Daily

daily@lists.cert.at

1 participants
3209 discussions

Tageszusammenfassung - Freitag 7-06-2013
by Daily end-of-shift report 07 Jun '13

07 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 06-06-2013 18:00 − Freitag 07-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Advanced Notification Service for the June 2013 Security Bulletin Release *** --------------------------------------------- Today we're providing Advance Notification of five bulletins for release on Tuesday, June 11, 2013. This release brings one Critical- and four Important-class bulletins. The Critical-rated bulletin addresses issues in Internet Explorer, and the Important-rated bulletins address issues in Microsoft Windows and Office. We will publish the bulletins on the second Tuesday of the month, at approximately 10 a.m. PT. Please revisit this blog at that time for our official risk and impact... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/06/06/advanced-notification-se… *** Plesk 0-day: Real or not?, (Fri, Jun 7th) *** --------------------------------------------- Yesterday, a poster to the full disclosure mailing list described a possible new 0-day vulnerability against Plesk. Contributing to the vulnerability is a very odd configuration choice to expose "/usr/bin" via a ScriptAlias, making executables inside the directory reachable via URLs. The big question that hasnt been answered so far is how common this configuration choice is. Appaerently, some versions of Plesk on CentOS 5 are configured this way, but not necessarily exploitable. The... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15950&rss *** 100% Compliant (for 65% of the systems), (Fri, Jun 7th) *** --------------------------------------------- At a community college where Im helping out whenever they panic on security issues, I recently was confronted with the odd reality of a lingering malware infection on their network, even though they had deployed a custom anti-virus (AV) pattern ("extra.dat") to eradicate the problem. Of course, these days, reliance on anti-virus is somewhat moot to begin with, our recent tally of fresh samples submitted to VirusTotal had AV lagging behind about 8 days or so. If you caught a keylogger... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15959&rss *** PHP "php_quot_print_encode()" Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53736 *** Vuln: Drupal Services Module Cross Site Request Forgery Vulnerability *** --------------------------------------------- The Services module for Drupal is prone to a cross-site request-forgery vulnerability. --------------------------------------------- http://www.securityfocus.com/bid/60356

1 0

Tageszusammenfassung - Donnerstag 6-06-2013
by Daily end-of-shift report 06 Jun '13

06 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 05-06-2013 18:00 − Donnerstag 06-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Security Bulletin: Vulnerability in IBM InfoSphere Information Server due to issues in IBM Java SDK (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169, CVE-2012-1717, CVE-2012-1718, CVE-2012-5081) *** --------------------------------------------- Multiple IBM Java SDK security vulnerabilities exist in the IBM InfoSphere Information Server. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21639487 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul… *** Frei zugängliche Schwachstellen-Datenbank *** --------------------------------------------- Das Potsdamer Hasso-Plattner-Institut hat für jedermann den Zugang für eine Schwachstellendatenbank freigegeben. Darin kann der Nutzer unter anderem nach Produkten, CVE-Kennungen und Gefährdungsstufen suchen. --------------------------------------------- http://www.heise.de/security/meldung/Frei-zugaengliche-Schwachstellen-Daten… *** Cisco WebEx Meetings Server Information Disclosure Vulnerability *** --------------------------------------------- Cisco WebEx Meetings Server Information Disclosure Vulnerability --------------------------------------------- https://secunia.com/advisories/53731 *** QNAP VioStor NVR Cross-Site Request Forgery Vulnerability *** --------------------------------------------- QNAP VioStor NVR Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/53583 *** QNAP VioStor NVR and QNAP NAS Products Security Bypass Security Issue and Arbitrary Command Injection Vulnerability *** --------------------------------------------- QNAP VioStor NVR and QNAP NAS Products Security Bypass Security Issue and Arbitrary Command Injection Vulnerability --------------------------------------------- https://secunia.com/advisories/53721 *** Operation b54: Microsoft, FBI und Finanzunternehmen schalten 1462 Botnetze ab *** --------------------------------------------- Microsoft ist in seinen siebten Feldzug gegen Botnetze gezogen. Fünf Millionen infizierte Rechner und ein Schaden von einer halben Milliarde US-Dollar sollen die Citadel-Botnetze verursacht haben. FBI und Finanzsektor standen dem Unternehmen zur Seite. --------------------------------------------- http://www.heise.de/security/meldung/Operation-b54-Microsoft-FBI-und-Finanz… *** Parallels Plesk Panel Arbitrary PHP Code Execution Vulnerability *** --------------------------------------------- Parallels Plesk Panel Arbitrary PHP Code Execution Vulnerability --------------------------------------------- https://secunia.com/advisories/53596

1 0

Tageszusammenfassung - Mittwoch 5-06-2013
by Daily end-of-shift report 05 Jun '13

05 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 04-06-2013 18:00 − Mittwoch 05-06-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** Get Set Null Java Security *** --------------------------------------------- Java, being widely used by the applications, has also been actively targeted by malware authors. One of the most common techniques to exploit Java applications, is to disable the security manager. This blog provides widely used logic used by malware authors... --------------------------------------------- http://www.fireeye.com/blog/technical/2013/06/get-set-null-java-security.ht… *** Schneider Electric Quantum Ethernet Module Hard-Coded Credentials *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-12-018-01 Schneider Electric Quantum Ethernet Module Hard-Coded Credentials that was published on January 17, 2012, on the ICS-CERT Web page --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-12-018-01A *** Schneider Electric PLCs Multiple Vulnerabilities *** --------------------------------------------- This updated advisory is a follow-up to the updated advisory titled ICSA-13-077-01A Schneider Electric PLCS Multiple Vulnerabilities (Update A) that was published March 20, 2013, on the ICS-CERT Web page. --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-077-01B *** Windows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx, (Wed, Jun 5th) *** --------------------------------------------- Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=15932&rss *** IBM AIX inet IPv6 Bug Lets Remote Users Deny Service *** --------------------------------------------- On systems configured with IPv6, a remote user can send a specially crafted IPv6 packet to cause the target system to hang. --------------------------------------------- http://www.securitytracker.com/id/1028626 *** Mac OSX Server DirectoryService Buffer Overflow *** --------------------------------------------- Topic: Mac OSX Server DirectoryService Buffer Overflow Risk: High Text:Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1.... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060040 *** NetGear DGN1000 and NetGear DGN2200 security bypass *** --------------------------------------------- NetGear DGN1000 and NetGear DGN2200 could allow a remote attacker to bypass security restrictions, caused by an error in the interface when handling requests containing the currentsetting.htm substring. An attacker could exploit this vulnerability to gain unauthorized access to restricted functionality. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84662 *** [2013-06-05] Critical vulnerabilities in CTERA portal *** --------------------------------------------- CTERA portal contains multiple and partly critical security issues such as XML External Entity injection that allows unauthenticated attackers to fully take over the affected server. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013… *** Apple Mac OS X Multiple Vulnerabilities *** --------------------------------------------- Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. --------------------------------------------- https://secunia.com/advisories/53684 *** PRTG Network Monitor login.htm cross-site scripting *** --------------------------------------------- PRTG Network Monitor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the login.htm script. A remote attacker could exploit this vulnerability using the errormsg... --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84686 *** Apache Struts OGNL Expression Injection Vulnerabilities *** --------------------------------------------- Security Research Laboratory has reported some vulnerabilities in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. --------------------------------------------- https://secunia.com/advisories/53693 *** Monkey HTTP Daemon "mk_request_header_process()" Signedness Error Buffer Overflow Vulnerability *** --------------------------------------------- A vulnerability has been discovered in Monkey HTTP Daemon, which can be exploited by malicious people to compromise a vulnerable system. --------------------------------------------- https://secunia.com/advisories/53697 *** CVE-2013-3919: A recursive resolver can be crashed by a query for a malformed zone *** --------------------------------------------- A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c --------------------------------------------- https://kb.isc.org/article/AA-00967

1 0

Tageszusammenfassung - Dienstag 4-06-2013
by Daily end-of-shift report 04 Jun '13

04 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 03-06-2013 18:00 − Dienstag 04-06-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Microsoft VC++ 2005 RTM runtime libraries installed with MSE *** --------------------------------------------- Topic: Microsoft VC++ 2005 RTM runtime libraries installed with MSE Risk: High Text:this is part 2 of "Defense in depth -- the Microsoft way", see On Windo... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060020 *** Bugtraq: Open-Xchange Security Advisory 2013-06-03 *** --------------------------------------------- Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. --------------------------------------------- http://www.securityfocus.com/archive/1/526785 *** Imperva SecureSphere Operations Manager Command Execution *** --------------------------------------------- Topic: Imperva SecureSphere Operations Manager Command Execution Risk: High Text:Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt = ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060023 *** DS3 Authentication Server Command Execution *** --------------------------------------------- Topic: DS3 Authentication Server Command Execution Risk: High Text:Original: http://www.digitalsec.net/stuff/explt+advs/DS3.AuthServer.txt = - Advi... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060022 *** Vuln: MongoDB CVE-2013-2132 NULL Pointer Dereference Remote Denial of Service Vulnerability *** --------------------------------------------- MongoDB is prone to a denial-of-service vulnerability. Successfully exploiting this issue will allow an attacker to crash the affected application, denying service to legitimate users. --------------------------------------------- http://www.securityfocus.com/bid/60252 *** Google-Forscher ver�ffentlicht Zero-Day-Exploit f�r Windows *** --------------------------------------------- Durch eine Schwachstelle in s�mtlichen Windows-Versionen kommt ein gew�hnlicher Nutzer an Systemrechte. Entdeckt hat die L�cke Tavis Ormandy von Google, der seinen Fund ohne Microsoft zu informieren ins Netz stellte. --------------------------------------------- http://www.heise.de/security/meldung/Google-Forscher-veroeffentlicht-Zero-D… *** HPSBMU02883 SSRT101227 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code *** --------------------------------------------- Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. --------------------------------------------- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c037… *** Blog: "NetTraveler is Running!" � Red Star APT Attacks Compromise High-Profile Victims *** --------------------------------------------- Over the last few years, we have been monitoring a cyber-espionage campaign that has successfully compromised more than 350 high profile victims in 40 countries. The main tool used by the threat actors during these attacks is NetTraveler, a malicious program used for covert computer surveillance... --------------------------------------------- http://www.securelist.com/en/blog/8105/NetTraveler_is_Running_Red_Star_APT_… *** Novell ZENworks Configuration Management Control Center Multiple Vulnerabilities *** --------------------------------------------- A weakness and some vulnerabilities have been reported in Novell ZENworks Configuration Management, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. --------------------------------------------- https://secunia.com/advisories/53648 *** 3COM NBX V3000 Networked Telephony Solution Information Disclosure *** --------------------------------------------- Topic: 3COM NBX V3000 Networked Telephony Solution Information Disclosure Risk: Medium Text:*Known Affected Versions: *R5_0_31 (Created March 1st, 2007) *Date Discovered: *November 13, 2012 Obviously not anything ne... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060027

1 0

Tageszusammenfassung - Montag 3-06-2013
by Daily end-of-shift report 03 Jun '13

03 Jun '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 31-05-2013 18:00 − Montag 03-06-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** WordPress Plugin Feedweb 1.8.8 Cross-site Scripting vulnerability *** --------------------------------------------- Topic: WordPress Plugin Feedweb 1.8.8 Cross-site Scripting vulnerability Risk: Low Text:Advisory: WordPress Plugin Feedweb 1.8.8 Cross-site Scripting vulnerability Advisory ID: SSCHADV2013-004 Author: Stefan... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060001 *** ModSecurity 2.7.3 NULL pointer dereference PoC *** --------------------------------------------- Topic: ModSecurity 2.7.3 NULL pointer dereference PoC Risk: High Text:#!/usr/bin/env python3 #-*- coding: utf-8 -*- # # Created on Mar 29, 2013 # # @author: Younes JAAIDI <yjaaidi(a)shookalabs.c... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060006 *** Security Bulletin: Multiple security vulnerabilities in IBM Sales Center for WebSphere Commerce (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-0191, CVE-2012-2159, CVE-2012-2161) *** --------------------------------------------- Multiple security vulnerabilities have been identified in IBM Sales Center for WebSphere Commerce V6.0 and V7.0 CVEID: CVE-2008-7271 CVE-2010-4647 CVE-2012-0186 CVE-2012-0191 CVE-2012-2159 CVE-2012-2161 Affected product(s) and affected version(s): IBM Sales Center for WebSphere Commerce V6.0 (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-2159, CVE-2012-2161) IBM Sales Center for WebSphere Commerce V7.0 (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-2159, --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul… *** Besonders tückisches PayPal-Phishing *** --------------------------------------------- Aufgepasst: Mit persönlicher Anrede und einer eigens registrierten .de-Domain greifen Cyber-Kriminelle derzeit nach den Kreditkartendaten von PayPal-Kunden. Der Schwindel fällt bestenfalls auf den zweiten Blick auf. --------------------------------------------- http://www.heise.de/newsticker/meldung/Besonders-tueckisches-PayPal-Phishin… *** Security Bulletin: Potential Security Exposure in IBM HTTP Server CVE-2013-0169 *** --------------------------------------------- Potential Security Exposure with IBM HTTP Server for WebSphere Application Server. CVEID: CVE-2013-0169 AFFECTED VERSIONS: This problem affects the IBM HTTP Server component in all editions of WebSphere Application Server and bundling products: · Version 8.5 · Version 8 · Version 7 · Version 6.1 Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21635988 --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_pot… *** WordPress AntiVirus FPD and Security bypass vulnerabilities *** --------------------------------------------- Topic: WordPress AntiVirus FPD and Security bypass vulnerabilities Risk: Low Text:These are Full path disclosure and Security bypass vulnerabilities in AntiVirus for WordPress. This is security plugin for dete... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013060010 *** Compromised FTP/SSH account privilege-escalating mass iFrame embedding platform released on the underground marketplace *** --------------------------------------------- By Dancho Danchev Utilizing the very best in ‘malicious economies of scale’ concepts, cybercriminals have recently released a privilege-escalating Web-controlled mass iFrame embedding platform that’s not just relying on compromised FTP/SSH accounts, but also automatically gains root access on the affected servers in an attempt to target each and every site hosted there. Similar to […] --------------------------------------------- http://blog.webroot.com/2013/06/03/compromised-ftpssh-account-privilege-esc… *** IBM Tivoli Netcool/System Service Monitor Multiple OpenSSL Vulnerabilities *** --------------------------------------------- IBM Tivoli Netcool/System Service Monitor Multiple OpenSSL Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53720 *** Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability *** --------------------------------------------- Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability --------------------------------------------- https://secunia.com/advisories/53727 *** Apache Subversion svnserve and FSFS Repositories Denial of Service Vulnerabilities *** --------------------------------------------- Apache Subversion svnserve and FSFS Repositories Denial of Service Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53692 *** Researchers Infect iOS Devices With Malware Via Malicious Charger *** --------------------------------------------- Sparrowvsrevolution writes "At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apples iOS. A description of their talk posted to the conference website describes how they were able to install whatever malware they wished on an Apple device within a minute of the user plugging it into... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/3xY6_Bverd0/story01.htm *** Multiple vulnerabilities in Typo3 extensions *** --------------------------------------------- SQL Injection vulnerability in extension Multishop: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… Several vulnerabilities in third party extensions: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… Security Bypass Vulnerability in extension powermail: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e… --------------------------------------------- http://typo3.org/teams/security/security-bulletins/ *** Erneut Sicherheitslücke bei ClickandBuy *** --------------------------------------------- Die neue Schwachstelle lauerte auf der Hilfe-Seite für Kunden. Schon einmal hatte der Online-Bezahldienstleister ClickandBuy mit einer XSS-Lücke zu kämpfen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Erneut-Sicherheitsluecke-bei-Clickan… *** IBM DB2 / DB2 Connect Global Security Toolkit SSL Information Disclosure Weakness *** --------------------------------------------- IBM DB2 / DB2 Connect Global Security Toolkit SSL Information Disclosure Weakness --------------------------------------------- https://secunia.com/advisories/53696 *** IBM DB2 / DB2 Connect db2aud Privilege Escalation Vulnerability *** --------------------------------------------- IBM DB2 / DB2 Connect db2aud Privilege Escalation Vulnerability --------------------------------------------- https://secunia.com/advisories/52663 *** TYPO3 jQuery Autocomplete for indexed_search Extension SQL Injection Vulnerability *** --------------------------------------------- TYPO3 jQuery Autocomplete for indexed_search Extension SQL Injection Vulnerability --------------------------------------------- https://secunia.com/advisories/53633

1 0

Tageszusammenfassung - Freitag 31-05-2013
by Daily end-of-shift report 31 May '13

31 May '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 29-05-2013 18:00 − Freitag 31-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Carna Botnet Analysis Renders Scary Numbers on Vulnerable Devices *** --------------------------------------------- An analysis of the data rendered by the Carna botnet reveals a shocking number of vulnerable devices reachable online with default credentials. --------------------------------------------- http://threatpost.com/carna-botnet-analysis-renders-scary-numbers-on-vulner… *** PayPal-Schwachstelle endlich geschlossen *** --------------------------------------------- Fast zwei Wochen hat sich der Zahungsabwickler mit dem Schließen einer kritischen Lücke Zeit gelassen. Fünf Tage davon waren die PayPal-Nutzer einem hohen Angriffsrisiko ausgesetzt. --------------------------------------------- http://www.heise.de/newsticker/meldung/PayPal-Schwachstelle-endlich-geschlo… *** Zavio IP Cameras multiple vulnerabilities *** --------------------------------------------- Zavio IP Cameras default account Zavio IP Cameras command execution --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84568 http://xforce.iss.net/xforce/xfdb/84569 *** Debian Security Advisory DSA-2697 gnutls26 *** --------------------------------------------- out-of-bounds array read --------------------------------------------- http://www.debian.org/security/2013/dsa-2697 *** Apache-Server durch Log-Files angreifbar *** --------------------------------------------- In Apache klafft ein Sicherheitsloch, durch das Angreifer Befehle im Log platzieren können, die ausgeführt werden, sobald der Admin die Datei öffnet. --------------------------------------------- http://www.heise.de/security/meldung/Apache-Server-durch-Log-Files-angreifb… *** RSA Authentication Manager Information Disclosure and PostgreSQL Vulnerabilities *** --------------------------------------------- RSA Authentication Manager Information Disclosure and PostgreSQL Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53641 *** Siemens SCALANCE Privilege Escalation Vulnerabilities *** --------------------------------------------- --------------------------------------------- http://ics-cert.us-cert.gov/advisories/ICSA-13-149-01 *** P2P-Botnetze viel größer als vermutet *** --------------------------------------------- Mit eingeschleusten Sensoren hat ein internationales Forscherteam große Botnetze mit Peer-to-Peer-Infrastruktur vermessen. Sie fanden zum Teil über vierzig Mal mehr infizierte Systeme als mit herkömmlicher Zählweise. --------------------------------------------- http://www.heise.de/newsticker/meldung/P2P-Botnetze-viel-groesser-als-vermu… *** Monkey HTTPD 1.1.1 Denial of Service Vulnerability *** --------------------------------------------- Topic: Monkey HTTPD 1.1.1 Denial of Service Vulnerability Risk: Low Text:Title: Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: == 2013-05-28 References: == http://bugs... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050217 *** Mobile Device Security: The Problems of Remotely Disabling Stolen Phones *** --------------------------------------------- The problem of mobile device theft has become sufficiently severe that legislators have decided to file bills discussing it. Last week, US Senator Charles Schumer re-filed Mobile Device Theft Deterrence Act of 2013, which makes modifying a device's International Mobile Equipment Identity (IMEI) number a crime punishable by up to five years in federal prison. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/FxukunuZ9f0/ *** iCloud users take note: Apple two-step protection won't protect your data *** --------------------------------------------- Limitations could leave users open to the type of hack that hit Wireds Matt Honan. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/VFgQ6tJje98/ *** Weekly Update: The Nginx Exploit and Continuous Testing *** --------------------------------------------- Weekly Update: The Nginx Exploit and Continuous Testing --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/05/30/weekly-up… *** Ruckus SSH Server Tunneling Issue *** --------------------------------------------- Topic: Ruckus SSH Server Tunneling Issue --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050219 *** Vuln: Cisco Nexus 1000 Series Switches NX-OS CVE-2013-1209 Remote Authentication Bypass Vulnerability *** --------------------------------------------- Cisco Nexus 1000 Series Switches NX-OS CVE-2013-1209 Remote Authentication Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/60224 *** VMware Security Advirsory VMSA-2013-0007 *** --------------------------------------------- VMware ESX third party update for Service Console package sudo --------------------------------------------- https://www.vmware.com/support/support-resources/advisories/VMSA-2013-0007.… *** Phishing und verseuchter Spam - Betrug fast ohne Makel *** --------------------------------------------- Neue Woche, neue Kuriositäten. Diese Woche haben wir zwei interessante E-Mailbetrugversuche aus dem Zauberhut Internet gezogen. Dabei sind eine perfekt gestaltete Mastercard-Phishing-Seite und Trojaner-Mails im Namen der Firmen Otto und Görtz. --------------------------------------------- http://www.heise.de/security/meldung/Phishing-und-verseuchter-Spam-Betrug-f…

1 0

Tageszusammenfassung - Mittwoch 29-05-2013
by Daily end-of-shift report 29 May '13

29 May '13

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 28-05-2013 18:00 − Mittwoch 29-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** How Targeted Attacks And Cybercrime Go Together *** --------------------------------------------- For cybercriminals everywhere, it's still business as usual. The recent global ATM heist that stole a total of $45M showed that orchestrated targeted attacks continues to plague organizations globally. Legacy approaches to identifying threats are not keeping up with the tactics being used to exfiltrate precious assets and corporate secrets. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/J7IrBLritF0/ *** Microsoft loads botnet-crushing data into Azure *** --------------------------------------------- C-TIP gives ISPs near-realtime access to MARS data Microsoft is plugging its security intelligence systems into Azure so that service providers and local authorities can get near-realtime information on botnets and malware detected by Redmond. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/microsoft_a… *** Critical Ruby on Rails bug exploited in wild, hacked servers join botnet *** --------------------------------------------- Attackers success shows many servers still arent patched. Is yours? --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/gjidr1iHpyo/ *** Child-Porn Suspect Ordered to Decrypt His Own Data *** --------------------------------------------- federal magistrate is reversing course and ordering a Wisconsin man suspected of possessing child pornography to decrypt hard drives the authorities seized from his residence. Decryption orders are rare, but are likely to become more commonplace as the public ... --------------------------------------------- http://www.wired.com/threatlevel/2013/05/decryption-order/ *** Raspberry Pi puts holes in Chinas Great Firewall *** --------------------------------------------- RPi plus WiFi hotspot plus VPN equals portable censorship destroyer A tech-savvy China-based Redditor has spotted a hassle-free way of ensuring he or she is always able to bypass the Great Firewall, even when out and about, using the Raspberry Pi to connect to a virtual private network (VPN). --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/29/raspberry_p… *** Secunia Broadcasts Zero-day Vulnerability via Email *** --------------------------------------------- SecurityWeek has learned that Secunia, a Danish vulnerability management firm, disclosed an unpatched vulnerability within an image viewing application used by organizations in both the private and the defense sectors to a public mailing list. --------------------------------------------- https://www.securityweek.com/secunia-broadcasts-zero-day-vulnerability-email *** Release me from a botnet *** --------------------------------------------- At the beginning of August 2012, an outbreak of the Dorifel virus was observed. This outbreak primarily infected systems in the Netherlands. The virus is being spread through the Citadel botnet. This factsheet will take a closer look at the relationship between Dorifel and Citadel, describe the impact of an infection and recommend steps to take if you are infected. We conclude with providing a number of tips to avoid infection. --------------------------------------------- http://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/fact… *** IBM WebSphere Portal HTTP Response Splitting Vulnerability *** --------------------------------------------- IBM WebSphere Portal HTTP Response Splitting Vulnerability --------------------------------------------- https://secunia.com/advisories/53627 *** Vuln: socat CVE-2013-3571 Remote Denial of Service Vulnerability *** --------------------------------------------- socat CVE-2013-3571 Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/60170 *** Yahoo! Browser for Android spoofing *** --------------------------------------------- Yahoo! Browser for Android spoofing --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84541 *** Siemens Solid Edge ST5 ActiveX control code execution *** --------------------------------------------- Siemens Solid Edge ST5 ActiveX control code execution --------------------------------------------- http://xforce.iss.net/xforce/xfdb/84530 *** TP-Link IP Cameras multiple vulnerabilities *** --------------------------------------------- Core Security - Corelabs Advisory http://corelabs.coresecurity.com TP-Link IP Cameras Multiple Vulnerabilities --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050202

1 0

Tageszusammenfassung - Dienstag 28-05-2013
by Daily end-of-shift report 28 May '13

28 May '13

======================= = End-of-Shift report = ======================= Timeframe: Montag 27-05-2013 18:00 − Dienstag 28-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Anatomy of a hack: How crackers ransack passwords like 'qeadzcwrsfxv1331' *** --------------------------------------------- For Ars, three crackers have at 16,000+ hashed passcodes with 90 percent success. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/yG2GKDkgLMo/ *** Security boffins say music could trigger mobile malware *** --------------------------------------------- Justin Bieber really evil virus theory just got more credible Security researchers have discovered that specific music, lighting, vibrations or magnetic fields could all be used as infection channels to trigger the activation of mobile malware on a massive scale. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/light_sound… *** HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users *** --------------------------------------------- HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users --------------------------------------------- http://www.securitytracker.com/id/1028593 *** Sicherheitslücke in Telekom-Router Speedport LTE II *** --------------------------------------------- Der DSL-Router Speedport LTE II der Telekom soll von außen manipulierbar sein. Stellt ein Angreifer Anfragen an den Router, wird die zur Verfügung stehende Bandbreite gedrosselt. Ein Update soll die Lücke schließen. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsluecke-in-Telekom-Router-Sp… *** How to hash windows files against known good set *** --------------------------------------------- Required Tools: md5deep, nsrlquery You'll also need a server to query against. Luckily Kyrus has provided a nsrlserver (beta), known as the Kyrus NSRL Lookup Service! --------------------------------------------- http://brakertech.com/hash-windows-files-against-known-good-set/ *** Serious Privacy Flaw In Facebook Pages Manager For Android Exposes Private Pictures For Everyone To See *** --------------------------------------------- Facebook has a privacy hole that exposes private information to the public. And its a serious one, this time in Facebook Pages Manager for Android, which has been installed over 5 million times since January of this year. --------------------------------------------- http://www.androidpolice.com/2013/05/26/serious-privacy-flaw-in-facebook-pa… *** BANKER Malware Hosted In Compromised Brazilian Government Sites *** --------------------------------------------- Two Brazilian government websites have been compromised and used to serve malware since April 24. We spotted a total of 11 unique malware files being distributed from these sites, with filenames that usually include 'update', 'upgrade', 'Adobe', 'FlashPlayer' or combinations thereof. Besides the different filenames, these samples also have different domains where they can connect to --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PCxIa2XQtdo/ *** ATM and Point-of-Sale Terminals Malware: The Bad Guys Just Never Stop! *** --------------------------------------------- If you use your debit or credit card to buy groceries or get cash out of an ATM you might want to know that the bad guys could have a piece of it. --------------------------------------------- http://blog.malwarebytes.org/intelligence/2013/05/atm-and-point-of-sale-ter… *** How to keep your Apple computer free from malicious programs and viruses *** --------------------------------------------- - Apple computers are not safe from viruses - Fewer than half of Mac users run anti-virus software - Mac users "will be targeted more and more easily" --------------------------------------------- http://www.news.com.au/technology/techknow/how-to-keep-your-apple-computer-… *** The Team Cymru Malware Hash Registry (MHR) project *** --------------------------------------------- The Malware Hash Registry (MHR) project is a look-up service similar to the Team Cymru IP address to ASN mapping project. This project differs however, in that you can query our service for a computed MD5 or SHA-1 hash of a file and, if it is malware and we know about it, we return the last time weve seen it along with an approximate anti-virus detection percentage. --------------------------------------------- https://www.team-cymru.org/Services/MHR/ *** DoS-Lücke in ModSecurity gestopft *** --------------------------------------------- Angreifer können die Web Application Firewall über speziell präparierte HTTP-Request aus der Ferne lahm legen. --------------------------------------------- http://www.heise.de/security/meldung/DoS-Luecke-in-ModSecurity-gestopft-187… *** Wordpress Export To Text Plugin "download" Remote File Inclusion Vulnerability *** --------------------------------------------- Wordpress Export To Text Plugin "download" Remote File Inclusion Vulnerability --------------------------------------------- https://secunia.com/advisories/51348 *** Nitro Pro / Reader PDF Parsing Vulnerability *** --------------------------------------------- Nitro Pro / Reader PDF Parsing Vulnerability --------------------------------------------- https://secunia.com/advisories/53473 *** SRWare Iron Multiple Vulnerabilities *** --------------------------------------------- SRWare Iron Multiple Vulnerabilities --------------------------------------------- https://secunia.com/advisories/53586 *** Vuln: SPIP Security Bypass Vulnerability *** --------------------------------------------- SPIP Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/60163

1 0

Tageszusammenfassung - Montag 27-05-2013
by Daily end-of-shift report 27 May '13

27 May '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 24-05-2013 18:00 − Montag 27-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Worm Creates Copies in Password-Protected Archived Files *** --------------------------------------------- Typically users archive file to lump several files together into a single file for convenience or to simply save storage space. However, we uncovered a worm that creates copies of itself even on password-protected archived files. We acquired a sample of a worm (detected as WORM_PIZZER.A) that propagates using a particular WINRAR command line --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PRaGXwQeGIY/ *** WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection *** --------------------------------------------- WordPress ProPlayer Plugin 4.7.9.1 - SQL Injection --------------------------------------------- http://www.exploit-db.com/exploits/25605 *** Compromised Indian government Web site leads to Black Hole Exploit Kit *** --------------------------------------------- By Dancho Danchev Our sensors recently picked up a Web site infection, affecting the Web site of the Ministry of Micro And Medium Enterprises (MSME DI Jaipur). And although the Black Hole Exploit Kit serving URL is currently not accepting any connections, it's known to have been used in previous client-side exploit serving campaigns. --------------------------------------------- http://blog.webroot.com/2013/05/24/compromised-indian-government-web-site-l… *** Skype Beta Plugs IP Resolver Privacy Leak *** --------------------------------------------- A few months ago, I warned readers that a glaring privacy weakness in voice-over-IP telephony service Skype allows anyone using the network to quickly learn the Internet address of any other Skype user. A new beta version of the popular Microsoft program appears to have nixed that privacy leak with a setting that restricts this capability to connections in your Skype contacts only. --------------------------------------------- http://krebsonsecurity.com/2013/05/skype-beta-plugs-ip-resolver-privacy-leak *** PandaLabs Quarterly Report Q1 2013 *** --------------------------------------------- We have just published our Quarterly Report for Q1 2013, analyzing the IT security events and incidents from January through March 2013. If you want to be aware of the latest security trends, the latest cyber-war cases don't wait any longer, you can download our latest report from our Press Center --------------------------------------------- http://pandalabs.pandasecurity.com/pandalabs-quarterly-report-q1-2013/ *** WordPress milano Theme Cross Site Scripting *** --------------------------------------------- Topic: WordPress milano Theme Cross Site Scripting Risk: Low Text: ## # Exploit Title : Wordpress milano Theme Cross Site Scripting # # Exploit Author : Ashiyane Digital Security Team ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050184 *** LG Optimus G command injection (as system user) vulnerability *** --------------------------------------------- Topic: LG Optimus G command injection (as system user) vulnerability *youtube Risk: High Text:Device: LG Optimus G E973 (Others affected) Firmware: Android 4.1.2 JZO54k (Others affected) Evidence: http://youtu.be/ZfbDIp... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050188 *** AVE.CMS <= 2.09 (index.php, module param) - Blind SQL Injection Exploit *** --------------------------------------------- AVE.CMS <= 2.09 (index.php, module param) - Blind SQL Injection Exploit --------------------------------------------- http://www.exploit-db.com/exploits/25716 *** PayPal wieder durch Cross-Site-Scripting angreifbar *** --------------------------------------------- Der eBay gehörende Internetbezahldienst prüft Sucheingaben nicht und erlaubt Angreifern so beliebigen JavaScript-Codes in den Browser des Benutzers einzuschleusen. Dadurch lassen sich Zugangsdaten entwenden. --------------------------------------------- http://www.heise.de/security/meldung/PayPal-wieder-durch-Cross-Site-Scripti… *** Finding Malware by DNS Cache Snooping or by Comparing BRO and PassiveDNS logs *** --------------------------------------------- We can actively look for the presence of malware on a network by examining its nameserver's cache. Since known pieces of malware make requests to specific domains, we're able to check a DNS server's cache for their existence. --------------------------------------------- https://sickbits.net/finding-malware-by-dns-cache-snooping/ *** New Trojan targets Facebook, Twitter and Google Plus *** --------------------------------------------- May 16, 2013 Russian anti-virus company Doctor Web has discovered previously unknown features in the new malware for Facebook that has been widely discussed in the mediadoesnt simply change a user's status, join groups and leave comments on the users behalf, but it can also send spam on Twitter and Google Plus. --------------------------------------------- http://news.drweb.com/show/?i=3527&lng=en&c=9 *** WordPress WP CleanFix Cross-Site Request Forgery Vulnerability *** --------------------------------------------- WordPress WP CleanFix Cross-Site Request Forgery Vulnerability --------------------------------------------- https://secunia.com/advisories/53395 *** Barracuda SSL VPN 680 2.2.2.203 Redirect Web Vulnerability *** --------------------------------------------- Topic: Barracuda SSL VPN 680 2.2.2.203 Redirect Web Vulnerability Risk: Low Text:Title: Barracuda SSL VPN 680 2.2.2.203 - Redirect Web Vulnerability Date: == 2013-05-25 References: == h... --------------------------------------------- http://cxsecurity.com/issue/WLB-2013050193 *** Twitters Zwei-Faktor-Authentifizierung schon ausgehebelt *** --------------------------------------------- Es hätte ja so schön sein können: Doch die Zwei-Faktor-Authentifizierung, die Twitter erst vor wenigen Tagen eingeführt hat, lässt sich mittels SMS-Spoofing relativ leicht aushebeln. --------------------------------------------- http://www.heise.de/security/meldung/Twitters-Zwei-Faktor-Authentifizierung…

1 0

Tageszusammenfassung - Freitag 24-05-2013
by Daily end-of-shift report 24 May '13

24 May '13

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 23-05-2013 18:00 − Freitag 24-05-2013 18:00 Handler: Stephan Richter Co-Handler: n/a *** HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information *** --------------------------------------------- A potential security vulnerability has been identified in HP-UX Directory Server. The vulnerability could be exploited remotely resulting in information disclosure. --------------------------------------------- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_… *** Cisco NX-OS igmp_snoop_orib_fill_source_update() Function Remote Denial of Service Vulnerability *** --------------------------------------------- Cisco NX-OS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition on a targeted device. Updates are available. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=26613 *** X.Org Security Advisory: May 23, 2013 - Protocol handling issues in X Window System client libraries *** --------------------------------------------- Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Orgs security team to analyze, confirm, and fix these issues. --------------------------------------------- http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 *** Cisco WebEx for iOS Certificate Verification Security Issue *** --------------------------------------------- Charlie Eriksen has discovered a security issue in Cisco WebEx for iOS, which can be exploited by malicious people to conduct spoofing attacks. --------------------------------------------- https://secunia.com/advisories/51412 *** New Rmnet malware disables anti-virus programs *** --------------------------------------------- May 23, 2013 Russian anti-virus company Doctor Web is warning users about new malicious modules found in the malware that is used to create and maintain the Rmnet bot network. One of them allows attackers to disable the anti-virus software installed on the infected computers. Doctor Webs analysts also managed to hijack a Rmnet subnetwork whose bots contain these harmful components. Doctor Web already warned users about the wide distribution of Win32.Rmnet.12 andWin32.Rmnet.16 programs that... --------------------------------------------- http://news.drweb.com/show/?i=3551&lng=en&c=9 *** Google erneuert SSL-Zertifikate *** --------------------------------------------- Ab August spendiert Google seinen Diensten neue Zertifikate. Vor allem sollen die mit alten 1024-Bit-RSA-Keys ausrangiert und gegen solche mit 2048 Bit ersetzt werden. --------------------------------------------- http://www.heise.de/security/meldung/Google-erneuert-SSL-Zertifikate-186915… *** Malware dont need Coffee *** --------------------------------------------- On the 10th of may was advertised on underground forum by bomba_service a new Ransomware in Affiliate mode. --------------------------------------------- http://malware.dontneedcoffee.com/2013/05/unveiling-locker-bomba-aka-lucky-… *** 0-Days in Novell Client für Windows *** --------------------------------------------- Wer noch Novell Client für Windows einsetzt, sollte sich nach Alternativen umsehen. --------------------------------------------- http://www.heise.de/security/meldung/0-Days-in-Novell-Client-fuer-Windows-1… *** Vuln: MediaWiki Arbitrary File Upload Vulnerability *** --------------------------------------------- MediaWiki is prone to a vulnerability that lets attackers upload arbitrary files. An attacker may leverage this issue to upload arbitrary files to the affected computer. Note that this issue could be exploited to execute arbitrary code, however, this has not been confirmed. --------------------------------------------- http://www.securityfocus.com/bid/60077

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily