals. They can be targeted with man-in-the-middle attacks or through password stealing trojans such as Fareit, Zbot or Banker. A less known, yet commonly found in South America and to a lesser extent in Russia, method to gain unauthorized access to a user's banking credentials is through malicious Proxy Auto-Config (PAC) files. Normally, PAC files offer similar functionality to the hosts file, allowing IP/website redirection,... --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/02/28/malicious-proxy-auto-con… *** Notorious "Gameover" malware gets itself a kernel-mode rootkit... *** --------------------------------------------- Zeus, also known as Zbot, is a malware family that we have written about many times on Naked Security... --------------------------------------------- http://nakedsecurity.sophos.com/2014/02/27/notorious-gameover-malware-gets-… *** [2014-02-28] Authentication bypass (SSRF) and local file disclosure in Plex Media Server *** --------------------------------------------- The Plex Media Server proxy functionality fails to properly validate pre-authentication user requests. This allows unauthenticated attackers to make the Plex Media Server execute arbitrary HTTP requests and hence bypass all authentication and execute commands with administrative privileges. Furthermore, because of insufficient input validation, arbitrary local files can be disclosed without prior authentication including passwords and other sensitive information. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** [2014-02-28] Privilege escalation vulnerability in MICROSENS Profi Line Modular Industrial Switch Web Manager *** --------------------------------------------- Attackers are able to elevate privileges during login from read-only user rights to full read/write or debug access rights by simply changing result values of the affected CGI script. This allows attackers to reconfigure the device. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** VU#534284: Synology DiskStation Manager VPN module hard-coded password vulnerability *** --------------------------------------------- Synology DiskStation Manager 4.3-3810 update 1 and possibly earlier versions contain a VPN server module which contains a hard-coded password which cannot be changed. According to the original forum post... --------------------------------------------- http://www.kb.cert.org/vuls/id/534284 *** Moodle 2.6.1 Cross Site Scripting *** --------------------------------------------- Topic: Moodle 2.6.1 Cross Site Scripting Risk: Low Text:# == # Title ...| Moodle 2.6.1 # Version .| (Feb 27 2014) moodle-latest-26.zip # Date ....| 27.02.2014... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020247 *** Cisco IPS MainApp SNMP Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the SNMP code of Cisco Intrusion Prevention System (IPS) Software could allow an unauthenticated, remote attacker to cause the MainApp process to become unresponsive. This creates a denial of service (DoS) condition because the Cisco IPS sensor is not able to execute several critical tasks including alert notification, event store management, and sensor authentication. The Cisco IPS web server will also be unavailable while the MainApp process is unresponsive. Additionally, due to this general system failure, other processes such as the Analysis Engine may not function properly. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the web framework of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface on the affected system. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Schneider Electric Floating License Manager Vulnerability *** --------------------------------------------- Schneider Electric had become aware of an "unquoted service path" vulnerability in the Schneider Electric Floating License Manager, produced a patch that mitigates this vulnerability, and notified NCCIC/ICS-CERT. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01 *** Schneider Electric OFS Buffer Overflow Vulnerability *** --------------------------------------------- Schneider Electric has reported to NCCIC/ICS-CERT a Stack Buffer Overflow vulnerability supplied with the Schneider Electric OPC Factory Server (OSF). --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02

1 0

Tageszusammenfassung - Donnerstag 27-02-2014
by Daily end-of-shift report 27 Feb '14

27 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 26-02-2014 18:00 − Donnerstag 27-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Avaya to Patch Zero Days That Turn IP Phone into Radio Transmitters *** --------------------------------------------- Avaya is expected to patch zero-day vulnerabilities in its latest one-X IP phones. The vulnerabilities and an exploit will be demonstrated this week at RSA Conference 2014. --------------------------------------------- http://threatpost.com/avaya-to-patch-zero-days-that-turn-ip-phone-in-radio-… *** Detecting malware on Mac OS X with USM and MIDAS *** --------------------------------------------- Let's briefly review what we accomplished in the first post: Understood the capabilities and design of MIDAS Deployed MIDAS on a Mac OS X endpoint installed the MIDAS plugin in AlienVault USM Verified the integration by running MIDAS and confirming the events in the SIEM. How does this make us safer? More generally, what does this mean? To answer these questions we need to understand what plists and kexts mean from a security perspective. PlistsProperty list files contain configuration data... --------------------------------------------- http://www.alienvault.com/open-threat-exchange/blog/detecting-malware-on-ma… *** Ongoing NTP Amplification Attacks, (Wed, Feb 26th) *** --------------------------------------------- Brett, who alerted us earlier this month regarding the mass exploit against Linksys devices has surfaced a current issue hes facing with ongoing NTP amplification attacks. A good US-CERT summary of the attack is here: https://www.us-cert.gov/ncas/alerts/TA14-013A. Brett indicates that: "We are seeing massive attacks on our NTP servers, attempting to exploit the traffic amplification vulnerability reported last month. Our IPs are being probed by an address in the Netherlands, and a couple... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17723&rss *** Yes, You Too Can Be An Evil Network Overlord - On The Cheap With OpenBSD, pflow And nfsen *** --------------------------------------------- Have you ever wanted to know whats really going on in your network? Some free tools with surprising origins can help you to an almost frightening degree.One question I get a lot (or variants that end up being very close) is, "How do you keep up with whats happening in your network?". A close cousin is "how much do you actually know about your users?".The exact answer to both can have legal implications, so before I proceed to the tech content, Ill ask you to make sure you... --------------------------------------------- http://bsdly.blogspot.com/2014/02/yes-you-too-can-be-evil-network.html *** Weekly Metasploit Update: Encoding-Fu, New Powershell Payload, Bug Fixes *** --------------------------------------------- In this week's Metasploit weekly update, we begin with OJ TheColonial Reeves' new optimized sub encoding module (opt_sub.rb). As the name implies, this encoder takes advantage of the SUB assembly instruction to encode a payload with printable characters that are file path friendly. Encoders like this are incredibly useful for developing a memory corruption exploit... --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/02/26/weekly-me… *** Security: Cisco öffnet Snort-Schnittstelle *** --------------------------------------------- Wenige Wochen nach der Übernahme des Snort-Entwicklers Sourcefire hat Cisco die Schnittstelle zu dem Intrusion Detection System unter dem Namen OpenAppID öffentlich gemacht. Zudem wurde der Malware-Schutz des aufgekauften Unternehmens in Ciscos Sicherheitsportfolio integriert. --------------------------------------------- http://www.golem.de/news/security-cisco-oeffnet-snort-schnittstelle-1402-10… *** Mac OS X 10.6 Snow Leopard: Apple aktualisiert nicht mehr *** --------------------------------------------- Die letzten zwei größeren Sicherheitsupdates von Apple standen nur noch für Mavericks, Mountain Lion und Lion bereit. Dabei ist OS X 10.6 noch relativ weit verbreitet. --------------------------------------------- http://www.heise.de/security/meldung/Mac-OS-X-10-6-Snow-Leopard-Apple-aktua… *** Was the iOS SSL Flaw Deliberate? *** --------------------------------------------- Last October, I speculated on the best ways to go about designing and implementing a software backdoor. I suggested three characteristics of a good backdoor: low chance of discovery, high deniability if discovered, and minimal conspiracy to implement. The critical iOS vulnerability that Apple patched last week is an excellent example. Look at the code. What caused the vulnerability is... --------------------------------------------- https://www.schneier.com/blog/archives/2014/02/was_the_ios_ssl.html *** Android & iOS: Gratis-Werkzeuge zur Malware-Analyse *** --------------------------------------------- Die Linux-Distribution Santoku bringt alle Werkzeuge mit, um Malware und andere Apps für iOS und Android professionell unter die Lupe zu nehmen. Eine Kombination aus einer App und einem Webdienst analysiert unter anderem Datenströme von Apps. --------------------------------------------- http://www.heise.de/security/meldung/Android-iOS-Gratis-Werkzeuge-zur-Malwa… *** Atlassian - Security Bypass Vulnerabilities in various Products *** --------------------------------------------- Security Bypass Vulnerabilities in Atlassian Bamboo, Confluence, FishEye, JIRA, Crucible and Stash --------------------------------------------- https://secunia.com/advisories/57086 https://secunia.com/advisories/57088 https://secunia.com/advisories/57095 https://secunia.com/advisories/57105 https://secunia.com/advisories/56842 https://secunia.com/advisories/56936 *** [2014-02-27] Local Buffer Overflow vulnerability in SAS for Windows *** --------------------------------------------- Attackers are able to completely compromise SAS clients when a malicious SAS program gets executed as the software "SAS for Windows" is affected by a local buffer overflow vulnerability. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Drupal - Vulnerabilities in third-party Modules and Themes *** --------------------------------------------- Vulnerabilities in Open Omega (third-party theme), Content locking (anti-concurrent editing) (third-party module), Project Issue File Review (third-party module) and Mime Mail (third-party module) --------------------------------------------- https://drupal.org/node/2205877 https://drupal.org/node/2205807 https://drupal.org/node/2205767 https://drupal.org/node/2205991 *** Schneider Electric CitectSCADA Products Exception Handler Vulnerability (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-13-350-01 Schneider Electric SCADA Products Exception Handler Vulnerability that was published February 25, 2014, on the NCCIC/ICS-CERT web site. This advisory was originally posted to the US-CERT secure Portal library on December 16, 2013. Schneider Electric requested the title change to reduce confusion. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-350-01A

1 0

Tageszusammenfassung - Mittwoch 26-02-2014
by Daily end-of-shift report 26 Feb '14

26 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 25-02-2014 18:00 − Mittwoch 26-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Chameleon: Forschungsvirus verbreitet sich von WLAN zu WLAN *** --------------------------------------------- Britische Wissenschaftler haben unter dem Namen "Chameleon" einen vollständigen Router-Wurm geschaffen, der das Internet nicht braucht. Die Malware kopiert sich von einem Router zum anderen per WLAN und kann sich so epidemieartig ausbreiten. Aber auch Wege zur Abwehr solcher Gefahren sind absehbar. (WLAN, Virus) --------------------------------------------- http://www.golem.de/news/chameleon-forschungs-virus-verbreitet-sich-von-wla… *** DDoSing a Cell Phone Network *** --------------------------------------------- Interesting research: Abstract: The HLR/AuC is considered to be one of the most important network elements of a 3G network. It can serve up to five million subscribers and at least one transaction with HLR/AuC is required for every single phone call or data session. This paper presents experimental results and observations that can be exploited to perform a novel... --------------------------------------------- https://www.schneier.com/blog/archives/2014/02/ddosing_a_cell.html *** IE Zero-day Exploit Being Used in Widespread Attacks *** --------------------------------------------- The number of attacks exploiting a yet-to-be-patched vulnerability in Internet Explorer has increased dramatically over the past few days, indicating the exploit is no longer used just in targeted attacks against particular groups of people. --------------------------------------------- http://www.cio.com/article/748778/IE_Zero_day_Exploit_Being_Used_in_Widespr… *** QuickTime 7.7.5 für Windows behebt diverse Sicherheitslücken *** --------------------------------------------- Apples Multimediaumgebung enthält unter Windows eine ganze Reihe von sicherheitsrelevanten Bugs. Version 7.7.5 soll sie beheben - ein schnelles Update ist angeraten. --------------------------------------------- http://www.heise.de/security/meldung/QuickTime-7-7-5-fuer-Windows-behebt-di… *** Announcing EMET 5.0 Technical Preview *** --------------------------------------------- Today, we are thrilled to announce a preview release of the next version of the Enhanced Mitigation Experience Toolkit, better known as EMET. You can download EMET 5.0 Technical Preview here. This Technical Preview introduces new features and enhancements that we expect to be key components of the final EMET 5.0 release. We are releasing this technical preview to gather customer feedback about the new features and enhancements. Your feedback will affect the final EMET 5.0 technical --------------------------------------------- https://blogs.technet.com/b/srd/archive/2014/02/25/announcing-emet-5-0-tech… *** VU#684412: libpng denial-of-service vulnerability *** --------------------------------------------- Vulnerability Note VU#684412 libpng denial-of-service vulnerability Original Release date: 25 Feb 2014 | Last revised: 25 Feb 2014 Overview libpng versions 1.6.0 through 1.6.9 contain a denial-of-service vulnerability. Description CWE-835: Loop with Unreachable Exit Condition (Infinite Loop) - CVE-2014-0333Glenn Randers Pehrson of the PNG Development Group reports:The progressive decoder in libpng16 enters an infinite loop, thus hanging the application, when it encounters a zero-length IDAT... --------------------------------------------- http://www.kb.cert.org/vuls/id/684412 *** Schneider Electric SCADA Products Exception Handler Vulnerability *** --------------------------------------------- Researcher Carsten Eiram of Risk Based Security has identified an exception handling vulnerability in Schneider Electric’s CitectSCADA application. The original vulnerability reported by Mr. Eiram had already been fixed in CitectSCADA v7.20SP2. While investigating this vulnerability report, Schneider Electric discovered additional related vulnerabilities and has produced a patch that mitigates them in SCADA Expert Vijeo Citect, CitectSCADA, and PowerSCADA Expert. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-350-01 *** IBM AIX OpenSSL Multiple Denial of Service Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/57041 *** Python Buffer Overflow in socket.recvfrom_into() Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1029831 *** Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco Unified Communications Manager OS Administration CSRF Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco Unified Contact Center Express CCMConfig Sensitive Information Disclosure Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014… *** Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014…

1 0

Tageszusammenfassung - Dienstag 25-02-2014
by Daily end-of-shift report 25 Feb '14

25 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 24-02-2014 18:00 − Dienstag 25-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Android users under attack through malicious ads in Facebook *** --------------------------------------------- Cyber-criminals are always trying to attract people's attention in order to carry out their crimes. So it should be no surprise that they have now found a combined way of using Facebook (the world's largest social network), WhatsApp (the leading text messaging program for smartphones, recently bought by Facebook) and Android (the most popular operating... --------------------------------------------- http://pandalabs.pandasecurity.com/android-users-under-attack-through-malic… *** New attack completely bypasses Microsoft zero-day protection app *** --------------------------------------------- Whitehats ability to sidestep EMET strongly suggest criminal hackers can, too. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/aCb9-4Ke6D8/ *** Poisoned YouTube ads serve Caphaw banking trojan *** --------------------------------------------- YouTubes ad network was compromised to host the Styx exploit kit, researchers found. --------------------------------------------- http://www.scmagazine.com/poisoned-youtube-ads-serve-caphaw-banking-trojan/… *** Blog: The first Tor Trojan for Android *** --------------------------------------------- Virus writers of Android Trojans have traditionally used Windows malware functionality as a template. Now, yet another technique from Windows Trojans has been implemented in malware for Android: for the first time we have detected an Android Trojan that uses a domain in the .onion pseudo zone as a C&C. The Trojan uses the anonymous Tor network built on a network of proxy servers. As well as providing users with anonymity,... --------------------------------------------- http://www.securelist.com/en/blog/8184/The_first_Tor_Trojan_for_Android *** Touchlogger: iOS im Lauscheinsatz *** --------------------------------------------- Die Sicherheitsexperten von Fireeye Labs haben eine iOS-App entwickelt, mit der sich alle Eingaben auf der Touchscreen-Oberfläche im Hintergrund mitschneiden und an einen Server übermitteln lassen. --------------------------------------------- http://www.golem.de/news/touchlogger-ios-im-lauscheinsatz-1402-104776-rss.h… *** The Tenth Anniversary of Mobile Malware *** --------------------------------------------- 2014 marks the tenth anniversary of mobile malware. It all began in 2004, when the first variant of SymbOS.Cabir was submitted to security researchers. The analysis revealed that this worm targeted Symbian OS, which was a very popular mobile operating system at the time. Infected phones would search for nearby Bluetooth devices that... --------------------------------------------- http://www.symantec.com/connect/blogs/tenth-anniversary-mobile-malware *** Best Practices in Computer Network Defense *** --------------------------------------------- This article was published in the book in Computer Network Defense: Incident Detection and Response. Edited by Melissa E. Hathaway, NATO Science for Peace and Security Series, 2014. The article is about the Dutch approach, the importance of intertnational cooperation and the role of the Dutch Cyber Security Council. --------------------------------------------- http://www.ncsc.nl/english/current-topics/news/best-practices-in-computer-n… *** "goto fail": Demo-Exploit für SSL-Schwachstelle in iOS und OS X *** --------------------------------------------- Der Sicherheitsforscher Aldo Cortesi hat sein Tool mitmproxy angepasst, um den verschlüsselten Datenverkehr von ungepatchten iOS-Geräten und Macs mit OS X 10.9 Mavericks mitzuschneiden. Fast alles lasse sich mitlesen, so Cortesi. --------------------------------------------- http://www.heise.de/security/meldung/goto-fail-Demo-Exploit-fuer-SSL-Schwac… *** HPSBST02937 rev.1 - HP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager, Remote Execution of Arbitrary Code *** --------------------------------------------- A potential security vulnerability has been identified with HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly known as HP LeftHand Virtual SAN Appliance) dbd_manager. The vulnerability could be remotely exploited resulting in execution of arbitrary code. --------------------------------------------- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDispl… *** HPSBMU02971 rev.1 - HP Application Information Optimizer, Remote Execution of Code, Information Disclosure *** --------------------------------------------- A potential security vulnerability has been identified in the Web Console component of HP Application Information Optimizer (formerly HP Database Archiving). The vulnerability could be exploited to allow remote execution of code and information disclosure. --------------------------------------------- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDispl… *** Bugtraq: WiFiles HD v1.3 iOS - File Include Web Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/531236 *** MYBB 1.6.12 search.php Sql injection *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020202 *** GitHub RCE by Environment variable injection Bug Bounty *** --------------------------------------------- Topic: GitHub RCE by Environment variable injection Bug Bounty Risk: High Text:GitHub RCE by Environment variable injection Bug Bounty writeup Disclaimer: Ill keep this really short but I hope youll g... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020209 *** TYPO3 6.1.7 XSS / Disclosure / Shell Upload *** --------------------------------------------- Topic: TYPO3 6.1.7 XSS / Disclosure / Shell Upload Risk: High Text:# == # Title ...| Multiple vulnerabilities in Typo3 CMS # Version .| introductionpackage-6.1.7 # Date ..... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020208 *** FreePBX 2.x Remote Command Execution *** --------------------------------------------- Topic: FreePBX 2.x Remote Command Execution Risk: High Text:App : Freepbx 2.x Download : schmoozecom.net Auther : i-Hmx Mail : n0p1337(a)gmail.com Home : security arrays inc. , sec4ever... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020206 *** Zen Cart E-Commerce 1.5.1 Multiple vulnerabilities *** --------------------------------------------- Topic: Zen Cart E-Commerce 1.5.1 Multiple vulnerabilities Risk: High Text:# == # Title ...| Multiple vulnerabilities in Zen Cart e-commerce # Version .| zen-cart-v1.5.1-full-file... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020203 *** WordPress Search Everything Plugin SQL Injection Vulnerability *** --------------------------------------------- https://secunia.com/advisories/56820 *** AutoCAD Insecure Library and FAS File Loading Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/57002 *** OATH Toolkit libpam-oath replay *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/91316

1 0

Tageszusammenfassung - Montag 24-02-2014
by Daily end-of-shift report 24 Feb '14

24 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-02-2014 18:00 − Montag 24-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a *** Researchers Develop Complete Microsoft EMET Bypass *** --------------------------------------------- Researchers at Bromium Labs are expected to deliver a paper today that explains how they were able to bypass all of the memory protection mitigations in Microsofts Enhanced Mitigation Experience Toolkit --------------------------------------------- http://threatpost.com/researchers-develop-complete-microsoft-emet-bypass/10… *** Apples SSL/TLS bug (22 Feb 2014) *** --------------------------------------------- Yesterday, Apple pushed a rather spooky security update for iOS that suggested that something was horribly wrong with SSL/TLS in iOS but gave no details. Since the answer is at the top of the Hacker News thread, I guess the cats out of the bag already and were into the misinformation-quashing stage now. --------------------------------------------- https://www.imperialviolet.org/2014/02/22/applebug.html *** An In-depth Analysis of Linux/Ebury *** --------------------------------------------- ESET has been analyzing and tracking an OpenSSH backdoor and credential stealer named Linux/Ebury. The result of this work on the Linux/Ebury malware family is part of a joint research effort with CERT‑Bund, the Swedish National Infrastructure for Computing, the European Organization for Nuclear Research (CERN) and other organizations forming an international Working Group. --------------------------------------------- http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/ *** Microsoft Windows Crash Reports Reveal New APT, POS Attacks *** --------------------------------------------- You never know what youll glean from a Windows crash report: security researchers recently unearthed a previously unknown advanced persistent threat campaign as well as a new point-of-sale system attack by perusing and analyzing those crash reports also known as Dr. Watson. --------------------------------------------- http://www.darkreading.com/attacks-breaches/microsoft-windows-crash-reports… *** NIST Unveils Crypto Standards Proposal *** --------------------------------------------- Because of concerns of possible National Security Agency meddling with its cryptographic standards, the National Institute of Standards and Technology has issued a draft report proposing revisions in how it develops cryptographic standards. --------------------------------------------- http://www.govinfosecurity.com/nist-unveils-crypto-standards-proposal-a-6519 *** Freier Zugriff auf Fernsteuerungen für Industrieanlagen *** --------------------------------------------- Ein Projekt der FU Berlin dokumentiert, dass weltweit tausende Industrieanlagen über das Internet erreichbar, aber nur unzureichend geschützt sind. Es entstand eine interaktive Karte, auf der potenziell angreifbare Anlagen eingezeichnet sind. --------------------------------------------- http://www.heise.de/security/meldung/Freier-Zugriff-auf-Fernsteuerungen-fue… *** Security vulnerabilities found in 80% of best-selling SOHO wireless routers *** --------------------------------------------- Tripwire has analyzed the security provided by the most popular wireless routers used in many small and home offices and found that 80 percent of Amazon's top 25 best-selling SOHO wireless router models have security vulnerabilities. --------------------------------------------- http://www.net-security.org/secworld.php?id=16399 *** eGroupWare Multiple PHP Object Injection Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/57047 *** JBoss RichFaces Malformed Push Request Denial of Service Vulnerability *** --------------------------------------------- https://secunia.com/advisories/57053 *** Barracuda Firewall Exception Handling Cross Site Scripting *** --------------------------------------------- Topic: Barracuda Firewall Exception Handling Cross Site Scripting Risk: Low Text:Document Title: Barracuda Bug Bounty #36 Firewall - Client Side Exception Handling Web Vulnerability References ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020186 *** DSA-2866 gnutls26 *** --------------------------------------------- certificate verification flaw --------------------------------------------- http://www.debian.org/security/2014/dsa-2866 *** ICONICS GENESIS32 Insecure ActiveX Control *** --------------------------------------------- NCCIC/ICS-CERT discovered a vulnerability in the ICONICS GENESIS32 application during resolution of unrelated products. ICONICS has produced a patch for all vulnerable versions of its GENESIS32 product. ICONICS GENESIS32 Version 9.0 and newer are not vulnerable to this ActiveX vulnerability. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-14-051-01 *** HPSBMU02964 rev.1 - HP Service Manager, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, unauthorized access, disclosure of Information, and authentication issues. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** ASUS router drive-by code execution via XSS and authentication bypass *** --------------------------------------------- Several ASUS routers include reflected Cross-Site Scripting (CWE-79) and authentication bypass (CWE-592) vulnerabilities. An attacker who can lure a victim to browse to a web site containing a specially crafted JavaScript payload can execute arbitrary commands on the router as administrator (root). No user interaction is required. --------------------------------------------- https://sintonen.fi/advisories/asus-router-auth-bypass.txt

1 0

Tageszusammenfassung - Freitag 21-02-2014
by Daily end-of-shift report 21 Feb '14

21 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-02-2014 18:00 − Freitag 21-02-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Adobe Flash: Zero-Day-Exploit wird aktiv ausgenutzt *** --------------------------------------------- Adobe hat diesen Monat erneut einen Sicherheitspatch für den Flash Player veröffentlicht. Dieser sollte schleunigst eingespielt werden. Derzeit laufen Attacken auf den Flash Player, bei dem ein Sicherheitsloch aktiv ausgenutzt wird. (Adobe, Server) --------------------------------------------- http://www.golem.de/news/adobe-flash-zero-day-exploit-wird-aktiv-ausgenutzt… http://blogs.adobe.com/psirt/?p=1059 http://helpx.adobe.com/security/products/flash-player/apsb14-07.html *** Sicherheitsupdate für freie Datenbank PostgreSQL *** --------------------------------------------- Die Entwickler schließen mehrere Sicherheitslücken, die Anwendern eine Veränderung ihrer Rechte erlaubten. Außerdem warnen sie vor einem noch nicht behobenen Fehler, der das Kapern eines System-Accounts ermöglicht. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-freie-Datenbank… http://www.postgresql.org/about/news/1506/ *** Spamvertised "You received a new message from Skype voicemail service" themed emails lead to Angler exploit kit *** --------------------------------------------- We've just intercepted a currently circulating malicious spam campaign that's attempting to trick potential botnet victims into thinking that they've received a legitimate Voice Message Notification from Skype. In reality though, once socially engineered users click on the malicious link found in the bogus emails, they're automatically exposed to the client-side exploits served by the Angler exploit kit. --------------------------------------------- http://www.webroot.com/blog/2014/02/20/spamvertised-received-new-message-sk… *** Erpressungs-Trojaner Bitcrypt geknackt *** --------------------------------------------- Der Erpressungs-Trojaner Bitcrypt verschlüsselt Dateien des Anwenders und rückt die Daten nur gegen Zahlung von Lösegeld wieder raus. Sicherheitsexperten gelang es jedoch, die Verschlüsselung zu knacken. --------------------------------------------- http://www.heise.de/security/meldung/Erpressungs-Trojaner-Bitcrypt-geknackt… *** Google Fixes 28 Security Flaws in Chrome 33 *** --------------------------------------------- Google Chrome 33 is out, and the new version of the browser includes fixes for 28 security vulnerabilities, including a number of high-severity bugs. The company paid out more than $13,000 in rewards to researchers who reported vulnerabilities that were fixed in this release. --------------------------------------------- https://threatpost.com/google-fixes-28-security-flaws-in-chrome-33/104391 *** HP Service Manager Bugs Let Remote Users Execute Arbitrary Code and Deny Service and Conduct Cross-Site Scripting and Cross-Site Requset Forgery Attacks *** --------------------------------------------- CVE Reference: CVE-2013-6202 Date: Feb 21 2014 Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network --------------------------------------------- http://www.securitytracker.com/id/1029803 http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDispl… *** AdRotate 3.9.4 SQL Injection *** --------------------------------------------- Topic: AdRotate 3.9.4 SQL Injection Risk: Medium Text:Advisory ID: HTB23201 Product: AdRotate Vendor: AJdG Solutions Vulnerable Version(s): 3.9.4 and probably prior Tested Versi... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020178

1 0

Tageszusammenfassung - Donnerstag 20-02-2014
by Daily end-of-shift report 20 Feb '14

20 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 19-02-2014 18:00 − Donnerstag 20-02-2014 18:00 Handler: Alexander Riepl Co-Handler: Christian Wojner *** Malicious iFrame Injections Host Payload on Tumblr *** --------------------------------------------- It's always fun to watch malware developers using different techniques to code their creations. Sometimes it's a matter of obfuscation, placement, injection, but this time it's how they code it to be dynamic. I believe this is not the first one that uses this service, but it's the first time I'm seeing .. --------------------------------------------- http://blog.sucuri.net/2014/02/malicious-iframe-injections-host-payload-on-… *** Health Care Systems Poorly Protected, Many Already Compromised *** --------------------------------------------- New report shows that health care industry intellectual property, payment information, and patient data are poorly protected and, in many cases, already compromised. --------------------------------------------- http://threatpost.com/health-care-systems-poorly-protected-many-already-com… *** Microsoft release FixIt for IE9/IE10 Zero Day, (Thu, Feb 20th) *** --------------------------------------------- Microsoft has published a TechNet article detailing the availability of a "FixIt" for the current IE9/IE10 zero day which has been doing the rounds. Corporate users will presumably have to wait until the availability of the patch which Microsoft say will be released during the monthly patching cycle.. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17684&rss *** Microsoft Security Advisory (2934088) *** --------------------------------------------- Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 10. Only Internet Explorer 9 and Internet Explorer 10 are affected by this vulnerability. Other supported versions of Internet Explorer are not affected. Applying the Microsoft Fix it solution, "MSHTML Shim Workaround," prevents .. --------------------------------------------- https://technet.microsoft.com/en-us/security/advisory/2934088 *** Fritzbox-Lücke: Jetzt auch bei WLAN-Repeatern *** --------------------------------------------- Auf den Routern haben zwar längst noch nicht alle Nutzer die Sicherheitslücke gestopft, aber zumindest stehen Firmware-Updates bereit. Nun bessert AVM auch die Software anderer Produkte mit WLAN-Schnittstelle aus. --------------------------------------------- http://www.heise.de/security/meldung/Fritzbox-Luecke-Jetzt-auch-bei-WLAN-Re… *** Datenbank-Leck in Leoben, Hack-Angriff auf Energie Steiermark *** --------------------------------------------- Zusammenhang beider Vorfälle möglich - Zugriff auf Gas-Kundendaten bei Energie Steiermark --------------------------------------------- http://derstandard.at/1392685633659 *** eXtplorer Joomla! Authentication Bypass Security Issue *** --------------------------------------------- https://secunia.com/advisories/57022 *** SA-CONTRIB-2014-022 - Slickgrid - Access bypass *** --------------------------------------------- The module doesnt check access sufficiently, allowing users to .. --------------------------------------------- https://drupal.org/node/2200491 *** Drupal Maestro 7.x Cross Site Scripting *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020165 *** [remote] - MediaWiki Thumb.php Remote Command Execution *** --------------------------------------------- http://www.exploit-db.com/exploits/31767

1 0

Tageszusammenfassung - Mittwoch 19-02-2014
by Daily end-of-shift report 19 Feb '14

19 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-02-2014 18:00 − Mittwoch 19-02-2014 18:00 Handler: Alexander Riepl Co-Handler: Christian Wojner *** Time to Harden Your Hardware? *** --------------------------------------------- Most Internet users are familiar with the concept of updating software that resides on their computers. But this past week has seen alerts about an unusual number of vulnerabilities and attacks against some important and ubiquitous hardware devices, from consumer-grade Internet routers, data storage and home automation products to enterprise-class security solutions. --------------------------------------------- http://krebsonsecurity.com/2014/02/time-to-harden-your-hardware/ *** 2013 DataBreach Report By Risk Based Security *** --------------------------------------------- Today Riskbasedsecurity.com has announced a report that covers the 2013 period for databreaches of all kinds. --------------------------------------------- http://www.cyberwarnews.info/2014/02/19/2013-databreach-report-by-risk-base… *** Lets Talk About Your Security Breach with Metasploit. Literally. In Real Time. *** --------------------------------------------- During a recent business trip in Boston, Tod and I sat down in a bar with the rest of the Metasploit team, and shared our own random alcohol-driven ideas on Metasploit hacking. At one point we started talking about hacking webcams. At that time Metasploit could only list webcams, take a snapshot, stream (without sound), or record audio using a meterpreter... --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2014/02/18/lets-talk… *** 300,000 Usernames, Passwords Posted to Pastebin *** --------------------------------------------- More than 300,000 credentials were posted on the clipboard website Pastebin.com in the year 2013 alone according to a recent analysis by a Swiss security firm. --------------------------------------------- http://threatpost.com/300000-usernames-passwords-posted-to-pastebin/104333 *** Smartphones und Tablets: Exploit-Code für 14 Monate altes Android-Sicherheitsloch *** --------------------------------------------- Für eine seit 14 Monaten bekannte Sicherheitslücke in Android ist Exploit-Code für das Framework Metasploit veröffentlicht worden. Ein Sicherheitsforscher kritisiert, dass die meisten im Umlauf befindlichen Android-Geräte die Sicherheitslücke aufweisen. --------------------------------------------- http://www.golem.de/news/smartphones-und-tablets-exploit-code-fuer-14-monat… *** Detected new Zeus variant which makes use of steganography *** --------------------------------------------- Security experts at Malwarebytes detected a new of the popular Zeus banking trojan variant which makes use of steganography to hide the configuration file. --------------------------------------------- http://securityaffairs.co/wordpress/22334/malware/zeus-banking-malware-nest… *** Hack gegen AVM-Router: AVM veröffentlicht Liste betroffener Fritzboxen *** --------------------------------------------- Nach langem Hin und Her hat AVM jetzt eine Liste aller Fritzboxen veröffentlicht, die deren genauen Sicherheitsstatus dokumentiert. Für zwei der betroffenen Geräte steht noch kein Update bereit und einige Fragen bleiben weiterhin offen. --------------------------------------------- http://www.heise.de/security/meldung/Hack-gegen-AVM-Router-AVM-veroeffentli… *** Admin rights key to mitigating vulnerabilities, study shows *** --------------------------------------------- Its been best-practice for a very long time: all users and processes should run with the fewest privileges necessary. This limits the damage that can be done by an attacker if the user or process is compromised. --------------------------------------------- http://www.zdnet.com/admin-rights-key-to-mitigating-vulnerabilities-study-s… *** Second Group Seen Using IE 10 Zero Day *** --------------------------------------------- There are at least two different groups running attacks exploiting the recently published zero day vulnerability in Internet Explorer 10, and researchers say one of the groups used the bug to impersonate a French aerospace manufacturer and compromise victims visiting the spoofed Web page. The attackers also used a special feature of .. --------------------------------------------- http://threatpost.com/second-group-seen-using-ie-10-zero-day/104344 *** Security Bulletins: SSL Certificate Validation Vulnerability in the Citrix ShareFile Mobile Application for Android and the Citrix ShareFile Mobile for Tablets Application for Android *** --------------------------------------------- --------------------------------------------- http://support.citrix.com/article/CTX140303 *** MediaWiki Thumb.php Remote Command Execution *** --------------------------------------------- Topic: MediaWiki Thumb.php Remote Command Execution --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020153 *** Ruby on Rails Multiple Vulnerabilities *** --------------------------------------------- Ruby on Rails Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/56964

1 0

Tageszusammenfassung - Dienstag 18-02-2014
by Daily end-of-shift report 18 Feb '14

18 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Montag 17-02-2014 18:00 − Dienstag 18-02-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** Wait a minute... that's not a real JPG! *** --------------------------------------------- When attackers compromise a website and want to harvest credit cards, they need to either find where the data is stored or capture the data in transit. This blog post shows how identifying files with false file signatures can uncover malicious activity on a server. I recently discovered credit card data hidden behind a .jpg extension that lead me to the work of an attacker capturing credit cards from customers using an online checkout page. --------------------------------------------- http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/3m5-LV3n59k/wait-a-min… *** [2014-02-18] Critical vulnerabilities in Symantec Endpoint Protection *** --------------------------------------------- Attackers are able to completely compromise the Symantec Endpoint Protection Manager server as they can gain access at the system and database level because of critical XXE and SQL injection vulnerabilities. Furthermore attackers can manage all endpoints and possibly deploy attacker-controlled code on clients. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2014… *** Scanning for Symantec Endpoint Manager, (Mon, Feb 17th) *** --------------------------------------------- Last week, we mentioned a new vulnerability in Symantec Endpoint Protection Management. According to Symantecs advisory, this product listens on port 9090 and 8443/TCP. Both ports are scanned regularly for various vulnerabilities, in particular 8443, being that it is frequently used by web servers as an alternative to 443. However, on February 7th, we detected a notable increase in scans for both ports. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17657&rss *** GE Proficy Vulnerabilities *** --------------------------------------------- OVERVIEW Researchers amisto0x07 and Z0mb1E of Zero Day Initiative (ZDI) have identified two vulnerabilities in the General Electric (GE) Proficy human-machine interface/supervisory control and data acquisition (HMI/SCADA) - CIMPLICITY application. GE has released security advisories, GEIP13-05 and GEIP13-06, to inform customers about these vulnerabilities.These vulnerabilities could be exploited remotely. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01 *** PHP Backdoors: Hidden With Clever Use of Extract Function *** --------------------------------------------- When a site gets compromised, one thing we know for sure is that attackers love to leave malware that allows them access back to the site; this type of malware is called a backdoor. --------------------------------------------- http://feedproxy.google.com/~r/sucuri/blog/~3/kPCRBZwe1mQ/php-backdoors-hid… *** A journey to CVE-2014-0497 exploit *** --------------------------------------------- Last week we published a blog post about a CVE-2013-5330 exploit. We've also recently seen a new, similar attack targeting a patched Adobe Flash Player vulnerability (CVE-2014-0497). The vulnerability related to this malware was addressed with a patch released by Adobe on February 4, 2014. Flash Player versions 12.0.0.43 and earlier are vulnerable. We analyzed how these attacks work and found the following details. --------------------------------------------- http://blogs.technet.com/b/mmpc/archive/2014/02/17/a-journey-to-cve-2014-04… *** WordPress two-factor login plugin bug, er, bypasses 2-factor login *** --------------------------------------------- Cross-site vulnerability exposes bloggers The maker of a popular plugin that provides two-factor authentication for WordPress bloggers is preparing an update - after finding a vulnerability in its system. It advises that anyone using two-factor plugins from any vendor need to check their security strength. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/02/18/wordpress_2… *** VU#656302: Belkin Wemo Home Automation devices contain multiple vulnerabilities *** --------------------------------------------- Vulnerability Note VU#656302 Belkin Wemo Home Automation devices contain multiple vulnerabilities Original Release date: 18 Feb 2014 | Last revised: 18 Feb 2014 Overview Belkin Wemo Home Automation devices contain multiple vulnerabilities. Description CWE-321: Use of Hard-coded Cryptographic Key - CVE-2013-6952Belkin Wemo Home Automation firmware contains a hard-coded cryptographic key and password. An attacker may be able to extract the key and password to sign a malicious firmware --------------------------------------------- http://www.kb.cert.org/vuls/id/656302 *** SSA-892342 (Last Update 2014-02-18): Denial-of-Service Vulnerability in RuggedCom ROS-based Devices *** --------------------------------------------- Summary: A potential vulnerability might allow attackers to perform a Denial-of-Service attack over the network without authentication on RuggedCom products running ROS. RuggedCom and Siemens address this issue by a firmware update. AFFECTED PRODUCTS All RuggedCom ROS-based devices with: All ROS versions before 3.11 ROS 3.11 (for RS950G): all versions ROS 3.12: all versions < ROS v3.12.4 ROS 4.0 (for RSG2488) --------------------------------------------- https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_securit… *** Exploit Released for Vulnerability Targeted By Linksys Router Worm *** --------------------------------------------- Technical details about a vulnerability in Linksys routers thats being exploited by a new worm have been released Sunday along with a proof-of-concept exploit and a larger than earlier expected list of potentially vulnerable device models. --------------------------------------------- http://www.cio.com/article/748352/Exploit_Released_for_Vulnerability_Target…

1 0

Tageszusammenfassung - Montag 17-02-2014
by Daily end-of-shift report 17 Feb '14

17 Feb '14

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-02-2014 18:00 − Montag 17-02-2014 18:00 Handler: Alexander Riepl Co-Handler: Christian Wojner *** Not Just Pills or Payday Loans, It's Essay SEO SPAM! *** --------------------------------------------- Remember back in school or college when you had to write pages and pages of long essays, but you had no time write them? Or maybe you were just too lazy? Yeah, good times. Well, it seems like some companies are trying to end this problem. They are offering services where clients pay .. --------------------------------------------- http://blog.sucuri.net/2014/02/not-just-pills-or-payday-loans-its-essay-seo… *** New IE 10 Zero Day Targeting Military Intelligence *** --------------------------------------------- A new campaign, dubbed Operation SnowMan, has been spotted leveraging a previously unknown zero-day in Internet Explorer 10 to compromise the U.S. Veterans of Foreign Wars website this week. --------------------------------------------- http://threatpost.com/new-ie-10-zero-day-targeting-military-intelligence/10… *** Microsoft Internet Explorer 10 remote code execution exploit *** --------------------------------------------- Microsoft Internet Explorer 10 remote code execution exploit, Use-after-free vulnerability in Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code via vectors in... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020123 *** The New Normal: 200-400 Gbps DDoS Attacks *** --------------------------------------------- KrebsOnSecurity has been targeted by countless denial-of-service attacks intended to knock it offline. Earlier this week, KrebsOnSecurity was hit by easily the most massive and intense such attack yet -- a nearly 200 Gpbs assault leverging a simple attack method that industry experts is becoming alarmingly common. --------------------------------------------- http://krebsonsecurity.com/2014/02/the-new-normal-200-400-gbps-ddos-attacks/ *** More Malware Embedded in RTFs *** --------------------------------------------- RTF (Rich Text Format) files have been used before by cybercriminals, but of late it seems their use of this format is becoming more creative. We have earlier talked about how CPL files were being embedded in RTF files and sent to would-be victims as an e-mail attachment. These CPL files would then proceed to download malicious .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/more-malware-emb… *** More on HNAP - What is it, How to Use it, How to Find it, (Sat, Feb 15th) *** --------------------------------------------- Weve had a ton of discussion on the most recent set of home router vulnerabilities based on the HNAP protocol. But what is the HNAP protocol for, and why is it so persistently enabled? HNAP (Home Network Administration Protocol) is a network device management protocol, useful for anyone, but I think meant primarily for ISPs to manage fleets of .. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17648&rss *** Crowdfunding-Plattform Kickstarter gehackt *** --------------------------------------------- Die Crowdfunding-Plattform Kickstarter wurde Opfer eines Hackerangriffs. Jenseits von Benutzernamen und Mail-Adressen griffen die Hacker auch auf verschlüsselte Passwörter zu. --------------------------------------------- http://www.heise.de/security/meldung/Crowdfunding-Plattform-Kickstarter-geh… *** Zugangsdaten im Umlauf: FTP-Server von Webseiten angegriffen *** --------------------------------------------- Es sollen wohl tausende Zugangsdaten zu FTP-Servern im Umlauf sein, darunter auch Zugänge für bekannte Webseiten. Erste Fälle, in denen Schadinhalte auf Webseiten wie der New York Times untergebracht wurden, gab es schon. (Virus, Server-Applikationen) --------------------------------------------- http://www.golem.de/news/zugangsdaten-im-umlauf-ftp-server-von-webseiten-an… *** HP Data Protector EXEC_BAR Remote Command Execution *** --------------------------------------------- Topic: HP Data Protector EXEC_BAR Remote Command Execution, import argparse import socket .. --------------------------------------------- http://cxsecurity.com/issue/WLB-2014020134 *** WebSphere Application Server Multiple Java Vulnerabilities *** --------------------------------------------- WebSphere Application Server Multiple Java Vulnerabilities --------------------------------------------- https://secunia.com/advisories/56778 *** Mapping Hacking Team's "Untraceable" Spyware *** --------------------------------------------- Remote Control System (RCS) is sophisticated computer spyware marketed and sold exclusively to governments by Milan-based Hacking Team. Hacking Team was first thrust into the public spotlight in 2012 when RCS was used against award-winning Moroccan media outlet Mamfakinch, and United Arab Emirates (UAE) human rights activist Ahmed Mansoor. Most recently, Citizen Lab research found that RCS was used to target Ethiopian journalists in the Washington DC area. --------------------------------------------- https://citizenlab.org/2014/02/mapping-hacking-teams-untraceable-spyware/

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily February 2014