=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 23-10-2013 18:00 − Donnerstag 24-10-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Neutrino: Caught in the Act ***
---------------------------------------------
Last week, we got a tip from Kafeine about hacked sites serving injected iframes leading to an exploit kit. We thought it was quite interesting so we looked at one of the infected websites and found this sneaky piece of code: The deobfuscated code shows the location from where the...
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002626.html
*** Neue und alte Router-Lücken bei Netgear, Tenda und DrayTek ***
---------------------------------------------
Sicherheitsexperten haben eine Hintertür in Routern der WNDR-Reihe von Netgear gefunden, die ohne Passwort-Abfrage vollen Zugrif auf das Gerät erlaubt. Bei Modellen der Firmen Tenda und DrayTek kann man Schadcode ausführen, ohne sich einloggen zu müssen.
---------------------------------------------
http://www.heise.de/security/meldung/Neue-und-alte-Router-Luecken-bei-Netge…
*** Industrial software flaw could allow manipulation of energy processes ***
---------------------------------------------
The vulnerability lies in industrial automation software that uses a weak encryption algorithm for user authentication, researchers at IOActive found.
---------------------------------------------
http://www.scmagazine.com/industrial-software-flaw-could-allow-manipulation…
*** Bugtraq: ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529394
*** Bugtraq: RPS/APS vulnerability in snom/yealink and others ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529397
*** Security Bulletin: IBM Flex System Manger expired USERID password vulnerability (CVE-2013-5424) ***
---------------------------------------------
Security Bulletin: IBM Flex System Manger expired USERID password vulnerability (CVE-2013-5424) Affected product(s) and affected version(s): IBM Flex System Manager Node, Types 7955, 8731, 8734 all models, Version 1.3.0
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…
*** Cisco IOS XR Software Route Processor Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Multiple Vulnerabilities in Cisco Identity Services Engine ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Secure ACS Distributed Deployment Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
*** Vuln: Multiple Cisco Appliances CVE-2013-5537 Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63280
*** Vuln: Joomla! Maian15 Component name Parameter Arbitrary Shell Upload Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63287
*** Vuln: Drupal Spaces Module Access Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63305
*** WordPress Blue Wrench Video Widget Plugin Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55456
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 21-10-2013 18:00 − Dienstag 22-10-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Fake Dropbox Password Reset Spam Leads to Malware ***
---------------------------------------------
A new spam campaign has been circulating over the last few weeks in hopes of duping users of the popular cloud storage service Dropbox. The e-mails purport to come from the service but instead lead those who click through to a malware landing page.
---------------------------------------------
http://threatpost.com/fake-dropbox-password-reset-spam-leads-to-malware/102…
*** New DIY compromised hosts/proxies syndicating tool spotted in the wild ***
---------------------------------------------
Compromised, hacked hosts and PCs are a commodity in underground markets today. More cybercriminals are populating the market segment with services tailored to fellow cybercriminals looking for access to freshly compromised PCs to be later abused in a variety of fraudulent/malicious ways, all the while taking advantage of their clean IP reputation. Naturally, once the commoditization took place, cybercriminals quickly realized that the supply of such hosts also shaped several different market...
---------------------------------------------
http://www.webroot.com/blog/2013/10/21/new-diy-compromised-hostsproxies-syn…
*** Cryptolocker Update, Request for Info, (Tue, Oct 22nd) ***
---------------------------------------------
It was briefly mentioned in a previous posting, but the Cryptolocker ransomware is still going strong. In essence, post infection is encrypts all of your "document" files based on file extension and then gives the user 72 hours to pay the ransom ($300 USD or 2 BTC). It is one f the few pieces of ransomware that does encryption right so at present, short of paying the ransom, there is no other means to decrypt. Bleeping Computer has a good write up, but below are the TL;DR highlights.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16871&rss
*** Touch ID: Biometrics Dont Make For Good Passwords ***
---------------------------------------------
Theres an Apple event scheduled for tomorrow which will showcase this years iPad lineup. Among the more credible rumors is that at least one version of the iPad will include Apples Touch ID, its fingerprint identity sensor.And so it seems somewhat inevitable that all of our "smart" devices will soon include fingerprint readers.That being the case, we strongly recommend the following by @dustinkirkland: • Fingerprints are Usernames, not PasswordsWe welcome intelligent use of
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002624.html
*** Defending Against Crypto Backdoors ***
---------------------------------------------
We already know the NSA wants to eavesdrop on the Internet. It has secret agreements with telcos to get direct access to bulk Internet traffic. It has massive systems like TUMULT, TURMOIL, and TURBULENCE to sift through it all. And it can identify ciphertext -- encrypted information -- and figure out which programs could have created it. But what the...
---------------------------------------------
https://www.schneier.com/blog/archives/2013/10/defending_again_1.html
*** Security Bulletins: Citrix XenServer Multiple Security Updates ***
---------------------------------------------
A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.2.
---------------------------------------------
http://support.citrix.com/article/CTX139295
*** Vuln: 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/46936
*** WordPress Portable phpMyAdmin Plugin Security Bypass Security Issue ***
---------------------------------------------
https://secunia.com/advisories/55270
*** WatchGuard Extensible Threat Management and System Manager Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55388
*** Vuln: D-Link DIR-605L CAPTCHA Data Stack Based Buffer Overflow Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/56330
*** Bugtraq: [CVE-2013-2751, CVE-2013-2752] NETGEAR ReadyNAS Remote Root ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529364
*** Cisco ASA VPN Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the VPN authentication code that handles parsing of the username from the certificate on the Cisco ASA firewall could allow an unauthenticated, remote attacker to cause a reload of the affected device.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
*** Security Bulletin: IBM SONAS fix available for Cross Frame Scripting vulnerability via Graphical User Interface (CVE-2013-5376) ***
---------------------------------------------
An issue in IBM SONAS allows remote attackers to access the system as an authorized administrative user.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…
*** Security Bulletin: IBM SONAS Fix Available for SONAS Cross Protocol Vulnerability (CVE-2013-0500) ***
---------------------------------------------
IBM SONAS includes a flaw in the handling of special files created by an NFS client resulting in a vulnerability reported against IBM SONAS. ---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…
*** IBM WebSphere Message Broker and IBM Integration Bus Security Vulnerability: XML4J denial of service attack (CVE-2013-5372) ***
---------------------------------------------
XML4J is vulnerable to a denial of service attack triggered by a specially crafted XML document
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21653087
*** IBM Domino / iNotes Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55405https://secunia.com/advisories/55409
*** IBM WebSphere DataPower XC10 Two Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55402
*** F5 BIG-IP Traffic Management Microkernel Component Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1029220
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 18-10-2013 18:00 − Montag 21-10-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Card Data Siphon with Google Analytics ***
---------------------------------------------
The introduction of EMV (Chip & Pin) payment devices in 2003 resulted in a rapid decline in physical credit card cloning in Europe. EMV technology has also led to an increase in attacks on e-commerce systems targeting cardholder data. Each year, Trustwave SpiderLabs investigates hundreds of incidents of data compromise. I work on some of these investigations and occasionally get to evaluate some rather unusual attack vectors. This blog post details a novel data extraction technique using...
---------------------------------------------
http://blog.spiderlabs.com/2013/10/card-data-siphon-with-google-analytics.h…
*** New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do", (Mon, Oct 21st) ***
---------------------------------------------
Recently, two papers independently outlined new attacks against DNS, undermining some of the security features protecting us from DNS spoofing. As Dan Kaminsky showed [1], 16 bit query IDs are an insufficient protection against DNS spoofing. As a result, DNS servers started to randomize the source port of DNS queries in order to make DNS spoofing harder. This was never meant to "fix" DNS spoofing, but worked well enough for DNSSEC to be pushed back yet again. Overall, to
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16859&rss
*** Darkleech in Europe, Middle East and Africa ***
---------------------------------------------
In a previous blog post, we discussed how Darkleech-related malware wound up on a FireEye partner’s website. We followed up with a post detailing a major wave of Darkleech activity linked to a major global malvertising campaign. In this post,...
---------------------------------------------
http://www.fireeye.com/blog/corporate/2013/10/darkleech-in-europe-middle-ea…
*** Threatpost News Wrap, October 18, 2013 ***
---------------------------------------------
Dennis Fisher and Mike Mimoso discuss the big stories of the last couple of weeks, including the grassroots effort to audit the TrueCrypt source code, the Apple iMessage security model and Yahoo enabling SSL by default.
---------------------------------------------
http://threatpost.com/threatpost-news-wrap-october-18-2013/102624
*** Bugtraq: OWASP Vulnerable Web Applications Directory Project ***
---------------------------------------------
The OWASP Vulnerable Web Applications Directory (VWAD) Project is a
comprehensive and well maintained registry of all known vulnerable web
applications currently available. These vulnerable web applications
can be used by web developers, security auditors and penetration
testers to put in practice their knowledge and skills during training...
---------------------------------------------
http://www.securityfocus.com/archive/1/529293
*** DNP3 Implementation Vulnerability ***
---------------------------------------------
OVERVIEW: Adam Crain of Automatak and independent researcher Chris Sistrunk reported an improper input validation vulnerability to NCCIC/ICS-CERT that was evident in numerous slave and/or master station software products. The researchers emphasize that the vulnerability is not with the DNP3 stack but with the implementation.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-291-01
*** Yet Another WHMCS SQL Injection Exploit, (Sat, Oct 19th) ***
---------------------------------------------
WHMCS, a popular billing/support/customer management system, is still suffering from critical SQL injection issues. Today, yet another vulnerability, including exploit was released...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16853&rss
*** Vuln: WordPress Quick Paypal Payments Plugin Multiple HTML Injection Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/63213
*** Wordpress WooCommerce Plugin 2.0.17 Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100127
*** Wordpress spreadsheet Plugin Cross site scripting ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100130
*** Cisco Unified Computing System Bugs Let Remote Users Conduct Man-in-the-Middle Attacks and Obtain Information and Let Local Users View Files ***
---------------------------------------------
http://www.securitytracker.com/id/1029209
*** Vuln: OpenLDAP rwm_conn_destroy Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63190
*** IBM WebSphere Partner Gateway Java Spoofing and Denial of Service Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55406
*** Vulnerability Note VU#303900 - SAP Sybase Adaptive Server Enterprise vulnerable to XML injection ***
---------------------------------------------
SAP Sybase Adaptive Server Enterprise Version 15.7 ESD 2 and possibly earlier versions contains an XML injection vulnerability (CWE-91).
---------------------------------------------
http://www.kb.cert.org/vuls/id/303900
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 17-10-2013 18:00 − Freitag 18-10-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
*** You´re infected - if you want to see your data again, pay us $300 in Bitcoins ***
---------------------------------------------
Ransomware comes of age with unbreakable crypto, anonymous payments.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/VLDxuwIP36Q/story01…
*** DNS-Experten diskutieren Risiken neuer Angriffsszenarien ***
---------------------------------------------
Forscher beschreiben Angriffsszenarien auf das Domain Name System, bei dem die Fragmentierung von IP-Paketen ausgenutzt wird.
---------------------------------------------
http://www.heise.de/security/meldung/DNS-Experten-diskutieren-Risiken-neuer…
*** Kankan - eine chinesische Trojaner-Geschichte ***
---------------------------------------------
Die Analysten von Eset haben eine mysteriöse Geschichte über einen Trojaner zusammengetragen, der vor allem in China Verbreitung fand. Die Bestandteile: infizierte PCs und Smartphones, ein reumütiger Software-Hersteller und mehrere offene Rätsel.
---------------------------------------------
http://www.heise.de/security/meldung/Kankan-eine-chinesische-Trojaner-Gesch…
*** Got a mobile phone? Then youve got a Trojan problem too ***
---------------------------------------------
This time it´s personal Something wonderful has happened: phones have got smart, but the bad news is they may open the door to those you don´t want to let in.
---------------------------------------------
http://www.theregister.co.uk/2013/10/18/feature_mobile_security_malware/
*** VMware Release Multiple Security Updates ***
---------------------------------------------
VMware released the following security updates. The first one is VMSA-2013-0012 which address multiple vulnerabilities in vCenter Server, vSphere Update Manager, ESXi and ESX. The second is VMSA-2013-0006.1 which address multiple vulnerabilities in vCenter Server Appliances and vCenter Server running on Windows. The last is VMSA-2013-0009.1 which address multiple vulnerabilities in vCenter Server, ESX and ESXi that updates third party libraries.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16847&rss
*** Fiendish CryptoLocker ransomware: Whatever you do, dont PAY ***
---------------------------------------------
Create remote backups before infection, advise infosec bods Vid A fiendishly nasty strain of Windows malware that uses advanced encryption to lock up user files before demanding a ransom is doing the rounds.
---------------------------------------------
http://www.theregister.co.uk/2013/10/18/cryptolocker_ransmware/
*** Sybase Adaptive Server Enterprise XML injection ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/88105
*** cPanel CloudFlare Plugin Unspecified Privilege Escalation Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55273
*** osCommerce Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks to Create New Admin Accounts ***
---------------------------------------------
http://www.securitytracker.com/id/1029189
*** Level One Enterprise Access Points Password Disclosure ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100123
*** Bugtraq: CSRF vulnerability in LinkedIn ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529270
*** Summary for October 2013 - Version: 1.1 ***
---------------------------------------------
http://technet.microsoft.com/en-za/security/bulletin/ms13-oct
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 16-10-2013 18:00 − Donnerstag 17-10-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
*** Bug Hunters Find 25 ICS, SCADA Vulnerabilities ***
---------------------------------------------
A trio of researchers have uncovered 25 security vulnerabilities in various supervisory control and data acquisition (SCADA) and industrial control system (ICS) protocols.
---------------------------------------------
http://threatpost.com/bug-hunters-find-25-ics-scada-vulnerabilities/102599
*** Researchers uncover holes that open power stations to hacking ***
---------------------------------------------
Hacks could cause power outages and dont need physical access to substations.
---------------------------------------------
http://arstechnica.com/security/2013/10/researchers-uncover-holes-that-open…
*** Raising awareness quickly: A look at basic password hygiene ***
---------------------------------------------
Rapid7s tips for strengthing your first line of defense
---------------------------------------------
http://www.csoonline.com/article/741540/raising-awareness-quickly-a-look-at…
*** Mass iFrame injection campaign leads to Adobe Flash exploits ***
---------------------------------------------
We´ve intercepted an ongoing malicious campaign, relying on injected/embedded iFrames at Web sites acting as intermediaries for a successful client-side exploits to take place. Let´s dissect the campaign, expose the malicious domains portfolio/infrastructure it relies on, as well as directly connect it with historical malicious activity, in this particular case, a social engineering campaign pushing fake browser updates.
---------------------------------------------
http://www.webroot.com/blog/2013/10/17/mass-iframe-injection-campaign-leads…
*** Top 20 Free Digital Forensic Investigation Tools for SysAdmins ***
---------------------------------------------
Here are 20 of the best free tools that will help you conduct a digital forensic investigation. Whether it´s for an internal human resources case, an investigation into unauthorized access to a server, or if you just want to learn a new skill, these suites and utilities will help you conduct memory forensic analysis, hard drive forensic analysis, forensic image exploration, forensic imaging and mobile forensics.
---------------------------------------------
http://www.gfi.com/blog/top-20-free-digital-forensic-investigation-tools-fo…
*** Hintergrund: Standardpasswörter kein Sicherheitsrisiko? ***
---------------------------------------------
Das ICS-CERT, zuständig für kritische Infrastruktur wie Staudämme und Atomkraftwerke, sagt Standardpasswörter stellen kein Sicherheitsrisiko dar solange sie gut dokumentiert und änderbar sind. Ist das wirklich so?
---------------------------------------------
http://www.heise.de/security/artikel/Standardpasswoerter-kein-Sicherheitsri…
*** Apple iMessage Open to Man in the Middle, Spoofing Attacks ***
---------------------------------------------
The Apple iMessage protocol has been shrouded in secrecy for years now, but a pair of security researchers have reverse-engineered the protocol and found that Apple controls the encryption key infrastructure for the system and therefore has the ability to read users´ text messages or decrypt them and hand them over at the order of a government agency.
---------------------------------------------
http://threatpost.com/apple-imessage-open-to-man-in-the-middle-spoofing-att…
*** IBM Storwize V7000 Unified Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55247
*** Bugtraq: PayPal Inc Bug Bounty #61 - Persistent Mail Encoding Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529250
*** Puppet Enterprise Dashboard Report YAML Handling Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55362
*** Drupal Context Mulitple Vulnerabilities ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100111
*** Drupal Simplenews Cross Site Scripting ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100112
*** Vuln: Cisco Identity Services Engine CVE-2013-5539 Arbitrary File Upload Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63031
*** Bugtraq: Security Advisory for Bugzilla 4.4.1, 4.2.7 and 4.0.11 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529262
*** Panda Security for Business Pagent.exe code execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/88091
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 15-10-2013 18:00 − Mittwoch 16-10-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
*** ORACLE Critical Patch Update - October 2013 ***
---------------------------------------------
Critical Patch Update - October 2013
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
** Follow-up **
*** Critical Java Update Plugs 51 Security Holes ***
---------------------------------------------
Oracle has released a critical security update that fixes at least 51 security vulnerabilities in its Java software. Patches are available for Linux, Mac OS X, Solaris and Windows versions of the software.
---------------------------------------------
http://krebsonsecurity.com/2013/10/java-update-plugs-51-security-holes/
*** Android-Verschlüsselung wurde verschlimbessert ***
---------------------------------------------
Android bevorzugt offenbar seit einigen Jahren für Internet-Verbindungen Verschlüsselungsverfahren, die eigentlich als geknackt gelten. Die Motivation dahinter ist unklar.
---------------------------------------------
http://www.heise.de/security/meldung/Android-Verschluesselung-wurde-verschl…
*** Google Fixes Three High-Risk Flaws in Chrome ***
---------------------------------------------
There is a trio of high-risk security vulnerabilities in Google Chrome that have been patched in a new version of the browser released on Tuesday. The vulnerabilities all are use-after-free bugs, and Google paid a total of $5,000 in rewards to researchers who discovered and reported them.
---------------------------------------------
http://threatpost.com/google-fixes-three-high-risk-flaws-in-chrome/102586
*** Registrar in Metasploit DNS Hijacking Not Duped by Fax ***
---------------------------------------------
Rapid7 said today that an employee at its registrar, Register.com, was duped out of their credentials leading to a DNS hijacking attack against the Rapid7 and Metasploit websites.
---------------------------------------------
http://threatpost.com/registrar-in-metasploit-dns-hijacking-not-duped-by-fa…
*** How Vulnerable Are Your Phishing Targets? ***
---------------------------------------------
How Vulnerable Are Your Phishing Targets?
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/10/16/how-vulne…
*** ASLR Bypass Apocalypse in Lately Zero-Day Exploits ***
---------------------------------------------
ASLR (Address Space Layout Randomization) is one of the most effective protection mechanisms in the modern operation system. However, there were many innovative ASLR bypass techniques used in recent APT attacks.
---------------------------------------------
http://www.fireeye.com/blog/technical/cyber-exploits/2013/10/aslr-bypass-ap…
*** Vulnerabilities Discovered in Global Vessel Tracking Systems ***
---------------------------------------------
Text by Marco Balduzzi and Kyle Wilhoit Trend Micro researchers have discovered that flaws in the AIS vessel tracking system can allow attackers to hijack communications of existing vessels, create fake vessels, trigger false SOS or collision alerts and even permanently disable AIS tracking on any vessel. Figure 1.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-…
*** Blog: Under Pressure ***
---------------------------------------------
Any online project - be it a long-lost blog, or a new start-up's web app - has a very important performance feature called a "maximum load". This indicator makes itself known when a web app either partially or fully fails to perform its assigned functions to process user requests.
---------------------------------------------
http://www.securelist.com/en/blog/8136/Under_Pressure
*** Yet another Bitcoin accepting E-shop offering access to thousands of hacked PCs spotted in the wild ***
---------------------------------------------
The never-ending supply of access to compromised/hacked PCs - the direct result of the general availability of DIY/cracked/leaked malware/botnet generating tools - continues to grow in terms of the number and variety of such type of underground market propositions.
---------------------------------------------
http://www.webroot.com/blog/2013/10/16/yet-another-bitcoin-accepting-e-shop…
*** Honeydroid: Android-Handy wird zur Hackerfalle ***
---------------------------------------------
Experten der Deutschen Telekom machen aus Android-Smartphones mobile Honeypots. So haben sie in drei Monaten über 10.000 Angriffe auf ein einzelnes Gerät im Mobilnetz protokollieren können.
---------------------------------------------
http://www.heise.de/security/meldung/Honeydroid-Android-Handy-wird-zur-Hack…
*** Convincing "Urgent Windows Error Fix" phishing email doing rounds ***
---------------------------------------------
A pretty convincing email phishing campaign is targeting one of the largest user bases out there - those who use Microsofts Windows OS - by taking advantage of the recent problems that the company has been having with updates.
---------------------------------------------
http://www.net-security.org/secworld.php?id=15779
*** HP Service Manager Bugs Permit Cross-Site Scripting, Information Disclosure, and Code Injection Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1029180
*** UbiDisk File Manager v2.0 iOS - Multiple Web Vulnerabilities ***
---------------------------------------------
http://www.exploit-db.com/exploits/28977
*** Apple iOS 7.0.2 SIM Lock Screen Display Bypass ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100103
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 14-10-2013 18:00 − Dienstag 15-10-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Fingerprinting Ubuntu OS Versions using OpenSSH ***
---------------------------------------------
Over the past couples weeks, I’ve been working on enhancing the operating system detection logic in the TrustKeeper Scan Engine. Having the capability to detect a target’s operating system can be very useful. Whether you’re performing a simple asset identification scan or doing an in depth review, this information helps you make more informed decisions. In this blog post, I’ll be talking about a technique that that you can use to fingerprint a server operating system
---------------------------------------------
http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/e7s2jWmx7bU/fingerprin…
*** October 2013 Security Bulletin Webcast, Q&A, and Slide Deck ***
---------------------------------------------
Today we’re publishing the October 2013 Security Bulletin Webcast Questions & Answers page. We fielded 11 questions during the webcast, with specific bulletin questions focusing primarily on the SharePoint (MS13-084) and Kernel-Mode Drivers (MS13-081) bulletins. There was one additional question that we were unable to answer on air, and we have included a response to that question on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday,
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/10/14/october-2013-security-bu…
*** Vuln: osCommerce products_id Parameter HTML Injection Vulnerability ***
---------------------------------------------
osCommerce is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
Hostile HTML and script code may be injected into vulnerable sections of the application. When an unsuspecting user visits the affected site and views the affected section, the attacker-supplied code is rendered in the user's browser in the context of that site.
osCommerce 2.3.3 is vulnerable. Other versions may also be affected.
---------------------------------------------
http://www.securityfocus.com/bid/62997
*** Insecurities in the Linux /dev/random ***
---------------------------------------------
New paper: "Security Analysis of Pseudo-Random Number Generators with Input: /dev/random is not Robust, by Yevgeniy Dodis, David Pointcheval, Sylvain Ruhault, Damien Vergnaud, and Daniel Wichs. Abstract: A pseudo-random number generator (PRNG) is a deterministic algorithm that produces numbers whose distribution is indistinguishable from uniform. A formal security model for PRNGs with input was proposed in 2005 by Barak and...
---------------------------------------------
https://www.schneier.com/blog/archives/2013/10/insecurities_in.html
*** Thousands of Sites Hacked Via vBulletin Hole ***
---------------------------------------------
Attackers appear to have compromised tens of thousands of Web sites using a security weakness in sites powered by the forum software vBulletin, security experts warn.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/Mc94cSf4_Mc/
*** Juniper Junos SRX Series Gateway Buffer Overflow in Telnet Firewall Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
Juniper Junos SRX Series Gateway Buffer Overflow in Telnet Firewall Lets Remote Users Execute Arbitrary Code
---------------------------------------------
http://www.securitytracker.com/id/1029175
*** Sensoren verraten Identität des Smartphones ***
---------------------------------------------
Die Messwerte eines Smartphones können den Benutzer wie ein digitaler Fingerabdruck verraten. Das haben Forscher der US-Universität Stanford nachgewiesen.
---------------------------------------------
http://futurezone.at/digital-life/sensoren-verraten-identitaet-des-smartpho…
*** Steam-Client verhilft Angreifern zu Systemrechten ***
---------------------------------------------
Die Windows-Version der Spieleplattform Steam enthält eine Schwachstelle, die es einem Angreifer ermöglicht, Schadcode mit Systemrechten auszuführen. Valve schweigt zu der Lücke.
---------------------------------------------
http://www.heise.de/security/meldung/Steam-Client-verhilft-Angreifern-zu-Sy…
*** We scanned the Internet for port 22 ***
---------------------------------------------
We scanned the entire Internet for port 22 - the port reserved for SSH, the protocol used by sysadmins to remotely log into machines. Unlike our normal scans of port 80 or 443, this generated a lot more abuse complaints, so I thought Id explain the scan.
---------------------------------------------
http://blog.erratasec.com/2013/09/we-scanned-internet-for-port-22.html
*** Blog: Pharmaceutical ‘phishing’ ***
---------------------------------------------
Adverts for medication to improve male sex drive are a staple of spam mailings. Like any other unsolicited messages, emails of this nature have evolved with time and today’s versions no longer merely contain promises of enahnced potency and a link to a site selling pills. In August and September we noted a series of mailings that used the names of well-known companies, that looked just like typical phishing messages. However, instead of a phishing site the links they contained led to an advert for “male medication”.
---------------------------------------------
http://www.securelist.com/en/blog/8135/Pharmaceutical_phishing
*** Cisco Video Surveillance 4000 Series IP Camera Analytics Page Hardcoded Credentials Security Issue ***
---------------------------------------------
A security issue has been reported in Cisco Video Surveillance 4000 Series IP Camera, which can be exploited by malicious people to bypass certain security restrictions.
The security issue is caused due to the device allowing access to the analytics page using hardcoded credentials, which can be exploited to gain access to an otherwise restricted video feed.
The security issue is reported in versions 2.4(0.1) and 3.1(0.52).
---------------------------------------------
https://secunia.com/advisories/55283
*** [2013-10-15] Multiple critical vulnerabilities in SpamTitan ***
---------------------------------------------
SpamTitan suffers from multiple critical vulnerabilities. Unauthenticated attackers are able to completely compromise the system and extract or manipulate database contents.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013…
*** WordPress security threats, protection tips and tricks ***
---------------------------------------------
To start off with, there are some things that you can do just once to improve the security of your WordPress blog or website, but you still have to always follow a number of rules while using WordPress. By following such rules you will be safe from most of the automated targeted WordPress attacks which typically spread like wild fires ...
---------------------------------------------
http://www.net-security.org/article.php?id=1895
*** D-link to Padlock Router Backdoor By Halloween ***
---------------------------------------------
D-Link will address by the end of October a security issue in some of its routers that could allow attackers to change the device settings without requiring a username and password.The issue consists of a backdoor-type function built into the firmware of some D-Link routers that can be used to bypass the normal authentication procedure on their Web-based user interfaces.
---------------------------------------------
http://www.cio.com/article/741414/D_link_to_Padlock_Router_Backdoor_By_Hall…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 11-10-2013 18:00 − Montag 14-10-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
*** 2013-10 Security Bulletin: Junos: GNU libc glob(3) GLOB_LIMIT Remote Denial of Service Vulnerability (CVE-2010-2632) ***
---------------------------------------------
The glob implementation in libc allows authenticated remote users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames. This vulnerability can be exploited against a device running Junos OS with FTP services enabled to launch a high CPU utilization partial denial of service attack.
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598
*** Top sites (and maybe the NSA) track users with 'device fingerprinting' ***
---------------------------------------------
May make it easier to follow privacy-minded users on the darknet.
---------------------------------------------
http://arstechnica.com/security/2013/10/top-sites-and-maybe-the-nsa-track-u…
*** Threat Refinement Ensues with Crypto Locker, SHOTODOR Backdoor ***
---------------------------------------------
In our 2013 Security Predictions, we anticipated that cybercriminals would focus on refining existing tools, instead of creating new threats. Two threats that both represent refinements of previously known threats show this effectively.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/threat-refinemen…
*** Critical Patch Update - October 2013 - Pre-Release Announcement ***
---------------------------------------------
Critical Patch Update - October 2013 - Pre-Release Announcement
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
*** Blackhole, Supreme No More ***
---------------------------------------------
Blackhole exploit kit has always been a favorite example when discussing the impact of kits to internet users. Weve previously mentioned in our posts how fast it was in supporting new vulnerabilities, how it was related to Cool, and that it was the leading kit in our telemetry data. Blackhole and Cool almost always had special mentions in our Threat Reports.
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002622.html
*** Debian Security Advisory DSA-2776 drupal6 ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2013/dsa-2776
*** Debian Security Advisory DSA-2777 systemd ***
---------------------------------------------
several vulnerabilities
---------------------------------------------
http://www.debian.org/security/2013/dsa-2777
*** Stabiles Debian 7.2 behebt Fehler und löst Sicherheitsprobleme ***
---------------------------------------------
Das Debian-Projekt aktualisiert die Linux-Distribution Debian 7 (Wheezy) auf Version 7.2 und behebt dabei eine lange Liste von Fehlern und schließt Sicherheitslöcher.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Stabiles-Debian-7-2-behebt-Fehler-un…
*** Google Chrome speichert Kreditkarten-Daten als Klartext ***
---------------------------------------------
Der Google-Browser Chrome ist einmal mehr unter Beschuss von Sicherheitsexperten. Diese kritisieren, dass Chrome sensible Daten als Klartext auf der Festplatte speichert.
---------------------------------------------
http://futurezone.at/produkte/google-chrome-speichert-kreditkarten-daten-al…
*** Security Bulletin: WebSphere eXtreme Scale Monitoring Console Web Vulnerabilities (CVE-2013-5390, CVE-2013-5393, CVE-2013-5394) ***
---------------------------------------------
Three web security vulnerabilities were identified in the WebSphere eXtreme Scale monitoring console, those being a cross site scripting vulnerability, a log-off processing weakness, and vulnerability to a phishing attack.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_web…
*** Back door found in D-Link routers ***
---------------------------------------------
D-secret is D-logon string allowing access to everything A group of embedded device hackers has turned up a vulnerability in D-Link consumer-level devices that provides unauthenticated access to the units admin interfaces.
---------------------------------------------
http://www.theregister.co.uk/2013/10/13/dlink_routers_have_admin_backdoor/
*** Spamvertised T-Mobile 'Picture ID Type:MMS' themed emails lead to malware ***
---------------------------------------------
The cybercriminals behind last week's profiled fake T-Mobile themed email campaign have resumed operations, and have just spamvertised another round of tens of thousands of malicious emails impersonating the company, in order to trick its customers into executing the malicious attachment, which in this case is once again supposedly a legitimate MMS notification message.
---------------------------------------------
http://www.webroot.com/blog/2013/10/14/spamvertised-t-mobile-picture-id-typ…
*** Captain, Where Is Your Ship Compromising Vessel Tracking Systems ***
---------------------------------------------
In recent years, automated identification systems (AIS) have been introduced to enhance ship tracking and provide extra safety to marine traffic, on top of conventional radar installations. AIS is currently mandatory for all passenger ships and commercial (non-fishing) ships over 300 metric tons. It works by acquiring GPS coordinates and exchanging vessel's position, course and ...
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/captain-where-is…
*** WordPress Cart66 Lite Plugin Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
WordPress Cart66 Lite Plugin Cross-Site Request Forgery Vulnerability
---------------------------------------------
https://secunia.com/advisories/55265
*** End User Devices Security Guidance: Windows 7 and Windows 8 ***
---------------------------------------------
This guidance is applicable to devices running Enterprise versions of Windows 7 and Windows 8, acting as client operating systems, which include BitLocker Drive Encryption, AppLocker and Windows VPN features.
---------------------------------------------
https://www.gov.uk/government/publications/end-user-devices-security-guidan…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 10-10-2013 18:00 − Freitag 11-10-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** WhatsApp Crypto Error Exposes Messages ***
---------------------------------------------
WhatsApp, a popular mobile message application, suffers from crypto implementation vulnerability that leaves messages exposed. Thijs Alkemade, a computer science student at Utrecht University in The Netherlands who works on the open source Adium instant messaging project, disclosed a serious issue this week with the encryption used to secure WhatsApp messages, namely that the same...
---------------------------------------------
http://threatpost.com/whatsapp-crypto-error-exposes-messages/102565
*** Some Bing Ads Redirecting To Malware ***
---------------------------------------------
An anonymous reader writes "Security firm ThreatTrack Security Labs today spotted that certain Bing ads are linking to sites that infect users with malware. Those who click are redirected to a dynamic DNS service subdomain which in turns serves the Sirefef malware from 109(dot)236(dot)81(dot)176. ThreatTrack notes that the scammers could of course be targeting other keywords aside from YouTube. The more popular the keywords, the bigger the potential for infection." Read more of
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/7RRrvRPB5JM/story01.htm
*** Top 15 Indicators Of Compromise ***
---------------------------------------------
In the quest to detect data breaches more quickly, indicators of compromise can act as important breadcrumbs for security pros watching their IT environments. Unusual activity on the network or odd clues on systems can frequently help organizations spot attacker activity on systems more quickly so that they can either prevent an eventual breach from happening -- or at least stop it in its earliest stages.
---------------------------------------------
http://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise…
*** Vuln: libtar th_read() Function Multiple Heap Buffer Overflow Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/62922
*** libtar "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities ***
---------------------------------------------
libtar "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/55138
*** Bugtraq: [security bulletin] HPSBMU02901 rev.1 - HP Business Process Monitor running on Windows, Remote Execution of Arbitrary Code and Disclosure of Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529117
*** Juniper Junos TCP Packet Handling Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55218
*** Juniper Junos Telnet Messages Handling Buffer Overflow Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55109
*** Hitachi JP1/VERITAS Backup Exec Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55261
*** Cisco Unified IP Phones 9900 Series webapp Interface Buffer Overflow Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55275
*** Dropbear SSH Server User Enumeration Weakness and Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55173
*** Network Security Services (NSS) Uninitialized Memory Read Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55050
*** InduSoft Thin Client ActiveX control buffer overflow ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87788
*** Security Bulletin: IBM InfoSphere Information Server Data Quality Console and Information Analyzer are vulnerable to cross-site request forgery attacks (CVE-2013-4056) ***
---------------------------------------------
A cross-site request forgery vulnerability exists in IBM InfoSphere Information Server Data Quality Console and Information Analyzer which can allow an attacker to trick a legitimate user into opening a URL that results in an action being taken as that user, potentially without the knowledge of that user. Any actions taken require the user being tricked to either be previously authenticated or to authenticate as part of the attack.
---------------------------------------------
https://www-304.ibm.com/support/docview.wss?uid=swg21652413
*** IBM WebSphere Message Broker and IBM Integration Bus Security Vulnerability: Multiple security vulnerabilities in IBM JREs 5 & 7 ***
---------------------------------------------
Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Message Broker for IBM JRE 5.0 SR16-FP3 (and earlier) and the IBM Java Runtime Environment component of IBM Integration Bus for JRE 7.0 SR5 (and earlier).
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_websphere_message…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 09-10-2013 18:00 − Donnerstag 10-10-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** BlackBerry Fixes Remote Code Vulnerability in BES10 ***
---------------------------------------------
Blackberry added to Patch Tuesdays patches with an update for its BlackBerry Enterprise Service 10 mobile device management product, fixing a remote code execution vulnerability.
---------------------------------------------
http://threatpost.com/blackberry-fixes-remote-code-vulnerability-in-bes10/1…
*** Unexpected IE Zero Day Used in Banking, Gaming Attacks ***
---------------------------------------------
Microsoft released a patch for a second zero-day vulnerability in Internet Explorer yesterday, one that caught administrators off-guard.
---------------------------------------------
http://threatpost.com/unexpected-ie-zero-day-used-in-banking-gaming-attacks…
*** vBulletin vuln opens backdoor to rogue accounts ***
---------------------------------------------
The workaround is easy, though The widespread vBulletin CMS has a vulnerability that allows remote attackers to create new administrative accounts.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/10/10/vbulletin_v…
*** Invensys Wonderware InTouch Improper Input Validation Vulnerability ***
---------------------------------------------
OVERVIEW: This advisory was originally posted to the US-CERT secure Portal library on October 03, 2013, and is now being released to the NCCIC/ICS-CERT-Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware InTouch application.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01
*** Quassel IRC SQL injection ***
---------------------------------------------
Topic: Quassel IRC SQL injection Risk: Medium Text: Please assign a CVE to the following issue: Quassel IRC is vulnerable to SQL injection on all current versions (0.9.0 being...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100064
*** McAfee Web Reporter Servlet Access Control Flaw Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1029154
*** MyBB Session Hijacking and Security Bypass Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54994
*** OXID eShop "searchrecomm" Cross-Site Scripting Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55193
*** Security Bulletin: Multiple IBM Eclipse Help System (IEHS) vulnerabilities used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467) ***
---------------------------------------------
IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed ships with IBM Eclipse Help System (IEHS). The IBM Eclipse Help System (IEHS) is vulnerable to: a XSS attacks, reading source code via a crafted URL and reading the debug information associated with the 500 HTTP status...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21651947
*** Multiple Vulnerabilities in Cisco ASA Software ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Multiple Vulnerabilities in Cisco Firewall Services Module Software ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** HP Intelligent Management Center Unspecified Flaws Let Remote Users Execute Arbitrary Code and Obtain Information ***
---------------------------------------------
http://www.securitytracker.com/id/1029164
*** HP Intelligent Management Center Multiple Flaws Lets Remote Users Bypass Authentication, Gain Unauthorized Acess, Inject SQL Commands, and Obtain Information ***
---------------------------------------------
http://www.securitytracker.com/id/1029165
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 08-10-2013 18:00 − Mittwoch 09-10-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** WhatsApp-Verschlüsselung ruft Zweifel hervor ***
---------------------------------------------
Dem Chefentwickler des IM-Clients Adium zufolge müssen WhatsApp-Nutzer alle bisher versandten Nachrichten als entschlüsselbar betrachten.
---------------------------------------------
http://www.heise.de/security/meldung/WhatsApp-Verschluesselung-ruft-Zweifel…
*** The October 2013 security updates ***
---------------------------------------------
This month we release eight bulletins - four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083. Our Bulletin Deployment Priority graph provides an overview of this month's priority releases...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/10/08/the-october-2013-securit…
*** Other Patch Tuesday Updates (Adobe, Apple), (Wed, Oct 9th) ***
---------------------------------------------
Adobe released two bulletins today: APSB13-24: Security update for RoboHelp http://www.adobe.com/support/security/bulletins/apsb13-24.html I dont remember seeing a pre-anouncement for this one. The update fixes an arbitrary code execution vulnerability (CVE-2013-5327) . Robohelp is only available for Window. APSB13-25: Security update for Adobe Acrobat and Adobe Reader http://www.adobe.com/support/security/bulletins/apsb13-25.html This update fixes a problem that was introduced in a recent
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16763&rss
*** September 2013 Virus Activity Overview ***
---------------------------------------------
October 1, 2013 The first autumn month in 2013 was marked by a number of important events that could have a profound impact on IT security in the future. In particular, in early September a dangerous backdoor that can execute commands from a remote server was discovered, and a bit later Doctor Webs analysts identified the largest known botnet comprised of more than 200,000 infected devices running Android. Overall, numerous malignant programs for this platform were found in September. Viruses
---------------------------------------------
http://news.drweb.com/show/?i=3962&lng=en&c=9
*** ENISA - Can we learn from SCADA security incidents - White Paper ***
---------------------------------------------
Security experts across the world continue to sound the alarm bells about the security of Industrial Control Systems (ICS). Industrial Control Systems look more and more like consumer PCs. They are used everywhere and involve a considerable amount of software, often outdated and unpatched. Recent security incidents in the context of SCADA and Industrial Control Systems emphasise greatly the importance of good governance and control of SCADA infrastructures.
---------------------------------------------
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrast…
*** Staying Stealthy: Passive Network Discovery with Metasploit ***
---------------------------------------------
One of the first steps in your penetration test is to map out the network, which is usually done with an active scan. In situations where you need to be stealthy or where active scanning may cause instability in the target network, such as in SCADA environments, you can run a passive network scan to avoid detection and reduce disruptions. A passive network scan stealthily...
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/10/09/passive-n…
*** Twitter Malware ***
---------------------------------------------
NCC Group has observed a sharp rise in threats using Twitter direct messages (often abbreviated to DMs) as a method of delivery over the last few months. These threats originate from compromised Twitter accounts. These accounts, once compromised, send direct messages to their followers. If received by email,...
---------------------------------------------
http://www.nccgroup.com/en/blog/2013/10/twitter-malware/
*** Alstom e-Terracontrol DNP3 Master Improper Input Validation ***
---------------------------------------------
OVERVIEW: Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in the Alstom e-terracontrol software. Alstom has produced a patch that mitigates this vulnerability. Adam Crain and Chris Sistrunk have tested the patch to validate that it resolves the vulnerability. This vulnerability could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-282-01
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 07-10-2013 18:00 − Dienstag 08-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-13-095-02 Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities that was published April 5, 2013, on the ICS-CERT Web page.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-095-02A
*** Quarian Group Targets Victims With Spearphishing Attacks ***
---------------------------------------------
The current generation of targeted attacks are getting more sophisticated and evasive. These attacks employ media-savvy stories in their social engineering themes to lure unsuspecting users. We have seen heightened activity by one of the groups, dubbed Quarian. It is believed to be targeting government agencies and embassies around the world including the United States. [...]
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/quarian-group-targets-victims-with-spea…
*** xinetd security update ***
---------------------------------------------
It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342)
---------------------------------------------
https://rhn.redhat.com/errata/RHSA-2013-1409.html
*** Hackerangriff auf WhatsApp ***
---------------------------------------------
Einer politische motivieren Hackergruppe ist es offenbar gelungen, die Kontrolle über die WhatsApp-Domain zu übernehmen.
---------------------------------------------
http://www.heise.de/security/meldung/Hackerangriff-auf-WhatsApp-1974342.html
*** ecoTrialog #9: Blackout ***
---------------------------------------------
NEA und USV sind im Datacenter seit vielen Jahren ein gängiger Begleiter – Welche Entwicklungen, Trends und Visionen zeigen uns die Lösungsanbieter? – Welche möglichen Fehler sind bei einer Planung zu vermeiden? Das ist das zentrale Thema des neunten ecoTrialogs in Ahrensburg bei Hamburg.
---------------------------------------------
http://datacenter.eco.de/2013/07/26/ecotrialog-10-blackout/
*** Ad Vulna: A Vulnaggressive (Vulnerable & Aggressive) Adware Threatening Millions ***
---------------------------------------------
FireEye researchers have discovered a rapidly-growing class of mobile threats represented by a popular ad library affecting apps with over 200 million downloads in total. This ad library, anonymized as “Vulna,” is aggressive at collecting sensitive data and is able to perform dangerous operations such as downloading and running new components on demand. Vulna is also plagued with various classes of vulnerabilities that enable attackers to turn Vulna’s aggressive behaviors against
---------------------------------------------
http://www.fireeye.com/blog/technical/2013/10/ad-vulna-a-vulnaggressive-vul…
*** Introducing Kvasir ***
---------------------------------------------
During our typical assessments we may analyze anywhere between 2,000 and 10,000 hosts for vulnerabilities, perform various exploitation methods such as account enumeration and password attempts, buffer/stack overflows, administrative bypasses, and others. ... We think this isn’t good enough which is why we are releasing our tool, Kvasir, as open source for you to analyze, integrate, update, or ignore. We like the tool a lot and we think it fills a missing key part of penetration testin
---------------------------------------------
http://blogs.cisco.com/security/introducing-kvasir/
*** CSAM - RFI with a small twist ***
---------------------------------------------
Logs are under appreciated. We all collect them, but in a majority of organisations you will find that they are only ever looked at once something has gone wrong. Which is unfortunately usually when people discover that either they didnt collect "that" log or timestamps are out of whack, log files rolled over, etc. Which is unfortunate because log files can tell you quite a bit of information as we are hoping to show throughout October as part of the Cyber Security Awareness Month.
---------------------------------------------
https://isc.sans.edu/diary/CSAM+-+RFI+with+a+small+twist/16748
*** Mehrere Verwundbarketen in Cisco Identity Services Engine ***
---------------------------------------------
Blind SQL Injection:
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
Sponsor Portal cross-frame scripting:
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
Parameter cross-site scripting:
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
---------------------------------------------
http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityN…
*** Cisco IOS Software DHCP Server remember Functionality Vulnerability ***
---------------------------------------------
An issue in the DHCP server code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause the device to reload. The issue is due to the remember functionality of the DHCP server. An attacker could exploit this issue by obtaining a lease and then releasing it. An exploit could allow the attacker to cause the affected device to reload.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013…
*** How the Bible and YouTube are fueling the next frontier of password cracking ***
---------------------------------------------
Crackers tap new sources to uncover "givemelibertyorgivemedeath" and other phrases.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/w9PZonWnTIA/story01…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 04-10-2013 18:00 − Montag 07-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Security Bulletin: Denial of Service Vulnerability in DB2 for Unix, Linux and Windowss Fast Communications Manager. (CVE-2013-4032) ***
---------------------------------------------
Vulnerability in IBM DB2 for Unix, Linux and Windows server products could allow arbitrary data sent to the Fast Communications Manager (FCM) to cause server denial of service. CVE(s): CVE-2013-4032
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_den…
*** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) ***
---------------------------------------------
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) CVE(s): CVE-2013-4066, and CVE-2013-4067
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…
*** Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-25) ***
---------------------------------------------
A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat security updates scheduled for Tuesday, October 8, 2013. There are no known exploits in the wild for these updates. We will continue to provide updates …
---------------------------------------------
http://blogs.adobe.com/psirt/2013/10/prenotification-upcoming-security-upda…
*** Cisco NX-OS RIP denial of service ***
---------------------------------------------
Cisco NX-OS is vulnerable to a denial of service, caused by an error in the Routing Information Protocol (RIP) service engine. By sending a specially-crafted RIPv4 or RIPv6 message to UDP port 520, a remote attacker could exploit this vulnerability to cause the RIP service engine to restart.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87669
*** Cisco NX-OS configuration files information disclosure ***
---------------------------------------------
Cisco NX-OS could allow a remote authenticated attacker to obtain sensitive information, caused by the improper sanitization of configuration files. By accessing the Cisco NX-OS management interface as a network-operator, an attacker could exploit this vulnerability to view restricted information within configuration files.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87670
*** The Hail Mary Cloud and the Lessons Learned ***
---------------------------------------------
badger.foo writes "Against ridiculous odds and even after gaining some media focus, the botnet dubbed The Hail Mary Cloud apparently succeeded in staying under the radar and kept compromising Linux machines for several years. This article sums up the known facts about the botnet and suggests some practical measures to keep your servers safe." Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QrqADehWUPU/story01.htm
*** Why the state of application security is not so healthy ***
---------------------------------------------
Web applications are often a common portal for breaches, so why arent they being better protected?
---------------------------------------------
http://www.csoonline.com/article/740164/why-the-state-of-application-securi…
*** [local] - FreeBSD Intel SYSRET Kernel Privilege Escalation Exploit ***
---------------------------------------------
* FreeBSD 9.0 Intel SYSRET Kernel Privilege Escalation exploit
* Author by CurcolHekerLink
*
* This exploit based on open source project, I can make it open source too. Right?
---------------------------------------------
http://www.exploit-db.com/exploits/28718
*** Cybercrime in the Deep Web ***
---------------------------------------------
Earlier, we published a blog post talking about the recent shut down of the Silk Road marketplace. There, we promised to release a new white paper looking at cybercrime activity on the Deep Web in more detail. This paper can now be found on our site here. While the Deep Web has often been uniquely associated […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroCybercrime in the Deep Web
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/RYkDXfurPWU/
*** Aanval SAS Cross-Site Scripting and SQL Injection Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities have been discovered in Aanval SAS, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/55134
*** Abzockversuche: Anbieter werben mit angeblichem iOS-7-Jailbreak ***
---------------------------------------------
Viele iPhone-Nutzer warten sehnsüchtig auf ein Jailbreak-Tool für iOS 7 – und einige von ihnen fallen auf Abzocker herein. Ein Test zeigt, wie die Masche funktioniert.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Abzockversuche-Anbieter-werben-mit-a…
*** Philips Xper Connect HTTP Request Handling Buffer Overflow Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Philips Xper Connect, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error when handling HTTP requests and can be exploited to cause a heap-based buffer overflow by sending a specially crafted HTTP request to TCP port 6000.
---------------------------------------------
https://secunia.com/advisories/55152
*** Door Control Systems: An Examination of Lines of Attack ***
---------------------------------------------
In this blog post, we shall show that there are serious security vulnerabilities in one of the market-leading door control systems, and that these can be exploited not only to gain physical access to secure premises, but also to obtain confidential information about the organisation to whom the premises belong.
---------------------------------------------
http://www.nccgroup.com/en/blog/2013/09/door-control-systems-an-examination…
*** McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshaled Object Arbitrary Code Execution Vulnerability ***
---------------------------------------------
Andrea Micalizzi has discovered a vulnerability in McAfee Web Reporter Premium, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the application not properly restricting access to the invoker/EJBInvokerServlet and invoker/JMXInvokerServlet servlets within Apache Tomcat, which can be exploited to deploy and execute arbitrary Java code by sending a specially crafted marshaled object to TCP port 9111.
---------------------------------------------
https://secunia.com/advisories/55112
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 03-10-2013 18:00 − Freitag 04-10-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Adobe Preparing Critical Patches for Reader, Acrobat Next Week ***
---------------------------------------------
Adobe has announced that it plans next week to patch critical vulnerabilities in two products, Adobe Reader and Acrobat XI (11.0.04) for Windows.
---------------------------------------------
http://threatpost.com/adobe-preparing-critical-patches-for-reader-acrobat-n…
*** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) ***
---------------------------------------------
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) CVE(s): CVE-2013-4066, CVE-2013-4067 Affected product(s) and affected version(s): IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…
*** Hacking Summit Names Nations With Cyberwarfare Capabilities ***
---------------------------------------------
In 2009, I read with great interest a paper published in the Journal of International Security Affairs titled The Art of (Cyber) War. In this paper, Brian M. Mazanec explained the People's Republic of China was interested in cyberwarfare and had improved its capabilities to conduct military operations in the cyberspace.
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/hacking-summit-names-nations-with-cyber…
*** AIX printer commands vulnerability (CVE-2013-5419) ***
---------------------------------------------
AIX printer commands vulnerability. CVE(s): CVE-2013-5419 Affected product(s) and affected version(s): AIX 6.1 and 7.1 releases Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc
X-Force Database: http://xforce.iss.net/xforce/xfdb/87481
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/aix_printer_commands_…
*** CSAM: Web Honeypot Logs, (Thu, Oct 3rd) ***
---------------------------------------------
Todays logs come from a honeypot. The fun part about honeypots is that you dont have to worry about filtering out "normal" logs. Usually I check the honeypot for anything new and interesting first, then look on my real web server to figure out if I see similar attacks. In the real web server, these attack would otherwise drown in the noise. SSL Conection to a web server not supporting SSL Invalid method in request \x80w\x01\x03\x01 The first few bytes of the request are interpreted
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16718&rss
*** Blog: Ekoparty Security Conference 2013 ***
---------------------------------------------
The Ekoparty Security Conference 2013 was held in the beautiful city of Buenos Aires, Argentina, from 25 to 27 September, This event,the most important security conference in Latin America, is now in is ninth year and was attended by 1,500 people
---------------------------------------------
http://www.securelist.com/en/blog/208214073/Ekoparty_Security_Conference_20…
*** Adobe To Announce Source Code, Customer Data Breach ***
---------------------------------------------
Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its Cold Fusion Web application platform, and possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/jWJBDb7eE-o/
*** October Patch Tuesday Preview (CVE-2013-3893 patch coming!) ***
---------------------------------------------
So far, we got pre-announcements from Microsoft and Adobe. Microsoft promises 8 bulletins, split evenly between critical and important. The critical bulletins affect Windows, Internet Explorer and the .Net framework, while the important bulletins affect Office and Silverlight. So this sounds like an average, very client heavy patch Tuesday. On the server end, only Sharepoint server (again) and Office Server are affected. Important: The cumulative IE update included will include a patch for
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16721&rss
*** EMC Atmos Unauthenticated Database Access ***
---------------------------------------------
Topic: EMC Atmos Unauthenticated Database Access Risk: High Text:ESA-2013-062: EMC Atmos Unauthenticated Database Access Vulnerability EMC Identifier: ESA-2013-062 CVE Identifier: C...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100034
*** SQL injection vulnerability in Zabbix ***
---------------------------------------------
The monitoring solution Zabbix is vulnerable to SQL injection. Attackers are able to gain access to database contents or elevate privileges and even take over the monitoring system.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013…
*** Commercially available Blackhat SEO enabled multi-third-party product licenses empowered VPSs spotted in the wild ***
---------------------------------------------
In this post, I'll discuss a recent example of standardization, in particular, a blackhat SEO friendly VPS (Virtual Private Server) that comes with over a dozen multi-blackhat-seo-friendly product licenses from third-party products integrated. It empowers potential customers new to this unethical and potentially fraudulent/malicious practice with everything they need to hijack legitimate traffic from major search engines internationally.
---------------------------------------------
http://www.webroot.com/blog/2013/10/04/commercially-available-blackhat-seo-…
*** Certain HP FutureSmart MFP, Weak PDF Encryption, Local Disclosure of Information ***
---------------------------------------------
Potential security vulnerabilities have been identified with certain HP FutureSmart LaserJet printers. The vulnerabilities might lead to weak encryption of PDF documents or local disclosure of scanned information. References: CVE-2013-4828 (SSRT101249) CVE-2013-4829 (SSRT101327)
---------------------------------------------
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n…
*** Apple OS X Directory Services Authentication Flaw Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
OS X v10.8.5 Supplemental Update Directory Services Available for: OS X Mountain Lion v10.8 to v10.8.5 Impact: A local user may modify Directory Services records with system privileges Description: A logic issue existed in Directory Servicess verification of authentication credentials allowing a local attacker to bypass password validation. The issue was addressed through improved credential validation.
---------------------------------------------
http://support.apple.com/kb/HT5964
*** Hintergrund: Todesurteil für Verschlüsselung in den USA ***
---------------------------------------------
Die Anordnung eines US-Gerichts, Ermittlungsbeamten den geheimen Schlüssel zu übergeben, mit dem sie Zugriff auf die Daten aller Lavabit-Kunden erhielten, ruiniert den letzten Rest Vertrauen in die amerikanischen Cloud-Anbieter.
---------------------------------------------
http://www.heise.de/security/artikel/Todesurteil-fuer-Verschluesselung-in-d…
*** Corel PaintShop Pro X5 / X6 Insecure Library Loading Vulnerability ***
---------------------------------------------
Corel PaintShop Pro X5 / X6 Insecure Library Loading Vulnerability
---------------------------------------------
https://secunia.com/advisories/53618
*** McAfee Agent Framework Service Denial of Service Vulnerability ***
---------------------------------------------
McAfee Agent Framework Service Denial of Service Vulnerability
---------------------------------------------
https://secunia.com/advisories/55158
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 02-10-2013 18:00 − Donnerstag 03-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Cisco IOS XR Software Memory Exhaustion Vulnerability ***
---------------------------------------------
Cisco IOS XR Software Memory Exhaustion Vulnerability
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** IBM WebSphere MQ Security Vulnerability: Multiple security vulnerabilities in IEHS ***
---------------------------------------------
Multiple security vulnerabilities exist in the IBM Eclipse Help System which is used to provide the product Information Centers for IBM WebSphere MQ and IBM WebSphere MQ File Transfer Edition. Debug Information displayed in browser (CVE-2013-0599) - XSS Alert vulnerability (CVE-2013-0464) - Application source code can be downloaded (CVE-2013-0467)
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_websphere_mq_secu…
*** Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service ***
---------------------------------------------
Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service
---------------------------------------------
http://www.exploit-db.com/exploits/28679
*** IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code ***
---------------------------------------------
IBM SPSS Collaboration and Deployment Services Unspecified Flaws Let Remote Users Execute Arbitrary Code
---------------------------------------------
http://www.securitytracker.com/id/1029117
*** SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution ***
---------------------------------------------
SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100017
*** Bugtraq: RootedCON 2014 - Call For Papers ***
---------------------------------------------
RootedCON 2014 - Call For Papers
---------------------------------------------
http://www.securityfocus.com/archive/1/528963
*** Denial of service vulnerability in Citrix NetScaler ***
---------------------------------------------
A Citrix NetScaler component is affected by a denial of service vulnerability. Attackers can keep the appliance in a constant reboot loop resulting in total loss of availability.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2013…
*** Tor and the Silk Road takedown ***
---------------------------------------------
Weve had several requests by the press and others to talk about the Silk Road situation today. We only know whats going on by reading the same news sources everyone else is reading. In this case weve been watching carefully to try to learn if there are any flaws with Tor that we need to correct. So far, nothing about this case makes us think that there are new ways to compromise Tor (the software or the network).
---------------------------------------------
https://blog.torproject.org/blog/tor-and-silk-road-takedown
*** Survey Finds Manufacturers Afflicted with a False Sense of Cyber Security ***
---------------------------------------------
Though manufacturers think they're doing a better job safeguarding data, cybersecurity breaches are increasing. So says a PricewaterhouseCoopers (PwC) study, which finds that "while organizations have made significant security improvements, they have not kept pace with today's determined adversaries."
---------------------------------------------
http://news.thomasnet.com/IMT/2013/10/02/survey-finds-manufacturers-afflict…
*** The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins ***
---------------------------------------------
here are 20 of the best free tools for monitoring devices, services, ports or protocols and analysing traffic on your network. Even if you may have heard of some of these tools before, we're sure you'll find a gem or two amongst this list ...
---------------------------------------------
http://www.gfi.com/blog/the-top-20-free-network-monitoring-and-analysis-too…
*** 18 Free Security Tools for SysAdmins ***
---------------------------------------------
Here are 18 of the best free security tools for password recovery, password management, penetration testing, vulnerability scanning, steganography and secure data wiping. ... Even if you may have heard of some of these tools before, I'm confident that you'll find a gem or two amongst this list.
---------------------------------------------
http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/
*** Could the EU cyber security directive cost companies billions? ***
---------------------------------------------
Many of the world's largest enterprises are not prepared for the new European Union Directive on cyber security, which states that organizations that do not have suitable IT security in place to protect their digital assets will face extremely heavy fiscal penalties. The directive, which was adopted in July this year, will require that organizations circulate early warnings of cyber risks and incidents, and that actual security incidents are reported to cyber security authorities.
---------------------------------------------
http://www.net-security.org/secworld.php?id=15694
*** On Anonymous ***
---------------------------------------------
Gabriella Coleman has published an interesting analysis of the hacker group Anonymous: Abstract: Since 2010, digital direct action, including leaks, hacking and mass protest, has become a regular feature of political life on the Internet. The source, strengths and weakness of this activity are considered in this paper through an in-depth analysis of Anonymous, the protest ensemble that has been...
---------------------------------------------
https://www.schneier.com/blog/archives/2013/10/on_anonymous.html
*** RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue ***
---------------------------------------------
RuggedCom Rugged Operating System Alarms Configuration Security Bypass Security Issue
---------------------------------------------
https://secunia.com/advisories/55153
*** Ryan Naraine on Virus Bulletin 2013, Zero Days and Cyberwarfare ***
---------------------------------------------
Dennis Fisher talks with Ryan Naraine about the news from the Virus Bulletin 2013 conference, whether the use of zero days is overrated and the collateral damage that can result from cyberwarfare attacks.
---------------------------------------------
http://threatpost.com/ryan-naraine-on-virus-bulletin-2013-zero-days-and-cyb…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 01-10-2013 18:00 − Mittwoch 02-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** CSAM! Send us your logs!, (Tue, Oct 1st) ***
---------------------------------------------
Today is the beginning of Cyber Security Awareness Month. Apparently the months official theme is "Our Shared Responsibility," We at the SANS Internet Storm Center want your logs! Send us packets, malware, all your logs, log snippets, observations, things that go bump on the net, things that make you go HMMMM, or just send us email to discuss InfoSec. What can we do as individuals to increase information security and encourage secure practices among co-workers, friends, and family?
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16691&rss
*** Apple Spikes As Phishing Target ***
---------------------------------------------
According to news stories, Apple is now the most valuable brand in the world. One party that would agree: cybercriminals, who are now targeting Cupertino in increasing numbers. Earlier in the year, the number of identified Apple phishing sites would only be in the hundreds per month, as seen in the chart below: Figure 1. […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroApple Spikes As Phishing Target
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/rwX5MEZpPOs/
*** VLC Media Player Buffer Overflow in MP4A Packetizer Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
A remote user can create a specially crafted file that, when loaded by the target user, will trigger a buffer overflow in the mp4a packetizer and execute arbitrary code on the target system. The code will run with the privileges of the target user.
---------------------------------------------
http://www.securitytracker.com/id/1029120
*** "microsoft support" calls - now with ransomware, (Wed, Oct 2nd) ***
---------------------------------------------
Most of us are familiar with the "microsoft support" call. A phone call is received, the person states they are from "microsoft support" and they have been alerted that your machine is infected. The person will assist you by having you install a remote desktop tool such as teamviewer or similar (we have seen many different versions). Previously they would install software that would bug you until you paid the "subscription fee". As the father of a friend found
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16703&rss
*** Bugtraq: Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies ***
---------------------------------------------
in <..> I showed a elaborated way for privilege elevation using IExpress (and other self-extracting) installers containing *.MSI or *.MSP which works "in certain situations".
The same IExpress installer(s) but allow a TRIVIAL to exploit privilege escalation which works in all situations too:
Proof of concept (run on a fully patched Windows 7 SP1):
---------------------------------------------
http://www.securityfocus.com/archive/1/528955
*** Gate: LG teilt Smartphones in zwei Hälften ***
---------------------------------------------
Auch LG versucht, dem Thema BYOD den Schrecken zu nehmen. Gate splittet das Smartphone hierzu in zwei Bereiche: einen für Berufliches, einen für Privates.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Gate-LG-teilt-Smartphones-in-zwei-Ha…
*** Zero-Day-Lücke im Internet Explorer im Visier von Cyberkriminellen ***
---------------------------------------------
Integration ins Metasploit-Framework erlaubt einfache Ausnutzung
---------------------------------------------
http://derstandard.at/1379292812878
*** Zero Days Are Not the Bugs You’re Looking For ***
---------------------------------------------
BERLIN–The technology industry often is used by politicians, executives and others as an example of how to adapt quickly and shift gears in the face of disruptive changes. But the security community has been doing defense in basically the same way for several decades now, despite the fact that the threat landscape has changed dramatically, […]
---------------------------------------------
http://threatpost.com/zero-days-are-not-the-bugs-youre-looking-for/102481
*** PolarSSL RSA Private Key Recovery Weakness ***
---------------------------------------------
A weakness has been reported in PolarSSL, which can be exploited by malicious people to disclose certain sensitive information.
...
The weakness is reported in versions prior to 1.2.9 and 1.3.0.
---------------------------------------------
https://secunia.com/advisories/55084
*** Siemens Scalance X-200 Series Switches Authentication Security Bypass Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Siemens Scalance X-200 Series Switches, which can be exploited by malicious people to bypass certain security restrictions.
...
The vulnerability is reported in the following products and versions:
* SCALANCE X-200 versions prior to 4.5.0.
---------------------------------------------
https://secunia.com/advisories/55126
*** A History of Hard Conditions: Exploiting Linksys CVE-2013-3568 ***
---------------------------------------------
Earlier this summer Craig Young posted on Bugtraq about a root command injection vulnerability on the Linksys WRT110 router.
...
Our awesome Joe Vennix figured out the vulnerability and how to exploit it to get a session, even on a restricted Linux environment like the Linksys one. Since the experience can be useful for others exploiting embedded devices, here it is!
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/10/02/a-history…
*** Researchers Ponder When to Notify Users of Public Vulnerability Exploits ***
---------------------------------------------
BERLIN–Just whispering the words “vulnerability disclosure” within earshot of a security researcher or vendor security response team members can put you in fear for your life these days. The debate is so old and worn out that there is virtually nothing new left to say or chew on at this point. However, the question of […]
---------------------------------------------
http://threatpost.com/researchers-ponder-when-to-notify-users-of-public-vul…
*** ZeroAccess: The Most Profitable Botnet ***
---------------------------------------------
In March of this year, researchers on Symantecs Security Response team began looking at ways in which they might be able to "sinkhole" (takedown) ZeroAcess — one of the worlds largest botnets. But then… in late June, the botnet started updating itself, removing the flaw that the researchers hoped to take advantage of. Faced with the choice of some or nothing, the team moved to sinkhole what they could. And that was over 500,000 bots.A very commendable effort!Ross Gibb and
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002614.html
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 30-09-2013 18:00 − Dienstag 01-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Asus RT-N66U 3.0.0.4.374_720 Cross Site Request Forgery ***
---------------------------------------------
The Asus RT-N66U is a home wireless router. Its web application has a CSRF vulnerability that allows an attacker to execute arbitrary commands on the target device.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090194
*** What kind of target are you? ***
---------------------------------------------
Some attackers want money or data, while others hope to make you look bad. What do you have that might put you on a hackers hit list?
---------------------------------------------
http://www.csoonline.com/article/740614/what-kind-of-target-are-you-?source…
*** BYOD: Eigenes Handy als Notlösung ***
---------------------------------------------
Neue Studie zeigt: Eigene Geräte im Beruf verwenden die meisten Anwender nur, weil ihnen die IT nicht die ausreichende Ausrüstung bieten kann für diese Mitarbeiter ist Bring Your Own Device eine Notlösung.
---------------------------------------------
http://www.heise.de/newsticker/meldung/BYOD-Eigenes-Handy-als-Notloesung-19…
*** Blog: Ad Plus instead of AdBlock Plus ***
---------------------------------------------
Fake and malicious AdBlock Plus brings to your Android not an Ad protection but more Ad than even before.
---------------------------------------------
http://www.securelist.com/en/blog/208214071/Ad_Plus_instead_of_AdBlock_Plus
*** Hand Me Downs: Exploit and Infrastructure Reuse Among APT Campaigns ***
---------------------------------------------
Since we first reported on Operation DeputyDog, at least three other Advanced Persistent Threat (APT) campaigns known as Web2Crew, Taidoor, and th3bug have made use of the same exploit to deliver their own payloads to their own targets.
---------------------------------------------
http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/hand-me-downs-…
*** Open-Xchange AppSuite multiple session hijacking ***
---------------------------------------------
Open-Xchange AppSuite multiple session hijacking
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87557
*** Open-Xchange AppSuite /ajax/defer servlet CRLF injection ***
---------------------------------------------
Open-Xchange AppSuite /ajax/defer servlet CRLF injection
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87558
*** Sweet murmuring Siri opens stalking security hole in iOS 7 ***
---------------------------------------------
Siri, hand over my contacts and history now. It has not been a good week for Apple on the security front, and theres no relief in sight after an Israeli researcher found a way to access a locked iPhones contacts and messages database using Siri.
---------------------------------------------
http://www.theregister.co.uk/2013/09/30/sweettalking_siri_opens_stalking_se…
*** World War C: Understanding Nation-State Motives Behind Today´s Advanced Cyber Attacks ***
---------------------------------------------
This report describes the unique characteristics of cyber attack campaigns waged by governments worldwide. We hope that, armed with this knowledge, security professionals can better identify their attackers and tailor their defenses accordingly...
---------------------------------------------
http://www.fireeye.com/resources/pdfs/fireeye-wwc-report.pdf
*** It´s your digital life. Being safer online - citizens in focus of 1st European Cyber Security Month ***
---------------------------------------------
The EU´s cyber security agency ENISA, together with the European Commission´s DG CONNECT, is launching the first fully fledged European Cyber Security Month campaign. During the month of October, more than 40 public and private stakeholders will promote cyber security among citizens and children, and advocate for a change in the perception of cyber-threats.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/it2019s-your-digital-life-b…
*** PayPal: Zweiter Faktor optional ***
---------------------------------------------
Die iOS-App des Bezahldienstes PayPal kann sich ohne zusätzlichen Code aus Hardware-Token oder SMS beim Server anmelden, selbst wenn der Benutzer Zwei-Faktor-Authentifizierung aktiviert hat. Das führt das Sicherheitskonzept ad absurdum.
---------------------------------------------
http://www.heise.de/security/meldung/PayPal-Zweiter-Faktor-optional-1970328…
*** Quarter of TWO-MILLION-strong zombie PC army lured to their deaths ***
---------------------------------------------
Pied piper Symantec says it led infected computers into sinkhole Symantec has claimed credit for luring a significant lump of the powerful ZeroAccess botnet into a sinkhole.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/10/01/zeroaccess_…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 27-09-2013 18:00 − Montag 30-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** IBM WebSphere DataPower XC10 unauthorized access ***
---------------------------------------------
An unspecified vulnerability in IBM WebSphere DataPower could allow unauthenticated access to administrative operations and data.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87299
*** Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-0585, CVE-2013-3034, CVE-2013-3040 and CVE-2013-0599) ***
---------------------------------------------
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-0585, CVE-2013-3034, CVE-2013-3040 and CVE-2013-0599) CVE(s): CVE-2013-0585 , CVE-2013-3034 , CVE-2013-3040 , CVE-2013-0599, CVE-2013-0585, CVE-2013-3034, CVE-2013-3040, and CVE-2013-0599 Affected product(s) and affected version(s): IBM InfoSphere Information Server versions 8.1, 8.5, 8.7, 9.1.0, and 9.1.2 running on all platforms
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…
*** Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for JSON Hijacking Attack (CVE-2013-3041) ***
---------------------------------------------
A JSON Hijacking Attack vulnerability exists in IBM Rational ClearQuest Web Client. CVE(s): CVE-2013-3041 Affected product(s) and affected version(s): Upgrade to IBM Rational ClearQuest version: 7.1.2.12, 8.0.0.8, or 8.0.1.1 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21648086 X-Force Database: http://xforce.iss.net/xforce/xfdb/84724
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul…
*** Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for Cross-Site Request Forgery (CVE-2013-0598) ***
---------------------------------------------
A Cross-Site Request Forgery (CSRF) Attack vulnerability exists in IBM Rational ClearQuest Web Client CVE(s): CVE-2013-0598 Affected product(s) and affected version(s): Rational ClearQuest Web v7.1 through 7.1.2.10, v8.0 through 8.0.0.7, and v8.0.1 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21648665 X-Force Database: http://xforce.iss.net/xforce/xfdb/83611
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vul…
*** Security Bulletin: Multiple JRE vulnerabilities addressed in IBM Sterling Secure Proxy (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169) ***
---------------------------------------------
The IBM JRE embedded in the IBM Sterling Secure Proxy Configuration Manager has security vulnerabilities that affect SSL connections to the configuration GUI. CVE(s): CVE-2013-0440, CVE-2013-0443, and CVE-2013-0169 Affected product(s) and affected version(s): Sterling Secure Proxy 3.4.1 Sterling Secure Proxy 3.4.0 Sterling Secure Proxy 3.3.01 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…
*** As Hurricane Season Looms, Its Disaster-Preparedness Time ***
---------------------------------------------
Nervals Lobster writes "In 2012, hurricane Sandy smacked the East Coast and did significant damage to New Jersey, New York City, and other areas. Flooding knocked many datacenters in Manhattan offline, temporarily taking down a whole lot of Websites in the process. Now that fall (and the tail end of hurricane season) is upon us again, any number of datacenters and IT companies are probably looking over their disaster-preparedness checklists in case another storm comes barreling through.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fMCJ586KPYE/story01.htm
*** Internet-Ombudsmann warnt vor Onlineshop-Falle ***
---------------------------------------------
Der österreichische Internet-Ombudsmann warnt vor der Firma Factory Store OHG, da sie angeblich Kunden mit günstigen Angeboten in eine Falle lockt.
---------------------------------------------
http://www.heise.de/security/meldung/Internet-Ombudsmann-warnt-vor-Onlinesh…
*** Gesicherte BlackBerrys in Deutschland zugelassen ***
---------------------------------------------
Ein vom Düsseldorfer Anbieter Secusmart abgesichertes BlackBerry-Modell wurde in Deutschland die Zulassung für den Dienstgebrauch in Regierungsbehörden erteilt.
---------------------------------------------
http://futurezone.at/digital-life/gesicherte-blackberrys-in-deutschland-zug…
*** ReadMore CMS Multiple Vulnerability ***
---------------------------------------------
Topic: ReadMore CMS Multiple Vulnerability
Risk: Medium
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090190
*** Metasploit creator seeks crowds help for vuln scanning ***
---------------------------------------------
Project Sonar combines tools, data and research Security outfit Rapid7 has decided that theres just too much security vulnerability information out there for any one group to handle, so its solution is to try and crowd-source the effort.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/09/30/hd_more_see…
*** The Ghost in the (Portable) Machine: Securing Mobile Banking ***
---------------------------------------------
Online banking is one of the many tasks that have been made more convenient by mobile technology. Now, users can purchase products and/or services, pay their bills and manage their finances from anywhere, and anytime. However, there are threats against mobile banking exist, which need to be addressed and secured against. Some of these threats […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroThe Ghost in the (Portable) Machine: Securing Mobile Banking
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ftep24zpfWE/
*** Wordpress 3.7 Beta 1 verspricht mehr Sicherheit ***
---------------------------------------------
Das Wordpress-Projekt hat beschlossen, den Release-Zyklus für Version 3.7 zu verkürzen und bereits die erste Betaversion veröffentlicht. Wordpress 3.7 Beta 1 bringt vor allem einige neue Funktionen, die die Sicherheit der Blog-Software erhöhen sollen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Wordpress-3-7-Beta-1-verspricht-mehr…
*** Bugtraq: [IBliss Security Advisory] Cross-site scripting ( XSS ) in PHP IDNA Convert ***
---------------------------------------------
PHP Net_IDNA is a class to convert between the Punycode and Unicode formats. Punycode is a standard described in RFC 3492 and part of IDNA
(Internationalizing Domain Names in Applications [RFC3490]) . This class allows PHP scripts to convert these domain names without having one of
the PHP extensions installed. It supports both IDNA 2003 and IDNA 2008.
---------------------------------------------
http://www.securityfocus.com/archive/1/528934
*** Sicherheit von SHA-3 angeblich verringert ***
---------------------------------------------
Forscher werfen dem NIST vor, den SHA-3-Algorithmus Keccak für die Standardisierung durch Modifikationen unsicherer zu machen. Sichere Hashverfahren werden insbesondere für digitale Signaturen und Integritätschecks von Software benötigt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Kryptographie-NIST-will-angeblich-Si…
*** Emerson Multiple Products Security Issue and Arbitrary Code Execution Vulnerability ***
---------------------------------------------
Emerson Multiple Products Security Issue and Arbitrary Code Execution Vulnerability
---------------------------------------------
https://secunia.com/advisories/54936
*** Needle in a Haystack: Detecting Zero-Day Attacks ***
---------------------------------------------
People often ask me what differentiates FireEye from its rivals. The real question is “What should I look for in a solution to advanced persistent threats, regardless of the provider?” (And while I can rattle off a long list of … Continue reading →
---------------------------------------------
http://www.fireeye.com/blog/corporate/2013/09/needle-in-a-haystack-detectin…
*** 7 Sneak Attacks Used By Todays Most Devious Hackers ***
---------------------------------------------
Here are some of the latest techniques of note that have piqued my interest as a security researcher and the lessons learned. Some stand on the shoulders of past malicious innovators, but all are very much in vogue today as ways to rip off even the savviest users.
---------------------------------------------
http://www.cio.com/article/740598/7_Sneak_Attacks_Used_By_Today_s_Most_Devi…
*** Apache Camel Simple Language Expression Arbitrary Code Execution Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Apache Camel, which can be exploited by malicious users to compromise an application using the framework.
---------------------------------------------
https://secunia.com/advisories/54888
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 26-09-2013 18:00 − Freitag 27-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Time For a Change in Security Thinking, Experts Say ***
---------------------------------------------
WASHINGTON Security, like a lot of other things, tends to go in phases. A new attack technique is developed, vendors respond with a new defensive technology and then attackers find a way to defeat it. It has always been that way. And right now, things seem to be in one of those periodic down cycles ..
---------------------------------------------
http://threatpost.com/time-for-a-change-in-security-thinking-experts-say/10…
*** Malware Now Hiding In Graphics Cards ***
---------------------------------------------
mask.of.sanity writes "Researchers are closing in on a means to detect previously undetectable stealthy malware that resides in peripherals like graphics and network cards. The malware was developed by the same researchers and targeted host runtime memory using direct memory access provided to hardware devices. They said the malware was a highly critical threat to system security and integrity and could not be detected by any operating system." Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/OU6tbGV5rt4/story01.htm
*** qemu host crash from within guest ***
---------------------------------------------
Topic: qemu host crash from within guest Risk: Medium Text:A dangling pointer access flaw was found in the way qemu handled hot-unplugging virtio devices. This flaw was introduced by v...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090186
*** Ask Slashdot: Has Gmails SSL Certificate Changed, How Would We Know? ***
---------------------------------------------
An anonymous reader writes "Recent reports from around the net suggest that SSL certificate chain for gmail has either changed this week, or has been widely compromised. Even less-than-obvious places to look for information, such as Googles Online Security Blog, are silent. The problem isnt specific to gmail, of course, which leads me to ask: What is the canonically-accepted out-of-band means by which a new SSL certificates fingerprint may be communicated and/or verified by end
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ElNnRuzfXzs/story01.htm
*** iOS 7.0.2 behebt kritische Sicherheitslücke ***
---------------------------------------------
Über einen Trick konnten Fotos und Kontakte ohne Eingabe des Codes zum Entsperren des Displays eingesehen weredn
---------------------------------------------
http://derstandard.at/1379292252272
*** Cisco Unified Computing System Hardcoded FTP Account Lets Remote Users View and Modify Files ***
---------------------------------------------
Cisco Unified Computing System Hardcoded FTP Account Lets Remote Users View and Modify Files
---------------------------------------------
http://www.securitytracker.com/id/1029102
*** DIY commercial CAPTCHA-solving automatic email account registration tool available on the underground market since 2008 ***
---------------------------------------------
With low-waged employees of unethical 'data entry' companies having already set the foundations for an efficient and systematic abuse of all the major Web properties, it shouldn't be surprising that new market segments quickly emerged to capitalize on the business opportunities offered by the (commercialized) demise of CAPTCHA as an additional human/bot differentiation technique. One of these market segments is supplying automatic (email) account registration services to
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/fT-TzsuZluo/
*** New TDL Dropper Variants Exploit CVE-2013-3660 ***
---------------------------------------------
Recently, we been seeing a new breed of TDL variants going around. These variants look to be clones of the notorious TDL4 malware reported by Bitdefender Labs.The new TDL dropper variants we saw (SHA1: abf99c02caa7bba786aecb18b314eac04373dc97) were caught on the client machine by DeepGuard, our HIPS technology (click the image below to embiggen). From the detection name, we can see that the variants are distributed by some exploit kits.Last year, ESET mentioned a TDL4 variant (some AV vendors
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002612.html
*** EMC VPLEX Lets Local Users Obtain the LDAP/AD Password ***
---------------------------------------------
Impact: A local user can obtain the LDAP/AD bind password.
Solution: The vendor has issued a fix (GeoSynchrony 5.2 SP1).
---------------------------------------------
http://www.securitytracker.com/id/1029105
*** ARP Spoofing And Lateral Movement ***
---------------------------------------------
In targeted attacks, during the lateral movement stage attacks try to gain access to other computers on the same local area network (LAN). One useful tool to achieve this is ARP spoofing, which can be used to carry out a variety of attacks to steal information as well as plant backdoors on other machines.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/v1ZdDzc-S68/
*** WordPress-Blogs für DDoS-Attacken missbraucht ***
---------------------------------------------
Im April rüttelten Angreifer per Brute-Force-Attacke an Tausenden WordPress-Webseiten. Die Angreifer hatten wohl ein Langzeitziel im Auge. Jetzt wurden rund 550 WordPress-Blogs für eine DDoS-Attacke genutzt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/WordPress-Blogs-fuer-DDoS-Attacken-m…
*** Zehn Internet-Fallen, die Sie kennen sollten! ***
---------------------------------------------
Es gibt immer wieder neue Tricks, mit denen Internet-Nutzer von Cyber-Kriminellen in die Falle gelockt werden. Wir zeigen Ihnen, wovor Sie sich beim Surfen in Acht nehmen sollten.
---------------------------------------------
http://web.de/magazine/digitale-welt/sicher-im-netz/17753226-internet-falle…
*** BSI Sicherheitskompass: Zehn Regeln für mehr Sicherheit im Netz ***
---------------------------------------------
Mit zehn Faustregeln wollen das BSI und die Polizeien der Länder für mehr Sicherheit im Netz sorgen. Anlass ist der europäische Cybersicherheitsmonat im Oktober. Das Konzept des National Cyber Security Awareness Month stammt aus den USA.
---------------------------------------------
http://www.heise.de/newsticker/meldung/BSI-Sicherheitskompass-Zehn-Regeln-f…
*** Security Bulletin: WebSphere DataPower XC10 Appliance vulnerability for administrative access to code and data (CVE-2013-5403) ***
---------------------------------------------
A security vulnerability in the WebSphere DataPower XC10 Appliance might allow unauthenticated access to administrative operations and data.
CVE(s): CVE-2013-1571
Affected product(s) and affected version(s): WebSphere DataPower XC10 Appliance version 2.0 WebSphere DataPower XC10 Appliance version 2.1 WebSphere DataPower XC10 Appliance version 2.5
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_web…
*** Attackers can slip malicious code into many Android apps via open Wi-Fi ***
---------------------------------------------
Connect hijacking could put users at risk of data theft, SMS abuse, and more.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/XKc0_9zgluU/story01…
*** LinkedIn Patches Multiple XSS Vulnerabilities ***
---------------------------------------------
LinkedIn was susceptible to four reflected cross site scripting (XSS) vulnerabilities before issuing a fix for those flaws over the summer.
---------------------------------------------
http://threatpost.com/linkedin-patches-multiple-xss-vulnerabilities/102443
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 25-09-2013 18:00 − Donnerstag 26-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** [papers] - Linux Classic Return-to-libc & Return-to-libc Chaining Tutorial ***
---------------------------------------------
I decided to get a bit more into Linux exploitation, so I thought it would be nice if I document this as a good friend once said “ you think you understand something until you try to teach it“.
---------------------------------------------
http://www.exploit-db.com/download_pdf/28553
*** [papers] - Understanding C Integer Boundaries (Overflows & Underflow) ***
---------------------------------------------
This is my first try at writing papers. This paper is my understanding of the subject. I understand it might not be complete I am open for suggestions and modifications. I hope as this project helps others as it helped me.
---------------------------------------------
http://www.exploit-db.com/download_pdf/28550
*** Blue Coat ProxySG / Security Gateway OS (SGOS) Two Denial of Service Vulnerabilities ***
---------------------------------------------
Two vulnerabilities have been reported in Blue Coat ProxySG and Blue Coat Security Gateway OS (SGOS), which can be exploited by malicious people to cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/54999
*** Research shows IT blocking applications based on popularity not risk ***
---------------------------------------------
Tactic leads to less popular, but still risky cloud-based apps freely accessing networks
---------------------------------------------
http://www.csoonline.com/article/740363/research-shows-it-blocking-applicat…
*** Popular iOS e-mail app acquired by Dropbox has serious bug, researcher warns (Updated) ***
---------------------------------------------
Code-execution vulnerability could open users to a series of serious attacks.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/hFtmTj9wjFg/story01…
*** Security Issue in Ruby on Rails Could Expose Cookies ***
---------------------------------------------
Versions 2.0 to 4.0 of the popular open source web framework Ruby on Rails are vulnerable to a web security issue involving cookies that could make it much easier for someone to login to an app as another user.
---------------------------------------------
http://threatpost.com/security-issue-in-ruby-on-rails-could-expose-cookies/…
*** Analysis: The Icefog APT: Frequently Asked Questions ***
---------------------------------------------
Here are answers to the most frequently asked questions related to Icefog, an APT operation targeting entities in Japan and South Korea.
---------------------------------------------
http://www.securelist.com/en/analysis/204792307/The_Icefog_APT_Frequently_A…
*** Cisco IOS Multiple Flaws Let Remote Users Deny Service ***
---------------------------------------------
Multiple vulnerabilities were reported in Cisco IOS. A remote user can cause denial of service conditions.
---------------------------------------------
http://www.securitytracker.com/id/1029087
*** Security Bulletin: Tivoli Endpoint Manager Security Compliance Analytics (SCA) is affected by multiple Java vulnerabilities ***
---------------------------------------------
Security Compliance Analytics version 1.3 and prior affected by multiple Java vulnerabilities CVE(s):
CVE-2013-2463
CVE-2013-2465
CVE-2013-2471
Affected product(s) and affected version(s): Tivoli Endpoint Manager SCA 1.3 and earlier.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tiv…
*** Java Security Vulnerabilitys addressed in IBM Tivoli Netcool OMNIbus ***
---------------------------------------------
Multiple vulnerabilities related to the Java JRE shipped by Tivoli Netcool/OMNIbus have been resolved. CVE(s): CVE-2012-0502, CVE-2012-0503, CVE-2012-0506, CVE-2012-0507, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499, CVE-2012-0501, CVE-2012-0505, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-1541, CVE-2012-1543, CVE-2012-3213, CVE-2012-4301, CVE-2012-4305, CVE-2013-0351, CVE-2013-0409,
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/java_security_vulnera…
*** Security Bulletin: GSKit Security Vulnerabilities addressed in IBM Tivoli Netcool OMNIbus ***
---------------------------------------------
Several vulnerabilities related to the GSKit libraries used by Tivoli Netcool/OMNIbus have been resolved. CVE(s): CVE-2012-2190, CVE-2012-2191, CVE-2012-2333, CVE-2012-2203, CVE-2012-2131, CVE-2012-2110, CVE-2012-0884, CVE-2012-0050, CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-3210, CVE-2011-0014, CVE-2010-3864, CVE-2013-0169, CVE-2013-0166, and CVE-2012-2686 Affected product(s) and affected version(s): Tivoli Netcool/OMNIbus 7.2.1 Tivoli
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_gsk…
*** Blue Coat ProxySG HTTP Request Processing Memory Leak Lets Remote Users Deny Service ***
---------------------------------------------
A vulnerability was reported in Blue Coat ProxySG. A remote user can cause denial of service conditions.
A remote server can return specially crafted data to trigger a memory leak and cause the target device to drop or bypass traffic. HTML with a large number of recursively embedded HREF tags can trigger this flaw.
---------------------------------------------
http://www.securitytracker.com/id/1029088
*** Nodejs js-yaml load() Code Execution ***
---------------------------------------------
Topic: Nodejs js-yaml load() Code Execution
Risk: High
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090177
*** InstantCMS 1.10.2 Multiple vulnerabilities ***
---------------------------------------------
Topic: InstantCMS 1.10.2 Multiple vulnerabilities Risk: Low Text:Hello 3APA3A! These are Login Enumeration, Cross-Site Scripting and Content Spoofing vulnerabilities in InstantCMS. ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090179
*** Boffins: Internet transit a vulnerability ***
---------------------------------------------
Mirror, mirror on the port, is this something I can rort? If you think of an Internet exchange, you probably think of infrastructure thats well-protected, well-managed, and hard to compromise. The reality, however, might be different. According to research by Stanford Universitys Daniel Kharitonov, working with TraceVectors Oscar Ibatullin, there are enough vulnerabilities in routers and the like that the Internet exchange makes a target thats both attractive and exploitable.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/09/26/boffins_int…
*** 1. Cybercrime-Konferenz von Europol und Interpol: Die Jagd den Privaten überlassen? ***
---------------------------------------------
Cybercrime-Ermittlungen privaten Firmen zu überlassen, habe einige Vorteile, meinen Firmenvertreter. Strafverfolger wollen aber genau die Kompetenzen der Privatfirmen entwickeln und ihre Aktionspläne ebenso gut ausgebildeten Richtern vorlegen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/1-Cybercrime-Konferenz-von-Europol-u…
*** XEN - Information leak on AVX and/or LWP capable CPUs ***
---------------------------------------------
When a guest increases the set of extended state components for a vCPU saved/restored via XSAVE/XRSTOR (to date this can only be the upper halves of YMM registers, or AMDs LWP state) after already having touched other extended registers restored via XRSTOR (e.g. floating point or XMM ones) during its current scheduled CPU quantum, the hypervisor would make those registers accessible without discarding the values an earlier scheduled vCPU may have left in them.
---------------------------------------------
http://lists.xenproject.org/archives/html/xen-announce/2013-09/msg00005.html
*** VLC 2.1 "Rincewind" is a major new version of our popular media player ***
---------------------------------------------
Rincewind fixes around a thousand bugs, in more than 7000 commits from 140 volunteers.
---------------------------------------------
http://www.videolan.org/vlc/releases/2.1.0.html
*** Google Hangouts schickt Nachrichten an falsche Personen ***
---------------------------------------------
Zu ungewollt peinlichen Situationen könnte es derzeit mit Googles Chat-Tool Hangouts kommen.
---------------------------------------------
http://futurezone.at/produkte/google-hangouts-schickt-nachrichten-an-falsch…
*** IBM Rational ClearQuest JSON Hijacking and Cross-Site Request Forgery Vulnerabilities ***
---------------------------------------------
IBM Rational ClearQuest JSON Hijacking and Cross-Site Request Forgery Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/55010
*** Microsoft veröffentlicht Ereignis- und Paketanalysator Message Analyzer ***
---------------------------------------------
Der bislang nur als Beta-Version erhältliche Message Analyzer steht nun Version 1.0 zum Download bereit.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Microsoft-veroeffentlicht-Ereignis-u…
*** How do you monitor DNS?, (Thu, Sep 26th) ***
---------------------------------------------
Personally, my "DNS Monitoring System" is a bunch of croned shell scripts and nagios, in desperate need of an overhaul. While working on a nice (maybe soon published) script to do this, I was wondering: What is everybody else using? The script is supposed to detect DNS outages and unauthorized changes to my domains. Here are some of the parameters I am monitoring now: - changes to the zones serial number - changes to the NS records (using the TLDs name servers, not mine) - changes
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16661&rss
*** Blog: Icefog OpenIOC Release ***
---------------------------------------------
OpenIOC rules for the IceFog campaign
---------------------------------------------
http://www.securelist.com/en/blog/208214070/Icefog_OpenIOC_Release
*** Spear Phishing Poses Threat to Industrial Control Systems ***
---------------------------------------------
While the energy industry may fear the appearance of another Stuxnet on the systems they use to keep oil and gas flowing and the electric grid powered, an equally devastating attack could come from a much more mundane source: phishing. Rather than worry about exotic cyber weapons like Stuxnet and its big brother, Flame, companies that have SCADA systems ... should make sure that their anti-phishing programs are in order, say security experts.
---------------------------------------------
http://www.cio.com/article/740402/Spear_Phishing_Poses_Threat_to_Industrial…
*** Barracuda CudaTel Communication Server Cross-Site Scripting and SQL Injection Vulnerabilities ***
---------------------------------------------
Vulnerability Lab has reported multiple vulnerabilities in Barracuda CudaTel Communication Server, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/54258
*** Emerson ROC800 Multiple Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson Process Management’s ROC800 remote terminal units (RTUs) products (ROC800, ROC800L, and DL8000).
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 24-09-2013 18:00 − Mittwoch 25-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** IBM Rational ClearCase / ClearQuest GSKit Information Disclosure Weakness ***
---------------------------------------------
IBM has acknowledged a weakness in IBM Rational ClearCase and Rational ClearQuest, which can be exploited by malicious people to disclose certain sensitive information.
The weakness is caused due to a bundled vulnerable version of IBM Global Security ToolKit.
---------------------------------------------
https://secunia.com/advisories/54928
*** 7 Characteristics of a Secure Mobile App ***
---------------------------------------------
Keeping a mobile application secure is tough, but not impossible, and certain aspects of session management can go a long way in helping.
---------------------------------------------
http://www.csoonline.com/article/740266/7-characteristics-of-a-secure-mobil…
*** WordPress Custom Website Data Plugin Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability has been discovered in the Custom Website Data plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/54865
*** Linux Kernel "free_netdev()" Use-After-Free Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to a use-after-free error in the "tun_set_iff()" function (drivers/net/tun.c) and can be exploited to dereference already freed memory.
---------------------------------------------
https://secunia.com/advisories/54753
*** FFmpeg Multiple Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/54972
*** Vuln: Cisco MediaSense CVE-2013-5502 Information Disclosure Vulnerability ***
---------------------------------------------
Cisco MediaSense is prone to an information-disclosure vulnerability.
A man-in-the-middle attacker may be able to exploit this issue to obtain sensitive information. Information obtained may aid in further attacks.
---------------------------------------------
http://www.securityfocus.com/bid/62601
*** Wordpress simple forum Cross site scripting Vulnerability ***
---------------------------------------------
Exploit Title : Wordpress simple forum Cross site scripting Vulnerability
Exploit Author : Ashiyane Digital Security Team
Software Link : http://wordpress.org
Tested on: Windows 7 , Linux
Date: 2013/09/23
Exploit : Cross site scripting
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090168
*** Bugtraq: CVE-2013-5118 - XSS Good for Enterprise iOS ***
---------------------------------------------
Last month I identified a XSS vulnerability in the Good for Enterprise iOS application.
The vulnerable versions are v2.2.2.1611 and earlier
---------------------------------------------
http://www.securityfocus.com/archive/1/528839
*** Now You See Me – H-worm by Houdini ***
---------------------------------------------
H-worm is a VBS (Visual Basic Script) based RAT written by an individual going by the name Houdini. We believe the author is based in Algeria and has connections to njq8, the author of njw0rm and njRAT/LV
---------------------------------------------
http://www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-…
*** Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by vulnerabilities in IBM JRE (Multiple CVEs) ***
---------------------------------------------
IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has its own JRE. Oracle has released an April 2013 Critical Patch Update (CPU) that contains security vulnerability fixes and IBM Java is affected. CVE(s): CVE-2013-0401 CVE-2013-0402 CVE-2013-1488 CVE-2013-1491 CVE-2013-1518 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1561 CVE-2013-1563
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm…
*** Is mobile anti-virus necessary? ***
---------------------------------------------
Experts disagree over whether or not there are any immediate threats
---------------------------------------------
http://www.csoonline.com/article/740301/is-mobile-anti-virus-necessary-?sou…
*** Social media spam on the rise, says study ***
---------------------------------------------
Recent report from Nexgate points to 355 percent increase in social media spam in 2013 alone
---------------------------------------------
http://www.csoonline.com/article/740292/social-media-spam-on-the-rise-says-…
*** SurgeMail surgeweb interface security bypass ***
---------------------------------------------
SurgeMail could allow a remote attacker to bypass security restrictions, caused by the failure to restrict access to other accounts by the surgeweb interface. An attacker could exploit this vulnerability to login to another user's accounts.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87335
*** Google Chrome 31.0 Webkit Auditor Bypass ***
---------------------------------------------
Topic: Google Chrome 31.0 Webkit Auditor Bypass
Risk: Low
Title: Chrome 31.0 Webkit XSS Auditor Bypass
Author: Rafay Baloch @rafaybaloch And PEPE Vila
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090173
*** Newly launched E-shop offers access to hundreds of thousands of compromised accounts ***
---------------------------------------------
In a series of blog posts, we’ve highlighted the ongoing commoditization of hacked/compromised/stolen account data (user names and passwords), the direct result of today’s efficiency-oriented cybercrime ecosystem, the increasing availability of sophisticated commercial/leaked DIY undetectable malware generating tools, malware-infected hosts as a service, log files on demand services, as well as basic data mining concepts applied on behalf of the operator of a particular botnet. What
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/iHbGGHj2f1o/
*** Details zum iPhone-5s-Hack ***
---------------------------------------------
ct dokumentiert Schritt-für-Schritt, wie Starbug den Fingerabdruck-Sensor des iPhone 5S austrickst.
---------------------------------------------
http://www.heise.de/newsticker/meldung/c-t-veroeffentlicht-Details-zu-iPhon…
*** elproLOG MONITOR WebAccess Two Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
Vulnerability Lab has reported two vulnerabilities in elproLOG MONITOR WebAccess, which can be exploited by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/54955
*** IT-Sicherheitsbranche: it-sa 2013 wieder mit Kongress, aber ohne Extraentgelt ***
---------------------------------------------
2012 begleitete die it-sa erstmalig ein Kongressprogramm. Der Kongress ist nun wieder dabei, muss aber nicht mehr extra bezahlt werden. Für Studierende der Informatik gibt es spezielle Vorträge und Sonderschauen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/IT-Sicherheitsbranche-it-sa-2013-wie…
*** Bugtraq: GreHack 2013 - 15 Nov. Grenoble, France - Conf. Registration OPEN ***
---------------------------------------------
GREHACK 2013 - 2nd International Symposium in Grey-Hat Hacking
2nd Edition - p*wn me i'm famous!
http://grehack.orghttps://twitter.com/grehack
Grenoble, France
November 15, 2013
---------------------------------------------
http://www.securityfocus.com/archive/1/528852
*** UKs Get Safe Online? No one cares - run the blockbuster ads instead ***
---------------------------------------------
Something like Jack Bauers 24 ... whatever itll take to teach kids how to bat away hackers The UKs Get Safe Online campaign has failed to teach Brits how to secure their computers - so says the ex top cop who established the information security awareness effort in 2004.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/09/25/gets_safe_o…
*** Splunk Alert Test Scripts Arbitrary Command Execution Vulnerabilities ***
---------------------------------------------
Some vulnerabilities have been reported in Splunk, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerabilities are caused due to some errors related to alert testing and troubleshooting scripts and can be exploited to execute arbitrary shell scripts.
The vulnerabilities are reported in versions prior to 5.0.5.
---------------------------------------------
https://secunia.com/advisories/54934
*** Oracle Solaris Tomcat FormAuthenticator Session Hijacking Weakness ***
---------------------------------------------
Oracle has acknowledged a weakness in Tomcat included in Solaris, which can be exploited by malicious people to hijack a user's session.
---------------------------------------------
https://secunia.com/advisories/55033
*** Oracle Solaris Kerberos KDC Two Vulnerabilities ***
---------------------------------------------
Oracle has acknowledged two vulnerabilities in Kerberos included in Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system and by malicious people to potentially compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/55036
*** IBM Sterling External Authentication Server JRE Multiple Vulnerabilities ***
---------------------------------------------
The application bundles a vulnerable version of the Java Runtime Environment (JRE).
---------------------------------------------
https://secunia.com/advisories/55004
*** Several vulnerabilities in extension Apache Solr for TYPO3 (solr) ***
---------------------------------------------
It has been discovered that the extension "Apache Solr for TYPO3" (solr) is vulnerable to Cross-Site Scripting and Insecure Unserialize. Affected Versions: Version 2.8.2 and below
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e…
*** Security issues in several third party TYPO3 ectensions ***
---------------------------------------------
Direct Mail (direct_mail)
RealURL: speaking paths for TYPO3 (realurl)
Formhandler (formhandler) AWStats (cc_awstats)
booking (booking)
ICS AWStats (ics_awstats)
Simple Image Gallery (iflowgallery)
Ratsinformationssystem (RIS) (cronmm_ratsinfo)
Frontend User Registration (ke_userregister)
AWStats with individual access (meta_beawstatsind)
Powermail double opt-in (powermail_optin)
smarty (smarty)
Youtube Channel Videos (youtubevideos)
---------------------------------------------
http://lists.typo3.org/pipermail/typo3-announce/2013/000285.html
*** iPhone-Trojaner verdient mit Klickbetrug ***
---------------------------------------------
Eine App für iPhones mit Jailbreak, die eigentlich im Browser WebGL-Funktionen freischalten soll, bringt dem Entwickler nebenbei noch Einnahmen aus versteckt angezeigter Werbung ein.
---------------------------------------------
http://www.heise.de/newsticker/meldung/iPhone-Trojaner-verdient-mit-Klickbe…
*** ClearSCADA Web Requests Handling Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability has been reported in ClearSCADA, which can be exploited by malicious people to cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/54931
*** Oracle Solaris Kerberos kpasswd UDP Packet Processing Denial of Service Vulnerability ***
---------------------------------------------
Oracle has acknowledged a vulnerability in Kerberos included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/55039
*** Cyber attacks will cause real world harm in next seven years ***
---------------------------------------------
New technologies such as Google Glass and IPv6 will lead to new, deadly forms of cyber attack if current manufacturing security practices continue, according to experts from Europol, Trend Micro and The International Cyber Security Protection Alliance (ICSPA). The experts made the warning in a recently published Scenarios for the Future of Cyber Crime white paper. The paper explored what threats the experts expect to emerge in the next six and a half years ...
---------------------------------------------
http://www.v3.co.uk/v3-uk/analysis/2296357/cyber-attacks-will-cause-real-wo…
*** Secure Domain Name System (DNS) Deployment Guide ***
---------------------------------------------
This document provides deployment guidelines for securing DNS within an enterprise. Because DNS data is meant to be public, preserving the confidentiality of DNS data. The primary security goals for DNS are data integrity and source authentication, which are needed to ensure the authenticity of domain name information and maintain the integrity of domain name information in transit. This document provides extensive guidance on maintaining data integrity and performing source authentication.
---------------------------------------------
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-81-2.pdf
*** How to Protect Your Privacy on Social Media ***
---------------------------------------------
How do you keep information private on social networking sites? ... Relying on a site’s privacy settings is just the start. While stricter account settings and tools can help you maintain privacy, there are other ways your personal information can leak out to the public. Knowing and addressing these potential privacy risks will help you protect your data.
---------------------------------------------
http://about-threats.trendmicro.com/ebooks/how-to-protect-your-privacy-on-s…
*** Oracle Solaris LibXSLT "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities ***
---------------------------------------------
Oracle has acknowledged two vulnerabilities in LibXSLT included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/55030
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 23-09-2013 18:00 − Dienstag 24-09-2013 18:00
Handler: L. Aaron Kaplan
Co-Handler: L. Aaron Kaplan
*** ICS Vendor Fixes Hard-Coded Credential Bugs Nearly Two Years After Advisory ***
---------------------------------------------
Nearly two years after a security researcher published details of the hard-coded credentials that ship with a slew of industrial control system products made by Schneider Electric, the company has released updated firmware that fix the problems. The vulnerabilities, which were discovered by researcher Ruben Santamarta and published in December 2011, affect dozens of products
---------------------------------------------
http://threatpost.com/ics-vendor-fixes-hard-coded-credential-bugs-nearly-tw…
*** Security Bulletin: Multiple vulnerabilities exist in IBM Data Studio Web Console, Optim Performance Manager, IBM InfoSphere Optim Configuration Manager, and DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2013-4025, CVE-2013-4024, CVE-2013-4022) ***
---------------------------------------------
Multiple vulnerabilities exist in IBM Data Studio Web Console, Optim Performance Manager, IBM InfoSphere Optim Configuration Manager, and DB2 Recovery Expert for Linux, UNIX and Windows which could allow an attacker to view sensitive information or perform actions as a compromised user. CVE(s): CVE-2013-4025, CVE-2013-4024, CVE-2013-4022 Affected product(s) and affected version(s): IBM Data Studio Web Console versions v3.1.x Optim Performance Manager for DB2 on LUW v5.1.x IBM InfoSphere
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_mul…
*** Vuln: Moodle CVE-2013-4313 SQL Injection Vulnerability ***
---------------------------------------------
Moodle CVE-2013-4313 SQL Injection Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/62410
*** Citrix XenClient XT Multiple Vulnerabilities ***
---------------------------------------------
Citrix XenClient XT Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54625
*** Cybercriminals experiment with Android compatible, Python-based SQL injecting releases ***
---------------------------------------------
Throughout the years, cybercriminals have been perfecting the process of automatically abusing Web application vulnerabilities to achieve their fraudulent and malicious objectives. From the utilization of botnets and search engines to perform active reconnaissance, the general availability of DIY mass SQL injecting tools as well as proprietary malicious script injecting exploitation platforms, the results have been evident ever since in the form of tens of thousands of affected Web sites on a
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/uFxqe3lj6ak/
*** Joomla JVideoClip Blind SQL Injection ***
---------------------------------------------
Topic: Joomla JVideoClip Blind SQL Injection Risk: Medium Text: == Joomla Component com_jvideoclip (cid|uid|id) Blind SQL Injection / SQL Injection ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090161
*** WordPress fGallery_Plus Cross Site Scripting ***
---------------------------------------------
Topic: WordPress fGallery_Plus Cross Site Scripting Risk: Low Text: # Iranian Exploit DataBase Forum # http://iedb.ir/acc # http://iedb...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090160
*** AspxCommerce 2.0 Shell Upload ***
---------------------------------------------
Topic: AspxCommerce 2.0 Shell Upload Risk: High Text:# Exploit Title: AspxCommerce v2.0 - Arbitrary File Upload Vulnerability # Exploit Author: SANTHO (@s4n7h0) # Vendor Homepage...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090159
*** H1 2013 Threat Report ***
---------------------------------------------
Our H1 2013 Threat Report is now online:Youll find it as well as our previous reports available for download: here. On 24/09/13 At 06:57 AM
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002611.html
*** Attacks Using Microsoft IE Exploit Tied to Hacking Crew Linked to Bit9 Breach ***
---------------------------------------------
Security researchers at FireEye have observed a campaign targeting organizations in Japan that is leveraging the Internet Explorer zero-day Microsoft warned users about last week. The campaign has been dubbed Operation DeputyDog, and is believed to have begun as early as August 19. According to FireEye, the attackers behind the operation may be the same ones involved in last years attack on Bit9 a group researchers at Symantec recently identified as a hacking crew called Hidden Lynx
---------------------------------------------
http://www.securityweek.com/attacks-using-microsoft-ie-exploit-tied-hacking…
*** D-Link DSL-2740B Router Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
D-Link DSL-2740B Router Cross-Site Request Forgery Vulnerability
---------------------------------------------
https://secunia.com/advisories/54795
*** Blog: Exposing the security weaknesses we tend to overlook ***
---------------------------------------------
---------------------------------------------
http://www.securelist.com/en/blog/8132/Exposing_the_security_weaknesses_we_…
*** Cyberwar gegen das Heidiland - Protokoll einer Attacke ***
---------------------------------------------
Sie versuchen Beweise zu zerstören. Der IT-Forensiker ist seit Wochen auf der Fährte von Hackern, die eine der grössten Cyberattacken weltweit lanciert haben. Eine Offensive gegen militärische und zivile Ziele. Gegen einen Telekommunikationskonzern in Norwegen, gegen den Autohersteller Porsche, einen internationalen Flughafen in Indien und politische Gruppierungen in Pakistan.
---------------------------------------------
http://www.sonntagszeitung.ch/wirtschaft/artikel-detailseite/?newsid=262774
*** "3": Schwere Sicherheitslücke ermöglichte Zugriff auf Kundendaten ***
---------------------------------------------
Fehlerhafte Passwortröcksetzung erlaubte unter anderem Zugriff auf Kontaktdaten und Sprachnachrichten
---------------------------------------------
http://derstandard.at/1379291849554
*** Inoffizielle iMessage-App für Android schürt Sicherheitsbedenken ***
---------------------------------------------
App soll Kommunikation über Server in China leiten - User werden vor Nutzung gewarnt
---------------------------------------------
http://derstandard.at/1379291880414
*** TRENDnet Multiple Products libupnp Buffer Overflow Vulnerabilities ***
---------------------------------------------
TRENDnet Multiple Products libupnp Buffer Overflow Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54762
*** [remote] - Raidsonic NAS Devices Unauthenticated Remote Command Execution ***
---------------------------------------------
Raidsonic NAS Devices Unauthenticated Remote Command Execution
---------------------------------------------
http://www.exploit-db.com/exploits/28508
*** [local] - IBM AIX 6.1 / 7.1 - Local root Privilege Escalation ***
---------------------------------------------
IBM AIX 6.1 / 7.1 - Local root Privilege Escalation
---------------------------------------------
http://www.exploit-db.com/exploits/28507
*** Tenable SecurityCenter "message" Cross-Site Scripting Vulnerability ***
---------------------------------------------
Tenable SecurityCenter "message" Cross-Site Scripting Vulnerability
---------------------------------------------
https://secunia.com/advisories/54997
*** IBM Rational ClearCase / ClearQuest GSKit Information Disclosure Weakness ***
---------------------------------------------
IBM Rational ClearCase / ClearQuest GSKit Information Disclosure Weakness
---------------------------------------------
https://secunia.com/advisories/54928
*** 7 Characteristics of a Secure Mobile App ***
---------------------------------------------
Keeping a mobile application secure is tough, but not impossible, and certain aspects of session management can go a long way in helping.
---------------------------------------------
http://www.csoonline.com/article/740266/7-characteristics-of-a-secure-mobil…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 20-09-2013 18:00 − Montag 23-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** PHP updates released 19 SEP 2013 ***
---------------------------------------------
PHP 5.5.4 (Current Stable)
PHP 5.4.20 (Old Stable)
http://www.php.net/downloads.php
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16631&rss
*** Cybercriminals experiment with Socks4/Socks5/HTTP malware-infected hosts based DIY DoS tool ***
---------------------------------------------
Based on historical evidence gathered during some of the major 'opt-in botnet' type of crowdsourced DDoS (distributed denial of service) attack campaigns that took place over the last couple of years, the distribution of point'nclick DIY DoS (denial of service attack) tools continues representing a major driving force behind the success of these campaigns. A newly released DIY DoS tool aims to empower technically unsophisticated users with the necessary expertise to launch
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/QlgGvHwB40s/
*** Bugtraq: [security bulletin] HPSBST02919 rev.1 - HP XP P9000 Command View Advanced Edition Suite Software, Remote Cross Site Scripting (XSS) ***
---------------------------------------------
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP XP P9000
Command View Advanced Edition Suite Software. The vulnerability could be
remotely exploited resulting in Cross Site Scripting (XSS).
References: CVE-2013-4814 (SSRT101302)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP XP P9000 Command View Advanced Edition Suite Software v 7.0.0-00 to
earlier than 7.5.0-02 (Windows, Linux).
---------------------------------------------
http://www.securityfocus.com/archive/1/528763
*** BLYPT: A New Backdoor Family Installed via Java Exploit ***
---------------------------------------------
Recently, we have observed a new backdoor family which we've called BLYPT. This family is called BLYPT because of its used of binary large objects (blob) stored in the registry, as well as encryption. Currently, this backdoor is installed using Java exploits; either drive-by downloads or compromised web sites may be used to deliver these
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/nVQjUHp2Xcc/
*** Weitere kritische Sicherheitslücke in iOS 7 aufgetaucht ***
---------------------------------------------
Über einen Bug in der Notruf-Funktion kann trotz Sperrbildschirm jede beliebige Nummer angerufen werden.
---------------------------------------------
http://futurezone.at/produkte/iphone-weitere-kritische-sicherheitsluecke-in…
*** Linksys WRT110 Remote Command Execution ***
---------------------------------------------
Topic: Linksys WRT110 Remote Command Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090147
*** Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets ***
---------------------------------------------
FireEye has discovered a campaign leveraging the recently announced zero-day CVE-2013-3893. This campaign, which we have labeled 'Operation DeputyDog', began as early as August 19, 2013 and appears to have targeted organizations in Japan.
---------------------------------------------
http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-depu…
*** Operation DeputyDog Part 2: Zero-Day Exploit Analysis (CVE-2013-3893) ***
---------------------------------------------
In our previous blog post my colleagues Ned and Nart provided a detailed analysis on the APT Campaign Operation DeputyDog. The campaign leveraged a zero day vulnerability of Microsoft Internet Explorer (CVE-2013-3893). Microsoft provided an advisory and 'Fix it' blog post.
---------------------------------------------
http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-depu…
*** Angriff der Router ***
---------------------------------------------
Die ct analysiert ein sehr ungewöhnliches Botnet: Es besteht aus Routern, auch in Deutschland.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Angreifer-kapern-Router-1963578.html
*** IDF Hackers Test Readiness In Israel For Cyberattacks ***
---------------------------------------------
cold fjord points out a profile in Al-Monitor of Israels cyber-defense group, formed to test the countrys defenses to electronic warfare and information theft. Groups, really, since its run blue-vs-red style, with constant scenario preparation and intrusion attempts. The two (anonymized) leaders of the Blue and Red teams talk about the mind-set and skills that it takes to be in their unit, which they point out is not the place for soda and pizza hijinks. Says "Capt. A": "We are
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VvdZRjzDjUk/story01.htm
*** [webapps] - Wordpress Lazy SEO plugin Shell Upload Vulnerability ***
---------------------------------------------
Wordpress Lazy SEO plugin Shell Upload Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/28452
*** Cybercriminals sell access to tens of thousands of malware-infected Russian hosts ***
---------------------------------------------
Today's modern cybercrime ecosystem offers everything a novice cybercriminal would need to quickly catch up with fellow/sophisticated cybercriminals. Segmented and geolocated lists of harvested emails, managed services performing the actual spamming service, as well as DIY undetectable malware generating tools, all result in a steady influx of new (underground) market entrants, whose activities directly contribute to the overall growth of the cybercrime ecosystem. Among the most popular
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/cRy7OE78zU0/
*** Bugtraq: [ANN] Struts 2.3.15.2 GA release available - security fix ***
---------------------------------------------
The Apache Struts group is pleased to announce that Struts 2.3.15.2 is
available as a "General Availability" release.The GA designation is
our highest quality grade.
...
This release includes important security fixes:
- S2-018 - Broken Access Control Vulnerability in Apache Struts2
- S2-019 - Dynamic Method Invocation disabled by default
---------------------------------------------
http://www.securityfocus.com/archive/1/528801
*** BlackBerry zieht Messenger-App für iOS und Android zurück ***
---------------------------------------------
Die Apps, die den BlackBerry Messenger-Dienst auf iOS und Android bringen sollten, wurden nach einem Leak einer unfertigen Android-Version zurückgezogen.
---------------------------------------------
http://futurezone.at/produkte/blackberry-zieht-messenger-app-fuer-ios-und-a…
*** Apple zieht Apple-TV-Update 6.0 zurück ***
---------------------------------------------
Nach Update-Problemen hat Apple die Aktualisierung offenbar zunächst zurückgezogen. Sie sollte unter anderem Unterstützung für iTunes Radio für US-Kunden liefern.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Apple-zieht-Apple-TV-Update-6-0-zuru…
*** Chaos Computer Club hackt Apples Touch-ID ***
---------------------------------------------
Fingerabdrucksensor des iPhone 5S lässt sich mit bekannten Mitteln austricksen - CCC: Touch-ID "dumme Idee"
---------------------------------------------
http://derstandard.at/1379291683079
*** F5 BIG-IP APM Access Policy Logout Page Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability has been reported in F5 BIG-IP APM, which can be exploited by malicious people to conduct cross-site scripting attacks.
...
The vulnerability is reported in versions 10.1.0 through 10.2.4 and versions 11.1.0 through 11.3.0.
---------------------------------------------
https://secunia.com/advisories/54941
*** Apple TV Multiple Vulnerabilities ***
---------------------------------------------
A weakness and some vulnerabilities have been reported in Apple TV, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable device.
---------------------------------------------
https://secunia.com/advisories/54961
*** Data Exfiltration in Targeted Attacks ***
---------------------------------------------
Data exfiltration is the unauthorized transfer of sensitive information from a target's network to a location which a threat actor controls. Because data routinely moves in and out of networked enterprises, data exfiltration can closely resemble normal network traffic, making detection of exfiltration attempts challenging for IT security groups. Figure 1. Targeted Attack Campaign Diagram
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bvRuzyNih3k/
*** Analysis: Spam in August 2013 ***
---------------------------------------------
The percentage of spam in email traffic in August was down 3.6 percentage points and averaged 67.6%.
---------------------------------------------
http://www.securelist.com/en/analysis/204792306/Spam_in_August_2013
*** Verschlüsselung im Web: TLS soll sicherer werden ***
---------------------------------------------
Das für die Verschlüsselung im Web meistbenutzte Verschlüsselungsprotokoll krankt an einem Designfehler. Der ließe sich sich relativ leicht beheben, wenn das Normierungsgremium mitspielt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Verschluesselung-im-Web-TLS-soll-sic…
*** C3CM: Part 1 - Nfsight with Nfdump and Nfsen ***
---------------------------------------------
Part one of our three-part series on C3CM will utilize Nfsight with Nfdump, Nfsen, and fprobe to conduct our identification phase. These NetFlow tools make much sense when attempting to identify the behavior of your opponent on high-volume networks that don't favor full-packet capture or inspection.
---------------------------------------------
http://holisticinfosec.org/toolsmith/pdf/august2013.pdf
*** C3CM: Part 2 - BroIDS with Logstash and Kibana ***
---------------------------------------------
Where, in part one of this three-part series, we utilized Nfsight with Nfdump, Nfsen, and fprobe to conduct our identification phase, we'll use BroIDS (Bro), Logstash, and Kibana as part of our interrupt phase.
---------------------------------------------
http://holisticinfosec.org/toolsmith/pdf/september2013.pdf
*** Citrix CloudPortal Services Manager Multiple Vulnerabilities ***
---------------------------------------------
Some vulnerabilities have been reported in Citrix CloudPortal Services Manager, where some have an unknown impact and another can be exploited by malicious users to bypass certain security restrictions.
...
The vulnerabilities are reported in versions 10.0 Cumulative Update 2 and prior.
---------------------------------------------
https://secunia.com/advisories/54664
*** OpenVZ update for kernel ***
---------------------------------------------
OpenVZ has issued an update for kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and by malicious, local users to potentially gain escalated privileges.
---------------------------------------------
https://secunia.com/advisories/54900
*** BitTorrent-Schluckauf bei Twitter löst Besorgnis aus ***
---------------------------------------------
Ein technisches Problem bei Twitter hat dazu geführt, dass das soziale Netzwerk statt dem HTML-Code seiner Share-Buttons den Nutzern Torrent-Files ausliefert. Das hat zu einiger Aufregung bei besorgten Website-Besuchern geführt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/BitTorrent-Schluckauf-bei-Twitter-lo…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 19-09-2013 18:00 − Freitag 20-09-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Can Companies Fight Against Targeted Attacks? ***
---------------------------------------------
There are various reasons why targeted attacks can happen to almost any company. One of the biggest reasons is theft of a company's proprietary information. There are many types of confidential data that could be valuable. Intellectual property is often the first thing that comes to mind.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/can-companies-fi…
*** Apple's iOS 7 Update Fixes 80 Security Bugs ***
---------------------------------------------
Yesterdays iOS 7 update brought a slew of bug fixes, 80 in total, to Apple devices.
---------------------------------------------
http://threatpost.com/apples-ios-7-update-fixes-80-security-bugs/102356
*** Vertexnet Botnet Hides Behind AutoIt ***
---------------------------------------------
Recently we found some new malware samples using AutoIt to hide themselves. On further analysis we found that those sample belong to the Vertexnet botnet. They use multiple layers of obfuscation; once decoded, they connect to a control server to accept commands and transfer stolen data. This sample is packed using a custom packer.
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/vertexnet-botnet-hides-behind-autoit
*** Experts Worry About Long-Term Implications of NSA Revelations ***
---------------------------------------------
With all of the disturbing revelations that have come to light in the last few weeks regarding the NSA's collection methods and its efforts to weaken cryptographic protocols and security products, experts say that perhaps the most worrisome result of all of this is that no one knows who or what they can trust anymore.
---------------------------------------------
http://threatpost.com/experts-worry-about-long-term-implications-of-nsa-rev…
*** Sophos UTM Unspecified WebAdmin Flaw Has Unspecified Impact ***
---------------------------------------------
Sophos UTM Unspecified WebAdmin Flaw Has Unspecified Impact
---------------------------------------------
http://www.securitytracker.com/id/1029039
*** Cisco Intrusion Prevention System Authentication Manager Process Flaw Lets Remote Users Deny Service ***
---------------------------------------------
Cisco Intrusion Prevention System Authentication Manager Process Flaw Lets Remote Users Deny Service
---------------------------------------------
http://www.securitytracker.com/id/1029057
*** Massive Sicherheitslücke in iOS 7 entdeckt ***
---------------------------------------------
Trotz Bildschirmsperre kann auf iPhones und iPads mit iOS 7 auf Fotos und dadurch auch auf Kontakte oder Twitter zugegriffen werden. Ausgangspunkt dafür ist das neue Control Center.
---------------------------------------------
http://futurezone.at/produkte/apple-massive-sicherheitsluecke-in-ios-7-entd…
*** Western Digital Arkeia Remote Code Execution ***
---------------------------------------------
Western Digital Arkeia Remote Code Execution
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090143
*** HP ArcSight Enterprise Security Manager Input Validation Flaw Permits Cross-Site Scripting Attacks ***
---------------------------------------------
HP ArcSight Enterprise Security Manager Input Validation Flaw Permits Cross-Site Scripting Attacks
---------------------------------------------
http://www.securitytracker.com/id/1029069
*** Sicherheitsunternehmen warnt vor NSA-Algorithmus ***
---------------------------------------------
Zufallsgenerator Dual EC DRBG in BSAFE und Data Protection Manager als Standard eingerichtet
---------------------------------------------
http://derstandard.at/1379291450962
*** FTC-Beschwerde: TrendNets IP-Kameras sind nicht sicher ***
---------------------------------------------
Die US-Handelskommission hat TrendNets zu umfangreichen Maßnahmen verpflichtet, um die Netzwerkkameras abzusichern. Auslöser war eine 2012 aufgedeckte Schwachstelle, durch die Unbefugte auf die Live-Streams hunderter TrendNet-Kunden zugreifen konnten.
---------------------------------------------
http://www.heise.de/newsticker/meldung/FTC-Beschwerde-TrendNets-IP-Kameras-…
*** The Small Biz 5 Step Plan to Security Breach Recovery ***
---------------------------------------------
Why do Internet criminals favor small and medium sized businesses? One reason is because many are suppliers and partners of large corporate entities offering a convenient pathway to these partners' networks. Although most SMBs will not experience a security breach, many will. So, how can your business recover following a hacking incident?
---------------------------------------------
http://www.business2community.com/small-business/small-biz-5-step-plan-secu…
*** OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution ***
---------------------------------------------
OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution
---------------------------------------------
http://www.exploit-db.com/exploits/28408
*** Cisco AnyConnect Secure Mobility Client Directory Access Permissions Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
Cisco AnyConnect Secure Mobility Client Directory Access Permissions Lets Local Users Gain Elevated Privileges
---------------------------------------------
http://www.securitytracker.com/id/1029063
*** HP IceWall Multiple Products Multiple Vulnerabilities ***
---------------------------------------------
HP IceWall Multiple Products Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54930
*** Now Registering for Classes at Cybercrime U #INTH3WILD ***
---------------------------------------------
As summer comes to a close, students all over the world are heading back to the classroom even in the cyber underground. Over the last few weeks, RSA has observed a spike in the availability of cybercrime courses, lessons, counseling and tutoring that are being offered to help fraudsters achieve their career goals.
---------------------------------------------
https://blogs.rsa.com/now-registering-classes-cybercrime-u/
*** Yet another `malware-infected hosts as anonymization stepping stones` service offering access to hundreds of compromised hosts spotted in the wild ***
---------------------------------------------
The general availability of DIY malware generating tools continues to contribute to the growth of the `malware-infected hosts as anonymization stepping stones` Socks4/Socks5/HTTP type of services, with new market entrants entering this largely commoditized market segment on a daily basis. Thanks to the virtually non-attributable campaigns that could be launched through the use of malware-infected hosts, ...
---------------------------------------------
http://www.webroot.com/blog/2013/09/20/yet-another-malware-infected-hosts-a…
*** Cisco AnyConnect VPN Client Secure Mobility Client Mac OS X Privilege Escalation Vulnerability ***
---------------------------------------------
Cisco AnyConnect VPN Client Secure Mobility Client Mac OS X Privilege Escalation Vulnerability
---------------------------------------------
https://secunia.com/advisories/54929